Home

Policies

Firebase JWT Auth

Authenticate requests with JWT tokens issued by Firebase. The payload of the JWT token, if successfully authenticated, with be on the request.user.data object accessible to the runtime.

See this document for more information about OAuth authorization in Zuplo.

Configuration#

{
  "name": "my-firebase-jwt-inbound-policy",
  "policyType": "firebase-jwt-inbound",
  "handler": {
    "export": "FirebaseJwtInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "projectId": "YOUR_PROJECT_ID",
      "allowUnauthenticatedRequests": false
    }
  }
}

Options#

  • name the name of your policy instance. This is used as a reference in your routes.
  • policyType the identifier of the policy. This is used by the Zuplo UI. Value should be firebase-jwt-inbound.
  • handler/export The name of the exported type. Value should be FirebaseJwtInboundPolicy.
  • handler/module the module containing the policy. Value should be $import(@zuplo/runtime).
  • handler/options The options for this policy:
    • allowUnauthenticatedRequests

      Allow unauthenticated requests to proceed. This is use useful if you want to use multiple authentication policies or if you want to allow both authenticated and non-authenticated traffic.

    • projectId

      Your Firebase Project ID

    • certUrl

      Optional - override the URL hosting the public keys used to verify the JWT.

Was this article helpful?

Do you have any questions?Contact us
Check out ourproduct changelog