Menu
I was reading through the firebase docs on managing session cookies and found myself a bit unclear on the purpose.
Rather than implement this, could I not just send in the request body the JWT auth token obtained from auth.currentUser.getIdToken(), and use the admin kit to verify it on the backend?
What is the downside of doing only that before serving protected content, rather than setting up this code for cookies?
794
Rather than implement this, could I not just send in the request body the JWT auth token obtained from auth.currentUser.getIdToken(), and use the admin kit to verify it on the backend?
Firebase Auth provides server-side session cookie management for traditional websites that rely on session cookies.
This means Firebase provides support for legacy websites. If you want to handle token generation by yourself.
With Firebase Admin User is verified with a JWT token and it's short-lived. Token is generated and send to the user by firebase auth server.
And you can verify user token with .getIdToken()
firebase.auth().currentUser.getIdToken(/* forceRefresh */ true).then(function(idToken) {
// Send token to your backend via HTTPS
// ...
}).catch(function(error) {
// Handle error
});
For more Information read documentation
138
answered Oct 22 '25 06:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With