search

firebase / friendlyeats-web

Apache License 2.0
493 stars 412 forks source link

[NextJS] Use web frameworks' built-in auth cookie instead of custom implementation #243

Open jhuleatt opened 1 year ago

jhuleatt commented 1 year ago

The Firebase CLI's web frameworks tooling sets an auth cookie: https://github.com/FirebaseExtended/firebase-framework-tools/blob/087035d86c65c5810ab71f889e4d6160398368aa/src/firebase-aware.ts#L32

This means we probably don't need the current custom implementation: https://github.com/firebase/friendlyeats-web/blob/c43de974fbf44151217fe3238d610edee7b86b28/nextjs-end/src/app/api/route.js#L9

ismaelaarab commented 1 year ago

@jhuleatt

Does this imply that the example is primarily designed for use with Firebase Hosting?

If someone chooses to host their project on Vercel instead, will they need to implement additional custom logic in order to set the session on the server side?

matallui commented 1 year ago

Same question? ☝🏼

leonam-okajima commented 1 year ago

We really need clarification on this. Are the example and tutorial designed only for use with Firebase Hosting?

EmanuelU commented 1 year ago

after a lot of digging I am fairly sure the __session cookie expected in the tutorial is a firebase only thing, not from the auth package but from the frameworks.

josancamon19 commented 11 months ago

Yup, thanks for asking this, I was close to giving up already, and just verified that indeed, it only works if you use firebase, either from emulators or not.

WillZhao2021 commented 11 months ago

Was anyone able to get the __session cookie after this project is deployed to Firebase hosting? It was working fine with my hosting emulator, but it stopped working after I deployed it. I checked the cookies tab, no cookie is set at all.

Herohtar commented 8 months ago

This issue should be marked as solved, because the file in question no longer exists and indeed it seems that they implemented the auth token parsing using the __session cookie: https://github.com/firebase/friendlyeats-web/blob/02be588cf1ca3db5e8d7296b6aae19681f2533cf/nextjs-end/src/lib/firebase/firebase.js#L27

However, as a couple of the more recent comments indicate, the __session cookie doesn't actually appear to be set when trying to make this work in my own project, even when using Firebase Hosting. I'm not sure if this is something that changed with Firebase Auth or some other issue.

I did notice that something that looks like an auth token appears to be stored in Indexed DB, so maybe that's where it is now. I'm not sure how you make use of that though.

Edit: After doing a bit more digging, I believe the code in the repo is incomplete. It looks like the intention is for the client side part of the code to set the __session cookie itself and that it is not something that gets set automatically by Firebase Auth (and never was, as far as I can tell).