I'd like to explore using service workers to manage Firebase sessions. This would be a big shift in how this package works, so input is very much welcome!
Firebase Auth provides the ability to use service workers to detect and pass Firebase ID tokens for session management. This provides the following benefits:
Ability to pass an ID token on every HTTP request from the server without any additional work.
Ability to refresh the ID token without any additional round trip or latencies.
Backend and frontend synchronized sessions. Applications that need to access Firebase services such as Realtime Database, Firestore, etc and some external server side resource (SQL database, etc) can use this solution. In addition, the same session can also be accessed from the service worker, web worker or shared worker.
Eliminates the need to include Firebase Auth source code on each page (reduces latency). The service worker, loaded and initialized once, would handle session management for all clients in the background.
This Firebase feature is still in beta as of 2021.08.26.
Additional benefits:
A service worker would replace the server-side token refresh logic in this package, simplifying it substantially
No need to manage cookies
Reduces server execution time, potentially reducing costs
Downsides:
May require additional work or complexity for app developer to set up
Introduces some additional restrictions that cookies don't have (drops support for browsers that don't support service workers; does not automatically support cross-subdomain auth)
Can't support token-free auth, withAuthUserSSR, because a token refresh will always occur when needed
Work
[ ] Create a separate Next.js app router example app
[ ] Build Firebase service worker logic in NFA
[ ] Build Next.js middleware: get the user from the ID token server-side and pass the user to the auth provider (server component)
[ ] Expose SW and middleware in an experimental NFA API
I'd like to explore using service workers to manage Firebase sessions. This would be a big shift in how this package works, so input is very much welcome!
See Firebase docs: Session management with service workers
This Firebase feature is still in beta as of 2021.08.26.
Additional benefits:
Downsides:
withAuthUserSSR
, because a token refresh will always occur when neededWork