search

gladly-team / next-firebase-auth

Simple Firebase authentication for all Next.js rendering strategies
https://nfa-example-git-v1x-gladly-team.vercel.app/
MIT License
1.34k stars 290 forks source link

Cookies not valid for subdomains #486

Closed DrD3v closed 2 years ago

DrD3v commented 2 years ago

After logging in at foo.bar the user is not authenticated at sub.foo.bar, requiring another login for each subdomain. The AuthUser object passed to SSR at sub.foo.bar has no user information.

According to Stackoverflow, setting the domain in the cookie header should allow the cookie to be used by all subdomains, however the same issue persists.

Any ideas on how to make the authentication work on all subdomains?

next-firebase-auth version: ^1.0.0-canary.8 Firebase JS SDK: ^9.6.9 Next.js: latest

kmjennison commented 2 years ago

This is a Firebase limitation: as far as I know, Firebase doesn't support multi-domain auth. This library is designed to rely on Firebase's authentication as the source of truth, so if a user is not authenticated with Firebase on a subdomain, they will also not be authenticated with next-firebase-auth. On the flip side, if you build a workaround to support Firebase auth across subdomains, it should work seamlessly here, too.