[Auth: SSR] Populate res.locals.user when using auth emulator

[DamianGlowala]

Is your feature request related to a problem? Please describe.

res.locals.user is empty in nuxtServerInit when using auth emulator

Describe the solution you'd like

res.locals.user populated the same way as it happens when pointing at real Firebase project

Not sure whether this is feasible from the technical perspective, but would be really nice to have as a configurable option in nuxt.config.js :) That would fill a little gap I noticed when emulating Firebase services locally.

[lupas]

Hey @DamianGlowala

Indeed, thanks for noticing!

I can see when reloading the page, the following error appears:

POST https://www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo?key=AIzaZyDa-YwgWTc2GDyTYEfv-XLb62100_HuEvU 400

When auth.ssr is true, we create a service-worker that sends the id token of an authenticated user to the nuxt server. The nuxt server then verifies the idToken using firebase-admin against Firebase Auth.

Problem: Firebase-admin on the server does not know that we are using an emulator, and tries to verify against googleapis.com.

So yep, this is a new bug of this module. I will look into it.

Possible solution

Find a way to tell firebase-admin to verifyIdToken against the emulator.

Update: possibly this https://firebase.google.com/docs/emulator-suite/connect_auth#admin_sdks

[lupas]

In addition, the firebase-auth-sw.js service worker also does not know we are using the emulator -> would also need to call authService.useEmulator('http://localhost:9099') in the service worker.

[lupas]

Issue 1 - Service Worker

Fixed the service-worker in https://github.com/nuxt-community/firebase-module/tree/authEmulatorSsrIssue ✅

Issue 2 - Firebase-Admin in Backend

According to https://firebase.google.com/docs/emulator-suite/connect_auth#admin_sdks, setting the FIREBASE_AUTH_EMULATOR_HOST env variable to localhost:9099 before initializing firebase-admin should fix this.

As a workaround either:

// In nuxt.config.json
export default () => {
  process.env.FIREBASE_AUTH_EMULATOR_HOST = "localhost:9099"
  return {
    // your config
  }
}

Or:

// or in package.json
"dev": "FIREBASE_AUTH_EMULATOR_HOST=localhost:9099 nuxt"

... should fix it, HOWEVER it seems not to work without setting the credentials in firebase-admin, see https://github.com/firebase/firebase-admin-node/issues/1077. They are working on fixing this.

I can't verify if it works by settings credentials, since I am running in the following error before:

Firebase ID token has no "kid" claim. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.

For some reason, the idToken from the service worker has now no "kid" claim... trying to figure out how to fix this next.

[lupas]

Missing kid claim issue is known at Firebase and will be fixed with https://github.com/firebase/firebase-tools/issues/2764 at some point - until then SSR Auth won't work when using the Auth Emulator.

I'll publish https://github.com/nuxt-community/firebase-module/tree/authEmulatorSsrIssue soon nevertheless so we at least have the first part fixed.

[tibs245]

I think the label "waiting" can been deleted if I have correctly understand :)

[lupas]

Thanks a lot @tibs245 - yep, this is fixed with https://github.com/firebase/firebase-admin-node/releases/tag/v9.5.0.

Will test it when I can find the time and then close this issue.

[lupas]

Works now - make sure to update firebase-admin to 9.5.0+

[tibs245]

Yes thank you ! I confirm that work with FIREBASE_AUTH_EMULATOR_HOST setted

export FIREBASE_AUTH_EMULATOR_HOST='localhost:9099'

But when I refresh my page I have : https://www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo?key=XXX request fails. And my user is disconnected.

The request provide to @firebase/auth module.

But I don't no if this my project, firebase nuxt module or firebase module the origin of this bug.

Have you got the same result ? And a idea for resolve it ?

[EDIT]: I have create a issue for this problem : https://github.com/nuxt-community/firebase-module/issues/465