search

nuxt-community / firebase-module

🔥 Easily integrate Firebase into your Nuxt project. 🔥
https://firebase.nuxtjs.org
MIT License
641 stars 98 forks source link

Dev/Stage webiste Service Worker authorization header conflict with Basic Auth #414

Open Kasonz opened 3 years ago

Kasonz commented 3 years ago

Is your feature request related to a problem? Please describe.

While SSR is true, the service worker will inject Bearer token to authorization header to the request, but we are protecting our stage/dev website by basic auth, it will become a problem when the user is login, it will send bearer header instead of Basic header

Describe the solution you'd like

An option to customize the header name to be injected from sw.js and decoded from the backend, for example, instead of authorization header, it can be x-app-token

Describe alternatives you've considered

Not yet a simple solution,

Additional context

lupas commented 3 years ago

Hey @Kasonz

Not entirely understanding your issue..

If you are using Axios (as I assume from your other issue), you can simply set the Basic Authorization header on Axios. The Service Worker does not adjust the headers of your axios instance.

Can you maybe share some example code to make your issue more clear?

You can checkout a working demo here: https://github.com/lupas/nuxt-firebase-server-auth-demo

lupas commented 3 years ago

Inactive for more than a month, closing issue.

ssakihara commented 3 years ago

Hi @lupas

I had the same problem when I was using this module. I've created a demo repository where you can reproduce it. It uses a module called nuxt-basic-auth-module to apply basic authentication. In this case, I get an error when I am not logged in with firebase.

 ERROR  Decoding Firebase ID token failed. Make sure you passed the entire string JWT which represents an ID token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.                                                                        21:06:42

  at FirebaseAuthError.FirebaseError [as constructor] (node_modules/firebase-admin/lib/utils/error.js:44:28)
  at FirebaseAuthError.PrefixedFirebaseError [as constructor] (node_modules/firebase-admin/lib/utils/error.js:90:28)
  at new FirebaseAuthError (node_modules/firebase-admin/lib/utils/error.js:149:16)
  at FirebaseTokenVerifier.verifyJWTWithProjectId (node_modules/firebase-admin/lib/auth/token-verifier.js:174:35)
  at node_modules/firebase-admin/lib/auth/token-verifier.js:103:26

Demo https://github.com/ssakihara/nuxt-firebase-server-auth-demo

lupas commented 3 years ago

@ssakihara Re-opened the issue, won't have time to look at at this moment unfortunately but maybe someone else will help you in the meantime.

If you are not logged in however, why are you sending an ID token? Do you correctly remove the header in case the user is logged out?

ssakihara commented 3 years ago

@lupas In the development environment, basic authentication is used, so when a user is logged out, basic authentication is included in the header. Therefore, the basic authentication is recognized as a token.