Guarded endpoint returns 401 after signin

[marnec]

I'm building a test API on @nestjs/core 8.0.0 that should be protected by firebase-google-oauth2 sign-in method. With Postman I try to reach the endpoint but even after authentication it responds with a 401. I don't really know if this is a problem related to the library but I don't know where to look at.

I installed the requierd dependencies and followed the documentation to build a simple endpoint

The endpoint looks like this

  @Get('auth')
  @UseGuards(FirebaseAuthGuard)
  auth() {
    return true;
  }

Since I use firebase, my google console has been automatically configured (I assume correctly) and I'm able to obtain an access_token and id_token from google through postman. However using that token when calling the guarded API results in a 401.

My AppModule correctly registers the FirebaseAuthModule with my projectID

FirebaseAuthModule.register({
      audience: 'my project id',
      issuer: 'https://securetoken.google.com/my project id',
    }),

In order to check if everything was working correctly I also tried to create a custom strategy with a simple validate method that just logs the payload

  async validate(payload: DecodedIdToken): Promise<void> {
    console.log(payload);
  }

but the app never logs anything when I fire the request

Do you have any suggestions?

[jimuelpalaca]

Hi @marnec , can you send a sample API request? Have you tried adding Bearer <id_token> as the Authorization header of your request?

[marnec]

Hi @jimuelpalaca, sorry I realized that there were no problems with the library. With postman I was authenticathing directly to google instead of authenticating to firebase, so the idtoken that I was receiving (and that I used as Bearer token) was refused by firebase

[jimuelpalaca]

I see, we use Firebase Auth Quickstart to test firebase auth and get tokens easily. Maybe it can help you too with your development.