Man, this is the best and the most straightforward tutorial on Planet Earth! All that's needed in one simple package, delivered by an awesome man in a clear and concise manner. Max karma and lots of love!
Maksim, thanks for making the code available and a great walkthrough. I'm using this as a base for a university course I'm doing. This was the clearest explanation I found so far for a vanilla nodejs app with firebase without having to use a frontend framework. Keep it up!
Greetings from Armenia.. liked your style.. it's very first video I've seen from you.. Just explored your channel, there's a lot of good stuff.. so Thanks man!
Amazing video! Do you have any suggestions on how to proceed if-say-I'd like to integrate it with a database (mysql or postgres) and start to some basic REST/GraphQL resources?
Is there any way to decode sessionCookie or retrive user uid on the server side? I am making a protected route for one specific user and need user uid there. Great tutorial thanks!
Thanks for this video! I was just wondering, if you write all the firebaseConfig data to html, is it visible to all users and so on everyone are access to your data?
Super helpful! As a next step, I'd like to know how we can retrieve info about the logged in user (on the server-side) once they are logged in - both at the moment that they successfully log in and on subsequent page requests. My goal is to serve up content that is specific to the user that is logged in.
I eventually figured this out myself. In the then() block for verifySessionCookie(), you are passed a user object, which contains the user ID, user name, etc. It might be helpful to add that to your repo just to demonstrate that you can grab the user's info at this point, and then add it to the request object, for use later in the request processing chain.
This is awesome! Thank you. Since we are removing the client-side persistence, will the user have to re-login on every page refresh? Is there a way to use server-session AND keep the user logged in on refresh/future visits? Or are these two things mutually exclusive?
when you send the csrf-token we have a middlewere from "csrf" package that will handle it automatically it will check if the csrf-token that was on post request was acctually created by server or not if its determines that csrf-token was not created by server it will not let the request to go to next middleware and throw error there or if it determinne that csrf-token was inded created by server it will pass it to next middleware .
@@satansdeer1 I think maybe just the deep linking aspect. I've seen a couple of apps that I believe are built with RN use magic links (where you get a special token-ified link to your e-mail which then takes you to an app and authenticates) but I have not been able to find any good, detailed content on it.
Thanks for the video but i had the change the name of the cookie to __session, firebase hosting with cloud functions will strip all cookies except __session
Hey, I've ran into the same problem as you, but the rename to "__session" hasn't fixed it. Basically some browsers seem to block 3rd party cookies as default (Safari, and I think Chrome on mobile, but not desktop), so if your server and React front-end are hosted in different locations they won't permit cookies being stored in the browser. My suspicion is that it can be solved by changing csurf to session management instead of cookie management. I just wondered if you'd encountered this problem?
Firstly, thanks for this content. Secondly, If I'll implement an NodeJS API and this API will serve an Angular Project, This implementation also will be effective? Many thanks for this video.
Do you see any problem in keeping the Firebase persistence in the browser? This way you could use Firebase directly on the browser, and use the Node back-end just to verify the user's identity before hitting the backend's database. Also, you could renew the session without the user's interaction after the cookie expires. Obviously, upon logout, you'd have to logout from both firebase and the back-end. I personally find it kinda strange that we can't perform an Authorization Code flow with Firebase, so if we must get the tokens in the browser I'm thinking "well at least I can use the tokens directly in the browser", do you agree? :) Btw, I'm talking about SPAs with a back-end on the same domain.
How do I run this brilliant project locally? And how do I 'deploy' the project to Firebase? My own answer: Copy the contents of step-2 into your local 'firebase folder' Make the required changes - get your own key, etc. To run the project locally type 'npm start' - it had been forgotten Finally: When I deploy to Firebase I don't know what URL to call, any help?
Thanks Maksim! It helped me so much. How do I use the login page as a middleware for different routes ? Currently its getting redirected to profile page by default (window.location.assign("/profile"))
it's not working in my code. I am using express js as the backend and Vue js as the front end. I want to set a custom claim in a user account. I need help. Please help me.
What do you think the best way to add the auth in the routes to become middleware called from a separate middlewares file rather than from with server.js?
Hey its a long shot, but I tried to implement this logic with firebase hosting and i get session verification ERROR reason: Decoding Firebase session cookie failed error, which is caused by req.cookies.session || "" being undifiened, do you have a guess what could be the problem (works locally)
Do you keep your serviceAccountKey.json just like that? I am trying to instantiate firebase admin SDK in a Netlify function by passing the values of the account key which I store as environment variables. Locally it works when running Netlify dev, but when I deploy, it gives me an "Invalid grant: account not found" error when the function runs. Any clue how to best go about this?
Hey Maksim, I've encountered a problem whereby I get errors from browsers (Safari and Chrome on mobile) that give warning messages saying they've blocked 3rd party cookies. My understanding is that the problem is the csurf requires a cookie to be sent from the server to the browser (3rd party since they're on different servers). I was wondering if 1. I've understood the issue correctly, and it's not just some human error in my code, and 2. if you have any suggestions to best navigate this issue?
Hello Maksim, I have authenticated my backend using your video but even after getting everything right, I can't access my database from nodejs backend with rules read/write: auth !== null. Each time it gives me "Client doesn't have permission to access the desired data." error. It will be awesome if you could help :)
Hello i commented on your previous video about my express/react/firebase app. So far i have everything working but the only problem is that i have a collection of users in my firebase database that has all my users details for their profile which i save in redux. I have a function running on the top level component checking for onAuthStateChanged and if theres a user i get the user IdToken then i send that IdToken to my express server, verify it, and return my users details from the database to save it to my redux store. The problem is that this whole functionality takes around 100ms to complete and my auth route does not get my users details quick enough so it redirects my user out of the private route before i can show them their profile. What is the best way i can go about this to persist my user in redux. I need to be able to get user data from the collections on firebase or i cant show all my users details on their profile. Sorry for the long comment and advice would help thanks!!
I got the following error: Could not find a required file. Name: index.html Searched in: /home/jrd656/Desktop/FireBaseMaksimExpress/firebase-server-auth/step-1/public I've changed the scripts in package.json to: "start": "node server.js" This seems to have fixed it. More details on the error below: I cloned the git, opened Step 1 in VS Code. Ran 'npm i'. Ran the 'start' script. Trying to figure this out now... In my error log: 11 silly lifecycle firebase-server-auth@0.1.0~start: Returned: code: 1 signal: null 12 info lifecycle firebase-server-auth@0.1.0~start: Failed to exec start script 13 verbose stack Error: firebase-server-auth@0.1.0 start: `react-scripts start` 13 verbose stack Exit status 1
@@satansdeer1 I tried it again without success. Basically I cloned the repo, opened Step 2 and ran 'npm i'. Then I ran the 'build' script. I get the following error: Could not find a required file. Name: index.html Searched in: /home/jrd656/Desktop/FireBaseMaksimExpress/maksim2/firebase-server-auth/step-2/public npm ERR! code ELIFECYCLE npm ERR! errno 1 ...