@auth/firebase-adapter
Official Firebase adapter for Auth.js / NextAuth.js, using the Firebase Admin SDK
and Firestore.
Installation
npm install @auth/firebase-adapter firebase-adminFirebaseAdapterConfig
Configure the Firebase Adapter.
Extends
AppOptions
Properties
credential?
optional credential: Credential;A firebase-admin.app#Credential object used to authenticate the Admin SDK.
See Initialize the SDK for detailed documentation and code samples.
Inherited from
AppOptions.credential
databaseAuthVariableOverride?
optional databaseAuthVariableOverride: null | object;The object to use as the auth variable in your Realtime Database Rules when the Admin SDK reads from or writes to the Realtime Database. This allows you to downscope the Admin SDK from its default full read and write privileges.
You can pass null to act as an unauthenticated client.
See Authenticate with limited privileges for detailed documentation and code samples.
Inherited from
AppOptions.databaseAuthVariableOverride
databaseURL?
optional databaseURL: string;The URL of the Realtime Database from which to read and write data.
Inherited from
AppOptions.databaseURL
firestore?
optional firestore: Firestore;httpAgent?
optional httpAgent: Agent;An HTTP Agent
to be used when making outgoing HTTP calls. This Agent instance is used
by all services that make REST calls (e.g. auth, messaging,
projectManagement).
Realtime Database and Firestore use other means of communicating with
the backend servers, so they do not use this HTTP Agent. Credential
instances also do not use this HTTP Agent, but instead support
specifying an HTTP Agent in the corresponding factory methods.
Inherited from
AppOptions.httpAgent
name?
optional name: string;The name of the app passed to initializeApp().
namingStrategy?
optional namingStrategy: "snake_case" | "default";Use this option if mixed snake_case and camelCase field names in the database is an issue for you.
Passing snake_case will convert all field and collection names to snake_case.
E.g. the collection verificationTokens will be verification_tokens,
and fields like emailVerified will be email_verified instead.
Example
import NextAuth from "next-auth"
import { FirestoreAdapter } from "@auth/firebase-adapter"
export default NextAuth({
adapter: FirestoreAdapter({ namingStrategy: "snake_case" })
// ...
})projectId?
optional projectId: string;The ID of the Google Cloud project associated with the App.
Inherited from
AppOptions.projectId
serviceAccountId?
optional serviceAccountId: string;The ID of the service account to be used for signing custom tokens. This
can be found in the client_email field of a service account JSON file.
Inherited from
AppOptions.serviceAccountId
storageBucket?
optional storageBucket: string;The name of the Google Cloud Storage bucket used for storing application data. Use only the bucket name without any prefixes or additions (do not prefix the name with “gs://”).
Inherited from
AppOptions.storageBucket
FirestoreAdapter()
FirestoreAdapter(config?): AdapterSetup
First, create a Firebase project and generate a service account key. Visit: https://console.firebase.google.com/u/0/project/{project-id}/settings/serviceaccounts/adminsdk (replace {project-id} with your project’s id)
Now you have a few options to authenticate with the Firebase Admin SDK in your app:
Environment variables
- Download the service account key and save it in your project. (Make sure to add the file to your
.gitignore!) - Add
GOOGLE_APPLICATION_CREDENTIALSto your environment variables and point it to the service account key file. - The adapter will automatically pick up the environment variable and use it to authenticate with the Firebase Admin SDK.
Parameters
| Parameter | Type |
|---|---|
config? | FirebaseAdapterConfig | Firestore |
Returns
Example
import NextAuth from "next-auth"
import { FirestoreAdapter } from "@auth/firebase-adapter"
export default NextAuth({
adapter: FirestoreAdapter(),
// ...
})Service account values
- Download the service account key to a temporary location. (Make sure to not commit this file to your repository!)
- Add the following environment variables to your project:
FIREBASE_PROJECT_ID,FIREBASE_CLIENT_EMAIL,FIREBASE_PRIVATE_KEY. - Pass the config to the adapter, using the environment variables as shown in the example below.
Example
import NextAuth from "next-auth"
import { FirestoreAdapter } from "@auth/firebase-adapter"
import { cert } from "firebase-admin/app"
export default NextAuth({
adapter: FirestoreAdapter({
credential: cert({
projectId: process.env.FIREBASE_PROJECT_ID,
clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
privateKey: process.env.FIREBASE_PRIVATE_KEY,
})
})
// ...
})Using an existing Firestore instance
If you already have a Firestore instance, you can pass that to the adapter directly instead.
When passing an instance and in a serverless environment, remember to handle duplicate app initialization.
You can use the initFirestore utility to initialize the app and get an instance safely.
Example
import NextAuth from "next-auth"
import { FirestoreAdapter } from "@auth/firebase-adapter"
import { firestore } from "lib/firestore"
export default NextAuth({
adapter: FirestoreAdapter(firestore),
// ...
})initFirestore()
initFirestore(options): FirestoreUtility function that helps making sure that there is no duplicate app initialization issues in serverless environments.
If no parameter is passed, it will use the GOOGLE_APPLICATION_CREDENTIALS environment variable to initialize a Firestore instance.
Parameters
| Parameter | Type |
|---|---|
options | AppOptions & { name: string; } |
Returns
Firestore
Example
import { initFirestore } from "@auth/firebase-adapter"
import { cert } from "firebase-admin/app"
export const firestore = initFirestore({
credential: cert({
projectId: process.env.FIREBASE_PROJECT_ID,
clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
privateKey: process.env.FIREBASE_PRIVATE_KEY,
})
})