Upstream Authentication
Upstream Firebase User Auth Policy
This policy adds a Firebase user token to the outgoing Authentication header
allowing requests to Firebase using the provided user's permissions.
Configuration
The configuration shows how to configure the policy in the 'policies.json' document.
json
Policy Configuration
name<string>- The name of your policy instance. This is used as a reference in your routes.policyType<string>- The identifier of the policy. This is used by the Zuplo UI. Value should beupstream-firebase-user-auth-inbound.handler.export<string>- The name of the exported type. Value should beUpstreamFirebaseUserAuthInboundPolicy.handler.module<string>- The module containing the policy. Value should be$import(@zuplo/runtime).handler.options<object>- The options for this policy. See Policy Options below.
Policy Options
The options for this policy are specified below. All properties are optional unless specifically marked as required.
serviceAccountJson(required)<string>- The Google Service Account key in JSON format. Note you can load this from environment variables using the $env(ENV_VAR) syntax.userId<string>- The userId to use as the custom token's subject.userIdPropertyPath<string>- The property on the incoming request.user object to retrieve the value of the userId.developerClaims<object>- Additional claims to include in the custom token's payload.webApiKey(required)<string>- The Firebase Web API Key (found in project settings)tokenRetries<number>- The number of times to retry fetching the token in the event of a failure. Defaults to3.expirationOffsetSeconds<number>- The number of seconds less than the token expiration to cache the token. Defaults to300.
Using the Policy
Read more about how policies work