Strapi + Firebase Authentication

I was looking for an easy way to manage Firebase Auth the way others providers are managed with grant-koa on Strapi, using users-permissions without the need to alter it (and avoid the creation of a parallel user type & permissions).

How oauth providers actually manage the user authentication? It’s quite simple, when you transmit a valid token, it’s decoded and Strapi check if the email provided is already used. If it’s used, then an object containing the user and the JWT token (the one you will be using to query Strapi) is returned. If not, a new user is created, then the same object is returned.

Firebase Auth works the same way, regardless of the sign-in method you are using, when you successfully log in, a tokenId (JWT) is returned. It can be decoded and you will get an email.

I will show you how to integrate Firebase Auth with the already used users-permissions plugin into Strapi, so you will be able to have local authentication, oauth using grant-koa and Firebase together.

First things first, you need to add a dependency, firebase-admin, to be able to decode the idToken.

We also need to put the serviceAccountKey.json file used by firebase-admin to access your account at the root of the project.

If you don’t have it, you can generate a new one:

Now our dependency is ready, we have to make it available into Strapi. To do so, we will use the boostrap.js


Last part, we are going to create a controller to handle the authentication request.



And that’s all! The controller receive and decode the tokenId, get or create the corresponding user and send it back with the Strapi JWT.

Here’s an example of request:

POST /firebase/auth

And response:

(In my user model settings username and email are “private” so they don’t appear in the response)

The code is also available on my GitHub:

Full stack JS developer —