6

I have been using firebase chat and firepad for real time functionality in My Web Application which has multiple pages like a forum.

I started using the Firebase SimpleLogin too.I am able to login as a user and get the auth object which has the uid,id etc info.

1)Now if the user traverses to another page(i.e a new url(same application) is loaded ),does the authentication persist ? Ofcourse as we are manually doing the authentication by calling ref.login(),how can we know if the user is logged in when the second page is loaded.Will firebase store any cookie in user's browser or local storage ?

2)If the user is authenticated through firebase and now for for any request to my backend server for a new page ,how will I know that the user is authenticated.Should I be manually handling this by inserting some cookie in the browser or a hidden form field once firebase login happens ?

3)Is firebase Authentication suitable for multi page web application where the html pages and content are served from a back server other than firebase.?

I have checked the below question too.

Firebase JWT Authentication, Continually Send Token?

Community
  • 1
  • 1
crackerplace
  • 5,305
  • 8
  • 34
  • 42

1 Answers1

7

As long as browser cookies and local storage are both local storage is available on the browser, Firebase Simple Login sessions will be persisted across page refreshes on the same domain. Simply reinstantiate the Firebase Simple Login client via new FirebaseSimpleLogin(ref, function(error, user) { ... }) to restore a persisted session, if one is available.

Using this approach, your callback will automatically be invoked with the login state of the user. Note that you do not need to call .login(...) again to pick up a session, as calling .login(...) will always try to create a new session.

Once the user is authenticated, you can begin writing Firebase Security Rules, making use of the auth variable, which is non-null for any authenticated user, and will contain useful user information (such as user ids) when using Firebase Simple Login. See the 'After Authenticating' section of any Simple Login auth. provider page to see the exact payload.

In the event that you already have an authentication system you'd like to integrate with Firebase, or Simple Login is not sufficient for your needs, you can always generate Custom Tokens with your own custom data. These tokens can contain any arbitrary JSON payload of your choosing, which will be available in your Firebase security rules under the auth variable.

See the Firebase Security Quickstart for more information.

Rob DiMarco
  • 13,226
  • 1
  • 43
  • 55
  • So to be clear,its not a page refresh but new page access on the same domain.So as per what you said as new pages are also in same domain the firebase session will persist and we need not call ref.login again.ok. – crackerplace Apr 25 '14 at 22:19
  • I wanted simple login itself as we dont have any custom login.Now how can I validate at my back end that a user is logged in if he launches mysite.com/page2.In a normal scenario the backend server would have issued a cookie and it would be able to validate if the cookie is present in the successive requests.Now as we are using firebase login,how can I validate at the back end a user's loggedin status(firebase).Is it possible ? – crackerplace Apr 25 '14 at 22:20
  • From the client, instantiating FirebaseSimpleLogin as noted above will return the current logged in / out state of the user. On the server-side, you should write security rules to validate that the user is logged-in and has read / write access to the data that you specify, using the `auth` variable as noted above. – Rob DiMarco Apr 26 '14 at 18:22