Using Firebase Admin SDK

[nhuethmayr]

New adapter that uses the Firebase Admin instead of the client-side SDK

☕️ Reasoning

The current implementation of firebase-adapter uses the client SDK. This has the severe drawback that the Firestore Rules need to be opened up. Instead of using the client-side SDK, we should be using the server-side one. That way we can keep the Firestore rules closed and still integrate nicely with FB

🧢 Checklist

• Documentation
• Tests
• Ready to be merged

🎫 Affected issues

This PR solves an architectural problem with the firebase-adapter as descibed in discussion 5049

📌 Resources

• Contributing guidelines
• Code of conduct
• Contributing to Open Source

❓ Questions

• Do we want to release this code as an independent adapter? firebase-admin-adapter
• Do we want to replace the current implementation altogether?

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
next-auth	✅ Ready (Inspect)	Visit Preview	Nov 10, 2022 at 2:05AM (UTC)

[shriharip]

Thanks for the efforts on making use of the admin SDK, could we plz have this merged soon.

[ndom91]

Thanks for reopening!

[nhuethmayr]

@RonAlmog I still need to add in tests (hopefully today, maybe tomorrow) but what about the "Verify (javascript)" task that is pending?

[bcthakre]

Thanks @NorbertHuethmayr

[MalteBoehm]

Any news on this one?

[bcthakre]

Does it mean we can use FirestoreAdapter now?

[MalteBoehm]

Nah, merge is blocked

[bcthakre]

Probably go with Clerk for now. Also, NextJS 13 has issues with NextAuth

[MalteBoehm]

Probably go with Clerk for now. Also, NextJS 13 has issues with NextAuth

I don't care too much about Next13 since it's kind of interesting beta. It just would be nice to use the firebase adapter to save some time :)

[MalteBoehm]

@ndom91 hey there, for me it all works and looks as expected. Could you perhaps do a review on this too? :)

[vedantmgoyal9]

@NorbertHuethmayr please resolve the conflicts!

[Chibionos]

@ndom91 @lluia @ThangHuuVu
Can we get a PR for this please ? The change is required for NextAuth Firebase to be used in any Enterprise scenario as we cannot use the current Firebase Adapter due to a huge security issue we talked about here.

#5049

FYI @NorbertHuethmayr @shriharip @bcthakre

[shriharip]

Yes, I agree, would be best to have this in quickly. I have also now upvoted the PR. @NorbertHuethmayr @Chibionos

[mehallhm]

I opened PR on @NorbertHuethmayr fork... contributer used the windows command prompt only del command. Instead, it should be the rm command considering the build is being run on a Linux build server.

Hopefully should at least fix the build from throwing that error

[nhuethmayr]

I opened PR on @NorbertHuethmayr fork... contributer used the windows command prompt only del command. Instead, it should be the rm command considering the build is being run on a Linux build server.

Hopefully should at least fix the build from throwing that error

Done 👍 - now I need to pull in changes from main to be up to date.

[bcthakre]

Seems like there is a new version of NextAuth. Has the firestore adaptateur improved in it. Best Regards, Bhupendrasinh ThakreOn Dec 13, 2022, at 1:48 PM, Norbert Hüthmayr ***@***.***> wrote: I opened PR on @NorbertHuethmayr fork... contributer used the windows command prompt only del command. Instead, it should be the rm command considering the build is being run on a Linux build server. Hopefully should at least fix the build from throwing that error Done 👍 - now I need to pull in changes from main to be up to date. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>

[BossBele]

@bcthakre The PR works on having the firebase adapter using admin SDK and not on updating the firebase web SDK module. In that case, the security concern leading to this proposed PR is still not addressed.

+1 for this PR