Can I use Firebase's authentication to protect data on my own private server?

Question

Due to some constraints of my project I need to manage my api server and database separately from firebase, however there is nothing stoping me from using their other tools like analytics and in this particular case authentication.

I wanted to ask if following scenario is possible:

1. I authenticate user on my client app using their SDK's
2. I send relevant jwt data in headers of my API

Can I then somehow validate this on my server, so in essence avoid complex auth service and use firebase for this instead? Are there any examples, preferably for NodeJS server.

Answer 1

Yes you can, it's very common use case and firebase auth has been made with such usage in mind. As you said, send jwt data on headers, then on the server, you verify the token with firebase service:

var admin = require('firebase-admin');

admin.initializeApp(); //may require other steps, see last link

// idToken comes from the client app
admin.auth().verifyIdToken(idToken, true)//second argument is optional, checks whether the ID token was revoked
  .then(function(decodedToken) {
    let uid = decodedToken.uid;
    // ...
  }).catch(function(error) {
    // Handle error
  });

https://firebase.google.com/docs/auth/admin/verify-id-tokens

https://firebase.google.com/docs/reference/admin/node/admin.auth.Auth#verifyidtoken

https://firebase.google.com/docs/admin/setup