Home > Enterprise >  verifyIdToken method doesn't exist in Auth type using getAuth from firebase/auth
verifyIdToken method doesn't exist in Auth type using getAuth from firebase/auth

Time:11-25

I'm trying to follow the example given here where it shows the following example to verify an ID token:

// idToken comes from the client app
getAuth()
  .verifyIdToken(idToken)
  .then((decodedToken) => {
    const uid = decodedToken.uid;
    // ...
  })
  .catch((error) => {
    // Handle error
  });

My code looks like this:

function createFirebaseAdminApp(config: AppOptions) {
    if (getApps().length === 0) {
        return initializeApp(config);
    } else {
        return getApp();
    }
}

const options: AppOptions  = {
    credential: cert({
        projectId: process.env.FIREBASE_PROJECT_ID,
        clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
        privateKey:
            process.env.FIREBASE_PRIVATE_KEY != undefined
                ? process.env.FIREBASE_PRIVATE_KEY.replace(/\\n/g, "\n")
                : "",
    }),
    databaseURL: process.env.FIREBASE_DATABASE_URL,
};


const firebaseAdmin = createFirebaseAdminApp(options) as FirebaseApp;
const adminAuth = getAuth(firebaseAdmin);
adminAuth
    .verifyIdToken(token)
    .then((decodedToken) => {
        res.locals.decodedToken = decodedToken;
        next();
    })
            .catch(() => {
                next(new HttpError("Invalid token provided", 403));
            });

But I keep getting

Property 'verifyIdToken' does not exist on type 'Auth'

I have the latest version of the firebase package, which I assume the example given by the docs is using considering it uses getAuth, so can't tell what I'm doing wrong. Also I'm trying to avoid mixing firebase-admin and firebase, not sure if this is correct, but if I mixed them I can't seem to avoid having to initialize too App instances.

Thanks for any help!

CodePudding user response:

You are mixing up the Admin SDK and the client SDK.

The documentation you linked is for the Admin SDK only. Notice how it is organized in the section for Admin. It is not using getAuth anywhere in that page. The Admin SDK is initialized completely differently than the client SDK, and it does not work at all in browsers. It runs on secure backens only.

The client SDK that you're using doesn't have a function for verifying tokens. That is for secure backends only using the Adminn SDK.

  • Related