This project is a minimal working quasar project that has all the needed pages and functionality to handle signup, login, forgot-password and verify email, with Google or email/password. Everything else is mostly left untouched as Quasar vanilla project.
This project was tested with node v14.17.4 To get started:
- Fork the repo
- Install all dependencies
npm install
- Create Firebase projct - see next section
- Start the app
npm run serve
- Go to Firebase Console
- Click Add Project Give it a name and click Continue.
- Disable Google Analytics click Continue.
- After the project was created click Continue. It will take you to the project overview. Now we need to create an app.
- Click the web icon, give your app a name and click Register App.
- You’ll be taken to Step 2 - Add Firebase SDK.
- Copy
firebaseConfigjson that looks like this:const firebaseConfig = { apiKey: "xxxxxxxxxxx", authDomain: "xxxxxxxxxx", projectId: "xxxxxxxxxx", storageBucket: "xxxxxxxx", messagingSenderId: "xxxxxxxxx", appId: "xxxxxxx" };
- Go to
src/boot/firebase.jsand replace the existing config with your own - Back in Firebase Console, click Continue to Console.
- On the left panel click Authentication, then click Sign-in method.
- Enable Email/Password. Do not enable Email link.
- Before enabling Google, let's verify our domain so Google can send emails on our behalf. Click the Templates tab.
- On one of the email templates, click the pencil icon next to the From address.
- Click Customise domain link under the domain name.
- Follow the instructions on configuring your DNS and complete the verification.
- Once done, we can go back to adding Google as login method. Click Sign-in method tab again.
- Enable Google. You'll have to provide your app's support-email. Also make sure that your Project public facing name appears as you want your customers to see it. It will appear on Google's authentication dialog.
To authenticate user on your server, get idToken and send it as Authorization header. I usually prefix it with the string IDTOKEN. so on the server I know what type of token was sent and how I should verify it. Of course you don't have to do that, and if you only expect this type of token you can skip the prefix. Here's client side example:
import { getIdToken } from '../services/auth'
// ...
const idToken = await getIdToken();
const res = await fetch (url, {
method,
headers: {
'Authorization': `IDTOKEN.${idToken}`
},
body
})Depending on your environment, here's an example how to verify the token manually. You can also use Firestore SDK as explained here
The returned parsed idToken will have uid property which you can use as unique identifier in your server code.
import jwt from 'jsonwebtoken';
const auth = request.headers.authorization;
if (auth && auth.startsWith('IDTOKEN.')) {
const idToken = await validateIdToken(auth.substr('IDTOKEN.'.length));
if (idToken.uid) {
// verification succeeded. Use uid as unique identifier for that user
}
}
export async function validateIdToken (idToken) {
async function getKey(header){
const res = await fetch('https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com')
const keys = await res.json();
return keys[header.kid];
}
const tokenHeader = jwt.decode(idToken, {complete: true}).header;
// check that tokenHeader.iss === 'https://securetoken.google.com/<projectId>'
// check that tokenHeader.aud === '<projectId>'
let key = await getKey(tokenHeader);
key = key.trim();
try {
return jwt.verify(idToken, key);
} catch (err) {
console.log("ERROR!", err);
return {};
}
}Contributions are welcome. Just create a PR and explain what you've done :)
- Email verification
- Change password flow - make "choose new password" part of this webapp. Currently it's under myapp.firebaseio subdomain.
- Passwordless login (email link)
Send token to server for authorization- Anonymous signin - allow users to try before signing up, and then continue with their work after signup - https://firebase.google.com/docs/auth/web/anonymous-auth