Authentication
Firebase
NPM VersionNPM Version

Configuration

In order to be able to use the firebase authentication provider, you have to add the configuration to your newly added plugins. To do so here are the steps

1

Configure your firebase account

2

Go to your medusa-config.js

3

Check that the variables are set with the appropriate values

const BACKEND_URL = process.env.BACKEND_URL || "localhost:9000"
const ADMIN_URL = process.env.ADMIN_URL || "localhost:7000"
const STORE_URL = process.env.STORE_URL || "localhost:8000"
 
const CredentialJsonPath = process.env.FIREBASE_CREDS_JSON_PATH || ""

Then in your plugins collections, if you did not already inserted the plugin, add the following otherwise, you can just add the firebase options to your auth plugin options

{
resolve: "medusa-plugin-auth",
/** @type {import('medusa-plugin-auth').AuthOptions} */
options: [
  {
    type: "firebase",
    // strict: "all", // or "none" or "store" or "admin"
    strict: "none",
    identifier: "firebase",
    credentialJsonPath: CredentialJsonPath,
    admin: {
      // authPath: '/admin/auth/firebase',
      // expiresIn: 24 * 60 * 60 * 1000,
      // verifyCallback: (container, decodedToken, strict) => {
      //    // implement your custom verify callback here if you need it
      // }
    },
    store: {
      // authPath: '/store/auth/firebase',
      // expiresIn: 24 * 60 * 60 * 1000,
      // verifyCallback: (container, decodedToken, strict) => {
      //    // implement your custom verify callback here if you need it
      // }
    }
  }
]
}

The options that are commented are optional and the value that you see are the default values

4

Update your client to add the authentication action

const firebaseLogin = async (token: string) => {
    await fetch(`${medusa_url}/${authPath}`, {
        method: 'GET',
        headers: {
            Authorization: `Bearer ${token}`
        },
        credentials: 'include'
    })
}

This endpoint will return a session cookie that you can use to authenticate with the store API. It is important to include the credentials: 'include' option in the fetch call to ensure that the cookie is set. If you are using Axios to make the request, the equivalent option is withCredentials: true.

Default behaviour

The default verifyCallback flow looks as follow (unless the strict option is changed to none or store or admin depending on the targeted domain)

  • for the admin
    • if the user trying to authenticate exists
      • then we are looking in the metadata to find if the strategy identifier is present in authProvider.
        • If it is not, the user authentication gets rejected.
        • In the case it is present, then the user authentication gets authorized.
    • if the user trying to authenticate does not exist, an unauthorized error will be returned
  • for the store
    • if the customer trying to authenticate exists
      • then we are looking in the metadata to find if the strategy identifier is present in authProvider.
        • If none are found, then the customer gets authenticated and can proceed and the metadata gets updated.
        • In the case another external authentication method have been used in the past, then an unauthorized will be returned.
    • if the customer trying to authenticate does not exist, a new customer will be created with a randomly generated password and the authentication flow follow the previous point
Auth0Azure AD