firebase-module icon indicating copy to clipboard operation
firebase-module copied to clipboard

Published 20 hours ago • verified publisher icon nuxt-community

Dev/Stage webiste Service Worker authorization header conflict with Basic Auth

Open Kasonz opened this issue 4 years ago • 5 comments

Is your feature request related to a problem? Please describe.

While SSR is true, the service worker will inject Bearer token to authorization header to the request, but we are protecting our stage/dev website by basic auth, it will become a problem when the user is login, it will send bearer header instead of Basic header

Describe the solution you'd like

An option to customize the header name to be injected from sw.js and decoded from the backend, for example, instead of authorization header, it can be x-app-token

Describe alternatives you've considered

Not yet a simple solution,

Additional context

Kasonz avatar Dec 22 '20 06:12 Kasonz

Hey @Kasonz

Not entirely understanding your issue..

If you are using Axios (as I assume from your other issue), you can simply set the Basic Authorization header on Axios. The Service Worker does not adjust the headers of your axios instance.

Can you maybe share some example code to make your issue more clear?

You can checkout a working demo here: https://github.com/lupas/nuxt-firebase-server-auth-demo

lupas avatar Jan 17 '21 12:01 lupas

Inactive for more than a month, closing issue.

lupas avatar Feb 06 '21 09:02 lupas

Hi @lupas

I had the same problem when I was using this module. I've created a demo repository where you can reproduce it. It uses a module called nuxt-basic-auth-module to apply basic authentication. In this case, I get an error when I am not logged in with firebase.

 ERROR  Decoding Firebase ID token failed. Make sure you passed the entire string JWT which represents an ID token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.                                                                        21:06:42

  at FirebaseAuthError.FirebaseError [as constructor] (node_modules/firebase-admin/lib/utils/error.js:44:28)
  at FirebaseAuthError.PrefixedFirebaseError [as constructor] (node_modules/firebase-admin/lib/utils/error.js:90:28)
  at new FirebaseAuthError (node_modules/firebase-admin/lib/utils/error.js:149:16)
  at FirebaseTokenVerifier.verifyJWTWithProjectId (node_modules/firebase-admin/lib/auth/token-verifier.js:174:35)
  at node_modules/firebase-admin/lib/auth/token-verifier.js:103:26

Demo https://github.com/ssakihara/nuxt-firebase-server-auth-demo

ssakihara avatar Jul 30 '21 12:07 ssakihara

@ssakihara Re-opened the issue, won't have time to look at at this moment unfortunately but maybe someone else will help you in the meantime.

If you are not logged in however, why are you sending an ID token? Do you correctly remove the header in case the user is logged out?

lupas avatar Jul 30 '21 14:07 lupas

@lupas In the development environment, basic authentication is used, so when a user is logged out, basic authentication is included in the header. Therefore, the basic authentication is recognized as a token.

ssakihara avatar Aug 01 '21 02:08 ssakihara