README

A lightweight, self-contained, zero-dependency, spec-compliant Symfony bundle providing authentication with Firebase JWT out of the box. Works either with short-lived ID tokens and session cookies.

Installation

Install this bundle with Composer:

composer require danieleambrosino/firebase-authentication-bundle

Configuration

Set your Firebase project's ID in an environment variable named FIREBASE_PROJECT_ID:

# .env FIREBASE_PROJECT_ID=projectid-1a2b3

Add the firebase authenticator to any of your app's firewall:

# config/packages/security.yaml security: firewalls: main: stateless: true firebase: ~

For each firewall you can choose the authentication strategy (default is bearer, see the configuration reference):

• with the bearer strategy, your requests must be authenticated sending a short-lived ID token (generated by the Auth package of the Firebase client SDK you're using) into an Authorization: Bearer HTTP header (accordingly to the OAuth 2.0 specification);
• with the cookie strategy, your requests must be authenticated sending a session cookie token, named accordingly to the cookie_name parameter (default is sessionToken).

That's it! The authenticated user will be identified using the claim in the JWT payload specified by the user_identifier parameter (default is sub).

You can require that the email is verified by setting on a per-firewall basis the verify_email boolean parameter. Optionally, you can add a leeway package-level parameter (as a positive integer number of seconds) to account for clock skew with Google's servers.

This bundle also provides a very basic user provider named firebase for basic purposes (e.g. securing the registration route).

Configuration reference

Package-level configuration

# config/packages/firebase_authentication.yaml firebase_authentication: project_id: '%env(string:FIREBASE_PROJECT_ID)%' # The leeway to account for clock skew with Google servers leeway: 0 # Used only by the authenticators with "cookie" strategy cookie_name: sessionToken # The field in the payload used to identify the user user_identifier: sub

Firewall-level configuration

# config/packages/security.yaml security: providers: # Give the provider any name you want # You just have to set the "firebase" field jwt: { firebase: ~ } firewalls: main: stateless: true firebase: strategy: bearer # One of "bearer"; "cookie" verify_email: false # If you want to enable the provider jwt: ~