Using firebase authentication for a nodejs application

All we need is an easy explanation of the problem, so here it is.

I don’t know if this will work out, or is it the right thing to do.

I have created an angularjs application and used firebase to provide my application a “backend”, or to contain any data that my application needs.

Also I do not want to bother myself when dealing with authentication, and FirebaseSimpleLogin is just awesome tool for the job.

I could do:

resolve : {
   'isAuthenticated': isLoggedIn

in my routes so I would be able to prevent them from moving to secured routes. So there is no problem, I already have an authenticated user.

The problem is, i only used firebase to save user data and for auth, and nothing else.

Now I want to do some server tasks in my server, but I want only authenticated users to do that.

How would I determine that the user is authenticated in firebase?

Is this what firebase token generator for.

Or should I just, create an authentication system using nodejs?

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

Check out the queue pattern. Have the user write items to the queue, have the server respond to them.

The really great part of using Firebase as the API/middle-man is that the worker (i.e. server) does not need to worry about if the client has authenticated. Security rules take care of this.

Just write a rule to only allow logged-in users to write into the queue:

  "rules": {
     "queue": {
         "in": {
            // I can only write if logged in
            ".write": "auth !== null",
            "user_id": {
               // I can only write to the queue as myself, this tells the server which
               // out/ queue the user will be listening on
               ".validate": "auth.uid === newData.val()"
         "out": {
            "$userid": {
               // I can only listen to my out queue
               ".read": "auth.uid === $userid"

Now the user simply writes a record to in/ using push(), then listens on out/ until the server replies.

The server reads records out of the in/ queue, processes them, and writes them back to the out/user_id path.

No RESTful protocols, no express servers, no headaches.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply