Firebase Authentication
Verify Firebase ID tokens and manage users with the Firebase Auth addon for Spala.
Firebase Authentication
The Firebase Authentication addon lets you verify Firebase ID tokens in your Spala flows. Use it to authenticate users who sign in through Firebase on your frontend (Google, Apple, email/password, phone number) and access their user information in your backend flows.
Installation
1. Enable the Firebase Auth addon from the Addons panel 2. Enter your Firebase project credentials in the addon configuration
Configuration
Project Settings.' },
Available Steps
Verify ID Token
Verifies a Firebase ID token and returns the decoded user information.
Returns the decoded token payload:
{
uid: "abc123",
email: "[email protected]",
name: "Jane Smith",
picture: "https://...",
email_verified: true,
auth_time: 1705000000
}
Get User
Retrieves a Firebase user record by UID.
Example: Protected Endpoint with Firebase Auth
// GET /api/profile (middleware or first step)
// Step 1: Set Variable - Extract token from header
// vars.token = headers.authorization?.replace('Bearer ', '')
// Step 2: Condition - Check if token exists // If !vars.token → Respond with 401
// Step 3: Verify ID Token (Firebase Auth addon) // idToken: vars.token // Output → vars.firebaseUser
// Step 4: Database Query - Get user profile // SELECT * FROM users WHERE firebase_uid = vars.firebaseUser.uid
// Step 5: Response
// { user: vars.profile }
Example: Sync Firebase Users to Database
// POST /api/auth/sync
// Step 1: Verify ID Token (Firebase Auth addon) // idToken: input.idToken // Output → vars.firebaseUser
// Step 2: Database Query - Upsert user // INSERT INTO users (firebase_uid, email, name, avatar_url) // VALUES (vars.firebaseUser.uid, vars.firebaseUser.email, vars.firebaseUser.name, vars.firebaseUser.picture) // ON CONFLICT (firebase_uid) DO UPDATE SET // email = EXCLUDED.email, name = EXCLUDED.name, avatar_url = EXCLUDED.avatar_url, // last_login = NOW() // RETURNING *
// Step 3: Response
// { user: vars.user }
Firebase ID tokens are short-lived (1 hour). Your frontend should handle token refresh automatically using the Firebase SDK, and send the fresh token with each API request.
Always verify the ID token on the server side. Never trust user information sent directly from the client without token verification.
Your Firebase project ID from the Firebase Console > Project Settings. Your Firebase Web API key from the Firebase Console > Project Settings. The Firebase ID token to verify (typically sent in the Authorization header from the frontend). The Firebase user UID. Addons Overview /addons Browse available addons Installing Addons /addons/installing Enable and configure addons in your project