JWT Token
JWT token sign-in allows you to log in and use the Firebase services such as Firebase Database and Push notifications using the account created on your own server/backend.
JWT login flow
In JWT token authentication, you must send the login credentials —such as an email and password to your server via API endpoint; your server creates a user account, generates a custom JWT token, and returns it to your app. You use this JWT token to login into the Firebase and use its services.
Let's build a sample example that uses a JWT token to login and looks like the below:
JWT token authentication
Before getting started with this section, ensure you have:
- Completed Initial setup required for authentication. (Please note: Skip if you have already enabled authentication and created user collection while creating your project with Firebase Setup.)
Adding JWT token authentication comprises of following steps:
You must create an endpoint on your server that accepts email/username and password. If the credentials are valid, it generates the JWT token and passes it back in response. You can generate the JWT token either using the Firebase Admin SDK or a third-party JWT library. You can find the detailed instructions here.
Once you have the login API ready, you can add it to the FlutterFlow by following the instructions here.
It should look similar to the following:
post
/login
Login API to be created on your server
In most cases, you would make the app content available right after creating a new account. Hence, you should also generate and return the JWT token on the success of create account API and use it to login into the Firebase.
If you want to try the JWT token authentication without creating an API endpoint right now, you can generate the JWT token locally for testing.
Let's add a sign-in page from the templates and choose the Authenticate Solo Alt from under the Auth tab.
Sign-in page
The login action includes two actions. First, you'll make an API call to your server. If the Call succeeds, you'll pass the JWT token (returned in API call) inside the JWT Token action.
To log out a user, you can place a button on your home page and add the Logout action.
You can test the Email/Password authentication on a device/emulator and in Run Mode. To use Run Mode, make sure you have completed the Firebase setup.
If you want to test the JWT token but don't have API created yet, you can generate the JWT token locally for testing purposes.
To verify the creation of a new user in Firebase, open the Firebase console, select the Authentication menu and notice the 'userid' (originally created by your server) is added inside the User UID column.
User id added in Firebase
Sometimes you might want to build and test the JWT authentication before the login or create account API is ready. You can achieve this by creating the JWT token locally and passing it inside the JWT token action.
Use this method only for testing purposes. Ideally, you should be doing this on the server side.
Below are steps to create a JWT token locally using Node.js:
- In the Firebase dashboard of your project, navigate to the far left menu. Select Project Settings() --> Service accounts.
- Select Generate new private key. This will open a new popup. Again click Generate key and save the
.jsonfile in some folder. You will need it while generating the token. - Open a terminal at the folder where you have saved the
.jsonfile and enter this command:npm install firebase-admin. This will install Firebase Admin SDK inside the folder. - In the same folder, create an
index.jsfile and add the below content.
const admin = require('firebase-admin');
const ServiceAccount = require('./[YOUR_SERVICE_ACCOUNT_JSON_FILE_NAME].json');
admin.initializeApp({
credential: admin.credential.cert(ServiceAccount)
});
const uid= 'userid1'; // This user id will be stored in Firebase.
admin.auth().createCustomToken(uid)
.then((customToken) => {
console.log(customToken);
})
.catch((error) => {
console.log('Error creating custom token:', error);
});
- To run this
index.jsfile inside the terminal (at the same location where this file is located), hit this command:node index.js. This will print the JWT token in the console. - Copy this JWT token, return to FlutterFlow, and save it in the local state variable (String Datatype).
- Open the JWT token action, click on UNSET (or a variable if you have already set it) and select the Local State -> variableName (that holds the JWT token).
Passing JWT token from local state
Once you log in via the JWT token, the Authenticated User object is available. This object contains the fields (i.e., logged-in user's data), especially User Reference (users ref), that you may need to provide while adding or retrieving Firestore documents.
Here's an example of how you can use the Authenticated User object to filter the to-do items based on the user who created it.
Accessing Firebase Database
Once you log in via the JWT token, the Authenticated User object is available. This object contains the fields (i.e., logged-in user's data), especially User Reference (users ref), that you may need to provide while adding or retrieving Firestore documents.
When such user reference is stored inside the Firestore documents, you can use them inside the Single or Multiple Recipient while defining the Audience inside the Trigger Push Notification action, as shown in the image below:
Sending push notifications to users created via the JWT token
To learn more about how to use user references for sending push notifications, please check the push notification section.
Last modified 6mo ago