🍪 Cookie-based Auth
Authenticate users on the server with Firebase
Firebase Cookie SignIn & SignOut
api/signin/+server.ts
import { adminAuth } from '$lib/server/admin';
import { error, json } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
export const POST: RequestHandler = async ({ request, cookies }) => {
const { idToken } = await request.json();
const expiresIn = 60 * 60 * 24 * 5 * 1000; // 5 days
const decodedIdToken = await adminAuth.verifyIdToken(idToken);
if (new Date().getTime() / 1000 - decodedIdToken.auth_time < 5 * 60) {
const cookie = await adminAuth.createSessionCookie(idToken, { expiresIn });
const options = { maxAge: expiresIn, httpOnly: true, secure: true, path: '/' };
cookies.set('__session', cookie, options);
return json({ status: 'signedIn' });
} else {
throw error(401, 'Recent sign in required!');
}
};
export const DELETE: RequestHandler = async ({ cookies }) => {
cookies.delete('__session', { path: '/' });
return json({ status: 'signedOut' });
}
Updated SignIn Buttons
+page.svelte
<script lang="ts">
import { auth, user } from "$lib/firebase";
import { GoogleAuthProvider, signInWithPopup, signOut } from "firebase/auth";
async function signInWithGoogle() {
const provider = new GoogleAuthProvider();
const credential = await signInWithPopup(auth, provider);
const idToken = await credential.user.getIdToken();
const res = await fetch("/api/signin", {
method: "POST",
headers: {
"Content-Type": "application/json",
// 'CSRF-Token': csrfToken // HANDLED by sveltekit automatically
},
body: JSON.stringify({ idToken }),
});
}
async function signOutSSR() {
const res = await fetch("/api/signin", { method: "DELETE" });
await signOut(auth);
}
</script>