I’m working on a web app that currently uses REST API for user authentication. Now I want to add Google sign-in using Firebase Auth.
The problem is that Firebase generates its own JWT tokens which are totally different from what my REST API expects. When I send the Firebase token to my backend, it returns a 401 error because it can’t validate it.
My REST API uses different signing algorithms and secret keys compared to Firebase. How can I make my NodeJS backend work with both types of tokens? Should I verify the Firebase token on the server side and then create my own API token, or is there a better approach?
I need to support users who login normally and users who login through Google, but keep everything working with my existing authentication system.
had this issue too! i made a wrapper that checks firebase tokens first and then gives a regular jwt for the app. super smooth, plus just a flag to know which method they used for logout. helps keep it simple!
Token exchange is definitely the way to go. When someone logs in with Firebase, verify their JWT on your backend using the Firebase Admin SDK, then create your own app token that matches your current auth setup. This keeps everything consistent across your API while supporting both auth methods. You’ll need to map Firebase user data to your user profiles during verification. Build middleware that checks the token format first, then routes to the right validation logic. Your existing endpoints stay the same and you keep one source of truth for user sessions.
Interesting challenge! Are you planning to build a token exchange endpoint? So when Firebase auth works, you’d hit your backend to swap the Firebase token for your own JWT? What’s your current auth flow like - do you already have user profiles stored somewhere?