Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explore using service workers to manage sessions #287

Open
7 tasks
kmjennison opened this issue Aug 26, 2021 · 1 comment
Open
7 tasks

Explore using service workers to manage sessions #287

kmjennison opened this issue Aug 26, 2021 · 1 comment
Labels
help wanted Extra attention is needed RFC Request for comments and ideas

Comments

@kmjennison
Copy link
Contributor

kmjennison commented Aug 26, 2021
edited
Loading

I'd like to explore using service workers to manage Firebase sessions. This would be a big shift in how this package works, so input is very much welcome!

See Firebase docs: Session management with service workers

Firebase Auth provides the ability to use service workers to detect and pass Firebase ID tokens for session management. This provides the following benefits:

  • Ability to pass an ID token on every HTTP request from the server without any additional work.
  • Ability to refresh the ID token without any additional round trip or latencies.
  • Backend and frontend synchronized sessions. Applications that need to access Firebase services such as Realtime Database, Firestore, etc and some external server side resource (SQL database, etc) can use this solution. In addition, the same session can also be accessed from the service worker, web worker or shared worker.
  • Eliminates the need to include Firebase Auth source code on each page (reduces latency). The service worker, loaded and initialized once, would handle session management for all clients in the background.

This Firebase feature is still in beta as of 2021.08.26.

Additional benefits:

  • A service worker would replace the server-side token refresh logic in this package, simplifying it substantially
  • No need to manage cookies
  • Reduces server execution time, potentially reducing costs

Downsides:

  • May require additional work or complexity for app developer to set up
  • Introduces some additional restrictions that cookies don't have (drops support for browsers that don't support service workers; does not automatically support cross-subdomain auth)
  • Can't support token-free auth, withAuthUserSSR, because a token refresh will always occur when needed

Work

  • Create a separate Next.js app router example app
  • Build Firebase service worker logic in NFA
  • Build Next.js middleware: get the user from the ID token server-side and pass the user to the auth provider (server component)
  • Expose SW and middleware in an experimental NFA API
  • Integrate NFA service worker into example app
  • Make example app deployable to Vercel
  • Write documentation
@kmjennison kmjennison added the RFC Request for comments and ideas label Aug 26, 2021
@kmjennison kmjennison pinned this issue Aug 26, 2021
@kmjennison kmjennison mentioned this issue Oct 12, 2021
Closed
24 tasks
@kmjennison kmjennison mentioned this issue Sep 9, 2023
Draft
@kmjennison
Copy link
Contributor Author

Some early work on this here: #680

@kmjennison kmjennison mentioned this issue Sep 9, 2023
Open
@kmjennison kmjennison mentioned this issue Dec 31, 2023
Open
@kmjennison kmjennison added the help wanted Extra attention is needed label Feb 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed RFC Request for comments and ideas
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kmjennison