M
Mastraโ€ข4w ago
Steffen

Firebase Auth - Dev Bypass

https://mastra.ai/docs/auth/firebase Need A way to keep Auth in Development ( user auth data to keep getting added to context ) but still disable auth in a sense that it doesnt block access ... This is in order to let things through like local scripts that dont use auth... while still keeping the auth working for things that do So far I build my own DevBypass ... but it seems using the latest auth packes always requires some auth header or something so i my auth bypass didnt work anymore . Maybe you can add disable for dev option that still proviveds the user data but without blocking acces ... My backup optino was rolling my own middleware .. but ideally it wont have to come to this when adopting mastra 1.0 So i would like to request this ๐Ÿ˜„
MastraAuthFirebase Class | Auth | Mastra Docs
Documentation for the MastraAuthFirebase class, which authenticates Mastra applications using Firebase Authentication.
4 Replies
Mastra Triager
Mastra Triagerโ€ข4w ago
๐Ÿ“ Created GitHub issue: https://github.com/mastra-ai/mastra/issues/10138
GitHub
Firebase Auth - Dev Bypass ยท Issue #10138 ยท mastra-ai/mastra
This issue was created from Discord post 1439202697961279698: https://mastra.ai/docs/auth/firebase Need A way to keep Auth in Development ( user auth data to keep getting added to context ) but sti...
_roamin_
_roamin_โ€ข4w ago
Hey @Steffen ! Thanks for sharing your opinion, it does make sense to be able to test auth in dev mode ๐Ÿ˜‰
Abhi Aiyer
Abhi Aiyerโ€ข4w ago
Hey @Steffen one way to achieve this is to extend the Firebase Auth class 
   import admin from 'firebase-admin';
   type DecodedIdToken = admin.auth.DecodedIdToken;   

    class CustomMastraAuthFirebase extends MastraAuthFirebase {
      async authenticateToken(token: string): Promise<DecodedIdToken | null> {
        if (token === 'some-custom-token-to-test-override') {
          return { uid: 'mock-user-id' } as DecodedIdToken;
        }
        return super.authenticateToken(token);
      }
    }

    const customAuth = new CustomMastraAuthFirebase();
    const result = await customAuth.authenticateToken('some-custom-token-to-test-override');
   import admin from 'firebase-admin';
   type DecodedIdToken = admin.auth.DecodedIdToken;   

    class CustomMastraAuthFirebase extends MastraAuthFirebase {
      async authenticateToken(token: string): Promise<DecodedIdToken | null> {
        if (token === 'some-custom-token-to-test-override') {
          return { uid: 'mock-user-id' } as DecodedIdToken;
        }
        return super.authenticateToken(token);
      }
    }

    const customAuth = new CustomMastraAuthFirebase();
    const result = await customAuth.authenticateToken('some-custom-token-to-test-override');
We are going to ship CompositeAuth https://github.com/mastra-ai/mastra/pull/10359 soon which could ease this a bit so you can have multiple strategies
GitHub
feat: Composite auth implementation by rphansen91 ยท Pull Request #...
Summary Implements composite authentication functionality Allows provider to pass through options to the auth config Adds support for public/protected route configurations in auth providers Test ...
Steffen
SteffenOPโ€ข3w ago
hey nice . I installed mastra beta now and so far so good ๐Ÿ™‚ ... I think on my first install i had to hadd eval beta package to depencies it was missing or something but then it ran ! ๐Ÿ˜„ .. Want to use it for my side projekt Iam building up ๐Ÿ™‚ ... @roamin

Did you find this page helpful?