Skip to main content

Authentication

FireSync uses JSON Web Tokens (JWTs) for authentication. To grant a user access to FireSync documents you should create a JWT that specifies which documents the user can access. The JWT is signed by a secret that only you and FireSync know, so FireSync can confirm the user is authorized by you.

The JWT should be crated and signed on your backend, where the shared secret is available. Never make the JWT secret available in your client code. Once the token is signed & generated pass it to your client user's client where it can be included with requests to FireSync.

Configure your secret

Your secrets can be found in your project settings in firesync cloud.

project-settings

Generate a JWT

Install the jsonwebtoken library:

$ npm install --save jsonwebtoken

In your backend code sign the token to pass to your frontend client code:

import jwt from "jsonwebtoken";

const payload = {
  docs: {
    // Grant write access to the document called 'foo' and readonly access to 'bar'
    foo: "write",
    bar: "read",
  },
};
const secret = "/B?E(H+KbPeShVmYq3t6w9zDC&F)J@Nc";

// Pass token to your client
const token = jwt.sign(payload, secret);

Configure FireSync Client

Pass the token you have generated on your backend to the frontend client to allow the user access to the specified documents:

import FireSync from "@firesync/client";

const firesync = new FireSync({
  projectName: "acme-dev",
  token: token, // Generated above
});