Firebase widget authentication
If your app already uses Firebase Auth, you can authenticate the Notification Center widget directly with a Firebase ID token. Notifizz verifies the token against the Firebase JWKS server-side — no additional backend work needed on your side.TL;DR
- Pass
authType: 'firebase'and a Firebase ID token to the widget. - Notifizz verifies the token; you don’t need to send
userIdoruserEmail(they’re extracted from the token). - Firebase tokens expire after 1 hour — re-mint the widget when the SDK refreshes the token.
How it works
User authenticates with Firebase
Your app signs the user in via any Firebase Auth provider (email/password, Google, GitHub, …).
Setup
- React
- Angular
- Vanilla JS
Required fields
| Field | Type | Description |
|---|---|---|
authType | 'firebase' | Mandatory literal. |
token | string | A valid Firebase ID token for the current user. |
In Firebase mode you do not pass
userId or userEmail — Notifizz extracts the identity from the verified token. Passing them anyway is harmless (they’re ignored).Token refresh
Firebase ID tokens expire after 1 hour. The Firebase SDK refreshes them automatically —auth.currentUser.getIdToken() returns a cached token when valid, and a fresh one when expired. To keep the widget happy across the refresh boundary:
- Re-mount the widget on
onIdTokenChangedso the new token reaches Notifizz immediately, or - Call
getIdToken()proactively before mounting (the cached path is cheap), or - Let the widget surface
state.hasError = trueon expiry, then re-mount with a fresh token.
Firebase vs Backend Tokens
| Firebase | Backend Tokens | |
|---|---|---|
| Already use Firebase Auth | yes — zero extra work | unnecessary overhead |
| Custom auth system | n/a | the right choice |
| Backend involvement | none | mint a token per user |
| Token management | Firebase handles refresh | you manage delivery and rotation |
FAQ
The widget says `hasError: true` after the user has been logged in for an hour.
The widget says `hasError: true` after the user has been logged in for an hour.
Token expired. The Firebase SDK has a fresh one — call
getIdToken() and re-mount the widget. The simplest pattern is to subscribe to onIdTokenChanged and re-mount whenever the token changes.Can I use Firebase Auth on the backend (admin SDK) and pass that ID token?
Can I use Firebase Auth on the backend (admin SDK) and pass that ID token?
Yes — any token Firebase issues for the user works. The Notifizz backend verifies via the public JWKS, so the issuer (client SDK vs admin SDK) doesn’t matter as long as the JWT is valid for your Firebase project.
Multiple Firebase projects — which one does Notifizz verify against?
Multiple Firebase projects — which one does Notifizz verify against?
The dashboard environment settings include a Firebase project ID. Tokens issued for any other project are rejected. If you use multiple Firebase projects (e.g. dev / prod), point each Notifizz environment at its corresponding project.
Custom claims — does Notifizz read them?
Custom claims — does Notifizz read them?
Notifizz reads
sub (user id) and email. Custom claims are visible in the campaign orchestrator if you forward them via event properties, but the widget does not consume them directly.Should I cache the token in `localStorage`?
Should I cache the token in `localStorage`?
Don’t cache it manually — the Firebase SDK handles caching internally and knows when to refresh. Calling
getIdToken() is cheap when the cached token is still valid.What about anonymous Firebase users?
What about anonymous Firebase users?
Anonymous users have a stable
uid and a valid ID token, so Firebase Auth mode works. The notification orchestrator may not have meaningful campaign data for an anonymous user — bridge to a real identity before depending on personalised content.See also
Authentication overview
The four-mode model and when to pick each.
Backend tokens
Use this if you don’t already have Firebase Auth.
Publicly-signed JWT
Auth0, Clerk, Cognito, Supabase Auth — decouple widget auth from your backend.
Notification Center overview
Lifecycle, state model, custom bell, headless mode.