EthixAI
Get Started
DocsAuthentication

Authentication

EthixAI uses Firebase Authentication for secure user management and JWT tokens for API access.

Authentication Flow

  1. 1

    User signs in via Firebase

    Email/password or social providers (Google, GitHub)

  2. 2

    Firebase returns ID token

    JWT token valid for 1 hour

  3. 3

    Frontend includes token in API requests

    Authorization: Bearer <token>

  4. 4

    Backend verifies token

    Checks signature, expiry, and claims

Frontend Integration

Use the Firebase SDK to handle authentication in your Next.js app.

Sign In
import { signInWithEmailAndPassword } from "firebase/auth";
import { auth } from "@/lib/firebase";

const signIn = async (email: string, password: string) => {
  try {
    const userCredential = await signInWithEmailAndPassword(
      auth, 
      email, 
      password
    );
    const token = await userCredential.user.getIdToken();
    // Store token for API requests
    localStorage.setItem("authToken", token);
  } catch (error) {
    console.error("Sign in failed:", error);
  }
};
Make Authenticated API Request
const analyzeData = async (data: any) => {
  const token = localStorage.getItem("authToken");
  
  const response = await fetch("/api/analyze", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "Authorization": `Bearer ${token}`
    },
    body: JSON.stringify(data)
  });
  
  return response.json();
};

Backend Verification

Verify Firebase tokens on the backend to secure API endpoints.

Python/FastAPI Example
from fastapi import HTTPException, Security
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from firebase_admin import auth

security = HTTPBearer()

async def verify_token(
    credentials: HTTPAuthorizationCredentials = Security(security)
):
    try:
        token = credentials.credentials
        decoded_token = auth.verify_id_token(token)
        return decoded_token
    except Exception as e:
        raise HTTPException(
            status_code=401,
            detail="Invalid authentication credentials"
        )

# Use in endpoint
@app.post("/api/analyze")
async def analyze(
    data: AnalysisRequest,
    user = Depends(verify_token)
):
    # user contains decoded token claims (uid, email, etc.)
    result = perform_analysis(data, user["uid"])
    return result

Token Refresh

Firebase tokens expire after 1 hour. Implement automatic refresh to maintain session.

import { onAuthStateChanged } from "firebase/auth";

onAuthStateChanged(auth, async (user) => {
  if (user) {
    // Refresh token every 50 minutes
    const token = await user.getIdToken(true);
    localStorage.setItem("authToken", token);
  }
});

Best Practices

✓ Do
  • • Store tokens securely (httpOnly cookies preferred)
  • • Implement automatic token refresh
  • • Verify tokens on every API request
  • • Use HTTPS in production
  • • Handle expired token errors gracefully
✗ Don't
  • • Store tokens in localStorage (XSS risk)
  • • Skip token verification on backend
  • • Use tokens past expiration
  • • Expose Firebase config publicly
  • • Trust client-side auth checks alone
Previous
Installation
Next
Data Format