PHPackages danieleambrosino/firebase-authentication-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. danieleambrosino/firebase-authentication-bundle ActiveSymfony-bundle[Authentication & Authorization](/categories/authentication) danieleambrosino/firebase-authentication-bundle =============================================== A lightweight, self-contained Symfony bundle providing authentication with JWTs generated from Firebase client SDK. 31.3k↓50%3PHP Since Jan 30Pushed 2y ago1 watchersCompare [ Source](https://github.com/danieleambrosino/firebase-authentication-bundle)[ Packagist](https://packagist.org/packages/danieleambrosino/firebase-authentication-bundle)[ RSS](/packages/danieleambrosino-firebase-authentication-bundle/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) FirebaseAuthenticationBundle ============================ [](#firebaseauthenticationbundle) A lightweight, self-contained, zero-dependency, spec-compliant Symfony bundle providing authentication with Firebase JWT out of the box. Works either with [short-lived ID tokens](https://firebase.google.com/docs/auth/admin/manage-sessions) and [session cookies](https://firebase.google.com/docs/auth/admin/manage-cookies). Installation ------------ [](#installation) Install this bundle with Composer: ``` composer require danieleambrosino/firebase-authentication-bundle ``` Configuration ------------- [](#configuration) Set your Firebase project's ID in an environment variable named `FIREBASE_PROJECT_ID`: ``` # .env FIREBASE_PROJECT_ID=projectid-1a2b3 ``` Add the `firebase` authenticator to any of your app's firewall: ``` # config/packages/security.yaml security: firewalls: main: stateless: true firebase: ~ ``` For each firewall you can choose the authentication `strategy` (default is `bearer`, see the [configuration reference](#configuration-reference)): - with the `bearer` strategy, your requests must be authenticated sending a [short-lived ID token](https://firebase.google.com/docs/auth/admin/manage-sessions) (generated by the Auth package of the Firebase client SDK you're using) into an `Authorization: Bearer` HTTP header (accordingly to [the OAuth 2.0 specification](https://datatracker.ietf.org/doc/html/rfc6750#section-2.1)); - with the `cookie` strategy, your requests must be authenticated sending a [session cookie token](https://firebase.google.com/docs/auth/admin/manage-cookies), named accordingly to the `cookie_name` parameter (default is `sessionToken`). That's it! The authenticated user will be identified using the claim in the JWT payload specified by the `user_identifier` parameter (default is `sub`). You can require that the email is verified by setting on a per-firewall basis the `verify_email` boolean parameter. Optionally, you can add a `leeway` package-level parameter (as a positive integer number of seconds) to account for clock skew with Google's servers. This bundle also provides a very basic user provider named `firebase` for basic purposes (e.g. securing the registration route). Configuration reference ----------------------- [](#configuration-reference) ### Package-level configuration [](#package-level-configuration) ``` # config/packages/firebase_authentication.yaml firebase_authentication: project_id: '%env(string:FIREBASE_PROJECT_ID)%' # The leeway to account for clock skew with Google servers leeway: 0 # Used only by the authenticators with "cookie" strategy cookie_name: sessionToken # The field in the payload used to identify the user user_identifier: sub ``` ### Firewall-level configuration [](#firewall-level-configuration) ``` # config/packages/security.yaml security: providers: # Give the provider any name you want # You just have to set the "firebase" field jwt: { firebase: ~ } firewalls: main: stateless: true firebase: strategy: bearer # One of "bearer"; "cookie" verify_email: false # If you want to enable the provider jwt: ~ ``` ### Health Score 20 — LowBetter than 14% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity25 Limited adoption so far Community11 Small or concentrated contributor base Maturity19 Early-stage or recently created project Bus Factor1 Top contributor holds 97.8% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/45a42a5f5dfc15be7a894d117343cfa48748c08a7c31eaae3dcf932b44fb588a?d=identicon)[danieleambrosino](/maintainers/danieleambrosino) --- Top Contributors [![danieleambrosino](https://avatars.githubusercontent.com/u/19910826?v=4)](https://github.com/danieleambrosino "danieleambrosino (44 commits)")[![tacman](https://avatars.githubusercontent.com/u/619585?v=4)](https://github.com/tacman "tacman (1 commits)") ### Embed Badge ![Health badge](/badges/danieleambrosino-firebase-authentication-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/danieleambrosino-firebase-authentication-bundle/health.svg)](https://phpackages.com/packages/danieleambrosino-firebase-authentication-bundle) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)