Skip to main content
Configure authentication on the PowerSync instance with the following settings:
  • JWKS URI: https://www.googleapis.com/service_accounts/v1/jwk/[email protected]
  • JWT Audience: Firebase project ID
Firebase signs these tokens using RS256. PowerSync will periodically refresh the keys using the above JWKS URI, and validate tokens against the configured audience (token aud value). The Firebase user UID will be available as:
  • request.user_id() in Sync Rules (previously token_parameters.user_id)
  • Or, auth.user_id() if you are using Sync Streams
To use a different identifier as the user ID in Sync Rules / Streams (for example, user email), use Custom Authentication.

PowerSync Cloud Configuration

  1. In the PowerSync Dashboard, select your project and instance and go to the Client Auth view.
  2. Configure your Firebase JWKS URI and JWT Audience settings.
  3. Click Save and Deploy to apply the changes.

Self-Hosted Configuration

This can be configured via your config.yaml:
config.yaml
client_auth:
  # JWKS URIs can be specified here.
  jwks_uri: 'https://www.googleapis.com/service_accounts/v1/jwk/[email protected]'
  audience: ['<your Firebase project ID>']