> ## Documentation Index
> Fetch the complete documentation index at: https://docs.powersync.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Firebase Auth

> Configure Firebase Authentication for PowerSync.

Configure authentication on the PowerSync instance with the following settings:

* **JWKS URI**: `https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com`
* **JWT Audience**: Firebase project ID

Firebase signs these tokens using RS256.

PowerSync will periodically refresh the keys using the above JWKS URI, and validate tokens against the configured audience (token `aud` value).

The Firebase user UID will be available as:

* `auth.user_id()` in [Sync Streams](/sync/streams/overview) (recommended)
* `request.user_id()` in [Sync Rules](/sync/rules/overview) (previously `token_parameters.user_id`)

<Tip>To use a different identifier as the user ID in Sync Streams / Sync Rules (for example, user email), use [Custom Authentication](/configuration/auth/custom).</Tip>

### PowerSync Cloud Configuration

1. In the [PowerSync Dashboard](https://dashboard.powersync.com/), select your project and instance and go to the **Client Auth** view.
2. Configure your Firebase **JWKS URI** and **JWT Audience** settings.
3. Click **Save and Deploy** to apply the changes.

### Self-Hosted Configuration

This can be configured via your [`service.yaml`](/configuration/powersync-service/self-hosted-instances):

```yaml service.yaml theme={null}
client_auth:
  # JWKS URIs can be specified here.
  jwks_uri: 'https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com'
  audience: ['<your Firebase project ID>']
```