Docs
Authentication
Verify WynAI users in your app using Firebase SSO.
How it works
WynAI uses Firebase Authentication. When a user opens your app, WynAI sends a Firebase ID token via the INIT_SESSION postMessage. Your server must verify this token using the Firebase Admin SDK.
Firebase ID tokens expire after 1 hour. WynAI automatically sends a
REFRESH_TOKEN message every ~50 minutes with a new token. Update your session accordingly.Verify the token (Node.js)
server.js (Express example)
import admin from 'firebase-admin';
// Initialize once with your service account
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
});
// POST /auth/wynai-login
app.post('/auth/wynai-login', async (req, res) => {
const { token } = req.body;
try {
const decoded = await admin.auth().verifyIdToken(token);
// decoded.uid = Firebase UID (same as userId from INIT_SESSION)
// decoded.email = user email
// Create your own session here (JWT, cookie, etc.)
const session = createSession(decoded.uid);
res.json({ ok: true, session });
} catch (err) {
res.status(401).json({ error: 'Invalid token' });
}
});Check app access
Before showing premium content, verify the user has purchased or installed your app:
your-backend.js
const API_BASE = 'https://ai.wordai.pro';
async function checkAccess(idToken, appId) {
const res = await fetch(
`${API_BASE}/api/v1/apps/${appId}/access`,
{ headers: { Authorization: `Bearer ${idToken}` } }
);
const data = await res.json();
// data.has_access: boolean
// data.purchase_status: 'purchased' | 'free' | 'none'
return data;
}Firebase project details
| Project ID | wordai-6779e |
| Auth domain | auth.wynai.pro |
| Token issuer | https://securetoken.google.com/wordai-6779e |
The Firebase Admin SDK will auto-fetch the public keys from Google's JWKS endpoint — no manual key management needed.