diff --git a/.changeset/clever-cats-clean.md b/.changeset/clever-cats-clean.md
new file mode 100644
index 0000000..973db42
--- /dev/null
+++ b/.changeset/clever-cats-clean.md
@@ -0,0 +1,5 @@
+---
+'@tern-secure/nextjs': patch
+---
+
+feat: update auth handling to remove FirebaseServerApp functionality
diff --git a/apps/test/app/protected/page.tsx b/apps/test/app/protected/page.tsx
index 13117d8..35e193c 100644
--- a/apps/test/app/protected/page.tsx
+++ b/apps/test/app/protected/page.tsx
@@ -4,10 +4,10 @@ import { ProtectedPageClient } from './protectedClient';
 export const dynamic = 'force-dynamic';
 
 export default async function ProtectedPage() {
-  const { user, require, redirectToSignIn } = await auth();
+  const { sessionClaims, require, redirectToSignIn } = await auth();
   if (!require({ role: 'admin' })) return <div>Access Denied now</div>;
 
-  if (!user) return redirectToSignIn();
+  if (!sessionClaims?.aud) return redirectToSignIn();
 
-  return <ProtectedPageClient user={user} />;
+  return <ProtectedPageClient user={sessionClaims} />;
 }
diff --git a/apps/test/app/protected/protectedClient.tsx b/apps/test/app/protected/protectedClient.tsx
index f1513c6..544d822 100644
--- a/apps/test/app/protected/protectedClient.tsx
+++ b/apps/test/app/protected/protectedClient.tsx
@@ -1,12 +1,11 @@
 "use client";
 
 import { useRouter } from "next/navigation";
-import type { TernSecureUser } from "@tern-secure/nextjs";
+import type { DecodedIdToken } from "@tern-secure/nextjs";
 
-export type SerializableTernSecureUser = Omit<TernSecureUser, 'delete' | 'getIdToken' | 'getIdTokenResult' | 'reload' | 'toJSON'>;
 
 interface ProtectedPageClientProps {
-  user: SerializableTernSecureUser;
+  user: DecodedIdToken;
 }
 
 export function ProtectedPageClient({
diff --git a/packages/nextjs/src/app-router/server/auth.ts b/packages/nextjs/src/app-router/server/auth.ts
index 2f8f157..fb6a3a3 100644
--- a/packages/nextjs/src/app-router/server/auth.ts
+++ b/packages/nextjs/src/app-router/server/auth.ts
@@ -3,7 +3,7 @@ import { createRedirect, createTernSecureRequest } from '@tern-secure/backend';
 import { notFound, redirect } from 'next/navigation';
 
 import { SIGN_IN_URL, SIGN_UP_URL } from '../../server/constant';
-import { type Aobj, getAuthDataFromRequest } from '../../server/data/getAuthDataFromRequest';
+import { getAuthDataFromRequest } from '../../server/data/getAuthDataFromRequest';
 import { getAuthKeyFromRequest } from '../../server/headers-utils';
 import { type AuthProtect, createProtect } from '../../server/protect';
 import type { BaseUser, RequestLike } from '../../server/types';
@@ -20,7 +20,7 @@ export interface AuthResult {
 /**
  * `Auth` object of the currently active user and the `redirectToSignIn()` method.
  */
-type Auth = AuthObject & Aobj & {
+type Auth = AuthObject & {
   redirectToSignIn: RedirectFun<ReturnType<typeof redirect>>;
   redirectToSignUp: RedirectFun<ReturnType<typeof redirect>>;
 };
diff --git a/packages/nextjs/src/index.ts b/packages/nextjs/src/index.ts
index 78235f8..3c56c78 100644
--- a/packages/nextjs/src/index.ts
+++ b/packages/nextjs/src/index.ts
@@ -15,6 +15,7 @@ export {
 } from './components/uiComponents'
 
 export type {
+  DecodedIdToken,
   TernSecureUser,
   SignInResponse,
   SignUpResponse,
diff --git a/packages/nextjs/src/server/data/getAuthDataFromRequest.ts b/packages/nextjs/src/server/data/getAuthDataFromRequest.ts
index 5d79e8d..49f9f72 100644
--- a/packages/nextjs/src/server/data/getAuthDataFromRequest.ts
+++ b/packages/nextjs/src/server/data/getAuthDataFromRequest.ts
@@ -91,38 +91,35 @@ export async function getTernSecureAuthData(
   return authObjectToSerializable({ ...initialState, ...authObject });
 }
 
-export async function getAuthDataFromRequest(req: RequestLike): Promise<AuthObject & Aobj> {
+
+/**
+ * Given the issue ( https://github.com/firebase/firebase-js-sdk/issues/9423 ) that affects the authenticateRequest function, 
+ * change from Promise<AuthObject & Aobj> to Promise<AuthObject> only. no firebaseserverapp user object needed.
+ * @param req 
+ * @returns 
+ */
+export async function getAuthDataFromRequest(req: RequestLike): Promise<AuthObject> {
   const authStatus = getAuthKeyFromRequest(req, "AuthStatus");
   const authToken = getAuthKeyFromRequest(req, "AuthToken");
 
   if (!authStatus || authStatus !== AuthStatus.SignedIn) {
     return {
       ...signedOutAuthObject(),
-      user: null,
-      userId: null
     }
   }
 
-  const firebaseUser = await authenticateRequest(
-    authToken as string,
-    req as any
-  );
-  if (!firebaseUser || !firebaseUser.claims) {
-    return {
-      ...signedOutAuthObject(),
-      user: null,
-      userId: null
-    }
-  }
-  const { user } = firebaseUser;
   const jwt = ternDecodeJwt(authToken as string);
   const authObject = signedInAuthObject(authToken as string, jwt.payload);
   return {
     ...authObject,
-    user: user || null,
   };
 }
 
+/***
+ * InitializeServerApp seems to have issue with Refer header. firebase doesnt have a fix yet. 
+ * see link https://github.com/firebase/firebase-js-sdk/issues/9423
+ * we might need to use this feature in the future when firebase fix this issue.
+ */
 const authenticateRequest = async (
   token: string,
   request: Request,