fireauth

package module

v1.0.0 Latest Latest Go to latest Published: Feb 21, 2017 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/lewiswatson/firebase-jwt-auth

Links

Open Source Insights

README ¶

Firebase Authentication JWT Verifier

This library follows the instructions described in verify id tokens using third-party JWT library section of the firebase documentation.

Example Usage

import (
	"github.com/LewisWatson/firebase-jwt-auth"
	"github.com/manyminds/api2go"
)

// tokenVerifier previously initialised with fireauth.New("projectname")
func verify(r api2go.Request, tokenVerifier fireauth.TokenVerifier) error {
	token := r.Header.Get("authorization")
	userID, claims, err := tokenVerifier.Verify(token)
	if err != nil {
		return err
	}
	r.Context.Set("userID", userID)
	r.Context.Set("claims", claims)
	return nil
}

Documentation ¶

Overview ¶

Package fireauth provides ability to verify firebase authentication ID tokens

Example ¶

package main

import (
	"io/ioutil"
	"log"

	"github.com/LewisWatson/firebase-jwt-auth"
)

func main() {

	fireauth, err := fireauth.New("example project")
	if err != nil {
		log.Fatalf("%v", err)
	}

	token, err := getToken()
	if err != nil {
		log.Fatalf("%v", err)
	}

	userID, claims, err := fireauth.Verify(token)
	if err != nil {
		log.Fatalf("%v", err)
	}

	log.Printf("userID %v, claims %+v", userID, claims)
}

func getToken() (string, error) {
	content, err := ioutil.ReadFile("testdata/token.txt")
	if err != nil {
		return "", err
	}

	return string(content), nil
}

Output:

Index ¶

Constants
Variables
func GetKeys(tokens map[string]interface{}, keyURL string) (int64, error)
type FireAuth
- func New(projectID string) (*FireAuth, error)
- func (fb *FireAuth) UpdatePublicKeys() error
- func (fb *FireAuth) Verify(accessToken string) (string, jwt.Claims, error)
type TokenVerifier
Bugs

Examples ¶

Package

Constants ¶

View Source

const (
	// FirebaseKeyURL Firebase key provider url
	// specified in https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library
	FirebaseKeyURL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com"

	// IssPrefix JWT issuer prefix
	// specified in https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library
	IssPrefix = "https://securetoken.google.com/"
)

View Source

const HeaderCacheControl = "Cache-Control"

HeaderCacheControl Cache-Control field in http response header

Variables ¶

View Source

var (
	// ErrNilToken is returned when the authorization token is empty
	ErrNilToken = errors.New("Empty authorizatin token")

	// ErrRSAVerification is missing from crypto/ecdsa compared to crypto/rsa
	ErrRSAVerification = errors.New("crypto/rsa: verification error")

	// ErrNotIssuedYet indicates that the token hasn't been issued yet
	ErrNotIssuedYet = errors.New("Token not issued yet")

	// ErrCacheControlHeaderLacksMaxAge indicates that the key server response didnt contain a max age
	// as specified by the firebase docs
	ErrCacheControlHeaderLacksMaxAge = errors.New("cache control header doesn't contain a max age")
)

Functions ¶

func GetKeys ¶

func GetKeys(tokens map[string]interface{}, keyURL string) (int64, error)

GetKeys client tokens must be signed by one of the server keys provided via a url. The keys expire after a certain amount of time so we need to track that also.

Types ¶

type FireAuth ¶

type FireAuth struct {
	ProjectID string

	KeyURL    string
	IssPrefix string
	Clock     clock.Clock

	sync.RWMutex
	// contains filtered or unexported fields
}

FireAuth module to verify and extract information from Firebase JWT tokens

func New ¶

func New(projectID string) (*FireAuth, error)

New creates a new instance of FireAuth with default values and loads the latest keys from the Firebase servers

func (*FireAuth) UpdatePublicKeys ¶

func (fb *FireAuth) UpdatePublicKeys() error

UpdatePublicKeys retrieves the latest Firebase keys

func (*FireAuth) Verify ¶

func (fb *FireAuth) Verify(accessToken string) (string, jwt.Claims, error)

Verify to satisfy the fireauth.TokenVerifier interface

type TokenVerifier ¶

type TokenVerifier interface {
	Verify(token string) (userID string, claims jwt.Claims, err error)
}

TokenVerifier verifies authenticaion tokens

Notes ¶

Bugs ¶

should extract kid from header and only verify against that key

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL