fireauth

package module
Version: v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 21, 2017 License: Apache-2.0 Imports: 12 Imported by: 0

README

Firebase Authentication JWT Verifier

Build Status Coverage Status GoDoc stability-stable

This library follows the instructions described in verify id tokens using third-party JWT library section of the firebase documentation.

Example Usage

import (
	"github.com/LewisWatson/firebase-jwt-auth"
	"github.com/manyminds/api2go"
)

// tokenVerifier previously initialised with fireauth.New("projectname")
func verify(r api2go.Request, tokenVerifier fireauth.TokenVerifier) error {
	token := r.Header.Get("authorization")
	userID, claims, err := tokenVerifier.Verify(token)
	if err != nil {
		return err
	}
	r.Context.Set("userID", userID)
	r.Context.Set("claims", claims)
	return nil
}

Documentation

Overview

Package fireauth provides ability to verify firebase authentication ID tokens

Example
package main

import (
	"io/ioutil"
	"log"

	"github.com/LewisWatson/firebase-jwt-auth"
)

func main() {

	fireauth, err := fireauth.New("example project")
	if err != nil {
		log.Fatalf("%v", err)
	}

	token, err := getToken()
	if err != nil {
		log.Fatalf("%v", err)
	}

	userID, claims, err := fireauth.Verify(token)
	if err != nil {
		log.Fatalf("%v", err)
	}

	log.Printf("userID %v, claims %+v", userID, claims)
}

func getToken() (string, error) {
	content, err := ioutil.ReadFile("testdata/token.txt")
	if err != nil {
		return "", err
	}

	return string(content), nil
}
Output:

Index

Examples

Constants

View Source
const (
	// FirebaseKeyURL Firebase key provider url
	// specified in https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library
	FirebaseKeyURL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com"

	// IssPrefix JWT issuer prefix
	// specified in https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library
	IssPrefix = "https://securetoken.google.com/"
)
View Source
const HeaderCacheControl = "Cache-Control"

HeaderCacheControl Cache-Control field in http response header

Variables

View Source
var (
	// ErrNilToken is returned when the authorization token is empty
	ErrNilToken = errors.New("Empty authorizatin token")

	// ErrRSAVerification is missing from crypto/ecdsa compared to crypto/rsa
	ErrRSAVerification = errors.New("crypto/rsa: verification error")

	// ErrNotIssuedYet indicates that the token hasn't been issued yet
	ErrNotIssuedYet = errors.New("Token not issued yet")

	// ErrCacheControlHeaderLacksMaxAge indicates that the key server response didnt contain a max age
	// as specified by the firebase docs
	ErrCacheControlHeaderLacksMaxAge = errors.New("cache control header doesn't contain a max age")
)

Functions

func GetKeys

func GetKeys(tokens map[string]interface{}, keyURL string) (int64, error)

GetKeys client tokens must be signed by one of the server keys provided via a url. The keys expire after a certain amount of time so we need to track that also.

Types

type FireAuth

type FireAuth struct {
	ProjectID string

	KeyURL    string
	IssPrefix string
	Clock     clock.Clock

	sync.RWMutex
	// contains filtered or unexported fields
}

FireAuth module to verify and extract information from Firebase JWT tokens

func New

func New(projectID string) (*FireAuth, error)

New creates a new instance of FireAuth with default values and loads the latest keys from the Firebase servers

func (*FireAuth) UpdatePublicKeys

func (fb *FireAuth) UpdatePublicKeys() error

UpdatePublicKeys retrieves the latest Firebase keys

func (*FireAuth) Verify

func (fb *FireAuth) Verify(accessToken string) (string, jwt.Claims, error)

Verify to satisfy the fireauth.TokenVerifier interface

type TokenVerifier

type TokenVerifier interface {
	Verify(token string) (userID string, claims jwt.Claims, err error)
}

TokenVerifier verifies authenticaion tokens

Notes

Bugs

  • should extract kid from header and only verify against that key

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL