firebase-auth-id_token
Advanced tools
Add the following line to your Gemfile:
gem 'firebase-auth-id_token'
Then run bundle install
Set the following config code as config/initializers/firebase-auth-id_token.rb
Firebase::Auth::IDToken.configure do |config|
config.project_id = 'YOUR_FIREBASE_PROJECT_ID'
end
YOUR_FIREBASE_PROJECT_ID could be found at https://console.firebase.google.com
Use Firebase::Auth::IDToken#verify! as below
class ApplicationController < ActionController::API
before_action :verify_auth_token!
before_action :authenticate_user!
protected
def authenticate_user!
User.find_by!(uid: @auth_token_payload['sub'])
rescue ActiveRecord::RecordNotFound
head :unauthorized
end
def verify_auth_token!
@auth_token_payload = Firebase::Auth::IDToken.new(auth_id_token).verify!
# You should refetch ID token on the client side if you receive this 401
rescue Firebase::Auth::IDToken::Error::Expired
render json: { error: { message: 'Auth ID token expired' } }, status: :unauthorized
rescue Firebase::Auth::IDToken::Error::VerificationFail
# Notifying to Bugsnag/Sentry here will be nice
head :unauthorized
end
private
def auth_id_token
request.headers['Authorization']
end
end
class UsersController < ApplicationController
skip_before_action :authenticate_user!
def create
@user = User.new(user_params)
if @user.save
head :created
else
render json: { errors: @user.errors.full_messages }
end
end
private
def user_params
params.require(:user)
.permit(:name)
.merge(firebase_auth_uid: @auth_token_payload['sub'])
end
end
Firebase::Auth::IDToken::Error::ProjectIdNotSet - raised if you haven't set project_idFirebase::Auth::IDToken::Error::Expired - raised when the given token is expired, you should return an error code(e.g. 401) to the client so the client can refetch a new tokenThe following errors will basically be raised when the token is either unable to decode, or invalid.
These shouldn't be raised in normal use case, so rescuing the parent class(which is ~::VerificationFail) and notifying to error monitoring service might be good(see Usage section).
Firebase::Auth::IDToken::Error::ExpiredFirebase::Auth::IDToken::Error::CannotDecodeFirebase::Auth::IDToken::Error::IncorrectAlgorithmFirebase::Auth::IDToken::Error::InvalidIatFireBase::Auth::IDToken::Error::InvalidAudFireBase::Auth::IDToken::Error::InvalidIssuerFireBase::Auth::IDToken::Error::InvalidSubFireBase::Auth::IDToken::Error::InvalidAuthTimeGoogle::Apis::IdentitytoolkitV3::GetAccountInfoRequest. Sample codeFAQs
Unknown package
We found that firebase-auth-id_token demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.