firebase_token_auth 1.4.0 → 1.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5305379d0a25319f82d126005ab06fa001e3acd812f73bc737c21af4789fe3b4
-  data.tar.gz: 9b9ed78c1d0e8387e917c29fc16af5fc30f7e13942ddead22cb7ef47e7402080
+  metadata.gz: 197296c820b4912863ba1bb7e0d312be53e36baaada6f1b80d265c38191c430d
+  data.tar.gz: b9a6bbbca9480b5e7d57afccb89c8c65044e87ad35a66f746d297a69fc9d97d2
 SHA512:
-  metadata.gz: 33dae3ad79c87a10d2afd84886d50ae492be46ee442940e82c51273c63b1b02a95d3f5ab221ca85de8a5792df902a660c8fb3dfa09da51d868180fa8280d4468
-  data.tar.gz: 3b48e3429138938178a62622d1b3c36333920e4c872781a4de7e6d7108084ccc3029003edfbea0ddefec77fbfdc08a091caa0523ab941a9c94ffccf07b283925
+  metadata.gz: e1e2537dc84f0d5aef2ceabd2893b7cc0bc09b9b806892955a7608c0525bba8efa99b1058ff7292b43a103122f6f074ea69cbd6f9fadaa0fb1eb2a54d81d728a
+  data.tar.gz: 3cc646d76aa797cb741ad1ad8a5d6b4c67080f2e62b34b9d46c05b47dd4052c91faa1abbf488390725262b57b4ba763ca342314807f4a92d862c03b839e8fb36

data/.github/workflows/test.yml

@@ -1,13 +1,15 @@
 name: rspec
 
-on: push
+on:
+  workflow_dispatch:
+  push:
 
 jobs:
   rspec:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby: [ 2.6, 2.7, "3.0", 3.1, 3.2 ]
+        ruby: [ 2.6, 2.7, "3.0", 3.1, 3.2, 3.3 ]
     steps:
       - uses: actions/checkout@v3
 
@@ -18,9 +20,10 @@ jobs:
 
       - name: Configure Bundler
         run: |
-          gem update --system
+          ruby -v
+          # gem update --system
           gem --version
-          gem install -N bundler -v 2
+          gem install -N bundler -v 2.4
 
       - uses: actions/cache@v3
         with:

data/README.md

@@ -91,6 +91,26 @@ puts c_token
 # => "eyJhbGciOXXX.eyJpc3MiOiJmaXJlYmFzXXXX.v7y7LoBXXXXX" # dummy
 ```
 
+### verify custom token
+```ruby
+require 'firebase_token_auth'
+
+FirebaseTokenAuth.configure do |config|
+  config.project_id = 'your_project_id'
+  config.json_key_io = "#{Rails.root}/path/to/service_account_credentials.json"
+end
+
+client = FirebaseTokenAuth.build
+result = client.verify_custom_token(custom_token)
+
+puts result
+# => {:expires_in=>3600,
+#   :id_token=>"<id_token>",
+#   :is_new_user=>"<true/false>",
+#   :kind=>"identitytoolkit#VerifyCustomTokenResponse",
+#   :refresh_token=>"<refresh_token>"}
+```
+
 ### fetch users info from firebase
 ```ruby
 require 'firebase_token_auth'

data/lib/firebase_token_auth/admin_client.rb

@@ -20,6 +20,15 @@ module FirebaseTokenAuth
       service.set_account_info(request)
     end
 
+    def verify_custom_token(custom_token)
+      request = Google::Apis::IdentitytoolkitV3::VerifyCustomTokenRequest.new(
+        token: custom_token,
+        return_secure_token: true
+      )
+
+      service.verify_custom_token(request)
+    end
+
     private
 
       def permit_attributes(attr_hash)

data/lib/firebase_token_auth/client.rb

@@ -47,10 +47,14 @@ module FirebaseTokenAuth
                   iat: now_seconds,
                   exp: now_seconds + (60 * 60),
                   uid: uid }
-      payload.merge!({ claim: additional_claims }) if additional_claims
+      payload.merge!({ claims: additional_claims }) if additional_claims
       JWT.encode(payload, configuration.private_key, ALGORITHM)
     end
 
+    def verify_custom_token(custom_token)
+      admin_client.verify_custom_token(custom_token).to_h
+    end
+
     def user_search_by_email(email)
       admin_client.get_account_info({ email: [email] })&.users&.map(&:to_h)
     end

data/lib/firebase_token_auth/configuration.rb

@@ -29,7 +29,7 @@ module FirebaseTokenAuth
 
       @auth = if json_key_io
                 io = json_key_io.respond_to?(:read) ? json_key_io : File.open(json_key_io)
-                io.rewind if io.respond_to?(:read) 
+                io.rewind if io.respond_to?(:read)
                 Google::Auth::ServiceAccountCredentials.make_creds(
                   json_key_io: io,
                   scope: scope
@@ -41,7 +41,7 @@ module FirebaseTokenAuth
 
       if json_key_io
         json_io = json_key_io.respond_to?(:read) ? json_key_io : File.open(json_key_io)
-        json_io.rewind if json_key_io.respond_to?(:read) 
+        json_io.rewind if json_key_io.respond_to?(:read)
         parsed = JSON.parse(json_io.read)
         @private_key = OpenSSL::PKey::RSA.new(parsed['private_key'])
         @client_email = parsed['client_email']

data/lib/firebase_token_auth/validator.rb

@@ -14,11 +14,16 @@ module FirebaseTokenAuth
       raise ValidationError, 'Firebase ID token has no "sub" (subject) claim.' unless payload['sub'].is_a?(String)
       raise ValidationError, 'Firebase ID token has an empty string "sub" (subject) claim.' if payload['sub'].empty?
       raise ValidationError, 'Firebase ID token has "sub" (subject) claim longer than 128 characters.' if payload['sub'].size > 128
+      raise ValidationError, 'Firebase ID token has expired.' if expired?(payload['exp'])
     end
 
     def extract_kid(id_token)
       decoded = JWT.decode(id_token, nil, false, algorithm: ALGORITHM)
       [decoded[1]['kid'], decoded]
     end
+
+    def expired?(exp)
+      exp.to_i <= Time.now.to_i
+    end
   end
 end

data/lib/firebase_token_auth/version.rb

@@ -1,3 +1,3 @@
 module FirebaseTokenAuth
-  VERSION = '1.4.0'.freeze
+  VERSION = '1.5.1'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: firebase_token_auth
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.1
 platform: ruby
 authors:
 - miyataka
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-12-25 00:00:00.000000000 Z
+date: 2023-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-identitytoolkit_v3
@@ -86,7 +86,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.1
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: Firebase Authentication API wrapper for serverside. It support custom token