firebase_token_auth 1.4.0 → 1.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +3 -1
  3. data/README.md +20 -0
  4. data/lib/firebase_token_auth/admin_client.rb +9 -0
  5. data/lib/firebase_token_auth/client.rb +5 -1
  6. data/lib/firebase_token_auth/configuration.rb +2 -2
  7. data/lib/firebase_token_auth/validator.rb +5 -0
  8. data/lib/firebase_token_auth/version.rb +1 -1
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5305379d0a25319f82d126005ab06fa001e3acd812f73bc737c21af4789fe3b4
4
- data.tar.gz: 9b9ed78c1d0e8387e917c29fc16af5fc30f7e13942ddead22cb7ef47e7402080
3
+ metadata.gz: 458419a9cc0f07b5c6d11037ef5a932cee6918b8f0d656dea8a16c57d42ff7bf
4
+ data.tar.gz: 5b8c715921349dfa20f5c5b8129c324edd75af04c4461360a01e1a918ba9a857
5
5
  SHA512:
6
- metadata.gz: 33dae3ad79c87a10d2afd84886d50ae492be46ee442940e82c51273c63b1b02a95d3f5ab221ca85de8a5792df902a660c8fb3dfa09da51d868180fa8280d4468
7
- data.tar.gz: 3b48e3429138938178a62622d1b3c36333920e4c872781a4de7e6d7108084ccc3029003edfbea0ddefec77fbfdc08a091caa0523ab941a9c94ffccf07b283925
6
+ metadata.gz: 8dbc7ccb903400b3c5606ccbfdb0668e7efba7debe2b0320655d621d67cd45f5ddd941e429071bdc6f5df2d27e85ad1fbedbdcd3841e4dd5a67367c530580b2c
7
+ data.tar.gz: 0771c7af336de27b1559398d7cb356fd5922e8847524be8c6aef2b478b92b6c6d68419446127e4b856d7365cd785d7110e754a9d5ca4f135a9f68b80b9f67fe4
data/.github/workflows/test.yml CHANGED
@@ -1,6 +1,8 @@
1
1
  name: rspec
2
2
 
3
- on: push
3
+ on:
4
+ workflow_dispatch:
5
+ push:
4
6
 
5
7
  jobs:
6
8
  rspec:
data/README.md CHANGED
@@ -91,6 +91,26 @@ puts c_token
91
91
  # => "eyJhbGciOXXX.eyJpc3MiOiJmaXJlYmFzXXXX.v7y7LoBXXXXX" # dummy
92
92
  ```
93
93
 
94
+ ### verify custom token
95
+ ```ruby
96
+ require 'firebase_token_auth'
97
+
98
+ FirebaseTokenAuth.configure do |config|
99
+ config.project_id = 'your_project_id'
100
+ config.json_key_io = "#{Rails.root}/path/to/service_account_credentials.json"
101
+ end
102
+
103
+ client = FirebaseTokenAuth.build
104
+ result = client.verify_custom_token(custom_token)
105
+
106
+ puts result
107
+ # => {:expires_in=>3600,
108
+ # :id_token=>"<id_token>",
109
+ # :is_new_user=>"<true/false>",
110
+ # :kind=>"identitytoolkit#VerifyCustomTokenResponse",
111
+ # :refresh_token=>"<refresh_token>"}
112
+ ```
113
+
94
114
  ### fetch users info from firebase
95
115
  ```ruby
96
116
  require 'firebase_token_auth'
data/lib/firebase_token_auth/admin_client.rb CHANGED
@@ -20,6 +20,15 @@ module FirebaseTokenAuth
20
20
  service.set_account_info(request)
21
21
  end
22
22
 
23
+ def verify_custom_token(custom_token)
24
+ request = Google::Apis::IdentitytoolkitV3::VerifyCustomTokenRequest.new(
25
+ token: custom_token,
26
+ return_secure_token: true
27
+ )
28
+
29
+ service.verify_custom_token(request)
30
+ end
31
+
23
32
  private
24
33
 
25
34
  def permit_attributes(attr_hash)
data/lib/firebase_token_auth/client.rb CHANGED
@@ -47,10 +47,14 @@ module FirebaseTokenAuth
47
47
  iat: now_seconds,
48
48
  exp: now_seconds + (60 * 60),
49
49
  uid: uid }
50
- payload.merge!({ claim: additional_claims }) if additional_claims
50
+ payload.merge!({ claims: additional_claims }) if additional_claims
51
51
  JWT.encode(payload, configuration.private_key, ALGORITHM)
52
52
  end
53
53
 
54
+ def verify_custom_token(custom_token)
55
+ admin_client.verify_custom_token(custom_token).to_h
56
+ end
57
+
54
58
  def user_search_by_email(email)
55
59
  admin_client.get_account_info({ email: [email] })&.users&.map(&:to_h)
56
60
  end
data/lib/firebase_token_auth/configuration.rb CHANGED
@@ -29,7 +29,7 @@ module FirebaseTokenAuth
29
29
 
30
30
  @auth = if json_key_io
31
31
  io = json_key_io.respond_to?(:read) ? json_key_io : File.open(json_key_io)
32
- io.rewind if io.respond_to?(:read)
32
+ io.rewind if io.respond_to?(:read)
33
33
  Google::Auth::ServiceAccountCredentials.make_creds(
34
34
  json_key_io: io,
35
35
  scope: scope
@@ -41,7 +41,7 @@ module FirebaseTokenAuth
41
41
 
42
42
  if json_key_io
43
43
  json_io = json_key_io.respond_to?(:read) ? json_key_io : File.open(json_key_io)
44
- json_io.rewind if json_key_io.respond_to?(:read)
44
+ json_io.rewind if json_key_io.respond_to?(:read)
45
45
  parsed = JSON.parse(json_io.read)
46
46
  @private_key = OpenSSL::PKey::RSA.new(parsed['private_key'])
47
47
  @client_email = parsed['client_email']
data/lib/firebase_token_auth/validator.rb CHANGED
@@ -14,11 +14,16 @@ module FirebaseTokenAuth
14
14
  raise ValidationError, 'Firebase ID token has no "sub" (subject) claim.' unless payload['sub'].is_a?(String)
15
15
  raise ValidationError, 'Firebase ID token has an empty string "sub" (subject) claim.' if payload['sub'].empty?
16
16
  raise ValidationError, 'Firebase ID token has "sub" (subject) claim longer than 128 characters.' if payload['sub'].size > 128
17
+ raise ValidationError, 'Firebase ID token has expired.' if expired?(payload['exp'])
17
18
  end
18
19
 
19
20
  def extract_kid(id_token)
20
21
  decoded = JWT.decode(id_token, nil, false, algorithm: ALGORITHM)
21
22
  [decoded[1]['kid'], decoded]
22
23
  end
24
+
25
+ def expired?(exp)
26
+ exp.to_i <= Time.now.to_i
27
+ end
23
28
  end
24
29
  end
data/lib/firebase_token_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module FirebaseTokenAuth
2
- VERSION = '1.4.0'.freeze
2
+ VERSION = '1.5.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: firebase_token_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.0
4
+ version: 1.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - miyataka
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-12-25 00:00:00.000000000 Z
11
+ date: 2023-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: google-apis-identitytoolkit_v3