firebase_token_auth 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +3 -1
- data/README.md +20 -0
- data/lib/firebase_token_auth/admin_client.rb +9 -0
- data/lib/firebase_token_auth/client.rb +5 -1
- data/lib/firebase_token_auth/configuration.rb +2 -2
- data/lib/firebase_token_auth/validator.rb +5 -0
- data/lib/firebase_token_auth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 458419a9cc0f07b5c6d11037ef5a932cee6918b8f0d656dea8a16c57d42ff7bf
|
|
4
|
+
data.tar.gz: 5b8c715921349dfa20f5c5b8129c324edd75af04c4461360a01e1a918ba9a857
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8dbc7ccb903400b3c5606ccbfdb0668e7efba7debe2b0320655d621d67cd45f5ddd941e429071bdc6f5df2d27e85ad1fbedbdcd3841e4dd5a67367c530580b2c
|
|
7
|
+
data.tar.gz: 0771c7af336de27b1559398d7cb356fd5922e8847524be8c6aef2b478b92b6c6d68419446127e4b856d7365cd785d7110e754a9d5ca4f135a9f68b80b9f67fe4
|
data/.github/workflows/test.yml
CHANGED
data/README.md
CHANGED
|
@@ -91,6 +91,26 @@ puts c_token
|
|
|
91
91
|
# => "eyJhbGciOXXX.eyJpc3MiOiJmaXJlYmFzXXXX.v7y7LoBXXXXX" # dummy
|
|
92
92
|
```
|
|
93
93
|
|
|
94
|
+
### verify custom token
|
|
95
|
+
```ruby
|
|
96
|
+
require 'firebase_token_auth'
|
|
97
|
+
|
|
98
|
+
FirebaseTokenAuth.configure do |config|
|
|
99
|
+
config.project_id = 'your_project_id'
|
|
100
|
+
config.json_key_io = "#{Rails.root}/path/to/service_account_credentials.json"
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
client = FirebaseTokenAuth.build
|
|
104
|
+
result = client.verify_custom_token(custom_token)
|
|
105
|
+
|
|
106
|
+
puts result
|
|
107
|
+
# => {:expires_in=>3600,
|
|
108
|
+
# :id_token=>"<id_token>",
|
|
109
|
+
# :is_new_user=>"<true/false>",
|
|
110
|
+
# :kind=>"identitytoolkit#VerifyCustomTokenResponse",
|
|
111
|
+
# :refresh_token=>"<refresh_token>"}
|
|
112
|
+
```
|
|
113
|
+
|
|
94
114
|
### fetch users info from firebase
|
|
95
115
|
```ruby
|
|
96
116
|
require 'firebase_token_auth'
|
|
@@ -20,6 +20,15 @@ module FirebaseTokenAuth
|
|
|
20
20
|
service.set_account_info(request)
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
+
def verify_custom_token(custom_token)
|
|
24
|
+
request = Google::Apis::IdentitytoolkitV3::VerifyCustomTokenRequest.new(
|
|
25
|
+
token: custom_token,
|
|
26
|
+
return_secure_token: true
|
|
27
|
+
)
|
|
28
|
+
|
|
29
|
+
service.verify_custom_token(request)
|
|
30
|
+
end
|
|
31
|
+
|
|
23
32
|
private
|
|
24
33
|
|
|
25
34
|
def permit_attributes(attr_hash)
|
|
@@ -47,10 +47,14 @@ module FirebaseTokenAuth
|
|
|
47
47
|
iat: now_seconds,
|
|
48
48
|
exp: now_seconds + (60 * 60),
|
|
49
49
|
uid: uid }
|
|
50
|
-
payload.merge!({
|
|
50
|
+
payload.merge!({ claims: additional_claims }) if additional_claims
|
|
51
51
|
JWT.encode(payload, configuration.private_key, ALGORITHM)
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
+
def verify_custom_token(custom_token)
|
|
55
|
+
admin_client.verify_custom_token(custom_token).to_h
|
|
56
|
+
end
|
|
57
|
+
|
|
54
58
|
def user_search_by_email(email)
|
|
55
59
|
admin_client.get_account_info({ email: [email] })&.users&.map(&:to_h)
|
|
56
60
|
end
|
|
@@ -29,7 +29,7 @@ module FirebaseTokenAuth
|
|
|
29
29
|
|
|
30
30
|
@auth = if json_key_io
|
|
31
31
|
io = json_key_io.respond_to?(:read) ? json_key_io : File.open(json_key_io)
|
|
32
|
-
io.rewind if io.respond_to?(:read)
|
|
32
|
+
io.rewind if io.respond_to?(:read)
|
|
33
33
|
Google::Auth::ServiceAccountCredentials.make_creds(
|
|
34
34
|
json_key_io: io,
|
|
35
35
|
scope: scope
|
|
@@ -41,7 +41,7 @@ module FirebaseTokenAuth
|
|
|
41
41
|
|
|
42
42
|
if json_key_io
|
|
43
43
|
json_io = json_key_io.respond_to?(:read) ? json_key_io : File.open(json_key_io)
|
|
44
|
-
json_io.rewind if json_key_io.respond_to?(:read)
|
|
44
|
+
json_io.rewind if json_key_io.respond_to?(:read)
|
|
45
45
|
parsed = JSON.parse(json_io.read)
|
|
46
46
|
@private_key = OpenSSL::PKey::RSA.new(parsed['private_key'])
|
|
47
47
|
@client_email = parsed['client_email']
|
|
@@ -14,11 +14,16 @@ module FirebaseTokenAuth
|
|
|
14
14
|
raise ValidationError, 'Firebase ID token has no "sub" (subject) claim.' unless payload['sub'].is_a?(String)
|
|
15
15
|
raise ValidationError, 'Firebase ID token has an empty string "sub" (subject) claim.' if payload['sub'].empty?
|
|
16
16
|
raise ValidationError, 'Firebase ID token has "sub" (subject) claim longer than 128 characters.' if payload['sub'].size > 128
|
|
17
|
+
raise ValidationError, 'Firebase ID token has expired.' if expired?(payload['exp'])
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
def extract_kid(id_token)
|
|
20
21
|
decoded = JWT.decode(id_token, nil, false, algorithm: ALGORITHM)
|
|
21
22
|
[decoded[1]['kid'], decoded]
|
|
22
23
|
end
|
|
24
|
+
|
|
25
|
+
def expired?(exp)
|
|
26
|
+
exp.to_i <= Time.now.to_i
|
|
27
|
+
end
|
|
23
28
|
end
|
|
24
29
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: firebase_token_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- miyataka
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-08-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: google-apis-identitytoolkit_v3
|