Eld

Gem Version Build Known Vulnerabilities

Firebase Authentication for Ruby applications.

Installation

Add this line to your application's Gemfile:

gem "eld"

And then execute:

$ bundle install

Or install it yourself as:

$ gem install eld

Usage

Eld takes a Firebase access token and decodes it. Once you've decoded the token, the rest is up to you!

See Firebase Authentication for example client implementations.

Basic Usage

Eld.configure do |c|
  c.firebase_id = "FIREBASE_PROJECT_ID"
end

decoded_token = Eld.authenticate("FIREBASE_ACCESS_TOKEN")
# =>
{
  "iss" => "https://securetoken.google.com/fire-auth-67d5f",
  "aud" => "fire-auth-67d5f",
  "auth_time" => 1679606435,
  "user_id" => "Z02vuFq6RAU1NqVrWrdLAjyiqJ83",
  "sub" => "Z02vuFq6RAU1NqVrWrdLAjyiqJ83",
  "iat" => 1679606435,
  "exp" => 1679610035,
  "email" => "[email protected]",
  "email_verified" => false,
  "firebase" => {
    "identities" => {
      "email" => ["[email protected]"]
    },
    "sign_in_provider"=>"password"
  }
}

user = User.new(decoded_token)

Advanced Setup

Eld.configure do |c|
  # Use one or more Firebase projects
  c.firebase_id = "FIREBASE_PROJECT_ID"
  # c.firebase_id = ["FIREBASE_PROJECT_ID_1", "FIREBASE_PROJECT_ID_2"]

  # Use Redis to cache (recommended)
  # By default we use Eld::Cache::Memory
  # You can also create your own cache implementation.
  c.cache = Eld::Cache::Redis.new(
    client: Redis.new, # Your redis client
    cache_key "eld/certificates" # Optional: This is the default key
  )

  # Use your own authenticator
  # See Eld::Authenticator for an example implementation.
  c.authenticator = CustomAuthenticator
end

Certificates

The default behavior of Eld is to lazily handle caching and fetching certificates from Google when authenticating tokens. This means you don't have to worry about refreshing certificates at any particular interval. However, you can refresh the cache and fetch new certificates whenever you want should you need to.

Eld::Certificate.refresh

Custom Authenticators

You can create your own authenticator and use it as a new default or build it anywhere.

Custom authenticators will still use Eld defaults for caching.

class CustomAuthenticator < Eld::Authenticator
  # The default behavior is to return the decoded token
  # You could add additional behavior like finding or instantiating
  # a user.
  def respond(decoded_token)
    User.find_by(uid: decoded_token['user_id'])
  end

  # The default authenticator swallows JWT errors
  # You might want to handle them on your own.
  def handle_error(error)
    ReportError.call(error)
    false
  end
end

# Set a new default authenticator
Eld.authenticator = CustomAuthenticator
Eld.authenticate(token)
# => User(uid: "1231231")

# Instantiate your own authenticator
authenticator = CustomAuthenticator.new(firebase_id: "FIREBASE_PROJECT_ID")
authenticator.authenticate(token)
# => User(uid: "1231231")

Rails Example

class ApplicationController < ActionController::Base
  before_action :authenticate_user!
  helper_method :current_user

  def authenticate_user!
    @current_user = nil

    token = request.headers["X-Access-Token"]
    decoded_token = Eld.authenticate(token)

    if payload
      # Find a User from DB?
      # Find or create a User?
      @current_user = User.find_by(uid: decoded_token['user_id'])

      # Wrap data in a User object?
      @current_user = User.new(decoded_token)
    end

    head :unauthorized unless @current_user
  end

  def current_user
    @current_user
  end
end

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/sunrick/eld. Please check the code of conduct before contributing.

License

The gem is available as open source under the terms of the MIT License.