Module: Firebase::Authentication

Defined in:
lib/firebase/authentication.rb,
lib/firebase/authentication/config.rb,
lib/firebase/authentication/service.rb,
lib/firebase/authentication/version.rb

Defined Under Namespace

Modules: Config Classes: Service

Constant Summary collapse

ALGORITHM = 
"RS256".freeze
ISSUER_BASE_URL = 
"https://securetoken.google.com/".freeze
CLIENT_CERT_URL = 
"https://www.googleapis.com/robot/v1/metadata/x509/[email protected]".freeze
VERSION = 
"1.0.0".freeze

Class Method Summary collapse

Class Method Details

.create_custom_token(uid, claims = {}) ⇒ Object 



36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/firebase/authentication.rb', line 36

def create_custom_token(uid, claims = {})
  private_key = OpenSSL::PKey::RSA.new Global.firebase.private_key.gsub("\\n", "\n")
   = Global.firebase.client_email
  now_seconds = Time.now.to_i
  payload = { iss: ,
              sub: ,
              aud: "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
              iat: now_seconds,
              exp: now_seconds + (60 * 60),
              uid: uid,
              claims: claims }
  JWT.encode payload, private_key, "RS256"
end

.verify(token) ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/firebase/authentication.rb', line 11

def verify(token)
  Rails.logger.info "#{self.class.name}\##{__method__} called."
  Rails.logger.info token
  raise "id token must be a String" unless token.is_a?(String)

  full_decoded_token = _decode_token(token)

  err_msg = _validate_jwt(full_decoded_token)
  raise err_msg if err_msg

  public_key = _fetch_public_keys[full_decoded_token[:header]["kid"]]
  unless public_key
    raise 'Firebase ID token has "kid" claim which does not correspond to a known public key.'\
          "Most likely the ID token is expired, so get a fresh token from your client app and try again."
  end

  certificate = OpenSSL::X509::Certificate.new(public_key)
  decoded_token = _decode_token(token, certificate.public_key, verify: true, options: { algorithm: ALGORITHM, verify_iat: true })

  {
    "uid" => decoded_token[:payload]["sub"],
    "decoded_token" => decoded_token
  }
end