Module: Firebase::Authentication
- Defined in:
- lib/firebase/authentication.rb,
lib/firebase/authentication/config.rb,
lib/firebase/authentication/service.rb,
lib/firebase/authentication/version.rb
Defined Under Namespace
Modules: Config
Classes: Service
Constant Summary
collapse
- ALGORITHM =
"RS256".freeze
- ISSUER_BASE_URL =
"https://securetoken.google.com/".freeze
- CLIENT_CERT_URL =
"https://www.googleapis.com/robot/v1/metadata/x509/[email protected]".freeze
- VERSION =
"1.0.0".freeze
Class Method Summary
collapse
Class Method Details
.create_custom_token(uid, claims = {}) ⇒ Object
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# File 'lib/firebase/authentication.rb', line 36
def create_custom_token(uid, claims = {})
private_key = OpenSSL::PKey::RSA.new Global.firebase.private_key.gsub("\\n", "\n")
service_account_email = Global.firebase.client_email
now_seconds = Time.now.to_i
payload = { iss: service_account_email,
sub: service_account_email,
aud: "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
iat: now_seconds,
exp: now_seconds + (60 * 60),
uid: uid,
claims: claims }
JWT.encode payload, private_key, "RS256"
end
|
.verify(token) ⇒ Object
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
# File 'lib/firebase/authentication.rb', line 11
def verify(token)
Rails.logger.info "#{self.class.name}\##{__method__} called."
Rails.logger.info token
raise "id token must be a String" unless token.is_a?(String)
full_decoded_token = _decode_token(token)
err_msg = _validate_jwt(full_decoded_token)
raise err_msg if err_msg
public_key = _fetch_public_keys[full_decoded_token[:header]["kid"]]
unless public_key
raise 'Firebase ID token has "kid" claim which does not correspond to a known public key.'\
"Most likely the ID token is expired, so get a fresh token from your client app and try again."
end
certificate = OpenSSL::X509::Certificate.new(public_key)
decoded_token = _decode_token(token, certificate.public_key, verify: true, options: { algorithm: ALGORITHM, verify_iat: true })
{
"uid" => decoded_token[:payload]["sub"],
"decoded_token" => decoded_token
}
end
|