Module: FirebaseIdtoken

Defined in:
lib/firebase_idtoken.rb,
lib/firebase_idtoken/version.rb

Defined Under Namespace

Classes: Configuration

Constant Summary collapse

ALGORITHM = 
'RS256'
ISSUER_BASE_URL = 
'https://securetoken.google.com/'
CLIENT_CERT_URL = 
'https://www.googleapis.com/robot/v1/metadata/x509/[email protected]'
VERSION = 
"0.1.3"

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.configurationObject

Returns the value of attribute configuration.



21
22
23
 
# File 'lib/firebase_idtoken.rb', line 21

def configuration
  @configuration
end

Class Method Details

.configure {|configuration| ... } ⇒ Object

Yields:



27
28
29
 
# File 'lib/firebase_idtoken.rb', line 27

def configure
  yield configuration
end

.verify(token) ⇒ Object 



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/firebase_idtoken.rb', line 35

def verify(token)
  raise 'id token must be a String' unless token.is_a?(String)

  full_decoded_token = decode_token(token)

  err_msg = validate_jwt(full_decoded_token)
  raise err_msg if err_msg

  public_key = fetch_public_keys[full_decoded_token[:header]['kid']]
  unless public_key
    raise 'Firebase ID token has "kid" claim which does not correspond to ' +
      'a known public key. Most likely the ID token is expired, so get a fresh token from your client ' +
      'app and try again.'
  end

  certificate = OpenSSL::X509::Certificate.new(public_key)
  decoded_token = decode_token(token, certificate.public_key, true, { algorithm: ALGORITHM, verify_iat: true })

  {
    'uid' => decoded_token[:payload]['sub'],
    'decoded_token' => decoded_token
  }
end