Class: FirebaseTokenAuth::Client

Inherits:
Object
  • Object
show all
Defined in:
lib/firebase_token_auth/client.rb

Constant Summary collapse

CUSTOM_TOKEN_AUD = 
'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit'.freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(configuration) ⇒ Client

Returns a new instance of Client.



21
22
23
24
25
26
 
# File 'lib/firebase_token_auth/client.rb', line 21

def initialize(configuration)
  @configuration = configuration
  @configuration.prepare
  @public_key_manager = PublicKeyManager.new
  @validator = Validator.new
end

Instance Attribute Details

#configurationObject

Returns the value of attribute configuration.



19
20
21
 
# File 'lib/firebase_token_auth/client.rb', line 19

def configuration
  @configuration
end

#public_key_managerObject

Returns the value of attribute public_key_manager.



19
20
21
 
# File 'lib/firebase_token_auth/client.rb', line 19

def public_key_manager
  @public_key_manager
end

#validatorObject

Returns the value of attribute validator.



19
20
21
 
# File 'lib/firebase_token_auth/client.rb', line 19

def validator
  @validator
end

Instance Method Details

#create_custom_token(uid, additional_claims = nil) ⇒ Object

Raises:



40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/firebase_token_auth/client.rb', line 40

def create_custom_token(uid, additional_claims = nil)
  raise ConfigurationError, 'To create custom token, You must configure credentials via json or environmental variables.' unless configuration.configured_for_custom_token?

  now_seconds = Time.now.to_i
  payload = { iss: configuration.client_email,
              sub: configuration.client_email,
              aud: CUSTOM_TOKEN_AUD,
              iat: now_seconds,
              exp: now_seconds + (60 * 60),
              uid: uid }
  payload.merge!({ claims: additional_claims }) if additional_claims
  JWT.encode(payload, configuration.private_key, ALGORITHM)
end

#update_user(uid, attribute_hash) ⇒ Object 



66
67
68
 
# File 'lib/firebase_token_auth/client.rb', line 66

def update_user(uid, attribute_hash)
  admin_client.(uid, attribute_hash).to_h
end

#user_search_by_email(email) ⇒ Object 



58
59
60
 
# File 'lib/firebase_token_auth/client.rb', line 58

def user_search_by_email(email)
  admin_client.({ email: [email] })&.users&.map(&:to_h)
end

#user_search_by_uid(uid) ⇒ Object 



62
63
64
 
# File 'lib/firebase_token_auth/client.rb', line 62

def user_search_by_uid(uid)
  admin_client.({ local_id: [uid] })&.users&.map(&:to_h)
end

#verify_custom_token(custom_token) ⇒ Object 



54
55
56
 
# File 'lib/firebase_token_auth/client.rb', line 54

def verify_custom_token(custom_token)
  admin_client.verify_custom_token(custom_token).to_h
end

#verify_id_token(id_token, options = {}) ⇒ Object

Raises:



28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/firebase_token_auth/client.rb', line 28

def verify_id_token(id_token, options = {})
  raise ArgumentError, 'Firebase ID token must not null or blank strings.' if id_token.nil? || id_token.empty?

  public_key_id, decoded_jwt = validator.extract_kid(id_token)
  public_key_manager.refresh_publickeys!
  validator.validate(configuration.project_id, decoded_jwt)
  default_options = { algorithm: ALGORITHM, verify_iat: true, verify_expiration: true, exp_leeway: configuration.exp_leeway }
  raise ValidationError, 'Public key may have expired.' unless public_key_manager.public_keys.include?(public_key_id)
  jwt = JWT.decode(id_token, public_key_manager.public_keys[public_key_id].public_key, true, default_options.merge!(options))
  IdTokenResult.new(jwt[0]['sub'], IdToken.new(jwt[0], jwt[1]))
end