No release in over 3 years
Low commit activity in last 3 years
Firebase ID Token utilities; currently just a parser/checker
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

>= 0
>= 0

Runtime

 Project Readme

FirebaseIDToken

FirebaseIDToken currently provides a single useful class "Validator", which provides a single method "#check", which parses and validates an ID Token allegedly generated by Firebase auth servers.

Creating a new validator takes a single optional hash argument. If the hash has an entry for :x509_key, that value is taken to be a key as created by OpenSSL::X509::Certificate.new, and the token is validated using that key. If there is no such entry, the keys are fetched from the Firebase certs endpoint https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com. The certificates are cached for some time (default: 1 day) which can be configured by adding the :expiry argument to the initialization hash (in seconds).

This project is basically a copy of https://github.com/google/google-id-token just adopted to Firebase instead of Google tokens.

Installation

gem install firebase-id-token

Examples

validator = FirebaseIDToken::Validator.new(expiry: 1800)
begin
  payload = validator.check(token, required_audience, required_client_id)
  email = payload['email']
rescue FirebaseIDToken::ValidationError => e
  report "Cannot validate: #{e}"
end


cert = OpenSSL::X509::Certificate.new(File.read('my-cert.pem'))
validator = FirebaseIDToken::Validator.new(x509_cert: cert)
begin
  payload = validator.check(token, required_audience, required_client_id)
  email = payload['email']
rescue FirebaseIDToken::ValidationError => e
  report "Cannot validate: #{e}"
end