Skip to content
/ guardian_firebase Public

Library for authenticating against Google Firebase using Guardian

License

MIT license
4 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hippware/guardian_firebase

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
config
config
 
 
fixture
fixture
 
 
lib
lib
 
 
test
test
 
 
.formatter.exs
.formatter.exs
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mix.exs
mix.exs
 
 
mix.lock
mix.lock
 
 

Repository files navigation

GuardianFirebase

This library extends Guardian so that it can validate tokens issued by Google Firebase Auth.

Installation

Before starting, please read the Guardian documentation to familiarize yourself with the basic Guardian concepts.

First, add guardian_firebase to your list of dependencies in mix.exs:

def deps do
  [{:guardian_firebase, "~> 0.1.0"}]
end

Then you must create the required Guardian "Implementation Module". The difference is that you will use GuardianFirebase instead of Guardian.

defmodule MyApp.Guardian do
  use GuardianFirebase, otp_app: :my_app, project_id: "my-firebase-project"

  def subject_for_token(resource, _claims) do
    # This function should only be used in testing since GuardianFirebase does
    # not generate legitimate Firebase tokens. Return the Firebase User ID from
    # this function so that `resource_from_claims/1` will work properly.
    {:ok, resource.firebase_id}
  end

  def resource_from_claims(claims) do
    # Here we'll look up our resource from the claims, the subject can be
    # found in the `"sub"` key. In `above subject_for_token/2` we returned
    # the Firebase id so here we'll rely on that to look it up.
    id = claims["sub"]
    resource = MyApp.get_resource_by_firebase_id(id)
    {:ok, resource}
  end
end

The :otp_app is required by Guardian, and the :project_id is your applications's Firebase ID. This is all you should need to have a working installation.

Most of the configuration allowed by Guardian is not needed, or even possible. with GuardianFirebase.

Testing

GuardianFirebase can generate tokens that are identical in structure to those issued by Firebase, but that are signed by a different key. This allows you to generate keys for testing without having to get keys from Firebase.

To generate tokens, you have to tell GuardianFirebase what keys to use to sign the tokens. Add the following lines to config/test.exs:

config :guardian_firebase,
  load_keys_on_startup: false,
  local_keys: [
    {
      "some-key-id",
      """
      public_key_pem_data
      """,
      """
      private_key_pem_data
      """
    }
  ]

The :load_keys_on_startup value tells GuardianFirebase whether or not it should load the official Firebase keys on startup. For testing, we want to avoid contacting the Firebase servers.

The :local_keys value is a list of 3-element tuples that contain a key ID, public key and private key. The public and private keys need to be valid PEM-encoded data. Generating the keypair is left as an exercise for the reader.

About

Library for authenticating against Google Firebase using Guardian

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

7 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages