GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → CaptainCodeman → go-firebase

CaptainCodeman / go-firebase

Licence: Apache-2.0 license
AppEngine friendly Firebase for Go (Golang)

Programming Languages

go
31211 projects - #10 most used programming language

Labels

firebasejwtappenginefirebase-user

Projects that are alternatives of or similar to go-firebase

Drone Gae
Drone plugin for managing deployments and services on Google App Engine (GAE)
Stars: ✭ 96 (+269.23%)
Mutual labels:  appengine
Datastore
(AE|Cloud) Datastore Wrapper
Stars: ✭ 198 (+661.54%)
Mutual labels:  appengine
deploy-appengine
A GitHub Action that deploys source code to Google App Engine.
Stars: ✭ 184 (+607.69%)
Mutual labels:  appengine
Yawp
Kotlin/Java API framework for Google Appengine
Stars: ✭ 136 (+423.08%)
Mutual labels:  appengine
Marvin
A go-kit HTTP server for the App Engine Standard Environment
Stars: ✭ 164 (+530.77%)
Mutual labels:  appengine
Rooms
Ephemeral conference rooms powered by Twilio and Google App Engine
Stars: ✭ 234 (+800%)
Mutual labels:  appengine
Java Docs Samples
Java and Kotlin Code samples used on cloud.google.com
Stars: ✭ 1,259 (+4742.31%)
Mutual labels:  appengine
gae-vue-webapp2-starter
A simple GAE Vue Webapp2 starter project.
Stars: ✭ 17 (-34.62%)
Mutual labels:  appengine
Bots Framework
Golang framework to build multilingual bots for messengers (Telegram, FB Messenger, Skype, Line, Kik, WeChat) hosted on AppEngine, Amazon, Azure, Heroku or standalone
Stars: ✭ 189 (+626.92%)
Mutual labels:  appengine
roller
Dice roller written in Go and Javascript to run on Google Appengine
Stars: ✭ 26 (+0%)
Mutual labels:  appengine
Nds
A Go (golang) Google App Engine datastore package with strongly consistent caching.
Stars: ✭ 154 (+492.31%)
Mutual labels:  appengine
Elixir Runtime
The community-supported runtime for Elixir on Google App Engine.
Stars: ✭ 158 (+507.69%)
Mutual labels:  appengine
Golang Samples
Sample apps and code written for Google Cloud in the Go programming language.
Stars: ✭ 3,088 (+11776.92%)
Mutual labels:  appengine
Ruby Docker
Ruby runtime for Google Cloud Platform
Stars: ✭ 122 (+369.23%)
Mutual labels:  appengine
GAEPyPI
PyPI private package index on Google App Engine
Stars: ✭ 31 (+19.23%)
Mutual labels:  appengine
Runtimes Common
Common tools used by the GCP runtimes.
Stars: ✭ 86 (+230.77%)
Mutual labels:  appengine
Appengine Maven Repository
Free Private Maven repositories hosted on Google App-Engine, backed by Google Cloud Storage and deployed in less than 5 minutes.
Stars: ✭ 201 (+673.08%)
Mutual labels:  appengine
go-poly-tenant
Go + Polymer MultiTenancy on AppEngine
Stars: ✭ 22 (-15.38%)
Mutual labels:  appengine
luceneappengine
This project provides a directory useful to build Lucene and Google App Engine powered applications
Stars: ✭ 16 (-38.46%)
Mutual labels:  appengine
compojure-appengine-sample
Sample Compojure app with deployment to Google App Engine
Stars: ✭ 12 (-53.85%)
Mutual labels:  appengine
View All Similar Projects ➔

go-firebase

AppEngine friendly Firebase for Go (Golang)

Currently just the auth pieces to verify and mint custom tokens.

UPDATE: There is now an Official Firebase Admin Go SDK which is recommended instead of this package.

Why another package?

There are a few existing firebase packages for Go but none of them seemed to work quite right and / or didn't work at all with AppEngine (standard) so this is a hacked together version that works for me which I suggest you use with caution, if at all.

This package borrows heavily from prior art, mostly Firebase Server SDK for Golang

Why custom tokens?

The firebase auth system is convenient and (currently) free to use and if you're using the firebase database it's very simple and easy.

But if you have any legacy REST API that you want to use things are not quite so obvious. Sure, you could just lookup the firebase user on each request but that is really losing what makes bearer tokens so valuable - having a JWT that authorizes the request without having to keep track of server-side sessions, so you can scale your API.

You might also want some custom claims to be available in the JWT so that you can decode it on the client and adapt the UI to match the user's roles for example.

OK, so you need custom tokens.

Now you need to jump through a few hoops and will need a server to both verify the firebase issued auth tokens passed to it (for, you know, security) before correctly producing your own signed custom tokens that firebase will accept for authentication.

This is what this library does.

What do I do on the client?

You need to do a few extra steps in order to use custom tokens on the client and also get the correct JWT to pass to the backend (non-firebase) REST API.

The steps are:

  • Sign in user with signInWithEmailAndPassword or one of the 3rd party providers
  • Get the user token via user.getToken(true) (use false if just signed in)
  • Pass the token to the auth server which issues a custom token with extra claims
  • Sign the user in with that token (auth.signInWithCustomToken)
  • Get the user token via user.getToken(false) (yes, it's another token)

The last token is the one that you can send to your REST API to authorize requests. If you only need to add extra claims for use with firebase rules, the last step can be skipped.

Example tokens

Here's an example of the auth tokens showing the different versions at each step (tip: the JWT Debugger helps when working with tokens):

Token received from firebase after signInWithEmailAndPassword:

{
  "iss": "https://securetoken.google.com/captain-codeman",
  "aud": "project-name",
  "auth_time": 1479745491,
  "user_id": "RE8hG0RX4YVMHHjferfb8tu4jRr2",
  "sub": "RE8hG0RX4YVMHHjferfb8tu4jRr2",
  "iat": 1479745491,
  "exp": 1479749091,
  "email": "email@address",
  "email_verified": false,
  "firebase": {
    "identities": {
      "email": [
        "email@address"
      ]
    },
    "sign_in_provider": "password"
  }
}

Token we get back from our custom token service:

{
  "aud": "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
  "claims": {
    "roles": [
      "admin",
      "operator"
    ],
    "uid": 1
  },
  "exp": 1479749434,
  "iat": 1479745834,
  "iss": "[email protected]",
  "sub": "[email protected]",
  "uid": "RE8hG0RX4YVMHHjferfb8tu4jRr2"
}

Token we get after signing in with the custom token and using user.getToken():

{
  "iss": "https://securetoken.google.com/project-name",
  "roles": [
    "admin",
    "operator"
  ],
  "uid": 1,
  "aud": "project-name",
  "auth_time": 1479745834,
  "user_id": "RE8hG0RX4YVMHHjferfb8tu4jRr2",
  "sub": "RE8hG0RX4YVMHHjferfb8tu4jRr2",
  "iat": 1479745834,
  "exp": 1479749434,
  "email": "email@address",
  "email_verified": false,
  "firebase": {
    "identities": {
      "email": [
        "email@address"
      ]
    },
    "sign_in_provider": "custom"
  }
}

Note this now includes the firebase user id (as sub and user_id), our apps internal user id (as uid) and the roles we set - everything we might need to authorize a REST API call on our server (just extract and verify the JWT claims).

Server example

A very simple example server is included, note that the app/firebase-credentials.json file is not included and you should instead include one created from your own project.

Client example

I'm using Polymer for my front-end and have created an <auth-ajax> element to make auth-token handling easier.

See the demo which uses an instance of this package for the server-side custom token issuing.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].