Class: FirebaseIdToken::Signature
- Inherits:
-
Object
- Object
- FirebaseIdToken::Signature
- Defined in:
- lib/firebase_id_token/signature.rb
Overview
Deals with verifying if a given Firebase ID Token is signed by one of the Google's x509 certificates that Firebase uses.
Also checks if the resulting JWT payload hash matches with:
exp
Expiration timeiat
Issued at time- User's Firebase Project ID
- Non-empty UID
Verifying a Firebase ID Token
Be sure to configure the gem to set your Firebase Project ID and a Redis server before move any forward.
See the README for a complete guide.
WARNING: Trying to verify a token without any certificate saved in Redis certificates database raises a Exceptions::NoCertificatesError.
Constant Summary collapse
- JWT_DEFAULTS =
Pre-default JWT algorithm parameters as recommended here.
{ algorithm: 'RS256', verify_iat: true }
Instance Attribute Summary collapse
-
#firebase_id_token_certificates ⇒ Object
Returns the value of attribute firebase_id_token_certificates.
Class Method Summary collapse
-
.verify(jwt_token) ⇒ nil, Hash
Returns the decoded JWT hash payload of the Firebase ID Token if the signature in the token matches with one of the certificates downloaded by Certificates.request, returns
nil
otherwise.
Instance Method Summary collapse
-
#initialize(jwt_token) ⇒ Signature
constructor
Loads attributes:
:project_ids
from Configuration, and:kid
,:jwt_token
from the relatedjwt_token
. - #verify ⇒ Object
Constructor Details
#initialize(jwt_token) ⇒ Signature
Loads attributes: :project_ids
from Configuration,
and :kid
, :jwt_token
from the related jwt_token
.
55 56 57 58 59 60 61 |
# File 'lib/firebase_id_token/signature.rb', line 55 def initialize(jwt_token) @project_ids = FirebaseIdToken.configuration.project_ids @kid = extract_kid(jwt_token) @jwt_token = jwt_token @firebase_id_token_certificates = FirebaseIdToken.configuration.certificates end |
Instance Attribute Details
#firebase_id_token_certificates ⇒ Object
Returns the value of attribute firebase_id_token_certificates.
50 51 52 |
# File 'lib/firebase_id_token/signature.rb', line 50 def firebase_id_token_certificates @firebase_id_token_certificates end |
Class Method Details
.verify(jwt_token) ⇒ nil, Hash
Returns the decoded JWT hash payload of the Firebase ID Token if the
signature in the token matches with one of the certificates downloaded
by Certificates.request, returns nil
otherwise.
It will also return nil
when it fails in checking if all the required
JWT fields are valid, as recommended here by
Firebase official documentation.
Note that it will raise a Exceptions::NoCertificatesError if the Redis certificates database is empty. Ensure to call Certificates.request before, ideally in a background job if you are using Rails.
46 47 48 |
# File 'lib/firebase_id_token/signature.rb', line 46 def self.verify(jwt_token) new(jwt_token).verify end |
Instance Method Details
#verify ⇒ Object
64 65 66 67 68 69 70 |
# File 'lib/firebase_id_token/signature.rb', line 64 def verify certificate = firebase_id_token_certificates.find(@kid) if certificate payload = decode_jwt_payload(@jwt_token, certificate.public_key) payload end end |