AshAuthentication.Firebase.TokenVerifier (ash_authentication_firebase v1.1.0)

Copy Markdown View Source

Verifies Firebase ID tokens using Google's public keys. Implements all security checks as per Firebase Auth documentation.

Clock skew

Time-based claims (exp, iat, auth_time) are evaluated with a small leeway to tolerate clock drift between Firebase / the client and the server. The default leeway is 60 seconds; override with:

config :ash_authentication_firebase, clock_skew_leeway_seconds: 30

Valid values are integers in 0..300. Anything outside that range — or a non-integer — is logged as a warning and the default is used.

Summary

Types

claims()

Functions

verify(token, project_id)

Verifies a Firebase ID token against the provided project ID.

Types

claims()

@type claims() :: %{optional(String.t()) => term()}

Functions

verify(token, project_id)

@spec verify(term(), term()) ::
  {:ok, sub :: String.t(), claims()}
  | {:error, AshAuthentication.Firebase.Errors.InvalidToken.t()}

Verifies a Firebase ID token against the provided project ID.

On success returns {:ok, sub, claims} where sub is the Firebase user id. On failure returns {:error, AshAuthentication.Firebase.Errors.InvalidToken.t()} whose :reason field describes the specific failure (see AshAuthentication.Firebase.Errors.InvalidToken.reason/0).