FirebaseAuthVerifier
A simple Elixir library for fetching the signing certificate for FirebaseAuth's ID tokens, following the documentation of Verify ID tokens using a third party JWT library.
Installation
If available in Hex, the package can be
installed by adding firebase_auth_verifier
to your list of
dependencies in mix.exs
:
def deps do
[
{:firebase_auth_verifier, "~> 0.1.0"}
]
end
Configuration
Required configuration(s)
# configure the endpoint to GET certificate from and the timeout of the FirebaseAuthVerifier.verify/3 call
config :firebase_auth_verifier,
cert_url: "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com",
verify_timeout: 2_500
With the default retry count of 3
, this means a request could halt
for up to 7500
ms, given that the endpoint does not return within
this time when the local cache has gone stale. So set your
verify_timeout
to something tolerable for your case.
Optional configuration(s)
# configure an adapter for Tesla
config :tesla,
adapter: Tesla.Adapter.Hackney
NOTE: cert_url
might be inlined in a future release if it is deemed
pointless to have it as a configuration, as it is not very likely to
change. It could however prove useful for testing if one wants to mock
the Firebase/Google endpoint.
Documentation
Documentation can be generated with ExDoc and published on HexDocs. Once published, the docs can be found at https://hexdocs.pm/firebase_auth_verifier.
To investigate
Feature scope for the version 0.2.0:
- Investigate whether setting up a timer for the
max-age
check rather than letting it go stale can prevent timeouts
How to contribute
If you want to contribute, either by reporting an issue or by fixing a known issue, just create a GitHub issue at FirebaseAuthVerifier Issues detailing the problem.
Then you can either solve it and create a pull request, or I will take a look at it as soon as possible. It is of course possible to help out with any other issues found there, if one wants to.
Testing your branch
When contributing to this project and running tests, the following ENV variables are currently required for one of the integration tests:
- FIREBASE_WEB_API_KEY
- TEST_USER_EMAIL
- TEST_USER_PASSWORD
- TEST_PROJECT_ID
See example.test.env
as a way to source these variables when running
local tests through env $(cat .env) mix test
, as an example.
So this requires a Firebase project to be set up with a pre-made email-password user for testing.
Just make sure not to commit such files if you do decide to make a PR.