I have a user authenticated with Firebase and what I want to do is to authenticate this user on the backend(Google cloud platform / Go) as well. I followed along with the document on Firebase
I get the idToken on the front end and send the token on the header to the server running on my localhost with the following code.
idToken = firebase.auth().currentUser.getIdToken()
axios({
method: 'POST',
url: 'https://localhost:8080/users',
headers: {
'Authentication-Token': idToken
},
data: {
name: 'My name',
user_name: 'my_user_name',
email: 'example@example.com'
}
})
On the backend I want to verify the idToken. I first create the auth client with the following code.
opt := option.WithCredentialsFile("firebase_credential.json")
app, err := firebase.NewApp(context.Background(), nil, opt)
client, err := app.Auth(context.Background())
With the client and the idToken from the frontend I tried the code below.
t, err := client.VerifyIDToken(context.Background(), idToken)
How ever this throws an error of
{"message":"Get https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com: oauth2: cannot fetch token: Post https://accounts.google.com/o/oauth2/token: not an App Engine context"}
I also tried to curl the same request to the sever but the same error came out.
curl -X POST -H "Authentication-Token:hogehogemytoken" -d '{"name":"My name","user_name":"my user name","email":"example@example.com"}' http://localhost:8080/users
I am quite sure that I'm sending the right token. Any ideas?
It seems that in appengine Standard enviroment I had to use
ctx := appengine.NewContext(r)
rather than the
ctx := context.Background()
In an appengine request context, more complex things have to be handled since they are the API request context. On the other hand the general context.Background() is for general uses and therefore is not associated with incoming Http requests.
So my solution here was to pass the appengine.NewContext(r) in the init.go like below.
r.POST("/users", func(c *gin.Context) { up.CreateUser(c, appengine.NewContext(c.Request)) })
pass around this appengine context to the verify token.
func (c authClient) VerifyToken(ctx context.Context, token string) (IDToken, error) {
opt := option.WithCredentialsFile("firebasecredential.json")
app, err := firebase.NewApp(ctx, nil, opt)
if err != nil {
return nil, err
}
client, err := app.Auth(ctx)
if err != nil {
return nil, err
}
t, err := client.VerifyIDToken(ctx, token)
if err != nil {
return nil, err
}
return idToken{t}, nil
}
VerifyIDToken doesn't support context, check documentation as of now:
func (c *Client) VerifyIDToken(idToken string) (*Token, error)
The link in your comment points to the Future Request (FR), which means it's yet to be implemented, so it is not a bug.
You can use VerifyIDTokenAndCheckRevoked does:
func (c *Client) VerifyIDTokenAndCheckRevoked(ctx context.Context, idToken string) (*Token, error)