I'm unsure of the examples in Google's documentation. How do I verify a JWT produced by Firebase, in a Google App engine flexible service?
main.go:
// ...
func main () {
InitializeAppWithServiceAccount()
go lib.GetStockData()
http.HandleFunc("/_ah/someendPoint", SomeHandler)
}
func InitializeAppWithServiceAccount() *firebase.App {
// [START initialize_app_service_account]
opt := option.WithCredentialsFile("keystore/someapp-firebase-adminsdk-1ts1k-1fbbbad63f.json")
app, err := firebase.NewApp(context.Background(), nil, opt)
if err != nil {
log.Fatalf("error initializing app: %v
", err)
}
return app
}
func someHandler(w http.ResponseWriter, r *http.Request) {
// Set content type:
w.Header().Set("Content-Type", "application/json")
if r.Header != nil {
ReqToken := r.Header.Get("Authorization")
splitToken := strings.Split(ReqToken, "Bearer")
ReqToken = splitToken[1]
fmt.Println(ReqToken) // Correctly prints the JWT
// Verify JWT
// If it's invalid, return?
// verifyIDToken(??, reqToken)
enc := json.NewEncoder(w)
err := enc.Encode(somedata)
fmt.Println("request made")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
http.Error(w, "Unauthorized", http.StatusUnauthorized)
}
According to their documentation, you can use the following function to verify an ID token? But what do I pass in as app? The documentation doesn't really say.
func verifyIDToken(app *firebase.App, idToken string) *auth.Token {
// [START verify_id_token]
client, err := app.Auth(context.Background())
if err != nil {
log.Fatalf("error getting Auth client: %v
", err)
}
token, err := client.VerifyIDToken(idToken)
if err != nil {
log.Fatalf("error verifying ID token: %v
", err)
}
log.Printf("Verified ID token: %v
", token)
// [END verify_id_token]
return token
}
Obviously, idToken is my token from the handler. But what is app *firebase.App and how would I pass it in to the function from the handler itself?
You're already initializing a firebase.App in your InitializeAppWithServiceAccount() function. You just need to pass the return value into your handler.
conf := firebase.Config{
ProjectID: "my-project-id",
}
app, err := firebase.NewApp(context.Background(), &conf)
if err != nil {
log.Fatalln(err)
}
handler := func(w http.ResponseWriter, r *http.Request) {
client, err := app.Auth(context.Background())
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
token := getTokenFromReq(r)
t, err := client.VerifyIDToken(token)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
w.Write([]byte("token verified"))
}
In this example I'm not using a service account (which is probably what you want as well). And since this is on GAE, make sure to pass the GAE context instead of the background context.