Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to Firebase Auth with Rails?

I have fully integrated Firebase Auth in my Android App, now I want the client to interact with my backend (rails) using a unique Token. my question is this how it's done :

  1. User is logged-in, using for example Facebook Auth,
  2. Send the Firebase Token to backend and verify it
  3. Respond to the client with a unique Token for the upcoming Api requests (get users data, save user data ...)

Thank you

like image 601
Mohamed ALOUANE Avatar asked Aug 10 '16 22:08

Mohamed ALOUANE


People also ask

How do I authenticate with Firebase?

To sign a user into your app, you first get authentication credentials from the user. These credentials can be the user's email address and password, or an OAuth token from a federated identity provider. Then, you pass these credentials to the Firebase Authentication SDK.

Is Firebase Auth JWT?

Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs). You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the signInWithCustomToken() method.

Is Firebase Auth completely free?

Prices are per successful verification. On the Blaze plan, Phone Authentication provides a no-cost tier. The first 10K verifications for both instances (USA, Canada, and India and All other countries) are provided at no cost each month. You are only charged on usage past this no-cost allotment.

What is get auth () in Firebase?

Firebase Auth is a service that allows your app to sign up and authenticate a user against multiple providers such as (Google, Facebook, Twitter, GitHub and more).


1 Answers

Taking JinLiu's answer forward , once you get the Token in your android code , send it to your backend say : https://www.yourbackend.com?authenticate?token=asdad7687h... Note that the token generated by Firebase is a JWT token , we need to first verify its authenticity and decode it in the backend. For this , you need to add these two gems to your gemfile gem 'jwt' , '1.5.6' gem 'rest-client' , '2.0.1' With that done , you need to add these two (private) function in your controller:

def get_set_user
    begin
        token = params[:token]
        if token.nil?
          @user = nil
          return
        end
        firebase_id = verify_user(token)[0]["user_id"]
        if User.where(:firebase_id => firebase_id).exists?
          @user = User.where(:firebase_id => firebase_id).first
        else
          @user = User.new(:firebase_id => firebase_id)
          @user.save
          @user
        end
    rescue
        @user = nil
    end
end

def verify_user(token)
  certificate_url = "https://www.googleapis.com/robot/v1/metadata/x509/[email protected]"
  myresponse = RestClient.get(certificate_url).body
  certificates  = JSON.parse myresponse.gsub('=>', ':')
  myjson =""
  certificates.each do|key , value|
    begin
      x509 = OpenSSL::X509::Certificate.new(value)
      iss = 'https://securetoken.google.com/<yourdomain>'
      aud = 'yourdomain' # change this 
      myjson = JWT.decode(token, x509.public_key, true, 
      {               algorithm: "RS256", verify_iat: true ,
                      iss: iss , verify_iss: true ,
                      aud: aud , verify_aud: true
      })

      return myjson

    rescue
    end
  end

  return nil     

end

Now you can call get_set_user as before action to see , if the user has valid token . The idea is simple. Check if the token is signed by one of the keys mentioned at https://www.googleapis.com/robot/v1/metadata/x509/[email protected] . If yes , decode the token and get the firebase id .

like image 184
Ravi Sinha Avatar answered Sep 19 '22 13:09

Ravi Sinha