Comments (7)
Since my use case is low volume and an extra network request isn't a big deal, I ended up using Google's tokeninfo endpoint: https://developers.google.com/identity/sign-in/web/backend-auth#using-a-google-api-client-library
I haven't quite finished all of the error cases, but it basically looks like this:
# Gemfile:
gem 'google-api-client', require: 'google/apis/oauth2_v2'
# In application_controller.rb
class ApplicationController < ActionController::Base
include ActionController::HttpAuthentication::Token::ControllerMethods
protected
def authenticate_user
authenticate_or_request_with_http_token do |token, options|
if valid_token?(token)
return true
else
render_unauthorized
end
end
end
# https://www.codeschool.com/blog/2014/02/03/token-based-authentication-rails/
def render_unauthorized
self.headers['WWW-Authenticate'] = 'Token realm="Application"'
render json: 'Bad credentials', status: 401
end
def valid_token?(token)
oauth2 = Google::Apis::Oauth2V2::Oauth2Service.new
userinfo = oauth2.tokeninfo(access_token: token)
if userinfo
user_id = userinfo.user_id
audience = userinfo.audience
if audience != "_YOUR APP'S CLIENT ID_"
return false
end
user_id.present?
else
false
end
rescue => e
# Should really be more specific and handle each of these differently:
# [Google::Apis::ServerError] An error occurred on the server and the request can be retried
# [Google::Apis::ClientError] The request is invalid and should not be retried without modification
# [Google::Apis::AuthorizationError] Authorization is required
false
end
end
from google-id-token.
Leaving this in case anyone else runs into the reason I kept seeing this.
I was passing a token in via:
Authorization: bearer '<token>'
The quotes were causing this to always respond with:
Token not verified as issued by Google
I just needed to strip the quotes before passing it into the validator. I didn't expect this to be a problem since the JWT gem used to decode handled this scenario.
from google-id-token.
@morgler did you ever figure this out or decide on an alternative? I used this gem successfully in Feb and now am having the same problem.
from google-id-token.
Unfortunately I never resolved this. I moved on and simply generate the JWT on my Rails server instead of using firebase. I also don't use any firebase services on this app currently.
from google-id-token.
For completeness, the Javascript that calls this uses fetch
like this after it gets an access token from client-side auth:
fetch(`/auth/verify.json`, {
headers: {
'X-Requested-With': 'XMLHttpRequest',
'Authorization': 'Token token=' + googleAuthResponse.accessToken
}
})
from google-id-token.
I'm not using Firebase but I am having the same issue. Not sure what I'll do to move around it.
Update: I was simply passing in nil for the token due to a missing header in my ios http client. The library seems to work fine.
from google-id-token.
This project is deprecated, and we're archiving the repository. The functionality is available in the googleauth
gem. See https://github.com/googleapis/google-auth-library-ruby.
from google-id-token.
Related Issues (19)
- Validate issue/expiry times HOT 1
- Unclear how to get payload from the validator.check call HOT 3
- Does not extract subject HOT 1
- version bump HOT 6
- Allow audience to be an array HOT 2
- validator.check is always returning nil HOT 2
- JWT needs algorithm specified on decode
- 1.4.1 wrong file permission HOT 1
- Need ability to specify public certs URL for ID Token verification HOT 1
- Is this production ready? HOT 2
- uninitialized constant JWT::ExpiredSignature HOT 2
- Throws GoogleIDToken::ClientIDMismatchError (Token client-id mismatch) HOT 1
- Multiple client ids HOT 2
- Version bump (redo #15) HOT 6
- please add license to gemspec HOT 1
- Update jwt gem HOT 3
- Not thread safe, caching issues HOT 2
- Don't blindly refresh certs HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from google-id-token.