Firebase Admin SDK GO VerifyIDToken returns not an App Engine context error

2
votes

I have a user authenticated with Firebase and what I want to do is to authenticate this user on the backend(Google cloud platform / Go) as well. I followed along with the document on Firebase

I get the idToken on the front end and send the token on the header to the server running on my localhost with the following code.

idToken = firebase.auth().currentUser.getIdToken()
axios({
    method: 'POST',
    url: 'https://localhost:8080/users',
    headers: {
      'Authentication-Token': idToken
    },
    data: {
        name: 'My name',
        user_name: 'my_user_name',
        email: '[email protected]'
    }
})

On the backend I want to verify the idToken. I first create the auth client with the following code.

opt := option.WithCredentialsFile("firebase_credential.json")
app, err := firebase.NewApp(context.Background(), nil, opt)
client, err := app.Auth(context.Background())

With the client and the idToken from the frontend I tried the code below.

t, err := client.VerifyIDToken(context.Background(), idToken)

How ever this throws an error of 

{"message":"Get https://www.googleapis.com/robot/v1/metadata/x509/[email protected]: oauth2: cannot fetch token: Post https://accounts.google.com/o/oauth2/token: not an App Engine context"}

I also tried to curl the same request to the sever but the same error came out.

curl -X POST -H "Authentication-Token:hogehogemytoken" -d '{"name":"My name","user_name":"my user name","email":"[email protected]"}' http://localhost:8080/users

I am quite sure that I'm sending the right token. Any ideas?

2
javascriptfirebasegoogle-app-enginegofirebase-authentication
Maybe a bug of the library here? github.com/firebase/firebase-admin-go/issues/52 - tsukukobaan

2 Answers

1
votes

It seems that in appengine Standard enviroment I had to use 

ctx := appengine.NewContext(r)

rather than the

ctx := context.Background()

In an appengine request context, more complex things have to be handled since they are the API request context. On the other hand the general context.Background() is for general uses and therefore is not associated with incoming Http requests.

So my solution here was to pass the appengine.NewContext(r) in the init.go like below.

r.POST("/users", func(c *gin.Context) { up.CreateUser(c, appengine.NewContext(c.Request)) })

pass around this appengine context to the verify token.

func (c authClient) VerifyToken(ctx context.Context, token string) (IDToken, error) {
    opt := option.WithCredentialsFile("firebasecredential.json")
    app, err := firebase.NewApp(ctx, nil, opt)
    if err != nil {
        return nil, err
    }
    client, err := app.Auth(ctx)
    if err != nil {
        return nil, err
    }

    t, err := client.VerifyIDToken(ctx, token)
    if err != nil {
        return nil, err
    }
    return idToken{t}, nil
}
0
votes

VerifyIDToken doesn't support context, check documentation as of now:

func (c *Client) VerifyIDToken(idToken string) (*Token, error)

The link in your comment points to the Future Request (FR), which means it's yet to be implemented, so it is not a bug.

You can use VerifyIDTokenAndCheckRevoked does:

func (c *Client) VerifyIDTokenAndCheckRevoked(ctx context.Context, idToken string) (*Token, error)