How to validate the firebase jwt token in my google cloud function?

0
votes

Users are authenticated in the frontend via

   const googleAuthProvider = new firebase.auth.GoogleAuthProvider();
                                firebase.auth().signInWithPopup(googleAuthProvider);

after that I am calling a cloud function with the firebase callable:

 const nodeStateCall = functions.httpsCallable('myFunction');
        nodeStateCall().then(...);

This workks without any problems and I recieve the jwt token in my go function.

I tried many different variations to authenticate this token. The function which I am using now is idtoken.Validate() from the google.golang.org/api/idtoken pacakge.

My function:

func verifyIdToken(idToken string)(tokenInfo *idtoken.Payload, err error) {
    log.Print("running verify Token")
    splitToken :=  strings.Split(idToken, "Bearer ")[1]
    log.Print("split Token:"+splitToken)
    tokenInfo, err = idtoken.Validate(context.Background(),splitToken,"MYAUDIENCE")
    if err != nil {
        log.Print("error from tokenInfoCall.Do()")
        log.Print(err)
        return nil, err
    }
    log.Print("Finished verify token.")
    return tokenInfo, nil
}

but I keep getting "invalid value" when I send the token.

I also tried the oauth2 service:

oauth2Service, err := oauth2.NewService(context.Background())
tokenInfoCall := oauth2Service.Tokeninfo()
tokenInfoCall.IdToken(splitToken)
tokenInfo, err := tokenInfoCall.Do()

which didn't work either.

What do I have to do to validate the firebase jwt token in my go function?

1
firebasegofirebase-authenticationgoogle-cloud-functions
I tried to follow stackoverflow.com/questions/16176744/… and firebase.google.com/docs/auth/admin#verify_id_tokens but I don't seem to have the right tokenCyrillC
Typically people use the Firebase Admin SDK to validate an Auth ID token. firebase.google.com/docs/admin/setupDoug Stevenson
@DougStevenson I know, but I can't seem to get it working. The sample for go doesn't show how to extract the idtoken, and When I just strip the token from the bearer It can not be checked...CyrillC
@CyrillC, I suppose you are attempting an implementation of this in goLang as there is no Sample in Go, really. Can you elaborate on your attempt to strip the token from the Client and it not being checked? You can provide your code to depict what is being doneoakinlaja

1 Answers

0
votes

Because you are using firebase service, you need to use this to verify your token:

https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_the_firebase_admin_sdk

Note that you should setup your function in the same project so the library will query correctly.