Facebook API Question posted in
The official documentation for the Facebook APIs can be found here.

Facebook api – How to Firebase Auth with Rails?

I have fully integrated Firebase Auth in my Android App, now I want the client to interact with my backend (rails) using a unique Token. my question is this how it’s done :

  1. User is logged-in, using for example Facebook Auth,
  2. Send the Firebase Token to backend and verify it
  3. Respond to the client with a unique Token for the upcoming Api requests (get users data, save user data …)

Thank you

Tags:

3

Answers


  1. 0

    You do not need step #3. Firebase Auth Android SDK getToken() API returns a short-lived (one hour) Firebase Auth ID Token for the login user, and automatically returns a new token if the previous one expires.

    The Firebase token verification doc describes how to get a Firebase token on client app and verify the token on server side.

    Login or Signup to reply.
  2. 0

    Taking JinLiu’s answer forward , once you get the Token in your android code , send it to your backend say : https://www.yourbackend.com?authenticate?token=asdad7687h
    Note that the token generated by Firebase is a JWT token , we need to first verify its authenticity and decode it in the backend. For this , you need to add these two gems to your gemfile
    gem ‘jwt’ , ‘1.5.6’
    gem ‘rest-client’ , ‘2.0.1’
    With that done , you need to add these two (private) function in your controller:

    def get_set_user
    begin
        token = params[:token]
        if token.nil?
          @user = nil
          return
        end
        firebase_id = verify_user(token)[0]["user_id"]
        if User.where(:firebase_id => firebase_id).exists?
          @user = User.where(:firebase_id => firebase_id).first
        else
          @user = User.new(:firebase_id => firebase_id)
          @user.save
          @user
        end
    rescue
        @user = nil
    end
end

def verify_user(token)
  certificate_url = "https://www.googleapis.com/robot/v1/metadata/x509/[email protected]"
  myresponse = RestClient.get(certificate_url).body
  certificates  = JSON.parse myresponse.gsub('=>', ':')
  myjson =""
  certificates.each do|key , value|
    begin
      x509 = OpenSSL::X509::Certificate.new(value)
      iss = 'https://securetoken.google.com/<yourdomain>'
      aud = 'yourdomain' # change this 
      myjson = JWT.decode(token, x509.public_key, true, 
      {               algorithm: "RS256", verify_iat: true ,
                      iss: iss , verify_iss: true ,
                      aud: aud , verify_aud: true
      })

      return myjson

    rescue
    end
  end

  return nil     

end

    Now you can call get_set_user as before action to see , if the user has valid token .
    The idea is simple. Check if the token is signed by one of the keys mentioned at https://www.googleapis.com/robot/v1/metadata/x509/[email protected] . If yes , decode the token and get the firebase id .

    Login or Signup to reply.
  3. 0

    I have developed the firebase_id_token gem.
    It deals with all the certificates/signature business.

    It can be used simply as: 

    FirebaseIdToken::Signature.verify(token)
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search