如何验证JWT?

I'm unsure of the examples in Google's documentation. How do I verify a JWT produced by Firebase, in a Google App engine flexible service?

main.go:

// ...

func main () {
    InitializeAppWithServiceAccount()
    go lib.GetStockData()
    http.HandleFunc("/_ah/someendPoint", SomeHandler)
}

func InitializeAppWithServiceAccount() *firebase.App {
    // [START initialize_app_service_account]
    opt := option.WithCredentialsFile("keystore/someapp-firebase-adminsdk-1ts1k-1fbbbad63f.json")
    app, err := firebase.NewApp(context.Background(), nil, opt)
    if err != nil {
        log.Fatalf("error initializing app: %v
", err)
    }
    return app
}


func someHandler(w http.ResponseWriter, r *http.Request) {
    // Set content type:
    w.Header().Set("Content-Type", "application/json")

    if r.Header != nil {
        ReqToken := r.Header.Get("Authorization")
        splitToken := strings.Split(ReqToken, "Bearer")
        ReqToken = splitToken[1]
        fmt.Println(ReqToken) // Correctly prints the JWT
        // Verify JWT
        // If it's invalid, return?
        // verifyIDToken(??, reqToken)

        enc := json.NewEncoder(w)
        err := enc.Encode(somedata)
        fmt.Println("request made")
        if err != nil {
            http.Error(w, err.Error(), http.StatusInternalServerError)
            return
        }
    }
    http.Error(w, "Unauthorized", http.StatusUnauthorized)
}

According to their documentation, you can use the following function to verify an ID token? But what do I pass in as app? The documentation doesn't really say.

func verifyIDToken(app *firebase.App, idToken string) *auth.Token {
    // [START verify_id_token]
    client, err := app.Auth(context.Background())
    if err != nil {
        log.Fatalf("error getting Auth client: %v
", err)
    }

    token, err := client.VerifyIDToken(idToken)
    if err != nil {
        log.Fatalf("error verifying ID token: %v
", err)
    }

    log.Printf("Verified ID token: %v
", token)
    // [END verify_id_token]

    return token
}

Obviously, idToken is my token from the handler. But what is app *firebase.App and how would I pass it in to the function from the handler itself?

1个回答

You're already initializing a firebase.App in your InitializeAppWithServiceAccount() function. You just need to pass the return value into your handler.

conf := firebase.Config{
    ProjectID: "my-project-id",
}
app, err := firebase.NewApp(context.Background(), &conf)
if err != nil {
    log.Fatalln(err)
}
handler := func(w http.ResponseWriter, r *http.Request) {
    client, err := app.Auth(context.Background())
    if err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)
    }

    token := getTokenFromReq(r)
    t, err := client.VerifyIDToken(token)
    if err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)
    }
    w.Write([]byte("token verified"))
}

In this example I'm not using a service account (which is probably what you want as well). And since this is on GAE, make sure to pass the GAE context instead of the background context.

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐