CODEWITHSUNDEEP
firebasegoogle-cloud-platformfirebase-authenticationjwtswagger
dennis
dennis

Reputation: 610

Swagger definition for firebase authentication

Could anyone provide a working sample of a Swagger security definition for firebase authentication?

On the backend, firebase ID token is verified using the firebase admin SDK:

import * as admin from 'firebase-admin';

await admin.auth().verifyIdToken(idToken);

What should be the values in the Swagger security definition to get the proper ID token for firebase?

"securityDefinitions": {
        "firebase": {
            "authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth",
            "flow": "implicit",
            "type": "oauth2",
            "x-google-issuer": "https://securetoken.google.com/MY-PROJECT-ID",
            "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/[email protected]",
            "x-google-audiences": "MY-CLIENT-ID",
            "scopes": {
                "https://www.googleapis.com/auth/firebase": "Firebase scope"
            }
        }
    }

I do get a token back, however, firebase admin SDK says it's not valid:

Decoding Firebase ID token failed. Make sure you passed the entire string JWT which represents an ID token

Not sure if this is because of the wrong scopes or token types...

Upvotes: 26

Views: 4595

Answers (2)

f.kowal
f.kowal

Reputation: 159

i am putting this here just for reference

https://github.com/swagger-api/swagger-ui/pull/7699

I've started a PR that will enable login/popup that swagger uses

to be plugged in with a custom extension that does firebase specific logic

Upvotes: 2

Martin Zeitler
Martin Zeitler

Reputation: 76779

Using Firebase to authenticate users / Configuring your OpenAPI document explains it.
The given example definitely does not have any authorizationUrl or scopes section:

securityDefinitions:
  firebase:
    authorizationUrl: ""
    flow: "implicit"
    type: "oauth2"
    # Replace YOUR-PROJECT-ID with your project ID
    x-google-issuer: "https://securetoken.google.com/YOUR-PROJECT-ID"
    x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/metadata/x509/[email protected]"
    x-google-audiences: "YOUR-PROJECT-ID"

And this firebase security definition also needs to be added into the security section, at either the API or method level:

security:
  - firebase: []

It might help to read troubleshooting JWT validation.

Upvotes: 2

Related Questions