Google Identity Platform authentication inside Cloud Functions

Question

Although similar to Google cloud functions http authentication, my question is more specific towards Google Identity Platform (https://cloud.google.com/identity-platform).

I am new to GCP. I have created a username/password provider in Identity Platform. I created a sample flask app client and used FireBaseUI to perform basic user login. I am able to get the accessToken in the client.

Then I created a Cloud Function (select unauthenticated as per the above thread). Then passed the accessToken in "Authorization: Bearer" header. I am able to access the token inside the Cloud Function.

But the next part I am unable to figure out is how do I validate that token against Identity Platform and get the user details?

Answer 1

To verify a token, you will want to retrieve the value of the passed in "Authorization" HTTP header. This will be a string that starts with "Bearer ". The remainder is a JWT token that can be passed to verifyIdToken() and you will be returned a decoded token that has been verified. From that data you will be able to use the properties within (eg. "email").

See:

Verify ID tokens using the Firebase Admin SDK

---

from flask import abort
import firebase_admin
from firebase_admin import auth

default_app = firebase_admin.initialize_app()

def test_firebase_auth(request):
    authorization = request.headers.get('Authorization')
    id_token = None
    if authorization and authorization.startswith('Bearer '):
        id_token = authorization.split('Bearer ')[1]
    else:
        abort(401)

    try:
        decoded_token = auth.verify_id_token(id_token)
        return str(decoded_token)
        uid = decoded_token['uid']
        # log.info(decoded_token)
        return uid
    except Exception as e: # ValueError or auth.AuthError
        return str(e)
        abort(401)