{"id":19522184,"url":"https://github.com/captaincodeman/go-firebase","last_synced_at":"2025-04-26T09:32:06.264Z","repository":{"id":57542823,"uuid":"74384597","full_name":"CaptainCodeman/go-firebase","owner":"CaptainCodeman","description":"AppEngine friendly Firebase for Go (Golang)","archived":false,"fork":false,"pushed_at":"2023-02-24T23:08:24.000Z","size":27,"stargazers_count":28,"open_issues_count":2,"forks_count":4,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-04T10:33:31.833Z","etag":null,"topics":["appengine","firebase","firebase-user","golang","jwt"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CaptainCodeman.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-21T16:46:38.000Z","updated_at":"2024-12-18T13:17:48.000Z","dependencies_parsed_at":"2024-06-20T09:25:53.705Z","dependency_job_id":"b5362e0f-bbf9-452a-97bc-ede9c0112aad","html_url":"https://github.com/CaptainCodeman/go-firebase","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaptainCodeman%2Fgo-firebase","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaptainCodeman%2Fgo-firebase/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaptainCodeman%2Fgo-firebase/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaptainCodeman%2Fgo-firebase/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CaptainCodeman","download_url":"https://codeload.github.com/CaptainCodeman/go-firebase/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250967233,"owners_count":21515564,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appengine","firebase","firebase-user","golang","jwt"],"created_at":"2024-11-11T00:37:35.376Z","updated_at":"2025-04-26T09:32:06.036Z","avatar_url":"https://github.com/CaptainCodeman.png","language":"Go","readme":"# go-firebase\n\nAppEngine friendly Firebase for Go (Golang)\n\nCurrently just the auth pieces to verify and mint custom tokens.\n\nUPDATE: There is now an [Official Firebase Admin Go SDK](https://github.com/firebase/firebase-admin-go)\nwhich is recommended instead of this package.\n\n## Why another package?\n\nThere are a few existing firebase packages for Go but none of them seemed to work \nquite right and / or didn't work at all with AppEngine (standard) so this is a\nhacked together version that works for me which I suggest you use with caution, if\nat all.\n\nThis package borrows heavily from prior art, mostly [Firebase Server SDK for Golang\n](https://github.com/wuman/firebase-server-sdk-go)\n\n## Why custom tokens?\n\nThe firebase auth system is convenient and (currently) free to use and if you're\nusing the firebase database it's very simple and easy.\n\nBut if you have any legacy REST API that you want to use things are not quite so\nobvious. Sure, you could just lookup the firebase user on each request but that is\nreally losing what makes bearer tokens so valuable - having a JWT that authorizes\nthe request without having to keep track of server-side sessions, so you can scale\nyour API.\n\nYou might also want some custom claims to be available in the JWT so that you can\n[decode it on the client](https://github.com/auth0/jwt-decode) and adapt the UI to\nmatch the user's roles for example.\n\nOK, so you need custom tokens.\n\nNow you need to jump through a few hoops and will need a server to both verify the \nfirebase issued auth tokens passed to it (for, you know, security) before correctly\nproducing your own signed custom tokens that firebase will accept for authentication.\n\nThis is what this library does.\n\n## What do I do on the client?\n\nYou need to do a few extra steps in order to use custom tokens on the client and\nalso get the correct JWT to pass to the backend (non-firebase) REST API.\n\nThe steps are:\n\n* Sign in user with `signInWithEmailAndPassword` or one of the 3rd party providers\n* Get the user token via `user.getToken(true)` (use false if *just* signed in)\n* Pass the token to the auth server which issues a custom token with extra claims\n* Sign the user in with that token (`auth.signInWithCustomToken`) \n* Get the user token via `user.getToken(false)` (yes, it's another token)\n\nThe last token is the one that you can send to your REST API to authorize requests.\nIf you only need to add extra claims for use with firebase rules, the last step can\nbe skipped.\n\n### Example tokens\n\nHere's an example of the auth tokens showing the different versions at each step\n(tip: the [JWT Debugger](https://jwt.io/) helps when working with tokens):\n\nToken received from firebase after `signInWithEmailAndPassword`:\n\n```\n{\n  \"iss\": \"https://securetoken.google.com/captain-codeman\",\n  \"aud\": \"project-name\",\n  \"auth_time\": 1479745491,\n  \"user_id\": \"RE8hG0RX4YVMHHjferfb8tu4jRr2\",\n  \"sub\": \"RE8hG0RX4YVMHHjferfb8tu4jRr2\",\n  \"iat\": 1479745491,\n  \"exp\": 1479749091,\n  \"email\": \"email@address\",\n  \"email_verified\": false,\n  \"firebase\": {\n    \"identities\": {\n      \"email\": [\n        \"email@address\"\n      ]\n    },\n    \"sign_in_provider\": \"password\"\n  }\n}\n```\n\nToken we get back from our custom token service:\n```\n{\n  \"aud\": \"https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit\",\n  \"claims\": {\n    \"roles\": [\n      \"admin\",\n      \"operator\"\n    ],\n    \"uid\": 1\n  },\n  \"exp\": 1479749434,\n  \"iat\": 1479745834,\n  \"iss\": \"firebase-adminsdk-0rpgf@project-name.iam.gserviceaccount.com\",\n  \"sub\": \"firebase-adminsdk-0rpgf@project-name.iam.gserviceaccount.com\",\n  \"uid\": \"RE8hG0RX4YVMHHjferfb8tu4jRr2\"\n}\n```\n\nToken we get after signing in with the custom token and using `user.getToken()`:\n```\n{\n  \"iss\": \"https://securetoken.google.com/project-name\",\n  \"roles\": [\n    \"admin\",\n    \"operator\"\n  ],\n  \"uid\": 1,\n  \"aud\": \"project-name\",\n  \"auth_time\": 1479745834,\n  \"user_id\": \"RE8hG0RX4YVMHHjferfb8tu4jRr2\",\n  \"sub\": \"RE8hG0RX4YVMHHjferfb8tu4jRr2\",\n  \"iat\": 1479745834,\n  \"exp\": 1479749434,\n  \"email\": \"email@address\",\n  \"email_verified\": false,\n  \"firebase\": {\n    \"identities\": {\n      \"email\": [\n        \"email@address\"\n      ]\n    },\n    \"sign_in_provider\": \"custom\"\n  }\n}\n```\n\nNote this now includes the firebase user id (as `sub` and `user_id`), our apps\ninternal user id (as `uid`) and the `roles` we set - everything we might need to\nauthorize a REST API call on our server (just extract and verify the JWT claims).\n\n## Server example\n\nA very simple example server is included, note that the `app/firebase-credentials.json`\nfile is not included and you should instead include one created from your own project.\n\n## Client example\n\nI'm using [Polymer](https://www.polymer-project.org/) for my front-end and have created\nan [`\u003cauth-ajax\u003e`](https://github.com/CaptainCodeman/auth-ajax) element to make auth-token\nhandling easier.\n\nSee the [demo](http://www.captaincodeman.com/auth-ajax/components/auth-ajax/demo/) which\nuses an instance of this package for the server-side custom token issuing.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaptaincodeman%2Fgo-firebase","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcaptaincodeman%2Fgo-firebase","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaptaincodeman%2Fgo-firebase/lists"}