{"id":31756715,"url":"https://github.com/mk590901/authentication-with-toit","last_synced_at":"2026-02-17T12:02:43.777Z","repository":{"id":313910870,"uuid":"1053395952","full_name":"mk590901/Authentication-with-Toit","owner":"mk590901","description":"The repository contains an application in the Toit language that demonstrates adding records to the Firebase Realtime Database using authentication.","archived":false,"fork":false,"pushed_at":"2025-11-18T01:31:30.000Z","size":80,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-18T03:27:52.965Z","etag":null,"topics":["authentication","http-client","posting","toit"],"latest_commit_sha":null,"homepage":"","language":"Toit","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mk590901.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-09T11:47:25.000Z","updated_at":"2025-11-18T01:31:34.000Z","dependencies_parsed_at":"2025-09-09T14:50:45.363Z","dependency_job_id":null,"html_url":"https://github.com/mk590901/Authentication-with-Toit","commit_stats":null,"previous_names":["mk590901/firebase-authentication-with-toit"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mk590901/Authentication-with-Toit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mk590901%2FAuthentication-with-Toit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mk590901%2FAuthentication-with-Toit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mk590901%2FAuthentication-with-Toit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mk590901%2FAuthentication-with-Toit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mk590901","download_url":"https://codeload.github.com/mk590901/Authentication-with-Toit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mk590901%2FAuthentication-with-Toit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29543361,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T08:11:05.436Z","status":"ssl_error","status_checked_at":"2026-02-17T08:09:38.860Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","http-client","posting","toit"],"created_at":"2025-10-09T19:22:08.266Z","updated_at":"2026-02-17T12:02:43.757Z","avatar_url":"https://github.com/mk590901.png","language":"Toit","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Firebase Authentication with Toit\n\nBelow an application in the __Toit__ programming language that demonstrates adding records to the __Firebase Realtime Database__ using authentication via generated __ID Token__ (JWT).\n\n## Introduction\n\nThe application uses the approach described earlier in the project https://github.com/mk590901/toit-rest-api-db, namely adding data to the cloud DB using __posting__. However, unlike the previous version, the current one uses the __Firebase authentication__ system. That is, this version of the application provides a more secure way to transfer and save data.\n\n## Brief description\n\nThe application implements the standard Firebase method for relatively secure data transfer and storage:\n\n* Obtaining an __ID Token__ via the __REST API__, using the __endpoint__ \"https://identitytoolkit.googleapis.com/v1/accounts:signUp?key={your-api-key}\" for anonymous authentication.\n* Request body:\n```\n{\n  \"returnSecureToken\": true\n}\n```\n* Response:\n```\n{\n  \"idToken\"      : \"\u003cjwt-token\u003e\",\n  \"refreshToken\" : \"\u003crefresh-token\u003e\",\n  \"expiresIn\"    : \"3600\",\n  \"localId\"      : \"\u003cuser-uid\u003e\"\n}\n```\n* Sending data for writing using __endpoint__ \"https://{your-project-id}-default-rtdb.firebaseio.com/{collection-name}.json?auth={idToken}\"\n* Request body is person information:\n```\n{\n  \"name\"         : \u003cname\u003e,\n  \"surname\"      : \u003csurname\u003e,\n  \"e-mail\"       : \u003cemail\u003e,\n  \"phone\"        : \u003cphone\u003e,\n  \"age\"          : \u003cage\u003e\n}\n```\n* Response if success:\n```\n{\n  name: \u003cadded-record-id\u003e\n}\n```\n\n### Issues\n\n* __ID Token (JWT)__ is the primary token that is used to authenticate requests to __Firebase__ (e.g. in the REST API to add records to the database). It contains user information and has a limited lifetime of 1 hour (3600 seconds). After expiration, it becomes invalid and Firebase will return an error (e.g. \"ID token has expired\").\n\n* __Refresh Token__ is a long-lived token that does not automatically expire after an hour. It is intended specifically for refreshing the __ID Token__. Refresh token may be invalidated only in rare cases: if the user explicitly logged out of the account, if the account was disabled, if suspicious changes were detected (e.g. password or email change), or if the token was revoked by the administrator. In a typical scenario, a refresh token lives for weeks, months, or even longer as long as the user is active.\n\n* The need to change the token will be detected the next time a user is added. You will receive a 401: __UNAUTHORIZED ACCESS__ error. In this case, you need to request a new token and repeat the user addition operation.\n\n* You can refresh the token on request by sending a __POST__ request to the endpoint https://securetoken.googleapis.com/v1/token?key={your-api-key} with the body:\n```\n{\n  \"grant_type\"    : \"refresh_token\",\n  \"refresh_token\" : \"\u003cyour-refresh-token\u003e\"\n}\n```\n\n* Response:\n* \n```\n{\n  \"access_token\"  : \"\u003cnew-id-token\u003e\",\n  \"expires_in\"    : \"3600\",\n  \"token_type\"    : \"Bearer\",\n  \"refresh_token\" : \"\u003cnew-refresh-token\u003e\",\n  \"user_id\"       : \"\u003cuser-uid\u003e\"\n}\n```\n\n## Implementation\n\nThe presented application implements the approaches described above:\n\n\u003e Function __get_tokens__ :\n* Sends a POST request to the Firebase Authentication and return __Map?__ with the __id_token__ and __refresh_token__ fields extracted from the response.\n* Returns null if the request fails or an error occurs.\n\n\u003e Function __refresh_id_token__ :\n* Returns __Map?__ with the id_token and refresh_token fields or null if the request failed.\n\n\u003e Function __create_user__ :\n* Returns the current refresh_token (or a new one if it was updated) so that it can be used in the future.\n* On error 401 (__UNAUTHORIZED ACCESS__), calls __refresh_id_token__ and, if a new __id_token__ and __refresh_token__ are received, it updates the global variables.\n* Repeats the request with the new __id_token__.\n\n## Preparation of Firebase Realtime Database via Firebase Console\n\n\u003e Get API Key\n\n* Select your project.\n* Go to __Project Settings__ (gear icon in the upper left corner ➜ __Project settings__).\n* In the __General tab__, scroll down to the apps section.\n* If you don't have an app registered, add a web (or Android) app.\n* Click __Add app__ ➜ select a web app (icon \u003c/\u003e).\n* Register your app and extract the __API__ Key from the configuration.\n\n\u003e Set up security rules\n\n* To use the __API key__, set up security rules in Firebase Realtime Database (in the Realtime Database ➜ Rules section). Example of rules allowing access with an API key:\n```\n{\n  \"rules\": {\n    \"users\": {\n      \".read\": \"auth != null\",\n      \".write\": \"auth != null\"\n    }\n  }\n}\n```\n\u003e To use __Firebase Authentication__ to generate an ID Token (JWT), you need to enable authentication for __Firebase Realtime Database__ settings:\n* In the __Firebase Console__, go to __Authentication__ ➜ Sign-in method.\n* Enable at least one sign-in method, such as __Anonymous__ (for simplicity) or __Email/Password__. In this case, __Anonymous__ is selected.\n\n## Application management\n\n\u003e Installing packages:\n\n* __http__\n```\n$ jag pkg install github.com/toitlang/pkg-http@v2\n```\n* __certificate-roots__\n```\n$ jag pkg install github.com/toitware/toit-cert-roots@v1\n```\n\n\u003e Loading the application\n\n```\nmicrcx@micrcx-desktop:~/toit/person$ jag run -d midi users.toit\nScanning for device with name: 'midi'\nRunning 'users.toit' on 'midi' ...\nSuccess: Sent 119KB code to 'midi' in 3.35s\nmicrcx@micrcx-desktop:~/toit/person$ \n```\n\n\u003e Monitoring\n```\nmicrcx@micrcx-desktop:~/toit/person$ jag monitor -p /dev/ttyACM1\nStarting serial monitor of port '/dev/ttyACM1' ...\nESP-ROM:esp32s3-20210327\nBuild:Mar 27 2021\nrst:0x15 (USB_UART_CHIP_RESET),boot:0x8 (SPI_FAST_FLASH_BOOT)\nSaved PC:0x40385b12\nSPIWP:0xee\nmode:DIO, clock div:1\nload:0x3fce2810,len:0xdc\nload:0x403c8700,len:0x4\nload:0x403c8704,len:0xa08\nload:0x403cb700,len:0x257c\nentry 0x403c8854\n[toit] INFO: starting \u003cv2.0.0-alpha.184\u003e\n[toit] DEBUG: clearing RTC memory: powered on by hardware source\n[toit] INFO: running on ESP32S3 - revision 0.2\n[toit] INFO: using SPIRAM for heap metadata and heap\n[wifi] DEBUG: connecting\nE (4007) wifi:Association refused too many times, max allowed 1\n[wifi] WARN: connect failed {reason: unknown reason (208)}\n[wifi] DEBUG: closing\n[jaguar] WARN: running Jaguar failed due to 'CONNECT_FAILED: unknown reason (208)' (1/3)\n[wifi] DEBUG: connecting\nE (6777) wifi:Association refused too many times, max allowed 1\n[wifi] WARN: connect failed {reason: unknown reason (208)}\n[wifi] DEBUG: closing\n[jaguar] WARN: running Jaguar failed due to 'CONNECT_FAILED: unknown reason (208)' (2/3)\n[wifi] DEBUG: connecting\n[wifi] DEBUG: connected\n[wifi] INFO: network address dynamically assigned through dhcp {ip: 192.168.1.147}\n[wifi] INFO: dns server address dynamically assigned through dhcp {ip: [192.168.1.1]}\n[jaguar.http] INFO: running Jaguar device 'midi' (id: '1429cbbc-ca45-4c11-88ee-9500a1c318dc') on 'http://192.168.1.147:9000'\n[jaguar] INFO: program 322d4e71-e169-757b-c0e7-fdbceb243d48 started\nObtaining ID Token and Refresh Token ...\nTokens successfully received\n*** id_token-\u003e\neyJhbGciOiJSUzI1NiIsImtpZCI6ImUzZWU3ZTAyOGUzODg1YTM0NWNlMDcwNTVmODQ2ODYyMjU1YTcwNDYiLCJ0eXAiOiJKV1QifQ.eyJwcm92aWRlcl9pZCI6ImFub255bW91cyIsImlzcyI6Imh0dHBzOi8vc2VjdXJldG9rZW4uZ29vZ2xlLmNvbS9hdXRoLTJiN2QzIiwiYXVkIjoiYXV0aC0yYjdkMyIsImF1dGhfdGltZSI6MTc1NzUwNDA3NSwidXNlcl9pZCI6Ik95dnRQTWRHa2RVUWZPU1l0aW9GN1FnOVlMTzIiLCJzdWIiOiJPeXZ0UE1kR2tkVVFmT1NZdGlvRjdRZzlZTE8yIiwiaWF0IjoxNzU3NTA0MDc1LCJleHAiOjE3NTc1MDc2NzUsImZpcmViYXNlIjp7ImlkZW50aXRpZXMiOnt9LCJzaWduX2luX3Byb3ZpZGVyIjoiYW5vbnltb3VzIn19.Py_BNzkcqh0hkfY3ZCXq8KTk9IyjXAXx6vH4aEcmNKActR3CLWA9HE7rcLOV2mYLbh9d5JKZ7s2V7sBjAcD0Da6E6BajpL7cxbEA2EFAELb_-w2wct1kGz0J0NIAVDFDg4-AA-QR6IWM8jkYOisGLX5L-X8DtT8yq_-yVSBWD_7OWvucscEjYL2uFAeEHMBtz-bmEq5HcH7jOwZJBWC2ijLV4FVwO59_edFK5H8z5eEs6I9SvDMloMc_BY3Afg2GlFj47ADoAFHUEt9UAWkETdcqcxlKGCuYgPnelU1QyykKJVTjV5m2UXbXFVP1ro-fBdqr1EKo_WuoaZXGnq3E3w\n*** refresh_token-\u003e\nAMf-vBzNzokHLNP5eq1Xz6I-tlVqpfYaowXOP82CmmysS8rzG3aUN6v47ZBJ8tolQExfO74HFmBHCZ5L71RW2dFkLys9xVqWJDmctYMpz5_ymMt1nWCBG5F_0peQrV9e3Wh3x0UR8vedLtbn03EcfejsVRUuLBDTiowCSML4L_Z6wMuvOzxhI5o\nSending a POST request to https://auth-2b7d3-default-rtdb.firebaseio.com/users.json\nUser was created {name: -OZnOzkVaPFkgWO1vC6A}\nSending a POST request to https://auth-2b7d3-default-rtdb.firebaseio.com/users.json\nUser was created {name: -OZnP-44o5sHZX2xqlE0}\nSending a POST request to https://auth-2b7d3-default-rtdb.firebaseio.com/users.json\nUser was created {name: -OZnP-QCNogGEv8m7NSR}\n[jaguar] INFO: program 322d4e71-e169-757b-c0e7-fdbceb243d48 stopped\n\n```\n\n## Movie\n\n[users2.webm](https://github.com/user-attachments/assets/c20f33bd-f3dc-43e6-a6b4-a432512a929e)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmk590901%2Fauthentication-with-toit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmk590901%2Fauthentication-with-toit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmk590901%2Fauthentication-with-toit/lists"}