发表新帖
发表新帖

Setting up firebase v3 custom auth with php

后端 未结
关注
5 659
囚心锁ツ
囚心锁ツ 2020-12-31 21:40

I\'m trying to set up custom auth with the new firebase sdk from google following those guidelines : https://firebase.google.com/docs/auth/server#use_a_jwt_library
In t

相关标签:
5条回答
  • 臣服心动
    2020-12-31 22:04

    Did you find the solution ? Still experiencing the same issue ! Works with HS256 and doesn't with RS256. Is it google cloud kind of limitation ?

    Thank you so much ! @dbburgess

    Problem: Was using the wrong key and email. These should be generated in the Google Cloud credentials section that corresponds to the Firebase project.

    Solution:

    • Go to 'console.cloud.google.com'.
    • Select the related Firebase project.
    • Then 'API Manager' -> 'Credentials'.
    • 'Create Credentials' -> 'Service Account Key' -> Choose JSON.
    • The created file will contain the needed 'private_key' & 'client_email'.

    Fill the values:

    $service_account_email = "autogeneratedemail@developer.gserviceaccount.com"; $private_key = "-----BEGIN PRIVATE KEY-----\nSoneVeryVeryLongKey=\n-----END PRIVATE KEY-----\n"; $uid = 'UserToUseInFirebaseRules'; $is_premium_account = $uid;

    You shouldn't need to change anything in the "create_custom_token" function, maybe the expiration date/time according to your needs.

    Then call the function:

    create_custom_token($uid, $is_premium_account);
    0 讨论(0)
  • 梦如初夏
    2020-12-31 22:14

    Found my self what was wrong ! The sample php code from the documentation is buggy. Instead of 

    return JWT::encode($payload, $private_key, "RS256");

    use

    return JWT::encode($payload, $private_key, "HS256");

    Edit :
    Actually, it was just the sample php code from google firebase doc that was completely buggy. it was passing an empty key to php-jwt. Looks like they updated it today and it's working fine :)

    0 讨论(0)
  • 不要未来只要你来
    2020-12-31 22:14

    I was having the same problem. After reading @Jean-Philippe answer I was able to generate the token using HS256 instead of RS256. But this was resulting in an invalid token every time even after changing credentials.

    Using jwt.io to debbug it, everything was correct but still getting invalid token from firebase.auth().signInWithCustomToken(token).catch(function (error) {}.

    After searching in github I found this issue. So I used double quotes instead of single quotes in $private and it worked with RS256.

    require_once('../vendor/autoload.php');
use \Firebase\JWT\JWT;

$service_account_email = env('ACCOUNT_EMAIL');
$private_key = env('ACCOUNT_SECRET');

class generateToken
{
    public static function generateNewToken($mysqli, $userID, $email)
    {
        global $service_account_email, $private_key;

        $name = '';
        $lastname = '';
        $hostOption = '';
        $now_seconds = time();

        $selectUserData = "SELECT username, lastname, hostOption FROM signup WHERE id = ? ";
        $stmt = $mysqli->prepare($selectUserData);
        $stmt->bind_param('i', $userID);
        $stmt->execute();
        $stmt->store_result();
        $stmt->bind_result($name, $lastname, $hostOption);
        $stmt->fetch();

        $payload = array(
            "iss" => $service_account_email,
            "sub" => $service_account_email,
            "aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
            "iat" => $now_seconds,
            "exp" => $now_seconds + (60 * 60),  // Maximum expiration time is one hour
            "uid" => strval($userID),
            "claims" => array(
                "username" => $name,
                "lastname" => $lastname,
                "email" => $email,
                "hostOption" => $hostOption,
            )
        );

        return JWT::encode($payload, $private_key, 'RS256');
    }
}

    env.php:

    $vars = [
    'ACCOUNT_EMAIL' => "admin@myproject.iam.gserviceaccount.com",
    'ACCOUNT_SECRET' => "-----BEGIN PRIVATE KEY-----\nVERYLONGKEY=\n-----END PRIVATE KEY-----\n"
];

foreach($vars as $key => $value){
    putenv("$key=$value");
}

    lindelius commented on 7 Aug 2018 • 
The reason is because the key contains new-line characters (\n) which are incorrectly handled when used within single-quotes, i.e. they are treated as the characters "\n" rather than actual new lines.
    0 讨论(0)
  • 失恋的感觉
    2020-12-31 22:14

    instead of 

    $key = 'giant_key_goes_here';
token = JWT::encode($payload, $key, 'RS256');

    use 

    define("FIREBASE_PRIVATE_KEY","giant_key_goes_here");
token = JWT::encode($payload, FIREBASE_PRIVATE_KEY, 'RS256');
    0 讨论(0)
  • 眼角桃花
    2020-12-31 22:17

    This is what I'm doing, and it works fine. What you provide in the claims array is what shows up on auth in the security rules. The email and key come from the json file you get when you create a service account (see: Before you begin section).

    $userId = '1234';
$email = 'sample@email.com';
$key = 'giant_key_goes_here';

$payload = [
    'iss' => $email,
    'sub' => $email,
    'aud' => 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit',
    'iat' => time(),
    'exp' => time() + 60 * 60,
    'uid' => $userId,
    'claims' => [
        'uid' => $userId,
    ],
];

$token = JWT::encode($payload, $key, 'RS256');

    It's worth noting, the format on the keys is a little tricky...Your key will look something like this (just an example key):

    -----BEGIN PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END PRIVATE KEY-----

    You may need to do a little fancy formatting, this is essentially what I did:

    $key = "-----BEGIN PRIVATE KEY-----\nMIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp\nwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5\n1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh\n3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2\npIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX\nGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il\nAkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF\nL0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k\nX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl\nU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ\n37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=\n-----END PRIVATE KEY-----\n";

    Note the line breaks are turned into \n, and it is all smushed onto one line. There are various ways of accomplishing it, but...Based on the error you got, something like this may be the problem.

    0 讨论(0)
 看不清?
提交回复
热议问题