https://kotlinlang.org logo
Join Slack
Powered by
Hi guys ..has anyone found a way to build an authe...
# ktor
a
Hi guys ..has anyone found a way to build an authentication feature that wraps around firebase on ktor
j
You mean Google Auth with 
GoogleIdTokenVerifier
? I’ve implemented in my app Sign In with Google, if that is what you are asking about.
a
I did something like this
Copy code
class AuthenticationControllerImpl : AuthenticationController {
    override suspend fun authenticate(token: String?): TaskResult<Boolean> {
        if (isInTestMode) {
            return TaskResult.Success(true)
        }
        return try {
            var authorizationHeader = token?.replace("Bearer", "")?.replace(" ", "")
            var jwt = JWT.decode(authorizationHeader)
            FirebaseAuth.getInstance().verifyIdToken(jwt.token)
            TaskResult.Success(true)
        } catch (exception: Exception) {
            return TaskResult.Error(
                AuthenticationException("Not Authorized")
            )
        }
    }
}

interface AuthenticationController {
    suspend fun authenticate(token: String?): TaskResult<Boolean>
}
but that means for every request i want to have verified
i need 2 call into this.
it works ok
but i’m concerned the architecture goes against what devs of ktor have suggested which is auth pipeline
j
Ok, so do you want an authenticator that will always ask FirebaseAuth to verify the received token or you have your own JWT auth but you want to use Firebase tokens at certain point (push notif, …)?
Normally the flow is: 1. User request sign in with Google in device. 2. Device will prompt to login. 3. If login is successful, you get a Firebase token in the app. 4. You forward that token to your server and you store it (encrypted). 5. Your API users will identify themselves in your API using your own JWT token, so once you need to do something with Firebase you recover & decrypt token attached to that specific user. 6. The app you are using should listen for Firebase token updates. If that happens, you need to report the new one to your server. Is this something that matches your needs?
a
only thing is since firebase is the producer of this token, how do u know when it’s expired, revoke etc? And depending on the architecture you have on an android app for instance, u might get new token from firebase and wondered if it’s a headache.. seemed simpler to generate token on device with firebase and firebase validate token on server
l
Hi @Arkangel, this is the implementation I have used for Firebase Bearer token: https://yukigeshiki.medium.com/how-to-integrate-firebase-authentication-with-ktors-auth-feature-dc2c3893a0cc. There are places it can be improved, but it is a good basic starting point 🙂
❤️ 1
a
Thanks.. checking it out
✔️ 1
j
Definitely what you were looking for. Nice post @Laurence!
🙏 2
@Arkangel, the one responsible of renewing token should be device. If you renew from server, I guess it will trigger 
onNewToken()
method in your device, so you will need to sync it with your device local storage anyway. But the entrypoint will be at device level, it is the one that will trigger the calls. With what Laurence posted here, you can just delegate to device everything related with token, and all the authenticated calls in your API should contain a firebase token that will be validated by Firebase authenticator.
✔️ 2
10 Views
Open in Slack
PreviousNext
Powered by