-
Notifications
You must be signed in to change notification settings - Fork 2
/
service.go
99 lines (93 loc) · 2.57 KB
/
service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package firebase
import (
"context"
firebase "firebase.google.com/go/v4"
"github.com/golang-jwt/jwt/v4"
sauth "github.com/viant/scy/auth"
sjwt "github.com/viant/scy/auth/jwt"
"golang.org/x/oauth2"
"google.golang.org/api/identitytoolkit/v3"
"google.golang.org/api/option"
"log"
"time"
)
type Service struct {
options []option.ClientOption
identity *identitytoolkit.Service
app *firebase.App
config *firebase.Config
}
func (s *Service) InitiateBasicAuth(ctx context.Context, username, password string) (*sauth.Token, error) {
req := &identitytoolkit.IdentitytoolkitRelyingpartyVerifyPasswordRequest{
Email: username,
Password: password,
ReturnSecureToken: true,
}
resp, err := s.identity.Relyingparty.VerifyPassword(req).Context(ctx).Do()
if err != nil {
return nil, err
}
expiredAt := time.Now().Add(time.Duration(resp.ExpiresIn) * time.Second)
result := &sauth.Token{
IDToken: resp.IdToken,
Token: oauth2.Token{
AccessToken: resp.OauthAccessToken,
TokenType: "Bearer",
RefreshToken: resp.RefreshToken,
Expiry: expiredAt,
},
}
return result, nil
}
func (s *Service) VerifyIdentity(ctx context.Context, rawToken string) (*sjwt.Claims, error) {
authClient, err := s.app.Auth(context.Background())
if err != nil {
log.Fatalf("error getting Auth client: %v", err)
}
token, err := authClient.VerifyIDToken(ctx, rawToken)
if err != nil {
return nil, err
}
expiresAt := jwt.NewNumericDate(time.Unix(token.Expires, 0))
issuedAt := jwt.NewNumericDate(time.Unix(token.IssuedAt, 0))
registredClaims := jwt.RegisteredClaims{
Issuer: token.Issuer,
Subject: token.Subject,
Audience: jwt.ClaimStrings{token.Audience},
ExpiresAt: expiresAt,
NotBefore: nil,
IssuedAt: issuedAt,
ID: token.UID,
}
result := &sjwt.Claims{
RegisteredClaims: registredClaims,
Data: token.Claims,
}
if len(token.Claims) > 0 {
if value, ok := token.Claims["email"]; ok {
result.Email = value.(string)
}
if value, ok := token.Claims["email_verified"]; ok {
result.VerifiedEmail = value.(bool)
}
if value, ok := token.Claims["email_verified"]; ok {
result.VerifiedEmail = value.(bool)
}
}
return result, nil
}
func New(ctx context.Context, config *firebase.Config, options ...option.ClientOption) (*Service, error) {
app, err := firebase.NewApp(ctx, config, options...)
if err != nil {
return nil, err
}
identity, err := identitytoolkit.NewService(ctx, options...)
if err != nil {
return nil, err
}
return &Service{
options: options,
app: app,
identity: identity,
}, nil
}