appcheck

package

v4.15.0 Latest Latest Go to latest Published: Oct 24, 2024 License: Apache-2.0 Imports: 7 Imported by: 4

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/firebase/firebase-admin-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package appcheck provides functionality for verifying App Check tokens.

Index ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrIncorrectAlgorithm is returned when the token is signed with a non-RSA256 algorithm.
	ErrIncorrectAlgorithm = errors.New("token has incorrect algorithm")
	// ErrTokenType is returned when the token is not a JWT.
	ErrTokenType = errors.New("token has incorrect type")
	// ErrTokenClaims is returned when the token claims cannot be decoded.
	ErrTokenClaims = errors.New("token has incorrect claims")
	// ErrTokenAudience is returned when the token audience does not match the current project.
	ErrTokenAudience = errors.New("token has incorrect audience")
	// ErrTokenIssuer is returned when the token issuer does not match Firebase's App Check service.
	ErrTokenIssuer = errors.New("token has incorrect issuer")
	// ErrTokenSubject is returned when the token subject is empty or missing.
	ErrTokenSubject = errors.New("token has empty or missing subject")
)

View Source

var JWKSUrl = "https://firebaseappcheck.googleapis.com/v1beta/jwks"

JWKSUrl is the URL of the JWKS used to verify App Check tokens.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is the interface for the Firebase App Check service.

func NewClient ¶

func NewClient(ctx context.Context, conf *internal.AppCheckConfig) (*Client, error)

NewClient creates a new instance of the Firebase App Check Client.

This function can only be invoked from within the SDK. Client applications should access the the App Check service through firebase.App.

func (*Client) VerifyToken ¶

func (c *Client) VerifyToken(token string) (*DecodedAppCheckToken, error)

VerifyToken verifies the given App Check token.

VerifyToken considers an App Check token string to be valid if all the following conditions are met:

The token string is a valid RS256 JWT.
The JWT contains valid issuer (iss) and audience (aud) claims that match the issuerPrefix and projectID of the tokenVerifier.
The JWT contains a valid subject (sub) claim.
The JWT is not expired, and it has been issued some time in the past.
The JWT is signed by a Firebase App Check backend server as determined by the keySource.

If any of the above conditions are not met, an error is returned. Otherwise a pointer to a decoded App Check token is returned.

type DecodedAppCheckToken ¶

type DecodedAppCheckToken struct {
	Issuer    string
	Subject   string
	Audience  []string
	ExpiresAt time.Time
	IssuedAt  time.Time
	AppID     string
	Claims    map[string]interface{}
}

DecodedAppCheckToken represents a verified App Check token.

DecodedAppCheckToken provides typed accessors to the common JWT fields such as Audience (aud) and ExpiresAt (exp). Additionally it provides an AppID field, which indicates the application ID to which this token belongs. Any additional JWT claims can be accessed via the Claims map of DecodedAppCheckToken.

Source Files ¶

View all Source files

appcheck.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL