zabawaba99 / fireauth Goto Github PK

The algorithm used in fireauth is HS256 as specified in generator.go

// Firebase specific values for header  
const (  
	TokenAlgorithm = "HS256"  
	TokenType      = "JWT"  
)  

Firebase seems to use RS256 as referenced here:
https://firebase.google.com/docs/auth/admin/verify-id-tokens

When attempting an auth from a generated token by fire auth I am getting:
FIRAuthErrorDomain Code=17000 "The custom token format is incorrect. Please check the documentation."

• Configure travis to build this repo
• Configure Coveralls to build repo and report code coverage

please noted that the behavior of h.Write([]byte{...}) and h.Sum([]byte{...}) are different,
you can check this example: https://play.golang.org/p/y7S52DdL_T

in Sum(data), it actually appends the checksum AFTER the byte data.
https://golang.org/src/crypto/sha256/sha256.go?s=1643:1663#L128

however, the following code snippet works fine for me

@@ -136,5 +138,7 @@ func encode(data []byte) string {
 }
 func sign(message, secret string) string {
-       return encode(hmac.New(sha256.New, []byte(secret)).Sum([]byte(message)))
+       h := hmac.New(sha256.New, []byte(secret))
+       h.Write([]byte(message))
+       return encode(h.Sum(nil))
 }

I would like to send a PR, any concerns?

Firebase tokens expire 24 hours after they're created, unless an explicit expiration is set. Fireauth can anticipate the expiration of any token it generates. It would be useful if fireauth also had a mechanism to generate new tokens on-demand (to replace an expired token).

This might be accomplished by providing something like func (*Generator) CreateTokenWithRefresh(Data, *Option) (string, chan string, error) which returns a generated token along with a chan string that will publish a new token when the previous token expires. Implementers would then end up doing something like this:

auth := fireauth.New(mySecret)

token, refresher, _ := auth.CreateTokenWithRefresh(data, options)

// later on...
select {
case refreshedToken <- refresher:
    token = refreshedToken
default:
}
// carry on using token

A possible (and untested) implementation of CreateTokenWithRefresh:

func (t *Generator) CreateTokenWithRefresh(data Data, options *Option) (string, chan string, error) {
    token, err := t.CreateToken(data, options)
    if err != nil {
        return "", nil, err
    }

    c := make(chan string)
    duration := time.Unix(options.Expiration, 0).Sub(time.Now())
    ticker := time.NewTicker(duration)

    go func() {
        for _ = range <-ticker.C {
            newToken, err := t.CreateToken(data, options)
            if err != nil {
                close(c)
                ticker.Stop()
                return
            }
            c <- newToken
        }
    }()

    return token, c, nil
}