Description
If your Firebase client app communicates with a custom backend server, you might need to identify the currently signed-in user on that server.
This plugin work with Google Firebase tokens. You can use it to verify ID Tokens.
Namespace and Endpoints
When the plugin is activated, a new namespace is added
/verify-id-tokens/v1/
Also, a new endpoint is added to this namespace
/verify-id-tokens/v1/token/validate | POST
PHP HTTP Authorization Header enable
Most of the shared hosting has disabled the HTTP Authorization Header by default.
To enable this option you’ll need to edit your .htaccess file adding the follow
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
WPENGINE
To enable this option you’ll need to edit your .htaccess file adding the follow
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
Configurate the Firebase projectId
To add the projectId edit your wp-config.php file and add a new constant called BENGAL_STUDIO_VERIFY_ID_TOKENS_FIREBASE_PROJECT_ID
define('BENGAL_STUDIO_VERIFY_ID_TOKENS_FIREBASE_PROJECT_ID', 'projectId');
Configurate CORs
The Verify ID Tokens | Firebase plugin has the option to activate CORs response headers.
To enable the CORs edit your wp-config.php file and add a new constant called BENGAL_STUDIO_VERIFY_ID_TOKENS_ENABLE_CORS
define('BENGAL_STUDIO_VERIFY_ID_TOKENS_ENABLE_CORS', true);
Retrieve ID tokens on clients
To retrieve the ID token from the client, make sure the user is signed in and then get the ID token from the signed-in user:
firebase.auth().currentUser.getIdToken(/* forceRefresh */ true).then(function(idToken) {
// Send token to your backend via HTTPS
// ...
}).catch(function(error) {
// Handle error
});
Verify ID Tokens
verify-id-tokens/v1/token/validate
This is a simple helper endpoint to validate a token; you only will need to make a POST request sending the Authorization header.