Documentation ¶
Overview ¶
Package auth contains functions for minting custom authentication tokens, and verifying Firebase ID tokens.
Index ¶
- func IsEmailAlreadyExists(err error) bool
- func IsIDTokenRevoked(err error) bool
- func IsInsufficientPermission(err error) bool
- func IsPhoneNumberAlreadyExists(err error) bool
- func IsProjectNotFound(err error) bool
- func IsUIDAlreadyExists(err error) bool
- func IsUnknown(err error) bool
- func IsUserNotFound(err error) bool
- type Client
- func (c *Client) CreateUser(ctx context.Context, user *UserToCreate) (*UserRecord, error)
- func (c *Client) CustomToken(uid string) (string, error)
- func (c *Client) CustomTokenWithClaims(uid string, devClaims map[string]interface{}) (string, error)
- func (c *Client) DeleteUser(ctx context.Context, uid string) error
- func (c *Client) GetUser(ctx context.Context, uid string) (*UserRecord, error)
- func (c *Client) GetUserByEmail(ctx context.Context, email string) (*UserRecord, error)
- func (c *Client) GetUserByPhoneNumber(ctx context.Context, phone string) (*UserRecord, error)
- func (c *Client) RevokeRefreshTokens(ctx context.Context, uid string) error
- func (c *Client) SetCustomUserClaims(ctx context.Context, uid string, customClaims map[string]interface{}) error
- func (c *Client) UpdateUser(ctx context.Context, uid string, user *UserToUpdate) (ur *UserRecord, err error)
- func (c *Client) Users(ctx context.Context, nextPageToken string) *UserIterator
- func (c *Client) VerifyIDToken(idToken string) (*Token, error)
- func (c *Client) VerifyIDTokenAndCheckRevoked(ctx context.Context, idToken string) (*Token, error)
- type ExportedUserRecord
- type Token
- type UserInfo
- type UserIterator
- type UserMetadata
- type UserRecord
- type UserToCreate
- func (u *UserToCreate) Disabled(d bool) *UserToCreate
- func (u *UserToCreate) DisplayName(dn string) *UserToCreate
- func (u *UserToCreate) Email(e string) *UserToCreate
- func (u *UserToCreate) EmailVerified(ev bool) *UserToCreate
- func (u *UserToCreate) Password(pw string) *UserToCreate
- func (u *UserToCreate) PhoneNumber(phone string) *UserToCreate
- func (u *UserToCreate) PhotoURL(url string) *UserToCreate
- func (u *UserToCreate) UID(uid string) *UserToCreate
- type UserToUpdate
- func (u *UserToUpdate) CustomClaims(cc map[string]interface{}) *UserToUpdate
- func (u *UserToUpdate) Disabled(d bool) *UserToUpdate
- func (u *UserToUpdate) DisplayName(dn string) *UserToUpdate
- func (u *UserToUpdate) Email(e string) *UserToUpdate
- func (u *UserToUpdate) EmailVerified(ev bool) *UserToUpdate
- func (u *UserToUpdate) Password(pw string) *UserToUpdate
- func (u *UserToUpdate) PhoneNumber(phone string) *UserToUpdate
- func (u *UserToUpdate) PhotoURL(url string) *UserToUpdate
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsEmailAlreadyExists ¶
IsEmailAlreadyExists checks if the given error was due to a duplicate email.
func IsIDTokenRevoked ¶
IsIDTokenRevoked checks if the given error was due to a revoked ID token.
func IsInsufficientPermission ¶
IsInsufficientPermission checks if the given error was due to insufficient permissions.
func IsPhoneNumberAlreadyExists ¶
IsPhoneNumberAlreadyExists checks if the given error was due to a duplicate phone number.
func IsProjectNotFound ¶
IsProjectNotFound checks if the given error was due to a non-existing project.
func IsUIDAlreadyExists ¶
IsUIDAlreadyExists checks if the given error was due to a duplicate uid.
func IsUserNotFound ¶
IsUserNotFound checks if the given error was due to non-existing user.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is the interface for the Firebase auth service.
Client facilitates generating custom JWT tokens for Firebase clients, and verifying ID tokens issued by Firebase backend services.
func NewClient ¶
NewClient creates a new instance of the Firebase Auth Client.
This function can only be invoked from within the SDK. Client applications should access the Auth service through firebase.App.
func (*Client) CreateUser ¶
func (c *Client) CreateUser(ctx context.Context, user *UserToCreate) (*UserRecord, error)
CreateUser creates a new user with the specified properties.
func (*Client) CustomToken ¶
CustomToken creates a signed custom authentication token with the specified user ID. The resulting JWT can be used in a Firebase client SDK to trigger an authentication flow. See https://firebase.google.com/docs/auth/admin/create-custom-tokens#sign_in_using_custom_tokens_on_clients for more details on how to use custom tokens for client authentication.
func (*Client) CustomTokenWithClaims ¶
func (c *Client) CustomTokenWithClaims(uid string, devClaims map[string]interface{}) (string, error)
CustomTokenWithClaims is similar to CustomToken, but in addition to the user ID, it also encodes all the key-value pairs in the provided map as claims in the resulting JWT.
func (*Client) DeleteUser ¶
DeleteUser deletes the user by the given UID.
func (*Client) GetUserByEmail ¶
GetUserByEmail gets the user data corresponding to the specified email.
func (*Client) GetUserByPhoneNumber ¶
GetUserByPhoneNumber gets the user data corresponding to the specified user phone number.
func (*Client) RevokeRefreshTokens ¶
RevokeRefreshTokens revokes all refresh tokens issued to a user.
RevokeRefreshTokens updates the user's TokensValidAfterMillis to the current UTC second. It is important that the server on which this is called has its clock set correctly and synchronized.
While this revokes all sessions for a specified user and disables any new ID tokens for existing sessions from getting minted, existing ID tokens may remain active until their natural expiration (one hour). To verify that ID tokens are revoked, use `verifyIdTokenAndCheckRevoked(ctx, idToken)`.
func (*Client) SetCustomUserClaims ¶
func (c *Client) SetCustomUserClaims(ctx context.Context, uid string, customClaims map[string]interface{}) error
SetCustomUserClaims sets additional claims on an existing user account.
Custom claims set via this function can be used to define user roles and privilege levels. These claims propagate to all the devices where the user is already signed in (after token expiration or when token refresh is forced), and next time the user signs in. The claims can be accessed via the user's ID token JWT. If a reserved OIDC claim is specified (sub, iat, iss, etc), an error is thrown. Claims payload must also not be larger then 1000 characters when serialized into a JSON string.
func (*Client) UpdateUser ¶
func (c *Client) UpdateUser(ctx context.Context, uid string, user *UserToUpdate) (ur *UserRecord, err error)
UpdateUser updates an existing user account with the specified properties.
DisplayName, PhotoURL and PhoneNumber will be set to "" to signify deleting them from the record.
func (*Client) Users ¶
func (c *Client) Users(ctx context.Context, nextPageToken string) *UserIterator
Users returns an iterator over Users.
If nextPageToken is empty, the iterator will start at the beginning. If the nextPageToken is not empty, the iterator starts after the token.
func (*Client) VerifyIDToken ¶
VerifyIDToken verifies the signature and payload of the provided ID token.
VerifyIDToken accepts a signed JWT token string, and verifies that it is current, issued for the correct Firebase project, and signed by the Google Firebase services in the cloud. It returns a Token containing the decoded claims in the input JWT. See https://firebase.google.com/docs/auth/admin/verify-id-tokens#retrieve_id_tokens_on_clients for more details on how to obtain an ID token in a client app. This does not check whether or not the token has been revoked. See `VerifyIDTokenAndCheckRevoked` below.
func (*Client) VerifyIDTokenAndCheckRevoked ¶
VerifyIDTokenAndCheckRevoked verifies the provided ID token and checks it has not been revoked.
VerifyIDTokenAndCheckRevoked verifies the signature and payload of the provided ID token and checks that it wasn't revoked. Uses VerifyIDToken() internally to verify the ID token JWT.
type ExportedUserRecord ¶
type ExportedUserRecord struct { *UserRecord PasswordHash string PasswordSalt string }
ExportedUserRecord is the returned user value used when listing all the users.
type Token ¶
type Token struct { Issuer string `json:"iss"` Audience string `json:"aud"` Expires int64 `json:"exp"` IssuedAt int64 `json:"iat"` Subject string `json:"sub,omitempty"` UID string `json:"uid,omitempty"` Claims map[string]interface{} `json:"-"` }
Token represents a decoded Firebase ID token.
Token provides typed accessors to the common JWT fields such as Audience (aud) and Expiry (exp). Additionally it provides a UID field, which indicates the user ID of the account to which this token belongs. Any additional JWT claims can be accessed via the Claims map of Token.
type UserInfo ¶
type UserInfo struct { DisplayName string Email string PhoneNumber string PhotoURL string // In the ProviderUserInfo[] ProviderID can be a short domain name (e.g. google.com), // or the identity of an OpenID identity provider. // In UserRecord.UserInfo it will return the constant string "firebase". ProviderID string UID string }
UserInfo is a collection of standard profile information for a user.
type UserIterator ¶
type UserIterator struct {
// contains filtered or unexported fields
}
UserIterator is an iterator over Users.
Also see: https://github.com/GoogleCloudPlatform/google-cloud-go/wiki/Iterator-Guidelines
func (*UserIterator) Next ¶
func (it *UserIterator) Next() (*ExportedUserRecord, error)
Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns iterator.Done, all subsequent calls will return iterator.Done.
func (*UserIterator) PageInfo ¶
func (it *UserIterator) PageInfo() *iterator.PageInfo
PageInfo supports pagination. See the google.golang.org/api/iterator package for details. Page size can be determined by the NewPager(...) function described there.
type UserMetadata ¶
UserMetadata contains additional metadata associated with a user account. Timestamps are in milliseconds since epoch.
type UserRecord ¶
type UserRecord struct { *UserInfo CustomClaims map[string]interface{} Disabled bool EmailVerified bool ProviderUserInfo []*UserInfo TokensValidAfterMillis int64 // milliseconds since epoch. UserMetadata *UserMetadata }
UserRecord contains metadata associated with a Firebase user account.
type UserToCreate ¶
type UserToCreate struct {
// contains filtered or unexported fields
}
UserToCreate is the parameter struct for the CreateUser function.
func (*UserToCreate) Disabled ¶
func (u *UserToCreate) Disabled(d bool) *UserToCreate
Disabled setter.
func (*UserToCreate) DisplayName ¶
func (u *UserToCreate) DisplayName(dn string) *UserToCreate
DisplayName setter.
func (*UserToCreate) EmailVerified ¶
func (u *UserToCreate) EmailVerified(ev bool) *UserToCreate
EmailVerified setter.
func (*UserToCreate) Password ¶
func (u *UserToCreate) Password(pw string) *UserToCreate
Password setter.
func (*UserToCreate) PhoneNumber ¶
func (u *UserToCreate) PhoneNumber(phone string) *UserToCreate
PhoneNumber setter.
func (*UserToCreate) PhotoURL ¶
func (u *UserToCreate) PhotoURL(url string) *UserToCreate
PhotoURL setter.
type UserToUpdate ¶
type UserToUpdate struct {
// contains filtered or unexported fields
}
UserToUpdate is the parameter struct for the UpdateUser function.
func (*UserToUpdate) CustomClaims ¶
func (u *UserToUpdate) CustomClaims(cc map[string]interface{}) *UserToUpdate
CustomClaims setter.
func (*UserToUpdate) Disabled ¶
func (u *UserToUpdate) Disabled(d bool) *UserToUpdate
Disabled setter.
func (*UserToUpdate) DisplayName ¶
func (u *UserToUpdate) DisplayName(dn string) *UserToUpdate
DisplayName setter.
func (*UserToUpdate) EmailVerified ¶
func (u *UserToUpdate) EmailVerified(ev bool) *UserToUpdate
EmailVerified setter.
func (*UserToUpdate) Password ¶
func (u *UserToUpdate) Password(pw string) *UserToUpdate
Password setter.
func (*UserToUpdate) PhoneNumber ¶
func (u *UserToUpdate) PhoneNumber(phone string) *UserToUpdate
PhoneNumber setter.
func (*UserToUpdate) PhotoURL ¶
func (u *UserToUpdate) PhotoURL(url string) *UserToUpdate
PhotoURL setter.