Verify ID Tokens | Firebase

Screenshots

If your Firebase client app communicates with a custom backend server, you might need to identify the currently signed-in user on that server. This plugin work with Google Firebase tokens. You can use it to verify ID Tokens. Namespace and Endpoints When the plugin is activated, a new namespace is added /verify-id-tokens/v1/ Also, a new endpoint is added to this namespace /verify-id-tokens/v1/token/validate | POST PHP HTTP Authorization Header enable Most of the shared hosting has disabled the HTTP Authorization Header by default. To enable this option you’ll need to edit your .htaccess file adding the follow RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1] WPENGINE To enable this option you’ll need to edit your .htaccess file adding the follow SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 Configurate the Firebase projectId To add the projectId edit your wp-config.php file and add a new constant called BENGAL_STUDIO_VERIFY_ID_TOKENS_FIREBASE_PROJECT_ID define('BENGAL_STUDIO_VERIFY_ID_TOKENS_FIREBASE_PROJECT_ID', 'projectId'); Configurate CORs The Verify ID Tokens | Firebase plugin has the option to activate CORs response headers. To enable the CORs edit your wp-config.php file and add a new constant called BENGAL_STUDIO_VERIFY_ID_TOKENS_ENABLE_CORS define('BENGAL_STUDIO_VERIFY_ID_TOKENS_ENABLE_CORS', true); Retrieve ID tokens on clients To retrieve the ID token from the client, make sure the user is signed in and then get the ID token from the signed-in user: firebase.auth().currentUser.getIdToken(/* forceRefresh */ true).then(function(idToken) { // Send token to your backend via HTTPS // ... }).catch(function(error) { // Handle error }); Verify ID Tokens verify-id-tokens/v1/token/validate This is a simple helper endpoint to validate a token; you only will need to make a POST request sending the Authorization header.