From dc7b2e8a789d3751b2adb313d281fe88bc89380c Mon Sep 17 00:00:00 2001 From: Kevin Cheung Date: Mon, 15 Nov 2021 11:09:52 -0800 Subject: [PATCH 1/5] Update Auth snippets for new Google library --- auth-next/google-signin.js | 33 +++++++++++++------ auth/google-signin.js | 29 +++++++++++----- .../google-signin/auth_google_callback.js | 12 +++---- .../auth_google_checksameuser.js | 17 ++++++++-- 4 files changed, 65 insertions(+), 26 deletions(-) diff --git a/auth-next/google-signin.js b/auth-next/google-signin.js index 1e1cee59..6a5e3a5a 100644 --- a/auth-next/google-signin.js +++ b/auth-next/google-signin.js @@ -97,24 +97,24 @@ function googleBuildAndSignIn(id_token) { function onSignIn_wrapper() { // See real implementation below - function isUserEqual(x, y) { - return true; + function isUserEqual(googleIdToken, firebaseUser) { + return false; } // [START auth_google_callback] const { getAuth, onAuthStateChanged, signInWithCredential, GoogleAuthProvider } = require("firebase/auth"); const auth = getAuth(); - function onSignIn(googleUser) { - console.log('Google Auth Response', googleUser); + function onSignIn(googleResponse) { + console.log('Sign in with Google response', googleResponse); // We need to register an Observer on Firebase Auth to make sure auth is initialized. const unsubscribe = onAuthStateChanged(auth, (firebaseUser) => { unsubscribe(); - // Check if we are already signed-in Firebase with the correct user. - if (!isUserEqual(googleUser, firebaseUser)) { + // Check if we are already signed in to Firebase with the correct user. + const googleIdToken = googleResponse.credential; + if (!isUserEqual(googleIdToken, firebaseUser)) { // Build Firebase credential with the Google ID token. - const credential = GoogleAuthProvider.credential( - googleUser.getAuthResponse().id_token); + const credential = GoogleAuthProvider.credential(googleIdToken); // Sign in with credential from the Google user. // [START auth_google_signin_credential] @@ -141,12 +141,25 @@ function isUserEqual_wrapper() { // [START auth_google_checksameuser] const { GoogleAuthProvider } = require("firebase/auth"); - function isUserEqual(googleUser, firebaseUser) { + function isUserEqual(googleIdToken, firebaseUser) { + // Decode the JWT (without verification). + try { + const [_header, payload, _sig] = googleIdToken.split("."); + const decodedPayload = base64Decode(payload); + const jwtClaims = JSON.parse(decodedPayload); + } catch (e) { + return false; + } + if (!jwtClaims.hasOwnProperty("sub")) { + return false; + } + + // Check if Firebase user is signed in using the same Google UID. if (firebaseUser) { const providerData = firebaseUser.providerData; for (let i = 0; i < providerData.length; i++) { if (providerData[i].providerId === GoogleAuthProvider.PROVIDER_ID && - providerData[i].uid === googleUser.getBasicProfile().getId()) { + providerData[i].uid === jwtClaims.sub) { // We don't need to reauth the Firebase connection. return true; } diff --git a/auth/google-signin.js b/auth/google-signin.js index fcc32dc8..6dd7b7c6 100644 --- a/auth/google-signin.js +++ b/auth/google-signin.js @@ -96,16 +96,16 @@ function googleBuildAndSignIn(id_token) { } // [START auth_google_callback] -function onSignIn(googleUser) { - console.log('Google Auth Response', googleUser); +function onSignIn(googleResponse) { + console.log('Sign in with Google response', googleResponse); // We need to register an Observer on Firebase Auth to make sure auth is initialized. var unsubscribe = firebase.auth().onAuthStateChanged((firebaseUser) => { unsubscribe(); - // Check if we are already signed-in Firebase with the correct user. - if (!isUserEqual(googleUser, firebaseUser)) { + // Check if we are already signed in to Firebase with the correct user. + const googleIdToken = googleResponse.credential; + if (!isUserEqual(googleIdToken, firebaseUser)) { // Build Firebase credential with the Google ID token. - var credential = firebase.auth.GoogleAuthProvider.credential( - googleUser.getAuthResponse().id_token); + var credential = firebase.auth.GoogleAuthProvider.credential(googleIdToken); // Sign in with credential from the Google user. // [START auth_google_signin_credential] @@ -128,12 +128,25 @@ function onSignIn(googleUser) { // [END auth_google_callback] // [START auth_google_checksameuser] -function isUserEqual(googleUser, firebaseUser) { +function isUserEqual(googleIdToken, firebaseUser) { + // Decode the JWT (without verification). + try { + const [_header, payload, _sig] = googleIdToken.split("."); + const decodedPayload = base64Decode(payload); + const jwtClaims = JSON.parse(decodedPayload); + } catch (e) { + return false; + } + if (!jwtClaims.hasOwnProperty("sub")) { + return false; + } + + // Check if Firebase user is signed in using the same Google UID. if (firebaseUser) { var providerData = firebaseUser.providerData; for (var i = 0; i < providerData.length; i++) { if (providerData[i].providerId === firebase.auth.GoogleAuthProvider.PROVIDER_ID && - providerData[i].uid === googleUser.getBasicProfile().getId()) { + providerData[i].uid === jwtClaims.sub) { // We don't need to reauth the Firebase connection. return true; } diff --git a/snippets/auth-next/google-signin/auth_google_callback.js b/snippets/auth-next/google-signin/auth_google_callback.js index 27aa8dc6..8d0af41f 100644 --- a/snippets/auth-next/google-signin/auth_google_callback.js +++ b/snippets/auth-next/google-signin/auth_google_callback.js @@ -8,16 +8,16 @@ import { getAuth, onAuthStateChanged, signInWithCredential, GoogleAuthProvider } from "firebase/auth"; const auth = getAuth(); -function onSignIn(googleUser) { - console.log('Google Auth Response', googleUser); +function onSignIn(googleResponse) { + console.log('Sign in with Google response', googleResponse); // We need to register an Observer on Firebase Auth to make sure auth is initialized. const unsubscribe = onAuthStateChanged(auth, (firebaseUser) => { unsubscribe(); - // Check if we are already signed-in Firebase with the correct user. - if (!isUserEqual(googleUser, firebaseUser)) { + // Check if we are already signed in to Firebase with the correct user. + const googleIdToken = googleResponse.credential; + if (!isUserEqual(googleIdToken, firebaseUser)) { // Build Firebase credential with the Google ID token. - const credential = GoogleAuthProvider.credential( - googleUser.getAuthResponse().id_token); + const credential = GoogleAuthProvider.credential(googleIdToken); // Sign in with credential from the Google user. signInWithCredential(auth, credential).catch((error) => { diff --git a/snippets/auth-next/google-signin/auth_google_checksameuser.js b/snippets/auth-next/google-signin/auth_google_checksameuser.js index cc451991..1a8f4afa 100644 --- a/snippets/auth-next/google-signin/auth_google_checksameuser.js +++ b/snippets/auth-next/google-signin/auth_google_checksameuser.js @@ -7,12 +7,25 @@ // [START auth_google_checksameuser_modular] import { GoogleAuthProvider } from "firebase/auth"; -function isUserEqual(googleUser, firebaseUser) { +function isUserEqual(googleIdToken, firebaseUser) { + // Decode the JWT (without verification). + try { + const [_header, payload, _sig] = googleIdToken.split("."); + const decodedPayload = base64Decode(payload); + const jwtClaims = JSON.parse(decodedPayload); + } catch (e) { + return false; + } + if (!jwtClaims.hasOwnProperty("sub")) { + return false; + } + + // Check if Firebase user is signed in using the same Google UID. if (firebaseUser) { const providerData = firebaseUser.providerData; for (let i = 0; i < providerData.length; i++) { if (providerData[i].providerId === GoogleAuthProvider.PROVIDER_ID && - providerData[i].uid === googleUser.getBasicProfile().getId()) { + providerData[i].uid === jwtClaims.sub) { // We don't need to reauth the Firebase connection. return true; } From 05c6156ec473aa111bc78107ba1dbb56765fd7f2 Mon Sep 17 00:00:00 2001 From: Kevin Cheung Date: Mon, 15 Nov 2021 12:01:33 -0800 Subject: [PATCH 2/5] Replace JWT decoding with dummy implementation --- auth-next/google-signin.js | 18 +++++++----------- auth/google-signin.js | 18 +++++++----------- 2 files changed, 14 insertions(+), 22 deletions(-) diff --git a/auth-next/google-signin.js b/auth-next/google-signin.js index 6a5e3a5a..867d0236 100644 --- a/auth-next/google-signin.js +++ b/auth-next/google-signin.js @@ -137,22 +137,18 @@ function onSignIn_wrapper() { // [END auth_google_callback] } +function jwt_decode(_jwt) { + // Dummy implementation. + return { sub: "" }; +} + function isUserEqual_wrapper() { // [START auth_google_checksameuser] const { GoogleAuthProvider } = require("firebase/auth"); function isUserEqual(googleIdToken, firebaseUser) { - // Decode the JWT (without verification). - try { - const [_header, payload, _sig] = googleIdToken.split("."); - const decodedPayload = base64Decode(payload); - const jwtClaims = JSON.parse(decodedPayload); - } catch (e) { - return false; - } - if (!jwtClaims.hasOwnProperty("sub")) { - return false; - } + // Decode the JWT using a library such as https://github.com/auth0/jwt-decode + const jwtClaims = jwt_decode(googleIdToken); // Check if Firebase user is signed in using the same Google UID. if (firebaseUser) { diff --git a/auth/google-signin.js b/auth/google-signin.js index 6dd7b7c6..a5bcff8b 100644 --- a/auth/google-signin.js +++ b/auth/google-signin.js @@ -127,19 +127,15 @@ function onSignIn(googleResponse) { } // [END auth_google_callback] +function jwt_decode(_jwt) { + // Dummy implementation. + return { sub: "" }; +} + // [START auth_google_checksameuser] function isUserEqual(googleIdToken, firebaseUser) { - // Decode the JWT (without verification). - try { - const [_header, payload, _sig] = googleIdToken.split("."); - const decodedPayload = base64Decode(payload); - const jwtClaims = JSON.parse(decodedPayload); - } catch (e) { - return false; - } - if (!jwtClaims.hasOwnProperty("sub")) { - return false; - } + // Decode the JWT using a library such as https://github.com/auth0/jwt-decode + var jwtClaims = jwt_decode(googleIdToken); // Check if Firebase user is signed in using the same Google UID. if (firebaseUser) { From fca5f190b4523fa0b23a461dbb9647a98b40f504 Mon Sep 17 00:00:00 2001 From: Kevin Cheung Date: Mon, 15 Nov 2021 12:05:55 -0800 Subject: [PATCH 3/5] Regenerate snippets --- .../google-signin/auth_google_checksameuser.js | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/snippets/auth-next/google-signin/auth_google_checksameuser.js b/snippets/auth-next/google-signin/auth_google_checksameuser.js index 1a8f4afa..e2c56e7f 100644 --- a/snippets/auth-next/google-signin/auth_google_checksameuser.js +++ b/snippets/auth-next/google-signin/auth_google_checksameuser.js @@ -8,17 +8,8 @@ import { GoogleAuthProvider } from "firebase/auth"; function isUserEqual(googleIdToken, firebaseUser) { - // Decode the JWT (without verification). - try { - const [_header, payload, _sig] = googleIdToken.split("."); - const decodedPayload = base64Decode(payload); - const jwtClaims = JSON.parse(decodedPayload); - } catch (e) { - return false; - } - if (!jwtClaims.hasOwnProperty("sub")) { - return false; - } + // Decode the JWT using a library such as https://github.com/auth0/jwt-decode + const jwtClaims = jwt_decode(googleIdToken); // Check if Firebase user is signed in using the same Google UID. if (firebaseUser) { From 0a4dea52557fc7e2de4cef766e9f283bb982ee45 Mon Sep 17 00:00:00 2001 From: Kevin Cheung Date: Fri, 19 Nov 2021 10:30:08 -0800 Subject: [PATCH 4/5] Remove isUserEqual check --- auth-next/google-signin.js | 70 +++++++++----------------------------- auth/google-signin.js | 62 +++++++++------------------------ 2 files changed, 32 insertions(+), 100 deletions(-) diff --git a/auth-next/google-signin.js b/auth-next/google-signin.js index 867d0236..cd245925 100644 --- a/auth-next/google-signin.js +++ b/auth-next/google-signin.js @@ -96,10 +96,6 @@ function googleBuildAndSignIn(id_token) { } function onSignIn_wrapper() { - // See real implementation below - function isUserEqual(googleIdToken, firebaseUser) { - return false; - } // [START auth_google_callback] const { getAuth, onAuthStateChanged, signInWithCredential, GoogleAuthProvider } = require("firebase/auth"); @@ -110,62 +106,28 @@ function onSignIn_wrapper() { // We need to register an Observer on Firebase Auth to make sure auth is initialized. const unsubscribe = onAuthStateChanged(auth, (firebaseUser) => { unsubscribe(); - // Check if we are already signed in to Firebase with the correct user. + // Build Firebase credential with the Google ID token. const googleIdToken = googleResponse.credential; - if (!isUserEqual(googleIdToken, firebaseUser)) { - // Build Firebase credential with the Google ID token. - const credential = GoogleAuthProvider.credential(googleIdToken); - - // Sign in with credential from the Google user. - // [START auth_google_signin_credential] - signInWithCredential(auth, credential).catch((error) => { - // Handle Errors here. - const errorCode = error.code; - const errorMessage = error.message; - // The email of the user's account used. - const email = error.email; - // The credential that was used. - const credential = GoogleAuthProvider.credentialFromError(error); - // ... - }); - // [END auth_google_signin_credential] - } else { - console.log('User already signed-in Firebase.'); - } + const credential = GoogleAuthProvider.credential(googleIdToken); + + // Sign in with credential from the Google user. + // [START auth_google_signin_credential] + signInWithCredential(auth, credential).catch((error) => { + // Handle Errors here. + const errorCode = error.code; + const errorMessage = error.message; + // The email of the user's account used. + const email = error.email; + // The credential that was used. + const credential = GoogleAuthProvider.credentialFromError(error); + // ... + }); + // [END auth_google_signin_credential] }); } // [END auth_google_callback] } -function jwt_decode(_jwt) { - // Dummy implementation. - return { sub: "" }; -} - -function isUserEqual_wrapper() { - // [START auth_google_checksameuser] - const { GoogleAuthProvider } = require("firebase/auth"); - - function isUserEqual(googleIdToken, firebaseUser) { - // Decode the JWT using a library such as https://github.com/auth0/jwt-decode - const jwtClaims = jwt_decode(googleIdToken); - - // Check if Firebase user is signed in using the same Google UID. - if (firebaseUser) { - const providerData = firebaseUser.providerData; - for (let i = 0; i < providerData.length; i++) { - if (providerData[i].providerId === GoogleAuthProvider.PROVIDER_ID && - providerData[i].uid === jwtClaims.sub) { - // We don't need to reauth the Firebase connection. - return true; - } - } - } - return false; - } - // [END auth_google_checksameuser] -} - function googleProviderCredential(idToken) { // [START auth_google_provider_credential] const { GoogleAuthProvider } = require("firebase/auth"); diff --git a/auth/google-signin.js b/auth/google-signin.js index a5bcff8b..22341a3c 100644 --- a/auth/google-signin.js +++ b/auth/google-signin.js @@ -101,57 +101,27 @@ function onSignIn(googleResponse) { // We need to register an Observer on Firebase Auth to make sure auth is initialized. var unsubscribe = firebase.auth().onAuthStateChanged((firebaseUser) => { unsubscribe(); - // Check if we are already signed in to Firebase with the correct user. + // Build Firebase credential with the Google ID token. const googleIdToken = googleResponse.credential; - if (!isUserEqual(googleIdToken, firebaseUser)) { - // Build Firebase credential with the Google ID token. - var credential = firebase.auth.GoogleAuthProvider.credential(googleIdToken); - - // Sign in with credential from the Google user. - // [START auth_google_signin_credential] - firebase.auth().signInWithCredential(credential).catch((error) => { - // Handle Errors here. - var errorCode = error.code; - var errorMessage = error.message; - // The email of the user's account used. - var email = error.email; - // The firebase.auth.AuthCredential type that was used. - var credential = error.credential; - // ... - }); - // [END auth_google_signin_credential] - } else { - console.log('User already signed-in Firebase.'); - } + var credential = firebase.auth.GoogleAuthProvider.credential(googleIdToken); + + // Sign in with credential from the Google user. + // [START auth_google_signin_credential] + firebase.auth().signInWithCredential(credential).catch((error) => { + // Handle Errors here. + var errorCode = error.code; + var errorMessage = error.message; + // The email of the user's account used. + var email = error.email; + // The firebase.auth.AuthCredential type that was used. + var credential = error.credential; + // ... + }); + // [END auth_google_signin_credential] }); } // [END auth_google_callback] -function jwt_decode(_jwt) { - // Dummy implementation. - return { sub: "" }; -} - -// [START auth_google_checksameuser] -function isUserEqual(googleIdToken, firebaseUser) { - // Decode the JWT using a library such as https://github.com/auth0/jwt-decode - var jwtClaims = jwt_decode(googleIdToken); - - // Check if Firebase user is signed in using the same Google UID. - if (firebaseUser) { - var providerData = firebaseUser.providerData; - for (var i = 0; i < providerData.length; i++) { - if (providerData[i].providerId === firebase.auth.GoogleAuthProvider.PROVIDER_ID && - providerData[i].uid === jwtClaims.sub) { - // We don't need to reauth the Firebase connection. - return true; - } - } - } - return false; -} -// [END auth_google_checksameuser] - function googleProviderCredential(idToken) { // [START auth_google_provider_credential] var credential = firebase.auth.GoogleAuthProvider.credential(idToken); From 4fda27ade77546e6e032520ff6d5469be3e59248 Mon Sep 17 00:00:00 2001 From: Kevin Cheung Date: Fri, 19 Nov 2021 10:34:42 -0800 Subject: [PATCH 5/5] npm run snippets --- .../google-signin/auth_google_callback.js | 31 ++++++++----------- .../auth_google_checksameuser.js | 27 ---------------- 2 files changed, 13 insertions(+), 45 deletions(-) delete mode 100644 snippets/auth-next/google-signin/auth_google_checksameuser.js diff --git a/snippets/auth-next/google-signin/auth_google_callback.js b/snippets/auth-next/google-signin/auth_google_callback.js index 8d0af41f..917c5021 100644 --- a/snippets/auth-next/google-signin/auth_google_callback.js +++ b/snippets/auth-next/google-signin/auth_google_callback.js @@ -13,26 +13,21 @@ function onSignIn(googleResponse) { // We need to register an Observer on Firebase Auth to make sure auth is initialized. const unsubscribe = onAuthStateChanged(auth, (firebaseUser) => { unsubscribe(); - // Check if we are already signed in to Firebase with the correct user. + // Build Firebase credential with the Google ID token. const googleIdToken = googleResponse.credential; - if (!isUserEqual(googleIdToken, firebaseUser)) { - // Build Firebase credential with the Google ID token. - const credential = GoogleAuthProvider.credential(googleIdToken); + const credential = GoogleAuthProvider.credential(googleIdToken); - // Sign in with credential from the Google user. - signInWithCredential(auth, credential).catch((error) => { - // Handle Errors here. - const errorCode = error.code; - const errorMessage = error.message; - // The email of the user's account used. - const email = error.email; - // The credential that was used. - const credential = GoogleAuthProvider.credentialFromError(error); - // ... - }); - } else { - console.log('User already signed-in Firebase.'); - } + // Sign in with credential from the Google user. + signInWithCredential(auth, credential).catch((error) => { + // Handle Errors here. + const errorCode = error.code; + const errorMessage = error.message; + // The email of the user's account used. + const email = error.email; + // The credential that was used. + const credential = GoogleAuthProvider.credentialFromError(error); + // ... + }); }); } // [END auth_google_callback_modular] \ No newline at end of file diff --git a/snippets/auth-next/google-signin/auth_google_checksameuser.js b/snippets/auth-next/google-signin/auth_google_checksameuser.js deleted file mode 100644 index e2c56e7f..00000000 --- a/snippets/auth-next/google-signin/auth_google_checksameuser.js +++ /dev/null @@ -1,27 +0,0 @@ -// This snippet file was generated by processing the source file: -// ./auth-next/google-signin.js -// -// To update the snippets in this file, edit the source and then run -// 'npm run snippets'. - -// [START auth_google_checksameuser_modular] -import { GoogleAuthProvider } from "firebase/auth"; - -function isUserEqual(googleIdToken, firebaseUser) { - // Decode the JWT using a library such as https://github.com/auth0/jwt-decode - const jwtClaims = jwt_decode(googleIdToken); - - // Check if Firebase user is signed in using the same Google UID. - if (firebaseUser) { - const providerData = firebaseUser.providerData; - for (let i = 0; i < providerData.length; i++) { - if (providerData[i].providerId === GoogleAuthProvider.PROVIDER_ID && - providerData[i].uid === jwtClaims.sub) { - // We don't need to reauth the Firebase connection. - return true; - } - } - } - return false; -} -// [END auth_google_checksameuser_modular] \ No newline at end of file