Last active
September 20, 2022 18:40
-
-
Save mrbarletta/1aef1a65e4b5b5408cfde6b280fc9879 to your computer and use it in GitHub Desktop.
Firebase - CF Worker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { getTokenFromGCPServiceAccount } from "@sagi.io/workers-jwt"; | |
| export async function getAccessToken(){ | |
| const serviceAccountJSON = { | |
| type: "service_account", | |
| project_id: GOOGLE_PROJECT_ID, //ENVIRONMENT VARIABLES | |
| private_key_id: GOOGLE_PRIVATE_KEY_ID, | |
| private_key: GOOGLE_PRIVATE_KEY, | |
| client_email: GOOGLE_CLIENT_EMAIL, | |
| client_id: GOOGLE_CLIENT_ID, | |
| auth_uri: GOOGLE_AUTH_URI, | |
| token_uri: GOOGLE_TOKEN_URI, | |
| auth_provider_x509_cert_url: GOOGLE_AUTH_PROVIDER_X509_CERT_URL, | |
| client_x509_cert_url: GOOGLE_CLIENT_X509_CERT_URL, | |
| }; | |
| // eslint-disable-next-line @typescript-eslint/no-unsafe-call | |
| const jwtToken = (await getTokenFromGCPServiceAccount({ | |
| serviceAccountJSON: serviceAccountJSON, | |
| aud: "https://oauth2.googleapis.com/token", | |
| payloadAdditions: { | |
| scope: | |
| "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/firebase.database https://www.googleapis.com/auth/firebase.messaging https://www.googleapis.com/auth/identitytoolkit https://www.googleapis.com/auth/userinfo.email", | |
| }, | |
| })) as unknown as string; | |
| const accessToken = await ( | |
| await fetch("https://accounts.google.com/o/oauth2/token", { | |
| method: "POST", | |
| headers: { | |
| "Content-Type": "application/x-www-form-urlencoded", | |
| }, | |
| body: new URLSearchParams({ | |
| grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer", | |
| assertion: jwtToken, // the JWT token generated in the previous step | |
| }), | |
| }) | |
| ).json(); | |
| return accessToken; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { getAccessToken } from "./firebaseGetAuthToken"; | |
| export async function handleSetCustomClaims(userId, claims) { | |
| const accessToken: AccessToken = await getAccessToken(); | |
| const url = | |
| `https://identitytoolkit.googleapis.com/v1/projects/${GOOGLE_PROJECT_ID}/accounts:update`; | |
| const body = JSON.stringify({ | |
| localId: userId, | |
| customAttributes: JSON.stringify(claims), | |
| }); | |
| //Save the new Claims to the user | |
| const newClaims = await fetch(url, { | |
| method: "POST", | |
| body, | |
| headers: { | |
| Authorization: `Bearer ${accessToken.access_token}`, | |
| "Content-Type": "application/json; charset=utf-8", | |
| }, | |
| }); | |
| return newClaims; | |
| } | |
| //Example | |
| const newCustomClaims = { | |
| "https://hasura.io/jwt/claims": { | |
| "x-hasura-allowed-roles": rolesArray, | |
| "x-hasura-default-role": "user", | |
| "x-hasura-user-id": `${user_id}`, | |
| }, | |
| }; | |
| handleSetCustomClaims(123,newCustomClaims); |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Firebase SDK doesn't work on Cloudflare workers, so you have to manually use their APIs. This is for getting the accessToken for the other calls