Authentication library for Google Cloud, Firebase, and other cloud providers that uses standard Web Crypto API and runs in different environments and runtimes, including but not limited to:
It has minimum dependencies, small bundle size, and optimized for speed and performance.
# Install using NPM
$ npm install web-auth-library --save
# Install using Yarn
$ yarn add web-auth-libraryNOTE: The credentials argument in the examples below is expected to be a serialized JSON string of a Google Cloud service account key, apiKey is Google Cloud API Key (Firebase API Key), and projectId is a Google Cloud project ID.
import { verifyIdToken } from "web-auth-library/google";
const token = await verifyIdToken({
idToken,
credentials: env.GOOGLE_CLOUD_CREDENTIALS,
});
// => {
// iss: 'https://securetoken.google.com/example',
// aud: 'example',
// auth_time: 1677525930,
// user_id: 'temp',
// sub: 'temp',
// iat: 1677525930,
// exp: 1677529530,
// firebase: {}
// }Create an access token for accessing Google Cloud APIs
import { getAccessToken } from "web-auth-library/google";
// Generate a short lived access token from the service account key credentials
const accessToken = await getAccessToken({
credentials: env.GOOGLE_CLOUD_CREDENTIALS,
scope: "https://www.googleapis.com/auth/cloud-platform",
});
// Make a request to one of the Google's APIs using that token
const res = await fetch(
"https://cloudresourcemanager.googleapis.com/v1/projects",
{
headers: { Authorization: `Bearer ${accessToken}` },
}
);import { getIdToken } from "web-auth-library/google";
const idToken = await getIdToken({
credentials: env.GOOGLE_CLOUD_CREDENTIALS,
audience: "https://example.com",
});Instead of passing credentials via options.credentials argument, you can also let the library pick up credentials from the list of environment variables using standard names such as GOOGLE_CLOUD_CREDENTIALS, GOOGLE_CLOUD_PROJECT, FIREBASE_API_KEY, for example:
import { verifyIdToken } from "web-auth-library/google";
const env = { GOOGLE_CLOUD_CREDENTIALS: "..." };
const token = await verifyIdToken({ idToken, env });Pass the optional waitUntil(promise) function provided by the target runtime to optimize the way authentication tokens are being renewed in background. For example, using Cloudflare Workers and Hono.js:
import { Hono } from "hono";
import { verifyIdToken } from "web-auth-library/google";
const app = new Hono();
app.get("/", ({ env, executionCtx, json }) => {
const idToken = await verifyIdToken({
idToken: "...",
waitUntil: executionCtx.waitUntil,
env,
});
return json({ ... });
})
- React Starter Kit — front-end template for React and Relay using Jamstack architecture
- GraphQL API and Relay Starter Kit — monorepo template, pre-configured with GraphQL API, React, and Relay
- Cloudflare Workers Starter Kit — TypeScript project template for Cloudflare Workers
You're very welcome to create a PR or send me a message on Discord.
In order to unit test this library locally you will need Node.js v18+ with corepack enabled, a Google Cloud service account key (here) and Firebase API Key (here) that you can save into the test/test.override.env file, for example:
GOOGLE_CLOUD_PROJECT=example
GOOGLE_CLOUD_CREDENTIALS={"type":"service_account","project_id":"example",...}
FIREBASE_API_KEY=AIzaSyAZEmdfRWvEYgZpwm6EBLkYJf6ySIMF3Hy
Then run unit tests via yarn test [--watch].
Copyright © 2022-present Kriasoft. This source code is licensed under the MIT license found in the LICENSE file.
Made with ♥ by Konstantin Tarkus (@koistya, blog) and contributors.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent