Merge pull request #539 from sebj54/master

mevdschee · web-flow · commit f28ee9b90b43 · 2019-05-21T22:47:22.000+02:00
Add Firebase JWT example + docs for Firebase &amp; Auth0
diff --git a/README.md b/README.md
@@ -650,6 +650,53 @@ This example sends the signed claims:
 
 NB: The JWT implementation only supports the RSA and HMAC based algorithms.
 
+##### Configure and test JWT authentication with Auth0
+
+First you need to create an account on [Auth0](https://auth0.com/auth/login).
+Once logged in, you have to create an application (its type does not matter). Collect the `Domain`
+and `Client ID` and keep them for a later use. Then, create an API: give it a name and fill the
+`identifier` field with your API endpoint's URL.
+
+Then you have to configure the `jwtAuth.secret` configuration in your `api.php` file.
+Don't fill it with the `secret` you will find in your Auth0 application settings but with **a
+public certificate**. To find it, go to the settings of your application, then in "Extra settings".
+You will now find a "Certificates" tab where you will find your Public Key in the Signing
+Certificate field.
+
+To test your integration, you can copy the [auth0/vanilla.html](examples/clients/auth0/vanilla.html)
+file. Be sure to fill these three variables:
+
+ - `authUrl` with your Auth0 domain
+ - `clientId` with your Client ID
+ - `audience` with the API URL you created in Auth0
+
+⚠️ If you don't fill the audience parameter, it will not work because you won't get a valid JWT.
+
+You can also change the `url` variable, used to test the API with authentication.
+
+[More info](https://auth0.com/docs/api-auth/tutorials/verify-access-token)
+
+##### Configure and test JWT authentication with Firebase
+
+First you need to create a Firebase project on the [Firebase console](https://console.firebase.google.com/).
+Add a web application to this project and grab the code snippet for later use.
+
+Then you have to configure the `jwtAuth.secret` configuration in your `api.php` file.
+Grab the public key via this [URL](https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com).
+There may be several certificates, just grab the one corresponding to your `kid` (if you don't
+know what it is, just test them all until you will be logged in).
+Now, just fill `jwtAuth.secret` with your public key.
+
+To test your integration, you can copy the [firebase/vanilla.html](examples/clients/firebase/vanilla.html)
+file and the [firebase/vanilla-success.html](examples/clients/firebase/vanilla-success.html) file,
+used as a "success" page and to display the API result.
+
+Replace, in both files, the Firebase configuration (`firebaseConfig` object).
+
+You can also change the `url` variable, used to test the API with authentication.
+
+[More info](https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library)
+
 ## Authorizing operations
 
 The Authorization model acts on "operations". The most important ones are listed here:
diff --git a/examples/clients/auth0/vanilla.html b/examples/clients/auth0/vanilla.html
@@ -1,11 +1,13 @@
 <html>
 <head>
-<meta charset="utf-8" /> 
+<meta charset="utf-8" />
 <script>
 var authUrl = 'https://php-crud-api.auth0.com/authorize'; // url of auth0 '/authorize' end-point
 var clientId = ''; // client id as defined in auth0
-var audience = ''; // api audience as defined in auth0
-window.onload = function () {
+var audience = 'https://your-php-crud-api/api.php'; // api audience as defined in auth0
+var url = '/api.php/records/posts?join=categories&join=tags&join=comments&filter=id,eq,1';
+
+function requestApi() {
     var match = RegExp('[#&]access_token=([^&]*)').exec(window.location.hash);
     var accessToken = match && decodeURIComponent(match[1].replace(/\+/g, ' '));
     if (!accessToken) {
@@ -16,18 +18,32 @@
         req.onreadystatechange = function () {
             if (req.readyState==4) {
                 console.log(req.responseText);
-                document.getElementById('output').innerHTML = JSON.stringify(JSON.parse(req.responseText), undefined, 4);
+                try {
+                    document.getElementById('output').innerHTML = JSON.stringify(JSON.parse(req.responseText), undefined, 4);
+                } catch (error) {
+                    document.getElementById('output').innerHTML = req.responseText;
+                }
             }
         }
-        url = '/api.php/records/posts?join=categories&join=tags&join=comments&filter=id,eq,1';
         req.open("GET", url, true);
         req.setRequestHeader('X-Authorization', 'Bearer '+accessToken);
         req.send();
     }
 };
+
+window.onload = function() {
+    requestAPI()
+    document.getElementById('request-btn').onclick = function(e) {
+        e.preventDefault()
+        requestAPI()
+    }
+}
 </script>
 </head>
 <body>
+<p>
+    <button type="button" id="request-btn">Request API</button>
+</p>
 <pre id="output"></pre>
 </body>
 </html>
diff --git a/examples/clients/firebase/vanilla-success.html b/examples/clients/firebase/vanilla-success.html
@@ -0,0 +1,97 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>Success</title>
+
+    <script src="https://www.gstatic.com/firebasejs/6.0.2/firebase-app.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/6.0.2/firebase-auth.js"></script>
+
+    <script>
+        // Your web app's Firebase configuration
+        var firebaseConfig = {
+            apiKey: "",
+            authDomain: "",
+            databaseURL: "",
+            projectId: "",
+            storageBucket: "",
+            messagingSenderId: "",
+            appId: ""
+        };
+        // Initialize Firebase
+        firebase.initializeApp(firebaseConfig);
+    </script>
+
+    <script>
+        var url = '/api.php/records/posts?join=categories&join=tags&join=comments&filter=id,eq,1';
+
+        function requestAPI(accessToken) {
+            var req = new XMLHttpRequest();
+            req.onreadystatechange = function () {
+                if (req.readyState == 4) {
+                    try {
+                        document.getElementById('output').innerHTML = JSON.stringify(JSON.parse(req.responseText),
+                            undefined, 4);
+                    } catch (error) {
+                        document.getElementById('output').innerHTML = req.responseText;
+                    }
+                }
+            }
+            req.open("GET", url, true);
+            req.setRequestHeader('X-Authorization', 'Bearer ' + accessToken);
+            req.send();
+        }
+
+        function initApp() {
+            firebase.auth().onAuthStateChanged(function (user) {
+                if (user) {
+                    // User is signed in.
+                    var displayName = user.displayName;
+                    var email = user.email;
+                    var emailVerified = user.emailVerified;
+                    var photoURL = user.photoURL;
+                    var uid = user.uid;
+                    var phoneNumber = user.phoneNumber;
+                    var providerData = user.providerData;
+                    user.getIdToken().then(function (accessToken) {
+                        document.getElementById('sign-in-status').textContent = 'Signed in';
+                        document.getElementById('account-details').textContent = JSON.stringify({
+                            displayName: displayName,
+                            email: email,
+                            emailVerified: emailVerified,
+                            phoneNumber: phoneNumber,
+                            photoURL: photoURL,
+                            uid: uid,
+                            accessToken: accessToken,
+                            providerData: providerData
+                        }, undefined, 4);
+
+                        requestAPI(accessToken)
+                    });
+                } else {
+                    // User is signed out.
+                    document.getElementById('sign-in-status').textContent = 'Signed out';
+                    document.getElementById('account-details').textContent = 'null';
+                }
+            }, function (error) {
+                console.log(error);
+            });
+        };
+
+        window.addEventListener('load', initApp);
+    </script>
+</head>
+
+<body>
+    <h1>Firebase Login Success (or not)</h1>
+
+    <div id="sign-in-status"></div>
+    <pre id="account-details"></pre>
+
+    <pre id="output"></pre>
+</body>
+
+</html>
diff --git a/examples/clients/firebase/vanilla.html b/examples/clients/firebase/vanilla.html
@@ -0,0 +1,68 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>
+        Firebase
+    </title>
+
+    <!-- The core Firebase JS SDK is always required and must be listed first -->
+    <script src="https://www.gstatic.com/firebasejs/6.0.2/firebase-app.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/6.0.2/firebase-auth.js"></script>
+
+    <script>
+    // Your web app's Firebase configuration
+    var firebaseConfig = {
+        apiKey: "",
+        authDomain: "",
+        databaseURL: "",
+        projectId: "",
+        storageBucket: "",
+        messagingSenderId: "",
+        appId: ""
+    };
+    // Initialize Firebase
+    firebase.initializeApp(firebaseConfig);
+    </script>
+
+    <script src="https://cdn.firebase.com/libs/firebaseui/4.0.0/firebaseui.js"></script>
+    <link type="text/css" rel="stylesheet" href="https://cdn.firebase.com/libs/firebaseui/4.0.0/firebaseui.css" />
+
+    <script type="text/javascript">
+        // FirebaseUI config.
+        var uiConfig = {
+          signInSuccessUrl: './vanilla-success.html',
+          signInOptions: [
+            // Leave the lines as is for the providers you want to offer your users.
+            firebase.auth.GoogleAuthProvider.PROVIDER_ID,
+            firebase.auth.FacebookAuthProvider.PROVIDER_ID,
+            firebase.auth.TwitterAuthProvider.PROVIDER_ID,
+            firebase.auth.GithubAuthProvider.PROVIDER_ID,
+            firebase.auth.EmailAuthProvider.PROVIDER_ID,
+            firebase.auth.PhoneAuthProvider.PROVIDER_ID,
+            firebaseui.auth.AnonymousAuthProvider.PROVIDER_ID
+          ],
+          // tosUrl and privacyPolicyUrl accept either url string or a callback
+          // function.
+          // Terms of service url/callback.
+          tosUrl: '<your-tos-url>',
+          // Privacy policy url/callback.
+          privacyPolicyUrl: function() {
+            window.location.assign('<your-privacy-policy-url>');
+          }
+        };
+
+        // Initialize the FirebaseUI Widget using Firebase.
+        var ui = new firebaseui.auth.AuthUI(firebase.auth());
+        // The start method will wait until the DOM is loaded.
+        ui.start('#firebaseui-auth-container', uiConfig);
+      </script>
+</head>
+<body>
+    <h1>Firebase login</h1>
+
+    <div id="firebaseui-auth-container"></div>
+</body>
+</html>
