build coverage License: MIT

A small package that verifies Firebase Auth Tokens when writing server-side Dart code. Perfect for use with the Dart Functions Framework!

The validation follows these steps, and validation is done with the openid_client package. Give their repo a star along with this one if you find this package useful! Their package does all the heavy cryptography lifting!

Getting Started

Validating is easy! Just

  1. Create a FirebaseAuthValidator()
  2. Initialize with validator.init()
  3. Validate JWT with validator.validate()
final jwt = '...';  // Generated with a client library and sent with the request
final validator = FirebaseAuthValidator();
await validator.init();
final idToken = await validator.validate(jwt);

Specifiying Project Id

If you are running this code on a Google Cloud service (like Cloud Run or GCE), the project id will discovered automatically when you run validator.init(). You can specify a project id manually using validator.init(projectId: projectId)

Using in Tests

You can easily mock a FirebaseAuthValidator using mocktail, the type safe and null safe tool for mocking objects in tests. For example:

import 'package:mocktail/mocktail.dart';

class MockFirebaseAuthValidator extends Mock implements FirebaseAuthValidator { }

class MockIdToken extends Mock implements IdToken { }

void main() {
  late FirebaseAuthValidator validator;
  late IdToken token;

  setUp(() {
    validator = MockFirebaseAuthValidator();
    idToken = MockIdToken();

    when(() => validator.init()).thenAnswer((_) async => null);
    when(() => validator.validate()).thenAnswer((_) async => idToken);

    when(() => idToken.isVerified).thenReturn(true);