This sample application demonstrates how to use Spring Cloud GCP Firebase Authentication Starter to extract user identity from a signed Firebase JWT token.
The application provides a secured controller that can only be reached if a valid JWT token is sent as an HTTP Header.
This sample app provides simple login page using firebase-ui to fetch the JWT token.
-
Create a new firebase project as instructed here
-
Once you finish the process make sure you configure the following environment variables before running the app:
-
FIREBASE_CONFIG_API_KEY: Should be your "apiKey" value (you can find it in Firebase console project settings in "Web API Key" field)
-
FIREBASE_CONFIG_APP_ID: Should be your "appId" value for the application you set up in step 1.
-
-
Make sure that you are authenticated with
gcloudand you have set the correctprojectIdto be the same project as your Firebase project. This app uses default login and will rely on that to extract theprojectIdusing theGcpProjectIdProvider -
Go to your Firebase project, select the web application you have created and enable two providers:
Googleandemail -
(Optional) : You can add a few users to try this out if you rather not use the Google Provider authentication
Make sure you executed steps 2 & 3 from prerequisites section
$ ./mvnw clean spring-boot:run
Open your browser at http://localhost:8080
There’s a single page app with an ask button, if you try to click it you should get an error message.
Also try to access the secure endpoint via curl:
curl http://localhost:8080/answer
You should get a 403 error.
Now login using the button at the top right corner. You can choose between using a valid Google credential, or a user you have added via the Firebase authentication users menu.
Once you are logged in, you should see a panel with the curl command.
Try clicking the button again.
You can also copy the curl command and execute it now on your console and you should be able to access the endpoint.