README.md

# FirebaseAuthVerifier

A simple Elixir library for fetching the signing certificate for
FirebaseAuth's ID tokens, following the documentation of
[Verify ID tokens using a third party JWT library](https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library).

## Installation

If [available in Hex](https://hex.pm/docs/publish), the package can be
installed by adding `firebase_auth_verifier` to your list of
dependencies in `mix.exs`:

```elixir
def deps do
  [
    {:firebase_auth_verifier, "~> 0.1.0"}
  ]
end
```

## Configuration

### Required configuration(s)

```elixir
# configure the endpoint to GET certificate from and the timeout of the FirebaseAuthVerifier.verify/3 call
config :firebase_auth_verifier,
  cert_url: "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com",
  verify_timeout: 2_500
```

With the default retry count of `3`, this means a request could halt
for up to `7500` ms, given that the endpoint does not return within
this time when the local cache has gone stale. So set your
`verify_timeout` to something tolerable for your case.

### Optional configuration(s)

```elixir
# configure an adapter for Tesla
config :tesla,
  adapter: Tesla.Adapter.Hackney
```

NOTE: `cert_url` might be inlined in a future release if it is deemed
pointless to have it as a configuration, as it is not very likely to
change. It could however prove useful for testing if one wants to mock
the Firebase/Google endpoint.

## Documentation

Documentation can be generated with [ExDoc](https://github.com/elixir-lang/ex_doc)
and published on [HexDocs](https://hexdocs.pm). Once published, the docs can
be found at [https://hexdocs.pm/firebase_auth_verifier](https://hexdocs.pm/firebase_auth_verifier).

## To investigate

Feature scope for the version 0.2.0:

1. Investigate whether setting up a timer for the `max-age` check
   rather than letting it go stale can prevent timeouts

## How to contribute

If you want to contribute, either by reporting an issue or by fixing a
known issue, just create a GitHub issue at [FirebaseAuthVerifier
Issues](https://github.com/menuan/fav/issues) detailing the problem. 

Then you can either solve it and create a pull request, or I will take
a look at it as soon as possible. It is of course possible to help out
with any other issues found there, if one wants to.

### Testing your branch

When contributing to this project and running tests, the following ENV
variables are currently required for one of the integration tests:

* FIREBASE\_WEB\_API\_KEY
* TEST\_USER\_EMAIL
* TEST\_USER\_PASSWORD
* TEST\_PROJECT\_ID

See `example.test.env` as a way to source these variables when running
local tests through `env $(cat .env) mix test`, as an example.

So this requires a Firebase project to be set up with a pre-made
email-password user for testing.

Just make sure not to commit such files if you do decide to make a PR.