Skip to content
/ drf-firebase-token-auth Public

Firebase token authentication for Django Rest Framework

License

MIT license
8 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ronhe/drf-firebase-token-auth

BranchesTags

Repository files navigation

Firebase Token Authentication for Django Rest Framework

PyPI

Inspired by garyburgmann/drf-firebase-auth and based on Rest Framework's TokenAuthentication, drf-firebase-token-auth should be just what you need to enable client authentication using Firebase Authentication.

How Does It Work

  1. For each REST request, a Firebase ID Token is extracted from the Authorization header.
  2. The ID Token is verified against Firebase.
  3. If the Firebase user is already known (A record with the corresponding UID exists in the FirebaseUser table), then the corresponding local User is successfully authenticated.
  4. Otherwise, the unfamiliar Firebase user is attempted to be matched against a local User record by email or username. If no match exists, then a new User is created. Its username is assigned either to the Firebase email or UID (in case an email is not available). Finally, the newly created local User is successfully authenticated.

Installation

  1. Install the pip package:

    $ pip install drf-firebase-token-auth

  2. Add the application to your project's INSTALLED_APPS:

    # settings.py
INSTALLED_APS = [
    ...
    'drf_firebase_token_auth',
]

  3. Add FirebaseTokenAuthentication to Rest Framework's list of default authentication classes:

    # settings.py
REST_FRAMEWORK = {
    ...
    'DEFAULT_AUTHENTICATION_CLASSES': [
        ...
        'drf_firebase_token_auth.authentication.FirebaseTokenAuthentication',
    ]
}

    Note: It's perfectly fine to keep other authentication classes as well. For example, you may want to keep rest_framework.authentication.SessionAuthentication to allow access to the browsable API for local users with password.

  4. Configure the application:

    # settings.py
DRF_FIREBASE_TOKEN_AUTH = {
    # REQUIRED SETTINGS:

    # Path to JSON file with firebase secrets
    'FIREBASE_SERVICE_ACCOUNT_KEY_FILE_PATH': r'/home/user/myproj-firebase-adminsdk.json',


    # OPTIONAL SETTINGS:

    # Create new matching local user in db, if no match found.
    # Otherwise, Firebase user not matching a local user will not
    # be authenticated.
    'SHOULD_CREATE_LOCAL_USER': True,

    # Authentication header token keyword (usually 'Token', 'JWT' or 'Bearer')
    'AUTH_HEADER_TOKEN_KEYWORD': 'Token',

    # Verify that Firebase token has not been revoked.
    'VERIFY_FIREBASE_TOKEN_NOT_REVOKED': True,

    # Require that Firebase user email_verified is True.
    # If set to True, non verified email addresses from Firebase are ignored.
    'IGNORE_FIREBASE_UNVERIFIED_EMAIL': True,
}

  5. Migrate:

    $ python manage.py migrate drf-firebase-token-auth

  6. Have your clients adding Token <Firebase ID Token> in the Authorization Header of their REST requests.

About

Firebase token authentication for Django Rest Framework

Resources

Readme

License

MIT license
Activity

Stars

8 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

2 tags

Packages

No packages published

Languages