Firebase Authentication token issuance in Python and token verification with Fast API

things to do

Using Firebase and Fast API, get the token on the client side, paste it in the header when hitting your own API, and verify on the server side to determine if you are logged in. Here, we will verify the token using the Google-made firebase_admin.

Issue a token

Enable password login in Authentication on the Firebase console and create a suitable account like the one below. Here, log in using this.

EMAIL = '[email protected]'
PASSWORD = 'password'

Install what you need.

$ pip install requests

Get the following JSON from the firebase console and paste it into a nice shape. (Actually use only ʻapiKey`)

CONFIG = {
    "apiKey": "YOUR API KEY",
    "authDomain": "YOURPROJECTID.firebaseapp.com",
    "databaseURL": "https://YOURPROJECTID.firebaseio.com",
    "projectId": "YOUR PROJECT ID",
    "storageBucket": "YOUR PROJECT ID.appspot.com",
    "messagingSenderId": "YOUR MESSAGE SENDER ID",
    "appId": "YOUR:APP:ID",
    "measurementId": "YOUR MEASUREMENT ID"
}

Hit the REST API of Firebase Auth to get the token. The REST API documentation is here.

api_key = CONFIG["apiKey"]
uri = f"https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key={api_key}"
data = {"email": EMAIL, "password": PASSWORD, "returnSecureToken": True}

result = requests.post(url=uri, data=data).json()

token = result['idToken']

Output this token at run time and use it later.

Validate tokens with FastAPI

Install what you need.

$ pip install fastapi firebase_admin uvicorn

From the firebase console, go to Gear → Service Account → Generate New Private Key to download and load the private key.

from firebase_admin import auth, credentials

cred = credentials.Certificate("path/to/cert.json")
firebase_admin.initialize_app(cred)

Define a function that gets the token from the header, decodes it, and gets the user information. Actually, I think you can get the user information from the DB here. The FastAPI docs provided an example of using fastapi.security.OAuth2PasswordBearer, but it didn't describe how to simply get a Bearer token, I had to look at the code.

from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from fastapi import Depends, HTTPException, status

def get_current_user(cred: HTTPAuthorizationCredentials = Depends(HTTPBearer())):
    try:
        decoded_token = auth.verify_id_token(cred.credentials)
    except:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail='Invalid authentication credentials',
            headers={'WWW-Authenticate': 'Bearer'},
        )

    user = decoded_token['firebase']['identities']

    return user

Defines an endpoint that can only be accessed with a valid Bearer token. FastAPI is really useful because you can inject what you want with Depends and type annotations.

from fastapi import FastAPI, Depends, HTTPException, status

app = FastAPI()

@app.get('/')
async def homepage(current_user=Depends(get_current_user)):
    return {'msg': 'ok', 'user': current_user}

if __name__ == '__main__':
    import uvicorn

    uvicorn.run(app, host='localhost', port=5000)

Execute

The code so far is summarized in Gist. First, use the code below to get the token and copy it. https://gist.github.com/pteroid/241687ecb5219ae0ce633a884d8ab5bb

Then start the server with the following code. https://gist.github.com/pteroid/a698fd679fb545cb2cfe792f0114938c

Hit it with a suitable REST client (I use Insomnia). Then you will get the following result.

request


> GET / HTTP/1.1
> Host: localhost:5000
> User-Agent: insomnia/7.1.1
> Authorization: Bearer 
YOURTOKENYOURTOKENYOURTOKENYOURTOKENYOURTOKENYOURTOKENYOURTOKENYOURTOKENYOURTOKENYOURTOKENYOURTOKEN
> Accept: */*

response


{
  "msg": "ok",
  "user": {
    "identities": {
      "email": [
        "[email protected]"
      ]
    },
    "sign_in_provider": "password"
  }
}

Finally

FastAPI I want you to be more popular.

Recommended Posts

Firebase Authentication token issuance in Python and token verification with Fast API
Authentication process with gRPC and Firebase Authentication
Passwordless authentication with RDS and IAM (Python)
Dealing with "years and months" in Python
Get Gmail subject and body with Python and Gmail API
Send HTTP with Basic authentication header in Python
Hit the Firebase Dynamic Links API in Python
Try using ChatWork API and Qiita API in Python
Automate background removal for the latest portraits in a directory with Python and API
Playing with a user-local artificial intelligence API in Python
Evernote API in Python
[Fast API + Firebase] Build an API server for Bearer authentication
Calculate Pose and Transform differences in Python with ROS
Crawling with Python and Twitter API 1-Simple search function
Start numerical calculation in Python (with Homebrew and pip)
C API in Python 3
[Python] Get user information and article information with Qiita API
Easy to use Nifty Cloud API with botocore and python
Design and test Verilog in Python only with Veriloggen and cocotb.
Try hitting the Twitter API quickly and easily with Python
Basic authentication with an encrypted password (.htpasswd) in bottle with python
I tried follow management with Twitter API and Python (easy)
[SAP CP] Web API created with python in CF environment
[LINE Messaging API] Issue channel access token v2.1 in Python
Create an authentication feature with django-allauth and CustomUser in Django
Predict gender from name using Gender API and Pykakasi in Python
Introduction to Effectiveness Verification Chapters 4 and 5 are written in Python
Play with Mastodon's archive in Python 2 Count replies and favourites
Specification generation and code generation in REST API development (Python edition)
Install CaboCha in Ubuntu environment and call it with Python.
Issue reverse geocoding in Japanese with Python Google Maps API
How to log in to AtCoder with Python and submit automatically
Hit Mastodon's API in Python
Programming with Python and Tkinter
Encryption and decryption with Python
Use Trello API with python
Scraping with selenium in Python
Python and hardware-Using RS232C with Python-
Working with LibreOffice in Python
Scraping with chromedriver in python
BASIC authentication with Python bottle
Use Twitter API with Python
Debugging with pdb in Python
Working with sounds in Python
Scraping with Selenium in Python
Scraping with Tor in Python
Web API with Python + Falcon
Tweet with image in Python
Combined with permutations in Python
Stack and Queue in Python
Implement fast RPC in Python
Play RocketChat with API / Python
Blender Python API in Houdini (Python 3)
Call the API with python3.
python with pyenv and venv
Unittest and CI in Python
Use subsonic API with python3
Works with Python and R
Operate Jupyter with REST API to extract and save Python code
Automatic image interpolation with OpenCV and Python (Fast Marching Method, Navier-Stokes)
Sample to use after OAuth authentication of BOX API with Python