Scopes can be put in audiences, where Endpoints V2 will make sure the incoming JWT token has at least one of the audiences listed in the swagger configuration.
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/1d682013-a1d2-4370-80ce-d349784bcb53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Can we use scopes for authorization with Firebase Auth and Cloud Endpoints v2, and if yes, how? (see example below)
type: apiKey
name: api_key
in: header
petstore_auth:
type: oauth2
authorizationUrl: https://auth.firebase...?
flow: implicit
scopes:
write:pets: modify pets in your account
read:pets: read your pets
api_key:
Hey Ian,Can you tell me who told you that and point me to where they told you? I think I'm missing a lot of context around what you are asking.The TL;DR on the explicit question you are asking is that the aud claim is reserved and not configurable by an end-developer like yourself. It should always be equal to 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit' or else the token will not be valid.So, I think something is being lost along the way here and it would be great if you could provide some more context around what you are actually trying to do. It may also be good for you to read and fully understand our server auth docs in case you haven't already.Cheers,Jacob
On Wed, Sep 28, 2016 at 7:33 PM, Ian <flo...@scheel.eu> wrote:
Hi everyone,We are new to Firebase Auth but so far it works really well.Now we want to implement server-side authorization with Google Cloud Endpoints v2 which supports Firebase Authentication. We were told this:Scopes can be put in audiences, where Endpoints V2 will make sure the incoming JWT token has at least one of the audiences listed in the swagger configuration.How can we add audiences (I assume he was referring to aud) to a Firebase Auth JWT? Would we be required to sign our own tokens on the server side or can we influence the aud attribute of default Firebase Auth? Ideally, we would put roles and maybe also URL paths inside the JWT that Cloud Endpoints or our backends could use to accept or reject a request to the server.Please let us know, if you would recommend a different solution for our use case.Best regards,Ian
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.