I am trying to create a JWT for Firebase authentication using the server side javascript language: jaggeryJS.
Below I will outline
- My approach to the JWT creation
- The front-end response.
1 My approach to the JWT creation
HmacSHA256 function comes from Google's CryptoJS library and the Base64.encode is as outlined [here][3] but adding a second parameter to allow for websafe escaping.
<%
//create a jwt
//==============================================
//INCLUDES
include('../lib/config.js');
include('../lib/crypto/hmac-sha256.js');
include('../lib/crypto/base64.js');
//==============================================
// HEADER
var header = {
"alg": "HS256",
"typ": "JWT"
}
//==============================================
// CLAIMS
var claims = {
"v": 0,
"iat": Math.floor(new Date().getTime() / 1000),
"d": {"user":"test"},
"exp": (60 * 60 * 24 * 60),
"admin": true,
"debug": true
}
//PREPARE SIGNING
var headerBase64 = Base64.encode(stringify(header), true),
claimBase64 = Base64.encode(stringify(claims), true),
signingInput = headerBase64 + "." + claimBase64;
//CREATE SIGNATURE
var hash = CryptoJS.HmacSHA256(signingInput, FIREBASECONFIG.secret).toString(),
signature = Base64.encode(hash, true);
//CONSTRUCT JWT ('jot') TOKEN
var jwtToken = signingInput + "." + signature;
print(jwtToken);
2 The front-end response.
var dataRef = new Firebase("https://intense-heat-2343.firebaseio.com");
var AUTH_TOKEN = "...." //what is printed above "jwtToken"
dataRef.auth(AUTH_TOKEN, function(error) { if(error) { console.log("Login Failed!", error); } else { console.log("Login Succeeded!"); } });
CONSOLE OUTPUT:
Login Failed! Error {code: "INVALID_TOKEN", stack: (...), message: "INVALID_TOKEN: Could not parse auth token."}
When I pass my secret in directly I am able to authenticate successfully. Any help is appreciated. Thank you!
