Integrate Firebase with Buffalo for API Authentication
As always with my blogs on using Buffalo, I shall assume that you have got Buffalo up and running already. If not, click here for instructions on how to get Buffalo set up. As of this writing, the latest version of Buffalo is v0.11.0
If you are the kind that likes to get straight to the code, the link to the Github repository is at the end of this blog post. 👇
Firebase 🔥
What is Firebase ?
For those not in the know, Firebase is a product that’s owned and actively being developed by Google. It’s best known as a real-time nosql database. However, there’s much more to Firebase than just the database part. Today, we’ll look at how we can integrate Firebase into a Buffalo project so as to use it for authentication purpose.
Note: While the examples in these project use Buffalo, it can be used and adapted to pretty much any Go project
Why Firebase ?
Cause nothing beats FREE !! 🤠
Setting Up Firebase
Go to https://firebase.google.com/ and sign in OR create an account if you don’t already have one.
Click on “Get Started” on the screen after login in
Create a new Firebase project by clicking on “Add Project”
Once you’ve created the project, go to the “Project settings” page
And click on the “Service Accounts” tab. That should give you a page that looks something like the screenshot below
Now make sure you’ve selected “Go” as the language from the radio button and then click on “Generate New Private Key”. This will initiate a download of a json file. I like to re-name the file as serviceAccountKey.json but you don’t have to. Keep this file safe for we will need it later.
Set up Firebase with Buffalo
Create a new Buffalo Project
buffalo new firebase-authentication --with-dep --api
Add Firebase Private Key
Create a new director called config
and place the Firebase private key json file you downloaded within the config
directory. Then open .env
file and add in a new key as shown below. The key value should match with the file name of the Firebase private key json file.
Add Firebase Initializer
We need Firebase to be set up and ready when our Buffalo app boots up. For that, create a new file within the actions
directory called services.go
and add the following code. Click here for the source code.
Now this function needs to be called for Firebase to be set up. This can be done by calling the function from actions/app.go
Add Authentication Middleware
I like to keep the authentication middleware separated out in a different file. Create a new file actions/auth.go
and paste the code from here
Basically what this middleware does is it checks for the presence of a token in the request authorization header. If none is present, access is denied with a 401 unauthorized response. If present, it will check against Firebase to ensure that the token is valid and respond accordingly.
To add our custom middleware to the middleware chain that Buffalo calls, add the line app.Use(Authenticate)
to actions/app.go
as seen below in line 52
We can see in the screenshot above that we’ve added two new routes viz /open
and /secure
with an instruction to Buffalo to skip the authentication middleware whenever the request is for the /open
routes as seen in line 53.
The handler definition is shown below. Click here for source code
With that, we are set. Now all we need to do is get the token from Firebase and send it as part of the authorization header for every request to a secured endpoint (one that requires authentication)
How To Get Token From Firebase ?
You can use the Firebase JS SDK. All relevant instructions are in the project’s README file. The process is framework agnostic and thus should be more or less the same for any modern Javascript framework like React, Angular, VeuJs etc .
Note: The token obtained from Firebase is a JWT
The Results 😃
At this point, I am assuming that you were able to set up Firebase and obtain the JWT. If we run the following command in the root of the project
buffalo t routes
it should give us a list of all the routes we have in our app
Using POSTMAN, we can test our endpoint
As expected, we are able to access the unsecured endpoint, http://localhost:3000/open in this case, without sending the token because we instructed Buffalo to skip the authentication middleware for this endpoint.
On the other hand, we get back a 401 unauthorized error when we try to access http://localhost:3000/secure . This is because we did NOT include the token in our request authorization header.
When we do include the token in the authorization header as shown below, we are able to access the endpoint and thus get back a successful 200 OK response
And viola, we just implemented authentication with Firebase in Buffalo !! 🎉 🎊
The code of this example project is on Github and can be accessed from here
If you enjoyed ❤️ and found this tutorial useful, do give some claps 👏 👏 and share. Happy coding folks !! 🤓