Lib.rs

Authentication
#firebase #jwk #firebase-auth

actix-firebase-auth

Firebase ID token verification for Actix Web using Google's JWKs

by ekkolon

9 releases (5 breaking)

0.6.2 Aug 1, 2025
0.6.1 Jul 1, 2025
0.6.0 Jun 8, 2025
0.5.1 Jun 8, 2025
0.1.0 Jun 3, 2025

#543 in Authentication

Download history 8/week @ 2025-08-09 2/week @ 2025-08-16 4/week @ 2025-08-23 1/week @ 2025-09-06 2/week @ 2025-10-11 2/week @ 2025-10-18

904 downloads per month

MIT/Apache

51KB
937 lines

actix-firebase-auth

Lightweight Firebase Authentication integration for Actix Web.

✨ Features

This crate provides an easy way to verify Firebase ID tokens and extract authenticated users in Actix Web applications. It includes:

  • An Actix-compatible extractor to automatically validate and inject FirebaseUser into request handlers

  • A strongly-typed interface to access decoded Firebase claims

  • Optional feature flags for Identity Provider (IdP) helpers, such as support for extracting Google-specific identity claims (idp-google)

  • Errors are mapped to appropriate HTTP status codes using Actix’s error conventions

  • Authentication failures include the WWW-Authenticate header in the response, as specified by RFC 7235, to ensure compatibility with HTTP authentication standards.

📦 Installation

cargo add actix-firebase-auth

🚀 Usage

The FirebaseUser struct implements Actix Web’s FromRequest trait, allowing seamless extraction directly within route handlers. When a route expects a FirebaseUser, the middleware automatically attempts to verify the Firebase ID token from the Authorization header.

If verification fails - due to a missing token, expiration, or invalid signature - the request is rejected with a 401 Unauthorized response, ensuring protected routes remain secure by default.

💡 Example

See the examples/server.rs for a minimal Actix Web server.

To run this example:

cargo run --example server

Make sure to include a valid Firebase ID token in the Authorization header when calling protected endpoints:

GET /protected HTTP/1.1
Host: api.example.com
Authorization: Bearer <Firebase_ID_Token>

🧪 Testing

The crate includes a test suite covering:

  • Emulator behavior
  • Invalid tokens and malformed input
  • Valid RS256 JWTs with mocked keys

To run the tests:

cargo test

🔗 Similar Projects

This crate is a hard-fork of firebase-auth, rewritten for better compatibility within the Actix Web ecosystem.

⚖️ License

Licensed under either of

at your discretion.

🤝 Contributions

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~15–35MB
~590K SLoC