4️⃣Step 4 - Integrating Eartho into your server

1. Before we start, you need to import Eartho into your app.

2️⃣pageStep 2 - Import Eartho into your app

2. Integrating Eartho into your backend environment with code

If you use Eartho One with an app or site that communicates with a backend server, you can protect your routes easily with our SDK as well. After your users finish logging in with Eartho, they'll be returned to your application at the callback route.

On the client side

Every request that your client makes to your server, send with the ID token on the client side

const idToken = await earthoOne.getIdToken();
const response = await fetch('https://api.example.com/products', {
headers: {
      Authorization: `Bearer ${idToken}`
    }
  });

On the backend side

Check and verify the integrity of the ID token and use it to protect the API routes that you want to protect.

NODE.JS

Step 1: Installing Required Packages

npm install @eartho/one-server-node

Step 2: Protecting Your Routes

Use the Eartho SDK to protect routes that require user authentication. For example, to protect a route that fetches user data, you would verify the user's ID token sent with the request.

const {EarthoOne} = require('@eartho/one-server-node');

const serverEarthoOneOptions = {
  clientId: "client id",
  clientSecret: "secret key"
}
const serverEarthoOne = new EarthoOne(serverEarthoOneOptions);

//Or check by yourself
getEarthoOne()
  .getVerifiedUser(idToken)
  .then((decodedToken) => {
    const uid = decodedToken.uid;
    const displayName = decodedToken.displayName;
    const email = decodedToken.email;
    const photoURL = decodedToken.photoURL;
// ...
  })
  .catch((error) => {
    // Handle error
  });

GO

This guide assumes you have a basic understanding of Go and its package management system. Below is a step-by-step guide to help you set up Eartho in a Go server application for authenticating users and securing your API routes.

Step 1: Setting Up Your Go Environment

Before integrating Eartho into your Go server, ensure your Go environment is correctly set up. You should have Go installed on your system (visit the official Go website for instructions if you haven't).

Step 2: Install Eartho Go SDK

bashCopy codego get github.com/dgrijalva/jwt-go

Step 3: Setting Up Eartho Authentication in Your Go Server

Create a new Go file for your server, for example, main.go. Import the necessary packages:

goCopy codepackage main

import (
    "fmt"
    "net/http"
    // Import the JWT package or Eartho SDK package here
    "github.com/dgrijalva/jwt-go"
    // Assuming `github.com/dgrijalva/jwt-go` is the JWT handler
)

Step 4: Verifying the ID Token

Assuming your front end sends the ID token to your Go server in the Authorization header, you'll want to extract and verify this token in your server routes:

goCopy codefunc verifyToken(w http.ResponseWriter, r *http.Request) {
    // Extract the token from the Authorization header
    authHeader := r.Header.Get("Authorization")
    tokenString := // Extract the token from authHeader

    // Verify the token
    token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
        // Validate the alg is what you expect:
        if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
            return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
        }

        // Return the secret key or public key against which to verify the token
        // For example, return []byte("your-verification-key"), nil
    })

    if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
        // Token is valid, and you can extract claims
        // For example, userID := claims["uid"].(string)
    } else {
        // Handle invalid token
    }
}

Step 5: Protect Your Routes

Use the verifyToken function as middleware or within specific routes to protect them. Ensure you're checking the token before allowing access to any sensitive information.

goCopy codehttp.HandleFunc("/protected", verifyToken)

PYTHON

Step 1: Install PyJWT

First, install PyJWT and a HTTP library like requests, if you don't already have it. These libraries are necessary for verifying JWTs and optionally fetching public keys from Eartho's servers for signature verification.

bashCopy codepip install PyJWT requests

Step 2: Configure Your Web Server

Assuming you're using Flask, set up a basic server. If you're using another framework, the setup will be similar but may require different syntax.

pythonCopy codefrom flask import Flask, request, jsonify
app = Flask(__name__)

Step 3: Define a Route to Verify Eartho Tokens

Create a protected route that requires a valid JWT for access. You'll extract the JWT from the Authorization header, verify it, and then proceed based on the verification result.

pythonCopy codeimport jwt
import requests
from functools import wraps

# Your Eartho project's JWT configuration
EARTHO_ISSUER = 'https://eartho.world/'
EARTHO_AUDIENCE = 'your-eartho-project-id'
EARTHO_PUBLIC_KEY = 'your-eartho-public_key'


# Decorator for protected routes
def token_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        token = None
        if 'Authorization' in request.headers:
            token = request.headers['Authorization'].split(" ")[1]
        if not token:
            return jsonify({'message': 'Token is missing!'}), 403

        try:
            # Decode the token
            public_key = EARTHO_PUBLIC_KEY
            decoded = jwt.decode(token, public_key, algorithms=["RS256"], audience=EARTHO_AUDIENCE, issuer=EARTHO_ISSUER)
        except jwt.ExpiredSignatureError:
            return jsonify({'message': 'Token expired!'}), 401
        except jwt.InvalidTokenError as e:
            return jsonify({'message': 'Invalid token!', 'error': str(e)}), 401
        
        return f(decoded, *args, **kwargs)
    return decorated

@app.route('/protected', methods=['GET'])
@token_required
def protected(decoded_token):
    # Access user information from decoded token if necessary
    return jsonify({'message': 'This is a protected route.', 'user': decoded_token})

Bun

This plugin adds support for using JWT in Elysia handler

Install with:

bash

bun add @elysiajs/jwt

Then use it:

typescript

import { Elysia } from 'elysia'
import { jwt } from '@elysiajs/jwt'

const app = new Elysia()
    .use(
        jwt({
            name: 'jwt',
            secret: 'Fischl von Luftschloss Narfidort'
        })
    )
    .get('/sign/:name', async ({ jwt, cookie: { auth }, params }) => {
        auth.set({
            value: await jwt.sign(params),
            httpOnly: true,
            maxAge: 7 * 86400,
            path: '/profile',
        })

        return `Sign in as ${auth.value}`
    })
    .get('/profile', async ({ jwt, set, cookie: { auth } }) => {
        const profile = await jwt.verify(auth.value)

        if (!profile) {
            set.status = 401
            return 'Unauthorized'
        }

        return `Hello ${profile.name}`
    })
    .listen(3000)

Rust

Below is a guide for setting up user authentication in a Rust server application using JWTs with the jsonwebtoken crate. This will help you secure API routes.

Step 1: Set Up Your Rust Environment Make sure that your Rust environment is correctly set up, including Cargo, Rust’s package manager and build system. If Rust is not installed, visit the official Rust website for installation instructions.

Step 2: Add Dependencies Add the jsonwebtoken crate along with serde and warp to handle the web server functionality and JWT parsing. Update your Cargo.toml as follows:

tomlCopy code[dependencies]
jsonwebtoken = "7"
serde = { version = "1.0", features = ["derive"] }
warp = "0.3"
tokio = { version = "1", features = ["full"] }

Step 3: Define JWT Secret and Claims Struct In your main Rust file (main.rs), define a secret key for JWT signing and a struct to represent the claims:

rustCopy codeuse jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
use serde::{Deserialize, Serialize};

#[derive(Debug, Serialize, Deserialize)]
struct Claims {
    sub: String,  // Subject (who this token is about)
    company: String,
    exp: usize,  // Expiration time (as seconds since the Unix epoch)
}

const SECRET_KEY: &str = "your_secret_key_here";

Step 4: Token Verification Function Implement a function to verify the JWT token from the Authorization header:

rustCopy codefn verify_token(token: &str) -> Result

If you don't have a backend environment, you can use no-code solution

If you don't have a backend, you can use Eartho in non-code environments as well.

Firebase Auth

The integration with Firebase empowers you to utilize Eartho to generate a valid authentication token to be sent to Firebase Auth. This integration allows you to harness Eartho's prebuilt components, authentication provider options, and additional functionalities, all while accessing Firebase products such as Firestore with a session authenticated by Firebase Auth.

1. Create a certificate file in Google

Generate a private key file in JSON format from Firebase accounts

1. Open this URL Service Accounts

2. Follow this video

2. Tell Eartho that you use Firebase Auth

Open our creators' dashboard https://creator.eartho.world/ 1. Pick the selected entity 2. Go to the security tab 3. Select Firebase environment 4. Upload the JSON file you created 5. Click Save and you're done 🎉

3. Authenticate with Firebase on Using a Custom

• More Info Android

• More Info Swift

  Login with firebaseAuth.signInWithCustomToken Example:

  earthoOne.connectWithRedirect("V1te8aEqOJNtPseu3VTe", 
      onSuccess = { result ->
  
          firebaseAuth.signInWithCustomToken(result)
              .addOnCompleteListener(this) { task ->
               
              }
      });
      

AWS Cognito