Radikant-Supabase-C

Supabase is a C library for authenticated interaction with Supabase backend services. It supports Auth, Files, CRUD, Functions etc.

Introduction

This tiny library allows to authenticate as Firebase-client against the Firebase backend using Firebase Auth. If a firebase user exists inside the firebase auth, you can use those credentials to log that user in from c, and subsequently make requests against the Firebase backend. You can very easily read and write to the Firebase Realtime Database (RTDB) but also to the Firestore Database.

In addition this library supports service accounts, which are “special" accounts assigned in Google Cloud that can be assigned granual and elevated rights. A service account can be used in an authentication context on a server to authenticate firebase client that are connecting and presenting a JWT token. But can also utilize the service accounts elevated rights to acces permissive parts of the Firebase databases.

Requests


int main()
{
    client_login(USERNAME,PASSWORD);
    return 0;
}

23:32:00 [INFO] Application started (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:87) 23:32:00 [SUCCESS] Database connected (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:88) 23:32:00 [ERROR] Failed to load configuration file (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:89) 23:32:00 [FAILURE] Unhandled exception occurred (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:90) 23:32:00 [ALERT] System resources critically low (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:91) 23:32:00 [WARN] Deprecated API usage detected (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:92)

User
Initially the user will log in with a username and a password beloging tot he firebase user, it the requests a JWT id token firebase will subequently return a response in json format containing; an id token and a refresh token. The id token can be used for TTL 1 hour to make requests and therefore is shortlived. The library doesnt automatically refresh tokens but checks upon ` request if the current token in possesion is still valid and if its expired use the refresh token to get a new id token and acces token. Therefore during a lengthy session the plain username and password is only sent once. It is possible to store the refresh token across reboots and continue a session but its comes with its own special security considerations.


int main() {

    service_account_t service_account;

    service_account_init(&service_account);
    service_request_acces_token(&service_account);
    service_get_data(service_account.acces_token.acces_token,"test");
    //service_firestore_get_data(service_account.acces_token.acces_token, "Ranges");
    service_firestore_get_admins(service_account.acces_token.acces_token);
    return 0;
}

23:32:00 [INFO] Application started (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:87) 23:32:00 [SUCCESS] Database connected (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:88) 23:32:00 [ERROR] Failed to load configuration file (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:89) 23:32:00 [FAILURE] Unhandled exception occurred (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:90) 23:32:00 [ALERT] System resources critically low (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:91) 23:32:00 [WARN] Deprecated API usage detected (/Users/charrlie/Desktop/Radikant-Log-C/test/test_log.c:92)

Service Account
The service account authentication flow is different from a regular users. The Service account code generates a jwt-token with subject and issuer sub "your-custom-server@your-project.iam.gserviceaccount.com” and some other attributes. Most importantly it signs the JWT with a private key that belongs only to that particular service account and therefore mints a special jwt token. This token is subsequently sent to a google endpoint that will return an OAuth access token. This OAuth token can subsequently be used to make request against firebase services.