Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding in alpha interface for blocking token verification #1635

Merged
merged 8 commits into from Apr 19, 2022

Conversation

colerogers
Copy link
Contributor

API Changes

const decoded = await firebase.getAuth()._verifyAuthBlockingToken(token, audience);

Copy link
Member

@lahirumaramba lahirumaramba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @colerogers !
Looks good so far. I left a few comments. Please run npm run api-extractor:local to fix the CI errors.

src/auth/base-auth.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Show resolved Hide resolved
src/auth/base-auth.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Show resolved Hide resolved
src/auth/token-verifier.ts Show resolved Hide resolved
@colerogers colerogers marked this pull request as ready for review April 13, 2022 15:58
Copy link
Member

@lahirumaramba lahirumaramba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @colerogers ! Looks pretty good. Added a few more comments.

src/auth/token-verifier.ts Show resolved Hide resolved
src/auth/token-verifier.ts Show resolved Hide resolved
export function generateAuthBlockingToken(overrides?: object, claims?: object): string {
const options = _.assign({
audience: `https://us-central1-${projectId}.cloudfunctions.net/functionName`,
expiresIn: ONE_HOUR_IN_SECONDS,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just confirming. Is 1 hour the intended expiry time or do we want a custom/shorter duration here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looked at the DD and changed it to ten minutes

test/resources/mocks.ts Outdated Show resolved Hide resolved
test/unit/auth/auth.spec.ts Outdated Show resolved Hide resolved
test/unit/auth/auth.spec.ts Outdated Show resolved Hide resolved
test/unit/auth/auth.spec.ts Outdated Show resolved Hide resolved
.then((customToken) => {
return tokenVerifierSessionCookie._verifyAuthBlockingToken(customToken, false, undefined)
.should.eventually.be.rejectedWith(
'verifySessionCookie() expects a session cookie, but was given a custom token');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does _verifyAuthBlockingToken() expects a session cookie here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh, I copied this test from verifyIdToken, removed it in the latest push


return tokenVerifierSessionCookie._verifyAuthBlockingToken(legacyCustomToken, false, undefined)
.should.eventually.be.rejectedWith(
'verifySessionCookie() expects a session cookie, but was given a legacy custom token');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here... why does _verifyAuthBlockingToken() expect a session cookie here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same - I copied this test from verifyIdToken, removed it in the latest push

test/unit/auth/token-verifier.spec.ts Outdated Show resolved Hide resolved
Copy link
Member

@lahirumaramba lahirumaramba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@lahirumaramba
Copy link
Member

lahirumaramba commented Apr 19, 2022

Adding @Xiaoshouzi-gh for visibility

@lahirumaramba lahirumaramba added the release:stage Stage a release candidate label Apr 19, 2022
@lahirumaramba lahirumaramba removed the request for review from prameshj April 19, 2022 18:19
@colerogers colerogers merged commit 6b97607 into master Apr 19, 2022
@colerogers colerogers deleted the colerogers.blocking-tokens branch April 19, 2022 20:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release:stage Stage a release candidate
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants