Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding in alpha interface for blocking token verification #1635

Merged
merged 8 commits into from
Apr 19, 2022
Merged

Adding in alpha interface for blocking token verification #1635

merged 8 commits into from
Apr 19, 2022

Conversation

colerogers
Copy link
Contributor

API Changes

const decoded = await firebase.getAuth()._verifyAuthBlockingToken(token, audience);

@colerogers colerogers requested a review from lahirumaramba April 7, 2022 16:17
lahirumaramba
lahirumaramba reviewed Apr 7, 2022
View reviewed changes
Copy link
Member

@lahirumaramba lahirumaramba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @colerogers !
Looks good so far. I left a few comments. Please run npm run api-extractor:local to fix the CI errors.

src/auth/base-auth.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Show resolved Hide resolved
lahirumaramba
lahirumaramba requested changes Apr 8, 2022
View reviewed changes
src/auth/base-auth.ts Outdated Show resolved Hide resolved
src/auth/token-verifier.ts Show resolved Hide resolved
src/auth/token-verifier.ts Show resolved Hide resolved
@colerogers colerogers marked this pull request as ready for review April 13, 2022 15:58
lahirumaramba
lahirumaramba requested changes Apr 13, 2022
View reviewed changes
Copy link
Member

@lahirumaramba lahirumaramba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @colerogers ! Looks pretty good. Added a few more comments.

src/auth/token-verifier.ts Show resolved Hide resolved
src/auth/token-verifier.ts Show resolved Hide resolved
test/resources/mocks.ts Outdated
export function generateAuthBlockingToken(overrides?: object, claims?: object): string {
const options = _.assign({
audience: `https://us-central1-${projectId}.cloudfunctions.net/functionName`,
expiresIn: ONE_HOUR_IN_SECONDS,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just confirming. Is 1 hour the intended expiry time or do we want a custom/shorter duration here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looked at the DD and changed it to ten minutes

test/resources/mocks.ts Outdated Show resolved Hide resolved
test/unit/auth/auth.spec.ts Outdated Show resolved Hide resolved
test/unit/auth/auth.spec.ts Outdated Show resolved Hide resolved
test/unit/auth/auth.spec.ts Outdated Show resolved Hide resolved
test/unit/auth/token-verifier.spec.ts Outdated
.then((customToken) => {
return tokenVerifierSessionCookie._verifyAuthBlockingToken(customToken, false, undefined)
.should.eventually.be.rejectedWith(
'verifySessionCookie() expects a session cookie, but was given a custom token');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does _verifyAuthBlockingToken() expects a session cookie here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh, I copied this test from verifyIdToken, removed it in the latest push

test/unit/auth/token-verifier.spec.ts Outdated

return tokenVerifierSessionCookie._verifyAuthBlockingToken(legacyCustomToken, false, undefined)
.should.eventually.be.rejectedWith(
'verifySessionCookie() expects a session cookie, but was given a legacy custom token');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here... why does _verifyAuthBlockingToken() expect a session cookie here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same - I copied this test from verifyIdToken, removed it in the latest push

test/unit/auth/token-verifier.spec.ts Outdated Show resolved Hide resolved
lahirumaramba
lahirumaramba approved these changes Apr 19, 2022
View reviewed changes
Copy link
Member

@lahirumaramba lahirumaramba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@lahirumaramba lahirumaramba requested a review from prameshj April 19, 2022 18:16
@lahirumaramba
Copy link
Member

lahirumaramba commented Apr 19, 2022
edited
Loading

Adding @Xiaoshouzi-gh for visibility

@lahirumaramba lahirumaramba added the release:stage Stage a release candidate label Apr 19, 2022
@lahirumaramba lahirumaramba removed the request for review from prameshj April 19, 2022 18:19
@colerogers colerogers merged commit 6b97607 into master Apr 19, 2022
@colerogers colerogers deleted the colerogers.blocking-tokens branch April 19, 2022 20:11
@yash509 yash509 mentioned this pull request Sep 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lahirumaramba lahirumaramba lahirumaramba approved these changes

Assignees

@colerogers colerogers

Labels
release:stage Stage a release candidate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@colerogers @lahirumaramba