@prmichaelsen/firebase-admin-sdk-v8 2.0.2 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +22 -11
- package/dist/index.mjs +22 -11
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -173,18 +173,22 @@ async function importPublicKeyFromX509(pem) {
|
|
|
173
173
|
// src/auth.ts
|
|
174
174
|
var publicKeysCache = null;
|
|
175
175
|
var publicKeysCacheExpiry = 0;
|
|
176
|
-
async function fetchPublicKeys() {
|
|
176
|
+
async function fetchPublicKeys(issuer) {
|
|
177
|
+
let endpoint = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
|
|
178
|
+
if (issuer && issuer.includes("session.firebase.google.com")) {
|
|
179
|
+
endpoint = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys";
|
|
180
|
+
}
|
|
177
181
|
if (publicKeysCache && Date.now() < publicKeysCacheExpiry) {
|
|
178
182
|
return publicKeysCache;
|
|
179
183
|
}
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
);
|
|
184
|
+
console.log(`[fetchPublicKeys] Fetching from: ${endpoint}`);
|
|
185
|
+
const response = await fetch(endpoint);
|
|
183
186
|
if (!response.ok) {
|
|
184
|
-
throw new Error(
|
|
187
|
+
throw new Error(`Failed to fetch Firebase public keys from ${endpoint}`);
|
|
185
188
|
}
|
|
186
189
|
publicKeysCache = await response.json();
|
|
187
190
|
publicKeysCacheExpiry = Date.now() + 36e5;
|
|
191
|
+
console.log(`[fetchPublicKeys] Fetched ${Object.keys(publicKeysCache || {}).length} keys`);
|
|
188
192
|
return publicKeysCache;
|
|
189
193
|
}
|
|
190
194
|
function base64UrlDecode(str) {
|
|
@@ -257,13 +261,20 @@ async function verifyIdToken(idToken) {
|
|
|
257
261
|
if (payload.sub.length > 128) {
|
|
258
262
|
throw new Error("Subject too long");
|
|
259
263
|
}
|
|
260
|
-
|
|
261
|
-
|
|
264
|
+
let publicKeys = await fetchPublicKeys(payload.iss);
|
|
265
|
+
let publicKeyPem = publicKeys[header.kid];
|
|
262
266
|
if (!publicKeyPem) {
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
);
|
|
267
|
+
console.log(`[verifyIdToken] Key ${header.kid} not found in cache, refreshing keys...`);
|
|
268
|
+
publicKeysCache = null;
|
|
269
|
+
publicKeysCacheExpiry = 0;
|
|
270
|
+
publicKeys = await fetchPublicKeys(payload.iss);
|
|
271
|
+
publicKeyPem = publicKeys[header.kid];
|
|
272
|
+
if (!publicKeyPem) {
|
|
273
|
+
const availableKids = Object.keys(publicKeys).join(", ");
|
|
274
|
+
throw new Error(
|
|
275
|
+
`Public key not found for kid: ${header.kid}. Available kids: ${availableKids}. This might indicate the token is from a different Firebase project or was signed with a very old key.`
|
|
276
|
+
);
|
|
277
|
+
}
|
|
267
278
|
}
|
|
268
279
|
const publicKey = await importPublicKeyFromX509(publicKeyPem);
|
|
269
280
|
const isValid = await verifySignature(idToken, publicKey);
|
package/dist/index.mjs
CHANGED
|
@@ -133,18 +133,22 @@ async function importPublicKeyFromX509(pem) {
|
|
|
133
133
|
// src/auth.ts
|
|
134
134
|
var publicKeysCache = null;
|
|
135
135
|
var publicKeysCacheExpiry = 0;
|
|
136
|
-
async function fetchPublicKeys() {
|
|
136
|
+
async function fetchPublicKeys(issuer) {
|
|
137
|
+
let endpoint = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
|
|
138
|
+
if (issuer && issuer.includes("session.firebase.google.com")) {
|
|
139
|
+
endpoint = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys";
|
|
140
|
+
}
|
|
137
141
|
if (publicKeysCache && Date.now() < publicKeysCacheExpiry) {
|
|
138
142
|
return publicKeysCache;
|
|
139
143
|
}
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
);
|
|
144
|
+
console.log(`[fetchPublicKeys] Fetching from: ${endpoint}`);
|
|
145
|
+
const response = await fetch(endpoint);
|
|
143
146
|
if (!response.ok) {
|
|
144
|
-
throw new Error(
|
|
147
|
+
throw new Error(`Failed to fetch Firebase public keys from ${endpoint}`);
|
|
145
148
|
}
|
|
146
149
|
publicKeysCache = await response.json();
|
|
147
150
|
publicKeysCacheExpiry = Date.now() + 36e5;
|
|
151
|
+
console.log(`[fetchPublicKeys] Fetched ${Object.keys(publicKeysCache || {}).length} keys`);
|
|
148
152
|
return publicKeysCache;
|
|
149
153
|
}
|
|
150
154
|
function base64UrlDecode(str) {
|
|
@@ -217,13 +221,20 @@ async function verifyIdToken(idToken) {
|
|
|
217
221
|
if (payload.sub.length > 128) {
|
|
218
222
|
throw new Error("Subject too long");
|
|
219
223
|
}
|
|
220
|
-
|
|
221
|
-
|
|
224
|
+
let publicKeys = await fetchPublicKeys(payload.iss);
|
|
225
|
+
let publicKeyPem = publicKeys[header.kid];
|
|
222
226
|
if (!publicKeyPem) {
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
);
|
|
227
|
+
console.log(`[verifyIdToken] Key ${header.kid} not found in cache, refreshing keys...`);
|
|
228
|
+
publicKeysCache = null;
|
|
229
|
+
publicKeysCacheExpiry = 0;
|
|
230
|
+
publicKeys = await fetchPublicKeys(payload.iss);
|
|
231
|
+
publicKeyPem = publicKeys[header.kid];
|
|
232
|
+
if (!publicKeyPem) {
|
|
233
|
+
const availableKids = Object.keys(publicKeys).join(", ");
|
|
234
|
+
throw new Error(
|
|
235
|
+
`Public key not found for kid: ${header.kid}. Available kids: ${availableKids}. This might indicate the token is from a different Firebase project or was signed with a very old key.`
|
|
236
|
+
);
|
|
237
|
+
}
|
|
227
238
|
}
|
|
228
239
|
const publicKey = await importPublicKeyFromX509(publicKeyPem);
|
|
229
240
|
const isValid = await verifySignature(idToken, publicKey);
|
package/package.json
CHANGED