firebase-admin 10.0.2 → 10.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/app/core.d.ts +1 -1
- package/lib/app/core.js +1 -1
- package/lib/app/credential-factory.d.ts +1 -1
- package/lib/app/credential-factory.js +1 -1
- package/lib/app/credential-internal.d.ts +1 -1
- package/lib/app/credential-internal.js +1 -1
- package/lib/app/credential.d.ts +1 -1
- package/lib/app/credential.js +1 -1
- package/lib/app/firebase-app.d.ts +1 -1
- package/lib/app/firebase-app.js +1 -1
- package/lib/app/firebase-namespace.d.ts +1 -1
- package/lib/app/firebase-namespace.js +1 -1
- package/lib/app/index.d.ts +1 -1
- package/lib/app/index.js +1 -1
- package/lib/app/lifecycle.d.ts +1 -1
- package/lib/app/lifecycle.js +1 -1
- package/lib/app-check/app-check-api-client-internal.d.ts +1 -1
- package/lib/app-check/app-check-api-client-internal.js +1 -1
- package/lib/app-check/app-check-api.d.ts +1 -1
- package/lib/app-check/app-check-api.js +1 -1
- package/lib/app-check/app-check-namespace.d.ts +1 -1
- package/lib/app-check/app-check-namespace.js +1 -1
- package/lib/app-check/app-check.d.ts +1 -1
- package/lib/app-check/app-check.js +1 -1
- package/lib/app-check/index.d.ts +1 -1
- package/lib/app-check/index.js +1 -1
- package/lib/app-check/token-generator.d.ts +1 -1
- package/lib/app-check/token-generator.js +1 -1
- package/lib/app-check/token-verifier.d.ts +1 -1
- package/lib/app-check/token-verifier.js +1 -1
- package/lib/auth/action-code-settings-builder.d.ts +1 -1
- package/lib/auth/action-code-settings-builder.js +1 -1
- package/lib/auth/auth-api-request.d.ts +1 -1
- package/lib/auth/auth-api-request.js +1 -1
- package/lib/auth/auth-config.d.ts +1 -1
- package/lib/auth/auth-config.js +1 -1
- package/lib/auth/auth-namespace.d.ts +4 -2
- package/lib/auth/auth-namespace.js +1 -1
- package/lib/auth/auth.d.ts +1 -1
- package/lib/auth/auth.js +1 -1
- package/lib/auth/base-auth.d.ts +4 -2
- package/lib/auth/base-auth.js +11 -1
- package/lib/auth/identifier.d.ts +1 -1
- package/lib/auth/identifier.js +1 -1
- package/lib/auth/index.d.ts +2 -2
- package/lib/auth/index.js +1 -1
- package/lib/auth/tenant-manager.d.ts +1 -1
- package/lib/auth/tenant-manager.js +1 -1
- package/lib/auth/tenant.d.ts +1 -1
- package/lib/auth/tenant.js +1 -1
- package/lib/auth/token-generator.d.ts +1 -1
- package/lib/auth/token-generator.js +1 -1
- package/lib/auth/token-verifier.d.ts +70 -1
- package/lib/auth/token-verifier.js +54 -7
- package/lib/auth/user-import-builder.d.ts +1 -1
- package/lib/auth/user-import-builder.js +1 -1
- package/lib/auth/user-record.d.ts +1 -1
- package/lib/auth/user-record.js +1 -1
- package/lib/credential/index.d.ts +1 -1
- package/lib/credential/index.js +1 -1
- package/lib/database/database-namespace.d.ts +1 -1
- package/lib/database/database-namespace.js +1 -1
- package/lib/database/database.d.ts +1 -1
- package/lib/database/database.js +1 -1
- package/lib/database/index.d.ts +1 -1
- package/lib/database/index.js +1 -1
- package/lib/default-namespace.d.ts +1 -1
- package/lib/default-namespace.js +1 -1
- package/lib/firebase-namespace-api.d.ts +1 -1
- package/lib/firebase-namespace-api.js +1 -1
- package/lib/firestore/firestore-internal.d.ts +1 -1
- package/lib/firestore/firestore-internal.js +1 -1
- package/lib/firestore/firestore-namespace.d.ts +1 -1
- package/lib/firestore/firestore-namespace.js +1 -1
- package/lib/firestore/index.d.ts +1 -1
- package/lib/firestore/index.js +1 -1
- package/lib/index.d.ts +1 -1
- package/lib/index.js +1 -1
- package/lib/installations/index.d.ts +1 -1
- package/lib/installations/index.js +1 -1
- package/lib/installations/installations-namespace.d.ts +1 -1
- package/lib/installations/installations-namespace.js +1 -1
- package/lib/installations/installations-request-handler.d.ts +1 -1
- package/lib/installations/installations-request-handler.js +1 -1
- package/lib/installations/installations.d.ts +1 -1
- package/lib/installations/installations.js +1 -1
- package/lib/instance-id/index.d.ts +1 -1
- package/lib/instance-id/index.js +1 -1
- package/lib/instance-id/instance-id-namespace.d.ts +1 -1
- package/lib/instance-id/instance-id-namespace.js +1 -1
- package/lib/instance-id/instance-id.d.ts +1 -1
- package/lib/instance-id/instance-id.js +1 -1
- package/lib/machine-learning/index.d.ts +1 -1
- package/lib/machine-learning/index.js +1 -1
- package/lib/machine-learning/machine-learning-api-client.d.ts +1 -1
- package/lib/machine-learning/machine-learning-api-client.js +1 -1
- package/lib/machine-learning/machine-learning-namespace.d.ts +1 -1
- package/lib/machine-learning/machine-learning-namespace.js +1 -1
- package/lib/machine-learning/machine-learning-utils.d.ts +1 -1
- package/lib/machine-learning/machine-learning-utils.js +1 -1
- package/lib/machine-learning/machine-learning.d.ts +1 -1
- package/lib/machine-learning/machine-learning.js +1 -1
- package/lib/messaging/batch-request-internal.d.ts +1 -1
- package/lib/messaging/batch-request-internal.js +1 -1
- package/lib/messaging/index.d.ts +1 -1
- package/lib/messaging/index.js +1 -1
- package/lib/messaging/messaging-api-request-internal.d.ts +1 -1
- package/lib/messaging/messaging-api-request-internal.js +1 -1
- package/lib/messaging/messaging-api.d.ts +1 -1
- package/lib/messaging/messaging-api.js +1 -1
- package/lib/messaging/messaging-errors-internal.d.ts +1 -1
- package/lib/messaging/messaging-errors-internal.js +1 -1
- package/lib/messaging/messaging-internal.d.ts +1 -1
- package/lib/messaging/messaging-internal.js +1 -1
- package/lib/messaging/messaging-namespace.d.ts +1 -1
- package/lib/messaging/messaging-namespace.js +1 -1
- package/lib/messaging/messaging.d.ts +1 -1
- package/lib/messaging/messaging.js +1 -1
- package/lib/project-management/android-app.d.ts +1 -1
- package/lib/project-management/android-app.js +1 -1
- package/lib/project-management/app-metadata.d.ts +1 -1
- package/lib/project-management/app-metadata.js +1 -1
- package/lib/project-management/index.d.ts +1 -1
- package/lib/project-management/index.js +1 -1
- package/lib/project-management/ios-app.d.ts +1 -1
- package/lib/project-management/ios-app.js +1 -1
- package/lib/project-management/project-management-api-request-internal.d.ts +1 -1
- package/lib/project-management/project-management-api-request-internal.js +1 -1
- package/lib/project-management/project-management-namespace.d.ts +1 -1
- package/lib/project-management/project-management-namespace.js +1 -1
- package/lib/project-management/project-management.d.ts +1 -1
- package/lib/project-management/project-management.js +1 -1
- package/lib/remote-config/index.d.ts +1 -1
- package/lib/remote-config/index.js +1 -1
- package/lib/remote-config/remote-config-api-client-internal.d.ts +1 -1
- package/lib/remote-config/remote-config-api-client-internal.js +1 -1
- package/lib/remote-config/remote-config-api.d.ts +1 -1
- package/lib/remote-config/remote-config-api.js +1 -1
- package/lib/remote-config/remote-config-namespace.d.ts +1 -1
- package/lib/remote-config/remote-config-namespace.js +1 -1
- package/lib/remote-config/remote-config.d.ts +1 -1
- package/lib/remote-config/remote-config.js +1 -1
- package/lib/security-rules/index.d.ts +1 -1
- package/lib/security-rules/index.js +1 -1
- package/lib/security-rules/security-rules-api-client-internal.d.ts +1 -1
- package/lib/security-rules/security-rules-api-client-internal.js +1 -1
- package/lib/security-rules/security-rules-internal.d.ts +1 -1
- package/lib/security-rules/security-rules-internal.js +1 -1
- package/lib/security-rules/security-rules-namespace.d.ts +1 -1
- package/lib/security-rules/security-rules-namespace.js +1 -1
- package/lib/security-rules/security-rules.d.ts +1 -1
- package/lib/security-rules/security-rules.js +1 -1
- package/lib/storage/index.d.ts +1 -1
- package/lib/storage/index.js +1 -1
- package/lib/storage/storage-namespace.d.ts +1 -1
- package/lib/storage/storage-namespace.js +1 -1
- package/lib/storage/storage.d.ts +1 -1
- package/lib/storage/storage.js +1 -1
- package/lib/utils/api-request.d.ts +1 -1
- package/lib/utils/api-request.js +1 -1
- package/lib/utils/crypto-signer.d.ts +1 -1
- package/lib/utils/crypto-signer.js +1 -1
- package/lib/utils/deep-copy.d.ts +1 -1
- package/lib/utils/deep-copy.js +1 -1
- package/lib/utils/error.d.ts +5 -1
- package/lib/utils/error.js +5 -1
- package/lib/utils/index.d.ts +1 -1
- package/lib/utils/index.js +1 -1
- package/lib/utils/jwt.d.ts +1 -1
- package/lib/utils/jwt.js +1 -1
- package/lib/utils/validator.d.ts +1 -1
- package/lib/utils/validator.js +1 -1
- package/package.json +8 -8
package/lib/app/core.d.ts
CHANGED
package/lib/app/core.js
CHANGED
package/lib/app/credential.d.ts
CHANGED
package/lib/app/credential.js
CHANGED
package/lib/app/firebase-app.js
CHANGED
package/lib/app/index.d.ts
CHANGED
package/lib/app/index.js
CHANGED
package/lib/app/lifecycle.d.ts
CHANGED
package/lib/app/lifecycle.js
CHANGED
package/lib/app-check/index.d.ts
CHANGED
package/lib/app-check/index.js
CHANGED
package/lib/auth/auth-config.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! firebase-admin v10.0
|
|
1
|
+
/*! firebase-admin v10.1.0 */
|
|
2
2
|
/*!
|
|
3
3
|
* Copyright 2021 Google Inc.
|
|
4
4
|
*
|
|
@@ -22,7 +22,7 @@ import { BaseAuth as TBaseAuth, DeleteUsersResult as TDeleteUsersResult, GetUser
|
|
|
22
22
|
import { EmailIdentifier as TEmailIdentifier, PhoneIdentifier as TPhoneIdentifier, ProviderIdentifier as TProviderIdentifier, UserIdentifier as TUserIdentifier, UidIdentifier as TUidIdentifier } from './identifier';
|
|
23
23
|
import { CreateTenantRequest as TCreateTenantRequest, Tenant as TTenant, UpdateTenantRequest as TUpdateTenantRequest } from './tenant';
|
|
24
24
|
import { ListTenantsResult as TListTenantsResult, TenantAwareAuth as TTenantAwareAuth, TenantManager as TTenantManager } from './tenant-manager';
|
|
25
|
-
import { DecodedIdToken as TDecodedIdToken } from './token-verifier';
|
|
25
|
+
import { DecodedIdToken as TDecodedIdToken, DecodedAuthBlockingToken as TDecodedAuthBlockingToken } from './token-verifier';
|
|
26
26
|
import { HashAlgorithmType as THashAlgorithmType, UserImportOptions as TUserImportOptions, UserImportRecord as TUserImportRecord, UserImportResult as TUserImportResult, UserMetadataRequest as TUserMetadataRequest, UserProviderRequest as TUserProviderRequest } from './user-import-builder';
|
|
27
27
|
import { MultiFactorInfo as TMultiFactorInfo, MultiFactorSettings as TMultiFactorSettings, PhoneMultiFactorInfo as TPhoneMultiFactorInfo, UserInfo as TUserInfo, UserMetadata as TUserMetadata, UserRecord as TUserRecord } from './user-record';
|
|
28
28
|
/**
|
|
@@ -92,6 +92,8 @@ export declare namespace auth {
|
|
|
92
92
|
* Type alias to {@link firebase-admin.auth#DecodedIdToken}.
|
|
93
93
|
*/
|
|
94
94
|
type DecodedIdToken = TDecodedIdToken;
|
|
95
|
+
/** @alpha */
|
|
96
|
+
type DecodedAuthBlockingToken = TDecodedAuthBlockingToken;
|
|
95
97
|
/**
|
|
96
98
|
* Type alias to {@link firebase-admin.auth#DeleteUsersResult}.
|
|
97
99
|
*/
|
package/lib/auth/auth.d.ts
CHANGED
package/lib/auth/auth.js
CHANGED
package/lib/auth/base-auth.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! firebase-admin v10.0
|
|
1
|
+
/*! firebase-admin v10.1.0 */
|
|
2
2
|
/*!
|
|
3
3
|
* Copyright 2021 Google Inc.
|
|
4
4
|
*
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
* limitations under the License.
|
|
16
16
|
*/
|
|
17
17
|
import { FirebaseArrayIndexError } from '../app';
|
|
18
|
-
import { DecodedIdToken } from './token-verifier';
|
|
18
|
+
import { DecodedIdToken, DecodedAuthBlockingToken } from './token-verifier';
|
|
19
19
|
import { AuthProviderConfig, AuthProviderConfigFilter, ListProviderConfigResults, UpdateAuthProviderRequest, CreateRequest, UpdateRequest } from './auth-config';
|
|
20
20
|
import { UserRecord } from './user-record';
|
|
21
21
|
import { UserIdentifier } from './identifier';
|
|
@@ -599,6 +599,8 @@ export declare abstract class BaseAuth {
|
|
|
599
599
|
* @returns A promise that resolves with the created provider configuration.
|
|
600
600
|
*/
|
|
601
601
|
createProviderConfig(config: AuthProviderConfig): Promise<AuthProviderConfig>;
|
|
602
|
+
/** @alpha */
|
|
603
|
+
_verifyAuthBlockingToken(token: string, audience?: string): Promise<DecodedAuthBlockingToken>;
|
|
602
604
|
/**
|
|
603
605
|
* Verifies the decoded Firebase issued JWT is not revoked or disabled. Returns a promise that
|
|
604
606
|
* resolves with the decoded claims on success. Rejects the promise with revocation error if revoked
|
package/lib/auth/base-auth.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! firebase-admin v10.0
|
|
1
|
+
/*! firebase-admin v10.1.0 */
|
|
2
2
|
"use strict";
|
|
3
3
|
/*!
|
|
4
4
|
* Copyright 2021 Google Inc.
|
|
@@ -66,6 +66,7 @@ var BaseAuth = /** @class */ (function () {
|
|
|
66
66
|
}
|
|
67
67
|
this.sessionCookieVerifier = token_verifier_1.createSessionCookieVerifier(app);
|
|
68
68
|
this.idTokenVerifier = token_verifier_1.createIdTokenVerifier(app);
|
|
69
|
+
this.authBlockingTokenVerifier = token_verifier_1.createAuthBlockingTokenVerifier(app);
|
|
69
70
|
}
|
|
70
71
|
/**
|
|
71
72
|
* Creates a new Firebase custom token (JWT) that can be sent back to a client
|
|
@@ -914,6 +915,15 @@ var BaseAuth = /** @class */ (function () {
|
|
|
914
915
|
}
|
|
915
916
|
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_PROVIDER_ID));
|
|
916
917
|
};
|
|
918
|
+
/** @alpha */
|
|
919
|
+
// eslint-disable-next-line @typescript-eslint/naming-convention
|
|
920
|
+
BaseAuth.prototype._verifyAuthBlockingToken = function (token, audience) {
|
|
921
|
+
var isEmulator = auth_api_request_1.useEmulator();
|
|
922
|
+
return this.authBlockingTokenVerifier._verifyAuthBlockingToken(token, isEmulator, audience)
|
|
923
|
+
.then(function (decodedAuthBlockingToken) {
|
|
924
|
+
return decodedAuthBlockingToken;
|
|
925
|
+
});
|
|
926
|
+
};
|
|
917
927
|
/**
|
|
918
928
|
* Verifies the decoded Firebase issued JWT is not revoked or disabled. Returns a promise that
|
|
919
929
|
* resolves with the decoded claims on success. Rejects the promise with revocation error if revoked
|
package/lib/auth/identifier.d.ts
CHANGED
package/lib/auth/identifier.js
CHANGED
package/lib/auth/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! firebase-admin v10.0
|
|
1
|
+
/*! firebase-admin v10.1.0 */
|
|
2
2
|
/*!
|
|
3
3
|
* Copyright 2020 Google Inc.
|
|
4
4
|
*
|
|
@@ -50,6 +50,6 @@ export { BaseAuth, DeleteUsersResult, GetUsersResult, ListUsersResult, SessionCo
|
|
|
50
50
|
export { EmailIdentifier, PhoneIdentifier, ProviderIdentifier, UidIdentifier, UserIdentifier, } from './identifier';
|
|
51
51
|
export { CreateTenantRequest, Tenant, UpdateTenantRequest, } from './tenant';
|
|
52
52
|
export { ListTenantsResult, TenantAwareAuth, TenantManager, } from './tenant-manager';
|
|
53
|
-
export { DecodedIdToken } from './token-verifier';
|
|
53
|
+
export { DecodedIdToken, DecodedAuthBlockingToken } from './token-verifier';
|
|
54
54
|
export { HashAlgorithmType, UserImportOptions, UserImportRecord, UserImportResult, UserMetadataRequest, UserProviderRequest, } from './user-import-builder';
|
|
55
55
|
export { MultiFactorInfo, MultiFactorSettings, PhoneMultiFactorInfo, UserInfo, UserMetadata, UserRecord, } from './user-record';
|
package/lib/auth/index.js
CHANGED
package/lib/auth/tenant.d.ts
CHANGED
package/lib/auth/tenant.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! firebase-admin v10.0
|
|
1
|
+
/*! firebase-admin v10.1.0 */
|
|
2
2
|
/*!
|
|
3
3
|
* Copyright 2018 Google Inc.
|
|
4
4
|
*
|
|
@@ -148,3 +148,72 @@ export interface DecodedIdToken {
|
|
|
148
148
|
*/
|
|
149
149
|
[key: string]: any;
|
|
150
150
|
}
|
|
151
|
+
/** @alpha */
|
|
152
|
+
export interface DecodedAuthBlockingSharedUserInfo {
|
|
153
|
+
uid: string;
|
|
154
|
+
display_name?: string;
|
|
155
|
+
email?: string;
|
|
156
|
+
photo_url?: string;
|
|
157
|
+
phone_number?: string;
|
|
158
|
+
}
|
|
159
|
+
/** @alpha */
|
|
160
|
+
export interface DecodedAuthBlockingMetadata {
|
|
161
|
+
creation_time?: number;
|
|
162
|
+
last_sign_in_time?: number;
|
|
163
|
+
}
|
|
164
|
+
/** @alpha */
|
|
165
|
+
export interface DecodedAuthBlockingUserInfo extends DecodedAuthBlockingSharedUserInfo {
|
|
166
|
+
provider_id: string;
|
|
167
|
+
}
|
|
168
|
+
/** @alpha */
|
|
169
|
+
export interface DecodedAuthBlockingMfaInfo {
|
|
170
|
+
uid: string;
|
|
171
|
+
display_name?: string;
|
|
172
|
+
phone_number?: string;
|
|
173
|
+
enrollment_time?: string;
|
|
174
|
+
factor_id?: string;
|
|
175
|
+
}
|
|
176
|
+
/** @alpha */
|
|
177
|
+
export interface DecodedAuthBlockingEnrolledFactors {
|
|
178
|
+
enrolled_factors?: DecodedAuthBlockingMfaInfo[];
|
|
179
|
+
}
|
|
180
|
+
/** @alpha */
|
|
181
|
+
export interface DecodedAuthBlockingUserRecord extends DecodedAuthBlockingSharedUserInfo {
|
|
182
|
+
email_verified?: boolean;
|
|
183
|
+
disabled?: boolean;
|
|
184
|
+
metadata?: DecodedAuthBlockingMetadata;
|
|
185
|
+
password_hash?: string;
|
|
186
|
+
password_salt?: string;
|
|
187
|
+
provider_data?: DecodedAuthBlockingUserInfo[];
|
|
188
|
+
multi_factor?: DecodedAuthBlockingEnrolledFactors;
|
|
189
|
+
custom_claims?: any;
|
|
190
|
+
tokens_valid_after_time?: number;
|
|
191
|
+
tenant_id?: string;
|
|
192
|
+
[key: string]: any;
|
|
193
|
+
}
|
|
194
|
+
/** @alpha */
|
|
195
|
+
export interface DecodedAuthBlockingToken {
|
|
196
|
+
aud: string;
|
|
197
|
+
exp: number;
|
|
198
|
+
iat: number;
|
|
199
|
+
iss: string;
|
|
200
|
+
sub: string;
|
|
201
|
+
event_id: string;
|
|
202
|
+
event_type: string;
|
|
203
|
+
ip_address: string;
|
|
204
|
+
user_agent?: string;
|
|
205
|
+
locale?: string;
|
|
206
|
+
sign_in_method?: string;
|
|
207
|
+
user_record?: DecodedAuthBlockingUserRecord;
|
|
208
|
+
tenant_id?: string;
|
|
209
|
+
raw_user_info?: string;
|
|
210
|
+
sign_in_attributes?: {
|
|
211
|
+
[key: string]: any;
|
|
212
|
+
};
|
|
213
|
+
oauth_id_token?: string;
|
|
214
|
+
oauth_access_token?: string;
|
|
215
|
+
oauth_refresh_token?: string;
|
|
216
|
+
oauth_token_secret?: string;
|
|
217
|
+
oauth_expires_in?: number;
|
|
218
|
+
[key: string]: any;
|
|
219
|
+
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! firebase-admin v10.0
|
|
1
|
+
/*! firebase-admin v10.1.0 */
|
|
2
2
|
"use strict";
|
|
3
3
|
/*!
|
|
4
4
|
* Copyright 2018 Google Inc.
|
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
* limitations under the License.
|
|
17
17
|
*/
|
|
18
18
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
19
|
-
exports.createSessionCookieVerifier = exports.createIdTokenVerifier = exports.FirebaseTokenVerifier = exports.SESSION_COOKIE_INFO = exports.ID_TOKEN_INFO = void 0;
|
|
19
|
+
exports.createSessionCookieVerifier = exports.createAuthBlockingTokenVerifier = exports.createIdTokenVerifier = exports.FirebaseTokenVerifier = exports.SESSION_COOKIE_INFO = exports.AUTH_BLOCKING_TOKEN_INFO = exports.ID_TOKEN_INFO = void 0;
|
|
20
20
|
var error_1 = require("../utils/error");
|
|
21
21
|
var util = require("../utils/index");
|
|
22
22
|
var validator = require("../utils/validator");
|
|
@@ -41,6 +41,18 @@ exports.ID_TOKEN_INFO = {
|
|
|
41
41
|
shortName: 'ID token',
|
|
42
42
|
expiredErrorCode: error_1.AuthClientErrorCode.ID_TOKEN_EXPIRED,
|
|
43
43
|
};
|
|
44
|
+
/**
|
|
45
|
+
* User facing token information related to the Firebase Auth Blocking token.
|
|
46
|
+
*
|
|
47
|
+
* @internal
|
|
48
|
+
*/
|
|
49
|
+
exports.AUTH_BLOCKING_TOKEN_INFO = {
|
|
50
|
+
url: 'https://cloud.google.com/identity-platform/docs/blocking-functions',
|
|
51
|
+
verifyApiName: '_verifyAuthBlockingToken()',
|
|
52
|
+
jwtName: 'Firebase Auth Blocking token',
|
|
53
|
+
shortName: 'Auth Blocking token',
|
|
54
|
+
expiredErrorCode: error_1.AuthClientErrorCode.AUTH_BLOCKING_TOKEN_EXPIRED,
|
|
55
|
+
};
|
|
44
56
|
/**
|
|
45
57
|
* User facing token information related to the Firebase session cookie.
|
|
46
58
|
*
|
|
@@ -115,6 +127,26 @@ var FirebaseTokenVerifier = /** @class */ (function () {
|
|
|
115
127
|
return decodedIdToken;
|
|
116
128
|
});
|
|
117
129
|
};
|
|
130
|
+
/** @alpha */
|
|
131
|
+
// eslint-disable-next-line @typescript-eslint/naming-convention
|
|
132
|
+
FirebaseTokenVerifier.prototype._verifyAuthBlockingToken = function (jwtToken, isEmulator, audience) {
|
|
133
|
+
var _this = this;
|
|
134
|
+
if (!validator.isString(jwtToken)) {
|
|
135
|
+
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "First argument to " + this.tokenInfo.verifyApiName + " must be a " + this.tokenInfo.jwtName + " string.");
|
|
136
|
+
}
|
|
137
|
+
return this.ensureProjectId()
|
|
138
|
+
.then(function (projectId) {
|
|
139
|
+
if (typeof audience === 'undefined') {
|
|
140
|
+
audience = projectId + ".cloudfunctions.net/";
|
|
141
|
+
}
|
|
142
|
+
return _this.decodeAndVerify(jwtToken, projectId, isEmulator, audience);
|
|
143
|
+
})
|
|
144
|
+
.then(function (decoded) {
|
|
145
|
+
var decodedAuthBlockingToken = decoded.payload;
|
|
146
|
+
decodedAuthBlockingToken.uid = decodedAuthBlockingToken.sub;
|
|
147
|
+
return decodedAuthBlockingToken;
|
|
148
|
+
});
|
|
149
|
+
};
|
|
118
150
|
FirebaseTokenVerifier.prototype.ensureProjectId = function () {
|
|
119
151
|
var _this = this;
|
|
120
152
|
return util.findProjectId(this.app)
|
|
@@ -126,11 +158,11 @@ var FirebaseTokenVerifier = /** @class */ (function () {
|
|
|
126
158
|
return Promise.resolve(projectId);
|
|
127
159
|
});
|
|
128
160
|
};
|
|
129
|
-
FirebaseTokenVerifier.prototype.decodeAndVerify = function (token, projectId, isEmulator) {
|
|
161
|
+
FirebaseTokenVerifier.prototype.decodeAndVerify = function (token, projectId, isEmulator, audience) {
|
|
130
162
|
var _this = this;
|
|
131
163
|
return this.safeDecode(token)
|
|
132
164
|
.then(function (decodedToken) {
|
|
133
|
-
_this.verifyContent(decodedToken, projectId, isEmulator);
|
|
165
|
+
_this.verifyContent(decodedToken, projectId, isEmulator, audience);
|
|
134
166
|
return _this.verifySignature(token, isEmulator)
|
|
135
167
|
.then(function () { return decodedToken; });
|
|
136
168
|
});
|
|
@@ -157,7 +189,7 @@ var FirebaseTokenVerifier = /** @class */ (function () {
|
|
|
157
189
|
* @param projectId - The Firebase Project Id.
|
|
158
190
|
* @param isEmulator - Whether the token is an Emulator token.
|
|
159
191
|
*/
|
|
160
|
-
FirebaseTokenVerifier.prototype.verifyContent = function (fullDecodedToken, projectId, isEmulator) {
|
|
192
|
+
FirebaseTokenVerifier.prototype.verifyContent = function (fullDecodedToken, projectId, isEmulator, audience) {
|
|
161
193
|
var header = fullDecodedToken && fullDecodedToken.header;
|
|
162
194
|
var payload = fullDecodedToken && fullDecodedToken.payload;
|
|
163
195
|
var projectIdMatchMessage = " Make sure the " + this.tokenInfo.shortName + " comes from the same " +
|
|
@@ -177,7 +209,7 @@ var FirebaseTokenVerifier = /** @class */ (function () {
|
|
|
177
209
|
(this.tokenInfo.shortName + ", but was given a legacy custom token.");
|
|
178
210
|
}
|
|
179
211
|
else {
|
|
180
|
-
errorMessage =
|
|
212
|
+
errorMessage = this.tokenInfo.jwtName + " has no \"kid\" claim.";
|
|
181
213
|
}
|
|
182
214
|
errorMessage += verifyJwtTokenDocsMessage;
|
|
183
215
|
}
|
|
@@ -185,7 +217,11 @@ var FirebaseTokenVerifier = /** @class */ (function () {
|
|
|
185
217
|
errorMessage = this.tokenInfo.jwtName + " has incorrect algorithm. Expected \"" + jwt_1.ALGORITHM_RS256 + '" but got ' +
|
|
186
218
|
'"' + header.alg + '".' + verifyJwtTokenDocsMessage;
|
|
187
219
|
}
|
|
188
|
-
else if (payload.aud
|
|
220
|
+
else if (typeof audience !== 'undefined' && !payload.aud.includes(audience)) {
|
|
221
|
+
errorMessage = this.tokenInfo.jwtName + " has incorrect \"aud\" (audience) claim. Expected \"" +
|
|
222
|
+
audience + '" but got "' + payload.aud + '".' + verifyJwtTokenDocsMessage;
|
|
223
|
+
}
|
|
224
|
+
else if (typeof audience === 'undefined' && payload.aud !== projectId) {
|
|
189
225
|
errorMessage = this.tokenInfo.jwtName + " has incorrect \"aud\" (audience) claim. Expected \"" +
|
|
190
226
|
projectId + '" but got "' + payload.aud + '".' + projectIdMatchMessage +
|
|
191
227
|
verifyJwtTokenDocsMessage;
|
|
@@ -258,6 +294,17 @@ function createIdTokenVerifier(app) {
|
|
|
258
294
|
return new FirebaseTokenVerifier(CLIENT_CERT_URL, 'https://securetoken.google.com/', exports.ID_TOKEN_INFO, app);
|
|
259
295
|
}
|
|
260
296
|
exports.createIdTokenVerifier = createIdTokenVerifier;
|
|
297
|
+
/**
|
|
298
|
+
* Creates a new FirebaseTokenVerifier to verify Firebase Auth Blocking tokens.
|
|
299
|
+
*
|
|
300
|
+
* @internal
|
|
301
|
+
* @param app - Firebase app instance.
|
|
302
|
+
* @returns FirebaseTokenVerifier
|
|
303
|
+
*/
|
|
304
|
+
function createAuthBlockingTokenVerifier(app) {
|
|
305
|
+
return new FirebaseTokenVerifier(CLIENT_CERT_URL, 'https://securetoken.google.com/', exports.AUTH_BLOCKING_TOKEN_INFO, app);
|
|
306
|
+
}
|
|
307
|
+
exports.createAuthBlockingTokenVerifier = createAuthBlockingTokenVerifier;
|
|
261
308
|
/**
|
|
262
309
|
* Creates a new FirebaseTokenVerifier to verify Firebase session cookies.
|
|
263
310
|
*
|