WIP authIdTokenVerified #8008

jamesdaniels · 2024-02-03T01:15:22Z

WIP of FirebaseServerApp.authIdTokenVerified FYI @DellaBitta

TODO:

tests
handle emulated credentials
cleanup
add rejection reasons
reject rather than throw on shape of jwt
trigger rejection/resolution of the promise from Firebase Auth (reload)
make it work in non-node environments (subtle)
switch to jwks

Baseline addition of the FirebaseServerApp object.

…IdToken (#7944) Add support for logging-in users with the FirebaseServerApp's authIdToken. ### Testing Local project testing client-side created users, passing idTokens to serverApps, and logging in the user. Tested with multiple users and multiple instances of FirebaseServerApps w/ Auth. CI tests (added integration tests). ### API Changes N/A

…ck later (#7989) Removed the appCheck and installations token parameters in FirebaseServerAppSettings as they won't be part of our initial launch. Additionally, update the the doxgen comments to no longer refer to these parameters, and to inform users that the User refreshToken will not work for User objects signed in with the authIdToken.

Mangle the name of the ServerAap based on the hash of the parameters passed in. In addition, return the same instance of app when the same parameters are used.

Update the `FirebaseServerApp` creation to return the same object if an existing object exists with the same configuration. However, the `deleteOnDeref` field is ignored when detecting duplicate apps, since that object reference could vary across multiple SSR rendering passes. The hope is that a `FirebaseServerApp` instance awaiting deletion from a the `deleteOnDeref` feature maybe be reused if another SSR pass occurs in rapid succession, there by speeding up the SSR code.

changeset-bot · 2024-02-03T01:15:25Z

⚠️ No Changeset found

Latest commit: 27a0ac7

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

google-oss-bot · 2024-02-03T01:32:37Z

Size Report ¹

Affected Products

@firebase/app
Type Base (e3e3339) Merge (96c5505) Diff
browser 18.1 kB 20.8 kB +2.77 kB (+15.3%)
esm5 23.6 kB 27.6 kB +3.91 kB (+16.5%)
main 24.7 kB 28.6 kB +3.95 kB (+16.0%)
module 18.1 kB 20.8 kB +2.77 kB (+15.3%)

`@firebase/auth`

Type	Base (`e3e3339`)	Merge (`96c5505`)	Diff
browser	182 kB	182 kB	+320 B (+0.2%)
cordova	210 kB	210 kB	+322 B (+0.2%)
esm5	236 kB	237 kB	+322 B (+0.1%)
main	179 kB	179 kB	+330 B (+0.2%)
module	182 kB	182 kB	+320 B (+0.2%)
react-native	199 kB	199 kB	+334 B (+0.2%)

@firebase/auth/cordova
Type Base (e3e3339) Merge (96c5505) Diff
browser 210 kB 210 kB +322 B (+0.2%)
module 210 kB 210 kB +322 B (+0.2%)
@firebase/auth/internal
Type Base (e3e3339) Merge (96c5505) Diff
browser 193 kB 193 kB +320 B (+0.2%)
esm5 250 kB 250 kB +322 B (+0.1%)
main 215 kB 215 kB +334 B (+0.2%)
module 193 kB 193 kB +320 B (+0.2%)
@firebase/auth/web-extension
Type Base (e3e3339) Merge (96c5505) Diff
browser 137 kB 137 kB +320 B (+0.2%)
main 152 kB 152 kB +332 B (+0.2%)
module 137 kB 137 kB +320 B (+0.2%)
@firebase/util
Type Base (e3e3339) Merge (96c5505) Diff
browser 23.1 kB 23.8 kB +742 B (+3.2%)
esm5 24.7 kB 25.5 kB +757 B (+3.1%)
main 30.5 kB 31.0 kB +513 B (+1.7%)
module 23.1 kB 23.8 kB +742 B (+3.2%)

`bundle`

46 size changes

Type	Base (`e3e3339`)	Merge (`96c5505`)	Diff
analytics (logEvent)	44.4 kB	45.2 kB	+802 B (+1.8%)
app-check (CustomProvider)	37.3 kB	38.1 kB	+802 B (+2.2%)
app-check (ReCaptchaEnterpriseProvider)	39.8 kB	40.6 kB	+802 B (+2.0%)
app-check (ReCaptchaV3Provider)	39.8 kB	40.6 kB	+802 B (+2.0%)
auth (Anonymous)	76.0 kB	77.1 kB	+1.08 kB (+1.4%)
auth (EmailAndPassword)	84.3 kB	85.4 kB	+1.08 kB (+1.3%)
auth (GoogleFBTwitterGitHubPopup)	103 kB	104 kB	+1.08 kB (+1.0%)
auth (GooglePopup)	100 kB	101 kB	+1.08 kB (+1.1%)
auth (GoogleRedirect)	101 kB	102 kB	+1.08 kB (+1.1%)
auth (Phone)	86.6 kB	87.7 kB	+1.08 kB (+1.2%)
database (Append to a list of data)	149 kB	150 kB	+802 B (+0.5%)
database (Filtering data)	148 kB	149 kB	+802 B (+0.5%)
database (Listen for child events)	164 kB	165 kB	+802 B (+0.5%)
database (Listen for value events + Detach listeners)	164 kB	165 kB	+802 B (+0.5%)
database (Listen for value events)	164 kB	165 kB	+802 B (+0.5%)
database (Read data once)	164 kB	164 kB	+802 B (+0.5%)
database (Save data as transactions)	166 kB	167 kB	+802 B (+0.5%)
database (Sort data)	149 kB	150 kB	+802 B (+0.5%)
database (Write data)	148 kB	149 kB	+802 B (+0.5%)
firestore (CSI Auto Indexing Disable and Delete)	268 kB	269 kB	+804 B (+0.3%)
firestore (CSI Auto Indexing Enable)	268 kB	269 kB	+804 B (+0.3%)
firestore (Persistence)	303 kB	304 kB	+804 B (+0.3%)
firestore (Query Cursors)	247 kB	248 kB	+802 B (+0.3%)
firestore (Query)	245 kB	245 kB	+802 B (+0.3%)
firestore (Read data once)	233 kB	234 kB	+802 B (+0.3%)
firestore (Read Write w Persistence)	323 kB	323 kB	+802 B (+0.2%)
firestore (Realtime updates)	235 kB	236 kB	+802 B (+0.3%)
firestore (Transaction)	212 kB	213 kB	+802 B (+0.4%)
firestore (Write data)	212 kB	212 kB	+802 B (+0.4%)
firestore-lite (Query Cursors)	89.8 kB	90.6 kB	+802 B (+0.9%)
firestore-lite (Query)	85.9 kB	86.7 kB	+802 B (+0.9%)
firestore-lite (Read data once)	62.1 kB	62.9 kB	+802 B (+1.3%)
firestore-lite (Transaction)	87.0 kB	87.8 kB	+802 B (+0.9%)
firestore-lite (Write data)	71.6 kB	72.4 kB	+802 B (+1.1%)
functions (call)	31.8 kB	32.6 kB	+802 B (+2.5%)
messaging (send + receive)	47.2 kB	48.0 kB	+810 B (+1.7%)
performance (trace)	51.6 kB	52.4 kB	+809 B (+1.6%)
remote-config (getAndFetch)	46.2 kB	47.0 kB	+804 B (+1.7%)
storage (getBytes)	42.0 kB	42.8 kB	+802 B (+1.9%)
storage (getDownloadURL)	44.0 kB	44.8 kB	+802 B (+1.8%)
storage (getMetadata)	43.5 kB	44.3 kB	+802 B (+1.8%)
storage (list + listAll)	42.9 kB	43.7 kB	+802 B (+1.9%)
storage (updateMetadata)	43.7 kB	44.5 kB	+802 B (+1.8%)
storage (uploadBytes)	48.6 kB	49.4 kB	+802 B (+1.7%)
storage (uploadBytesResumable)	58.5 kB	59.3 kB	+802 B (+1.4%)
storage (uploadString)	48.8 kB	49.6 kB	+802 B (+1.6%)

`firebase`

Type	Base (`e3e3339`)	Merge (`96c5505`)	Diff
firebase-app-compat.js	31.4 kB	33.6 kB	+2.14 kB (+6.8%)
firebase-app.js	102 kB	107 kB	+5.42 kB (+5.3%)
firebase-auth-compat.js	140 kB	140 kB	+309 B (+0.2%)
firebase-auth-cordova.js	177 kB	178 kB	+269 B (+0.2%)
firebase-auth-web-extension.js	117 kB	117 kB	+267 B (+0.2%)
firebase-auth.js	151 kB	151 kB	+267 B (+0.2%)
firebase-compat.js	786 kB	788 kB	+2.46 kB (+0.3%)
firebase-performance-standalone-compat.es2017.js	93.3 kB	96.2 kB	+2.89 kB (+3.1%)
firebase-performance-standalone-compat.js	70.4 kB	73.3 kB	+2.95 kB (+4.2%)

Test Logs

https://storage.googleapis.com/firebase-sdk-metric-reports/oGZiaQwonC.html

google-oss-bot · 2024-02-03T01:45:59Z

Size Analysis Report ¹

This report is too large (199,126 characters) to be displayed here in a GitHub comment. Please use the below link to see the full report on Google Cloud Storage.

Test Logs

https://storage.googleapis.com/firebase-sdk-metric-reports/kzzyTEg3Ro.html

packages/app/src/firebaseServerApp.ts

jamesdaniels · 2024-02-03T05:05:57Z

packages/app/src/firebaseServerApp.ts

+  return memoizedPublicKeys;
+}
+
+function base64decode(base64Contents: string): string {


are there already utils for this ops? look into

And if not, then add this to the util file.

packages/app/src/firebaseServerApp.ts

Updates FirebaseServerApp implementation in Auth to prevent operations that would change the currently logged in user. The user should be that of the authIdToken provided to FirebaseServerApp only. Note: some of the method implementations currently reside in browser-only files. I added safe guards to these methods even though FirebaseServerApp is not supported in browser enviornments. These guards protect us in case the methods are later adapted to other environments and/or migrated to other files that are not browser-only. The changes to the browser implementations produce little overhead, so I thought that safety first was the correct call here.

… helpers

It turns out the FirebaseServerApp implementation in #8005 was not blocking auth initialization, so when testing end-to-end we were seeing race conditions with auth state. In this PR I address by awaiting the user fetch and moving the implementation into AuthImpl#initializeCurrentUser for cleanliness.

…nVerifiedImpl

DellaBitta and others added 8 commits January 8, 2024 14:32

[FirebaseServerApp] Add ServerApp to feature branch (#7894)

3037b86

Baseline addition of the FirebaseServerApp object.

Merge branch 'master' into feature-firebaseserverapp

fc0362f

[ServerApp] Mangle the FirebaseServerApp name (#7993)

abc9d87

Mangle the name of the ServerAap based on the hash of the parameters passed in. In addition, return the same instance of app when the same parameters are used.

Merge branch 'master' into feature-firebaseserverapp

9fd761b

WIP

2fea475

Formatting

e9c93cc

jamesdaniels changed the title ~~WIP~~ WIP authIdTokenVerified Feb 3, 2024