Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FR: Get IDTokens from test users #180

Closed
aaahrens opened this issue Oct 5, 2018 · 8 comments
Closed

FR: Get IDTokens from test users #180

aaahrens opened this issue Oct 5, 2018 · 8 comments

Comments

@aaahrens
Copy link

aaahrens commented Oct 5, 2018

Is there any way to get ID tokens from test users without having to use the c++ sdk or the node client? Just curious for testing purposes. Mocking an auth flow would be super nice
@belek
Copy link

belek commented Oct 26, 2018

+1. Really need this feature!

@hiranya911
Copy link
Contributor

Create a custom token and exchange it for an ID token via the REST API. See how we do it in our integration tests: https://github.com/firebase/firebase-admin-go/blob/master/integration/auth/auth_test.go#L199

Or you can just mint a fake ID token yourself: https://github.com/firebase/firebase-admin-go/blob/master/auth/auth_test.go#L428

@rohansingh
Copy link

rohansingh commented Nov 29, 2018
edited
Loading

@hiranya911 Is it by design that the verifyCustomToken endpoint isn't implemented in auth.Client?

@hiranya911
Copy link
Contributor

Yes, that's not an operation we expect developers to use in typical flows. It's only use is for testing as far as I can tell (we use it in our own integration tests).

@rohansingh
Copy link

rohansingh commented Nov 30, 2018
edited
Loading

@hiranya911 That makes sense, though having the method implemented would enable a couple scenarios:

  1. Testing, as you've mentioned. This is my main use case, and while I could definitely just do the same thing in my own tests, it'd be nice to just have it implemented. I'm strongly of the opinion that tests should be considered a first-class use case.

  2. I can't quite put my finger on it at the moment, but having verifyCustomToken might also allow something around using Firebase Auth in situations where a Firebase client SDK isn't available? Not sure.

  3. It would make it easy for an application to verify a custom token that it previously issued. I know that the application could just implement its own JWT verification, but just like the first scenario, it'd be nice to just have it implemented.

  4. Very minor side benefit: less likely to have invalid issues like Token verification failure for generated tokens firebase-admin-python#51, where users mistakenly try to verify a custom token against a VerifyIDToken method.

If you're not absolutely against it, I'm happy to open a PR.

@hiranya911
Copy link
Contributor

@bojeil-google what do you think?

@bojeil-google
Copy link
Contributor

verifyCustomToken is a client API. We prefer to keep it this way. It is treated as such from the Auth server. and could be subject to similar restrictions that other client APIs are subject to. That said, I will relay this request to the rest of the team.

@rohansingh
Copy link

That makes sense. As an alternative to introducing it to the auth.Client interface, I think it could also be helpful to have some sort of test helper that wraps the functionality. I know it's only about 20 lines of code and I've already replicated it in my own tests, but it'd be nice to have upstreamed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rohansingh @hiranya911 @belek @aaahrens @bojeil-google