createUnsecuredJwt makes improperly padded token #2803
Description
[REQUIRED] Describe your environment
- Operating System version: all
- Browser version: any
- Firebase SDK version: 0.11.4 (from customer setup)
- Firebase Product: testing
[REQUIRED] Describe the problem
Steps to reproduce:
- Create a test app
const testApp = fbtest.initializeTestApp({
projectId: "fir-dumpster",
auth: { uid: "alice", email: "alice@example.com" }
});- Use this test app with a callable function (function defined elsewhere):
const testFunctions = testApp.functions();
testFunctions.useFunctionsEmulator("http://localhost:5001")
test('we are able to call the callable function', async t => {
const result = await testFunctions.httpsCallable("helloCallable")({});
t.deepEqual(result.data, { hello: "world" });
});The HTTP request will include this header:
Authorization: Bearer eyJhbGciOiJub25lIiwia2lkIjoiZmFrZWtpZCJ9.eyJ1aWQiOiJhbGljZSIsImVtYWlsIjoiYWxpY2VAZXhhbXBsZS5jb20iLCJpYXQiOjAsInN1YiI6ImFsaWNlIn0=.
If you examine that ID token you will see it should not have the =:
https://jwt.io/#debugger-io?token=eyJhbGciOiJub25lIiwia2lkIjoiZmFrZWtpZCJ9.eyJ1aWQiOiJhbGljZSIsImVtYWlsIjoiYWxpY2VAZXhhbXBsZS5jb20iLCJpYXQiOjAsInN1YiI6ImFsaWNlIn0%3D.
So if you use the node jsonwebtoken module to decode it, you get null:
> const jwt = require('jsonwebtoken')
undefined
> jwt.decode("eyJhbGciOiJub25lIiwia2lkIjoiZmFrZWtpZCJ9.eyJ1aWQiOiJhbGljZSIsImVtY
WlsIjoiYWxpY2VAZXhhbXBsZS5jb20iLCJpYXQiOjAsInN1YiI6ImFsaWNlIn0=.")
null
But if you remove the trailing = it works:
> jwt.decode("eyJhbGciOiJub25lIiwia2lkIjoiZmFrZWtpZCJ9.eyJ1aWQiOiJhbGljZSIsImVtY
WlsIjoiYWxpY2VAZXhhbXBsZS5jb20iLCJpYXQiOjAsInN1YiI6ImFsaWNlIn0.")
{ uid: 'alice', email: 'alice@example.com', iat: 0, sub: 'alice' }
Relevant Code:
See above