This repository has been archived by the owner on Mar 29, 2022. It is now read-only.
Properly fill in auth object for Android #89
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The "auth" object is later used to do permission checks by the means of targaryen library [1]. I don't know the semantics of the token that JavaScript client sends, but [3] is for what Android sends in, and, given that JavaScript clients were tested to work correctly, I assume the format is different for some reason. The idea of this pull request is to bring the Android token in line with the official documentation at [2]. Why not make this change to targaryen library instead? Well, the "auth" object supplied to targaryen is supposed to be of the format described in [2] rather than being protocol-bound, so firebase-server, as a protocol handler, is a more appropriate place to put an adapter in. [1] https://github.com/goldibex/targaryen [2] https://firebase.google.com/docs/reference/security/database/#auth [3] #88
urish
reviewed
May 14, 2017
index.js
Outdated
| data = decodedToken.d; | ||
| } else { | ||
| data = { | ||
| uid: decodedToken.sub, |
There was a problem hiding this comment.
per #88, wasn't it user_id instead of sub ?
There was a problem hiding this comment.
You are right.
Both have the same value, but sub is a standard JWT claim, while user_id is firebase-specific.
What if I use sub as a fallback for user_id?
|
thanks, please have a look at my comment |
|
Thanks for taking a look. Sorry for the diminished coverage: unfortunately, the token encryption in |
|
awesome, thanks! |
|
Released as 0.10.1 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The "auth" object is later used to do permission checks by the means of targaryen library [1].
I don't know the semantics of the token that JavaScript client sends, but [3] is for what Android sends in, and, given that JavaScript clients were tested to work correctly, I assume the format is different for some reason. The idea of this pull request is to bring the Android token in line with the official documentation at [2].
Why not make this change to targaryen library instead?
Well, the "auth" object supplied to targaryen is supposed to be of the format described in [2] rather than being protocol-bound, so firebase-server, as a protocol handler, is a more appropriate place to put an adapter in.
Fixes #88.
[1] https://github.com/goldibex/targaryen
[2] https://firebase.google.com/docs/reference/security/database/#auth
[3] #88