-
Notifications
You must be signed in to change notification settings - Fork 91
Properly fill in auth object for Android #89
Conversation
The "auth" object is later used to do permission checks by the means of targaryen library [1]. I don't know the semantics of the token that JavaScript client sends, but [3] is for what Android sends in, and, given that JavaScript clients were tested to work correctly, I assume the format is different for some reason. The idea of this pull request is to bring the Android token in line with the official documentation at [2]. Why not make this change to targaryen library instead? Well, the "auth" object supplied to targaryen is supposed to be of the format described in [2] rather than being protocol-bound, so firebase-server, as a protocol handler, is a more appropriate place to put an adapter in. [1] https://github.com/goldibex/targaryen [2] https://firebase.google.com/docs/reference/security/database/#auth [3] #88
index.js
Outdated
data = decodedToken.d; | ||
} else { | ||
data = { | ||
uid: decodedToken.sub, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
per #88, wasn't it user_id
instead of sub
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right.
Both have the same value, but sub
is a standard JWT claim, while user_id
is firebase-specific.
What if I use sub
as a fallback for user_id
?
thanks, please have a look at my comment |
Thanks for taking a look. Sorry for the diminished coverage: unfortunately, the token encryption in |
awesome, thanks! |
Released as 0.10.1 |
The "auth" object is later used to do permission checks by the means of targaryen library [1].
I don't know the semantics of the token that JavaScript client sends, but [3] is for what Android sends in, and, given that JavaScript clients were tested to work correctly, I assume the format is different for some reason. The idea of this pull request is to bring the Android token in line with the official documentation at [2].
Why not make this change to targaryen library instead?
Well, the "auth" object supplied to targaryen is supposed to be of the format described in [2] rather than being protocol-bound, so firebase-server, as a protocol handler, is a more appropriate place to put an adapter in.
Fixes #88.
[1] https://github.com/goldibex/targaryen
[2] https://firebase.google.com/docs/reference/security/database/#auth
[3] #88