chore: Move token verification logic to util

[lahirumaramba]

• Move FirebaseTokenVerifier to util
• Include error type and codes to FirebaseTokenInfo to throw public error types from FirebaseTokenVerifier

[hiranya911]

Haven't looked at everything, but looks reasonable. Let's start off with some feedback on the high-level design.

[hiranya911]

Looks pretty good. Just a few suggestions for cleaning up the PR.

[lahirumaramba]

• Merged the expired error code to error code config
• Added validation for the new error code config and error type
• Added unit tests for new validations

[hiranya911]

Thanks for making the changes. Looks mostly good. Couple of points to revise:

1. There's one remaining reference to auth from the utils token verifier.
2. Unit tests could use a bit more attention.

[hiranya911]

There's a reference to auth here. Should probably get rid of it.

[lahirumaramba]

Oh good catch! I actually ended up finding more references to Auth. Ended up using generics in the verify token functions and moved the code to set the user id alias to one level up to auth.ts.
Let me know what you think. Thanks!

[lahirumaramba]

Re: the error code prefix. I just removed the auth prefix, but the error code feels a bit redundant here as the error code will also be included in the public error type.

[hiranya911]

This is something that will get cleaned up once we fix error handling for this SDK. For now this solution is adequate.

[hiranya911]

These tests now belong in utils.

[lahirumaramba]

Moved the tests to test/utils

[hiranya911]

Let's not move the whole file. It still contains many auth-specific tests.

[lahirumaramba]

Moved the code to set the uid alias here. Another way is to add helper functions, verifySessionCookie() and verifyIdToken(), to auth/token-verifier. Let me know your thoughts.

[hiranya911]

How about extending the util.TokenVerifier as AuthTokenVerifier, and add the logic there?

[lahirumaramba]

@hiranya911 :
To make the type check tighter we can introduce a base type for returned tokens...

interface FirebaseToken {
  // registered JWT claims
  iss: string
  aud: string
}

interface DecodedIdToken extends FirebaseToken {
...
}

public verifyJWT<T extends FirebaseToken>

Let me know your thoughts. Thanks!

[hiranya911]

Yeah, this looks good to me. But I don't think we need a generic at all. Just make auth extend the TokenVerifier class, and transform the FirebaseToken into DecodedIdToken there.

// in utils
interface DecodedToken {
  iss: string;
  aud: string;
  sub: string;
}

// in auth
interface DecodedIdToken {
  iss: string;
  aud: string;
  sub: string;
  uid: string;
}

// at callsite
const decodedToken: DecodedToken = await tokenVerifier.verifyToken();
const result: DecodedIdToken = {...decodedToken, uid: decodedToken.sub};

[hiranya911]

Lets find a more typesafe way to handle the returns. Plus separation of tests between auth and utils.

[hiranya911]

How about extending the util.TokenVerifier as AuthTokenVerifier, and add the logic there?

[hiranya911]

typeof errorType === 'function' also asserts that errorType !== null. So the 2nd part of the conjunction is redundant.

[hiranya911]

This is breaking the type safety a bit. We should probably introduce a new interface for the return type of this class. And then convert it into an auth specific return type in auth/token-verifier.

[hiranya911]

Not particularly typesafe.

[hiranya911]

ErrorCodeConfig?

[hiranya911]

Sorry if I wasn't clear. But I didn't mean moving this entire file into utils. Some tests in this file are still very auth-specific, and therefore should be in auth. But the test cases that specifically test for the utils.token-verifier, should be moved into a new test module (like the invalidErrorTypes test cases).

I think a good rule of thumb is if a test requires an import from auth, then it probably belongs in auth.

[lahirumaramba]

Closing this as we decided to change the overall approach and design of the refactor. This work is replaced by #1204