feat(fac): Add custom TTL options for App Check #1363
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lahirumaramba
force-pushed
the
lm-fac-config-ttl
branch
3 times, most recently
from
8d6197a to
89b759c
Compare
lahirumaramba
force-pushed
the
lm-fac-config-ttl
branch
from
89b759c to
8dab1b2
Compare
weixifan
approved these changes
Jul 9, 2021
hiranya911
approved these changes
Jul 9, 2021
src/app-check/index.ts
Outdated
| @@ -95,6 +96,18 @@ export namespace appCheck { | |||
| ttlMillis: number; | |||
| } | |||
|
|
|||
| /** | |||
| * Interface representing an App Check token options. | |||
src/app-check/token-generator.ts
Outdated
| 'AppCheckTokenOptions must be a non-null object.'); | ||
| } | ||
| if (typeof options.ttlMillis !== 'undefined') { | ||
| if (!validator.isNumber(options.ttlMillis) || options.ttlMillis < 0) { |
There was a problem hiding this comment.
Negative check is redundant due to the following check.
There was a problem hiding this comment.
I added the negative check here to specify that the ttl should be a non-negative duration in the error message. I agree though that it makes more sense to include/check that as part of the range validation below. Will update the code.
| [THIRTY_MIN_IN_MS, THIRTY_MIN_IN_MS + 1, SEVEN_DAYS_IN_MS / 2, SEVEN_DAYS_IN_MS - 1, SEVEN_DAYS_IN_MS] | ||
| .forEach((ttlMillis) => { | ||
| it('should be fulfilled with a Firebase Custom JWT with a valid custom ttl' + JSON.stringify(ttlMillis), () => { | ||
| return tokenGenerator.createCustomToken(APP_ID, { ttlMillis }) |
There was a problem hiding this comment.
We should probably decode the token and verify the expected TTL is set.
hiranya911
reviewed
Jul 9, 2021
| @@ -83,6 +93,7 @@ export class AppCheckTokenGenerator { | |||
| aud: FIREBASE_APP_CHECK_AUDIENCE, | |||
| exp: iat + ONE_HOUR_IN_SECONDS, | |||
| iat, | |||
| ...customOptions, | |||
There was a problem hiding this comment.
Just curious. Why is ttl separate from exp?
There was a problem hiding this comment.
According to go/fac-configurable-ttls we are not exposing the option to use exp at all to keep the interface simple. So in this case a custom ttl will override exp.
lahirumaramba
force-pushed
the
lm-fac-config-ttl
branch
from
644ca9a to
4090f74
Compare
|
Thanks! Updated the code with PR fixes. Adding @kevinthecheung to review the reference docs. Thank you! |
hiranya911
approved these changes
Jul 9, 2021
| it('should be fulfilled with a Firebase Custom JWT with a valid custom ttl' + JSON.stringify(ttlMillis), () => { | ||
| return tokenGenerator.createCustomToken(APP_ID, { ttlMillis }) | ||
| .should.eventually.be.a('string').and.not.be.empty; | ||
| [[THIRTY_MIN_IN_MS, '1800s'], [THIRTY_MIN_IN_MS + 1, '1800.001000000s'], |
There was a problem hiding this comment.
One entry per line for clarity:
[
[],
[],
...
]
kevinthecheung
approved these changes
Jul 10, 2021
src/app-check/index.ts
Outdated
Comment on lines
104
to
106
| * The length of time measured in milliseconds starting from when the server | ||
| * mints the token for which the returned FAC token will be valid. | ||
| * This value must be in milliseconds and between 30 minutes and 7 days, inclusive. |
There was a problem hiding this comment.
Suggested change
| * The length of time measured in milliseconds starting from when the server | |
| * mints the token for which the returned FAC token will be valid. | |
| * This value must be in milliseconds and between 30 minutes and 7 days, inclusive. | |
| * The length of time, in milliseconds, for which the App Check token will | |
| * be valid. This value must be between 30 minutes and 7 days, inclusive. |
lahirumaramba
force-pushed
the
lm-fac-config-ttl
branch
from
9ab022c to
752437d
Compare
lahirumaramba
changed the title
This was referenced Jul 17, 2024
This was referenced Jul 27, 2024
This was referenced Aug 10, 2024
This was referenced Aug 17, 2024
This was referenced Aug 28, 2024
This was referenced Sep 24, 2024
This was referenced Oct 26, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
AppCheckTokenOptionstypecreateToken(...)to accept optionalAppCheckTokenOptionsttltransformMillisecondsToSecondsString()toutils(Integration tests will follow in a separate PR)RELEASE NOTE: The
createToken()API now supports configuring theTTLof the returned Firebase App Check Token.