Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

If FIREBASE_AUTH_EMULATOR_HOST is set, VerifyIDToken calls the Firebase Emulator, but shouldn't #536

Open
arzonus opened this issue Feb 8, 2023 · 0 comments
Open

If FIREBASE_AUTH_EMULATOR_HOST is set, VerifyIDToken calls the Firebase Emulator, but shouldn't #536

arzonus opened this issue Feb 8, 2023 · 0 comments
Labels
api: auth

Comments

@arzonus
Copy link

arzonus commented Feb 8, 2023
edited
Loading

[REQUIRED] Step 2: Describe your environment

  • Operating System version: no matter
  • Firebase SDK version: firebase.google.com/go/v4 v4.10.0
  • Library version: v4.10.0
  • Firebase Product: auth

[REQUIRED] Step 3: Describe the problem

I am working on functionality using AdminSDK to verify ID tokens by the VerifyIDToken function. I would like to write tests including calls of the method, but I found that the SDK tries to call a Firebase Emulator, which host is defined by FIREBASE_AUTH_EMULATOR_HOST variable.

I was surprised because I was sure VerifyIDToken shouldn't call the emulator to check user revocation. I found the place where the problem happens. Could you please describe the reason for this behavior or help me to avoid calls to the emulator?

Relevant Code:

// IDToken returns a valid ID token
func IDToken(uid string) (string, error) {
	const projectID = "project-id"

	var headers = map[string]interface{}{
		"alg": "none",
		"typ": "JWT",
	}

	jsonHeaders, err := json.Marshal(headers)
	if err != nil {
		return "", err
	}
	encodedHeaders := jwt.EncodeSegment(jsonHeaders)

	var claims = map[string]interface{}{
		"aud":       projectID,
		"iss":       "https://securetoken.google.com/" + projectID,
		"iat":       time.Now().Unix() - 100,
		"exp":       time.Now().Unix() + 3600,
		"auth_time": time.Now().Unix() - 100,
		"sub":       "1234567890",
		"uid":       uid,
	}

	jsonClaims, err := json.Marshal(claims)
	if err != nil {
		return "", err
	}
	encodedClaims := jwt.EncodeSegment(jsonClaims)

	return encodedHeaders + "." + encodedClaims + ".", nil
}

func check() {
  ctx := context.Background()
  token, _ := IDToken("uid")
  os.Setenv("FIREBASE_AUTH_EMULATOR_HOST", "localhost:9099")
  

  app, _ := firebase.NewApp(ctx, nil)
  auth, _ :=  app.Auth(ctx)
  t, err := auth.VerifyIDToken(ctx, token)
  if err != nil {
    fmt.Println(err)
  }
}

I get this error

failed to establish a connection: Post \"http://localhost:9099/identitytoolkit.googleapis.com/v1/projects/project-id/accounts:lookup\": dial tcp [::1]:9099: connect: connection refused"

Thank you!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api: auth
2 participants
@arzonus @google-oss-bot