Skip to content

Implement Token refresh mechanism for BYO-CIAM #9285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: gcip-byociam-web
Choose a base branch
from
Open

Implement Token refresh mechanism for BYO-CIAM #9285

wants to merge 13 commits into from

Conversation

mansisampat
Copy link
Contributor

@mansisampat mansisampat commented Sep 30, 2025
edited
Loading

Implement Token refresh mechanism for BYO-CIAM.

API Proposal - http://goto.google.com/byociam-token-refresh-api-proposal

Testing

  • Added unit test
  • Local testing done in demo app

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 30, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: c91663a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@google-oss-bot
Copy link
Contributor

google-oss-bot commented Sep 30, 2025
edited
Loading

Size Report 1

Affected Products

  • @firebase/auth

    TypeBase (ac2fc52)Merge (c3fac61)Diff
    browser192 kB193 kB+825 B (+0.4%)
    cordova165 kB166 kB+825 B (+0.5%)
    main148 kB148 kB+827 B (+0.6%)
    module192 kB193 kB+825 B (+0.4%)
    react-native165 kB166 kB+827 B (+0.5%)

  • @firebase/auth-cordova

    TypeBase (ac2fc52)Merge (c3fac61)Diff
    browser165 kB166 kB+825 B (+0.5%)
    module165 kB166 kB+825 B (+0.5%)

  • @firebase/auth-web-extension

    TypeBase (ac2fc52)Merge (c3fac61)Diff
    browser142 kB143 kB+825 B (+0.6%)
    main159 kB160 kB+827 B (+0.5%)
    module142 kB143 kB+825 B (+0.6%)

  • @firebase/auth/internal

    TypeBase (ac2fc52)Merge (c3fac61)Diff
    browser202 kB202 kB+825 B (+0.4%)
    main173 kB174 kB+829 B (+0.5%)
    module202 kB202 kB+825 B (+0.4%)

  • bundle

    TypeBase (ac2fc52)Merge (c3fac61)Diff
    auth (Anonymous)76.6 kB77.9 kB+1.24 kB (+1.6%)
    auth (EmailAndPassword)86.4 kB87.6 kB+1.24 kB (+1.4%)
    auth (GoogleFBTwitterGitHubPopup)107 kB109 kB+1.24 kB (+1.2%)
    auth (GooglePopup)100 kB101 kB+1.24 kB (+1.2%)
    auth (GoogleRedirect)100 kB101 kB+1.24 kB (+1.2%)
    auth (Phone)93.6 kB94.8 kB+1.24 kB (+1.3%)

  • firebase

    TypeBase (ac2fc52)Merge (c3fac61)Diff
    firebase-auth-compat.js144 kB145 kB+1.25 kB (+0.9%)
    firebase-auth-cordova.js142 kB142 kB+502 B (+0.4%)
    firebase-auth-web-extension.js125 kB126 kB+502 B (+0.4%)
    firebase-auth.js162 kB162 kB+502 B (+0.3%)
    firebase-compat.js811 kB812 kB+1.23 kB (+0.2%)

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/5Cfp4EZ6ua.html

@google-oss-bot
Copy link
Contributor

google-oss-bot commented Sep 30, 2025
edited
Loading

Size Analysis Report 1

This report is too large (377,964 characters) to be displayed here in a GitHub comment. Please use the below link to see the full report on Google Cloud Storage.

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/6MbMaxD4kV.html

@mansisampat mansisampat requested a review from a team as a code owner September 30, 2025 08:33
pashanka
pashanka approved these changes Sep 30, 2025
View reviewed changes
Copy link
Contributor

@pashanka pashanka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

NhienLam
NhienLam requested changes Sep 30, 2025
View reviewed changes
packages/auth/src/core/auth/auth_impl.ts Outdated
if (
firebaseToken &&
firebaseToken.expirationTime &&
Date.now() > firebaseToken.expirationTime - this.TOKEN_EXPIRATION_BUFFER
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function doesn't look correct to me.

  1. Currently, it will return true if firebaseToken is null or undefined. This is not the expected behavior, isn't it?
  2. Should it be >=? The token should be invalid when it's at exactly the expiration time, right?
  3. firebaseToken.expirationTime is a string, right? Do we need to parse it to Date to compare?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, thank you for the suggestion!

  1. Updated the logic to return false if firebaseToken is null or firebaseToken.expirationTime is null.
  2. Updated!
  3. firebaseToken.expirationTime is a number - https://github.com/firebase/firebase-js-sdk/blob/gcip-byociam-web/packages/auth/src/model/public_types.ts#L981. Therefore, parsing to a Date object isn't necessary IMO.

Please let me know if you see any further concerns.

packages/auth/src/core/auth/auth_impl.ts Outdated
PasswordValidationStatus,
TenantConfig,
FirebaseToken
FirebaseToken,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Out of scope of this PR] Curious - Have we addressed the following concern?

"firebaseToken" is a really generic name -- "Firebase" is a huge suite of products that has many different types of tokens. Any and every change to the public API surface needs to go through review

https://github.com/firebase/firebase-js-sdk/pull/9119/files/97752d55296f7e2a3c5b9fbdd012348e75ec6ad1#r2176099535

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NhienLam NhienLam NhienLam requested changes

@pashanka pashanka pashanka approved these changes

@lisajian lisajian Awaiting requested review from lisajian lisajian is a code owner

@Xiaoshouzi-gh Xiaoshouzi-gh Awaiting requested review from Xiaoshouzi-gh Xiaoshouzi-gh is a code owner

@sam-gc sam-gc Awaiting requested review from sam-gc sam-gc is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mansisampat @google-oss-bot @NhienLam @pashanka