Giters

firebase / firebase-admin-go

Firebase Admin Go SDK

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

If `FIREBASE_AUTH_EMULATOR_HOST` is set, `VerifyIDToken` calls the Firebase Emulator, but shouldn't

arzonus opened this issue · comments

commented

[REQUIRED] Step 2: Describe your environment

  • Operating System version: no matter
  • Firebase SDK version: firebase.google.com/go/v4 v4.10.0
  • Library version: v4.10.0
  • Firebase Product: auth

[REQUIRED] Step 3: Describe the problem

I am working on functionality using AdminSDK to verify ID tokens by the VerifyIDToken function. I would like to write tests including calls of the method, but I found that the SDK tries to call a Firebase Emulator, which host is defined by FIREBASE_AUTH_EMULATOR_HOST variable.

I was surprised because I was sure VerifyIDToken shouldn't call the emulator to check user revocation. I found the place where the problem happens. Could you please describe the reason for this behavior or help me to avoid calls to the emulator?

Relevant Code:

// IDToken returns a valid ID token
func IDToken(uid string) (string, error) {
	const projectID = "project-id"

	var headers = map[string]interface{}{
		"alg": "none",
		"typ": "JWT",
	}

	jsonHeaders, err := json.Marshal(headers)
	if err != nil {
		return "", err
	}
	encodedHeaders := jwt.EncodeSegment(jsonHeaders)

	var claims = map[string]interface{}{
		"aud":       projectID,
		"iss":       "https://securetoken.google.com/" + projectID,
		"iat":       time.Now().Unix() - 100,
		"exp":       time.Now().Unix() + 3600,
		"auth_time": time.Now().Unix() - 100,
		"sub":       "1234567890",
		"uid":       uid,
	}

	jsonClaims, err := json.Marshal(claims)
	if err != nil {
		return "", err
	}
	encodedClaims := jwt.EncodeSegment(jsonClaims)

	return encodedHeaders + "." + encodedClaims + ".", nil
}

func check() {
  ctx := context.Background()
  token, _ := IDToken("uid")
  os.Setenv("FIREBASE_AUTH_EMULATOR_HOST", "localhost:9099")
  

  app, _ := firebase.NewApp(ctx, nil)
  auth, _ :=  app.Auth(ctx)
  t, err := auth.VerifyIDToken(ctx, token)
  if err != nil {
    fmt.Println(err)
  }
}

I get this error

failed to establish a connection: Post \"http://localhost:9099/identitytoolkit.googleapis.com/v1/projects/project-id/accounts:lookup\": dial tcp [::1]:9099: connect: connection refused"

Thank you!