firebase-admin-node icon indicating copy to clipboard operation
firebase-admin-node copied to clipboard

Published 20 hours ago verified publisher icon firebase

Firebase-admin verifies expired token (Cause of expiration: Change in credentials)

Open dullbenz opened this issue 2 years ago • 1 comments

Environment

I'm using ubuntu 21 Firebase-admin 10.2.0 node v16

Steps to reproduce:

  1. In the web app, sign in with your firebase user credentials (email/password in my case)
  2. Now make a request to your backend API accessing an endpoint that will modify the user's email.
  3. After this, the front-end app will indicate that the user needs to reauthenticate with firebase when trying to use the old token to make firebase requests.
  4. Yet on the backend application, the front end can still send the old token to my backend API and the verifyIdToken method still validates the token and proceeds.

dullbenz avatar Aug 04 '22 06:08 dullbenz

I found a few problems with this issue:

  • I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
  • This issue does not seem to follow the issue template. Make sure you provide all the required information.

google-oss-bot avatar Aug 04 '22 06:08 google-oss-bot