Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Auth.verifyIdToken() #54

Merged
merged 1 commit into from
Oct 10, 2024
Merged

Fix Auth.verifyIdToken() #54

merged 1 commit into from
Oct 10, 2024

Conversation

labrom
Copy link
Contributor

@labrom labrom commented Oct 9, 2024
edited
Loading

Finish implementing the token verification using the updated dart_jsonwebtoken library

This is inspired from #48 but uses the verifyJwtSignature function.

Related Issues

fixes #20 #33

Checklist

Before you create this PR confirm that it meets all requirements listed below by checking the relevant checkboxes ([x]).

  • I have updated the CHANGELOG.md of the relevant packages.
    Changelog files must be edited under the form:

    ## Unreleased fix/major/minor

- Description of your change. (thanks to @yourGithubId)

  • If this contains new features or behavior changes,
    I have updated the documentation to match those changes.

@labrom
Fix Auth.verifyIdToken()
f942a34 
Finish implementing the token verification using the updated dart_jsonwebtoken library
@CLAassistant
Copy link

CLAassistant commented Oct 9, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

This was referenced Oct 9, 2024
Closed
Closed
rrousselGit
rrousselGit reviewed Oct 10, 2024
View reviewed changes
packages/dart_firebase_admin/lib/src/utils/jwt.dart
}
}

sealed class SecretOrPublicKey {}

@internal
Future<void> verifyJwtSignature(
void verifyJwtSignature(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch!

rrousselGit
rrousselGit reviewed Oct 10, 2024
View reviewed changes
packages/dart_firebase_admin/test/auth/jwt_test.dart
group('PublicKeySignatureVerifier', () {
final privateKey = RSAPrivateKey('''
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC7VJTUt9Us8cKj
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that a real key?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the one used in dart_jsonwebtoken's own tests.

rrousselGit
rrousselGit approved these changes Oct 10, 2024
View reviewed changes
Copy link
Collaborator

@rrousselGit rrousselGit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Just make sure that the RSA key isn't a real one. You wouldn't want to leak such a key ;)

@rrousselGit rrousselGit merged commit 67a03c7 into invertase:main Oct 10, 2024
2 of 3 checks passed
@labrom labrom deleted the auth_verify_id_token branch October 10, 2024 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rrousselGit rrousselGit rrousselGit approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Auth#verifyIdToken always throws unimplemented error
3 participants
@labrom @CLAassistant @rrousselGit