Auth Blocking Function JWT Validation

[tannerlinsley]

When following the documentation for blocker functions here we noticed that there is quite a bit of internal JWT validation happening within this beforeCreateHandler abstraction:

const gcipCloudFunctions = require('gcip-cloud-functions');
const authClient = new gcipCloudFunctions.Auth();

exports.beforeCreate = authClient.functions().beforeCreateHandler((user, context) => {
  // ... We can assume the token is valid at this point? How?
})

• Is it possible to perform this JWT verification on our own?
• What is the flow happening in this abstraction? Is there an outline or further details on this flow?

cc: @derekperkins

[prameshj]

Yes, you can assume that JWT verification has happened at this step. beforeCreateHandler takes in a (user, context) => any function and returns an http handler (express.Request, express.Response) => Promise<void>.

the (user, context) => any function is invoked only after performing a token verification via jsonwebtoken verify(). You could do the same by accessing the id token using context.credential?.idToken?.