Open tannerlinsley opened 3 years ago
Yes, you can assume that JWT verification has happened at this step. beforeCreateHandler takes in a (user, context) => any
function and returns an http handler (express.Request, express.Response) => Promise<void>
.
the (user, context) => any
function is invoked only after performing a token verification via jsonwebtoken verify(). You could do the same by accessing the id token using context.credential?.idToken?.
When following the documentation for blocker functions here we noticed that there is quite a bit of internal JWT validation happening within this
beforeCreateHandler
abstraction:cc: @derekperkins