VerifySessionCookieAsync() missing in TenantAwareFirebaseAuth

firebase / firebase-admin-dotnet

Firebase Admin .NET SDK

https://firebase.google.com/docs/admin/setup

Apache License 2.0

357 stars 129 forks source link

VerifySessionCookieAsync() missing in TenantAwareFirebaseAuth #324

Open utkarsh-bandekar opened 2 years ago

utkarsh-bandekar commented 2 years ago

I have seen a pull request which has the changes but those are not publicly available https://github.com/firebase/firebase-admin-dotnet/pull/232

google-oss-bot commented 2 years ago

I found a few problems with this issue:

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
This issue does not seem to follow the issue template. Make sure you provide all the required information.

lahirumaramba commented 2 years ago

Hi @utkarsh-bandekar VerifySessionCookieAsync API is available since the 1.12.0 release. Tested the following with the latest Admin .NET SDK version 2.3.0.

using FirebaseAdmin.Auth;

var decodedToken = await FirebaseAuth.DefaultInstance.
                        VerifySessionCookieAsync(
                            sessionCookie, checkRevoked);

charlesdesouza1 commented 2 years ago

@lahirumaramba The question is when tenant scoped, I think its not available when using a tenant.

lahirumaramba commented 2 years ago

@charlesdesouza1 you are right! It looks like the tenant aware changes were reverted in #237 as the feature was not supported by the backend services at that time. I will check if anything has changed in the Auth backend infrastructure to support tenant-scoped session cookies.

CC: @prameshj