I'm using ubuntu 21
Firebase-admin 10.2.0
node v16
Steps to reproduce:
In the web app, sign in with your firebase user credentials (email/password in my case)
Now make a request to your backend API accessing an endpoint that will modify the user's email.
After this, the front-end app will indicate that the user needs to reauthenticate with firebase when trying to use the old token to make firebase requests.
Yet on the backend application, the front end can still send the old token to my backend API and the verifyIdToken method still validates the token and proceeds.
Environment
I'm using ubuntu 21 Firebase-admin 10.2.0 node v16
Steps to reproduce:
verifyIdToken
method still validates the token and proceeds.