Revoke Tokens #77
Merged
Revoke Tokens #77
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bklimt
reviewed
Jan 29, 2018
auth/auth.go
Outdated
| // ID token generated before revocation will be rejected with a token expired error. | ||
| // Note that due to the fact that the timestamp is stored in seconds, any tokens minted in | ||
| // the same second as the revocation will still be valid. If there is a chance that a token | ||
| // was minted in the last second, delay for 1 second before revoking.all tokens minted before the current second. |
There was a problem hiding this comment.
There's a weird space at the beginning of this line.
auth/auth.go
Outdated
| // In addition to revoking all refresh tokens for a user, all ID tokens issued | ||
| // before revocation will also be revoked on the Auth backend. Any request with an | ||
| // ID token generated before revocation will be rejected with a token expired error. | ||
| // Note that due to the fact that the timestamp is stored in seconds, any tokens minted in |
There was a problem hiding this comment.
Is the timestamp second granularity part of this client SDK, or is it a limitation of the backend API being called?
There was a problem hiding this comment.
The backend stores it as seconds since the epoch.
auth/auth.go
Outdated
| @@ -237,6 +248,25 @@ func (c *Client) VerifyIDToken(idToken string) (*Token, error) { | |||
| return p, nil | |||
| } | |||
|
|
|||
| // VerifyIDTokenWithCheckRevoked verifies the signature and payload of the provided ID token and | |||
auth/auth.go
Outdated
| // VerifyIDTokenWithCheckRevoked verifies the signature and payload of the provided ID token and | ||
| // if requested, whether it was revoked. | ||
| // see: VerifyIDToken above. | ||
| func (c *Client) VerifyIDTokenWithCheckRevoked(ctx context.Context, idToken string, checkToken bool) (*Token, error) { |
There was a problem hiding this comment.
It seems odd to have both of these pieces of functionality in one function. VerifyIdToken is already exposed as an API people could use any time they would otherwise call this with checkToken = false. So why not remove the checkToken parameter and always assume it's true? Then maybe the function could be named something like VerifyIDTokenNotRevoked. TBH, I don't really understand why VerifyIDToken doesn't already check the revoked state, though.
There was a problem hiding this comment.
validSince is initialized to 0 when creating a new user, and we are only introducing revoke here. so we probably will not break anything if we assume it to be true.
There was a problem hiding this comment.
Correction, valid since is initialized to the current timestamp.
auth/user_mgt.go
Outdated
| @@ -416,6 +424,13 @@ func validatePhone(val interface{}) error { | |||
| return nil | |||
| } | |||
|
|
|||
| func validateValidSince(val interface{}) error { | |||
| if _, ok := val.(int64); !ok { | |||
| return fmt.Errorf("tokens valid after time must be an integer") | |||
There was a problem hiding this comment.
I would either write this as:
"TokensValidAfterTime must be an integer"
or
"valid-after time for tokens must be an integer"
As it is, it's hard to read, because it's not clear that "tokens valid after time" is a compound, especially since the field is called "validSince" in other parts of the API.
Actually, why is it "validSince" in some places and "TokensValidAfterTime" in another?
There was a problem hiding this comment.
This is part of what was decided in the node api.
There was a problem hiding this comment.
It is valid since internally. it is exposed as tokensValidAfterMillis.
This validation is for a private function
integration/auth/user_mgt_test.go
Outdated
| @@ -65,6 +66,14 @@ func testCreateUsers(t *testing.T) { | |||
| if err != nil { | |||
| t.Fatal(err) | |||
| } | |||
| // make sure that the user.TokensValidAvterTime is not in the future or stale. | |||
hiranya911
suggested changes
Feb 2, 2018
CHANGELOG.md
Outdated
| has been added to invalidate all tokens issued before the current second. [added] A new property | ||
| method checks to see if the token has been revoked. | ||
| - [added] A new method ['RevokeRefreshTokens(uid)'](https://godoc.org/firebase.google.com/go/auth#Client.RevokeRefreshTokens) | ||
| has been added to invalidate all tokens issued before the current second. |
There was a problem hiding this comment.
... all refresh tokens issued to a user.
auth/auth.go
Outdated
| @@ -177,12 +177,12 @@ func (c *Client) CustomTokenWithClaims(uid string, devClaims map[string]interfac | |||
| return encodeToken(c.snr, defaultHeader(), payload) | |||
| } | |||
|
|
|||
| // RevokeRefreshTokens revokes all refresh tokens for the specified user. | |||
| // | |||
| // RevokeRefreshTokens revokes all refresh tokens for the specified user. | |||
auth/user_mgt.go
Outdated
| func validateValidSince(val interface{}) error { | ||
| if _, ok := val.(int64); !ok { | ||
| return fmt.Errorf("tokens valid after time must be an integer") | ||
| } |
There was a problem hiding this comment.
I'd just do a simple sign check to begin with. We can implement more restrictive checks later if it becomes necessary.
integration/auth/auth_test.go
Outdated
| if vt.UID != uid { | ||
| t.Errorf("UID = %q; want UID = %q", vt.UID, uid) | ||
| } | ||
| time.Sleep(time.Second) |
There was a problem hiding this comment.
This is missing a full stop somewhere.
integration/auth/user_mgt_test.go
Outdated
| @@ -51,13 +51,31 @@ func TestUserManagement(t *testing.T) { | |||
| {"Add custom claims", testAddCustomClaims}, | |||
| {"Delete test users", testDeleteUsers}, | |||
| } | |||
| // The tests are meant to be run in sequence, a failure in creating the users | |||
There was a problem hiding this comment.
Replace comma with full stop?
integration/auth/user_mgt_test.go
Outdated
| for _, run := range orderedRuns { | ||
| if ok := t.Run(run.name, run.testFunc); !ok { | ||
| t.Fatalf("Failed run %v", run.name) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| func forceCreateUser(uid string, params *auth.UserToCreate) (*auth.UserRecord, error) { |
There was a problem hiding this comment.
This looks hacky. Can we remove this from this PR? We should implement a better solution in a separate PR.
CHANGELOG.md
Outdated
|
|
||
| ### Token revokaction | ||
| - [added] A New ['VerifyIDTokenWithCheckRevoked(ctx, token)'](https://godoc.org/firebase.google.com/go/auth#Client.VerifyIDToken) | ||
| method checks to see if the token has been revoked. |
There was a problem hiding this comment.
method has been added to check for revoked ID tokens.
auth/auth.go
Outdated
| // | ||
| // RevokeRefreshTokens revokes all refresh tokens for the specified user. | ||
| // In addition to revoking all refresh tokens for a user, all ID tokens issued | ||
| // before revocation will also be revoked at the Auth backend. Any request with an |
There was a problem hiding this comment.
Hmmm... I don't think this is correct. Can we align this with what's documented at https://firebase.google.com/docs/reference/admin/node/admin.auth.Auth#revokeRefreshTokens ?
auth/auth.go
Outdated
| // VerifyIDToken verifies the signature and payload of the provided ID token. | ||
| // | ||
| // VerifyIDToken accepts a signed JWT token string, and verifies that it is current, issued for the | ||
| // correct Firebase project, and signed by the Google Firebase services in the cloud. It returns | ||
| // a Token containing the decoded claims in the input JWT. See | ||
| // https://firebase.google.com/docs/auth/admin/verify-id-tokens#retrieve_id_tokens_on_clients for | ||
| // more details on how to obtain an ID token in a client app. | ||
| // This does not check whether or not the token has been revoked, see VerifyIDTokenWithCheckRevoked below. |
hiranya911
approved these changes
Feb 5, 2018
auth/auth.go
Outdated
| // In addition to revoking all refresh tokens for a user, all ID tokens issued | ||
| // before revocation will also be revoked at the Auth backend. Any request with an | ||
| // ID token generated before revocation will be rejected with a token expired error. | ||
| // RevokeRefreshTokens updates the user's TokensValidAfterMillis to the current UTC second. |
There was a problem hiding this comment.
Please document this from the developer's point of view, and not SDK's point of view. Something like:
RevokeRefreshTokens revokes all refresh tokens issued to a user.
...
There was a problem hiding this comment.
This is pretty much in line with the Node docs. I am not sure I understand the comment. (i change the first line as suggested.)
auth/auth.go
Outdated
| @@ -194,7 +196,7 @@ func (c *Client) RevokeRefreshTokens(ctx context.Context, uid string) error { | |||
| // a Token containing the decoded claims in the input JWT. See | |||
| // https://firebase.google.com/docs/auth/admin/verify-id-tokens#retrieve_id_tokens_on_clients for | |||
| // more details on how to obtain an ID token in a client app. | |||
| // This does not check whether or not the token has been revoked, see VerifyIDTokenAndCheckRevoked below. | |||
| // This does not check whether or not the token has been revoked. see `VerifyIDTokenAndCheckRevoked` below. | |||
auth/user_mgt.go
Outdated
| if _, ok := val.(int64); !ok { | ||
| return fmt.Errorf("validSince must be an integer signifying seconds since the epoch") | ||
| if v, ok := val.(int64); !ok || v <= 0 { | ||
| return fmt.Errorf("validSince must be an positive integer signifying seconds since the epoch") |
There was a problem hiding this comment.
a positive integer representing...
auth/user_mgt.go
Outdated
| @@ -416,6 +427,13 @@ func validatePhone(val interface{}) error { | |||
| return nil | |||
| } | |||
|
|
|||
| func validateValidSince(val interface{}) error { | |||
There was a problem hiding this comment.
Given that there's no way for a user to set this explicitly, I wonder if this check is even needed. Consider removing.
bklimt
approved these changes
Feb 6, 2018
| @@ -177,13 +177,26 @@ func (c *Client) CustomTokenWithClaims(uid string, devClaims map[string]interfac | |||
| return encodeToken(c.snr, defaultHeader(), payload) | |||
| } | |||
|
|
|||
| // RevokeRefreshTokens revokes all refresh tokens issued to a user. | |||
| // | |||
| // RevokeRefreshTokens updates the user's TokensValidAfterMillis to the current UTC second. | |||
There was a problem hiding this comment.
Oh, I guess second is correct. I misread it before.
hiranya911
added a commit
that referenced
this pull request
Feb 14, 2018
* Renamed some tests and test parameters for clarity, and adhere to Go conventions (#74) * clean unused types (#76) * Create CHANGELOG.md (#75) (#79) * Create CHANGELOG.md Initial changelog based on https://firebase.google.com/support/release-notes/admin/go * change instance ID format (#82) Changing the format of the "non-existing" instance ID in the integration tests to comply with the expected iid format. * Import context from golang.org/x/net/ for 1.6 compatibility (#87) * import golang.org/x/net/context instead of context for 1.6 compatibility * Document non existing name in integration tests for iid (#85) * Revoke Tokens (#77) Adding TokensValidAfterMillis property, RevokeRefreshTokens(), and VerifyIDTokenAndCheckRevoked(). * Firebase Cloud Messaging API (#81) * Adding Firebase Cloud Messaging (#62) * initial commit for adding Firebase Cloud Messaging * add validator * use http const in messaging test * add client version header for stats * init integration test * add integration test (validated on IOS today) * add comment with URL to enable Firebase Cloud Messaging API * fix broken test * add integration tests * accept a Message instead of RequestMessage + and rename method + send / sendDryRun * update fcm url * rollback url endpoint * fix http constants, change responseMessage visibility, change map[string]interface{} as map[string]string * fix http constants * fix integration tests * fix APNS naming * add validators * Added APNS types; Updated tests * Added more tests; Fixed APNS serialization * Updated documentation * Improved error handling inFCM * Added utils file * Updated integration tests * Implemented topic management operations * Added integration tests * Updated CHANGELOG * Addressing code review comments * Supporting 0 valued Aps.Badge * Addressing some review comments * Removed some unused vars * Accepting prefixed topic names (#84) * Accepting prefixed topic named * Added a comment * Using new FCM error codes (#89) * Bumped version to 2.5.0 (#90)
hiranya911
pushed a commit
that referenced
this pull request
Mar 15, 2018
* Renamed some tests and test parameters for clarity, and adhere to Go conventions (#74) * clean unused types (#76) * Create CHANGELOG.md (#75) (#79) * Create CHANGELOG.md Initial changelog based on https://firebase.google.com/support/release-notes/admin/go * change instance ID format (#82) Changing the format of the "non-existing" instance ID in the integration tests to comply with the expected iid format. * Import context from golang.org/x/net/ for 1.6 compatibility (#87) * import golang.org/x/net/context instead of context for 1.6 compatibility * Document non existing name in integration tests for iid (#85) * Revoke Tokens (#77) Adding TokensValidAfterMillis property, RevokeRefreshTokens(), and VerifyIDTokenAndCheckRevoked(). * Firebase Cloud Messaging API (#81) * Adding Firebase Cloud Messaging (#62) * initial commit for adding Firebase Cloud Messaging * add validator * use http const in messaging test * add client version header for stats * init integration test * add integration test (validated on IOS today) * add comment with URL to enable Firebase Cloud Messaging API * fix broken test * add integration tests * accept a Message instead of RequestMessage + and rename method + send / sendDryRun * update fcm url * rollback url endpoint * fix http constants, change responseMessage visibility, change map[string]interface{} as map[string]string * fix http constants * fix integration tests * fix APNS naming * add validators * Added APNS types; Updated tests * Added more tests; Fixed APNS serialization * Updated documentation * Improved error handling inFCM * Added utils file * Updated integration tests * Implemented topic management operations * Added integration tests * Updated CHANGELOG * Addressing code review comments * Supporting 0 valued Aps.Badge * Addressing some review comments * Removed some unused vars * Accepting prefixed topic names (#84) * Accepting prefixed topic named * Added a comment * Using new FCM error codes (#89) * Bumped version to 2.5.0 (#90) * Lint (#96) * fix misspelling * add check error * missing copyright * Doc (#97) * update readme with Authentication Guide & Release Notes * fix a misspelling : separately * fix missing newline before package * add Go Report Card + update doc * add travis build for go versions 1.7.x -> 1.10.x (#98) * add build for go version 1.6.x -> 1.10.x * fix 1.10 version * fix context to golang.org/x/net/context for go 1.6 compatibility * add race detector + go vet on build + build without failure on go unstable * add go16 et go17 file due to req.withcontext which is only go 1.7 * fix context package * update go16.go to remove WithContext * update bad import * remove unused func * finally use ctxhttp.Do with multiple build version * ignore integration package for install * fix go get command * put go 1.6.X in allow_failures dur to test failure * fix inversion of code * remove go 1.6 support * revert initial version with req.WithContext * fix travis to support go 1.10.x * nits * Import context from standard package (#101) * Import context from standard package. * Firebase Database API (#92) * Experimental RTDB code * Added ref.Set() * Added Push(), Update(), Remove() and tests * Adding Transaction() support * Fixed Transaction() API * Code cleanup * Implemented Query() API * Added GetIfChanged() and integration tests * More integration tests * Updated unit test * More integration tests * Integration tests for queries * Auth override support and more tests * More test cases; AuthOverride support in App * Implemented AuthOverride support; Added tests * Implementing the new API * More code cleanup * Code clean up * Refactored the http client code * More tests * Boosted test coverage to 97% * Better error messages in tests; Added license headers * Added documentatioon and cleaned up tests * Fixing a build break * Finishing up documentation * More test cases * Implemented a reusable HTTP client API * Added test cases * Comment clean up * Using the shared http client API * Simplified the usage by adding HTTPClient * using the new client API * Using the old ctx import * Using the old context import * Refactored db code * More refactoring * Support for arbitrary entity types in the request * Renamed fields; Added documentation * Removing a redundant else case * Code readability improvements * Cleaned up the RTDB HTTP client code * Added shallow reads support; Added the new txn API * Implementing GetOrdered() for queries * Adding more sorting tests * Added Query ordering tests * Fixing some lint errors and compilation errors * Removing unused function * Cleaned up unit tests for db * Updated query impl and tests * Added integration tests for ordered queries * Removed With*() from query functions * Updated change log; Added more tests * Support for database url in auto init * Support for loading auth overrides from env * Removed db.AuthOverride type * Renamed ao to authOverride everywhere; Other code review nits * Introducing the QueryNode interface to handle ordered query results (#100) * Database Sample Snippets (#102) * Adding database snippets * Adding query snippets * Added complex query samples * Updated variable name * Fixing a typo * Fixing query example * Updated DB snippets to use GetOrdered() * Removing unnecessary placeholders in Fatalln() calls * Removing unnecessary placeholders in Fatalln() calls * Handling FCM canonical error codes (#103) * Formatting test file with gofmt (#104) * Bumped version to 2.6.0 (#105) * Formatting (simplification) changes (#107) * Checking for unformatted files in CI (#108) * Checking for unformatted files in CI * Adding newline at eof * Document Minimum Go Version (#111) * Fix invalid endpoint URL for topic unsubscribe (#114) * Fix error message for missing user (#113) * Update CHANGELOG.md (#117) * Removing unused member from auth.Client (#118) * Support Go 1.6 (#120) * all: use golang.org/x/net/context * internal: use ctxhttp to use /x/ context The 1.6 Request type doesn't have WithContext. * all: don't use subtests to keep 1.6 compatibility * integration: use float64 for fields with exp value Values like -7e+07 cannot be parsed into ints in Go 1.6. So, use floats instead. * integration/messaging: use t.Fatal not log.Fatal * travis: add 1.6.x * changelog: mention addition of 1.6 support * readme: mention go version support * Bumped version to 2.6.1 (#121) * Changlog updates (#123)
hiranya911
pushed a commit
that referenced
this pull request
Jun 12, 2018
Adding TokensValidAfterMillis property, RevokeRefreshTokens(), and VerifyIDTokenAndCheckRevoked().
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
go implementation of token revocation