Review fixes.

Author: DellaBitta

docs-devsite/app.firebaseserverappsettings.md

@@ -23,14 +23,16 @@ export interface FirebaseServerAppSettings extends Omit<FirebaseAppSettings, 'na
 
 |  Property | Type | Description |
 |  --- | --- | --- |
-|  [appCheckToken](./app.firebaseserverappsettings.md#firebaseserverappsettingsappchecktoken) | string | An optional App Check token. If provided, the Firebase SDKs that use App Check will utilize this App Check token in place of requiring an instance of App Check to be initialized. |
-|  [authIdToken](./app.firebaseserverappsettings.md#firebaseserverappsettingsauthidtoken) | string | An optional Auth ID token used to resume a signed in user session from a client runtime environment.<!-- -->Invoking <code>getAuth</code> with a <code>FirebaseServerApp</code> configured with a validated <code>authIdToken</code> causes an automatic attempt to sign in the user that the <code>authIdToken</code> represents. The token needs to have been recently minted for this operation to succeed.<!-- -->If the token fails local verification, or if the Auth service has failed to validate it when the Auth SDK is initialized, then a warning is logged to the console and the Auth SDK will not sign in a user on initialization.<!-- -->If a user is successfully signed in, then the Auth instance's <code>onAuthStateChanged</code> callback is invoked with the <code>User</code> object as per standard Auth flows. However, <code>User</code> objects created via an <code>authIdToken</code> do not have a refresh token. Attempted <code>refreshToken</code> operations fail. |
+|  [appCheckToken](./app.firebaseserverappsettings.md#firebaseserverappsettingsappchecktoken) | string | An optional App Check token. If provided, the Firebase SDKs that use App Check will utilize this App Check token in place of requiring an instance of App Check to be initialized.<!-- -->If the token fails local verification due to expiration or parsing errors, then a console error is logged at the time of initialization of the <code>FirebaseServerApp</code> instance. |
+|  [authIdToken](./app.firebaseserverappsettings.md#firebaseserverappsettingsauthidtoken) | string | An optional Auth ID token used to resume a signed in user session from a client runtime environment.<!-- -->Invoking <code>getAuth</code> with a <code>FirebaseServerApp</code> configured with a validated <code>authIdToken</code> causes an automatic attempt to sign in the user that the <code>authIdToken</code> represents. The token needs to have been recently minted for this operation to succeed.<!-- -->If the token fails local verification due to expiration or parsing errors, then a console error is logged at the time of initialization of the <code>FirebaseServerApp</code> instance.<!-- -->If the Auth service has failed to validate the token when the Auth SDK is initialized, then an warning is logged to the console and the Auth SDK will not sign in a user on initialization.<!-- -->If a user is successfully signed in, then the Auth instance's <code>onAuthStateChanged</code> callback is invoked with the <code>User</code> object as per standard Auth flows. However, <code>User</code> objects created via an <code>authIdToken</code> do not have a refresh token. Attempted <code>refreshToken</code> operations fail. |
 |  [releaseOnDeref](./app.firebaseserverappsettings.md#firebaseserverappsettingsreleaseonderef) | object | An optional object. If provided, the Firebase SDK uses a <code>FinalizationRegistry</code> object to monitor the garbage collection status of the provided object. The Firebase SDK releases its reference on the <code>FirebaseServerApp</code> instance when the provided <code>releaseOnDeref</code> object is garbage collected.<!-- -->You can use this field to reduce memory management overhead for your application. If provided, an app running in a SSR pass does not need to perform <code>FirebaseServerApp</code> cleanup, so long as the reference object is deleted (by falling out of SSR scope, for instance.)<!-- -->If an object is not provided then the application must clean up the <code>FirebaseServerApp</code> instance by invoking <code>deleteApp</code>.<!-- -->If the application provides an object in this parameter, but the application is executed in a JavaScript engine that predates the support of <code>FinalizationRegistry</code> (introduced in node v14.6.0, for instance), then an error is thrown at <code>FirebaseServerApp</code> initialization. |
 
 ## FirebaseServerAppSettings.appCheckToken
 
 An optional App Check token. If provided, the Firebase SDKs that use App Check will utilize this App Check token in place of requiring an instance of App Check to be initialized.
 
+If the token fails local verification due to expiration or parsing errors, then a console error is logged at the time of initialization of the `FirebaseServerApp` instance.
+
 <b>Signature:</b>
 
 ```typescript
@@ -43,7 +45,9 @@ An optional Auth ID token used to resume a signed in user session from a client
 
 Invoking `getAuth` with a `FirebaseServerApp` configured with a validated `authIdToken` causes an automatic attempt to sign in the user that the `authIdToken` represents. The token needs to have been recently minted for this operation to succeed.
 
-If the token fails local verification, or if the Auth service has failed to validate it when the Auth SDK is initialized, then a warning is logged to the console and the Auth SDK will not sign in a user on initialization.
+If the token fails local verification due to expiration or parsing errors, then a console error is logged at the time of initialization of the `FirebaseServerApp` instance.
+
+If the Auth service has failed to validate the token when the Auth SDK is initialized, then an warning is logged to the console and the Auth SDK will not sign in a user on initialization.
 
 If a user is successfully signed in, then the Auth instance's `onAuthStateChanged` callback is invoked with the `User` object as per standard Auth flows. However, `User` objects created via an `authIdToken` do not have a refresh token. Attempted `refreshToken` operations fail.
 

packages/app/src/errors.ts

@@ -31,9 +31,7 @@ export const enum AppError {
   IDB_WRITE = 'idb-set',
   IDB_DELETE = 'idb-delete',
   FINALIZATION_REGISTRY_NOT_SUPPORTED = 'finalization-registry-not-supported',
-  INVALID_SERVER_APP_ENVIRONMENT = 'invalid-server-app-environment',
-  INVALID_SERVER_APP_TOKEN_FORMAT = 'invalid-server-app-token-format',
-  SERVER_APP_TOKEN_EXPIRED = 'server-app-token-expired'
+  INVALID_SERVER_APP_ENVIRONMENT = 'invalid-server-app-environment'
 }
 
 const ERRORS: ErrorMap<AppError> = {
@@ -63,11 +61,7 @@ const ERRORS: ErrorMap<AppError> = {
   [AppError.FINALIZATION_REGISTRY_NOT_SUPPORTED]:
     'FirebaseServerApp deleteOnDeref field defined but the JS runtime does not support FinalizationRegistry.',
   [AppError.INVALID_SERVER_APP_ENVIRONMENT]:
-    'FirebaseServerApp is not for use in browser environments.',
-  [AppError.INVALID_SERVER_APP_TOKEN_FORMAT]:
-    'FirebaseServerApp {$tokenName} could not be parsed.',
-  [AppError.SERVER_APP_TOKEN_EXPIRED]:
-    'FirebaseServerApp {$tokenName} could not be parsed.'
+    'FirebaseServerApp is not for use in browser environments.'
 };
 
 interface ErrorParams {
@@ -81,8 +75,6 @@ interface ErrorParams {
   [AppError.IDB_WRITE]: { originalErrorMessage?: string };
   [AppError.IDB_DELETE]: { originalErrorMessage?: string };
   [AppError.FINALIZATION_REGISTRY_NOT_SUPPORTED]: { appName?: string };
-  [AppError.INVALID_SERVER_APP_TOKEN_FORMAT]: { tokenName: string };
-  [AppError.SERVER_APP_TOKEN_EXPIRED]: { tokenName: string };
 }
 
 export const ERROR_FACTORY = new ErrorFactory<AppError, ErrorParams>(

packages/app/src/firebaseServerApp.test.ts

@@ -193,53 +193,6 @@ describe('FirebaseServerApp', () => {
     expect(encounteredError).to.be.false;
   });
 
-  it('throws when authIdToken has expired', () => {
-    const options = { apiKey: 'APIKEY' };
-    const authIdToken = createServerAppTokenWithOffset(/*daysOffset=*/ -1);
-    const serverAppSettings: FirebaseServerAppSettings = {
-      automaticDataCollectionEnabled: false,
-      releaseOnDeref: options,
-      authIdToken
-    };
-    let encounteredError = false;
-    try {
-      new FirebaseServerAppImpl(
-        options,
-        serverAppSettings,
-        'testName',
-        new ComponentContainer('test')
-      );
-    } catch (e) {
-      encounteredError = true;
-      expect((e as Error).toString()).to.contain(
-        'app/server-app-token-expired'
-      );
-    }
-    expect(encounteredError).to.be.true;
-  });
-
-  it('throws when authIdToken has too few parts', () => {
-    const options = { apiKey: 'APIKEY' };
-    const authIdToken = 'blah';
-    const serverAppSettings: FirebaseServerAppSettings = {
-      automaticDataCollectionEnabled: false,
-      releaseOnDeref: options,
-      authIdToken: base64Encode(authIdToken)
-    };
-    let encounteredError = false;
-    try {
-      new FirebaseServerAppImpl(
-        options,
-        serverAppSettings,
-        'testName',
-        new ComponentContainer('test')
-      );
-    } catch (e) {
-      encounteredError = true;
-    }
-    expect(encounteredError).to.be.true;
-  });
-
   it('accepts a valid appCheckToken expiration', () => {
     const options = { apiKey: 'APIKEY' };
     const appCheckToken = createServerAppTokenWithOffset(/*daysOffset=*/ 1);
@@ -261,51 +214,4 @@ describe('FirebaseServerApp', () => {
     }
     expect(encounteredError).to.be.false;
   });
-
-  it('throws when appCheckToken has expired', () => {
-    const options = { apiKey: 'APIKEY' };
-    const appCheckToken = createServerAppTokenWithOffset(/*daysOffset=*/ -1);
-    const serverAppSettings: FirebaseServerAppSettings = {
-      automaticDataCollectionEnabled: false,
-      releaseOnDeref: options,
-      appCheckToken
-    };
-    let encounteredError = false;
-    try {
-      new FirebaseServerAppImpl(
-        options,
-        serverAppSettings,
-        'testName',
-        new ComponentContainer('test')
-      );
-    } catch (e) {
-      encounteredError = true;
-      expect((e as Error).toString()).to.contain(
-        'app/server-app-token-expired'
-      );
-    }
-    expect(encounteredError).to.be.true;
-  });
-
-  it('throws when appCheckToken has too few parts', () => {
-    const options = { apiKey: 'APIKEY' };
-    const appCheckToken = 'blah';
-    const serverAppSettings: FirebaseServerAppSettings = {
-      automaticDataCollectionEnabled: false,
-      releaseOnDeref: options,
-      appCheckToken: base64Encode(appCheckToken)
-    };
-    let encounteredError = false;
-    try {
-      new FirebaseServerAppImpl(
-        options,
-        serverAppSettings,
-        'testName',
-        new ComponentContainer('test')
-      );
-    } catch (e) {
-      encounteredError = true;
-    }
-    expect(encounteredError).to.be.true;
-  });
 });

packages/app/src/firebaseServerApp.ts

@@ -29,27 +29,30 @@ import { name as packageName, version } from '../package.json';
 import { base64Decode } from '@firebase/util';
 
 // Parse the token and check to see if the `exp` claim is in the future.
-// Throws an error if the token or claim could not be parsed, or if `exp` is in the past.
+// Reports an error to the console if the token or claim could not be parsed, or if `exp` is in
+// the past.
 function validateTokenTTL(base64Token: string, tokenName: string): void {
   const secondPart = base64Decode(base64Token.split('.')[1]);
   if (secondPart === null) {
-    throw ERROR_FACTORY.create(AppError.INVALID_SERVER_APP_TOKEN_FORMAT, {
-      tokenName
-    });
+    console.error(
+      `FirebaseServerApp ${tokenName} is invalid: second part could not be parsed.`
+    );
+    return;
   }
   const expClaim = JSON.parse(secondPart).exp;
   if (expClaim === undefined) {
-    throw ERROR_FACTORY.create(AppError.INVALID_SERVER_APP_TOKEN_FORMAT, {
-      tokenName
-    });
+    console.error(
+      `FirebaseServerApp ${tokenName} is invalid: expiration claim could not be parsed`
+    );
+    return;
   }
   const exp = JSON.parse(secondPart).exp * 1000;
   const now = new Date().getTime();
   const diff = exp - now;
   if (diff <= 0) {
-    throw ERROR_FACTORY.create(AppError.SERVER_APP_TOKEN_EXPIRED, {
-      tokenName
-    });
+    console.error(
+      `FirebaseServerApp ${tokenName} is invalid: the token has expired.`
+    );
   }
 }
 

packages/app/src/public-types.ts

@@ -185,9 +185,11 @@ export interface FirebaseServerAppSettings
    * causes an automatic attempt to sign in the user that the `authIdToken` represents. The token
    * needs to have been recently minted for this operation to succeed.
    *
-   * If the token fails local verification, or if the Auth service has failed to validate it when
-   * the Auth SDK is initialized, then a warning is logged to the console and the Auth SDK will not
-   * sign in a user on initialization.
+   * If the token fails local verification due to expiration or parsing errors, then a console error
+   * is logged at the time of initialization of the `FirebaseServerApp` instance.
+   *
+   * If the Auth service has failed to validate the token when the Auth SDK is initialized, then an
+   * warning is logged to the console and the Auth SDK will not sign in a user on initialization.
    *
    * If a user is successfully signed in, then the Auth instance's `onAuthStateChanged` callback
    * is invoked with the `User` object as per standard Auth flows. However, `User` objects
@@ -199,6 +201,9 @@ export interface FirebaseServerAppSettings
   /**
    * An optional App Check token. If provided, the Firebase SDKs that use App Check will utilize
    * this App Check token in place of requiring an instance of App Check to be initialized.
+   *
+   * If the token fails local verification due to expiration or parsing errors, then a console error
+   * is logged at the time of initialization of the `FirebaseServerApp` instance.
    */
   appCheckToken?: string;
 

packages/firestore/src/api/credentials.ts

@@ -569,7 +569,7 @@ export class FirebaseAppCheckTokenProvider
   }
 
   getToken(): Promise<Token | null> {
-    if (this.serverAppAppCheckToken !== null) {
+    if (this.serverAppAppCheckToken) {
       return Promise.resolve(new AppCheckToken(this.serverAppAppCheckToken));
     }
     debugAssert(
@@ -647,7 +647,7 @@ export class LiteAppCheckTokenProvider implements CredentialsProvider<string> {
   }
 
   getToken(): Promise<Token | null> {
-    if (this.serverAppAppCheckToken !== null) {
+    if (this.serverAppAppCheckToken) {
       return Promise.resolve(new AppCheckToken(this.serverAppAppCheckToken));
     }