Implement App Check auto refresh timing and opt out flag

[hsubox76]

• Implement global opt-out. API proposal is here: https://docs.google.com/document/d/17RZDbKMRtgHoRGcyAR_KIAHPStr2aFnJmFsffO50pRI/edit?hl=en&forcehl=1#

• Implement auto-refresh timing. Formula is issuedAtTime + (50% * TTL) + 5 minutes from here: https://docs.google.com/document/d/1fi4xUsARCs3Uc8c46KvNiIf2rQeWnjxvODW-h0coSmo/edit?resourcekey=0-IK3tvAt8BxEmzoOHbbRfcg&disco=AAAAIUhr8kE

The second required an additional AppCheckTokenInternal type to be created that extends AppCheckToken with a issuedAtTimeMillis field, which is needed to calculate the auto refresh time. This info can also be extracted from the token, but I am following Android's example of adding this data to an internal token type using the local client's clock to avoid clock skew (the issued-at-time in the token is server time).

[changeset-bot]

⚠️ No Changeset found

Latest commit: 60447d2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[google-oss-bot]

Binary Size Report

Affected SDKs

• @firebase/database

  Type	Base (919413c)	Head (35f6928)	Diff
  browser	295 kB	296 kB	+535 B (+0.2%)
  esm2017	264 kB	265 kB	+526 B (+0.2%)
  main	298 kB	298 kB	+520 B (+0.2%)
  module	295 kB	296 kB	+535 B (+0.2%)

• @firebase/database-compat

  Type	Base (919413c)	Head (35f6928)	Diff
  browser	86.3 kB	86.3 kB	+19 B (+0.0%)
  main	102 kB	102 kB	+48 B (+0.0%)
  module	86.3 kB	86.3 kB	+19 B (+0.0%)

• @firebase/database-exp

  Type	Base (919413c)	Head (35f6928)	Diff
  browser	245 kB	246 kB	+507 B (+0.2%)
  main	277 kB	278 kB	+472 B (+0.2%)
  module	245 kB	246 kB	+507 B (+0.2%)

• @firebase/util

  Type	Base (919413c)	Head (35f6928)	Diff
  browser	20.2 kB	21.2 kB	+981 B (+4.9%)
  esm2017	19.0 kB	20.0 kB	+991 B (+5.2%)
  main	24.6 kB	25.8 kB	+1.17 kB (+4.8%)
  module	20.2 kB	21.2 kB	+981 B (+4.9%)

• firebase

  Type	Base (919413c)	Head (35f6928)	Diff
  firebase-database.js	186 kB	187 kB	+883 B (+0.5%)
  firebase.js	873 kB	874 kB	+886 B (+0.1%)

Test Logs

• Base (919413cd): https://github.com/firebase/firebase-js-sdk/actions/runs/790799128
• Head (35f69283): https://github.com/firebase/firebase-js-sdk/actions/runs/807421693

[google-oss-bot]

Size Analysis Report

Affected Products

Diffs between base commit (919413c) and head commit (5849aae) are too large (479,509 characters) to display.

Please check below links to see details from the original test log.

Test Logs

• Head (5849aae): https://github.com/firebase/firebase-js-sdk/actions/runs/808218069

[Feiyang1]

the customToken might be issued earlier than the current timestamp. It might be okay to assume it to be the current timestamp for the purpose of determining the refresh time, but is it the case? We should add comments to clarify.

[hsubox76]

I might be misunderstanding but I think that if it was issued earlier, it would be in the cache and this function would have returned in line 105? Once it's fetched here it'll be written to storage in line 144. Unless the custom getToken() method has its own code to read/write from its own separate cache, where someone might have wiped Firebase AppCheck's cache but didn't wipe out the user's custom cache??, which, should we worry about that?

[Feiyang1]

It could happen when customProvider.getToken() executes for the first time before cache comes into play. Since customProvider is implemented by developers, it can return a token created 3 hours ago or 2 days ago.