Revoke tokens and verify check revoked snippets #21
Conversation
.project
Outdated
| @@ -0,0 +1,17 @@ | |||
| <?xml version="1.0" encoding="UTF-8"?> | |||
There was a problem hiding this comment.
I think these .project files should be excluded
There was a problem hiding this comment.
yes, they snuck right in there in the last commit,
removing
|
@avishalom Travis is saying that things don't compile. Are these snippets for unreleased code? |
|
Yes, |
|
@avishalom yeah there's not much we can do since the Java Admin SDK does not publish snapshot builds anywhere. We'll just have to hold this PR unmerged until the SDK is released and we can update your branch to the public version (I guess |
|
Ok, we can do it in steps. |
|
@avishalom that pull request was sent before I enabled Travis on the repository (I only added Travis this week) so I guess it never built at all. |
| try { | ||
| // Verify the ID token while checking if the token is revoked by passing checkRevoked | ||
| // as true. | ||
| FirebaseToken decodedToken = FirebaseAuth.getInstance().verifyIdTokenAsync(idToken, true).get(); |
There was a problem hiding this comment.
Change this as follows for clarity:
boolean checkRevoked = true;
FirebaseToken decodedToken = FirebaseAuth.getInstance().verifyIdTokenAsync(idToken, checkRevoked).get();
| String uid = decodedToken.getUid(); | ||
| } | ||
| catch (FirebaseAuthException e) { | ||
| if (FirebaseUserManager.ID_TOKEN_REVOKED_ERROR == e.getErrorCode()) { |
There was a problem hiding this comment.
Is this really visible in the public API?
| System.out.println("Decoded ID token from user: " + uid); | ||
| } | ||
|
|
||
| public static void revokeIdTokens(String idToken) throws InterruptedException, ExecutionException { |
There was a problem hiding this comment.
This looks like an equivalent version of a Functions sample we have in docs. If so, it might not be useful at this point.
| // Save the refresh token revocation timestamp. This is needed to track ID token | ||
| // revocation via Firebase rules. | ||
| DatabaseReference ref = FirebaseDatabase.getInstance().getReference("metadata/" + uid); | ||
| ref.setValueAsync(MapBuilder.of("revokeTime", revocationSecond)); |
There was a problem hiding this comment.
Add .get() at the end to block?
| String uid = decodedToken.getUid(); | ||
| System.out.println("Decoded ID token not revoked from user: " + uid); |
There was a problem hiding this comment.
Probably a comment // Token is valid is sufficient here
| } | ||
| catch (FirebaseAuthException e) { | ||
| if (FirebaseUserManager.ID_TOKEN_REVOKED_ERROR == e.getErrorCode()) { | ||
| if ("id-token-revoked" == e.getErrorCode()) { |
| @@ -234,13 +235,14 @@ public static void revokeIdTokens(String idToken) throws InterruptedException, E | |||
| UserRecord user = FirebaseAuth.getInstance().getUserAsync(uid).get(); | |||
| // Convert to seconds as the auth_time in the token claims is in seconds too. | |||
| long revocationSecond = user.getTokensValidAfterTimestamp() / 1000; | |||
| System.err.println("Tokens revoked at: ", revocationSecond); | |||
No description provided.