-
Notifications
You must be signed in to change notification settings - Fork 890
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix JWT format and interop with Storage Emulator. Fixes #3442. #5002
Conversation
|
I broke... something this is gonna need a bit more work |
@abeisgoat looks like the rules have begun failing, which probably means the token is not encoded correctly:
|
Hi All! Any updates on this? I'm running into firebase-tools/issues/3442 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BLOCKING: We also need to update https://github.com/firebase/firebase-js-sdk/blob/master/packages/util/src/emulator.ts#L138
I suggest we just switch to base64url and trim the padding ourselves instead of introducing another dependency since we don't want to bloat @firebase/util which is used in almost all firebase packages. Plus it's a much smaller change and easier to reason about, especially given the broken decoding right now.
@@ -197,11 +197,7 @@ function createUnsecuredJwt(token: TokenOptions, projectId?: string): string { | |||
|
|||
// Unsecured JWTs use the empty string as a signature. | |||
const signature = ''; | |||
return [ | |||
base64.encodeString(JSON.stringify(header), /*webSafe=*/ false), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs use base64url instead of base64.
firebase-js-sdk/packages/util/src/crypt.ts
Line 339 in 5d31e21
export const base64Encode = function (str: string): string { |
f5ce3cf
to
832d30f
Compare
@yuchenshi plz take a look and I'm not sure why things are failing after the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's get this in first and then in a later PR I'll port the fix to https://github.com/firebase/firebase-js-sdk/blob/master/packages/util/src/emulator.ts#L138
Fixes firebase/firebase-tools#3442. This will be included in the next release. |
In rules-unit-testing, our naive implementation of unsigned JWT implementation wasn't spec compliant so it was breaking the storage emulator