Implement #174 to handle additional token errors.

[HofmannZ]

As described in #174, there are a couple of scenarios where verifyIdToken was throwing an error, where it could actually be handled more gracefully.

This PR:

• implements the suggestions in Handle additional errors from verifyIdToken #174,
• upgrades the firebase and firebase-admin dependencies, and
• upgrades other dependencies that have non-breaking changes.

This PR also brings RFC issue #265 one step closer to being ready for launch 🚀.

[vercel]

@HofmannZ is attempting to deploy a commit to the Gladly Team on Vercel.

A member of the Team first needs to authorize it.

[codecov]

Codecov Report

Merging #312 (9d1e4d9) into v1.x (769e21e) will increase coverage by 0.20%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             v1.x     #312      +/-   ##
==========================================
+ Coverage   99.59%   99.80%   +0.20%     
==========================================
  Files          25       25              
  Lines         495      505      +10     
  Branches      176      182       +6     
==========================================
+ Hits          493      504      +11     
+ Misses          2        1       -1     

Impacted Files	Coverage Δ
src/firebaseAdmin.js	100.00% <100.00%> (+2.32%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 769e21e...9d1e4d9. Read the comment docs.

[HofmannZ]

@kmjennison - Ran the failing test locally without my changes, and it fails with the same error. Any idea why that might be?

[kmjennison]

@HofmannZ I'm not sure. Could you confirm your dependencies match the lockfile?

[HofmannZ]

@kmjennison - Yeah they do.

[kmjennison]

Thanks for the PR! A few changes:

• Handle additional errors to close out this issue: Handle additional errors from verifyIdToken #174
• Add test coverage for new errors

[kmjennison]

@HofmannZ Hmm, ok. I don't have much time to debug at the moment but will try to take a look when I can.

[HofmannZ]

@kmjennison - I will have a look at #174.

[HofmannZ]

@kmjennison - Ready for review! 👀

[kmjennison]

Thanks for taking on this PR! Requested a few small changes.

[kmjennison]

Not necessarily a change in this PR but wanted to ask your input: I'm wondering if it makes sense to return an unauthenticated user for any error, then call an optional onAuthError callback provided by user for the unexpected errors (ones we don't handle above). My thinking is that it's not particularly easy for developers to catch errors in withAuthUserSSR and in most cases an unauthed user + optional error log is preferable to a 500 error.

[HofmannZ]

Sounds like a good idea, bit out of scope for this PR. Will add a new PR for that when I find the time for it.

[kmjennison]

Thanks, I plan to take this work on soon.

[kmjennison]

Implemented this in #366.

[kmjennison]

Thanks, @HofmannZ! Merged in #361.