Firebase-admin-node: createSessionCookie uses number when it should use a string

Created on 9 Nov 2020  路  9Comments  路  Source: firebase/firebase-admin-node

Originally reported here
https://github.com/firebase/firebase-tools/issues/2770#issuecomment-723364018


@samtstern I think this is a real issue, actually! I'm encountering it even though I'm executing createSessionCookie inside the function emulator. So I dug in, and I believe the validation schema is wrong. The auth emulator validation schema specifies validationDuration as a string, but firebase-admin-node constructs it as a number.

I note that the OpenAPI schema for createSessionCookie specifies the parameter as "string (int64 format)". If that means it's meant to be a string-encoded int64, then this is really a firebase-admin-node bug, although clearly the production auth server is accepting numbers for this parameter.

_Originally posted by @andymatuschak in https://github.com/firebase/firebase-tools/issues/2770#issuecomment-723364018_

Most helpful comment

FWIW: As of Firebase CLI v9.3.0, creating session cookie is now supported and we've also added coercion from number to string similar to production behavior (hat tip to @andymatuschak). Note that you need Node.js Admin SDK v9.5.0 to verify these cookies properly. (in reply to @aaronosher @muru)

All 9 comments

I am gettting this error also, have you found a work-around until it gets resolved?

It seems somehow to be accepting both string and number. If we can verify that, we can safely convert to string in the Admin SDK implementation. It should have no visible impact on customers.

Are there any news about this?
Unfortunately, I haven't found a workaround yet and the topic restricts local development considerably.

I am also receiving same error when calling admin.auth().revokeRefreshTokens(uid) while testing firebase functions using emulator.

This is blocking the local development in case of emulating session cookie creation.

So while experimenting, with my install of firebase-tools, I edited emulator/auth/apiSpec.js to expect an integer in validDuration, and then I got the following error, which implies that session cookies aren't supported at all in the emulator.

FirebaseAuthError: An internal error has occurred. Raw server response: "{"error":{"code":501,"message":"identitytoolkit.projects.createSessionCookie is not implemented in the Auth Emulator.","errors":[{"message":"identitytoolkit.projects.createSessionCookie is not implemented in the Auth Emulator.","reason":"unimplemented"}],"status":"NOT_IMPLEMENTED"}}"
    at FirebaseAuthError.FirebaseError [as constructor] (...\functions\node_modules\firebase-admin\lib\utils\error.js:44:28)
    at FirebaseAuthError.PrefixedFirebaseError [as constructor] (...\functions\node_modules\firebase-admin\lib\utils\error.js:90:28)
    at new FirebaseAuthError (...\functions\node_modules\firebase-admin\lib\utils\error.js:149:16)
    at Function.FirebaseAuthError.fromServerError (...\functions\node_modules\firebase-admin\lib\utils\error.js:188:16)
    at ...\functions\node_modules\firebase-admin\lib\auth\auth-api-request.js:1526:49
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async ...\functions\lib\app\index.js:85:31 {
      errorInfo: {
        code: 'auth/internal-error',
        message: 'An internal error has occurred. Raw server response: "{"error":{"code":501,"message":"identitytoolkit.projects.createSessionCookie is not implemented in the Auth Emulator.","errors":[{"message":"identitytoolkit.projects.createSessionCookie is not implemented in the Auth Emulator.","reason":"unimplemented"}],"status":"NOT_IMPLEMENTED"}}"'
      },
      codePrefix: 'auth'
    }

@aaronosher seems to be only usable when combined with the functions emulator: https://github.com/firebase/firebase-tools/issues/2764

FWIW: As of Firebase CLI v9.3.0, creating session cookie is now supported and we've also added coercion from number to string similar to production behavior (hat tip to @andymatuschak). Note that you need Node.js Admin SDK v9.5.0 to verify these cookies properly. (in reply to @aaronosher @muru)

I don't think any further changes in the Node.js Admin SDK is _required_, although it would still be nice to use the right data type, it shouldn't block local development now.

Was this page helpful?
0 / 5 - 0 ratings