Skip to content

Commit

Permalink
Increased minimum expiry for custom token to 5 mins (as per firebase#…
Browse files Browse the repository at this point in the history
  • Loading branch information
rhodgkins committed Aug 9, 2021
1 parent 879bda8 commit 4683e65
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/auth/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -951,7 +951,7 @@ export namespace auth {
developerClaims?: { [key: string]: any };

/**
* The JWT expiration in milliseconds. The minimum allowed is X and the maximum allowed is 1 hour.
* The JWT expiration in milliseconds. The minimum allowed is 5 minutes and the maximum allowed is 1 hour.
* Defaults to 1 hour.
*/
expiresIn?: number;
Expand Down
2 changes: 1 addition & 1 deletion src/auth/token-generator.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import { HttpError } from '../utils/api-request';

const ALGORITHM_NONE: Algorithm = 'none' as const;

const MIN_JWT_EXPIRES_IN_MS = 1000;
const MIN_JWT_EXPIRES_IN_MS = 5 * 60 * 1000;
const ONE_HOUR_IN_MS = 60 * 60 * 1000;

// List of blacklisted claims which cannot be provided when creating a custom token
Expand Down
4 changes: 2 additions & 2 deletions test/unit/auth/token-generator.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ describe('FirebaseTokenGenerator', () => {
});

it('should throw given an invalid expiresIn', () => {
const invalidExpiresIns: any[] = [null, NaN, Infinity, _.noop, 0, 999, 3600001];
const invalidExpiresIns: any[] = [null, NaN, Infinity, _.noop, 0, 299999, 3600001];
invalidExpiresIns.forEach((invalidExpiresIn) => {
expect(() => {
tokenGenerator.createCustomToken(mocks.uid, { expiresIn: invalidExpiresIn });
Expand All @@ -233,7 +233,7 @@ describe('FirebaseTokenGenerator', () => {
});

it('should be fulfilled given a valid uid, empty object developer claims and valid expiresIn', () => {
return tokenGenerator.createCustomToken(mocks.uid, { developerClaims: {}, expiresIn: 1000 });
return tokenGenerator.createCustomToken(mocks.uid, { developerClaims: {}, expiresIn: 300000 });
});

it('should be fulfilled given a valid uid, valid developer claims and valid expiresIn', () => {
Expand Down

0 comments on commit 4683e65

Please sign in to comment.