[ServerApp] Update feature branch Auth implementation to use the authIdToken

common/api-review/app.api.md

@@ -119,6 +119,11 @@ export function initializeServerApp(options: FirebaseOptions | FirebaseApp, conf
 // @internal (undocumented)
 export function _isFirebaseApp(obj: FirebaseApp | FirebaseOptions): obj is FirebaseApp;
 
+// Warning: (ae-forgotten-export) The symbol "FirebaseServerAppImpl" needs to be exported by the entry point index.d.ts
+//
+// @internal (undocumented)
+export function _isFirebaseServerAppImpl(obj: FirebaseApp | FirebaseServerApp): obj is FirebaseServerAppImpl;
+
 // @public
 export function onLog(logCallback: LogCallback | null, options?: LogOptions): void;
 

packages/app/src/firebaseServerApp.ts

@@ -69,6 +69,8 @@ export class FirebaseServerAppImpl
       this.automaticCleanup
     );
 
+    this.authIdToken = serverConfig.authIdToken;
+
     if (this._serverConfig.releaseOnDeref !== undefined) {
       this._finalizationRegistry.register(
         this._serverConfig.releaseOnDeref,
@@ -88,6 +90,8 @@ export class FirebaseServerAppImpl
     return this._serverConfig;
   }
 
+  authIdToken?: string;
+
   authIdTokenVerified(): Promise<void> {
     this.checkDestroyed();
     // TODO

packages/app/src/internal.ts

@@ -155,6 +155,20 @@ export function _isFirebaseApp(
   return (obj as FirebaseApp).options !== undefined;
 }
 
+/**
+ *
+ * @param obj - an object of type FirebaseApp.
+ *
+ * @returns true if the provided object is of type FirebaseServerAppImpl.
+ *
+ * @internal
+ */
+export function _isFirebaseServerAppImpl(
+  obj: FirebaseApp | FirebaseServerApp
+): obj is FirebaseServerAppImpl {
+  return (obj as FirebaseServerAppImpl).authIdToken !== undefined;
+}
+
 /**
  * Test only
  *

packages/auth/karma.conf.js

@@ -65,7 +65,8 @@ function getTestFiles(argv) {
       'src/**/*.test.ts',
       'test/helpers/**/*.test.ts',
       'test/integration/flows/anonymous.test.ts',
-      'test/integration/flows/email.test.ts'
+      'test/integration/flows/email.test.ts',
+      'test/integration/flows/firebaseserverapp.test.ts'
     ];
   }
 }

packages/auth/scripts/run_node_tests.ts

@@ -48,7 +48,9 @@ let testConfig = [
 ];
 
 if (argv.integration) {
-  testConfig = ['test/integration/flows/{email,anonymous}.test.ts'];
+  testConfig = [
+    'test/integration/flows/{email,anonymous,firebaseserverapp}.test.ts'
+  ];
   if (argv.local) {
     testConfig.push('test/integration/flows/*.local.test.ts');
   }

packages/auth/src/core/auth/initialize.ts

@@ -15,15 +15,21 @@
  * limitations under the License.
  */
 
-import { _getProvider, FirebaseApp } from '@firebase/app';
+import {
+  _getProvider,
+  _isFirebaseServerAppImpl,
+  FirebaseApp
+} from '@firebase/app';
 import { deepEqual } from '@firebase/util';
 import { Auth, Dependencies } from '../../model/public_types';
 
 import { AuthErrorCode } from '../errors';
 import { PersistenceInternal } from '../persistence';
 import { _fail } from '../util/assert';
 import { _getInstance } from '../util/instantiator';
-import { AuthImpl } from './auth_impl';
+import { AuthImpl, _castAuth } from './auth_impl';
+import { UserImpl } from '../user/user_impl';
+import { getAccountInfo } from '../../api/account_management/account';
 
 /**
  * Initializes an {@link Auth} instance with fine-grained control over
@@ -65,9 +71,32 @@ export function initializeAuth(app: FirebaseApp, deps?: Dependencies): Auth {
 
   const auth = provider.initialize({ options: deps }) as AuthImpl;
 
+  if (_isFirebaseServerAppImpl(app)) {
+    if (app.authIdToken !== undefined) {
+      void _loadUserFromIdToken(auth, app.authIdToken);
+    }
+  }
+
   return auth;
 }
 
+export async function _loadUserFromIdToken(
+  auth: Auth,
+  idToken: string
+): Promise<void> {
+  const response = await getAccountInfo(auth, { idToken });
+  const authInternal = _castAuth(auth);
+  await authInternal._initializationPromise;
+
+  const user = await UserImpl._fromGetAccountInfoResponse(
+    authInternal,
+    response,
+    idToken
+  );
+
+  await authInternal._updateCurrentUser(user);
+}
+
 export function _initializeAuthInstance(
   auth: AuthImpl,
   deps?: Dependencies

packages/auth/src/core/user/reload.ts

@@ -102,7 +102,7 @@ function mergeProviderData(
   return [...deduped, ...newData];
 }
 
-function extractProviderData(providers: ProviderUserInfo[]): UserInfo[] {
+export function extractProviderData(providers: ProviderUserInfo[]): UserInfo[] {
   return providers.map(({ providerId, ...provider }) => {
     return {
       providerId,

packages/auth/src/core/user/token_manager.test.ts

@@ -144,8 +144,35 @@ describe('core/user/token_manager', () => {
       });
     });
 
-    it('returns null if the refresh token is missing', async () => {
-      expect(await stsTokenManager.getToken(auth)).to.be.null;
+    it('returns non-null if the refresh token is missing but token still valid', async () => {
+      Object.assign(stsTokenManager, {
+        accessToken: 'token',
+        expirationTime: now + 100_000
+      });
+      const tokens = await stsTokenManager.getToken(auth, false);
+      expect(tokens).to.eql('token');
+    });
+
+    it('throws an error if the refresh token is missing and force refresh is true', async () => {
+      Object.assign(stsTokenManager, {
+        accessToken: 'token',
+        expirationTime: now + 100_000
+      });
+      await expect(stsTokenManager.getToken(auth, true)).to.be.rejectedWith(
+        FirebaseError,
+        "Firebase: The user's credential is no longer valid. The user must sign in again. (auth/user-token-expired)"
+      );
+    });
+
+    it('throws an error if the refresh token is missing and token is no longer valid', async () => {
+      Object.assign(stsTokenManager, {
+        accessToken: 'old-access-token',
+        expirationTime: now - 1
+      });
+      await expect(stsTokenManager.getToken(auth)).to.be.rejectedWith(
+        FirebaseError,
+        "Firebase: The user's credential is no longer valid. The user must sign in again. (auth/user-token-expired)"
+      );
     });
 
     it('throws an error if expired but refresh token is missing', async () => {

packages/auth/src/core/user/token_manager.ts

@@ -73,20 +73,26 @@ export class StsTokenManager {
     );
   }
 
+  updateFromIdToken(idToken: string): void {
+    _assert(idToken.length !== 0, AuthErrorCode.INTERNAL_ERROR);
+    const expiresIn = _tokenExpiresIn(idToken);
+    this.updateTokensAndExpiration(idToken, null, expiresIn);
+  }
+
   async getToken(
     auth: AuthInternal,
     forceRefresh = false
   ): Promise<string | null> {
-    _assert(
-      !this.accessToken || this.refreshToken,
-      auth,
-      AuthErrorCode.TOKEN_EXPIRED
-    );
+    if (!this.accessToken) {
+      _assert(this.refreshToken, auth, AuthErrorCode.TOKEN_EXPIRED);
+    }
 
     if (!forceRefresh && this.accessToken && !this.isExpired) {
       return this.accessToken;
     }
 
+    _assert(this.refreshToken, auth, AuthErrorCode.TOKEN_EXPIRED);
+
     if (this.refreshToken) {
       await this.refresh(auth, this.refreshToken!);
       return this.accessToken;
@@ -113,7 +119,7 @@ export class StsTokenManager {
 
   private updateTokensAndExpiration(
     accessToken: string,
-    refreshToken: string,
+    refreshToken: string | null,
     expiresInSec: number
   ): void {
     this.refreshToken = refreshToken || null;

packages/auth/src/core/user/user_impl.ts

@@ -15,11 +15,11 @@
  * limitations under the License.
  */
 
-import { IdTokenResult } from '../../model/public_types';
+import { IdTokenResult, UserInfo } from '../../model/public_types';
 import { NextFn } from '@firebase/util';
-
 import {
   APIUserInfo,
+  GetAccountInfoResponse,
   deleteAccount
 } from '../../api/account_management/account';
 import { FinalizeMfaResponse } from '../../api/authentication/mfa';
@@ -36,7 +36,7 @@ import { _assert } from '../util/assert';
 import { getIdTokenResult } from './id_token_result';
 import { _logoutIfInvalidated } from './invalidation';
 import { ProactiveRefresh } from './proactive_refresh';
-import { _reloadWithoutSaving, reload } from './reload';
+import { extractProviderData, _reloadWithoutSaving, reload } from './reload';
 import { StsTokenManager } from './token_manager';
 import { UserMetadata } from './user_metadata';
 import { ProviderId } from '../../model/enums';
@@ -333,4 +333,59 @@ export class UserImpl implements UserInternal {
     await _reloadWithoutSaving(user);
     return user;
   }
+
+  /**
+   * Initialize a User from an idToken server response
+   * @param auth
+   * @param idTokenResponse
+   */
+  static async _fromGetAccountInfoResponse(
+    auth: AuthInternal,
+    response: GetAccountInfoResponse,
+    idToken: string
+  ): Promise<UserInternal> {
+    const coreAccount = response.users[0];
+    _assert(coreAccount.localId !== undefined, AuthErrorCode.INTERNAL_ERROR);
+
+    const providerData: UserInfo[] =
+      coreAccount.providerUserInfo !== undefined
+        ? extractProviderData(coreAccount.providerUserInfo)
+        : [];
+
+    const isAnonymous =
+      !(coreAccount.email && coreAccount.passwordHash) && !providerData?.length;
+
+    const stsTokenManager = new StsTokenManager();
+    stsTokenManager.updateFromIdToken(idToken);
+
+    // Initialize the Firebase Auth user.
+    const user = new UserImpl({
+      uid: coreAccount.localId,
+      auth,
+      stsTokenManager,
+      isAnonymous
+    });
+
+    // update the user with data from the GetAccountInfo response.
+    const updates: Partial<UserInternal> = {
+      uid: coreAccount.localId,
+      displayName: coreAccount.displayName || null,
+      photoURL: coreAccount.photoUrl || null,
+      email: coreAccount.email || null,
+      emailVerified: coreAccount.emailVerified || false,
+      phoneNumber: coreAccount.phoneNumber || null,
+      tenantId: coreAccount.tenantId || null,
+      providerData,
+      metadata: new UserMetadata(
+        coreAccount.createdAt,
+        coreAccount.lastLoginAt
+      ),
+      isAnonymous:
+        !(coreAccount.email && coreAccount.passwordHash) &&
+        !providerData?.length
+    };
+
+    Object.assign(user, updates);
+    return user;
+  }
 }