Skip to content

Added tenant-scoped custom token support #433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 30, 2020
Merged

Added tenant-scoped custom token support #433

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4ce89ff
Added tenant-scoped custom token support
hiranya911 Mar 26, 2020
6674428
Fixed a lint error; Improved test assertion
hiranya911 Mar 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion firebase_admin/_token_gen.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ def signing_provider(self):
'details on creating custom tokens.'.format(error, url))
return self._signing_provider

def create_custom_token(self, uid, developer_claims=None):
def create_custom_token(self, uid, developer_claims=None, tenant_id=None):
"""Builds and signs a Firebase custom auth token."""
if developer_claims is not None:
if not isinstance(developer_claims, dict):
Expand Down Expand Up @@ -161,6 +161,8 @@ def create_custom_token(self, uid, developer_claims=None):
'iat': now,
'exp': now + MAX_TOKEN_LIFETIME_SECONDS,
}
if tenant_id:
payload['tenant_id'] = tenant_id

if developer_claims is not None:
payload['claims'] = developer_claims
Expand Down
3 changes: 2 additions & 1 deletion firebase_admin/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -556,7 +556,8 @@ def tenant_id(self):
return self._tenant_id

def create_custom_token(self, uid, developer_claims=None):
return self._token_generator.create_custom_token(uid, developer_claims)
return self._token_generator.create_custom_token(
uid, developer_claims, tenant_id=self.tenant_id)

def verify_id_token(self, id_token, check_revoked=False):
"""Verifies the signature and data for the provided ID token."""
Expand Down
29 changes: 29 additions & 0 deletions tests/test_tenant_mgt.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@

import firebase_admin
from firebase_admin import auth
from firebase_admin import credentials
from firebase_admin import exceptions
from firebase_admin import tenant_mgt
from tests import testutils
Expand Down Expand Up @@ -731,6 +732,34 @@ def test_invalid_tenant_id(self, tenant_mgt_app):
assert excinfo.value.http_response is None


@pytest.fixture(scope='module')
def tenant_aware_custom_token_app():
cred = credentials.Certificate(testutils.resource_filename('service_account.json'))
app = firebase_admin.initialize_app(cred, name='tenantAwareCustomToken')
yield app
firebase_admin.delete_app(app)


class TestCreateCustomToken:

def test_custom_token(self, tenant_aware_custom_token_app):
client = tenant_mgt.auth_for_tenant('test-tenant', app=tenant_aware_custom_token_app)

custom_token = client.create_custom_token('user1')

test_token_gen.verify_custom_token(
custom_token, expected_claims=None, tenant_id='test-tenant')

def test_custom_token_with_claims(self, tenant_aware_custom_token_app):
client = tenant_mgt.auth_for_tenant('test-tenant', app=tenant_aware_custom_token_app)
claims = {'admin': True}

custom_token = client.create_custom_token('user1', claims)

test_token_gen.verify_custom_token(
custom_token, expected_claims=claims, tenant_id='test-tenant')


def _assert_tenant(tenant, tenant_id='tenant-id'):
assert isinstance(tenant, tenant_mgt.Tenant)
assert tenant.tenant_id == tenant_id
Expand Down
9 changes: 7 additions & 2 deletions tests/test_token_gen.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ def _merge_jwt_claims(defaults, overrides):
del defaults[key]
return defaults

def _verify_custom_token(custom_token, expected_claims):
def verify_custom_token(custom_token, expected_claims, tenant_id=None):
assert isinstance(custom_token, bytes)
token = google.oauth2.id_token.verify_token(
custom_token,
Expand All @@ -75,6 +75,11 @@ def _verify_custom_token(custom_token, expected_claims):
assert token['uid'] == MOCK_UID
assert token['iss'] == MOCK_SERVICE_ACCOUNT_EMAIL
assert token['sub'] == MOCK_SERVICE_ACCOUNT_EMAIL
if tenant_id is None:
assert 'tenant_id' not in token
else:
assert token['tenant_id'] == tenant_id

header = jwt.decode_header(custom_token)
assert header.get('typ') == 'JWT'
assert header.get('alg') == 'RS256'
Expand Down Expand Up @@ -198,7 +203,7 @@ class TestCreateCustomToken:
def test_valid_params(self, auth_app, values):
user, claims = values
custom_token = auth.create_custom_token(user, claims, app=auth_app)
_verify_custom_token(custom_token, claims)
verify_custom_token(custom_token, claims)

@pytest.mark.parametrize('values', invalid_args.values(), ids=list(invalid_args))
def test_invalid_params(self, auth_app, values):
Expand Down