From b146861452f5b3d9f0f25302b90c9b99e97c461f Mon Sep 17 00:00:00 2001
From: Rich Hodgkins <rich@bookcreator.com>
Date: Thu, 22 Jul 2021 14:31:05 +0100
Subject: [PATCH] Increased minimum expiry for custom token to 5 mins (as per
 https://github.com/firebase/firebase-admin-node/issues/1016#issuecomment-846305419)

---
 src/auth/index.ts                      | 2 +-
 src/auth/token-generator.ts            | 2 +-
 test/unit/auth/token-generator.spec.ts | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/auth/index.ts b/src/auth/index.ts
index f58b7f6ae4..73177f5e44 100644
--- a/src/auth/index.ts
+++ b/src/auth/index.ts
@@ -951,7 +951,7 @@ export namespace auth {
     developerClaims?: { [key: string]: any };
 
     /** 
-     * The JWT expiration in milliseconds. The minimum allowed is X and the maximum allowed is 1 hour.
+     * The JWT expiration in milliseconds. The minimum allowed is 5 minutes and the maximum allowed is 1 hour.
      * Defaults to 1 hour. 
      */
     expiresIn?: number;
diff --git a/src/auth/token-generator.ts b/src/auth/token-generator.ts
index fb6e4f2540..c18726035b 100644
--- a/src/auth/token-generator.ts
+++ b/src/auth/token-generator.ts
@@ -27,7 +27,7 @@ import { HttpError } from '../utils/api-request';
 
 const ALGORITHM_NONE: Algorithm = 'none' as const;
 
-const MIN_JWT_EXPIRES_IN_MS = 1000;
+const MIN_JWT_EXPIRES_IN_MS = 5 * 60 * 1000;
 const ONE_HOUR_IN_MS = 60 * 60 * 1000;
 
 // List of blacklisted claims which cannot be provided when creating a custom token
diff --git a/test/unit/auth/token-generator.spec.ts b/test/unit/auth/token-generator.spec.ts
index 26ef864358..fd938f1868 100644
--- a/test/unit/auth/token-generator.spec.ts
+++ b/test/unit/auth/token-generator.spec.ts
@@ -212,7 +212,7 @@ describe('FirebaseTokenGenerator', () => {
       });
 
       it('should throw given an invalid expiresIn', () => {
-        const invalidExpiresIns: any[] = [null, NaN, Infinity, _.noop, 0, 999, 3600001];
+        const invalidExpiresIns: any[] = [null, NaN, Infinity, _.noop, 0, 299999, 3600001];
         invalidExpiresIns.forEach((invalidExpiresIn) => {
           expect(() => {
             tokenGenerator.createCustomToken(mocks.uid, { expiresIn: invalidExpiresIn });
@@ -233,7 +233,7 @@ describe('FirebaseTokenGenerator', () => {
       });
 
       it('should be fulfilled given a valid uid, empty object developer claims and valid expiresIn', () => {
-        return tokenGenerator.createCustomToken(mocks.uid, { developerClaims: {}, expiresIn: 1000 });
+        return tokenGenerator.createCustomToken(mocks.uid, { developerClaims: {}, expiresIn: 300000 });
       });
 
       it('should be fulfilled given a valid uid, valid developer claims and valid expiresIn', () => {