Skip to content

Commit

Permalink
add firebase.sign_in_second_factor claim to FirebaseInfo
Browse files Browse the repository at this point in the history
Signed-off-by: Fernando Cainelli <fernando.cainelli-external@getyourguide.com>
  • Loading branch information
cainelli committed May 16, 2024
1 parent 87b867c commit 5e3c7a1
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 5 deletions.
8 changes: 5 additions & 3 deletions auth/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -266,9 +266,11 @@ type Token struct {
//
// This data is provided by the Firebase Auth service and is a reserved claim in the ID token.
type FirebaseInfo struct {
SignInProvider string `json:"sign_in_provider"`
Tenant string `json:"tenant"`
Identities map[string]interface{} `json:"identities"`
SignInProvider string `json:"sign_in_provider"`
Tenant string `json:"tenant"`
Identities map[string]interface{} `json:"identities"`
SignInSecondFactor string `json:"sign_in_second_factor"`
SecondFactorIdentifier string `json:"second_factor_identifier"`
}

// baseClient exposes the APIs common to both auth.Client and auth.TenantClient.
Expand Down
13 changes: 11 additions & 2 deletions auth/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ const (
testVersion = "test-version"
defaultIDToolkitV1Endpoint = "https://identitytoolkit.googleapis.com/v1"
defaultIDToolkitV2Endpoint = "https://identitytoolkit.googleapis.com/v2"
secondFactorIdentifier = "aaaaaaaa-1111-bbbb-2222-cccccccccccc"
)

var (
Expand Down Expand Up @@ -466,6 +467,12 @@ func TestVerifyIDToken(t *testing.T) {
if ft.UID != ft.Subject {
t.Errorf("UID = %q; Sub = %q; want UID = Sub", ft.UID, ft.Subject)
}
if ft.Firebase.SignInSecondFactor != "totp" {
t.Errorf("SignInSecondFactor = %q; want = %q", ft.Firebase.SignInSecondFactor, "totp")
}
if ft.Firebase.SecondFactorIdentifier != secondFactorIdentifier {
t.Errorf("SecondFactorIdentifier = %q; want = %q", ft.Firebase.SecondFactorIdentifier, secondFactorIdentifier)
}
}

func TestVerifyIDTokenFromTenant(t *testing.T) {
Expand Down Expand Up @@ -1362,8 +1369,10 @@ func getIDTokenWithSignerAndKid(signer cryptoSigner, kid string, p mockIDTokenPa
"auth_time": testClock.Now().Unix() - 100,
"sub": "1234567890",
"firebase": map[string]interface{}{
"identities": map[string]interface{}{},
"sign_in_provider": "custom",
"identities": map[string]interface{}{},
"sign_in_provider": "custom",
"sign_in_second_factor": "totp",
"second_factor_identifier": secondFactorIdentifier,
},
"admin": true,
}
Expand Down

0 comments on commit 5e3c7a1

Please sign in to comment.