Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow using a different Service Account ID for custom token generation #973

Draft
wants to merge 1 commit into
base: 7.x
Choose a base branch
from
Draft

Allow using a different Service Account ID for custom token generation #973

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions src/Firebase/Auth/CustomTokenViaGoogleCredentials.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,11 @@ final class CustomTokenViaGoogleCredentials

private readonly Parser $parser;

public function __construct(private readonly SignBlobInterface $signer, private readonly ?string $tenantId = null)
public function __construct(
private readonly SignBlobInterface $signer,
private readonly ?string $tenantId = null,
private readonly ?string $serviceAccountIdForTokenGeneration = null,
)
{
$this->encoder = new JoseEncoder();
$this->parser = new Parser($this->encoder);
Expand All @@ -43,10 +47,12 @@ public function createCustomToken($uid, array $claims = [], ?DateTimeInterface $
? DT::toUTCDateTimeImmutable($expiresAt)
: $now->add(new DateInterval('PT1H'));

$issAndSub = $this->serviceAccountIdForTokenGeneration ?? $this->signer->getClientName();

$header = ['typ' => 'JWT', 'alg' => 'RS256'];
$payload = [
'iss' => $this->signer->getClientName(),
'sub' => $this->signer->getClientName(),
'iss' => $issAndSub,
'sub' => $issAndSub,
'aud' => 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit',
'iat' => $now->getTimestamp(),
'exp' => $expiresAt->getTimestamp(),
Expand Down
18 changes: 17 additions & 1 deletion src/Firebase/Factory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,11 @@
*/
private ?array $serviceAccount = null;

/**
* @var non-empty-string|null
*/
private ?string $serviceAccountIdForCustomTokenGeneration = null;

private ?FetchAuthTokenInterface $googleAuthTokenCredentials = null;

/**
Expand Down Expand Up @@ -170,6 +175,17 @@
return $factory;
}

/**
* @param non-empty-string $serviceAccountId
*/
public function withServiceAccountIdForCustomTokenGeneration(string $serviceAccountId): self

Check warning on line 181 in src/Firebase/Factory.php

View check run for this annotation

Codecov / codecov/patch

src/Firebase/Factory.php#L181 

Added line #L181 was not covered by tests
{
$factory = clone $this;
$factory->serviceAccountIdForCustomTokenGeneration = $serviceAccountId;

Check warning on line 184 in src/Firebase/Factory.php

View check run for this annotation

Codecov / codecov/patch

src/Firebase/Factory.php#L183-L184 

Added lines #L183 - L184 were not covered by tests

return $factory;

Check warning on line 186 in src/Firebase/Factory.php

View check run for this annotation

Codecov / codecov/patch

src/Firebase/Factory.php#L186 

Added line #L186 was not covered by tests
}

/**
* @param non-empty-string $projectId
*/
Expand Down Expand Up @@ -666,7 +682,7 @@
$credentials = $this->getGoogleAuthTokenCredentials();

if ($credentials instanceof SignBlobInterface) {
return new CustomTokenViaGoogleCredentials($credentials, $this->tenantId);
return new CustomTokenViaGoogleCredentials($credentials, $this->tenantId, $this->serviceAccountIdForCustomTokenGeneration);
}

return null;
Expand Down
Loading