Name: Token verification for the auth emulator · firebase/firebase-admin-python@aacd27f · GitHub
Rating: 4.9 (1493 reviews)
firebase
diff --git a/‎firebase_admin/_token_gen.py
+22-2 b/‎firebase_admin/_token_gen.py
+22-2
@@ -54,6 +54,16 @@
 'service-accounts/default/email')
 
 
+class_EmulatedSigner(google.auth.crypt.Signer):
+key_id=None
+
+def__init__(self):
+pass
+
+defsign(self, message):
+returnb''
+
+
 class_SigningProvider:
 """Stores a reference to a google.auth.crypto.Signer."""
 
@@ -78,6 +88,10 @@ def from_iam(cls, request, google_cred, service_account):
 signer=iam.Signer(request, google_cred, service_account)
 return_SigningProvider(signer, service_account)
 
+@classmethod
+deffor_emulator(cls):
+return_SigningProvider(_EmulatedSigner(), 'firebase-auth-emulator@example.com')
+
 
 classTokenGenerator:
 """Generates custom tokens and session cookies."""
@@ -94,6 +108,8 @@ def __init__(self, app, http_client, url_override=None):
 
 def_init_signing_provider(self):
 """Initializes a signing provider by following the go/firebase-admin-sign protocol."""
+if_auth_utils.is_emulated():
+return_SigningProvider.for_emulator()
 # If the SDK was initialized with a service account, use it to sign bytes.
 google_cred=self.app.credential.get_credential()
 ifisinstance(google_cred, google.oauth2.service_account.Credentials):
@@ -291,15 +307,15 @@ def verify(self, token, request):
 error_message= (
 '{0} expects {1}, but was given a custom '
 'token.'.format(self.operation, self.articled_short_name))
-elifnotheader.get('kid'):
+elifnot_auth_utils.is_emulated() andnotheader.get('kid'):
 ifheader.get('alg') =='HS256'andpayload.get(
 'v') ==0and'uid'inpayload.get('d', {}):
 error_message= (
 '{0} expects {1}, but was given a legacy custom '
 'token.'.format(self.operation, self.articled_short_name))
 else:
 error_message='Firebase {0} has no "kid" claim.'.format(self.short_name)
-elifheader.get('alg') !='RS256':
+elifnot_auth_utils.is_emulated() andheader.get('alg') !='RS256':
 error_message= (
 'Firebase {0} has incorrect algorithm. Expected "RS256" but got '
 '"{1}". {2}'.format(self.short_name, header.get('alg'), verify_id_token_msg))
@@ -329,6 +345,10 @@ def verify(self, token, request):
 iferror_message:
 raiseself._invalid_token_error(error_message)
 
+if_auth_utils.is_emulated():
+claims=jwt.decode(token, verify=False)
+claims['uid'] =claims['sub']
+returnclaims
 try:
 verified_claims=google.oauth2.id_token.verify_token(
 token,