skip to Main Content

I am trying to use firebase auth to verify a token.

In the reference for this method, it is written:

Returns:

Promise

A promise fulfilled with the token’s decoded claims if the ID token is
valid; otherwise, a rejected promise.

In MDN concerning promisses it is written:

If the Promise is rejected, the await expression throws the rejected
value.

Therefore, how do I know if the value I got is from the promisse being reject or being fulfilled?

My code:

  try {
    const decoded = await adminAuth.verifyIdToken(idToken);
    const uid = decoded.uid;
    /*...*/
    return next();
  } catch (err) {
    return res.status(500).json({ err });
  }

I get that probably the value of decoded for a rejected promisse won’t have a uid field thus throwing an error, but how can I be sure of that?

2

Answers


  1. If it throws, then the try will fail and the value will be passed to the catch.

    Login or Signup to reply.
  2. The Firebase Admin Auth SDK can throw multiple errors such as token is revoked or invalid. You can find list all error codes in the documentation. You should return the exact error to your client just in case it contains any sensitive information. Instead you can log the error somewhere and return a general error to client like this:

    try {
      const decoded = await adminAuth.verifyIdToken(idToken);
      const uid = decoded.uid;
      /*...*/
      return next();
    } catch (err) {
      // Log the error e.g to Cloud logging
    
      if (error.code === "auth/id-token-expired") {
        return res.status(401).json({ err: "Unauthorized" });
      }
      return res.status(500).json({ err: "Internal server error" });
    }
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search