I am trying to use firebase auth to verify a token.

In the reference for this method, it is written:

Returns:

Promise

A promise fulfilled with the token's decoded claims if the ID token is valid; otherwise, a rejected promise.

In MDN concerning promisses it is written:

If the Promise is rejected, the await expression throws the rejected value.

Therefore, how do I know if the value I got is from the promisse being reject or being fulfilled?

My code:

  try {
    const decoded = await adminAuth.verifyIdToken(idToken);
    const uid = decoded.uid;
    /*...*/
    return next();
  } catch (err) {
    return res.status(500).json({ err });
  }

I get that probably the value of decoded for a rejected promisse won't have a uid field thus throwing an error, but how can I be sure of that?

CodePudding user response：

If it throws, then the try will fail and the value will be passed to the catch.

CodePudding user response：

The Firebase Admin Auth SDK can throw multiple errors such as token is revoked or invalid. You can find list all error codes in the documentation. You should return the exact error to your client just in case it contains any sensitive information. Instead you can log the error somewhere and return a general error to client like this:

try {
  const decoded = await adminAuth.verifyIdToken(idToken);
  const uid = decoded.uid;
  /*...*/
  return next();
} catch (err) {
  // Log the error e.g to Cloud logging

  if (error.code === "auth/id-token-expired") {
    return res.status(401).json({ err: "Unauthorized" });
  }
  return res.status(500).json({ err: "Internal server error" });
}