Adds auth.rawToken to context to allow access to the underlying token.

mbleigh · mbleigh · commit 87a425e5e535 · 2025-03-06T00:00:35.000-08:00
diff --git a/spec/v1/providers/https.spec.ts b/spec/v1/providers/https.spec.ts
@@ -199,6 +199,7 @@ describe("#onCall", () => {
 
     let gotData: Record<string, any>;
     let gotContext: Record<string, any>;
+    const rawToken = generateUnsignedIdToken("123456");
     const reqData = { hello: "world" };
     const authContext = {
       uid: "SomeUID",
@@ -207,8 +208,9 @@ describe("#onCall", () => {
         sub: "SomeUID",
         uid: "SomeUID",
       },
+      rawToken,
     };
-    const originalAuth = "Bearer " + generateUnsignedIdToken("123456");
+    const originalAuth = "Bearer " + rawToken;
     const func = https.onCall((data, context) => {
       gotData = data;
       gotContext = context;
diff --git a/spec/v1/providers/tasks.spec.ts b/spec/v1/providers/tasks.spec.ts
@@ -160,6 +160,7 @@ describe("#onDispatch", () => {
       auth: {
         uid: "abc",
         token: "token" as any,
+        rawToken: "abc123",
       },
       queueName: "fn",
       id: "task0",
diff --git a/src/common/providers/https.ts b/src/common/providers/https.ts
@@ -78,8 +78,12 @@ export interface AppCheckData {
  * The interface for Auth tokens verified in Callable functions
  */
 export interface AuthData {
+  /** The user's uid from the request's ID token. */
   uid: string;
+  /** The decoded claims of the ID token after verification. */
   token: DecodedIdToken;
+  /** The raw ID token as parsed from the header. */
+  rawToken: string;
 }
 
 // This type is the direct v1 callable interface and is also an interface
@@ -646,6 +650,7 @@ export async function checkAuthToken(
     ctx.auth = {
       uid: authToken.uid,
       token: authToken,
+      rawToken: idToken,
     };
     return "VALID";
   } catch (err) {
diff --git a/src/common/providers/tasks.ts b/src/common/providers/tasks.ts
@@ -80,6 +80,7 @@ export interface RateLimits {
 export interface AuthData {
   uid: string;
   token: DecodedIdToken;
+  rawToken: string;
 }
 
 /** Metadata about a call to a Task Queue function. */
@@ -205,6 +206,7 @@ export function onDispatchHandler<Req = any>(
         context.auth = {
           uid: authToken.uid,
           token: authToken,
+          rawToken: token,
         };
       }
 
diff --git a/src/v1/cloud-functions.ts b/src/v1/cloud-functions.ts
@@ -106,6 +106,8 @@ export interface EventContext<Params = Record<string, string>> {
   auth?: {
     token: object;
     uid: string;
+    /** If available, the unparsed ID token. */
+    rawToken?: string;
   };
 
   /**

Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,7 @@ export interface RateLimits {`
`80`	`80`	`export interface AuthData {`
`81`	`81`	`uid: string;`
`82`	`82`	`token: DecodedIdToken;`
	`83`	`+ rawToken: string;`
`83`	`84`	`}`
`84`	`85`
`85`	`86`	`/** Metadata about a call to a Task Queue function. */`
`@@ -205,6 +206,7 @@ export function onDispatchHandler<Req = any>(`
`205`	`206`	`context.auth = {`
`206`	`207`	`uid: authToken.uid,`
`207`	`208`	`token: authToken,`
	`209`	`+ rawToken: token,`
`208`	`210`	`};`
`209`	`211`	`}`
`210`	`212`