firebase-admin-node: [FR] auth: Allow expiry to be specified in .createCustomToken
Is your feature request related to a problem? Please describe.
It would be good if you could specify the duration of time you would like the login token to be valid for. For our use at least, the result of .createCustomToken is mostly used immediately after being provided to the client, so we’d like to have a very short expiry time.
Describe the solution you’d like
Update .createCustomToken or a new method .createCustomTokenWithOptions that takes an expiry.
Describe alternatives you’ve considered
Using the details from create custom tokens using a third-party JWT library, but this seems a bit redundant when the SDK is so close to providing what is needed.
About this issue
- Original URL
- State: open
- Created 4 years ago
- Reactions: 14
- Comments: 25 (6 by maintainers)
Commits related to this issue
- Increased minimum expiry for custom token to 5 mins (as per https://github.com/firebase/firebase-admin-node/issues/1016#issuecomment-846305419) — committed to bookcreator/firebase-admin-node by rhodgkins 3 years ago
- Increased minimum expiry for custom token to 5 mins (as per https://github.com/firebase/firebase-admin-node/issues/1016#issuecomment-846305419) — committed to bookcreator/firebase-admin-node by rhodgkins 3 years ago
- Increased minimum expiry for custom token to 5 mins (as per https://github.com/firebase/firebase-admin-node/issues/1016#issuecomment-846305419) — committed to bookcreator/firebase-admin-node by rhodgkins 3 years ago
- Increased minimum expiry for custom token to 5 mins (as per https://github.com/firebase/firebase-admin-node/issues/1016#issuecomment-846305419) — committed to bookcreator/firebase-admin-node by rhodgkins 3 years ago
- Increased minimum expiry for custom token to 5 mins (as per https://github.com/firebase/firebase-admin-node/issues/1016#issuecomment-846305419) — committed to bookcreator/firebase-admin-node by rhodgkins 3 years ago
Come on, someone check the buganizer (or whatever y’all are using now) and tell the community. We need the ability to extend the custom tokens beyond an hour.
+1 lmao
In the end I just made my own token which is used as an intermediary token to generate a custom token afterwards, but it would’ve been nice to not have to do this.
maybe next week @ponez
@lahirumaramba @prameshj @renkelvin any updates here? 😃
Yeah, the internal service we use only allows 1 hour max and they are unlikely to change it. I would also agree with that from a security perspective.