Write BYO-CIAM token, expiresIn to the Auth Object initialized

Author: mansisampat

packages/auth/src/api/authentication/exchange_token.ts

@@ -28,7 +28,7 @@ export interface ExchangeTokenRequest {
 
 export interface ExchangeTokenRespose {
   accessToken: string;
-  expiresIn?: string;
+  expiresIn: string;
 }
 
 export async function exchangeToken(

packages/auth/src/core/auth/auth_impl.ts

@@ -37,7 +37,8 @@ import {
   NextFn,
   Unsubscribe,
   PasswordValidationStatus,
-  TenantConfig
+  TenantConfig,
+  TokenResponse
 } from '../../model/public_types';
 import {
   createSubscribe,
@@ -99,6 +100,7 @@ export const enum DefaultConfig {
 export class AuthImpl implements AuthInternal, _FirebaseService {
   currentUser: User | null = null;
   emulatorConfig: EmulatorConfig | null = null;
+  tokenResponse: TokenResponse | null = null;
   private operations = Promise.resolve();
   private persistenceManager?: PersistenceUserManager;
   private redirectPersistenceManager?: PersistenceUserManager;
@@ -454,6 +456,12 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
     });
   }
 
+  async _updateTokenResponse(tokenResponse: TokenResponse): Promise<void> {
+    if (tokenResponse) {
+      this.tokenResponse = tokenResponse;
+    }
+  }
+
   async signOut(): Promise<void> {
     if (_isFirebaseServerApp(this.app)) {
       return Promise.reject(

packages/auth/src/core/strategies/exchange_token.test.ts

@@ -61,6 +61,8 @@ describe('core/strategies/exchangeToken', () => {
         'projects/test-project-id/locations/us/tenants/tenant-1/idpConfigs/idp-config',
       token: 'custom-token'
     });
+    expect(regionalAuth.tokenResponse?.token).to.equal('outbound-token');
+    expect(regionalAuth.tokenResponse?.expiresIn).to.equal('1000');
     expect(mock.calls[0].method).to.eq('POST');
     expect(mock.calls[0].headers!.get(HttpHeader.CONTENT_TYPE)).to.eq(
       'application/json'

packages/auth/src/core/strategies/exhange_token.ts

@@ -54,7 +54,12 @@ export async function exchangeToken(
     parent: buildParent(auth, idpConfigId),
     token: customToken
   });
-  // TODO(sammansi): Write token to the Auth object passed.
+  if (token) {
+    await authInternal._updateTokenResponse({
+      token: token.accessToken,
+      expiresIn: token.expiresIn
+    });
+  }
   return token.accessToken;
 }
 

packages/auth/src/model/auth.ts

@@ -24,6 +24,7 @@ import {
   PasswordValidationStatus,
   PopupRedirectResolver,
   TenantConfig,
+  TokenResponse,
   User
 } from './public_types';
 import { ErrorFactory } from '@firebase/util';
@@ -66,6 +67,7 @@ export interface ConfigInternal extends Config {
 export interface AuthInternal extends Auth {
   currentUser: User | null;
   emulatorConfig: EmulatorConfig | null;
+  tokenResponse: TokenResponse | null;
   _agentRecaptchaConfig: RecaptchaConfig | null;
   _tenantRecaptchaConfigs: Record<string, RecaptchaConfig>;
   _projectPasswordPolicy: PasswordPolicy | null;
@@ -75,6 +77,7 @@ export interface AuthInternal extends Auth {
   _initializationPromise: Promise<void> | null;
   _persistenceManagerAvailable: Promise<void>;
   _updateCurrentUser(user: UserInternal | null): Promise<void>;
+  _updateTokenResponse(tokenResponse: TokenResponse | null): Promise<void>;
 
   _onStorageEvent(): void;
 

packages/auth/src/model/public_types.ts

@@ -334,6 +334,14 @@ export interface Auth {
    * {@link @firebase/app#FirebaseServerApp}.
    */
   signOut(): Promise<void>;
+  /**
+   * The token response initialized via {@link exchangeToken} endpoint.
+   *
+   * @remarks
+   * This field is only supported for {@link Auth} instance that have defined
+   * {@link TenantConfig}.
+   */
+  readonly tokenResponse: TokenResponse | null;
 }
 
 /**
@@ -966,6 +974,18 @@ export interface ReactNativeAsyncStorage {
   removeItem(key: string): Promise<void>;
 }
 
+/**
+ * Interface for TokenRespone returned via {@link exchangeToken} endpoint.
+ * This is expected to be returned only if {@link Auth} object initialized
+ * has defined {@link TenantConfig}.
+ */
+export interface TokenResponse {
+  // The firebase access token (JWT signed by Firebase Auth).
+  readonly token: string;
+  // The time in seconds when the access token expires.
+  readonly expiresIn: string;
+}
+
 /**
  * A user account.
  *