Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(session): create session cookie #21

Merged
merged 3 commits into from
Feb 14, 2021
Merged

feat(session): create session cookie #21

merged 3 commits into from
Feb 14, 2021

Conversation

davidgraeff
Copy link
Owner

This is the continuation of #13

Firebase Auth provides server-side session cookie management for traditional websites that rely on session cookies.
This solution has several advantages over client-side short-lived ID tokens,
which may require a redirect mechanism each time to update the session cookie on expiration:

  • Improved security via JWT-based session tokens that can only be generated using authorized service accounts.
  • Stateless session cookies that come with all the benefit of using JWTs for authentication.
    The session cookie has the same claims (including custom claims) as the ID token, making the same permissions checks enforceable on the session cookies.
  • Ability to create session cookies with custom expiration times ranging from 5 minutes to 2 weeks.
  • Flexibility to enforce cookie policies based on application requirements: domain, path, secure, httpOnly, etc.
  • Ability to revoke session cookies when token theft is suspected using the existing refresh token revocation API.
  • Ability to detect session revocation on major account changes.

See https://firebase.google.com/docs/auth/admin/manage-cookies

Add free standing function sessions::create_session_cookie(credentials, id_token, duration)

Fixes #14

@davidgraeff davidgraeff changed the title feat(session): add create session cookie feature Draft: feat(session): add create session cookie feature Jan 21, 2021
@davidgraeff davidgraeff mentioned this pull request Jan 21, 2021
Closed
stephane-ein
stephane-ein reviewed Jan 21, 2021
View reviewed changes
src/sessions.rs Outdated Show resolved Hide resolved
@davidgraeff davidgraeff force-pushed the dg_session_cookie branch 2 times, most recently from 1769d0b to a70727f Compare January 23, 2021 22:00
David Graeff and others added 3 commits January 24, 2021 09:42
dto.rs: Add module documentation
93ff127 
Signed-off-by: David Graeff <[email protected]>
Examples: Move shared functions into utils module
1505bf0 
Signed-off-by: David Graeff <[email protected]>
@stephane-ein
feat(session): add create session cookie feature
8897888 
* Add free standing function sessions::create_session_cookie(credentials, id_token, duration)
* Add example

Signed-off-by: Stephane Eintrazi <[email protected]>
Signed-off-by: David Graeff <[email protected]>
@davidgraeff davidgraeff changed the title Draft: feat(session): add create session cookie feature feat(session): add create session cookie feature Jan 24, 2021
@davidgraeff davidgraeff changed the title feat(session): add create session cookie feature feat(session): create session cookie Jan 24, 2021
@davidgraeff davidgraeff merged commit d7d3e45 into master Feb 14, 2021
@davidgraeff davidgraeff deleted the dg_session_cookie branch February 14, 2021 22:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stephane-ein stephane-ein stephane-ein left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add create session cookie feature
2 participants
@davidgraeff @stephane-ein