verifySessionCookie method

  1. @override
Future<DecodedIdToken> verifySessionCookie(
  1. String sessionCookie, {
  2. bool checkRevoked = false,
})

Verifies a Firebase session cookie. Returns a Future with the session cookie's decoded claims if the session cookie is valid and its tenant_id claim matches this tenant's ID; otherwise, a rejected Future.

sessionCookie - The session cookie to verify. checkRevoked - Whether to check if the session cookie was revoked. If true, verifies against the Auth backend to check if the session has been revoked.

Returns a Future that resolves with the session cookie's decoded claims if valid and belongs to this tenant; otherwise, a rejected Future.

Implementation

@override
Future<DecodedIdToken> verifySessionCookie(
  String sessionCookie, {
  bool checkRevoked = false,
}) async {
  final decodedClaims = await super.verifySessionCookie(
    sessionCookie,
    checkRevoked: checkRevoked,
  );

  // Validate tenant ID.
  if (decodedClaims.firebase.tenant != tenantId) {
    throw FirebaseAuthAdminException(
      AuthClientErrorCode.mismatchingTenantId,
      'The provided session cookie does not match the tenant ID.',
    );
  }

  return decodedClaims;
}