genkit icon indicating copy to clipboard operation
genkit copied to clipboard
Published 2 months ago verified publisher icon firebase

[Tooling] OIDC sample code fetches a new ID token every time instead of checking exp date in req header

Open saraford opened this issue 1 year ago • 0 comments

Describe the bug In the sample code: https://firebase.google.com/docs/genkit/plugins/ollama#authentication it shows

export async function getIdToken(url: string): Promise<string> {
  const auth = getAuthClient();
  const client = await auth.getIdTokenClient(url);
  return client.idTokenProvider.fetchIdToken(url);
}

But client.idTokenProvider.fetchIdToken(url); is fetching a new ID token each time.

Expected behavior

The sample code needs to check the exp date first, something similar to this (but in typescript)

const auth = new GoogleAuth();
  const client = await auth.getIdTokenClient(url);

  async function fetchWithAuthHeader(url, options = {}) {
    const headers = await client.getRequestHeaders(url)
    options.headers = { ...headers, ...(options.headers || {}) };
    return fetch(url, options);
  }

Then in the ollama plugin, instead of

 requestHeaders: async (params) => ({
    Authorization: `Bearer ${await getIdToken(params.serverAddress)}`,
  }),

use fetchWithAuthHeader instead.

saraford avatar Jul 18 '24 20:07 saraford