`AuthApiRequest` `expiresIn` transformation is missing `Math.round` and causes `rpc.BadRequest` error

[mseeley]

[READ] Step 1: Are you in the right place?

• ✅ For issues related to the code in this repository file a Github issue.

[REQUIRED] Step 2: Describe your environment

• Operating System version: n/a
• Firebase SDK version: firebase-admin@12.4.0
• Firebase Product: n/a
• Node.js version: 20.17.0
• NPM version: 10.8.2

[REQUIRED] Step 3: Describe the problem

Steps to reproduce:

What happened? How can we make the problem occur?

• Call AuthApiRequeset.createSessionCookie() with a valid idToken and expiresIn = 604800000
  • Request handler promise will resolve.
• Call AuthApiRequeset.createSessionCookie() with a valid idToken and expiresIn = 604799998
  • Request handler promise will reject.
  • Remote service receives float 604799.998 and expects int.

This could be a description, log/console output, etc.

createSessionCookie FirebaseAuthError: An internal error has occurred. Raw server response: "{"error":{"code":400,"message":"Invalid value at 'valid_duration' (TYPE_INT64), 604799.998","errors":[{"message":"Invalid value at 'valid_duration' (TYPE_INT64), 604799.998","reason":"invalid"}],"status":"INVALID_ARGUMENT","details":[{"@type":"type.googleapis.com/google.rpc.BadRequest","fieldViolations":[{"field":"valid_duration","description":"Invalid value at 'valid_duration' (TYPE_INT64), 604799.998"}]}]}}"
    at FirebaseAuthError.fromServerError (/app/node_modules/.pnpm/firebase-admin@12.4.0/node_modules/firebase-admin/lib/utils/error.js:148:16)
    at /app/node_modules/.pnpm/firebase-admin@12.4.0/node_modules/firebase-admin/lib/auth/auth-api-request.js:1628:49
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Module.createSessionCookie (/app/apps/api/src/auth-next/create-session-cookie.ts:8:12)
    at async authenticate (/app/apps/api/src/services/authenticate.ts:27:25)
    at async Object.authenticate (/app/apps/api/src/resolvers/capi/mutation-resolver.ts:26:31)
    at async file:///app/node_modules/.pnpm/@envelop+core@5.0.0/node_modules/@envelop/core/esm/orchestrator.js:383:27
    at async YogaServer.getResultForParams (file:///app/node_modules/.pnpm/graphql-yoga@5.6.0_graphql@16.8.1/node_modules/graphql-yoga/esm/server.js:278:26)
    at async handle (file:///app/node_modules/.pnpm/graphql-yoga@5.6.0_graphql@16.8.1/node_modules/graphql-yoga/esm/server.js:348:25)
    at async Object.handler (/app/apps/api/src/utils/build-graphql-route-options.ts:18:24) {
  errorInfo: {
    code: 'auth/internal-error',
    message: `An internal error has occurred. Raw server response: "{"error":{"code":400,"message":"Invalid value at 'valid_duration' (TYPE_INT64), 604799.998","errors":[{"message":"Invalid value at 'valid_duration' (TYPE_INT64), 604799.998","reason":"invalid"}],"status":"INVALID_ARGUMENT","details":[{"@type":"type.googleapis.com/google.rpc.BadRequest","fieldViolations":[{"field":"valid_duration","description":"Invalid value at 'valid_duration' (TYPE_INT64), 604799.998"}]}]}}"`
  }

Relevant Code:

The implementation is missing Math.round(expiresIn / 1000). You'll see ms->s conversion is using round consistently elsewhere.

firebase-admin-node/src/auth/auth-api-request.ts

Lines 1093 to 1101 in 5c92886

	public createSessionCookie(idToken: string, expiresIn: number): Promise<string> {
	const request = {
	idToken,
	// Convert to seconds.
	validDuration: expiresIn / 1000,
	};
	return this.invokeRequestHandler(this.getAuthUrlBuilder(), FIREBASE_AUTH_CREATE_SESSION_COOKIE, request)
	.then((response: any) => response.sessionCookie);
	}

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.