fix: crash with InvalidAuthBlockingTokenError

src/firebase_functions/private/_identity_fn.py

@@ -64,11 +64,14 @@ def _auth_user_info_from_token_data(token_data: dict[str, _typing.Any]):
 
 def _auth_user_metadata_from_token_data(token_data: dict[str, _typing.Any]):
     from firebase_functions.identity_fn import AuthUserMetadata
+    creation_time = _dt.datetime.utcfromtimestamp(int(token_data["creation_time"]) / 1000.0)
+    last_sign_in_time = None
+    if "last_sign_in_time" in token_data:
+        last_sign_in_time = _dt.datetime.utcfromtimestamp(int(token_data["last_sign_in_time"]) / 1000.0)
+
     return AuthUserMetadata(
-        creation_time=_dt.datetime.utcfromtimestamp(
-            token_data["creation_time"] / 1000.0),
-        last_sign_in_time=_dt.datetime.utcfromtimestamp(
-            token_data["last_sign_in_time"] / 1000.0),
+        creation_time=creation_time,
+        last_sign_in_time=last_sign_in_time
     )
 
 
@@ -89,7 +92,7 @@ def _auth_multi_factor_info_from_token_data(token_data: dict[str, _typing.Any]):
 
 
 def _auth_multi_factor_settings_from_token_data(token_data: dict[str,
-                                                                 _typing.Any]):
+_typing.Any]):
     if not token_data:
         return None
 
@@ -214,14 +217,14 @@ def _auth_blocking_event_from_token_data(token_data: dict[str, _typing.Any]):
 
 
 def _validate_auth_response(
-    event_type: str,
-    auth_response,
+        event_type: str,
+        auth_response,
 ) -> dict[str, _typing.Any]:
     if auth_response is None:
         auth_response = {}
 
     custom_claims: dict[str,
-                        _typing.Any] | None = auth_response.get("custom_claims")
+    _typing.Any] | None = auth_response.get("custom_claims")
     session_claims: dict[str, _typing.Any] | None = auth_response.get(
         "session_claims")
 
@@ -303,9 +306,9 @@ def _validate_auth_response(
 
 
 def before_operation_handler(
-    func: _typing.Callable,
-    event_type: str,
-    request: _Request,
+        func: _typing.Callable,
+        event_type: str,
+        request: _Request,
 ) -> _Response:
     from firebase_functions.identity_fn import BeforeCreateResponse, BeforeSignInResponse
     try:

src/firebase_functions/private/token_verifier.py

@@ -95,14 +95,14 @@ def verify(self, token, request):
                 'Firebase {0} has incorrect algorithm. Expected "RS256" but got '
                 '"{1}". {2}'.format(self.short_name, header.get('alg'),
                                     verify_id_token_msg))
-        elif self.expected_audience and self.expected_audience not in audience:
+        elif not emulated and self.expected_audience and self.expected_audience not in audience:
             error_message = (
                 'Firebase {0} has incorrect "aud" (audience) claim. Expected "{1}" but '
                 'got "{2}". {3} {4}'.format(self.short_name,
                                             self.expected_audience, audience,
                                             project_id_match_msg,
                                             verify_id_token_msg))
-        elif not self.expected_audience and audience != self.project_id:
+        elif not emulated and not self.expected_audience and audience != self.project_id:
             error_message = (
                 'Firebase {0} has incorrect "aud" (audience) claim. Expected "{1}" but '
                 'got "{2}". {3} {4}'.format(self.short_name, self.project_id,