auth: Allow expiry to be specified in .createCustomToken

[rhodgkins]

Resolves #1016

At this time we cannot accept changes that affect the public API. If you'd like to help
us make Firebase APIs better, please propose your change in an issue so that we
can discuss it together.

If this gets a 👍 happy to do any changes needed, etc.!

[bojeil-google]

Thanks for your contribution, @rhodgkins. This requires an internal API review and the API should not be Node.js specific. In addition, we need to check the service we use internally to mint these tokens are ok with the proposed changes. We may even need an internal launch review for this. Will need to double check it.

[googlebot]

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

[googlebot]

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

[felansu]

🙃

[vmengh]

Hi @rhodgkins, This is a great feature that we are also looking to implement.
Any info from Google team, when this will be made public and available publicly?
Also, do you have have a way or suggestion to invalidate the custom JWT token on user logout. with the current setup although the user signs out from app but token is still usable / active for 60 mins (if accessed from outside) via postman or sorts.
@googlebot
Thanks

[rhodgkins]

No idea sorry! I’ve given up waiting / keeping this up to date against conflicts now 🤷‍♂️

[dgrcode]

It's really impressive the speed at which things move around here. I'm not being sarcastic, I'm genuinely impressed.

@rhodgkins thanks for the contribution. Hopefully in another year we'll have the needed reviews 🤞

[rhodgkins]

18 months later - any updates? Happy to rebase this one last time if it's realistically going to be used...

[lahirumaramba]

Hi @rhodgkins Thank you again for your contribution!
I really want to thank you for your patience on this. As mentioned in one of the previous comments, this a special change that requires multiple internal processes (API review, internal verifications, and may be a launch review) to be completed and approved before we can merge the PR.

Since this feature is not included in any of the immediate roadmaps, it is going to take time to complete the internal approvals. I can't unfortunately promise you a timeline for when this feature will be released. However, I will discuss this with the team so that we can do our best to move forward.

@prameshj PTAL. It looks like bojeil-google@ already discussed this internally. Thank you!