-
Notifications
You must be signed in to change notification settings - Fork 1
/
firebase.go
65 lines (56 loc) · 2.19 KB
/
firebase.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package testutil
import (
"context"
"fmt"
firebase "firebase.google.com/go/v4"
"google.golang.org/api/identitytoolkit/v1"
"google.golang.org/api/option"
"github.com/curioswitch/go-curiostack/config"
)
// FirebaseIDToken returns a real ID token that can be used in e2e tests involving Firebase authentication.
// The token is created for the given userID, which must be specified. tenantID is optional, when unset,
// the user is assumed to be in the default tenant.
//
// This method will use the service account integration-test@<gcp project>.iam.gserviceaccount.com for
// issuing tokens and also set the quota project to the repo's configured GCP project.
func FirebaseIDToken(ctx context.Context, userID string, tenantID string, google *config.Google) (string, error) {
fbApp, err := firebase.NewApp(ctx, &firebase.Config{
ProjectID: google.Project,
ServiceAccountID: fmt.Sprintf("integration-test@%s.iam.gserviceaccount.com", google.Project),
})
if err != nil {
return "", fmt.Errorf("curiostack/testutil: creating firebase app: %w", err)
}
fbAuth, err := fbApp.Auth(ctx)
if err != nil {
return "", fmt.Errorf("curiostack/testutil: getting firebase auth: %w", err)
}
var customToken string
if tenantID != "" {
tAuth, _ := fbAuth.TenantManager.AuthForTenant(tenantID)
ct, err := tAuth.CustomToken(ctx, userID)
if err != nil {
return "", fmt.Errorf("curiostack/testutil: creating custom token for tenant: %w", err)
}
customToken = ct
} else {
ct, err := fbAuth.CustomToken(ctx, userID)
if err != nil {
return "", fmt.Errorf("curiostack/testutil: creating custom token: %w", err)
}
customToken = ct
}
gcpIdentity, err := identitytoolkit.NewService(ctx, option.WithQuotaProject(google.Project))
if err != nil {
return "", fmt.Errorf("curiostack/testutil: creating identitytoolkit: %w", err)
}
res, err := gcpIdentity.Accounts.SignInWithCustomToken(&identitytoolkit.GoogleCloudIdentitytoolkitV1SignInWithCustomTokenRequest{
Token: customToken,
TenantId: tenantID,
ReturnSecureToken: true,
}).Context(ctx).Do()
if err != nil {
return "", fmt.Errorf("curiostack/testutil: signing in with custom token: %w", err)
}
return res.IdToken, nil
}