Added ability to set a proxy domain that firebase auth calls utilize

firebase · Feb 5, 2024 · 8f9e783 · 8f9e783
1 parent 90e24d0
commit 8f9e783
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 0 deletions.
diff --git a/FirebaseAuth/CHANGELOG.md b/FirebaseAuth/CHANGELOG.md
@@ -1,3 +1,6 @@
+# Unreleased
+- [added] Added host override support for IdentityToolKit and SecureToken api endpoints. (#11858)
+
 # 10.21.0
 - [fixed] Fixed multifactor resolver to use the correct Auth instance instead of
   always the default. (#12265)

diff --git a/FirebaseAuth/Sources/Backend/FIRIdentityToolkitRequest.m b/FirebaseAuth/Sources/Backend/FIRIdentityToolkitRequest.m
@@ -79,6 +79,7 @@ - (NSURL *)requestURL {
   NSString *apiHostAndPathPrefix;
 
   NSString *emulatorHostAndPort = _requestConfiguration.emulatorHostAndPort;
+  NSString *overrideIdentityToolKitHost = _requestConfiguration.auth.overrideIdentityToolKitHost;
 
   if (_useIdentityPlatform) {
     apiURLFormat = kIdentityPlatformAPIURLFormat;
@@ -90,6 +91,8 @@ - (NSURL *)requestURL {
                                      kIdentityPlatformAPIHost];
     } else if (_useStaging) {
       apiHostAndPathPrefix = kIdentityPlatformStagingAPIHost;
+    } else if (overrideIdentityToolKitHost) {
+      apiHostAndPathPrefix = overrideIdentityToolKitHost;
     } else {
       apiHostAndPathPrefix = kIdentityPlatformAPIHost;
     }
@@ -102,6 +105,8 @@ - (NSURL *)requestURL {
           stringWithFormat:kEmulatorHostAndPrefixFormat, emulatorHostAndPort, kFirebaseAuthAPIHost];
     } else if (_useStaging) {
       apiHostAndPathPrefix = kFirebaseAuthStagingAPIHost;
+    } else if (overrideIdentityToolKitHost) {
+      apiHostAndPathPrefix = overrideIdentityToolKitHost;
     } else {
       apiHostAndPathPrefix = kFirebaseAuthAPIHost;
     }

diff --git a/FirebaseAuth/Sources/Backend/RPC/FIRSecureTokenRequest.m b/FirebaseAuth/Sources/Backend/RPC/FIRSecureTokenRequest.m
@@ -84,9 +84,13 @@ - (NSURL *)requestURL {
   NSString *URLString;
 
   NSString *emulatorHostAndPort = _requestConfiguration.emulatorHostAndPort;
+  NSString *overrideSecureTokenHost = _requestConfiguration.auth.overrideSecureTokenHost;
   if (emulatorHostAndPort) {
     URLString =
         [NSString stringWithFormat:kFIREmulatorURLFormat, emulatorHostAndPort, gAPIHost, _APIKey];
+  } else if (overrideSecureTokenHost) {
+    URLString = [NSString
+        stringWithFormat:kFIRSecureTokenServiceGetTokenURLFormat, overrideSecureTokenHost, _APIKey];
   } else {
     URLString =
         [NSString stringWithFormat:kFIRSecureTokenServiceGetTokenURLFormat, gAPIHost, _APIKey];

diff --git a/FirebaseAuth/Sources/Public/FirebaseAuth/FIRAuth.h b/FirebaseAuth/Sources/Public/FirebaseAuth/FIRAuth.h
@@ -362,6 +362,22 @@ NS_SWIFT_NAME(Auth)
  */
 @property(nonatomic, copy, nullable) NSString *customAuthDomain;
 
+/**
+ * @property overrideIdentityToolKitHost
+ * @brief A custom host used to handle proxying identityToolKit signins. This gives organizations
+ * the ability to create a proxy that is behind a firewall to prevent brute force attacks using the
+ * public key against the identitytoolkit api directly.
+ */
+@property(nonatomic, copy, nullable) NSString *overrideIdentityToolKitHost;
+
+/**
+ * @property overrideSecureTokenHost
+ * @brief A custom host used to handle proxying securetoken signins. This gives organizations the
+ * ability to create a proxy that is behind a firewall to prevent brute force attacks using the
+ * public key against the secure token api directly.
+ */
+@property(nonatomic, copy, nullable) NSString *overrideSecureTokenHost;
+
 /** @fn init
     @brief Please access auth instances using `Auth.auth()` and `Auth.auth(app:)`.
  */