Release Version 2.3.0 (#57)

* Documentation fix md file (#43)

* Clarify certificate download comment

* Fix Link

* Adding User Management utils, including Custom Claims in the auth package. (#42)

Adding the user management go SDK.
This includes the customClaims and the iterator over all users. (as well as Create, Update, Delete User, and GetUser (by UID, Phone or Email))

Proposal : go/firebase-go-user-mgt

Code snippets: 
  https://firebase-dot-devsite.googleplex.com/docs/auth/admin/manage-users
  https://firebase-dot-devsite.googleplex.com/docs/auth/admin/custom-claims

TODO: clean up the case of an http.DefaultClient when there are no options.

* Minor improvements to user management code (#44)

* some changes to auth

* Implemented a reusable HTTP client API

* Added test cases

* Comment clean up

* Simplified the usage by adding HTTPClient

* Using the old ctx import

* Support for arbitrary entity types in the request

* Renamed fields; Added documentation

* Removing a redundant else case

* initial

* more integration tests

* set custom - still needs guessing the type for unmarshaling.

* tests

* server

* server

* .

* json

* json

* move testdata

* get

* tests

* updated to param struct of pointers to call create and update

* Comments

* cleanup

* cleanup

* cleanup

* cleanup minor test changes

* Changing the iteraator pattern

* last page iterator test fix

* clean up tests next.

* make the fetch tidier

* fetch cleanup

* cc change

* custom claims

* newline

* adding error propagation to makeExportedUser

* remove trivial claims map type

* list users test data

* rename p ptr, and remove the with... options for the iterator

* rename p ptr

* some unit tests

* adding integration tests for custom claims

* NO ERROR

* unit tests

* comments hkj

* addressing comments

* delete unneeded json file

* phone NUMBER

* typo

* remove cc from create

* refactor param structs

* remove package ptr

* test refactor

* cleanup comments

* cleanup debug.test

* Adding back the default http client

* fix httpClient for tests

* creds

* creds

* fix default http client

* cleanupPrintfs

* disable

* Reanme payload vars

* Revert newHTTPKeySource function

* add back defaultClient in newClient

* reenable testNewHTTPClientNoOpts)

* reverting keysource tests)

* Take the httpClient from the keysource

* Removethe +1 second for the token timestamp.

* Adding tests

* White spaces

* Redesign the error validators

* prepare returns an error.

* cleanup

* dissolve

* dissolve

* clean tests

* split integration tests

* addressing comments

* addressing comments opt branch/ BEFORE hc change

* Removing the defaultClient from the NewClient, and extracting the NewClient creation outside of KeySource

* closer from echoServer

* cleanup + 500 error unit test

* unify error messages

* Refactor stop side effect for params preparation

* +1 to timestamp for flakiness

* removing +1

* disallow defaultClient

* whitespaces

* http default

* add TODO

* Code clean up and refactoring

* Refactored integration tests (#46)

* Refactored integration tests

* Minor cleanup

* Auth Unit Test Improvements (#45)

* Cleaning up new auth tests

* More updates to tests; Dissolved commonParams type

* More test updates

* More argument validation for auth

* Fixed a bug in enable/disable user; Added more tests; Cleaned up unit tests

* Removed debug file

* Create the 5th user in the integration tests for user management. (#47)

* Bump version to 2.2.0 (#49)

* Adding version, stat counter header and test (#50)

* Adding version to the header for the stat counter + tests
* bump version to 2.2.1
* Adding comment for manual cleanup

* Auth Package Internal Cleanup (#53)

* Release v2.2.1 (#51)

* Adding version, stat counter header and test (#50)
* Adding version to the header for the stat counter + tests
* bump version to 2.2.1
* Adding comment for manual cleanup

* Experimental auth cleanup

* Using a mock token source in tests

* Further cleaning up the test cases

* Implemented IID Delete API (#41)

* Implemented IID Delete API

* Cleaned up code

* Updated test case

* Updating comments

* Improved error handling

* Fixing malformed error messages due to extra format placeholders; Using the recommended Go error message format (no caps or punctuation)

* Bumped version to 2.3.0 (#56)

auth/auth.go

@@ -22,7 +22,6 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
-	"net/http"
 	"strings"
 
 	"firebase.google.com/go/internal"
@@ -102,6 +101,7 @@ func NewClient(ctx context.Context, c *internal.AuthConfig) (*Client, error) {
 		}
 		email = svcAcct.ClientEmail
 	}
+
 	var snr signer
 	if email != "" && pk != nil {
 		snr = serviceAcctSigner{email: email, pk: pk}
@@ -111,21 +111,15 @@ func NewClient(ctx context.Context, c *internal.AuthConfig) (*Client, error) {
 			return nil, err
 		}
 	}
-	hc := http.DefaultClient
-	if len(c.Opts) > 0 { // TODO: fix the default when len = 0
-		hc, _, err = transport.NewHTTPClient(ctx, c.Opts...)
-		if err != nil {
-			return nil, err
-		}
-	}
-	ks, err := newHTTPKeySource(googleCertURL, hc)
+
+	hc, _, err := transport.NewHTTPClient(ctx, c.Opts...)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Client{
 		hc:        &internal.HTTPClient{Client: hc},
-		ks:        ks,
+		ks:        newHTTPKeySource(googleCertURL, hc),
 		projectID: c.ProjectID,
 		snr:       snr,
 		url:       idToolKitURL,

auth/auth_test.go

@@ -41,12 +41,17 @@ var testIDToken string
 var testGetUserResponse []byte
 var testListUsersResponse []byte
 
+var defaultTestOpts = []option.ClientOption{
+	option.WithCredentialsFile("../testdata/service_account.json"),
+}
+
 func TestMain(m *testing.M) {
 	var (
 		err   error
 		ks    keySource
 		ctx   context.Context
 		creds *google.DefaultCredentials
+		opts  []option.ClientOption
 	)
 	if appengine.IsDevAppServer() {
 		aectx, aedone, err := aetest.NewContext()
@@ -62,8 +67,8 @@ func TestMain(m *testing.M) {
 		}
 	} else {
 		ctx = context.Background()
-		opt := option.WithCredentialsFile("../testdata/service_account.json")
-		creds, err = transport.Creds(ctx, opt)
+		opts = defaultTestOpts
+		creds, err = transport.Creds(ctx, opts...)
 		if err != nil {
 			log.Fatalln(err)
 		}
@@ -72,7 +77,7 @@ func TestMain(m *testing.M) {
 	}
 	client, err = NewClient(ctx, &internal.AuthConfig{
 		Creds:     creds,
-		Opts:      []option.ClientOption{option.WithCredentialsFile("../testdata/service_account.json")},
+		Opts:      opts,
 		ProjectID: "mock-project-id",
 	})
 	if err != nil {
@@ -170,7 +175,9 @@ func TestCustomTokenError(t *testing.T) {
 }
 
 func TestCustomTokenInvalidCredential(t *testing.T) {
-	s, err := NewClient(context.Background(), &internal.AuthConfig{})
+	// AuthConfig with nil Creds
+	conf := &internal.AuthConfig{Opts: defaultTestOpts}
+	s, err := NewClient(context.Background(), conf)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -237,7 +244,9 @@ func TestVerifyIDTokenError(t *testing.T) {
 }
 
 func TestNoProjectID(t *testing.T) {
-	c, err := NewClient(context.Background(), &internal.AuthConfig{})
+	// AuthConfig with empty ProjectID
+	conf := &internal.AuthConfig{Opts: defaultTestOpts}
+	c, err := NewClient(context.Background(), conf)
 	if err != nil {
 		t.Fatal(err)
 	}

auth/crypto.go

@@ -75,13 +75,13 @@ type httpKeySource struct {
 	Mutex      *sync.Mutex
 }
 
-func newHTTPKeySource(uri string, hc *http.Client) (*httpKeySource, error) {
+func newHTTPKeySource(uri string, hc *http.Client) *httpKeySource {
 	return &httpKeySource{
 		KeyURI:     uri,
 		HTTPClient: hc,
 		Clock:      systemClock{},
 		Mutex:      &sync.Mutex{},
-	}, nil
+	}
 }
 
 // Keys returns the RSA Public Keys hosted at this key source's URI. Refreshes the data if

auth/crypto_test.go

@@ -83,11 +83,8 @@ func TestHTTPKeySource(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	ks, err := newHTTPKeySource("http://mock.url", http.DefaultClient)
-	if err != nil {
-		t.Fatal(err)
-	}
 
+	ks := newHTTPKeySource("http://mock.url", http.DefaultClient)
 	if ks.HTTPClient == nil {
 		t.Errorf("HTTPClient = nil; want non-nil")
 	}
@@ -105,11 +102,7 @@ func TestHTTPKeySourceWithClient(t *testing.T) {
 	}
 
 	hc, rc := newTestHTTPClient(data)
-	ks, err := newHTTPKeySource("http://mock.url", hc)
-	if err != nil {
-		t.Fatal(err)
-	}
-
+	ks := newHTTPKeySource("http://mock.url", hc)
 	if ks.HTTPClient != hc {
 		t.Errorf("HTTPClient = %v; want %v", ks.HTTPClient, hc)
 	}
@@ -120,23 +113,15 @@ func TestHTTPKeySourceWithClient(t *testing.T) {
 
 func TestHTTPKeySourceEmptyResponse(t *testing.T) {
 	hc, _ := newTestHTTPClient([]byte(""))
-	ks, err := newHTTPKeySource("http://mock.url", hc)
-	if err != nil {
-		t.Fatal(err)
-	}
-
+	ks := newHTTPKeySource("http://mock.url", hc)
 	if keys, err := ks.Keys(); keys != nil || err == nil {
 		t.Errorf("Keys() = (%v, %v); want = (nil, error)", keys, err)
 	}
 }
 
 func TestHTTPKeySourceIncorrectResponse(t *testing.T) {
 	hc, _ := newTestHTTPClient([]byte("{\"foo\": 1}"))
-	ks, err := newHTTPKeySource("http://mock.url", hc)
-	if err != nil {
-		t.Fatal(err)
-	}
-
+	ks := newHTTPKeySource("http://mock.url", hc)
 	if keys, err := ks.Keys(); keys != nil || err == nil {
 		t.Errorf("Keys() = (%v, %v); want = (nil, error)", keys, err)
 	}
@@ -148,11 +133,7 @@ func TestHTTPKeySourceTransportError(t *testing.T) {
 			Err: errors.New("transport error"),
 		},
 	}
-	ks, err := newHTTPKeySource("http://mock.url", hc)
-	if err != nil {
-		t.Fatal(err)
-	}
-
+	ks := newHTTPKeySource("http://mock.url", hc)
 	if keys, err := ks.Keys(); keys != nil || err == nil {
 		t.Errorf("Keys() = (%v, %v); want = (nil, error)", keys, err)
 	}

auth/user_mgt_test.go

@@ -25,8 +25,11 @@ import (
 	"testing"
 
 	"firebase.google.com/go/internal"
+
 	"golang.org/x/net/context"
+	"golang.org/x/oauth2"
 	"google.golang.org/api/iterator"
+	"google.golang.org/api/option"
 )
 
 var testUser = &UserRecord{
@@ -621,24 +624,17 @@ func TestMakeExportedUser(t *testing.T) {
 }
 
 func TestHTTPError(t *testing.T) {
-	s := mockAuthServer{}
-	s.Srv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		s.Req = append(s.Req, r)
-		w.WriteHeader(500)
-		w.Header().Set("Content-Type", "application/json")
-		w.Write([]byte(`{"error":"test"}`))
-	}))
+	s := echoServer([]byte(`{"error":"test"}`), t)
 	defer s.Close()
+	s.Status = 500
 
-	client, err := NewClient(context.Background(), &internal.AuthConfig{})
-	if err != nil {
-		t.Fatal()
+	u, err := s.Client.GetUser(context.Background(), "some uid")
+	if u != nil || err == nil {
+		t.Fatalf("GetUser() = (%v, %v); want = (nil, error)", u, err)
 	}
-	client.url = s.Srv.URL + "/"
 
 	want := `http error status: 500; reason: {"error":"test"}`
-	_, err = client.GetUser(context.Background(), "some uid")
-	if err == nil || err.Error() != want {
+	if err.Error() != want {
 		t.Errorf("GetUser() = %v; want = %q", err, want)
 	}
 }
@@ -664,7 +660,6 @@ type mockAuthServer struct {
 func echoServer(resp interface{}, t *testing.T) *mockAuthServer {
 	var b []byte
 	var err error
-	testVersion := "test.version"
 	switch v := resp.(type) {
 	case nil:
 		b = []byte("")
@@ -678,19 +673,30 @@ func echoServer(resp interface{}, t *testing.T) *mockAuthServer {
 	}
 	s := mockAuthServer{Resp: b}
 
+	const testToken = "test.token"
+	const testVersion = "test.version"
+
 	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		defer r.Body.Close()
 		reqBody, err := ioutil.ReadAll(r.Body)
 		if err != nil {
 			t.Fatal(err)
 		}
+		s.Rbody = reqBody
 		s.Req = append(s.Req, r)
-		vh := r.Header.Get("X-Client-Version")
-		wantvh := "Go/Admin/" + testVersion
-		if vh != wantvh {
-			t.Errorf("version header = %s; want: %s", vh, wantvh)
+
+		gh := r.Header.Get("Authorization")
+		wh := "Bearer " + testToken
+		if gh != wh {
+			t.Errorf("Authorization header = %q; want = %q", gh, wh)
 		}
-		s.Rbody = reqBody
+
+		gh = r.Header.Get("X-Client-Version")
+		wh = "Go/Admin/" + testVersion
+		if gh != wh {
+			t.Errorf("X-Client-Version header = %q; want: %q", gh, wh)
+		}
+
 		for k, v := range s.Header {
 			w.Header().Set(k, v)
 		}
@@ -702,7 +708,14 @@ func echoServer(resp interface{}, t *testing.T) *mockAuthServer {
 
 	})
 	s.Srv = httptest.NewServer(handler)
-	authClient, err := NewClient(context.Background(), &internal.AuthConfig{Version: testVersion})
+
+	conf := &internal.AuthConfig{
+		Opts: []option.ClientOption{
+			option.WithTokenSource(&mockTokenSource{testToken}),
+		},
+		Version: testVersion,
+	}
+	authClient, err := NewClient(context.Background(), conf)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -714,3 +727,11 @@ func echoServer(resp interface{}, t *testing.T) *mockAuthServer {
 func (s *mockAuthServer) Close() {
 	s.Srv.Close()
 }
+
+type mockTokenSource struct {
+	AccessToken string
+}
+
+func (m *mockTokenSource) Token() (*oauth2.Token, error) {
+	return &oauth2.Token{AccessToken: m.AccessToken}, nil
+}

firebase.go

@@ -23,6 +23,7 @@ import (
 	"cloud.google.com/go/firestore"
 
 	"firebase.google.com/go/auth"
+	"firebase.google.com/go/iid"
 	"firebase.google.com/go/internal"
 	"firebase.google.com/go/storage"
 
@@ -44,7 +45,7 @@ var firebaseScopes = []string{
 }
 
 // Version of the Firebase Go Admin SDK.
-const Version = "2.2.1"
+const Version = "2.3.0"
 
 // An App holds configuration and state common to all Firebase services that are exposed from the SDK.
 type App struct {
@@ -89,6 +90,15 @@ func (a *App) Firestore(ctx context.Context) (*firestore.Client, error) {
 	return firestore.NewClient(ctx, a.projectID, a.opts...)
 }
 
+// InstanceID returns an instance of iid.Client.
+func (a *App) InstanceID(ctx context.Context) (*iid.Client, error) {
+	conf := &internal.InstanceIDConfig{
+		ProjectID: a.projectID,
+		Opts:      a.opts,
+	}
+	return iid.NewClient(ctx, conf)
+}
+
 // NewApp creates a new App from the provided config and client options.
 //
 // If the client options contain a valid credential (a service account file, a refresh token file or an

firebase_test.go

@@ -281,6 +281,18 @@ func TestFirestoreWithNoProjectID(t *testing.T) {
 	}
 }
 
+func TestInstanceID(t *testing.T) {
+	ctx := context.Background()
+	app, err := NewApp(ctx, nil, option.WithCredentialsFile("testdata/service_account.json"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if c, err := app.InstanceID(ctx); c == nil || err != nil {
+		t.Errorf("InstanceID() = (%v, %v); want (iid, nil)", c, err)
+	}
+}
+
 func TestCustomTokenSource(t *testing.T) {
 	ctx := context.Background()
 	ts := &testTokenSource{AccessToken: "mock-token-from-custom"}