firebase · hiranya911 · Jan 15, 2021 · Dec 18, 2020 · Dec 18, 2020 · Dec 18, 2020
diff --git a/auth/auth.go b/auth/auth.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"os"
 	"strings"
 	"time"
 
@@ -29,6 +30,7 @@ import (
 
 const (
 	authErrorCode    = "authErrorCode"
+	defaultAuthURL   = "https://identitytoolkit.googleapis.com"
 	firebaseAudience = "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit"
 	oneHourInSeconds = 3600
 
@@ -62,6 +64,17 @@ func NewClient(ctx context.Context, conf *internal.AuthConfig) (*Client, error)
 		err    error
 	)
 
+	baseURL := defaultAuthURL
+	if authEmulatorHost := os.Getenv("FIREBASE_AUTH_EMULATOR_HOST"); authEmulatorHost != "" {
+		baseURL = fmt.Sprintf("http://%s/identitytoolkit.googleapis.com", authEmulatorHost)
+	}
+
+	idToolkitV1Endpoint := fmt.Sprintf("%s/v1", baseURL)
+	idToolkitV2Beta1Endpoint := fmt.Sprintf("%s/v2beta1", baseURL)
+	userManagementEndpoint := idToolkitV1Endpoint
+	providerConfigEndpoint := idToolkitV2Beta1Endpoint
+	tenantMgtEndpoint := idToolkitV2Beta1Endpoint
+
 	creds, _ := transport.Creds(ctx, conf.Opts...)
 
 	// Initialize a signer by following the go/firebase-admin-sign protocol.
@@ -113,8 +126,9 @@ func NewClient(ctx context.Context, conf *internal.AuthConfig) (*Client, error)
 	}
 
 	base := &baseClient{
-		userManagementEndpoint: idToolkitV1Endpoint,
+		userManagementEndpoint: userManagementEndpoint,
 		providerConfigEndpoint: providerConfigEndpoint,
+		tenantMgtEndpoint:      tenantMgtEndpoint,
 		projectID:              conf.ProjectID,
 		httpClient:             hc,
 		idTokenVerifier:        idTokenVerifier,
@@ -234,6 +248,7 @@ type FirebaseInfo struct {
 type baseClient struct {
 	userManagementEndpoint string
 	providerConfigEndpoint string
+	tenantMgtEndpoint      string
 	projectID              string
 	tenantID               string
 	httpClient             *internal.HTTPClient

diff --git a/auth/auth_test.go b/auth/auth_test.go
@@ -34,9 +34,12 @@ import (
 )
 
 const (
-	credEnvVar    = "GOOGLE_APPLICATION_CREDENTIALS"
-	testProjectID = "mock-project-id"
-	testVersion   = "test-version"
+	credEnvVar                      = "GOOGLE_APPLICATION_CREDENTIALS"
+	emulatorHostEnvVar              = "FIREBASE_AUTH_EMULATOR_HOST"
+	testProjectID                   = "mock-project-id"
+	testVersion                     = "test-version"
+	defaultIDToolkitV1Endpoint      = "https://identitytoolkit.googleapis.com/v1"
+	defaultIDToolkitV2Beta1Endpoint = "https://identitytoolkit.googleapis.com/v2beta1"
 )
 
 var (
@@ -280,6 +283,35 @@ func TestNewClientExplicitNoAuth(t *testing.T) {
 	}
 }
 
+func TestNewClientEmulatorHostEnvVar(t *testing.T) {
+	emulatorHost := "localhost:9099"
+	idToolkitV1Endpoint := "http://localhost:9099/identitytoolkit.googleapis.com/v1"
+	idToolkitV2Beta1Endpoint := "http://localhost:9099/identitytoolkit.googleapis.com/v2beta1"
+
+	os.Setenv(emulatorHostEnvVar, emulatorHost)
+	defer os.Unsetenv(emulatorHostEnvVar)
+
+	conf := &internal.AuthConfig{
+		Opts: []option.ClientOption{
+			option.WithoutAuthentication(),
+		},
+	}
+	client, err := NewClient(context.Background(), conf)
+	if err != nil {
+		t.Fatal(err)
+	}
+	baseClient := client.baseClient
+	if baseClient.userManagementEndpoint != idToolkitV1Endpoint {
+		t.Errorf("baseClient.userManagementEndpoint = %q; want = %q", baseClient.userManagementEndpoint, idToolkitV1Endpoint)
+	}
+	if baseClient.providerConfigEndpoint != idToolkitV2Beta1Endpoint {
+		t.Errorf("baseClient.providerConfigEndpoint = %q; want = %q", baseClient.providerConfigEndpoint, idToolkitV2Beta1Endpoint)
+	}
+	if baseClient.tenantMgtEndpoint != idToolkitV2Beta1Endpoint {
+		t.Errorf("baseClient.tenantMgtEndpoint = %q; want = %q", baseClient.tenantMgtEndpoint, idToolkitV2Beta1Endpoint)
+	}
+}
+
 func TestCustomToken(t *testing.T) {
 	client := &Client{
 		baseClient: &baseClient{
@@ -1163,23 +1195,26 @@ func checkCookieVerifier(tv *tokenVerifier, projectID string) error {
 }
 
 func checkBaseClient(client *Client, wantProjectID string) error {
-	umc := client.baseClient
-	if umc.userManagementEndpoint != idToolkitV1Endpoint {
-		return fmt.Errorf("userManagementEndpoint = %q; want = %q", umc.userManagementEndpoint, idToolkitV1Endpoint)
+	baseClient := client.baseClient
+	if baseClient.userManagementEndpoint != defaultIDToolkitV1Endpoint {
+		return fmt.Errorf("userManagementEndpoint = %q; want = %q", baseClient.userManagementEndpoint, defaultIDToolkitV1Endpoint)
+	}
+	if baseClient.providerConfigEndpoint != defaultIDToolkitV2Beta1Endpoint {
+		return fmt.Errorf("providerConfigEndpoint = %q; want = %q", baseClient.providerConfigEndpoint, defaultIDToolkitV2Beta1Endpoint)
 	}
-	if umc.providerConfigEndpoint != providerConfigEndpoint {
-		return fmt.Errorf("providerConfigEndpoint = %q; want = %q", umc.providerConfigEndpoint, providerConfigEndpoint)
+	if baseClient.tenantMgtEndpoint != defaultIDToolkitV2Beta1Endpoint {
+		return fmt.Errorf("providerConfigEndpoint = %q; want = %q", baseClient.providerConfigEndpoint, defaultIDToolkitV2Beta1Endpoint)
 	}
-	if umc.projectID != wantProjectID {
-		return fmt.Errorf("projectID = %q; want = %q", umc.projectID, wantProjectID)
+	if baseClient.projectID != wantProjectID {
+		return fmt.Errorf("projectID = %q; want = %q", baseClient.projectID, wantProjectID)
 	}
 
 	req, err := http.NewRequest(http.MethodGet, "https://firebase.google.com", nil)
 	if err != nil {
 		return err
 	}
 
-	for _, opt := range umc.httpClient.Opts {
+	for _, opt := range baseClient.httpClient.Opts {
 		opt(req)
 	}
 	version := req.Header.Get("X-Client-Version")

diff --git a/auth/provider_config.go b/auth/provider_config.go
@@ -28,8 +28,6 @@ import (
 )
 
 const (
-	providerConfigEndpoint = "https://identitytoolkit.googleapis.com/v2beta1"
-
 	maxConfigs = 100
 
 	idpEntityIDKey = "idpConfig.idpEntityId"

diff --git a/auth/tenant_mgt.go b/auth/tenant_mgt.go
@@ -26,10 +26,6 @@ import (
 	"google.golang.org/api/iterator"
 )
 
-const (
-	tenantMgtEndpoint = "https://identitytoolkit.googleapis.com/v2beta1"
-)
-
 // Tenant represents a tenant in a multi-tenant application.
 //
 // Multi-tenancy support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP,
@@ -88,7 +84,7 @@ type TenantManager struct {
 func newTenantManager(client *internal.HTTPClient, conf *internal.AuthConfig, base *baseClient) *TenantManager {
 	return &TenantManager{
 		base:       base,
-		endpoint:   tenantMgtEndpoint,
+		endpoint:   base.tenantMgtEndpoint,
 		projectID:  conf.ProjectID,
 		httpClient: client,
 	}

diff --git a/auth/user_mgt.go b/auth/user_mgt.go
@@ -30,9 +30,8 @@ import (
 )
 
 const (
-	maxLenPayloadCC     = 1000
-	defaultProviderID   = "firebase"
-	idToolkitV1Endpoint = "https://identitytoolkit.googleapis.com/v1"
+	maxLenPayloadCC   = 1000
+	defaultProviderID = "firebase"
 
 	// Maximum number of users allowed to batch get at a time.
 	maxGetAccountsBatchSize = 100
-Original file line number
+Diff line change
@@ Expand Up / @@ -28,8 +28,6 @@ import ( @@
     )
     const (
-    	providerConfigEndpoint = "https://identitytoolkit.googleapis.com/v2beta1"
     	maxConfigs = 100
     	idpEntityIDKey = "idpConfig.idpEntityId"
@@ Expand Down @@