sample app changes with updated logic (#14960) _final

Author: srushtisv

ExchangeTokensRequestTests.swift

@@ -0,0 +1,151 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import Foundation
+import XCTest
+
+@testable import FirebaseAuth
+import FirebaseCore
+
+/// @class ExchangeTokenRequestTests
+///    @brief Tests for the @c ExchangeTokenRequest struct.
+@available(iOS 13, *)
+class ExchangeTokenRequestTests: XCTestCase {
+  // MARK: - Constants for Testing
+
+  let kAPIKey = "test-api-key"
+  let kProjectID = "test-project-id"
+  let kLocation = "asia-northeast1"
+  let kTenantID = "test-tenant-id-123"
+  let kCustomToken = "a-very-long-and-secure-oidc-token-string"
+  let kIdpConfigId = "oidc.my-test-provider"
+
+  let kProductionHost = "identityplatform.googleapis.com"
+  let kStagingHost = "staging-identityplatform.sandbox.googleapis.com"
+
+  // MARK: - Test Cases
+
+  func testProductionURLIsCorrectlyConstructed() {
+    let (auth, app) = createTestAuthInstance(
+      projectID: kProjectID,
+      location: kLocation,
+      tenantId: kTenantID
+    )
+    _ = app
+
+    let request = ExchangeTokenRequest(
+      customToken: kCustomToken,
+      idpConfigID: kIdpConfigId,
+      config: auth.requestConfiguration,
+      useStaging: false
+    )
+
+    let expectedHost = "\(kLocation)-\(kProductionHost)"
+    let expectedURL = "https://\(expectedHost)/v2alpha/projects/\(kProjectID)" +
+      "/locations/\(kLocation)/tenants/\(kTenantID)/idpConfigs/\(kIdpConfigId):exchangeOidcToken?key=\(kAPIKey)"
+
+    XCTAssertEqual(request.requestURL().absoluteString, expectedURL)
+  }
+
+  func testProductionURLIsCorrectlyConstructedForGlobalLocation() {
+    let (auth, app) = createTestAuthInstance(
+      projectID: kProjectID,
+      location: "prod-global",
+      tenantId: kTenantID
+    )
+    _ = app
+
+    let request = ExchangeTokenRequest(
+      customToken: kCustomToken,
+      idpConfigID: kIdpConfigId,
+      config: auth.requestConfiguration,
+      useStaging: false
+    )
+
+    let expectedHost = kProductionHost
+    let expectedURL = "https://\(expectedHost)/v2alpha/projects/\(kProjectID)" +
+      "/locations/prod-global/tenants/\(kTenantID)/idpConfigs/\(kIdpConfigId):exchangeOidcToken?key=\(kAPIKey)"
+
+    XCTAssertEqual(request.requestURL().absoluteString, expectedURL)
+  }
+
+  func testStagingURLIsCorrectlyConstructed() {
+    let (auth, app) = createTestAuthInstance(
+      projectID: kProjectID,
+      location: kLocation,
+      tenantId: kTenantID
+    )
+    _ = app
+
+    let request = ExchangeTokenRequest(
+      customToken: kCustomToken,
+      idpConfigID: kIdpConfigId,
+      config: auth.requestConfiguration,
+      useStaging: true
+    )
+
+    let expectedHost = "\(kLocation)-\(kStagingHost)"
+    let expectedURL = "https://\(expectedHost)/v2alpha/projects/\(kProjectID)" +
+      "/locations/\(kLocation)/tenants/\(kTenantID)/idpConfigs/\(kIdpConfigId):exchangeOidcToken?key=\(kAPIKey)"
+
+    XCTAssertEqual(request.requestURL().absoluteString, expectedURL)
+  }
+
+  func testUnencodedHTTPBodyIsCorrect() {
+    let (auth, app) = createTestAuthInstance(
+      projectID: kProjectID,
+      location: kLocation,
+      tenantId: kTenantID
+    )
+    _ = app
+
+    let request = ExchangeTokenRequest(
+      customToken: kCustomToken,
+      idpConfigID: kIdpConfigId,
+      config: auth.requestConfiguration
+    )
+
+    let body = request.unencodedHTTPRequestBody
+    XCTAssertNotNil(body)
+    XCTAssertEqual(body?.count, 1)
+    XCTAssertEqual(body?["custom_token"] as? String, kCustomToken)
+  }
+
+  // MARK: - Helper Function
+
+  private func createTestAuthInstance(projectID: String?, location: String?,
+                                      tenantId: String?) -> (auth: Auth, app: FirebaseApp) {
+    let appName = "TestApp-\(UUID().uuidString)"
+    let options = FirebaseOptions(
+      googleAppID: "1:1234567890:ios:abcdef123456",
+      gcmSenderID: "1234567890"
+    )
+    options.apiKey = kAPIKey
+    if let projectID = projectID {
+      options.projectID = projectID
+    }
+
+    if FirebaseApp.app(name: appName) != nil {
+      FirebaseApp.app(name: appName)?.delete { _ in }
+    }
+    let app = FirebaseApp(instanceWithName: appName, options: options)
+
+    let auth = Auth(app: app)
+    auth.app = app
+    auth.requestConfiguration.location = location
+    auth.requestConfiguration.tenantId = tenantId
+
+    return (auth, app)
+  }
+}

FirebaseAuth/Sources/Swift/Auth/Auth.swift

@@ -2478,6 +2478,7 @@ public extension Auth {
   ///   - completion: A closure that gets called with either an `AuthTokenResult` or an `Error`.
   func exchangeToken(customToken: String,
                      idpConfigId: String,
+                     useStaging: Bool = false,
                      completion: @escaping (FirebaseToken?, Error?) -> Void) {
     // Ensure R-GCIP is configured with location and tenant ID
     guard let _ = requestConfiguration.location,
@@ -2493,7 +2494,8 @@ public extension Auth {
     let request = ExchangeTokenRequest(
       customToken: customToken,
       idpConfigID: idpConfigId,
-      config: requestConfiguration
+      config: requestConfiguration,
+      useStaging: true
     )
     Task {
       do {
@@ -2523,7 +2525,8 @@ public extension Auth {
   /// - Returns: An `AuthTokenResult` containing the Firebase ID token and its expiration details.
   /// - Throws: An error if R-GCIP is not configured, if the network call fails,
   ///           or if the token parsing fails.
-  func exchangeToken(customToken: String, idpConfigId: String) async throws -> FirebaseToken {
+  func exchangeToken(customToken: String, idpConfigId: String,
+                     useStaging: Bool = false) async throws -> FirebaseToken {
     // Ensure R-GCIP is configured with location and tenant ID
     guard let _ = requestConfiguration.location,
           let _ = requestConfiguration.tenantId
@@ -2533,7 +2536,8 @@ public extension Auth {
     let request = ExchangeTokenRequest(
       customToken: customToken,
       idpConfigID: idpConfigId,
-      config: requestConfiguration
+      config: requestConfiguration,
+      useStaging: true
     )
     do {
       let response = try await backend.call(with: request)

FirebaseAuth/Sources/Swift/Backend/IdentityToolkitRequest.swift

@@ -25,13 +25,10 @@ private nonisolated(unsafe) var gAPIHost = "www.googleapis.com"
 
 private let kFirebaseAuthAPIHost = "www.googleapis.com"
 private let kIdentityPlatformAPIHost = "identitytoolkit.googleapis.com"
-private let kRegionalGCIPAPIHost = "identityplatform.googleapis.com" // Regional R-GCIP v2 hosts
 
 private let kFirebaseAuthStagingAPIHost = "staging-www.sandbox.googleapis.com"
 private let kIdentityPlatformStagingAPIHost =
   "staging-identitytoolkit.sandbox.googleapis.com"
-private let kRegionalGCIPStagingAPIHost =
-  "staging-identityplatform.sandbox.googleapis.com" // Regional R-GCIP v2 hosts
 
 /// Represents a request to an identity toolkit endpoint  routing either to  legacy GCIP or
 /// regionalized R-GCIP
@@ -78,25 +75,8 @@ class IdentityToolkitRequest {
     let apiHostAndPathPrefix: String
     let urlString: String
     let emulatorHostAndPort = _requestConfiguration.emulatorHostAndPort
-    /// R-GCIP
-    if let location = _requestConfiguration.location,
-       let tenant = _requestConfiguration.tenantId, // Use tenantId from requestConfiguration
-       !location.isEmpty,
-       !tenant.isEmpty {
-      let projectID = _requestConfiguration.auth?.app?.options.projectID
-      if useStaging {
-        apiProtocol = kHttpsProtocol
-        apiHostAndPathPrefix = kRegionalGCIPStagingAPIHost
-      } else {
-        apiProtocol = kHttpsProtocol
-        apiHostAndPathPrefix = kRegionalGCIPAPIHost
-      }
-      urlString =
-        "\(apiProtocol)//\(apiHostAndPathPrefix)/v2alpha/projects/\(projectID ?? "projectID")"
-          + "/locations/\(location)/tenants/\(tenant)/idpConfigs:\(endpoint)?key=\(apiKey)"
-    }
-    // legacy gcip existing logic
-    else if useIdentityPlatform {
+    //  legacy gcip logic
+    if useIdentityPlatform {
       if let emulatorHostAndPort = emulatorHostAndPort {
         apiProtocol = kHttpProtocol
         apiHostAndPathPrefix = "\(emulatorHostAndPort)/\(kIdentityPlatformAPIHost)"

FirebaseAuth/Sources/Swift/Backend/RPC/ExchangeTokenRequest.swift

@@ -14,6 +14,9 @@
 
 import Foundation
 
+private let kRegionalGCIPAPIHost = "identityplatform.googleapis.com"
+private let kRegionalGCIPStagingAPIHost = "staging-identityplatform.sandbox.googleapis.com"
+
 /// A request to exchange a third-party OIDC token for a Firebase STS token.
 ///
 /// This structure encapsulates the parameters required to make an API request
@@ -34,38 +37,16 @@ struct ExchangeTokenRequest: AuthRPCRequest {
   /// The configuration for the request, holding API key, tenant, etc.
   let config: AuthRequestConfiguration
 
-  var path: String {
-    guard let location = config.location,
-          let tenant = config.tenantId,
-          let project = config.auth?.app?.options.projectID
-    else {
-      fatalError(
-        "exchangeOidcToken requires `auth.location` & `auth.tenantID`"
-      )
-    }
-    let _: String
-    if location == "prod-global" {
-      _ = "identityplatform.googleapis.com"
-    } else {
-      _ = "\(location)-identityplatform.googleapis.com"
-    }
-
-    return "/v2alpha/projects/\(project)/locations/\(location)" +
-      "/tenants/\(tenant)/idpConfigs/\(idpConfigID):exchangeOidcToken"
-  }
+  let useStaging: Bool
 
-  /// Initializes a new `ExchangeTokenRequest` instance.
-  ///
-  /// - Parameters:
-  ///   - idpConfigID: The identifier of the OIDC provider configuration.
-  ///   - idToken: The third-party OIDC token to exchange.
-  ///   - config: The configuration for the request.
   init(customToken: String,
        idpConfigID: String,
-       config: AuthRequestConfiguration) {
+       config: AuthRequestConfiguration,
+       useStaging: Bool = false) {
     self.idpConfigID = idpConfigID
     self.customToken = customToken
     self.config = config
+    self.useStaging = useStaging
   }
 
   /// The unencoded HTTP request body for the API.
@@ -80,20 +61,30 @@ struct ExchangeTokenRequest: AuthRPCRequest {
   func requestURL() -> URL {
     guard let location = config.location,
           let tenant = config.tenantId,
-          let project = config.auth?.app?.options.projectID
+          let projectId = config.auth?.app?.options.projectID
     else {
       fatalError(
-        "exchangeOidcToken requires `auth.useIdentityPlatform`, `auth.location`, `auth.tenantID` & `projectID`"
+        "exchangeOidcToken requires `location`, `tenantID` & `projectID` to be configured."
       )
     }
     let host: String
-    if location == "prod-global" {
-      host = "identityplatform.googleapis.com"
+    if useStaging {
+      if location == "prod-global" {
+        host = kRegionalGCIPStagingAPIHost
+      } else {
+        host = "\(location)-\(kRegionalGCIPStagingAPIHost)"
+      }
     } else {
-      host = "\(location)-identityplatform.googleapis.com"
+      if location == "prod-global" {
+        host = kRegionalGCIPAPIHost
+      } else {
+        host = "\(location)-\(kRegionalGCIPAPIHost)"
+      }
     }
-    let path = "/v2/projects/$\(project)/locations/$\(location)" +
-      "/tenants/$\(tenant)/idpConfigs/$\(idpConfigID):exchangeOidcToken"
+
+    let path = "/v2alpha/projects/\(projectId)/locations/\(location)" +
+      "/tenants/\(tenant)/idpConfigs/\(idpConfigID):exchangeOidcToken"
+
     guard let url = URL(string: "https://\(host)\(path)?key=\(config.apiKey)") else {
       fatalError("Failed to create URL for exchangeOidcToken")
     }

FirebaseAuth/Tests/SampleSwift/AuthenticationExample/AppManager.swift

@@ -25,8 +25,10 @@ class AppManager {
   private var otherApp: FirebaseApp
   var app: FirebaseApp
 
+  let tenantConfig = TenantConfig(tenantId: "tenantId", location: "us-east1")
+
   func auth() -> Auth {
-    return Auth.auth(app: app)
+    return Auth.auth(app: app, tenantConfig: tenantConfig)
   }
 
   private init() {

FirebaseAuth/Tests/SampleSwift/AuthenticationExample/Models/AuthMenu.swift

@@ -53,6 +53,7 @@ enum AuthMenu: String {
   case phoneEnroll
   case totpEnroll
   case multifactorUnenroll
+  case exchangeToken
 
   // More intuitively named getter for `rawValue`.
   var id: String { rawValue }
@@ -139,6 +140,9 @@ enum AuthMenu: String {
       return "TOTP Enroll"
     case .multifactorUnenroll:
       return "Multifactor unenroll"
+    // R-GCIP Exchange Token
+    case .exchangeToken:
+      return "Exchange Token"
     }
   }
 
@@ -220,6 +224,8 @@ enum AuthMenu: String {
       self = .totpEnroll
     case "Multifactor unenroll":
       self = .multifactorUnenroll
+    case "Exchange Token":
+      self = .exchangeToken
     default:
       return nil
     }
@@ -354,9 +360,17 @@ class AuthMenuData: DataSourceProvidable {
     return Section(headerDescription: header, items: items)
   }
 
+  static var exchangeTokenSection: Section {
+    let header = "Exchange Token [Regionalized]"
+    let items: [Item] = [
+      Item(title: AuthMenu.exchangeToken.name),
+    ]
+    return Section(headerDescription: header, items: items)
+  }
+
   static let sections: [Section] =
     [settingsSection, providerSection, emailPasswordSection, otherSection, recaptchaSection,
-     customAuthDomainSection, appSection, oobSection, multifactorSection]
+     customAuthDomainSection, appSection, oobSection, multifactorSection, exchangeTokenSection]
 
   static var authLinkSections: [Section] {
     let allItems = [providerSection, emailPasswordSection, otherSection].flatMap { $0.items }