Adding User Management utils, including Custom Claims in the auth package. (#42)

Adding the user management go SDK.
This includes the customClaims and the iterator over all users. (as well as Create, Update, Delete User, and GetUser (by UID, Phone or Email))

Proposal : go/firebase-go-user-mgt

Code snippets: 
  https://firebase-dot-devsite.googleplex.com/docs/auth/admin/manage-users
  https://firebase-dot-devsite.googleplex.com/docs/auth/admin/custom-claims

TODO: clean up the case of an http.DefaultClient when there are no options.

Author: avishalom

.gitignore

@@ -1 +1,2 @@
 testdata/integration_*
+.vscode/*

auth/auth.go

@@ -22,14 +22,17 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"net/http"
 	"strings"
 
 	"firebase.google.com/go/internal"
 	"golang.org/x/net/context"
+	"google.golang.org/api/transport"
 )
 
 const firebaseAudience = "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit"
 const googleCertURL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com"
+const idToolKitURL = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/"
 const issuerPrefix = "https://securetoken.google.com/"
 const tokenExpSeconds = 3600
 
@@ -60,9 +63,11 @@ type Token struct {
 // Client facilitates generating custom JWT tokens for Firebase clients, and verifying ID tokens issued
 // by Firebase backend services.
 type Client struct {
+	hc        *internal.HTTPClient
 	ks        keySource
 	projectID string
 	snr       signer
+	url       string
 }
 
 type signer interface {
@@ -105,19 +110,41 @@ func NewClient(ctx context.Context, c *internal.AuthConfig) (*Client, error) {
 			return nil, err
 		}
 	}
-
-	ks, err := newHTTPKeySource(ctx, googleCertURL, c.Opts...)
+	hc := http.DefaultClient
+	if len(c.Opts) > 0 { // TODO: fix the default when len = 0
+		hc, _, err = transport.NewHTTPClient(ctx, c.Opts...)
+		if err != nil {
+			return nil, err
+		}
+	}
+	ks, err := newHTTPKeySource(googleCertURL, hc)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Client{
+		hc:        &internal.HTTPClient{Client: hc},
 		ks:        ks,
 		projectID: c.ProjectID,
 		snr:       snr,
+		url:       idToolKitURL,
 	}, nil
 }
 
+// Passes the request struct, returns a byte array of the json
+func (c *Client) makeHTTPCall(ctx context.Context, serviceName string, payload interface{}, result interface{}) error {
+	request := &internal.Request{
+		Method: "POST",
+		URL:    c.url + serviceName,
+		Body:   internal.NewJSONEntity(payload),
+	}
+	resp, err := c.hc.Do(ctx, request)
+	if err != nil {
+		return err
+	}
+	return resp.Unmarshal(200, result)
+}
+
 // CustomToken creates a signed custom authentication token with the specified user ID. The resulting
 // JWT can be used in a Firebase client SDK to trigger an authentication flow. See
 // https://firebase.google.com/docs/auth/admin/create-custom-tokens#sign_in_using_custom_tokens_on_clients

auth/auth_test.go

@@ -46,7 +46,6 @@ func TestMain(m *testing.M) {
 		ctx   context.Context
 		creds *google.DefaultCredentials
 	)
-
 	if appengine.IsDevAppServer() {
 		aectx, aedone, err := aetest.NewContext()
 		if err != nil {
@@ -61,16 +60,17 @@ func TestMain(m *testing.M) {
 		}
 	} else {
 		ctx = context.Background()
-		creds, err = transport.Creds(ctx, option.WithCredentialsFile("../testdata/service_account.json"))
+		opt := option.WithCredentialsFile("../testdata/service_account.json")
+		creds, err = transport.Creds(ctx, opt)
 		if err != nil {
 			log.Fatalln(err)
 		}
 
 		ks = &fileKeySource{FilePath: "../testdata/public_certs.json"}
 	}
-
 	client, err = NewClient(ctx, &internal.AuthConfig{
 		Creds:     creds,
+		Opts:      []option.ClientOption{option.WithCredentialsFile("../testdata/service_account.json")},
 		ProjectID: "mock-project-id",
 	})
 	if err != nil {
@@ -88,7 +88,7 @@ func TestNewClientInvalidCredentials(t *testing.T) {
 	}
 	conf := &internal.AuthConfig{Creds: creds}
 	if c, err := NewClient(context.Background(), conf); c != nil || err == nil {
-		t.Errorf("NewCient() = (%v,%v); want = (nil, error)", c, err)
+		t.Errorf("NewClient() = (%v,%v); want = (nil, error)", c, err)
 	}
 }
 
@@ -104,7 +104,7 @@ func TestNewClientInvalidPrivateKey(t *testing.T) {
 	creds := &google.DefaultCredentials{JSON: b}
 	conf := &internal.AuthConfig{Creds: creds}
 	if c, err := NewClient(context.Background(), conf); c != nil || err == nil {
-		t.Errorf("NewCient() = (%v,%v); want = (nil, error)", c, err)
+		t.Errorf("NewClient() = (%v,%v); want = (nil, error)", c, err)
 	}
 }
 
@@ -325,8 +325,8 @@ type mockKeySource struct {
 	err  error
 }
 
-func (t *mockKeySource) Keys() ([]*publicKey, error) {
-	return t.keys, t.err
+func (k *mockKeySource) Keys() ([]*publicKey, error) {
+	return k.keys, k.err
 }
 
 // fileKeySource loads a set of public keys from the local file system.

auth/crypto.go

@@ -30,11 +30,6 @@ import (
 	"strings"
 	"sync"
 	"time"
-
-	"golang.org/x/net/context"
-
-	"google.golang.org/api/option"
-	"google.golang.org/api/transport"
 )
 
 // publicKey represents a parsed RSA public key along with its unique key ID.
@@ -80,18 +75,7 @@ type httpKeySource struct {
 	Mutex      *sync.Mutex
 }
 
-func newHTTPKeySource(ctx context.Context, uri string, opts ...option.ClientOption) (*httpKeySource, error) {
-	var hc *http.Client
-	if ctx != nil && len(opts) > 0 {
-		var err error
-		hc, _, err = transport.NewHTTPClient(ctx, opts...)
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		hc = http.DefaultClient
-	}
-
+func newHTTPKeySource(uri string, hc *http.Client) (*httpKeySource, error) {
 	return &httpKeySource{
 		KeyURI:     uri,
 		HTTPClient: hc,

auth/crypto_test.go

@@ -22,10 +22,6 @@ import (
 	"net/http"
 	"testing"
 	"time"
-
-	"golang.org/x/net/context"
-
-	"google.golang.org/api/option"
 )
 
 type mockHTTPResponse struct {
@@ -43,7 +39,7 @@ type mockReadCloser struct {
 	closeCount int
 }
 
-func newHTTPClient(data []byte) (*http.Client, *mockReadCloser) {
+func newTestHTTPClient(data []byte) (*http.Client, *mockReadCloser) {
 	rc := &mockReadCloser{
 		data:       string(data),
 		closeCount: 0,
@@ -87,16 +83,15 @@ func TestHTTPKeySource(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-
-	ks, err := newHTTPKeySource(context.Background(), "http://mock.url")
+	ks, err := newHTTPKeySource("http://mock.url", http.DefaultClient)
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	if ks.HTTPClient == nil {
 		t.Errorf("HTTPClient = nil; want non-nil")
 	}
-	hc, rc := newHTTPClient(data)
+	hc, rc := newTestHTTPClient(data)
 	ks.HTTPClient = hc
 	if err := verifyHTTPKeySource(ks, rc); err != nil {
 		t.Fatal(err)
@@ -109,8 +104,8 @@ func TestHTTPKeySourceWithClient(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	hc, rc := newHTTPClient(data)
-	ks, err := newHTTPKeySource(context.Background(), "http://mock.url", option.WithHTTPClient(hc))
+	hc, rc := newTestHTTPClient(data)
+	ks, err := newHTTPKeySource("http://mock.url", hc)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -124,8 +119,8 @@ func TestHTTPKeySourceWithClient(t *testing.T) {
 }
 
 func TestHTTPKeySourceEmptyResponse(t *testing.T) {
-	hc, _ := newHTTPClient([]byte(""))
-	ks, err := newHTTPKeySource(context.Background(), "http://mock.url", option.WithHTTPClient(hc))
+	hc, _ := newTestHTTPClient([]byte(""))
+	ks, err := newHTTPKeySource("http://mock.url", hc)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -136,8 +131,8 @@ func TestHTTPKeySourceEmptyResponse(t *testing.T) {
 }
 
 func TestHTTPKeySourceIncorrectResponse(t *testing.T) {
-	hc, _ := newHTTPClient([]byte("{\"foo\": 1}"))
-	ks, err := newHTTPKeySource(context.Background(), "http://mock.url", option.WithHTTPClient(hc))
+	hc, _ := newTestHTTPClient([]byte("{\"foo\": 1}"))
+	ks, err := newHTTPKeySource("http://mock.url", hc)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -153,7 +148,7 @@ func TestHTTPKeySourceTransportError(t *testing.T) {
 			Err: errors.New("transport error"),
 		},
 	}
-	ks, err := newHTTPKeySource(context.Background(), "http://mock.url", option.WithHTTPClient(hc))
+	ks, err := newHTTPKeySource("http://mock.url", hc)
 	if err != nil {
 		t.Fatal(err)
 	}