refactoring identityToolkitRequest with corrected logic for r-gcip

Author: srushtisv

FirebaseAuth/Sources/Swift/Auth/Auth.swift

@@ -209,6 +209,11 @@ public struct AuthExchangeToken: Sendable {
     return auth
   }
 
+//  public static func auth(app: FirebaseApp, tenantConfig: nil) -> Auth {
+//    let auth = auth(app: app)
+//    return auth
+//  }
+
   /// Synchronously gets the cached current user, or null if there is none.
   @objc public var currentUser: User? {
     kAuthGlobalWorkQueue.sync {

FirebaseAuth/Sources/Swift/Backend/IdentityToolkitRequest.swift

@@ -12,46 +12,51 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import FirebaseCore
 import Foundation
 
 private let kHttpsProtocol = "https:"
 private let kHttpProtocol = "http:"
-// Legacy GCIP v1 hosts
+
+private let kEmulatorHostAndPrefixFormat = "%@/%@"
+
+/// Host for server API calls. This should be changed via
+/// `IdentityToolkitRequest.setHost(_ host:)` for testing purposes only.
+private nonisolated(unsafe) var gAPIHost = "www.googleapis.com"
+
 private let kFirebaseAuthAPIHost = "www.googleapis.com"
+private let kIdentityPlatformAPIHost = "identitytoolkit.googleapis.com"
+private let kRegionalGCIPAPIHost = "identityplatform.googleapis.com" // Regional R-GCIP v2 hosts
+
 private let kFirebaseAuthStagingAPIHost = "staging-www.sandbox.googleapis.com"
-// Regional R-GCIP v2 hosts
-private let kRegionalGCIPAPIHost = "identityplatform.googleapis.com"
-private let kRegionalGCIPStagingAPIHost = "staging-identityplatform.sandbox.googleapis.com"
-#if compiler(>=6)
-  private nonisolated(unsafe) var gAPIHost = "www.googleapis.com"
-#else
-  private var gAPIHost = "www.googleapis.com"
-#endif
-
-/// Represents a request to an Identity Toolkit endpoint, routing either to
-/// legacy GCIP v1 or regionalized R-GCIP v2 based on presence of tenantID.
+private let kIdentityPlatformStagingAPIHost =
+  "staging-identitytoolkit.sandbox.googleapis.com"
+private let kRegionalGCIPStagingAPIHost =
+  "staging-identityplatform.sandbox.googleapis.com" // Regional R-GCIP v2 hosts
+
+/// Represents a request to an identity toolkit endpoint  routing either to  legacy GCIP or
+/// regionalized R-GCIP
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
 class IdentityToolkitRequest {
-  /// RPC endpoint name, e.g. "signInWithPassword" or full exchange path
+  /// Gets the RPC's endpoint.
   let endpoint: String
+
   /// Gets the client's API key used for the request.
   var apiKey: String
-  /// The tenant ID of the request. nil if none is available.
+
+  /// The tenant ID of the request. nil if none is available (not for r-gcip).
   let tenantID: String?
+
   /// The toggle of using Identity Platform endpoints.
   let useIdentityPlatform: Bool
+
   /// The toggle of using staging endpoints.
   let useStaging: Bool
+
   /// The type of the client that the request sent from, which should be CLIENT_TYPE_IOS;
   var clientType: String
 
-  /// Optional local emulator host and port
-  var emulatorHostAndPort: String? {
-    return _requestConfiguration.emulatorHostAndPort
-  }
-
   private let _requestConfiguration: AuthRequestConfiguration
+
   init(endpoint: String, requestConfiguration: AuthRequestConfiguration,
        useIdentityPlatform: Bool = false, useStaging: Bool = false) {
     self.endpoint = endpoint
@@ -63,75 +68,79 @@ class IdentityToolkitRequest {
     tenantID = requestConfiguration.auth?.tenantID
   }
 
-  /// Override this if you need query parameters (default none)
   func queryParams() -> String {
     return ""
   }
 
-  /// Provide the same configuration for AuthBackend
-  func requestConfiguration() -> AuthRequestConfiguration {
-    return _requestConfiguration
-  }
-
-  /// Build the full URL, branching on whether tenantID is set.
+  /// Returns the request's full URL.
   func requestURL() -> URL {
-    let protocolScheme: String
-    let hostPrefix: String
+    let apiProtocol: String
+    let apiHostAndPathPrefix: String
     let urlString: String
-
-    // R-GCIP v2 if location AND tenantID from requestConfiguration are non-nil.
+    let emulatorHostAndPort = _requestConfiguration.emulatorHostAndPort
+    /// R-GCIP
     if let region = _requestConfiguration.location,
        let tenant = _requestConfiguration.tenantId, // Use tenantId from requestConfiguration
        !region.isEmpty,
        !tenant.isEmpty {
       let projectID = _requestConfiguration.auth?.app?.options.projectID
       // Choose emulator, staging, or prod host
-      if let emu = emulatorHostAndPort {
-        protocolScheme = kHttpProtocol
-        hostPrefix = "\(emu)/\(kRegionalGCIPAPIHost)"
+      if let emulatorHostAndPort = emulatorHostAndPort {
+        apiProtocol = kHttpProtocol
+        apiHostAndPathPrefix = "\(emulatorHostAndPort)/\(kRegionalGCIPAPIHost)"
       } else if useStaging {
-        protocolScheme = kHttpsProtocol
-        hostPrefix = kRegionalGCIPStagingAPIHost
+        apiProtocol = kHttpsProtocol
+        apiHostAndPathPrefix = kRegionalGCIPStagingAPIHost
       } else {
-        protocolScheme = kHttpsProtocol
-        hostPrefix = kRegionalGCIPAPIHost
+        apiProtocol = kHttpsProtocol
+        apiHostAndPathPrefix = kRegionalGCIPAPIHost
       }
-
-      // Regionalized v2 path
       urlString =
-        "\(protocolScheme)//\(hostPrefix)/v2/projects/\(projectID ?? "projectID")"
+        "\(apiProtocol)//\(apiHostAndPathPrefix)/v2/projects/\(projectID ?? "projectID")"
           + "/locations/\(region)/tenants/\(tenant)/idpConfigs/\(endpoint)?key=\(apiKey)"
+    }
+    // legacy gcip existing logic
+    else if useIdentityPlatform {
+      if let emulatorHostAndPort = emulatorHostAndPort {
+        apiProtocol = kHttpProtocol
+        apiHostAndPathPrefix = "\(emulatorHostAndPort)/\(kIdentityPlatformAPIHost)"
+      } else if useStaging {
+        apiHostAndPathPrefix = kIdentityPlatformStagingAPIHost
+        apiProtocol = kHttpsProtocol
+      } else {
+        apiHostAndPathPrefix = kIdentityPlatformAPIHost
+        apiProtocol = kHttpsProtocol
+      }
+      urlString = "\(apiProtocol)//\(apiHostAndPathPrefix)/v2/\(endpoint)?key=\(apiKey)"
 
     } else {
-      // Legacy GCIP v1 branch
-      if let emu = emulatorHostAndPort {
-        protocolScheme = kHttpProtocol
-        hostPrefix = "\(emu)/\(kFirebaseAuthAPIHost)"
+      if let emulatorHostAndPort = emulatorHostAndPort {
+        apiProtocol = kHttpProtocol
+        apiHostAndPathPrefix = "\(emulatorHostAndPort)/\(kFirebaseAuthAPIHost)"
       } else if useStaging {
-        protocolScheme = kHttpsProtocol
-        hostPrefix = kFirebaseAuthStagingAPIHost
+        apiProtocol = kHttpsProtocol
+        apiHostAndPathPrefix = kFirebaseAuthStagingAPIHost
       } else {
-        protocolScheme = kHttpsProtocol
-        hostPrefix = kFirebaseAuthAPIHost
+        apiProtocol = kHttpsProtocol
+        apiHostAndPathPrefix = kFirebaseAuthAPIHost
       }
       urlString =
-        "\(protocolScheme)//\(hostPrefix)" +
-        "/identitytoolkit/v3/relyingparty/\(endpoint)?key=\(apiKey)"
+        "\(apiProtocol)//\(apiHostAndPathPrefix)/identitytoolkit/v3/relyingparty/\(endpoint)?key=\(apiKey)"
     }
     guard let returnURL = URL(string: "\(urlString)\(queryParams())") else {
       fatalError("Internal Auth error: Failed to generate URL for \(urlString)")
     }
     return returnURL
   }
 
-  // MARK: - Testing API
-
-  /// For testing: override the global host for legacy flows
-  static var host: String {
-    get { gAPIHost }
-    set { gAPIHost = newValue }
+  /// Returns the request's configuration.
+  func requestConfiguration() -> AuthRequestConfiguration {
+    _requestConfiguration
   }
 
+  // MARK: Internal API for development
+
+  static var host: String { gAPIHost }
   static func setHost(_ host: String) {
     gAPIHost = host
   }