Skip to main content

firebase_admin/auth/identity_toolkit/
endpoints.rs

1//! URL builders for the Identity Toolkit REST API.
2//!
3//! # Implementation status
4//!
5//! Paths below match the Identity Toolkit v1 REST reference as of this
6//! writing, but must be re-confirmed against
7//! <https://cloud.google.com/identity-platform/docs/reference/rest> before
8//! the corresponding operations in [`crate::auth::users::operations`] are
9//! implemented — do not assume they are exact.
10
11const IDENTITY_TOOLKIT_BASE: &str = "https://identitytoolkit.googleapis.com/v1";
12
13/// Builds Identity Toolkit v1 REST endpoint URLs for a given project.
14pub struct IdentityToolkitEndpoints {
15    base: String,
16    project_id: String,
17}
18
19impl IdentityToolkitEndpoints {
20    /// Endpoints pointed at the production Identity Toolkit API.
21    pub fn live(project_id: &str) -> Self {
22        Self {
23            base: IDENTITY_TOOLKIT_BASE.to_string(),
24            project_id: project_id.to_string(),
25        }
26    }
27
28    /// Endpoints pointed at a local Firebase Auth Emulator instance.
29    ///
30    /// `host` is the emulator host and port, e.g. `localhost:9099`.
31    pub fn emulator(host: &str, project_id: &str) -> Self {
32        Self {
33            base: format!("http://{host}/identitytoolkit.googleapis.com/v1"),
34            project_id: project_id.to_string(),
35        }
36    }
37
38    /// Endpoints pointed at an arbitrary base URL.
39    ///
40    /// Used by tests to point at a mock HTTP server; not exposed outside the
41    /// crate since real callers should use [`Self::live`] or
42    /// [`Self::emulator`].
43    #[cfg(test)]
44    pub(crate) fn custom(base: impl Into<String>) -> Self {
45        Self {
46            base: base.into(),
47            project_id: "test-project".to_string(),
48        }
49    }
50
51    /// `accounts:lookup` — fetch one or more users by uid, email, or phone number.
52    pub fn lookup(&self) -> String {
53        format!("{}/accounts:lookup", self.base)
54    }
55
56    /// `accounts:signUp` — create a new user (or, unauthenticated, sign one up).
57    pub fn sign_up(&self) -> String {
58        format!("{}/accounts:signUp", self.base)
59    }
60
61    /// `accounts:update` — update an existing user, including custom claims.
62    pub fn update(&self) -> String {
63        format!("{}/accounts:update", self.base)
64    }
65
66    /// `accounts:delete` — delete a user.
67    pub fn delete(&self) -> String {
68        format!("{}/accounts:delete", self.base)
69    }
70
71    /// `projects/{projectId}/accounts:batchGet` — list users, paginated via
72    /// `nextPageToken`.
73    ///
74    /// Unlike the other `accounts:*` operations, `batchGet` requires the
75    /// `projects/{projectId}` path segment and is called with `GET` (query
76    /// parameters), not `POST` with a JSON body — confirmed against the
77    /// Firebase Auth Emulator's own API spec after the flat
78    /// `/accounts:batchGet` path (matching every other operation here)
79    /// returned a 404 in practice.
80    pub fn batch_get(&self) -> String {
81        format!(
82            "{}/projects/{}/accounts:batchGet",
83            self.base, self.project_id
84        )
85    }
86
87    /// `projects/{projectId}:createSessionCookie` — exchange an ID token for
88    /// a session cookie.
89    ///
90    /// Not an `accounts:*` operation like the others in this crate — it's
91    /// `projects/{projectId}:createSessionCookie` with the colon directly
92    /// after the project ID segment. Confirmed against the Firebase Auth
93    /// Emulator's own API spec after the previous `/accounts:createSessionCookie`
94    /// path returned a 404 for every request, valid or not, in practice.
95    pub fn create_session_cookie(&self) -> String {
96        format!(
97            "{}/projects/{}:createSessionCookie",
98            self.base, self.project_id
99        )
100    }
101}