firebase_admin/auth/identity_toolkit/endpoints.rs
1//! URL builders for the Identity Toolkit REST API.
2//!
3//! # Implementation status
4//!
5//! Paths below match the Identity Toolkit v1 REST reference as of this
6//! writing, but must be re-confirmed against
7//! <https://cloud.google.com/identity-platform/docs/reference/rest> before
8//! the corresponding operations in [`crate::auth::users::operations`] are
9//! implemented — do not assume they are exact.
10
11const IDENTITY_TOOLKIT_BASE: &str = "https://identitytoolkit.googleapis.com/v1";
12
13/// Builds Identity Toolkit v1 REST endpoint URLs for a given project.
14pub struct IdentityToolkitEndpoints {
15 base: String,
16 project_id: String,
17}
18
19impl IdentityToolkitEndpoints {
20 /// Endpoints pointed at the production Identity Toolkit API.
21 pub fn live(project_id: &str) -> Self {
22 Self {
23 base: IDENTITY_TOOLKIT_BASE.to_string(),
24 project_id: project_id.to_string(),
25 }
26 }
27
28 /// Endpoints pointed at a local Firebase Auth Emulator instance.
29 ///
30 /// `host` is the emulator host and port, e.g. `localhost:9099`.
31 pub fn emulator(host: &str, project_id: &str) -> Self {
32 Self {
33 base: format!("http://{host}/identitytoolkit.googleapis.com/v1"),
34 project_id: project_id.to_string(),
35 }
36 }
37
38 /// Endpoints pointed at an arbitrary base URL.
39 ///
40 /// Used by tests to point at a mock HTTP server; not exposed outside the
41 /// crate since real callers should use [`Self::live`] or
42 /// [`Self::emulator`].
43 #[cfg(test)]
44 pub(crate) fn custom(base: impl Into<String>) -> Self {
45 Self {
46 base: base.into(),
47 project_id: "test-project".to_string(),
48 }
49 }
50
51 /// `accounts:lookup` — fetch one or more users by uid, email, or phone number.
52 pub fn lookup(&self) -> String {
53 format!("{}/accounts:lookup", self.base)
54 }
55
56 /// `accounts:signUp` — create a new user (or, unauthenticated, sign one up).
57 pub fn sign_up(&self) -> String {
58 format!("{}/accounts:signUp", self.base)
59 }
60
61 /// `accounts:update` — update an existing user, including custom claims.
62 pub fn update(&self) -> String {
63 format!("{}/accounts:update", self.base)
64 }
65
66 /// `accounts:delete` — delete a user.
67 pub fn delete(&self) -> String {
68 format!("{}/accounts:delete", self.base)
69 }
70
71 /// `projects/{projectId}/accounts:batchGet` — list users, paginated via
72 /// `nextPageToken`.
73 ///
74 /// Unlike the other `accounts:*` operations, `batchGet` requires the
75 /// `projects/{projectId}` path segment and is called with `GET` (query
76 /// parameters), not `POST` with a JSON body — confirmed against the
77 /// Firebase Auth Emulator's own API spec after the flat
78 /// `/accounts:batchGet` path (matching every other operation here)
79 /// returned a 404 in practice.
80 pub fn batch_get(&self) -> String {
81 format!(
82 "{}/projects/{}/accounts:batchGet",
83 self.base, self.project_id
84 )
85 }
86
87 /// `projects/{projectId}:createSessionCookie` — exchange an ID token for
88 /// a session cookie.
89 ///
90 /// Not an `accounts:*` operation like the others in this crate — it's
91 /// `projects/{projectId}:createSessionCookie` with the colon directly
92 /// after the project ID segment. Confirmed against the Firebase Auth
93 /// Emulator's own API spec after the previous `/accounts:createSessionCookie`
94 /// path returned a 404 for every request, valid or not, in practice.
95 pub fn create_session_cookie(&self) -> String {
96 format!(
97 "{}/projects/{}:createSessionCookie",
98 self.base, self.project_id
99 )
100 }
101}