chore: Introducing FirebaseAdmin.Auth.Jwt namespace for internal APIs (#226)

* chore: Introducing FirebaseAdmin.Auth.Jwt namespace for internal APIs

* chore: Moving IPublicKeySource and related classes to Jwt

Author: hiranya911

FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseAuthTest.cs

@@ -20,6 +20,7 @@
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
+using FirebaseAdmin.Auth.Jwt;
 using Google.Apis.Auth.OAuth2;
 using Xunit;
 
@@ -125,31 +126,6 @@ public async Task CreateCustomTokenInvalidCredential()
             Assert.Equal(errorMessage, ex.Message);
         }
 
-        [Fact]
-        public async Task VerifyIdTokenNoProjectId()
-        {
-            FirebaseApp.Create(new AppOptions() { Credential = MockCredential });
-            var idToken = await IdTokenVerificationTest.CreateTestTokenAsync();
-            await Assert.ThrowsAsync<ArgumentException>(
-                async () => await FirebaseAuth.DefaultInstance.VerifyIdTokenAsync(idToken));
-        }
-
-        [Fact]
-        public async Task VerifyIdTokenCancel()
-        {
-            FirebaseApp.Create(new AppOptions()
-            {
-                Credential = MockCredential,
-                ProjectId = "test-project",
-            });
-            var canceller = new CancellationTokenSource();
-            canceller.Cancel();
-            var idToken = await IdTokenVerificationTest.CreateTestTokenAsync();
-            await Assert.ThrowsAnyAsync<OperationCanceledException>(
-                async () => await FirebaseAuth.DefaultInstance.VerifyIdTokenAsync(
-                    idToken, canceller.Token));
-        }
-
         [Fact]
         public async Task SetCustomUserClaimsNoProjectId()
         {

FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseUserManagerTest.cs

@@ -19,6 +19,7 @@
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Threading.Tasks;
+using FirebaseAdmin.Auth.Jwt;
 using FirebaseAdmin.Tests;
 using FirebaseAdmin.Util;
 using Google.Apis.Auth.OAuth2;

FirebaseAdmin/FirebaseAdmin.Tests/Auth/ImportUserRecordArgsTest.cs

@@ -16,6 +16,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
+using FirebaseAdmin.Auth.Jwt;
 using Google.Apis.Json;
 using Newtonsoft.Json;
 using Xunit;

FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseTokenFactoryTest.cs renamed to FirebaseAdmin/FirebaseAdmin.Tests/Auth/Jwt/FirebaseTokenFactoryTest.cs

@@ -14,19 +14,14 @@
 
 using System;
 using System.Collections.Generic;
-using System.IO;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using FirebaseAdmin.Auth;
 using FirebaseAdmin.Tests;
 using Google.Apis.Auth;
-using Google.Apis.Util;
 using Xunit;
 
-namespace FirebaseAdmin.Auth.Tests
+namespace FirebaseAdmin.Auth.Jwt.Tests
 {
     public class FirebaseTokenFactoryTest
     {

FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseTokenVerifierTest.cs renamed to FirebaseAdmin/FirebaseAdmin.Tests/Auth/Jwt/FirebaseTokenVerifierTest.cs

@@ -16,7 +16,7 @@
 using Google.Apis.Auth.OAuth2;
 using Xunit;
 
-namespace FirebaseAdmin.Auth.Tests
+namespace FirebaseAdmin.Auth.Jwt.Tests
 {
     public class FirebaseTokenVerifierTest : IDisposable
     {

FirebaseAdmin/FirebaseAdmin.Tests/Auth/HttpPublicKeySourceTest.cs renamed to FirebaseAdmin/FirebaseAdmin.Tests/Auth/Jwt/HttpPublicKeySourceTest.cs

@@ -21,7 +21,7 @@
 using FirebaseAdmin.Tests;
 using Xunit;
 
-namespace FirebaseAdmin.Auth.Tests
+namespace FirebaseAdmin.Auth.Jwt.Tests
 {
     public class HttpPublicKeySourceTest
     {

FirebaseAdmin/FirebaseAdmin.Tests/Auth/IAMSignerTest.cs renamed to FirebaseAdmin/FirebaseAdmin.Tests/Auth/Jwt/IAMSignerTest.cs

@@ -24,7 +24,7 @@
 using Google.Apis.Json;
 using Xunit;
 
-namespace FirebaseAdmin.Auth.Tests
+namespace FirebaseAdmin.Auth.Jwt.Tests
 {
     public class IAMSignerTest
     {

FirebaseAdmin/FirebaseAdmin.Tests/Auth/IdTokenVerificationTest.cs renamed to FirebaseAdmin/FirebaseAdmin.Tests/Auth/Jwt/IdTokenVerificationTest.cs

@@ -28,7 +28,7 @@
 using Google.Apis.Util;
 using Xunit;
 
-namespace FirebaseAdmin.Auth.Tests
+namespace FirebaseAdmin.Auth.Jwt.Tests
 {
     public class IdTokenVerificationTest
     {
@@ -44,6 +44,14 @@ public class IdTokenVerificationTest
         private static readonly GoogleCredential MockCredential =
             GoogleCredential.FromAccessToken("test-token");
 
+        [Fact]
+        public void NoProjectId()
+        {
+            var args = FirebaseTokenVerifierArgs.ForIdTokens(null, KeySource, Clock);
+
+            Assert.Throws<ArgumentException>(() => new FirebaseTokenVerifier(args));
+        }
+
         [Fact]
         public async Task ValidToken()
         {
@@ -359,6 +367,18 @@ public async Task CheckRevokedError()
             Assert.Equal(1, handler.Calls);
         }
 
+        [Fact]
+        public async Task VerifyIdTokenCancel()
+        {
+            var auth = this.CreateFirebaseAuth();
+            var canceller = new CancellationTokenSource();
+            canceller.Cancel();
+            var idToken = await IdTokenVerificationTest.CreateTestTokenAsync();
+
+            await Assert.ThrowsAnyAsync<OperationCanceledException>(
+                () => auth.VerifyIdTokenAsync(idToken, canceller.Token));
+        }
+
         /// <summary>
         /// Creates a mock ID token for testing purposes. By default the created token has an issue
         /// time 10 minutes ago, and an expirty time 50 minutes into the future. All header and
@@ -458,6 +478,7 @@ public FileSystemPublicKeySource(string file)
         public Task<IReadOnlyList<PublicKey>> GetPublicKeysAsync(
             CancellationToken cancellationToken)
         {
+            cancellationToken.ThrowIfCancellationRequested();
             return Task.FromResult(this.rsa);
         }
     }

FirebaseAdmin/FirebaseAdmin.Tests/Auth/ServiceAccountSignerTest.cs renamed to FirebaseAdmin/FirebaseAdmin.Tests/Auth/Jwt/ServiceAccountSignerTest.cs

@@ -18,11 +18,10 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading.Tasks;
-using FirebaseAdmin.Auth;
 using Google.Apis.Auth.OAuth2;
 using Xunit;
 
-namespace FirebaseAdmin.Auth.Tests
+namespace FirebaseAdmin.Auth.Jwt.Tests
 {
     public class ServiceAccountSignerTest
     {

FirebaseAdmin/FirebaseAdmin.Tests/Auth/SessionCookieVerificationTest.cs renamed to FirebaseAdmin/FirebaseAdmin.Tests/Auth/Jwt/SessionCookieVerificationTest.cs

@@ -23,7 +23,7 @@
 using Google.Apis.Util;
 using Xunit;
 
-namespace FirebaseAdmin.Auth.Tests
+namespace FirebaseAdmin.Auth.Jwt.Tests
 {
     public class SessionCookieVerificationTest
     {
@@ -36,6 +36,14 @@ public class SessionCookieVerificationTest
 
         private static readonly ISigner Signer = IdTokenVerificationTest.CreateTestSigner();
 
+        [Fact]
+        public void NoProjectId()
+        {
+            var args = FirebaseTokenVerifierArgs.ForSessionCookies(null, KeySource, Clock);
+
+            Assert.Throws<ArgumentException>(() => new FirebaseTokenVerifier(args));
+        }
+
         [Fact]
         public async Task ValidSessionCookie()
         {

FirebaseAdmin/FirebaseAdmin/Auth/FirebaseAuth.cs

@@ -16,6 +16,7 @@
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
+using FirebaseAdmin.Auth.Jwt;
 using FirebaseAdmin.Auth.Multitenancy;
 using FirebaseAdmin.Auth.Providers;
 using Google.Api.Gax;

FirebaseAdmin/FirebaseAdmin/Auth/FirebaseToken.cs

@@ -13,6 +13,7 @@
 // limitations under the License.
 
 using System.Collections.Generic;
+using Newtonsoft.Json;
 
 namespace FirebaseAdmin.Auth
 {
@@ -22,7 +23,7 @@ namespace FirebaseAdmin.Auth
     /// </summary>
     public sealed class FirebaseToken
     {
-        internal FirebaseToken(FirebaseTokenArgs args)
+        internal FirebaseToken(Args args)
         {
             this.Issuer = args.Issuer;
             this.Subject = args.Subject;
@@ -71,5 +72,26 @@ internal FirebaseToken(FirebaseTokenArgs args)
         /// access custom claims of the token.
         /// </summary>
         public IReadOnlyDictionary<string, object> Claims { get; private set; }
+
+        internal sealed class Args
+        {
+            [JsonProperty("iss")]
+            public string Issuer { get; set; }
+
+            [JsonProperty("sub")]
+            public string Subject { get; set; }
+
+            [JsonProperty("aud")]
+            public string Audience { get; set; }
+
+            [JsonProperty("exp")]
+            public long ExpirationTimeSeconds { get; set; }
+
+            [JsonProperty("iat")]
+            public long IssuedAtTimeSeconds { get; set; }
+
+            [JsonIgnore]
+            public IReadOnlyDictionary<string, object> Claims { get; set; }
+        }
     }
 }

FirebaseAdmin/FirebaseAdmin/Auth/FirebaseTokenArgs.cs

@@ -15,6 +15,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using FirebaseAdmin.Auth.Jwt;
 using Newtonsoft.Json;
 
 namespace FirebaseAdmin.Auth

FirebaseAdmin/FirebaseAdmin/Auth/ImportUserRecordArgs.cs

@@ -27,7 +27,7 @@
 "3003684e85e61cf15f13150008c81f0b75a252673028e530ea95d0c581378da8c6846526ab9597" +
 "4c6d0bc66d2462b51af69968a0e25114bde8811e0d6ee1dc22d4a59eee6a8bba4712cba839652f" +
 "badddb9c")]
-namespace FirebaseAdmin.Auth
+namespace FirebaseAdmin.Auth.Jwt
 {
     /// <summary>
     /// A helper class that creates Firebase custom tokens.

FirebaseAdmin/FirebaseAdmin/Auth/FirebaseTokenFactory.cs renamed to FirebaseAdmin/FirebaseAdmin/Auth/Jwt/FirebaseTokenFactory.cs

@@ -25,7 +25,7 @@
 using Google.Apis.Http;
 using Google.Apis.Util;
 
-namespace FirebaseAdmin.Auth
+namespace FirebaseAdmin.Auth.Jwt
 {
     /// <summary>
     /// A helper class that can be used to verify signed Firebase tokens (e.g. ID tokens).
@@ -127,7 +127,7 @@ internal async Task<FirebaseToken> VerifyTokenAsync(
             }
 
             var header = JwtUtils.Decode<JsonWebSignature.Header>(segments[0]);
-            var payload = JwtUtils.Decode<FirebaseTokenArgs>(segments[1]);
+            var payload = JwtUtils.Decode<FirebaseToken.Args>(segments[1]);
             var projectIdMessage = $"Make sure the {this.shortName} comes from the same Firebase "
                 + "project as the credential used to initialize this SDK.";
             var verifyTokenMessage = $"See {this.url} for details on how to retrieve a value "

FirebaseAdmin/FirebaseAdmin/Auth/FirebaseTokenVerifier.cs renamed to FirebaseAdmin/FirebaseAdmin/Auth/Jwt/FirebaseTokenVerifier.cs

@@ -14,7 +14,7 @@
 
 using Google.Apis.Util;
 
-namespace FirebaseAdmin.Auth
+namespace FirebaseAdmin.Auth.Jwt
 {
     internal sealed class FirebaseTokenVerifierArgs
     {

FirebaseAdmin/FirebaseAdmin/Auth/FirebaseTokenVerifierArgs.cs renamed to FirebaseAdmin/FirebaseAdmin/Auth/Jwt/FirebaseTokenVerifierArgs.cs

@@ -19,7 +19,7 @@
 using Google.Apis.Http;
 using Google.Apis.Util;
 
-namespace FirebaseAdmin.Auth
+namespace FirebaseAdmin.Auth.Jwt
 {
     /// <summary>
     /// An <see cref="ISigner"/> implementation that uses the IAM service to sign data. Unlike

FirebaseAdmin/FirebaseAdmin/Auth/FixedAccountIAMSigner.cs renamed to FirebaseAdmin/FirebaseAdmin/Auth/Jwt/FixedAccountIAMSigner.cs

@@ -32,7 +32,7 @@
 #error Unsupported target
 #endif
 
-namespace FirebaseAdmin.Auth
+namespace FirebaseAdmin.Auth.Jwt
 {
     /// <summary>
     /// An <see cref="IPublicKeySource"/> implementation that retrieves public keys from a remote

FirebaseAdmin/FirebaseAdmin/Auth/HttpPublicKeySource.cs renamed to FirebaseAdmin/FirebaseAdmin/Auth/Jwt/HttpPublicKeySource.cs

@@ -21,7 +21,7 @@
 using Google.Apis.Http;
 using Google.Apis.Json;
 
-namespace FirebaseAdmin.Auth
+namespace FirebaseAdmin.Auth.Jwt
 {
     /// <summary>
     /// An <see cref="ISigner"/> implementation that uses the

FirebaseAdmin/FirebaseAdmin/Auth/IAMSigner.cs renamed to FirebaseAdmin/FirebaseAdmin/Auth/Jwt/IAMSigner.cs

@@ -16,7 +16,7 @@
 using System.Threading;
 using System.Threading.Tasks;
 
-namespace FirebaseAdmin.Auth
+namespace FirebaseAdmin.Auth.Jwt
 {
     /// <summary>
     /// An object that can be used to retrieve a set of RSA public keys for verifying signatures.

FirebaseAdmin/FirebaseAdmin/Auth/IPublicKeySource.cs renamed to FirebaseAdmin/FirebaseAdmin/Auth/Jwt/IPublicKeySource.cs

@@ -16,7 +16,7 @@
 using System.Threading;
 using System.Threading.Tasks;
 
-namespace FirebaseAdmin.Auth
+namespace FirebaseAdmin.Auth.Jwt
 {
     /// <summary>
     /// Represents an object can be used to cryptographically sign data. Mainly used for signing

FirebaseAdmin/FirebaseAdmin/Auth/ISigner.cs renamed to FirebaseAdmin/FirebaseAdmin/Auth/Jwt/ISigner.cs

@@ -18,7 +18,7 @@
 using System.Threading.Tasks;
 using Google.Apis.Json;
 
-namespace FirebaseAdmin.Auth
+namespace FirebaseAdmin.Auth.Jwt
 {
     /// <summary>
     /// A collection of utilities for encoding and decoding JWTs.

FirebaseAdmin/FirebaseAdmin/Auth/JwtUtils.cs renamed to FirebaseAdmin/FirebaseAdmin/Auth/Jwt/JwtUtils.cs

@@ -20,7 +20,7 @@
 #error Unsupported target
 #endif
 
-namespace FirebaseAdmin.Auth
+namespace FirebaseAdmin.Auth.Jwt
 {
     /// <summary>
     /// Represents an RSA public key, which can be used to verify signatures.