Implement R-GCIP Token-Only Session via `ExchangeToken` #14986

srushtisv · 2025-06-15T21:38:23Z

Description

This PR introduces support for a "token-only" session mode, primarily for Bring Your Own CIAM (BYO-CIAM) use cases with Regionalized GCIP (R-GCIP). This allows developers to use Firebase services with a Firebase token obtained from a third-party OIDC provider, without creating a User entity or a standard Firebase Auth session.

Key Changes

New Public API (Auth.exchangeToken): Adds exchangeToken(idToken:idpConfigId:completion:) and its async counterpart. This method exchanges a third-party OIDC ID token for a Firebase ID token.
Token-Only Session State: A new private property, _rGCIPFirebaseToken, has been added to the Auth class to store the token returned from exchangeToken. This state is mutually exclusive with currentUser.
AuthInterop Modification: The getToken(forcingRefresh:completion:) method in the AuthInterop extension has been updated. It now first checks for an active R-GCIP token session.
- If an active, non-expired token exists, it is returned.
- If the token is expired or forceRefresh is true, an AuthErrorCode.userTokenExpired error is returned, signaling that the developer must call exchangeToken again.
- If no R-GCIP token exists, the logic falls back to the original implementation using currentUser.
State Invalidation: Standard sign-in flows (e.g., signInWithEmail:password:) now clear the R-GCIP token session to prevent conflicting states.
Unit Tests: Added a new test suite, ExchangeTokenRequestTests.swift, to validate the URL construction and body of the new API request. Updated AuthTests.swift to cover the new AuthInterop logic paths.

Changelog

Added support to Auth.exchangeToken(idToken:idpConfigId:completion:) R-GCIP sessions by exchanging a third-party OIDC token for a Firebase token.
The AuthInterop protocol now supports a token-only authentication state, which is activated by a successful exchangeToken call.

gemini-code-assist · 2025-06-15T21:38:27Z

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

google-oss-bot · 2025-06-15T21:39:16Z

	1 Warning
⚠️	Did you forget to add a changelog entry? (Add #no-changelog to the PR description to silence this warning.)

Generated by 🚫 Danger

ncooke3 · 2025-06-18T03:24:02Z