Enable OIDC Token Exchange for BYO-CIAM (R-GCIP)

[srushtisv]

Description

This PR adds new public methods to Auth to support exchanging a third-party OIDC ID token for a Firebase ID token. This functionality is essential for the Bring Your Own CIAM (BYO-CIAM) feature, allowing integration with external OIDC providers within a Regionalized GCIP (R-GCIP) setup.

New Public API:

• struct FirebaseToken: Sendable: Holds the exchanged token (String) and its expirationDate (Date).
• Auth.exchangeToken(customToken: String, idpConfigId: String, useStaging: Bool, completion: @escaping (FirebaseToken?, Error?) -> Void): Method to exchange the token, taking a completion handler.
• Auth.exchangeToken(customToken: String, idpConfigId: String, useStaging: Bool) async throws -> FirebaseToken: Async/await version of the token exchange method.

Details:

• The exchangeToken methods use the ExchangeTokenRequest and ExchangeTokenResponse types to interact with the regionalized identityplatform.googleapis.com backend.
• These methods require that the Auth instance has been configured with a TenantConfig (via Auth.auth(app:tenantConfig:)), as location and tenantId are necessary to construct the correct regional endpoint URL. An error is returned if these are not set.
• Unlike standard sign-in methods, this flow does not create or update the currentUser on the Auth instance. It purely exchanges a token.

Introduces new public API surface to FirebaseAuth. This change depends on the previously introduced TenantConfig, ExchangeTokenRequest, and ExchangeTokenResponse.

[gemini-code-assist]

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

[google-oss-bot]

	1 Warning
⚠️	Did you forget to add a changelog entry? (Add #no-changelog to the PR description to silence this warning.)

Generated by 🚫 Danger