Revert "Update packages for googleapis_auth breaking changes (#170)"

demolaf · web-flow · commit f7db492cfe2e · 2026-02-18T19:39:42.000+01:00
This reverts commit 4304fa3.
diff --git a/packages/dart_firebase_admin/lib/src/app.dart b/packages/dart_firebase_admin/lib/src/app.dart
@@ -6,7 +6,6 @@ import 'dart:io';
 import 'dart:typed_data';
 
 import 'package:equatable/equatable.dart';
-import 'package:google_cloud/constants.dart' as google_cloud;
 import 'package:google_cloud/google_cloud.dart' as google_cloud;
 import 'package:googleapis/identitytoolkit/v3.dart' as auth3;
 import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;
diff --git a/packages/dart_firebase_admin/lib/src/app/emulator_client.dart b/packages/dart_firebase_admin/lib/src/app/emulator_client.dart
@@ -35,6 +35,10 @@ class EmulatorClient extends BaseClient implements googleapis_auth.AuthClient {
   googleapis_auth.AccessCredentials get credentials =>
       throw UnimplementedError();
 
+  @override
+  googleapis_auth.ServiceAccountCredentials? get serviceAccountCredentials =>
+      null;
+
   @override
   Future<StreamedResponse> send(BaseRequest request) async {
     final modifiedRequest = _RequestImpl(
@@ -72,6 +76,10 @@ class CloudTasksEmulatorClient implements googleapis_auth.AuthClient {
   googleapis_auth.AccessCredentials get credentials =>
       throw UnimplementedError();
 
+  @override
+  googleapis_auth.ServiceAccountCredentials? get serviceAccountCredentials =>
+      null;
+
   /// Rewrites the URL to remove `/v2/` prefix and route to emulator host.
   Uri _rewriteUrl(Uri url) {
     // Replace the path: remove /v2/ prefix if present
diff --git a/packages/dart_firebase_admin/lib/src/app/firebase_app.dart b/packages/dart_firebase_admin/lib/src/app/firebase_app.dart
@@ -140,7 +140,7 @@ class FirebaseApp {
   }) async {
     final env = environment ?? Zone.current[envSymbol] as Map<String, String>?;
     if (env != null) {
-      for (final envKey in google_cloud.projectIdEnvironmentVariableOptions) {
+      for (final envKey in google_cloud.gcpProjectIdEnvironmentVariables) {
         final value = env[envKey];
         if (value != null) return value;
       }
diff --git a/packages/dart_firebase_admin/lib/src/app_check/token_generator.dart b/packages/dart_firebase_admin/lib/src/app_check/token_generator.dart
@@ -4,6 +4,7 @@ import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;
 import 'package:meta/meta.dart';
 
 import '../../dart_firebase_admin.dart';
+import '../utils/auth_extension.dart';
 import 'app_check.dart';
 import 'app_check_api.dart';
 
@@ -32,7 +33,7 @@ class AppCheckTokenGenerator {
   ]) async {
     try {
       final authClient = await app.client;
-      final account = await authClient.getServiceAccountEmail();
+      final account = await authClient.getServiceAccountEmail;
 
       final header = {'alg': 'RS256', 'typ': 'JWT'};
       final iat = (DateTime.now().millisecondsSinceEpoch / 1000).floor();
@@ -47,11 +48,7 @@ class AppCheckTokenGenerator {
 
       final token = '${_encodeSegment(header)}.${_encodeSegment(body)}';
 
-      final signature = await authClient.sign(
-        utf8.encode(token),
-        serviceAccountCredentials:
-            app.options.credential?.serviceAccountCredentials,
-      );
+      final signature = await authClient.signBlob(utf8.encode(token));
 
       return '$token.$signature';
     } on googleapis_auth.ServerRequestFailedException catch (err) {
diff --git a/packages/dart_firebase_admin/lib/src/auth.dart b/packages/dart_firebase_admin/lib/src/auth.dart
@@ -14,6 +14,7 @@ import 'package:meta/meta.dart';
 
 import 'app.dart';
 import 'object_utils.dart';
+import 'utils/auth_extension.dart';
 import 'utils/jwt.dart';
 import 'utils/utils.dart';
 import 'utils/validator.dart';
diff --git a/packages/dart_firebase_admin/lib/src/auth/token_generator.dart b/packages/dart_firebase_admin/lib/src/auth/token_generator.dart
@@ -71,7 +71,7 @@ class _FirebaseTokenGenerator {
 
     try {
       final authClient = await _app.client;
-      final account = await authClient.getServiceAccountEmail();
+      final account = await authClient.getServiceAccountEmail;
 
       final header = {'alg': 'RS256', 'typ': 'JWT'};
       final iat = DateTime.now().millisecondsSinceEpoch ~/ 1000;
@@ -87,11 +87,7 @@ class _FirebaseTokenGenerator {
       };
 
       final token = '${_encodeSegment(header)}.${_encodeSegment(body)}';
-      final signature = await authClient.sign(
-        utf8.encode(token),
-        serviceAccountCredentials:
-            _app.options.credential?.serviceAccountCredentials,
-      );
+      final signature = await authClient.signBlob(utf8.encode(token));
 
       return '$token.$signature';
     } on googleapis_auth.ServerRequestFailedException catch (err, stack) {
diff --git a/packages/dart_firebase_admin/lib/src/functions/functions.dart b/packages/dart_firebase_admin/lib/src/functions/functions.dart
@@ -5,6 +5,7 @@ import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;
 import 'package:meta/meta.dart';
 
 import '../app.dart';
+import '../utils/auth_extension.dart';
 import '../utils/validator.dart';
 
 part 'functions_api.dart';
diff --git a/packages/dart_firebase_admin/lib/src/functions/functions_request_handler.dart b/packages/dart_firebase_admin/lib/src/functions/functions_request_handler.dart
@@ -253,9 +253,11 @@ class FunctionsRequestHandler {
       return;
     }
 
-    // Service credentials via `FirebaseApp.options`.
-    final isComputeEngine =
-        _httpClient.app.options.credential?.serviceAccountCredentials == null;
+    // Check if running as an extension with ComputeEngine credentials.
+    // ComputeEngine credentials are used when running on GCE/Cloud Run without
+    // a service account JSON file - indicated by credentials without local
+    // service account credentials (i.e., using metadata server).
+    final isComputeEngine = authClient.serviceAccountCredentials == null;
 
     if (extensionId != null && extensionId.isNotEmpty && isComputeEngine) {
       // Running as extension with ComputeEngine - use ID token with Authorization header.
@@ -274,7 +276,7 @@ class FunctionsRequestHandler {
 
     // Default: Use OIDC token with service account email.
     // Try to get service account email from credential first, then from metadata service.
-    final serviceAccountEmail = await authClient.getServiceAccountEmail();
+    final serviceAccountEmail = await authClient.getServiceAccountEmail;
 
     if (serviceAccountEmail.isEmpty) {
       throw FirebaseFunctionsAdminException(
diff --git a/packages/dart_firebase_admin/lib/src/utils/auth_extension.dart b/packages/dart_firebase_admin/lib/src/utils/auth_extension.dart
@@ -0,0 +1,16 @@
+import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;
+
+import '../app.dart';
+
+extension AuthExtension on googleapis_auth.AuthClient {
+  Future<String> get getServiceAccountEmail async =>
+      serviceAccountCredentials?.email ??
+      googleapis_auth.IAMSigner(this).getServiceAccountEmail();
+
+  /// Signs the given data using the IAM Credentials API or local credentials.
+  ///
+  /// Returns a base64-encoded signature string. In emulator mode, returns an
+  /// empty string to produce unsigned tokens.
+  Future<String> signBlob(List<int> data, {String? endpoint}) async =>
+      Environment.isAuthEmulatorEnabled() ? '' : sign(data, endpoint: endpoint);
+}
diff --git a/packages/dart_firebase_admin/pubspec.yaml b/packages/dart_firebase_admin/pubspec.yaml
@@ -14,7 +14,7 @@ dependencies:
   collection: ^1.18.0
   dart_jsonwebtoken: ^3.0.0
   equatable: ^2.0.7
-  google_cloud: ^0.3.0
+  google_cloud: ^0.2.1-beta.1
   googleapis: ^15.0.0
   googleapis_auth: ^2.1.0-beta.1
   googleapis_beta: ^9.0.0
diff --git a/packages/dart_firebase_admin/test/functions/functions_test.dart b/packages/dart_firebase_admin/test/functions/functions_test.dart
@@ -26,7 +26,6 @@ class FakeBaseRequest extends Fake implements BaseRequest {}
 /// Creates a mock HTTP client that handles OAuth token requests and
 /// optionally Cloud Tasks API requests.
 MockClient createMockHttpClient({
-  String? email,
   String? idToken,
   Response Function(Request)? apiHandler,
 }) {
@@ -61,15 +60,6 @@ MockClient createMockHttpClient({
       );
     }
 
-    // Handle Metadata Server requests for service account email
-    if (request.url.host == 'metadata.google.internal' &&
-        request.url.path.contains('/service-accounts/default/email')) {
-      if (email != null) {
-        return Response(email, 200, headers: {'Metadata-Flavor': 'Google'});
-      }
-      return Response('Not Found', 404);
-    }
-
     // Default response
     return Response('{}', 200);
   });
@@ -85,7 +75,6 @@ Future<auth.AuthClient> createTestAuthClient({
   Response Function(Request)? apiHandler,
 }) async {
   final baseClient = createMockHttpClient(
-    email: email,
     idToken: idToken,
     apiHandler: apiHandler,
   );
diff --git a/packages/googleapis_firestore/lib/src/firestore_http_client.dart b/packages/googleapis_firestore/lib/src/firestore_http_client.dart
@@ -1,6 +1,5 @@
 import 'dart:async';
 
-import 'package:google_cloud/constants.dart' as google_cloud;
 import 'package:google_cloud/google_cloud.dart' as google_cloud;
 import 'package:googleapis/firestore/v1.dart' as firestore_v1;
 import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;
@@ -46,6 +45,10 @@ class EmulatorClient extends BaseClient implements googleapis_auth.AuthClient {
   googleapis_auth.AccessCredentials get credentials =>
       throw UnimplementedError();
 
+  @override
+  googleapis_auth.ServiceAccountCredentials? get serviceAccountCredentials =>
+      null;
+
   @override
   Future<StreamedResponse> send(BaseRequest request) async {
     final modifiedRequest = _RequestImpl(
@@ -127,7 +130,7 @@ class FirestoreHttpClient {
 
     final env = _settings.environmentOverride;
     if (env != null) {
-      for (final envKey in google_cloud.projectIdEnvironmentVariableOptions) {
+      for (final envKey in google_cloud.gcpProjectIdEnvironmentVariables) {
         final value = env[envKey];
         if (value != null) {
           projectId = value;
diff --git a/packages/googleapis_firestore/pubspec.yaml b/packages/googleapis_firestore/pubspec.yaml
@@ -9,7 +9,7 @@ environment:
 
 dependencies:
   collection: ^1.18.0
-  google_cloud: ^0.3.0
+  google_cloud: ^0.2.1-beta.1
   googleapis: ^15.0.0
   googleapis_auth: ^2.0.0
   http: ^1.0.0
diff --git a/packages/googleapis_storage/lib/googleapis_storage.dart b/packages/googleapis_storage/lib/googleapis_storage.dart
@@ -12,6 +12,7 @@ import 'package:googleapis_auth/auth_io.dart';
 import 'package:googleapis_storage/src/internal/api_error.dart';
 import 'package:googleapis_storage/src/internal/api.dart';
 import 'package:googleapis_storage/src/internal/service.dart';
+import 'package:googleapis_storage/src/utils/auth_extension.dart';
 import 'package:http/http.dart' as http;
 import 'package:intl/intl.dart';
 import 'package:meta/meta.dart';
diff --git a/packages/googleapis_storage/lib/src/file.dart b/packages/googleapis_storage/lib/src/file.dart
@@ -1056,7 +1056,7 @@ class BucketFile extends ServiceObject<FileMetadata>
 
     // Get auth client and credentials
     final authClient = await storage.authClient;
-    final clientEmail = await authClient.getServiceAccountEmail();
+    final clientEmail = await authClient.getServiceAccountEmail;
 
     // Build credential string
     final todayISO = _formatDateStamp(now);
diff --git a/packages/googleapis_storage/lib/src/internal/emulator_client.dart b/packages/googleapis_storage/lib/src/internal/emulator_client.dart
@@ -37,6 +37,10 @@ class EmulatorClient extends BaseClient implements googleapis_auth.AuthClient {
   googleapis_auth.AccessCredentials get credentials =>
       throw UnimplementedError('EmulatorClient does not provide credentials');
 
+  @override
+  googleapis_auth.ServiceAccountCredentials? get serviceAccountCredentials =>
+      null;
+
   @override
   Future<StreamedResponse> send(BaseRequest request) async {
     final modifiedRequest = _RequestImpl(
diff --git a/packages/googleapis_storage/lib/src/signer.dart b/packages/googleapis_storage/lib/src/signer.dart
@@ -138,7 +138,7 @@ class URLSigner {
       endpoint: config.signedConfig.signingEndpoint?.toString(),
     );
 
-    final clientEmail = await authClient.getServiceAccountEmail();
+    final clientEmail = await authClient.getServiceAccountEmail;
 
     return {
       'GoogleAccessId': clientEmail,
@@ -202,7 +202,7 @@ class URLSigner {
 
     final authClient = await bucket.storage.authClient;
 
-    final clientEmail = await authClient.getServiceAccountEmail();
+    final clientEmail = await authClient.getServiceAccountEmail;
 
     final credentialString = '$clientEmail/$credentialScope';
     final dateISO = _formatAsUTCISO(config.accessibleAt, includeTime: true);
diff --git a/packages/googleapis_storage/lib/src/utils/auth_extension.dart b/packages/googleapis_storage/lib/src/utils/auth_extension.dart
@@ -0,0 +1,7 @@
+import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;
+
+extension AuthExtension on googleapis_auth.AuthClient {
+  Future<String> get getServiceAccountEmail async =>
+      serviceAccountCredentials?.email ??
+      googleapis_auth.IAMSigner(this).getServiceAccountEmail();
+}
diff --git a/packages/googleapis_storage/pubspec.yaml b/packages/googleapis_storage/pubspec.yaml
@@ -10,7 +10,7 @@ environment:
 dependencies:
   googleapis_auth: ^2.0.0
   googleapis: ^15.0.0
-  google_cloud: ^0.3.0
+  google_cloud: ^0.2.0
   http: ^1.6.0
   meta: ^1.17.0
   mime: ^2.0.0
diff --git a/pubspec.yaml b/pubspec.yaml
@@ -8,13 +8,6 @@ dev_dependencies:
   melos: ^7.3.0
   test: ^1.26.3
 
-dependency_overrides:
-  googleapis_auth:
-    git:
-      url: https://github.com/google/googleapis.dart.git
-      ref: drop_signer_class
-      path: googleapis_auth
-
 workspace:
   - packages/dart_firebase_admin
   - packages/googleapis_firestore

Original file line number	Diff line number	Diff line change
`@@ -140,7 +140,7 @@ class FirebaseApp {`
`140`	`140`	`}) async {`
`141`	`141`	`final env = environment ?? Zone.current[envSymbol] as Map<String, String>?;`
`142`	`142`	`if (env != null) {`
`143`		`- for (final envKey in google_cloud.projectIdEnvironmentVariableOptions) {`
	`143`	`+ for (final envKey in google_cloud.gcpProjectIdEnvironmentVariables) {`
`144`	`144`	`final value = env[envKey];`
`145`	`145`	`if (value != null) return value;`
`146`	`146`	`}`