Update packages for googleapis_auth breaking changes

packages/dart_firebase_admin/lib/src/app.dart

@@ -6,6 +6,7 @@ import 'dart:io';
 import 'dart:typed_data';
 
 import 'package:equatable/equatable.dart';
+import 'package:google_cloud/constants.dart' as google_cloud;
 import 'package:google_cloud/google_cloud.dart' as google_cloud;
 import 'package:googleapis/identitytoolkit/v3.dart' as auth3;
 import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;

packages/dart_firebase_admin/lib/src/app/emulator_client.dart

@@ -35,10 +35,6 @@ class EmulatorClient extends BaseClient implements googleapis_auth.AuthClient {
   googleapis_auth.AccessCredentials get credentials =>
       throw UnimplementedError();
 
-  @override
-  googleapis_auth.ServiceAccountCredentials? get serviceAccountCredentials =>
-      null;
-
   @override
   Future<StreamedResponse> send(BaseRequest request) async {
     final modifiedRequest = _RequestImpl(
@@ -76,10 +72,6 @@ class CloudTasksEmulatorClient implements googleapis_auth.AuthClient {
   googleapis_auth.AccessCredentials get credentials =>
       throw UnimplementedError();
 
-  @override
-  googleapis_auth.ServiceAccountCredentials? get serviceAccountCredentials =>
-      null;
-
   /// Rewrites the URL to remove `/v2/` prefix and route to emulator host.
   Uri _rewriteUrl(Uri url) {
     // Replace the path: remove /v2/ prefix if present

packages/dart_firebase_admin/lib/src/app/firebase_app.dart

@@ -140,7 +140,7 @@ class FirebaseApp {
   }) async {
     final env = environment ?? Zone.current[envSymbol] as Map<String, String>?;
     if (env != null) {
-      for (final envKey in google_cloud.gcpProjectIdEnvironmentVariables) {
+      for (final envKey in google_cloud.projectIdEnvironmentVariableOptions) {
         final value = env[envKey];
         if (value != null) return value;
       }

packages/dart_firebase_admin/lib/src/app_check/token_generator.dart

@@ -4,7 +4,6 @@ import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;
 import 'package:meta/meta.dart';
 
 import '../../dart_firebase_admin.dart';
-import '../utils/auth_extension.dart';
 import 'app_check.dart';
 import 'app_check_api.dart';
 
@@ -33,7 +32,7 @@ class AppCheckTokenGenerator {
   ]) async {
     try {
       final authClient = await app.client;
-      final account = await authClient.getServiceAccountEmail;
+      final account = await authClient.getServiceAccountEmail();
 
       final header = {'alg': 'RS256', 'typ': 'JWT'};
       final iat = (DateTime.now().millisecondsSinceEpoch / 1000).floor();
@@ -48,7 +47,11 @@ class AppCheckTokenGenerator {
 
       final token = '${_encodeSegment(header)}.${_encodeSegment(body)}';
 
-      final signature = await authClient.signBlob(utf8.encode(token));
+      final signature = await authClient.sign(
+        utf8.encode(token),
+        serviceAccountCredentials:
+            app.options.credential?.serviceAccountCredentials,
+      );
 
       return '$token.$signature';
     } on googleapis_auth.ServerRequestFailedException catch (err) {

packages/dart_firebase_admin/lib/src/auth.dart

@@ -14,7 +14,6 @@ import 'package:meta/meta.dart';
 
 import 'app.dart';
 import 'object_utils.dart';
-import 'utils/auth_extension.dart';
 import 'utils/jwt.dart';
 import 'utils/utils.dart';
 import 'utils/validator.dart';

packages/dart_firebase_admin/lib/src/auth/token_generator.dart

@@ -71,7 +71,7 @@ class _FirebaseTokenGenerator {
 
     try {
       final authClient = await _app.client;
-      final account = await authClient.getServiceAccountEmail;
+      final account = await authClient.getServiceAccountEmail();
 
       final header = {'alg': 'RS256', 'typ': 'JWT'};
       final iat = DateTime.now().millisecondsSinceEpoch ~/ 1000;
@@ -87,7 +87,11 @@ class _FirebaseTokenGenerator {
       };
 
       final token = '${_encodeSegment(header)}.${_encodeSegment(body)}';
-      final signature = await authClient.signBlob(utf8.encode(token));
+      final signature = await authClient.sign(
+        utf8.encode(token),
+        serviceAccountCredentials:
+            _app.options.credential?.serviceAccountCredentials,
+      );
 
       return '$token.$signature';
     } on googleapis_auth.ServerRequestFailedException catch (err, stack) {

packages/dart_firebase_admin/lib/src/functions/functions.dart

@@ -5,7 +5,6 @@ import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;
 import 'package:meta/meta.dart';
 
 import '../app.dart';
-import '../utils/auth_extension.dart';
 import '../utils/validator.dart';
 
 part 'functions_api.dart';

packages/dart_firebase_admin/lib/src/functions/functions_request_handler.dart

@@ -253,11 +253,9 @@ class FunctionsRequestHandler {
       return;
     }
 
-    // Check if running as an extension with ComputeEngine credentials.
-    // ComputeEngine credentials are used when running on GCE/Cloud Run without
-    // a service account JSON file - indicated by credentials without local
-    // service account credentials (i.e., using metadata server).
-    final isComputeEngine = authClient.serviceAccountCredentials == null;
+    // Service credentials via `FirebaseApp.options`.
+    final isComputeEngine =
+        _httpClient.app.options.credential?.serviceAccountCredentials == null;
 
     if (extensionId != null && extensionId.isNotEmpty && isComputeEngine) {
       // Running as extension with ComputeEngine - use ID token with Authorization header.
@@ -276,7 +274,7 @@ class FunctionsRequestHandler {
 
     // Default: Use OIDC token with service account email.
     // Try to get service account email from credential first, then from metadata service.
-    final serviceAccountEmail = await authClient.getServiceAccountEmail;
+    final serviceAccountEmail = await authClient.getServiceAccountEmail();
 
     if (serviceAccountEmail.isEmpty) {
       throw FirebaseFunctionsAdminException(

packages/dart_firebase_admin/pubspec.yaml

@@ -14,7 +14,7 @@ dependencies:
   collection: ^1.18.0
   dart_jsonwebtoken: ^3.0.0
   equatable: ^2.0.7
-  google_cloud: ^0.2.1-beta.1
+  google_cloud: ^0.3.0
   googleapis: ^15.0.0
   googleapis_auth: ^2.1.0-beta.1
   googleapis_beta: ^9.0.0

packages/dart_firebase_admin/test/functions/functions_test.dart

@@ -26,6 +26,7 @@ class FakeBaseRequest extends Fake implements BaseRequest {}
 /// Creates a mock HTTP client that handles OAuth token requests and
 /// optionally Cloud Tasks API requests.
 MockClient createMockHttpClient({
+  String? email,
   String? idToken,
   Response Function(Request)? apiHandler,
 }) {
@@ -60,6 +61,15 @@ MockClient createMockHttpClient({
       );
     }
 
+    // Handle Metadata Server requests for service account email
+    if (request.url.host == 'metadata.google.internal' &&
+        request.url.path.contains('/service-accounts/default/email')) {
+      if (email != null) {
+        return Response(email, 200, headers: {'Metadata-Flavor': 'Google'});
+      }
+      return Response('Not Found', 404);
+    }
+
     // Default response
     return Response('{}', 200);
   });
@@ -75,6 +85,7 @@ Future<auth.AuthClient> createTestAuthClient({
   Response Function(Request)? apiHandler,
 }) async {
   final baseClient = createMockHttpClient(
+    email: email,
     idToken: idToken,
     apiHandler: apiHandler,
   );

packages/googleapis_firestore/lib/src/firestore_http_client.dart

@@ -1,5 +1,6 @@
 import 'dart:async';
 
+import 'package:google_cloud/constants.dart' as google_cloud;
 import 'package:google_cloud/google_cloud.dart' as google_cloud;
 import 'package:googleapis/firestore/v1.dart' as firestore_v1;
 import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;
@@ -45,10 +46,6 @@ class EmulatorClient extends BaseClient implements googleapis_auth.AuthClient {
   googleapis_auth.AccessCredentials get credentials =>
       throw UnimplementedError();
 
-  @override
-  googleapis_auth.ServiceAccountCredentials? get serviceAccountCredentials =>
-      null;
-
   @override
   Future<StreamedResponse> send(BaseRequest request) async {
     final modifiedRequest = _RequestImpl(
@@ -130,7 +127,7 @@ class FirestoreHttpClient {
 
     final env = _settings.environmentOverride;
     if (env != null) {
-      for (final envKey in google_cloud.gcpProjectIdEnvironmentVariables) {
+      for (final envKey in google_cloud.projectIdEnvironmentVariableOptions) {
         final value = env[envKey];
         if (value != null) {
           projectId = value;

packages/googleapis_firestore/pubspec.yaml

@@ -9,7 +9,7 @@ environment:
 
 dependencies:
   collection: ^1.18.0
-  google_cloud: ^0.2.1-beta.1
+  google_cloud: ^0.3.0
   googleapis: ^15.0.0
   googleapis_auth: ^2.0.0
   http: ^1.0.0

packages/googleapis_storage/lib/googleapis_storage.dart

@@ -12,7 +12,6 @@ import 'package:googleapis_auth/auth_io.dart';
 import 'package:googleapis_storage/src/internal/api_error.dart';
 import 'package:googleapis_storage/src/internal/api.dart';
 import 'package:googleapis_storage/src/internal/service.dart';
-import 'package:googleapis_storage/src/utils/auth_extension.dart';
 import 'package:http/http.dart' as http;
 import 'package:intl/intl.dart';
 import 'package:meta/meta.dart';

packages/googleapis_storage/lib/src/file.dart

@@ -1056,7 +1056,7 @@ class BucketFile extends ServiceObject<FileMetadata>
 
     // Get auth client and credentials
     final authClient = await storage.authClient;
-    final clientEmail = await authClient.getServiceAccountEmail;
+    final clientEmail = await authClient.getServiceAccountEmail();
 
     // Build credential string
     final todayISO = _formatDateStamp(now);

packages/googleapis_storage/lib/src/internal/emulator_client.dart

@@ -37,10 +37,6 @@ class EmulatorClient extends BaseClient implements googleapis_auth.AuthClient {
   googleapis_auth.AccessCredentials get credentials =>
       throw UnimplementedError('EmulatorClient does not provide credentials');
 
-  @override
-  googleapis_auth.ServiceAccountCredentials? get serviceAccountCredentials =>
-      null;
-
   @override
   Future<StreamedResponse> send(BaseRequest request) async {
     final modifiedRequest = _RequestImpl(

packages/googleapis_storage/lib/src/signer.dart

@@ -138,7 +138,7 @@ class URLSigner {
       endpoint: config.signedConfig.signingEndpoint?.toString(),
     );
 
-    final clientEmail = await authClient.getServiceAccountEmail;
+    final clientEmail = await authClient.getServiceAccountEmail();
 
     return {
       'GoogleAccessId': clientEmail,
@@ -202,7 +202,7 @@ class URLSigner {
 
     final authClient = await bucket.storage.authClient;
 
-    final clientEmail = await authClient.getServiceAccountEmail;
+    final clientEmail = await authClient.getServiceAccountEmail();
 
     final credentialString = '$clientEmail/$credentialScope';
     final dateISO = _formatAsUTCISO(config.accessibleAt, includeTime: true);

packages/googleapis_storage/pubspec.yaml

@@ -10,7 +10,7 @@ environment:
 dependencies:
   googleapis_auth: ^2.0.0
   googleapis: ^15.0.0
-  google_cloud: ^0.2.0
+  google_cloud: ^0.3.0
   http: ^1.6.0
   meta: ^1.17.0
   mime: ^2.0.0

pubspec.yaml

@@ -8,6 +8,13 @@ dev_dependencies:
   melos: ^7.3.0
   test: ^1.26.3
 
+dependency_overrides:
+  googleapis_auth:
+    git:
+      url: https://github.com/google/googleapis.dart.git
+      ref: drop_signer_class
+      path: googleapis_auth
+
 workspace:
   - packages/dart_firebase_admin
   - packages/googleapis_firestore