firebase
diff --git a/‎FirebaseAdmin/FirebaseAdmin.IntegrationTests/FirebaseAuthTest.cs‎
Lines changed: 28 additions & 0 deletions b/‎FirebaseAdmin/FirebaseAdmin.IntegrationTests/FirebaseAuthTest.cs‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseAuthTest.cs‎
Lines changed: 12 additions & 0 deletions b/‎FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseAuthTest.cs‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseUserManagerTest.cs‎
Lines changed: 169 additions & 0 deletions b/‎FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseUserManagerTest.cs‎
Lines changed: 169 additions & 0 deletions
diff --git a/‎FirebaseAdmin/FirebaseAdmin/Auth/FirebaseAuth.cs‎
Lines changed: 41 additions & 0 deletions b/‎FirebaseAdmin/FirebaseAdmin/Auth/FirebaseAuth.cs‎
Lines changed: 41 additions & 0 deletions
@@ -94,6 +94,34 @@ public async Task CreateCustomTokenWithoutServiceAccount()
             }
         }
 
+        [Fact]
+        public async Task SetCustomUserClaims()
+        {
+            var customClaims = new Dictionary<string, object>()
+            {
+                { "admin", true },
+            };
+
+            await FirebaseAuth.DefaultInstance.SetCustomUserClaimsAsync("testuser", customClaims);
+        }
+
+        [Fact]
+        public async Task SetCustomUserClaimsWithEmptyClaims()
+        {
+            var customClaims = new Dictionary<string, object>();
+
+            await FirebaseAuth.DefaultInstance.SetCustomUserClaimsAsync("testuser", customClaims);
+        }
+
+        [Fact]
+        public async Task SetCustomUserClaimsWithWrongUid()
+        {
+            var customClaims = new Dictionary<string, object>();
+
+            await Assert.ThrowsAsync<FirebaseException>(
+                async () => await FirebaseAuth.DefaultInstance.SetCustomUserClaimsAsync("mock-uid", customClaims));
+        }
+
         private static async Task<string> SignInWithCustomTokenAsync(string customToken)
         {
             var rb = new Google.Apis.Requests.RequestBuilder()
 
@@ -141,6 +141,18 @@ await Assert.ThrowsAnyAsync<OperationCanceledException>(
                     idToken, canceller.Token));
         }
 
+        [Fact]
+        public async Task SetCustomUserClaimsNoProjectId()
+        {
+            FirebaseApp.Create(new AppOptions() { Credential = MockCredential });
+            var customClaims = new Dictionary<string, object>()
+            {
+                { "admin", true },
+            };
+            await Assert.ThrowsAsync<ArgumentException>(
+                async () => await FirebaseAuth.DefaultInstance.SetCustomUserClaimsAsync("user1", customClaims));
+        }
+
         public void Dispose()
         {
             FirebaseApp.DeleteAll();
 
@@ -0,0 +1,169 @@
+// Copyright 2019, Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using System.Collections.Generic;
+using System.Net;
+using System.Threading.Tasks;
+using FirebaseAdmin.Tests;
+using Google.Apis.Auth.OAuth2;
+using Xunit;
+
+namespace FirebaseAdmin.Auth.Tests
+{
+    public class FirebaseUserManagerTest
+    {
+        private const string MockProjectId = "project1";
+
+        private static readonly GoogleCredential MockCredential =
+            GoogleCredential.FromAccessToken("test-token");
+
+        [Fact]
+        public void InvalidUidForUserRecord()
+        {
+            Assert.Throws<ArgumentException>(() => new UserRecord(null));
+            Assert.Throws<ArgumentException>(() => new UserRecord(string.Empty));
+            Assert.Throws<ArgumentException>(() => new UserRecord(new string('a', 129)));
+        }
+
+        [Fact]
+        public void ReservedClaims()
+        {
+            foreach (var key in FirebaseTokenFactory.ReservedClaims)
+            {
+                var customClaims = new Dictionary<string, object>()
+                {
+                    { key, "value" },
+                };
+                Assert.Throws<ArgumentException>(() => new UserRecord("user1") { CustomClaims = customClaims });
+            }
+        }
+
+        [Fact]
+        public void EmptyClaims()
+        {
+            var emptyClaims = new Dictionary<string, object>()
+            {
+                    { string.Empty, "value" },
+            };
+            Assert.Throws<ArgumentException>(() => new UserRecord("user1") { CustomClaims = emptyClaims });
+        }
+
+        [Fact]
+        public void TooLargeClaimsPayload()
+        {
+            var customClaims = new Dictionary<string, object>()
+            {
+                { "testClaim", new string('a', 1001) },
+            };
+
+            Assert.Throws<ArgumentException>(() => new UserRecord("user1") { CustomClaims = customClaims });
+        }
+
+        [Fact]
+        public async Task UpdateUser()
+        {
+            var handler = new MockMessageHandler()
+            {
+                Response = new UserRecord("user1"),
+            };
+            var factory = new MockHttpClientFactory(handler);
+            var userManager = new FirebaseUserManager(
+                new FirebaseUserManagerArgs
+                {
+                    Credential = MockCredential,
+                    ProjectId = MockProjectId,
+                    ClientFactory = factory,
+                });
+            var customClaims = new Dictionary<string, object>()
+            {
+                    { "admin", true },
+            };
+
+            await userManager.UpdateUserAsync(new UserRecord("user1") { CustomClaims = customClaims });
+        }
+
+        [Fact]
+        public async Task UpdateUserIncorrectResponseObject()
+        {
+            var handler = new MockMessageHandler()
+            {
+                Response = new object(),
+            };
+            var factory = new MockHttpClientFactory(handler);
+            var userManager = new FirebaseUserManager(
+                new FirebaseUserManagerArgs
+                {
+                    Credential = MockCredential,
+                    ProjectId = MockProjectId,
+                    ClientFactory = factory,
+                });
+            var customClaims = new Dictionary<string, object>()
+            {
+                    { "admin", true },
+            };
+
+            await Assert.ThrowsAsync<FirebaseException>(
+                async () => await userManager.UpdateUserAsync(new UserRecord("user1") { CustomClaims = customClaims }));
+        }
+
+        [Fact]
+        public async Task UpdateUserIncorrectResponseUid()
+        {
+            var handler = new MockMessageHandler()
+            {
+                Response = new UserRecord("testuser"),
+            };
+            var factory = new MockHttpClientFactory(handler);
+            var userManager = new FirebaseUserManager(
+                new FirebaseUserManagerArgs
+                {
+                    Credential = MockCredential,
+                    ProjectId = MockProjectId,
+                    ClientFactory = factory,
+                });
+            var customClaims = new Dictionary<string, object>()
+            {
+                    { "admin", true },
+            };
+
+            await Assert.ThrowsAsync<FirebaseException>(
+                async () => await userManager.UpdateUserAsync(new UserRecord("user1") { CustomClaims = customClaims }));
+        }
+
+        [Fact]
+        public async Task UpdateUserHttpError()
+        {
+            var handler = new MockMessageHandler()
+            {
+                StatusCode = HttpStatusCode.InternalServerError,
+            };
+            var factory = new MockHttpClientFactory(handler);
+            var userManager = new FirebaseUserManager(
+                new FirebaseUserManagerArgs
+                {
+                    Credential = MockCredential,
+                    ProjectId = MockProjectId,
+                    ClientFactory = factory,
+                });
+            var customClaims = new Dictionary<string, object>()
+            {
+                { "admin", true },
+            };
+
+            await Assert.ThrowsAsync<FirebaseException>(
+                async () => await userManager.UpdateUserAsync(new UserRecord("user1") { CustomClaims = customClaims }));
+        }
+    }
+}
@@ -28,6 +28,7 @@ public sealed class FirebaseAuth : IFirebaseService
         private readonly FirebaseApp app;
         private readonly Lazy<FirebaseTokenFactory> tokenFactory;
         private readonly Lazy<FirebaseTokenVerifier> idTokenVerifier;
+        private readonly Lazy<FirebaseUserManager> userManager;
         private readonly object authLock = new object();
         private bool deleted;
 
@@ -38,6 +39,8 @@ private FirebaseAuth(FirebaseApp app)
                 () => FirebaseTokenFactory.Create(this.app), true);
             this.idTokenVerifier = new Lazy<FirebaseTokenVerifier>(
                 () => FirebaseTokenVerifier.CreateIDTokenVerifier(this.app), true);
+            this.userManager = new Lazy<FirebaseUserManager>(() =>
+                FirebaseUserManager.Create(this.app));
         }
 
         /// <summary>
@@ -277,6 +280,39 @@ public async Task<FirebaseToken> VerifyIdTokenAsync(
                 .ConfigureAwait(false);
         }
 
+        /// <summary>
+        /// Sets the specified custom claims on an existing user account. A null claims value
+        /// removes any claims currently set on the user account. The claims should serialize into
+        /// a valid JSON string. The serialized claims must not be larger than 1000 characters.
+        /// </summary>
+        /// <returns>A task that completes when the claims have been set.</returns>
+        /// <exception cref="ArgumentException">If <paramref name="uid"/> is null, empty or longer
+        /// than 128 characters. Or, if the serialized <paramref name="claims"/> is larger than 1000
+        /// characters.</exception>
+        /// <param name="uid">The user ID string for the custom claims will be set. Must not be null
+        /// or longer than 128 characters.
+        /// </param>
+        /// <param name="claims">The claims to be stored on the user account, and made
+        /// available to Firebase security rules. These must be serializable to JSON, and after
+        /// serialization it should not be larger than 1000 characters.</param>
+        public async Task SetCustomUserClaimsAsync(string uid, IReadOnlyDictionary<string, object> claims)
+        {
+            lock (this.authLock)
+            {
+                if (this.deleted)
+                {
+                    throw new InvalidOperationException("Cannot invoke after deleting the app.");
+                }
+            }
+
+            var user = new UserRecord(uid)
+            {
+                CustomClaims = claims,
+            };
+
+            await this.userManager.Value.UpdateUserAsync(user);
+        }
+
         /// <summary>
         /// Deletes this <see cref="FirebaseAuth"/> service instance.
         /// </summary>
@@ -289,6 +325,11 @@ void IFirebaseService.Delete()
                 {
                     this.tokenFactory.Value.Dispose();
                 }
+
+                if (this.userManager.IsValueCreated)
+                {
+                    this.userManager.Value.Dispose();
+                }
             }
         }
     }