in auth/auth.go [195:232]
func (c *baseClient) CustomTokenWithClaims(ctx context.Context, uid string, devClaims map[string]interface{}) (string, error) {
iss, err := c.signer.Email(ctx)
if err != nil {
return "", err
}
if len(uid) == 0 || len(uid) > 128 {
return "", errors.New("uid must be non-empty, and not longer than 128 characters")
}
var disallowed []string
for _, k := range reservedClaims {
if _, contains := devClaims[k]; contains {
disallowed = append(disallowed, k)
}
}
if len(disallowed) == 1 {
return "", fmt.Errorf("developer claim %q is reserved and cannot be specified", disallowed[0])
} else if len(disallowed) > 1 {
return "", fmt.Errorf("developer claims %q are reserved and cannot be specified", strings.Join(disallowed, ", "))
}
now := c.clock.Now().Unix()
info := &jwtInfo{
header: jwtHeader{Algorithm: c.signer.Algorithm(), Type: "JWT"},
payload: &customToken{
Iss: iss,
Sub: iss,
Aud: firebaseAudience,
UID: uid,
Iat: now,
Exp: now + oneHourInSeconds,
TenantID: c.tenantID,
Claims: devClaims,
},
}
return info.Token(ctx, c.signer)
}