func NewClient()

in auth/auth.go [69:168]

• 83 lines of code
• 16 McCabe index (conditional complexity)

func NewClient(ctx context.Context, conf *internal.AuthConfig) (*Client, error) {
	var (
		isEmulator bool
		signer     cryptoSigner
		err        error
	)

	authEmulatorHost := os.Getenv(emulatorHostEnvVar)
	if authEmulatorHost != "" {
		isEmulator = true
		signer = emulatedSigner{}
	}

	if signer == nil {
		creds, _ := transport.Creds(ctx, conf.Opts...)

		// Initialize a signer by following the go/firebase-admin-sign protocol.
		if creds != nil && len(creds.JSON) > 0 {
			// If the SDK was initialized with a service account, use it to sign bytes.
			signer, err = signerFromCreds(creds.JSON)
			if err != nil && err != errNotAServiceAcct {
				return nil, err
			}
		}
	}

	if signer == nil {
		if conf.ServiceAccountID != "" {
			// If the SDK was initialized with a service account email, use it with the IAM service
			// to sign bytes.
			signer, err = newIAMSigner(ctx, conf)
			if err != nil {
				return nil, err
			}
		} else {
			// Use GAE signing capabilities if available. Otherwise, obtain a service account email
			// from the local Metadata service, and fallback to the IAM service.
			signer, err = newCryptoSigner(ctx, conf)
			if err != nil {
				return nil, err
			}
		}
	}

	idTokenVerifier, err := newIDTokenVerifier(ctx, conf.ProjectID)
	if err != nil {
		return nil, err
	}

	cookieVerifier, err := newSessionCookieVerifier(ctx, conf.ProjectID)
	if err != nil {
		return nil, err
	}

	var opts []option.ClientOption
	if isEmulator {
		ts := oauth2.StaticTokenSource(emulatorToken)
		opts = append(opts, option.WithTokenSource(ts))
	} else {
		opts = append(opts, conf.Opts...)
	}

	transport, _, err := transport.NewHTTPClient(ctx, opts...)
	if err != nil {
		return nil, err
	}

	hc := internal.WithDefaultRetryConfig(transport)
	hc.CreateErrFn = handleHTTPError
	hc.Opts = []internal.HTTPOption{
		internal.WithHeader("X-Client-Version", fmt.Sprintf("Go/Admin/%s", conf.Version)),
	}

	baseURL := defaultAuthURL
	if isEmulator {
		baseURL = fmt.Sprintf("http://%s/identitytoolkit.googleapis.com", authEmulatorHost)
	}
	idToolkitV1Endpoint := fmt.Sprintf("%s/v1", baseURL)
	idToolkitV2Beta1Endpoint := fmt.Sprintf("%s/v2beta1", baseURL)
	userManagementEndpoint := idToolkitV1Endpoint
	providerConfigEndpoint := idToolkitV2Beta1Endpoint
	tenantMgtEndpoint := idToolkitV2Beta1Endpoint

	base := &baseClient{
		userManagementEndpoint: userManagementEndpoint,
		providerConfigEndpoint: providerConfigEndpoint,
		tenantMgtEndpoint:      tenantMgtEndpoint,
		projectID:              conf.ProjectID,
		httpClient:             hc,
		idTokenVerifier:        idTokenVerifier,
		cookieVerifier:         cookieVerifier,
		signer:                 signer,
		clock:                  internal.SystemClock,
		isEmulator:             isEmulator,
	}
	return &Client{
		baseClient:    base,
		TenantManager: newTenantManager(hc, conf, base),
	}, nil
}