add firebase.sign_in_second_factor claim to FirebaseInfo

Fernando Cainelli · Fernando Cainelli · commit 5e3c7a105dfc · 2024-05-16T11:42:36.000+02:00
Signed-off-by: Fernando Cainelli &lt;fernando.cainelli-external@getyourguide.com&gt;
diff --git a/auth/auth.go b/auth/auth.go
@@ -266,9 +266,11 @@ type Token struct {
 //
 // This data is provided by the Firebase Auth service and is a reserved claim in the ID token.
 type FirebaseInfo struct {
-	SignInProvider string                 `json:"sign_in_provider"`
-	Tenant         string                 `json:"tenant"`
-	Identities     map[string]interface{} `json:"identities"`
+	SignInProvider         string                 `json:"sign_in_provider"`
+	Tenant                 string                 `json:"tenant"`
+	Identities             map[string]interface{} `json:"identities"`
+	SignInSecondFactor     string                 `json:"sign_in_second_factor"`
+	SecondFactorIdentifier string                 `json:"second_factor_identifier"`
 }
 
 // baseClient exposes the APIs common to both auth.Client and auth.TenantClient.
diff --git a/auth/auth_test.go b/auth/auth_test.go
@@ -41,6 +41,7 @@ const (
 	testVersion                = "test-version"
 	defaultIDToolkitV1Endpoint = "https://identitytoolkit.googleapis.com/v1"
 	defaultIDToolkitV2Endpoint = "https://identitytoolkit.googleapis.com/v2"
+	secondFactorIdentifier     = "aaaaaaaa-1111-bbbb-2222-cccccccccccc"
 )
 
 var (
@@ -466,6 +467,12 @@ func TestVerifyIDToken(t *testing.T) {
 	if ft.UID != ft.Subject {
 		t.Errorf("UID = %q; Sub = %q; want UID = Sub", ft.UID, ft.Subject)
 	}
+	if ft.Firebase.SignInSecondFactor != "totp" {
+		t.Errorf("SignInSecondFactor = %q; want = %q", ft.Firebase.SignInSecondFactor, "totp")
+	}
+	if ft.Firebase.SecondFactorIdentifier != secondFactorIdentifier {
+		t.Errorf("SecondFactorIdentifier = %q; want = %q", ft.Firebase.SecondFactorIdentifier, secondFactorIdentifier)
+	}
 }
 
 func TestVerifyIDTokenFromTenant(t *testing.T) {
@@ -1362,8 +1369,10 @@ func getIDTokenWithSignerAndKid(signer cryptoSigner, kid string, p mockIDTokenPa
 		"auth_time": testClock.Now().Unix() - 100,
 		"sub":       "1234567890",
 		"firebase": map[string]interface{}{
-			"identities":       map[string]interface{}{},
-			"sign_in_provider": "custom",
+			"identities":               map[string]interface{}{},
+			"sign_in_provider":         "custom",
+			"sign_in_second_factor":    "totp",
+			"second_factor_identifier": secondFactorIdentifier,
 		},
 		"admin": true,
 	}
