Introducing TokenSignError to represent custom token creation errors

firebase_admin/_token_gen.py

@@ -21,13 +21,15 @@
 import requests
 import six
 from google.auth import credentials
-from google.auth import exceptions
 from google.auth import iam
 from google.auth import jwt
 from google.auth import transport
+import google.auth.exceptions
 import google.oauth2.id_token
 import google.oauth2.service_account
 
+from firebase_admin import exceptions
+
 
 # ID token constants
 ID_TOKEN_ISSUER_PREFIX = 'https://securetoken.google.com/'
@@ -53,7 +55,6 @@
 
 # Error codes
 COOKIE_CREATE_ERROR = 'COOKIE_CREATE_ERROR'
-TOKEN_SIGN_ERROR = 'TOKEN_SIGN_ERROR'
 
 
 class ApiCallError(Exception):
@@ -177,9 +178,9 @@ def create_custom_token(self, uid, developer_claims=None):
             payload['claims'] = developer_claims
         try:
             return jwt.encode(signing_provider.signer, payload)
-        except exceptions.TransportError as error:
+        except google.auth.exceptions.TransportError as error:
             msg = 'Failed to sign custom token. {0}'.format(error)
-            raise ApiCallError(TOKEN_SIGN_ERROR, msg, error)
+            raise TokenSignError(msg, error)
 
 
     def create_session_cookie(self, id_token, expires_in):
@@ -339,3 +340,10 @@ def verify(self, token, request):
             certs_url=self.cert_url)
         verified_claims['uid'] = verified_claims['sub']
         return verified_claims
+
+
+class TokenSignError(exceptions.UnknownError):
+    """Unexpected error while signing a Firebase custom token."""
+
+    def __init__(self, message, cause):
+        exceptions.UnknownError.__init__(self, message, cause)

firebase_admin/auth.py

@@ -42,6 +42,7 @@
     'ExportedUserRecord',
     'ImportUserRecord',
     'ListUsersPage',
+    'TokenSignError',
     'UserImportHash',
     'UserImportResult',
     'UserInfo',
@@ -75,6 +76,7 @@
 ListUsersPage = _user_mgt.ListUsersPage
 UserImportHash = _user_import.UserImportHash
 ImportUserRecord = _user_import.ImportUserRecord
+TokenSignError = _token_gen.TokenSignError
 UserImportResult = _user_import.UserImportResult
 UserInfo = _user_mgt.UserInfo
 UserMetadata = _user_mgt.UserMetadata
@@ -115,13 +117,10 @@ def create_custom_token(uid, developer_claims=None, app=None):
 
     Raises:
         ValueError: If input parameters are invalid.
-        AuthError: If an error occurs while creating the token using the remote IAM service.
+        TokenSignError: If an error occurs while signing the token using the remote IAM service.
     """
     token_generator = _get_auth_service(app).token_generator
-    try:
-        return token_generator.create_custom_token(uid, developer_claims)
-    except _token_gen.ApiCallError as error:
-        raise AuthError(error.code, str(error), error.detail)
+    return token_generator.create_custom_token(uid, developer_claims)
 
 
 def verify_id_token(id_token, app=None, check_revoked=False):

tests/test_token_gen.py

@@ -21,8 +21,8 @@
 import time
 
 from google.auth import crypt
-from google.auth import exceptions
 from google.auth import jwt
+import google.auth.exceptions
 import google.oauth2.id_token
 import pytest
 from pytest_localserver import plugin
@@ -31,6 +31,7 @@
 import firebase_admin
 from firebase_admin import auth
 from firebase_admin import credentials
+from firebase_admin import exceptions
 from firebase_admin import _token_gen
 from tests import testutils
 
@@ -219,10 +220,12 @@ def test_sign_with_iam_error(self):
         try:
             iam_resp = '{"error": {"code": 403, "message": "test error"}}'
             _overwrite_iam_request(app, testutils.MockRequest(403, iam_resp))
-            with pytest.raises(auth.AuthError) as excinfo:
+            with pytest.raises(auth.TokenSignError) as excinfo:
                 auth.create_custom_token(MOCK_UID, app=app)
-            assert excinfo.value.code == _token_gen.TOKEN_SIGN_ERROR
-            assert iam_resp in str(excinfo.value)
+            error = excinfo.value
+            assert error.code == exceptions.UNKNOWN
+            assert iam_resp in str(error)
+            assert isinstance(error.cause, google.auth.exceptions.TransportError)
         finally:
             firebase_admin.delete_app(app)
 
@@ -421,7 +424,7 @@ def test_custom_token(self, auth_app):
 
     def test_certificate_request_failure(self, user_mgt_app):
         _overwrite_cert_request(user_mgt_app, testutils.MockRequest(404, 'not found'))
-        with pytest.raises(exceptions.TransportError):
+        with pytest.raises(google.auth.exceptions.TransportError):
             auth.verify_id_token(TEST_ID_TOKEN, app=user_mgt_app)
 
 
@@ -521,7 +524,7 @@ def test_custom_token(self, auth_app):
 
     def test_certificate_request_failure(self, user_mgt_app):
         _overwrite_cert_request(user_mgt_app, testutils.MockRequest(404, 'not found'))
-        with pytest.raises(exceptions.TransportError):
+        with pytest.raises(google.auth.exceptions.TransportError):
             auth.verify_session_cookie(TEST_SESSION_COOKIE, app=user_mgt_app)