From a039e051c9433eb26eafbde5c152fdcb5a4b80d9 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Mon, 10 Feb 2020 11:16:50 -0800
Subject: [PATCH 001/354] fix: Enabled automatic HTTP retries for
 FirebaseProjectManagement (#356)

* Enabled automatic HTTP retries for FirebaseProjectManagement

* Added some test cases

* Added helper function for disabling exponential backoff during tests

* Added util class for simplifying retry tests

* Simplified test cases

* Removed unused method
---
 .../firebase/internal/ApiClientUtils.java     | 18 +++-
 .../FirebaseProjectManagementServiceImpl.java | 25 +++--
 .../firebase/internal/ApiClientUtilsTest.java | 13 +++
 .../firebase/internal/TestApiClientUtils.java | 95 +++++++++++++++++++
 ...ebaseProjectManagementServiceImplTest.java | 59 ++++++++++--
 5 files changed, 191 insertions(+), 19 deletions(-)
 create mode 100644 src/test/java/com/google/firebase/internal/TestApiClientUtils.java

diff --git a/src/main/java/com/google/firebase/internal/ApiClientUtils.java b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
index 7506ff8ee..36ccf5cc8 100644
--- a/src/main/java/com/google/firebase/internal/ApiClientUtils.java
+++ b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
@@ -29,7 +29,7 @@
  */
 public class ApiClientUtils {
 
-  private static final RetryConfig DEFAULT_RETRY_CONFIG = RetryConfig.builder()
+  static final RetryConfig DEFAULT_RETRY_CONFIG = RetryConfig.builder()
       .setMaxRetries(4)
       .setRetryStatusCodes(ImmutableList.of(500, 503))
       .setMaxIntervalMillis(60 * 1000)
@@ -43,9 +43,21 @@ public class ApiClientUtils {
    * @return A new {@code HttpRequestFactory} instance.
    */
   public static HttpRequestFactory newAuthorizedRequestFactory(FirebaseApp app) {
+    return newAuthorizedRequestFactory(app, DEFAULT_RETRY_CONFIG);
+  }
+
+  /**
+   * Creates a new {@code HttpRequestFactory} which provides authorization (OAuth2), timeouts and
+   * automatic retries.
+   *
+   * @param app {@link FirebaseApp} from which to obtain authorization credentials.
+   * @param retryConfig {@link RetryConfig} instance or null to disable retries.
+   * @return A new {@code HttpRequestFactory} instance.
+   */
+  public static HttpRequestFactory newAuthorizedRequestFactory(
+      FirebaseApp app, @Nullable RetryConfig retryConfig) {
     HttpTransport transport = app.getOptions().getHttpTransport();
-    return transport.createRequestFactory(
-        new FirebaseRequestInitializer(app, DEFAULT_RETRY_CONFIG));
+    return transport.createRequestFactory(new FirebaseRequestInitializer(app, retryConfig));
   }
 
   public static HttpRequestFactory newUnauthorizedRequestFactory(FirebaseApp app) {
diff --git a/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java b/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java
index 72c570c6d..8abced696 100644
--- a/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java
+++ b/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java
@@ -18,6 +18,7 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpResponseInterceptor;
 import com.google.api.client.util.Base64;
 import com.google.api.client.util.Key;
@@ -32,8 +33,8 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.ImplFirebaseTrampolines;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.CallableOperation;
-import com.google.firebase.internal.FirebaseRequestInitializer;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
@@ -55,6 +56,7 @@ class FirebaseProjectManagementServiceImpl implements AndroidAppService, IosAppS
   private final FirebaseApp app;
   private final Sleeper sleeper;
   private final Scheduler scheduler;
+  private final HttpRequestFactory requestFactory;
   private final HttpHelper httpHelper;
 
   private final CreateAndroidAppFromAppIdFunction createAndroidAppFromAppIdFunction =
@@ -63,17 +65,26 @@ class FirebaseProjectManagementServiceImpl implements AndroidAppService, IosAppS
       new CreateIosAppFromAppIdFunction();
 
   FirebaseProjectManagementServiceImpl(FirebaseApp app) {
-    this(app, Sleeper.DEFAULT, new FirebaseAppScheduler(app));
+    this(
+        app,
+        Sleeper.DEFAULT,
+        new FirebaseAppScheduler(app),
+        ApiClientUtils.newAuthorizedRequestFactory(app));
   }
 
-  FirebaseProjectManagementServiceImpl(FirebaseApp app, Sleeper sleeper, Scheduler scheduler) {
+  @VisibleForTesting
+  FirebaseProjectManagementServiceImpl(
+      FirebaseApp app, Sleeper sleeper, Scheduler scheduler, HttpRequestFactory requestFactory) {
     this.app = checkNotNull(app);
     this.sleeper = checkNotNull(sleeper);
     this.scheduler = checkNotNull(scheduler);
-    this.httpHelper = new HttpHelper(
-        app.getOptions().getJsonFactory(),
-        app.getOptions().getHttpTransport().createRequestFactory(
-            new FirebaseRequestInitializer(app)));
+    this.requestFactory = checkNotNull(requestFactory);
+    this.httpHelper = new HttpHelper(app.getOptions().getJsonFactory(), requestFactory);
+  }
+
+  @VisibleForTesting
+  HttpRequestFactory getRequestFactory() {
+    return requestFactory;
   }
 
   @VisibleForTesting
diff --git a/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java b/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java
index 78eabaf32..c19f5f567 100644
--- a/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java
+++ b/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java
@@ -69,6 +69,19 @@ public void testAuthorizedHttpClient() throws IOException {
     assertEquals(retryConfig.getRetryStatusCodes(), ImmutableList.of(500, 503));
   }
 
+  @Test
+  public void testAuthorizedHttpClientWithoutRetry() throws IOException {
+    FirebaseApp app = FirebaseApp.initializeApp(TEST_OPTIONS);
+
+    HttpRequestFactory requestFactory = ApiClientUtils.newAuthorizedRequestFactory(app, null);
+
+    assertTrue(requestFactory.getInitializer() instanceof FirebaseRequestInitializer);
+    HttpRequest request = requestFactory.buildGetRequest(TEST_URL);
+    assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
+    HttpUnsuccessfulResponseHandler retryHandler = request.getUnsuccessfulResponseHandler();
+    assertFalse(retryHandler instanceof RetryHandlerDecorator);
+  }
+
   @Test
   public void testUnauthorizedHttpClient() throws IOException {
     FirebaseApp app = FirebaseApp.initializeApp(TEST_OPTIONS);
diff --git a/src/test/java/com/google/firebase/internal/TestApiClientUtils.java b/src/test/java/com/google/firebase/internal/TestApiClientUtils.java
new file mode 100644
index 000000000..9f4bc2d09
--- /dev/null
+++ b/src/test/java/com/google/firebase/internal/TestApiClientUtils.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import static com.google.firebase.internal.ApiClientUtils.DEFAULT_RETRY_CONFIG;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.HttpUnsuccessfulResponseHandler;
+import com.google.api.client.testing.util.MockSleeper;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.internal.RetryInitializer.RetryHandlerDecorator;
+import java.io.IOException;
+
+public class TestApiClientUtils {
+
+  private static final RetryConfig TEST_RETRY_CONFIG = RetryConfig.builder()
+      .setMaxRetries(DEFAULT_RETRY_CONFIG.getMaxRetries())
+      .setRetryStatusCodes(DEFAULT_RETRY_CONFIG.getRetryStatusCodes())
+      .setMaxIntervalMillis(DEFAULT_RETRY_CONFIG.getMaxIntervalMillis())
+      .setSleeper(new MockSleeper())
+      .build();
+
+  private static final GenericUrl TEST_URL = new GenericUrl("https://firebase.google.com");
+
+  /**
+   * Creates a new {@code HttpRequestFactory} which provides authorization (OAuth2), timeouts and
+   * automatic retries. Bypasses exponential backoff between consecutive retries for faster
+   * execution during tests.
+   *
+   * @param app {@link FirebaseApp} from which to obtain authorization credentials.
+   * @return A new {@code HttpRequestFactory} instance.
+   */
+  public static HttpRequestFactory delayBypassedRequestFactory(FirebaseApp app) {
+    return ApiClientUtils.newAuthorizedRequestFactory(app, TEST_RETRY_CONFIG);
+  }
+
+  /**
+   * Creates a new {@code HttpRequestFactory} which provides authorization (OAuth2), timeouts but
+   * no retries.
+   *
+   * @param app {@link FirebaseApp} from which to obtain authorization credentials.
+   * @return A new {@code HttpRequestFactory} instance.
+   */
+  public static HttpRequestFactory retryDisabledRequestFactory(FirebaseApp app) {
+    return ApiClientUtils.newAuthorizedRequestFactory(app, null);
+  }
+
+  /**
+   * Checks whther the given HttpRequestFactory has been configured for authorization and
+   * automatic retries.
+   *
+   * @param requestFactory The HttpRequestFactory to check.
+   */
+  public static void assertAuthAndRetrySupport(HttpRequestFactory requestFactory) {
+    assertTrue(requestFactory.getInitializer() instanceof FirebaseRequestInitializer);
+    HttpRequest request;
+    try {
+      request = requestFactory.buildGetRequest(TEST_URL);
+    } catch (IOException e) {
+      throw new RuntimeException("Failed to initialize request", e);
+    }
+
+    // Verify authorization
+    assertTrue(request.getHeaders().getAuthorization().startsWith("Bearer "));
+
+    // Verify retry support
+    HttpUnsuccessfulResponseHandler retryHandler = request.getUnsuccessfulResponseHandler();
+    assertTrue(retryHandler instanceof RetryHandlerDecorator);
+    RetryConfig retryConfig = ((RetryHandlerDecorator) retryHandler).getRetryHandler()
+        .getRetryConfig();
+    assertEquals(DEFAULT_RETRY_CONFIG.getMaxRetries(), retryConfig.getMaxRetries());
+    assertEquals(DEFAULT_RETRY_CONFIG.getMaxIntervalMillis(), retryConfig.getMaxIntervalMillis());
+    assertFalse(retryConfig.isRetryOnIOExceptions());
+    assertEquals(DEFAULT_RETRY_CONFIG.getRetryStatusCodes(), retryConfig.getRetryStatusCodes());
+  }
+}
diff --git a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
index a2fe8728d..87afe609c 100644
--- a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
+++ b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
@@ -29,6 +29,7 @@
 
 import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpResponse;
 import com.google.api.client.http.HttpResponseInterceptor;
 import com.google.api.client.json.JsonParser;
@@ -43,6 +44,7 @@
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.TestApiClientUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -370,7 +372,7 @@ public void listIosAppsAsyncMultiplePages() throws Exception {
     MockLowLevelHttpResponse secondRpcResponse = new MockLowLevelHttpResponse();
     secondRpcResponse.setContent(LIST_IOS_APPS_PAGE_2_RESPONSE);
     serviceImpl = initServiceImpl(
-        ImmutableList.<MockLowLevelHttpResponse>of(firstRpcResponse, secondRpcResponse),
+        ImmutableList.of(firstRpcResponse, secondRpcResponse),
         interceptor);
 
     List<IosApp> iosAppList = serviceImpl.listIosAppsAsync(PROJECT_ID).get();
@@ -400,7 +402,7 @@ public void createIosApp() throws Exception {
     MockLowLevelHttpResponse thirdRpcResponse = new MockLowLevelHttpResponse();
     thirdRpcResponse.setContent(CREATE_IOS_GET_OPERATION_ATTEMPT_2_RESPONSE);
     serviceImpl = initServiceImpl(
-        ImmutableList.<MockLowLevelHttpResponse>of(
+        ImmutableList.of(
             firstRpcResponse, secondRpcResponse, thirdRpcResponse),
         interceptor);
 
@@ -624,7 +626,7 @@ public void listAndroidAppsMultiplePages() throws Exception {
     MockLowLevelHttpResponse secondRpcResponse = new MockLowLevelHttpResponse();
     secondRpcResponse.setContent(LIST_ANDROID_APPS_PAGE_2_RESPONSE);
     serviceImpl = initServiceImpl(
-        ImmutableList.<MockLowLevelHttpResponse>of(firstRpcResponse, secondRpcResponse),
+        ImmutableList.of(firstRpcResponse, secondRpcResponse),
         interceptor);
 
     List<AndroidApp> androidAppList = serviceImpl.listAndroidApps(PROJECT_ID);
@@ -652,7 +654,7 @@ public void listAndroidAppsAsyncMultiplePages() throws Exception {
     MockLowLevelHttpResponse secondRpcResponse = new MockLowLevelHttpResponse();
     secondRpcResponse.setContent(LIST_ANDROID_APPS_PAGE_2_RESPONSE);
     serviceImpl = initServiceImpl(
-        ImmutableList.<MockLowLevelHttpResponse>of(firstRpcResponse, secondRpcResponse),
+        ImmutableList.of(firstRpcResponse, secondRpcResponse),
         interceptor);
 
     List<AndroidApp> androidAppList = serviceImpl.listAndroidAppsAsync(PROJECT_ID).get();
@@ -682,7 +684,7 @@ public void createAndroidApp() throws Exception {
     MockLowLevelHttpResponse thirdRpcResponse = new MockLowLevelHttpResponse();
     thirdRpcResponse.setContent(CREATE_ANDROID_GET_OPERATION_ATTEMPT_2_RESPONSE);
     serviceImpl = initServiceImpl(
-        ImmutableList.<MockLowLevelHttpResponse>of(
+        ImmutableList.of(
             firstRpcResponse, secondRpcResponse, thirdRpcResponse),
         interceptor);
 
@@ -714,7 +716,7 @@ public void createAndroidAppAsync() throws Exception {
     MockLowLevelHttpResponse thirdRpcResponse = new MockLowLevelHttpResponse();
     thirdRpcResponse.setContent(CREATE_ANDROID_GET_OPERATION_ATTEMPT_2_RESPONSE);
     serviceImpl = initServiceImpl(
-        ImmutableList.<MockLowLevelHttpResponse>of(
+        ImmutableList.of(
             firstRpcResponse, secondRpcResponse, thirdRpcResponse),
         interceptor);
 
@@ -915,10 +917,48 @@ public void deleteShaCertificateAsync() throws Exception {
     checkRequestHeader(expectedUrl, HttpMethod.DELETE);
   }
 
+  @Test
+  public void testAuthAndRetriesSupport() {
+    FirebaseOptions options = new FirebaseOptions.Builder()
+        .setCredentials(new MockGoogleCredentials("test-token"))
+        .setProjectId(PROJECT_ID)
+        .build();
+    FirebaseApp app = FirebaseApp.initializeApp(options);
+
+    FirebaseProjectManagementServiceImpl serviceImpl =
+        new FirebaseProjectManagementServiceImpl(app);
+
+    TestApiClientUtils.assertAuthAndRetrySupport(serviceImpl.getRequestFactory());
+  }
+
+  @Test
+  public void testHttpRetries() throws Exception {
+    List<MockLowLevelHttpResponse> mockResponses = ImmutableList.of(
+        firstRpcResponse.setStatusCode(503).setContent("{}"),
+        new MockLowLevelHttpResponse().setContent("{}"));
+    MockHttpTransport transport = new MultiRequestMockHttpTransport(mockResponses);
+    FirebaseOptions options = new FirebaseOptions.Builder()
+        .setCredentials(new MockGoogleCredentials("test-token"))
+        .setProjectId(PROJECT_ID)
+        .setHttpTransport(transport)
+        .build();
+    FirebaseApp app = FirebaseApp.initializeApp(options);
+    HttpRequestFactory requestFactory = TestApiClientUtils.delayBypassedRequestFactory(app);
+    FirebaseProjectManagementServiceImpl serviceImpl = new FirebaseProjectManagementServiceImpl(
+        app, new MockSleeper(), new MockScheduler(), requestFactory);
+    serviceImpl.setInterceptor(interceptor);
+
+    serviceImpl.deleteShaCertificate(SHA1_RESOURCE_NAME);
+
+    String expectedUrl = String.format(
+        "%s/v1beta1/%s", FIREBASE_PROJECT_MANAGEMENT_URL, SHA1_RESOURCE_NAME);
+    checkRequestHeader(expectedUrl, HttpMethod.DELETE);
+  }
+
   private static FirebaseProjectManagementServiceImpl initServiceImpl(
       MockLowLevelHttpResponse mockResponse,
       MultiRequestTestResponseInterceptor interceptor) {
-    return initServiceImpl(ImmutableList.<MockLowLevelHttpResponse>of(mockResponse), interceptor);
+    return initServiceImpl(ImmutableList.of(mockResponse), interceptor);
   }
 
   private static FirebaseProjectManagementServiceImpl initServiceImpl(
@@ -931,8 +971,9 @@ private static FirebaseProjectManagementServiceImpl initServiceImpl(
         .setHttpTransport(transport)
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);
-    FirebaseProjectManagementServiceImpl serviceImpl =
-        new FirebaseProjectManagementServiceImpl(app, new MockSleeper(), new MockScheduler());
+    HttpRequestFactory requestFactory = TestApiClientUtils.retryDisabledRequestFactory(app);
+    FirebaseProjectManagementServiceImpl serviceImpl = new FirebaseProjectManagementServiceImpl(
+        app, new MockSleeper(), new MockScheduler(), requestFactory);
     serviceImpl.setInterceptor(interceptor);
     return serviceImpl;
   }

From c9648cfb5a1d6d789ffd2535331677bd6c6502b1 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Tue, 11 Feb 2020 14:23:02 -0500
Subject: [PATCH 002/354] Staged Release 6.12.2 (#364)

* [maven-release-plugin] prepare release v6.12.2

* [maven-release-plugin] prepare for next development iteration
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e82439e48..665edc8a6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>6.12.2-SNAPSHOT</version>
+    <version>6.12.3-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From c40a69d04c73e158a0ea1e75b1ea7400c3544c92 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Tue, 18 Feb 2020 10:11:27 -0800
Subject: [PATCH 003/354] chore: Implementing GitHub Actions release workflow
 (#363)

* Adding release workflow preliminaries

* Fixed a syntax error

* Uploading only the jar artifacts

* Enabling integration tests

* Using Maven lifecycle more effectively

* Fixing indentation

* Maven deployment configuration

* Point the send tweet action to master

* Setting all publish config as env variables

* Fixed typo in tweet
---
 .github/resources/firebase.asc.gpg            | Bin 0 -> 4056 bytes
 .../resources/integ-service-account.json.gpg  | Bin 0 -> 1734 bytes
 .github/resources/settings.xml                |  29 ++++
 .github/scripts/generate_changelog.sh         |  79 ++++++++++
 .github/scripts/package_artifacts.sh          |  36 +++++
 .github/scripts/publish_artifacts.sh          |  35 +++++
 .github/scripts/publish_preflight_check.sh    | 146 ++++++++++++++++++
 .github/workflows/ci.yml                      |  24 ++-
 .github/workflows/release.yml                 | 129 ++++++++++++++++
 pom.xml                                       | 119 +++++++-------
 10 files changed, 532 insertions(+), 65 deletions(-)
 create mode 100644 .github/resources/firebase.asc.gpg
 create mode 100644 .github/resources/integ-service-account.json.gpg
 create mode 100644 .github/resources/settings.xml
 create mode 100755 .github/scripts/generate_changelog.sh
 create mode 100755 .github/scripts/package_artifacts.sh
 create mode 100755 .github/scripts/publish_artifacts.sh
 create mode 100755 .github/scripts/publish_preflight_check.sh
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/resources/firebase.asc.gpg b/.github/resources/firebase.asc.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..a946776c7fd1498a0399836a94785dc8fd5293ed
GIT binary patch
literal 4056
zcmV;}4=3=94Fm}T0y&=z%W?c1O8?U90o%rSLxzz3Cs`6<0^{*c`lR7N#ikp)!>DCQ
z2so>P8Xz5P`%krULZ%hwWtW!=gEFCn@5ZoJkLvVsjQj?_gTijiyjQd;s;+?fEMEIl
zCW_+-tHe1(pA!HtoTeq|lxrM{iU@)90o<HD=-I)pT67s<s2K(^3<``qEt@AA9<@-O
zQ<O2&1We@c+t)82*!d!1*8s~ch}ZP&^Ri|X^$7IVS~mc+rZ0JUz+iL$@kF43sP$<u
z1Xkv+9e%m;9JhU!85tRW(omv79du>ap)GEIqUB-CIKkMVwgc7A5iMm|VXlX9c;YSx
z3RIqP!LqF6ofr8ell_En&(EMvLLs1qA4|f=kV=jbPQ76z_u0iIsBI(<Hid1$y~d8|
z4;-4#7BE|xwS2{X*(Xt_?fyyBkgD7rOE(a0cUrFv@Hz9UZ?;3qxX*?a*^hw`^u$gq
zI3tJ^(A-HU%o7wVk!w$}d4(R69<qH%AeTW_>(a|_S(VY-`*o&I+#7og2mvd1bVY^0
zA*7F*e;zlI^~iUzzhHPPLG^UG8LnIYHnC=D_HwMyZ8+%J>EEXHy*$CCin!zIgn)r&
zeHOTG)WpHuyy3PDf7ogl1~I`lrUe)%qVtb$eDdDeZ@A8iku6Tjet@7P)bfU7#guou
zNb?bve9@1LDToX%)Ev253ot{ZD&&1G#`Y`jLmP#YO>Q=2tLod!NV>DwuooOnEEYwd
z%wu*~D`sKW5)K2S;}>U+y_=@mAnxRQ6opOoWzm#mRSppcyD!tUjZM|;Px{@dP<av-
zvlvH#_fh!lz61@JuEvQk9?Ee=T0<h*VDQQK6ZH=X^}LC0pj#|CWY;?0xvok2A<m!I
zT+zF(IR7oY8jPqmKdp8rdwq9olq6$}^!`E9qAW*P8d56NDak~*6^*W7#2bkq2wXw>
zBG{0!Sh6P!W{N>7`Iv7y{~m4XVvzfBP=^b<7s5>mK*)n!RHgfXGw_f31aJ&4N^sd}
zKi}q$0l3trF9<yow)@YbwQ=~A9W_YajS>dJx;9_Px#Vj?A_#0mF_z0|j*R$(DO7Xr
zZpNqdnM~+ZY>e@$;S(kIV-V^a@J8BL)H&)4@&9HzfXT=Il+j@CSI@?zoDiESCgN>^
z#pHteO6U&MCvWmwSq8|;RRUvm<3^0BE|>K0i~@WuuaYpOz&I*9xh8}|@dg%V&CF|L
zjFb)OOOe8-KaVW=c#S`Ss}RlrOZ?#O*e$Zfq;e%ryTPGShAnu~lCvuHZMrihx7xlx
zOldQSRd0@j9j--aCzT7^QKEl=V$5g~I@@Wwp>jI<q?bR-Ff#pYKul4B%sBbroWYN+
zgHt%WDA_JsP<9uB<A3cN>3>!f7QuG#g>wSdkhT2p?%dzVVg5laj~V|<v2hP7((Zq3
zRBSLT!XIq)>q>A|JFUL}b98ib12!uE-b?Bau8(pUW}a91l>SVGGx;XOV)6025jq&C
z=twVclr4(}0I?N&^aaVxtCBQCR))pC@EqriFb%+<vx!&!zf9sxCWx<DYN(Om#bE%E
z4sK;}9`LMqH$A?k{bYcXd&!##?TjUVUnIIISy$8AyYf7eYJKejIbV1Uz`NJ-F%^h<
zdKI)02g}4QH~*E$lE6Dg6vPk~dbW#{kRAs_T*A~)o<YwN)>-DI5CrhP_PhAa9Y7<X
z4$&0xL&E0C{uz8AN)N(99VKVN)(TONHuS5?ZB845BCn0kk0@D+EBpH12qAJ*>I)@w
zAM_59o0Qvqd3}Z+V6=o`M><gX02pbj3LPB=rAqd6^1XezZWlSVvga&?tJ5X{({CUm
zBlrg@R~hAk?wWov&86Ce+-GbUDb5sGCHcYqn~wqJ-s_G+<c0{N`Dt>WWVXE+&!?nF
zLvnv8yA!_8okUw9?3-ONUs2IYTt}$V2|G^fgO<<RyUz+Bbj=?{UL^C&jZ5)3pw7VQ
zddmi1jNLqZ1_Byg!g0Vj-uEXwHkGw8q^OU<BRip&4G=`{W-ngca>7OMVu!PXI9%Et
z5s1`~8iy6(0=AAfa8|uITcKp490(SSVaum>4=Jh>ronEnW>OrY9<dMC!QhyDw1@p2
zP!|i3_9$Is_s1raUb+s2<4UoVet3tHP?wIU4z8eo)YXh7kou>wJ!mAe9Nte2*on?U
zT?a*nuNb5(!8XBRAX&Flbv`2-6JPU)+QZd~>Y47db7Jx#eK<&zabmE98=cxKS(4eH
z`~LxwSvU7Ve(gS#jSZH>(QfE86u7?#JTl6+$H~qAfD&Azhw=VtmZGh1f}l5yRriKO
zX3M|cmHms6?b7brMTiPh)v#(~tj$p{+VI59Ahkf0I%tVP+Xj?1R=dnULjCiSmB;Cc
zzX@;6nt{_4HjG2s=ocb|Z(~geFdCvH!qGK3{H6$Tt;%08lj+{Xb`OMw=DGkjlV{h_
zx9iiwLi3&5l>!iJ$*7<_?7dQnf`W4u`o2_78XQrmKSF^Z!L(q$2Cx*)8^bN}x$4h2
zPc!gA|Ee6=3VN*$WfOlPn2oiNcVVv4l}{Lag$6_g#i{+wc3b{JPE})$0Ls`Ly8NKx
zaLzE8Ox77z1_sYV%zeTx%^~OcbNhtxQXGc!?+7{iV6Y1^7Gz;g&;d;w>0lgUe22E~
zroyyWSlW?m69<CuQ5vl%cd|#?V#6@?8&!ERfdGmU67%YBBbl74Gc__!>Sv_H8w6(}
z+xj5L1e3|mf@0}hxL)4wM&~%rV~a8p(g*_onDrC7%H3ckPbodKsE&y}hUW^iPB0YS
zKQVl&_8p>?Iz|#3+QB^u4(nN<>I+5Os+4wTYOmAEP0i5wS%O$RFCHYuBN(C%R6Hs;
zOe)l~$Ku1MN0fcI8&0cra9jplsOyUl3?+lOylU)YyUv8f2az|~#pXg{P<%~TSPV&%
zyM^15lsNqI$ClcwXIjr;vmG5Alzg23T>^XwXFP=lXA|xipmA^L=c_Yb5tug$9cuS$
z25^~Q8azMB>oq7o#U-|4SIq)>HQp2Iy!uc>s#*_X71mG*Qm32k%8h<9w0}0LhcGd3
zxYyQGK+!}J1_V$Y>EobOVhcOY!xcBR5CA}j2WC-@<=w9j)-`uUaj#DLF!_HznM#Lz
zY%1K9k61k8JS!~W!OCJ@!r+fds8CMcc^4<Fy!MtippC^cwGJKgPUwebt37YEl@3yt
zKm%#ZJ3IID8)r?C@=$VTjkNGJFAF{v)mL>VVHOp*umI1e0un{e<o);+>=lkW@<U+y
zIJwkG3iEXrSgZR{zxQDdwIp6uLGz+%+CyIaqS1wq#r6nU_1BZAdzq9~a%M6flU&31
zt$_J__Envg(nj!kR0UpFBn~u^Iy`}_lwUDO3U=Q1f(<OPZ+s2t*-8dYH#+@|yvH?;
z>3-8A6{H$63bSEi^yFI;=q3{WtI|mI_}hmX5=8hD3!XCA4jA)ty$VeRhT!cfcTUV+
zK3XpIA(E-?V%<@jAurSB3lw2Ip%BO>p|Tu2=1Eez7S{=0wQmt8Yv{KmyNz(#8^qlq
zW7rZ}3i8jb5eukdrQv0!PQOc<XQ;;E5;FBN;F7cCsa~MKs7!L3NSNV;$ts|CyeTFy
zNyh+D;o^aUMaTzVkm@fH{c(>Ohev=~y-T+%1Mv+VJr2tJ7Mu$PMenudb8iF(prngJ
zIEuBG;~hkP?>IDcTO@3vUC#;HCv$Sv!VdM#5&0>P-v&(K2e2Hzx{K*a><Hn^uDRjm
zdGLy)LkZof+N?ZJWW2?u9bi`Zp)6O;@)-*P0)^Tez-uOr^+H);XX%}35gYI+5pqD4
zf~)L?=cnKB>fXmcR1wqe3Z8{5+CFGDx5l!PvCe#wMNn%eApGB0;`?EY{JZHY`28~L
zB=22wfOTv01{hJNXn8(G!PWNTuNq|dB)6xI$2^`NHro7vTmPmbFM<^KefX_TSPTg;
zl*h&qo-dZ+$%a5yUNi+tbm(|zu={)Do3<1A4CNiurj6(It`Frh*sGKl=1UQN^^E^I
z9FAjNimgI(YM*F+B6aANlQ&8Z9gXhok+j^{6zSo(cN8!i{KS9X+s{!r#x^7@kbth)
z$+b5ul8vGL{J!_#OB^uHd&4K3dBk7rB~J$)fo;OFm%@aVAGE(ZPCZ1PrH(KtMo1~t
z+Y9X5?o;j~Z5MN=C*A$7-a(UHc|fPyuFh^e!{~wJAJ9AzO;jj^hX#tL2Y@Me2++(m
z){lC!<vJYX`(-8a-h}!$E*O|GEJeNXSX!L%(L^*E972p8GFMBGNwfgLba^oH8=NY}
z5>c;^egc?B^a)Fla4><DdWZt|oQa%=@>M3YTZ#5b=&OciVJCQDF<<d^TbOAUta#Uo
z>h~nMeWb9n*u6nmnT!UW{+K-Fpba>kTBsChG!vmLMk7CNGIo3=d-`YOBWZ@wT1{K^
zD0*+k1^Uy=_fL1&o()tA>K3E944{K;J8f6c=M9sXM?|H>?rUP&o0@7=QYB5|+Q{s^
zu4p?+s8d$@zcO6->L*;nG<JOsL7FPv&VvCG<+u(Q-<36poZ+3T9l>JXL_Y3Sv^_yF
z=G;x4p%gDB0zUvhxk#G?iGD8Yk5dy6yGI5VlHX&d@l4ebjr;x8?iHtp&U%4@ZLjf~
zt%J+l3NK6v&&7VEwTV&Ely+pvh~5-Cs&qAo&5S*YA8?Jj?X}*PKE{0@b!=_Sg2^Ux
zY{w0(nR)c$p3~SsxwI^&uCV}%z7oL$+ciBkJZ5aR0UA%cw-&;vy$|~_jFK`EQwP+(
z4KwsI@xrjC-9h$FmJg-36Om%AG}fRW`H*+hfb)XOloW1Z3L7f{<Qjc*TsTW*d!C4C
zwMzz*W$_6VT-nP?M07h&9XO6*ZZ%FD@PI!M4_h~xi4@Cmw<{3GlsM5@HUTSFlO!Eg
z<5R1$OX6d}T6Eo)0TMU9TuNy1ChLGa(u9=-%!>ub%JdpIJUgPA-bq6BG|q_Fs-h;T
z>yD<eO?mQVA!d@BKnO$aC5&~2V|lRAEXg#Px0n@!j4l_L&he}#YQu8sH|h-NIa8u(
zi7Rx`&Re(s+?L3nAXdzc55;~#0wA$M|DbVICrXJ|g_u!Wp_`_JpB`}{5u~Nx1beCI
zfZNhgtB_B}2eQ8{2h#vq0)X<_pu>bjZIOs91!|4^+n`~dYA4JH+1LBHCNjabPA+o&
z9XgjmGBm>#@WC!hDn9~uqaId;^A`Ny^~BNK8nF713ReS%2Grj5^oShCV@jF}dL?^s
z*gf`7^qQ2G6bNwg(Sz&<p>z4r*r|VPWM6hN{&7xv$RQO}Zn7RnRZ!)V9sRB$hC;}*
KX);zY-!1|?!O3F)

literal 0
HcmV?d00001

diff --git a/.github/resources/integ-service-account.json.gpg b/.github/resources/integ-service-account.json.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..da547f44dff331d7c4b1e454ca1a230aef03622c
GIT binary patch
literal 1734
zcmV;%208hR4Fm}T0_WqJMLyD96#vrd0kSseMv-_5+A>|dXkh)Lxg1WlZ_;HhFTh#x
zDXB$vd955)y_i6fJ)Oj)aBCs+sb^rD8ckG^9BEnrFn(oz#yfzS@$+cn3lx!+B3v>8
z+oZYA$+d_~HR_?8Y|47V&47`mfrj&cS28OWOy@;W6RABVdPnTBDiQppT7W_J!vZ~k
zJU+n4wlc$u!0!vj)k)conSKAdiLj5M4~3gTnMvFiA3OAaxG9$-Fi4Hz8zrK}UW+wP
zy2KkBMs*nJt{;S3op3>^&flbtsElr~I!hsD^U2aEDCp+ScE}*!0)iJIYxI~0rz0!!
z$*UJ{b*NbH9yB>mQVu(OxgZzVjskCoA1LLO)@Ob*I`%xmx3pY(UfU8<8kU$joj5L4
zATtgXL$nQ}etB%PN4yHDL~%HN5EDvD5vvXO-mjxu`Jw^zi}3M^AJM(=3}3DOf8t`1
zj@}P~D3y#8&Z~?x@1we($j}oT5e)y|907FiLk@uC)}}$TRV@Z^%|3?~AHf{N=JdS&
zmAz<v&TLF^P{Sp511{sZ)&69P=W))D!K^a-=w=bz7uPowT6IF=tU21rwxA6L#dHq}
z!01292~?;YwSmGn^gef#dc?|P$sGIgw>u?{0*volC=e78`s^b_7LW?R+;1;+(&V((
zT*de9#KZNX^&6OE$fSpA*AbRQ@qfp9pz}Jz&>w6bXOw_#xf2&v-L&Phl|oHWm@D3}
zOys2V$RMQlp$0{v*s34|sV=iP;x;zP=5RpwWJqnMP&QI7t)^63FDPCOen|MjFf6Fy
zbH8(4!{wkLz8MP^38`HGosmm`E%%?rxE~2g)rNC_O(^3S*C5=3vYzG?3+y!oJ{s{1
zzUNA>f{FX&_8Zr~`3Aw+iI_(l<`oeGJGikkiq2sFOWR;=B!0NQRSX2%#^zb?1Vrn0
zUAk&@PC~v?RWOgIT?*LH&uK#GKtFXuFkP#zy6ByVhMXCsN=h$QNcx6Fab!8QW6Ur&
zu}^KvHWAtV9#3G<hU^>kF0lWTE~;FldqZH>&o2Z%KX~iA^p+fyiGvth=T-)<@CAc*
z?GOwo%qlyt!74iU48M9XWmg)7k`fK)b}RNsiVo+UFE1g{y{tK^E0QF7xiW`>{iE_L
z2e)`aCjrF4vaJ(AvkPqelNNjHn&uE@P7P07O+*CceK`8`Ej^O>;!(i7HaCaidZ~kj
z$!=OMn@HL1CK6=ew?$<qWWAuj)nX*h^JP=%j>zQygRGVm+>k2DR7{CKke27evSnGj
z1<tt|+S%y*#HvT~Axm-_X6T4-a>DV~gv?jynB1yH$8kV3HDk^T{2PYCrSXN1{hh09
z;l&(GhZ7|l=@6E5%7=<t9Rq~9#|Uhb@)NZq-I`d=HBI&G#fV3-$<eL$PdpNNm;)xB
z7-l56V*J2STQOKrU#;^gKpromLVyvUeV*j@1`{r-3%*VvyPL=^z(e?|#Mi{yv8%Nf
zxT#EbEp3Iq9u@J?#ZS|inVmFHVkGv8>&;~1HUa3Edum39CeKllCDf5<iJRd-7DqpJ
z*K1d8XrH!uMA-wC=yK6rij(!cCO5Xkz>wr&+x@&+?!$Me2rKSZQ|DnUwYV~xd6kbA
z^fr&FN-_FU?HQ=YD~>e6<GP5E{X7M$kjf^!A^=T3agxw5y!IqI`8hXCNJI$ZUJ}DL
z-msVu2UX+J$^=|eEc)lSM)-<W_alD;%;K0Dt#hUE0)R@s*t^q`Y5x?Rj^mL)<IK-o
z&1U+vSf~<vB4{^Ck=4p3uX~S$oMM*-@cHzm$$AJy@gDaBMfgE3%F~;=;}+M8h$7q3
zr9K*(>BR*{U((QLQmN58HK)d%N*5aF<rYi1=+3+SErOTiJ?%!EgBG4P=fu5U5i|@;
z+3NFK;nbmd*tRABX6jW+7^e-eqC>TL7;s!iBET0tq(c}0dVe8m%YTz{Xp6^}&9rC_
zFW>egRI>>@J|qb&;qSrsBP~vN2r{|}xny7Ft7$IqnF5kN{Ynzk**xBl6FNa!ASKZr
zjkC^DnaK9M?q75@{PckJ6UMReK^Nr?iNe=Y6Rz(Imio@B{ax^h!#Hx-I^eU|&f@Sk
zeh`^4eBkBo*Y~t$e?2{Lb0)LXxo?T=3jk#6n!+oCl3nSeNpa@uI5Oj<LW(Kbwq1>P
zK#5K-d&uK-Mex4OqRTzG{P7!FF<?n=N42}0t{GTka7B6Cc7$I0Wz#<nSHlr!CajTz
c)4VZY*mj;r+l$@-e)s@UP5vwxAcnw&Vw3J-c>n+a

literal 0
HcmV?d00001

diff --git a/.github/resources/settings.xml b/.github/resources/settings.xml
new file mode 100644
index 000000000..708bbcb75
--- /dev/null
+++ b/.github/resources/settings.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
+
+  <interactiveMode>false</interactiveMode>
+
+  <servers>
+    <server>
+      <id>ossrh</id>
+      <username>${env.NEXUS_OSSRH_USERNAME}</username>
+      <password>${env.NEXUS_OSSRH_PASSWORD}</password>
+    </server>
+  </servers>
+
+  <profiles>
+    <profile>
+      <id>release</id>
+      <activation>
+        <activeByDefault>true</activeByDefault>
+      </activation>
+      <properties>
+        <gpg.executable>gpg</gpg.executable>
+        <gpg.keyname>B652FFD3865AF7A75830876F5F55C8F6985BB9DD</gpg.keyname>
+        <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
+      </properties>
+    </profile>
+  </profiles>
+</settings>
diff --git a/.github/scripts/generate_changelog.sh b/.github/scripts/generate_changelog.sh
new file mode 100755
index 000000000..e393f40e4
--- /dev/null
+++ b/.github/scripts/generate_changelog.sh
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+set -u
+
+function printChangelog() {
+  local TITLE=$1
+  shift
+  # Skip the sentinel value.
+  local ENTRIES=("${@:2}")
+  if [ ${#ENTRIES[@]} -ne 0 ]; then
+    echo "### ${TITLE}"
+    echo ""
+    for ((i = 0; i < ${#ENTRIES[@]}; i++))
+    do
+        echo "* ${ENTRIES[$i]}"
+    done
+    echo ""
+  fi
+}
+
+if [[ -z "${GITHUB_SHA}" ]]; then
+  GITHUB_SHA="HEAD"
+fi
+
+LAST_TAG=`git describe --tags $(git rev-list --tags --max-count=1) 2> /dev/null` || true
+if [[ -z "${LAST_TAG}" ]]; then
+  echo "[INFO] No tags found. Including all commits up to ${GITHUB_SHA}."
+  VERSION_RANGE="${GITHUB_SHA}"
+else
+  echo "[INFO] Last release tag: ${LAST_TAG}."
+  COMMIT_SHA=`git show-ref -s ${LAST_TAG}`
+  echo "[INFO] Last release commit: ${COMMIT_SHA}."
+  VERSION_RANGE="${COMMIT_SHA}..${GITHUB_SHA}"
+  echo "[INFO] Including all commits in the range ${VERSION_RANGE}."
+fi
+
+echo ""
+
+# Older versions of Bash (< 4.4) treat empty arrays as unbound variables, which triggers
+# errors when referencing them. Therefore we initialize each of these arrays with an empty
+# sentinel value, and later skip them.
+CHANGES=("")
+FIXES=("")
+FEATS=("")
+MISC=("")
+
+while read -r line
+do
+  COMMIT_MSG=`echo ${line} | cut -d ' ' -f 2-`
+  if [[ $COMMIT_MSG =~ ^change(\(.*\))?: ]]; then
+    CHANGES+=("$COMMIT_MSG")
+  elif [[ $COMMIT_MSG =~ ^fix(\(.*\))?: ]]; then
+    FIXES+=("$COMMIT_MSG")
+  elif [[ $COMMIT_MSG =~ ^feat(\(.*\))?: ]]; then
+    FEATS+=("$COMMIT_MSG")
+  else
+    MISC+=("${COMMIT_MSG}")
+  fi
+done < <(git log ${VERSION_RANGE} --oneline)
+
+printChangelog "Breaking Changes" "${CHANGES[@]}"
+printChangelog "New Features" "${FEATS[@]}"
+printChangelog "Bug Fixes" "${FIXES[@]}"
+printChangelog "Miscellaneous" "${MISC[@]}"
diff --git a/.github/scripts/package_artifacts.sh b/.github/scripts/package_artifacts.sh
new file mode 100755
index 000000000..6e993066e
--- /dev/null
+++ b/.github/scripts/package_artifacts.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+set -u
+
+gpg --quiet --batch --yes --decrypt --passphrase="${FIREBASE_SERVICE_ACCT_KEY}" \
+  --output integration_cert.json .github/resources/integ-service-account.json.gpg
+
+echo "${FIREBASE_API_KEY}" > integration_apikey.txt
+
+# Does the following:
+#  1. Runs the Checkstyle plugin (validate phase)
+#  2. Compiles the source (compile phase)
+#  3. Runs the unit tests (test phase)
+#  4. Packages the artifacts - src, bin, javadocs (package phase)
+#  5. Runs the integration tests (verify phase)
+mvn -B clean verify
+
+# Maven target directory can consist of many files. Just copy the jar artifacts
+# into a new directory for upload.
+mkdir -p dist
+cp target/*.jar dist/
diff --git a/.github/scripts/publish_artifacts.sh b/.github/scripts/publish_artifacts.sh
new file mode 100755
index 000000000..f4a2f1734
--- /dev/null
+++ b/.github/scripts/publish_artifacts.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+set -u
+
+gpg --quiet --batch --yes --decrypt --passphrase="${GPG_PRIVATE_KEY}" \
+  --output firebase.asc .github/resources/firebase.asc.gpg
+
+gpg --import firebase.asc
+
+# Does the following:
+#  1. Compiles the source (compile phase)
+#  2. Packages the artifacts - src, bin, javadocs (package phase)
+#  3. Signs the artifacts (verify phase)
+#  4. Publishes artifacts via Nexus (deploy phase)
+mvn -B clean deploy \
+  -Dcheckstyle.skip \
+  -DskipTests \
+  -Prelease \
+  --settings .github/resources/settings.xml
+
diff --git a/.github/scripts/publish_preflight_check.sh b/.github/scripts/publish_preflight_check.sh
new file mode 100755
index 000000000..7a191518d
--- /dev/null
+++ b/.github/scripts/publish_preflight_check.sh
@@ -0,0 +1,146 @@
+#!/bin/bash
+
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+###################################### Outputs #####################################
+
+# 1. version: The version of this release including the 'v' prefix (e.g. v1.2.3).
+# 2. changelog: Formatted changelog text for this release.
+
+####################################################################################
+
+set -e
+set -u
+
+function echo_info() {
+    local MESSAGE=$1
+    echo "[INFO] ${MESSAGE}"
+}
+
+function echo_warn() {
+    local MESSAGE=$1
+    echo "[WARN] ${MESSAGE}"
+}
+
+function terminate() {
+    echo ""
+    echo_warn "--------------------------------------------"
+    echo_warn "PREFLIGHT FAILED"
+    echo_warn "--------------------------------------------"
+    exit 1
+}
+
+
+echo_info "Starting publish preflight check..."
+echo_info "Git revision          : ${GITHUB_SHA}"
+echo_info "Workflow triggered by : ${GITHUB_ACTOR}"
+echo_info "GitHub event          : ${GITHUB_EVENT_NAME}"
+
+
+echo_info ""
+echo_info "--------------------------------------------"
+echo_info "Extracting release version"
+echo_info "--------------------------------------------"
+echo_info ""
+
+echo_info "Loading version from: pom.xml"
+readonly RELEASE_VERSION=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout` || true
+if [[ -z "${RELEASE_VERSION}" ]]; then
+  echo_warn "Failed to extract release version from: pom.xml"
+  terminate
+fi
+
+if [[ ! "${RELEASE_VERSION}" =~ ^([0-9]*)\.([0-9]*)\.([0-9]*)$ ]]; then
+  echo_warn "Malformed release version string: ${RELEASE_VERSION}. Exiting."
+  terminate
+fi
+
+echo_info "Extracted release version: ${RELEASE_VERSION}"
+echo "::set-output name=version::v${RELEASE_VERSION}"
+
+
+echo_info ""
+echo_info "--------------------------------------------"
+echo_info "Checking previous releases"
+echo_info "--------------------------------------------"
+echo_info ""
+
+readonly MAVEN_CENTRAL_URL="https://repo1.maven.org/maven2/com/google/firebase/firebase-admin/${RELEASE_VERSION}"
+readonly MAVEN_STATUS=`curl -s -o /dev/null -L -w "%{http_code}" ${MAVEN_CENTRAL_URL}`
+if [[ $MAVEN_STATUS -eq 404 ]]; then
+  echo_info "Release version ${RELEASE_VERSION} not found in Maven Central."
+elif [[ $MAVEN_STATUS -eq 200 ]]; then
+  echo_warn "Release version ${RELEASE_VERSION} already present in Maven Central."
+  terminate
+else
+  echo_warn "Unexpected ${MAVEN_STATUS} response from Maven Central. Exiting."
+  terminate
+fi
+
+
+echo_info ""
+echo_info "--------------------------------------------"
+echo_info "Checking release tag"
+echo_info "--------------------------------------------"
+echo_info ""
+
+echo_info "---< git fetch --depth=1 origin +refs/tags/*:refs/tags/* >---"
+git fetch --depth=1 origin +refs/tags/*:refs/tags/*
+echo ""
+
+readonly EXISTING_TAG=`git rev-parse -q --verify "refs/tags/v${RELEASE_VERSION}"` || true
+if [[ -n "${EXISTING_TAG}" ]]; then
+  echo_warn "Tag v${RELEASE_VERSION} already exists. Exiting."
+  echo_warn "If the tag was created in a previous unsuccessful attempt, delete it and try again."
+  echo_warn "  $ git tag -d v${RELEASE_VERSION}"
+  echo_warn "  $ git push --delete origin v${RELEASE_VERSION}"
+
+  readonly RELEASE_URL="https://github.com/firebase/firebase-admin-java/releases/tag/v${RELEASE_VERSION}"
+  echo_warn "Delete any corresponding releases at ${RELEASE_URL}."
+  terminate
+fi
+
+echo_info "Tag v${RELEASE_VERSION} does not exist."
+
+
+echo_info ""
+echo_info "--------------------------------------------"
+echo_info "Generating changelog"
+echo_info "--------------------------------------------"
+echo_info ""
+
+echo_info "---< git fetch origin master --prune --unshallow >---"
+git fetch origin master --prune --unshallow
+echo ""
+
+echo_info "Generating changelog from history..."
+readonly CURRENT_DIR=$(dirname "$0")
+readonly CHANGELOG=`${CURRENT_DIR}/generate_changelog.sh`
+echo "$CHANGELOG"
+
+# Parse and preformat the text to handle multi-line output.
+# See https://github.amrom.workers.devmunity/t5/GitHub-Actions/set-output-Truncates-Multiline-Strings/td-p/37870
+FILTERED_CHANGELOG=`echo "$CHANGELOG" | grep -v "\\[INFO\\]"`
+FILTERED_CHANGELOG="${FILTERED_CHANGELOG//'%'/'%25'}"
+FILTERED_CHANGELOG="${FILTERED_CHANGELOG//$'\n'/'%0A'}"
+FILTERED_CHANGELOG="${FILTERED_CHANGELOG//$'\r'/'%0D'}"
+echo "::set-output name=changelog::${FILTERED_CHANGELOG}"
+
+
+echo ""
+echo_info "--------------------------------------------"
+echo_info "PREFLIGHT SUCCESSFUL"
+echo_info "--------------------------------------------"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 10007c5c6..fbb1aad5e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,15 +1,35 @@
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 name: Continuous Integration
 
-on: [push, pull_request]
+on: push
 
 jobs:
   build:
     runs-on: ubuntu-latest
+
     steps:
     - uses: actions/checkout@v1
+
     - name: Set up JDK 1.7
       uses: actions/setup-java@v1
       with:
         java-version: 1.7
+
+    # Does the following:
+    #  1. Runs the Checkstyle plugin (validate phase)
+    #  2. Compiles the source (compile phase)
+    #  3. Runs the unit tests (test phase)
     - name: Build with Maven
-      run: mvn -B package --file pom.xml
+      run: mvn -B clean test
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 000000000..0e1c307bc
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,129 @@
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Release Candidate
+
+on:
+  # Only run the workflow when a PR is updated or when a developer explicitly requests
+  # a build by sending a 'firebase_build' event.
+  pull_request:
+    types: [opened, synchronize, closed]
+
+  repository_dispatch:
+    types:
+      - firebase_build
+
+jobs:
+  stage_release:
+    # To publish a release, merge the release PR with the label 'release:publish'.
+    # To stage a release without publishing it, send a 'firebase_build' event or apply
+    # the 'release:stage' label to a PR.
+    if: github.event.action == 'firebase_build' ||
+      contains(github.event.pull_request.labels.*.name, 'release:stage') ||
+      (github.event.pull_request.merged &&
+        contains(github.event.pull_request.labels.*.name, 'release:publish'))
+
+    runs-on: ubuntu-latest
+
+    # When manually triggering the build, the requester can specify a target branch or a tag
+    # via the 'ref' client parameter.
+    steps:
+    - name: Checkout source for staging
+      uses: actions/checkout@v2
+      with:
+        ref: ${{ github.event.client_payload.ref || github.ref }}
+
+    - name: Set up JDK 1.7
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.7
+
+    - name: Compile, test and package
+      run: ./.github/scripts/package_artifacts.sh
+      env:
+        FIREBASE_SERVICE_ACCT_KEY: ${{ secrets.FIREBASE_SERVICE_ACCT_KEY }}
+        FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }}
+
+    # Attach the packaged artifacts to the workflow output. These can be manually
+    # downloaded for later inspection if necessary.
+    - name: Archive artifacts
+      uses: actions/upload-artifact@v1
+      with:
+        name: dist
+        path: dist
+
+  publish_release:
+    needs: stage_release
+
+    # Check whether the release should be published. We publish only when the trigger PR is
+    #   1. merged
+    #   2. to the master branch
+    #   3. with the label 'release:publish', and
+    #   4. the title prefix '[chore] Release '.
+    if: github.event.pull_request.merged &&
+      github.ref == 'master' &&
+      contains(github.event.pull_request.labels.*.name, 'release:publish') &&
+      startsWith(github.event.pull_request.title, '[chore] Release ')
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout source for publish
+      uses: actions/checkout@v2
+
+    - name: Set up JDK 1.7
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.7
+
+    - name: Publish preflight check
+      id: preflight
+      run: ./.github/scripts/publish_preflight_check.sh
+
+    # We pull this action from a custom fork of a contributor until
+    # https://github.com/actions/create-release/pull/32 is merged. Also note that v1 of
+    # this action does not support the "body" parameter.
+    - name: Create release tag
+      uses: fleskesvor/create-release@1a72e235c178bf2ae6c51a8ae36febc24568c5fe
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ steps.preflight.outputs.version }}
+        release_name: Firebase Admin Java SDK ${{ steps.preflight.outputs.version }}
+        body: ${{ steps.preflight.outputs.changelog }}
+        draft: false
+        prerelease: false
+
+    - name: Publish to Maven Central
+      run: ./.github/scripts/publish_artifacts.sh
+      env:
+        GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+        NEXUS_OSSRH_USERNAME: ${{ secrets.NEXUS_OSSRH_USERNAME }}
+        NEXUS_OSSRH_PASSWORD: ${{ secrets.NEXUS_OSSRH_PASSWORD }}
+
+    # Post to Twitter if explicitly opted-in by adding the label 'release:tweet'.
+    - name: Post to Twitter
+      if: success() &&
+        contains(github.event.pull_request.labels.*.name, 'release:tweet')
+      uses: firebase/firebase-admin-node/.github/actions/send-tweet@master
+      with:
+        status: >
+          ${{ steps.preflight.outputs.version }} of @Firebase Admin Java SDK is available.
+          https://github.com/firebase/firebase-admin-java/releases/tag/${{ steps.preflight.outputs.version }}
+        consumer-key: ${{ secrets.TWITTER_CONSUMER_KEY }}
+        consumer-secret: ${{ secrets.TWITTER_CONSUMER_SECRET }}
+        access-token: ${{ secrets.TWITTER_ACCESS_TOKEN }}
+        access-token-secret: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
+      continue-on-error: true
diff --git a/pom.xml b/pom.xml
index 665edc8a6..af25b87d7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -161,56 +161,8 @@
         </profile>
         <profile>
             <id>release</id>
-            <properties>
-                <!-- Prevent executing integration tests twice during a release -->
-                <skipITs>true</skipITs>
-            </properties>
             <build>
                 <plugins>
-                    <plugin>
-                        <artifactId>maven-javadoc-plugin</artifactId>
-                        <executions>
-                            <execution>
-                                <phase>package</phase>
-                                <goals>
-                                    <goal>jar</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                        <configuration>
-                            <docletArtifact>
-                                <groupId>com.google.doclava</groupId>
-                                <artifactId>doclava</artifactId>
-                                <version>1.0.6</version>
-                            </docletArtifact>
-                            <doclet>com.google.doclava.Doclava</doclet>
-                            <bootclasspath>${sun.boot.class.path}</bootclasspath>
-                            <additionalDependencies>
-                                <additionalDependency>
-                                    <groupId>com.google.j2objc</groupId>
-                                    <artifactId>j2objc-annotations</artifactId>
-                                    <version>1.3</version>
-                                </additionalDependency>
-                            </additionalDependencies>
-                            <additionalparam>
-                                -warning 101
-                            </additionalparam>
-                            <useStandardDocletOptions>false</useStandardDocletOptions>
-                            <additionalJOption>-J-Xmx1024m</additionalJOption>
-                        </configuration>
-                    </plugin>
-                    <plugin>
-                        <artifactId>maven-source-plugin</artifactId>
-                        <version>2.2.1</version>
-                        <executions>
-                            <execution>
-                                <id>attach-sources</id>
-                                <goals>
-                                    <goal>jar-no-fork</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
                     <plugin>
                         <artifactId>maven-gpg-plugin</artifactId>
                         <version>1.5</version>
@@ -295,6 +247,7 @@
             </resource>
         </resources>
         <plugins>
+            <!-- Validate Phase -->
             <plugin>
                 <artifactId>maven-checkstyle-plugin</artifactId>
                 <version>2.17</version>
@@ -315,6 +268,8 @@
                     </execution>
                 </executions>
             </plugin>
+
+            <!-- Compile Phase -->
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.6.1</version>
@@ -323,6 +278,8 @@
                     <target>1.7</target>
                 </configuration>
             </plugin>
+
+            <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>2.19.1</version>
@@ -330,32 +287,68 @@
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>
             </plugin>
+
+            <!-- Package Phase -->
             <plugin>
-                <artifactId>maven-failsafe-plugin</artifactId>
-                <version>2.19.1</version>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.2.1</version>
                 <executions>
                     <execution>
+                        <id>attach-sources</id>
                         <goals>
-                            <goal>integration-test</goal>
-                            <goal>verify</goal>
+                            <goal>jar-no-fork</goal>
                         </goals>
-                    </execution>                    
+                    </execution>
                 </executions>
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.10.4</version>
-            </plugin>
-            <plugin>
-                <artifactId>maven-release-plugin</artifactId>
-                <version>2.5.3</version>
+                <executions>
+                    <execution>
+                        <id>attach-javadocs</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
                 <configuration>
-                    <useReleaseProfile>false</useReleaseProfile>
-                    <releaseProfiles>release</releaseProfiles>
-                    <tagNameFormat>v@{project.version}</tagNameFormat>
-                    <goals>deploy</goals>
+                    <docletArtifact>
+                        <groupId>com.google.doclava</groupId>
+                        <artifactId>doclava</artifactId>
+                        <version>1.0.6</version>
+                    </docletArtifact>
+                    <doclet>com.google.doclava.Doclava</doclet>
+                    <bootclasspath>${sun.boot.class.path}</bootclasspath>
+                    <additionalDependencies>
+                        <additionalDependency>
+                            <groupId>com.google.j2objc</groupId>
+                            <artifactId>j2objc-annotations</artifactId>
+                            <version>1.3</version>
+                        </additionalDependency>
+                    </additionalDependencies>
+                    <additionalparam>
+                        -warning 101
+                    </additionalparam>
+                    <useStandardDocletOptions>false</useStandardDocletOptions>
+                    <additionalJOption>-J-Xmx1024m</additionalJOption>
                 </configuration>
             </plugin>
+
+            <!-- Verify Phase -->
+            <plugin>
+                <artifactId>maven-failsafe-plugin</artifactId>
+                <version>2.19.1</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>integration-test</goal>
+                            <goal>verify</goal>
+                        </goals>
+                    </execution>                    
+                </executions>
+            </plugin>
+
+            <!-- Deploy Phase -->
             <plugin>
                 <groupId>org.sonatype.plugins</groupId>
                 <artifactId>nexus-staging-maven-plugin</artifactId>
@@ -364,7 +357,7 @@
                 <configuration>
                     <serverId>ossrh</serverId>
                     <nexusUrl>https://oss.sonatype.org/</nexusUrl>
-                    <autoReleaseAfterClose>false</autoReleaseAfterClose>
+                    <autoReleaseAfterClose>true</autoReleaseAfterClose>
                 </configuration>
             </plugin>
         </plugins>

From b18cf69fc92a8a792879632ba296c4ff82a351d2 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Fri, 10 Apr 2020 13:53:47 -0700
Subject: [PATCH 004/354] chore: Updated CI workflow to run on all PRs (#390)

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fbb1aad5e..58ecbfa35 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,7 +13,7 @@
 # limitations under the License.
 name: Continuous Integration
 
-on: push
+on: pull_request
 
 jobs:
   build:

From 2cfbc3d96d0090593828f78b497ea29c09fcaae1 Mon Sep 17 00:00:00 2001
From: Ian Thomas <toxicbakery@gmail.com>
Date: Fri, 10 Apr 2020 17:27:20 -0400
Subject: [PATCH 005/354] Testable BatchResponse (#389)

* Testable BatchResponse
- Converts batch response to an interface
- Moves batch response implementation to BatchResponseImpl
- Update FirebaseMessagingClientImpl to use BatchResponseImpl
- Updated tests

* Make BatchResponseImpl package private
---
 .../firebase/messaging/BatchResponse.java     | 29 ++--------
 .../firebase/messaging/BatchResponseImpl.java | 58 +++++++++++++++++++
 .../FirebaseMessagingClientImpl.java          |  2 +-
 .../firebase/messaging/BatchResponseTest.java |  8 +--
 .../messaging/FirebaseMessagingTest.java      |  2 +-
 5 files changed, 68 insertions(+), 31 deletions(-)
 create mode 100644 src/main/java/com/google/firebase/messaging/BatchResponseImpl.java

diff --git a/src/main/java/com/google/firebase/messaging/BatchResponse.java b/src/main/java/com/google/firebase/messaging/BatchResponse.java
index bd5069f4c..164403be4 100644
--- a/src/main/java/com/google/firebase/messaging/BatchResponse.java
+++ b/src/main/java/com/google/firebase/messaging/BatchResponse.java
@@ -16,7 +16,6 @@
 
 package com.google.firebase.messaging;
 
-import com.google.common.collect.ImmutableList;
 import com.google.firebase.internal.NonNull;
 import java.util.List;
 
@@ -25,32 +24,12 @@
  * See {@link FirebaseMessaging#sendAll(List)} and {@link
  * FirebaseMessaging#sendMulticast(MulticastMessage)}.
  */
-public final class BatchResponse {
-
-  private final List<SendResponse> responses;
-  private final int successCount;
-
-  BatchResponse(List<SendResponse> responses) {
-    this.responses = ImmutableList.copyOf(responses);
-    int successCount = 0;
-    for (SendResponse response : this.responses) {
-      if (response.isSuccessful()) {
-        successCount++;
-      }
-    }
-    this.successCount = successCount;
-  }
+public interface BatchResponse {
 
   @NonNull
-  public List<SendResponse> getResponses() {
-    return responses;
-  }
+  List<SendResponse> getResponses();
 
-  public int getSuccessCount() {
-    return successCount;
-  }
+  int getSuccessCount();
 
-  public int getFailureCount() {
-    return responses.size() - successCount;
-  }
+  int getFailureCount();
 }
diff --git a/src/main/java/com/google/firebase/messaging/BatchResponseImpl.java b/src/main/java/com/google/firebase/messaging/BatchResponseImpl.java
new file mode 100644
index 000000000..99cf63df1
--- /dev/null
+++ b/src/main/java/com/google/firebase/messaging/BatchResponseImpl.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright  2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.messaging;
+
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.internal.NonNull;
+
+import java.util.List;
+
+/**
+ * Response from an operation that sends FCM messages to multiple recipients.
+ * See {@link FirebaseMessaging#sendAll(List)} and {@link
+ * FirebaseMessaging#sendMulticast(MulticastMessage)}.
+ */
+class BatchResponseImpl implements BatchResponse {
+
+  private final List<SendResponse> responses;
+  private final int successCount;
+
+  BatchResponseImpl(List<SendResponse> responses) {
+    this.responses = ImmutableList.copyOf(responses);
+    int successCount = 0;
+    for (SendResponse response : this.responses) {
+      if (response.isSuccessful()) {
+        successCount++;
+      }
+    }
+    this.successCount = successCount;
+  }
+
+  @NonNull
+  public List<SendResponse> getResponses() {
+    return responses;
+  }
+
+  public int getSuccessCount() {
+    return successCount;
+  }
+
+  public int getFailureCount() {
+    return responses.size() - successCount;
+  }
+
+}
diff --git a/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java b/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java
index c2659a270..53d5ab00b 100644
--- a/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java
+++ b/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java
@@ -167,7 +167,7 @@ private BatchResponse sendBatchRequest(
     MessagingBatchCallback callback = new MessagingBatchCallback();
     BatchRequest batch = newBatchRequest(messages, dryRun, callback);
     batch.execute();
-    return new BatchResponse(callback.getResponses());
+    return new BatchResponseImpl(callback.getResponses());
   }
 
   private BatchRequest newBatchRequest(
diff --git a/src/test/java/com/google/firebase/messaging/BatchResponseTest.java b/src/test/java/com/google/firebase/messaging/BatchResponseTest.java
index cea001085..9c174f569 100644
--- a/src/test/java/com/google/firebase/messaging/BatchResponseTest.java
+++ b/src/test/java/com/google/firebase/messaging/BatchResponseTest.java
@@ -31,7 +31,7 @@ public class BatchResponseTest {
   public void testEmptyResponses() {
     List<SendResponse> responses = new ArrayList<>();
 
-    BatchResponse batchResponse = new BatchResponse(responses);
+    BatchResponse batchResponse = new BatchResponseImpl(responses);
 
     assertEquals(0, batchResponse.getSuccessCount());
     assertEquals(0, batchResponse.getFailureCount());
@@ -47,7 +47,7 @@ public void testSomeResponse() {
             "error-message", null))
     );
 
-    BatchResponse batchResponse = new BatchResponse(responses);
+    BatchResponse batchResponse = new BatchResponseImpl(responses);
 
     assertEquals(2, batchResponse.getSuccessCount());
     assertEquals(1, batchResponse.getFailureCount());
@@ -61,7 +61,7 @@ public void testSomeResponse() {
   public void testResponsesImmutable() {
     List<SendResponse> responses = new ArrayList<>();
     responses.add(SendResponse.fromMessageId("message1"));
-    BatchResponse batchResponse = new BatchResponse(responses);
+    BatchResponse batchResponse = new BatchResponseImpl(responses);
     SendResponse sendResponse = SendResponse.fromMessageId("message2");
 
     try {
@@ -74,6 +74,6 @@ public void testResponsesImmutable() {
 
   @Test(expected = NullPointerException.class)
   public void testResponsesCannotBeNull() {
-    new BatchResponse(null);
+    new BatchResponseImpl(null);
   }
 }
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
index bebba0864..496823175 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
@@ -668,7 +668,7 @@ private BatchResponse getBatchResponse(String ...messageIds) {
     for (String messageId : messageIds) {
       listBuilder.add(SendResponse.fromMessageId(messageId));
     }
-    return new BatchResponse(listBuilder.build());
+    return new BatchResponseImpl(listBuilder.build());
   }
 
   private static class MockFirebaseMessagingClient implements FirebaseMessagingClient {

From ab3af3cda5937b4e335e0a9256e19cb76c9de4bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 May 2020 15:36:27 -0700
Subject: [PATCH 006/354] Bump netty.version from 4.1.34.Final to 4.1.45.Final
 (#373)

Bumps `netty.version` from 4.1.34.Final to 4.1.45.Final.

Updates `netty-codec-http` from 4.1.34.Final to 4.1.45.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.34.Final...netty-4.1.45.Final)

Updates `netty-handler` from 4.1.34.Final to 4.1.45.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.34.Final...netty-4.1.45.Final)

Updates `netty-transport` from 4.1.34.Final to 4.1.45.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.34.Final...netty-4.1.45.Final)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index af25b87d7..b71b4e773 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.34.Final</netty.version>
+        <netty.version>4.1.45.Final</netty.version>
     </properties>
 
     <scm>

From f8052c76330364675b13b2724d6d951269ecd6e3 Mon Sep 17 00:00:00 2001
From: rsgowman <rich@gowman.noip.me>
Date: Tue, 12 May 2020 16:56:35 -0400
Subject: [PATCH 007/354] feat(auth): Add bulk get/delete methods (#365)

This PR allows callers to retrieve a list of users by unique identifier (uid, email, phone, federated provider uid) as well as to delete a list of users.

RELEASE NOTE: Added getUsers() and deleteUsers() APIs for retrieving and deleting user accounts in bulk.
---
 .../firebase/auth/DeleteUsersResult.java      |  74 ++++++
 .../google/firebase/auth/EmailIdentifier.java |  49 ++++
 .../google/firebase/auth/FirebaseAuth.java    | 143 ++++++++++-
 .../firebase/auth/FirebaseUserManager.java    |  52 +++-
 .../google/firebase/auth/GetUsersResult.java  |  52 ++++
 .../google/firebase/auth/PhoneIdentifier.java |  49 ++++
 .../firebase/auth/ProviderIdentifier.java     |  56 +++++
 .../google/firebase/auth/UidIdentifier.java   |  49 ++++
 .../google/firebase/auth/UserIdentifier.java  |  31 +++
 .../google/firebase/auth/UserMetadata.java    |  15 +-
 .../com/google/firebase/auth/UserRecord.java  |  16 +-
 .../auth/internal/BatchDeleteResponse.java    |  51 ++++
 .../auth/internal/GetAccountInfoRequest.java  |  80 ++++++
 .../auth/internal/GetAccountInfoResponse.java |   7 +
 .../google/firebase/auth/FirebaseAuthIT.java  | 128 +++++++++-
 .../auth/FirebaseUserManagerTest.java         | 227 ++++++++++++++++++
 .../com/google/firebase/auth/GetUsersIT.java  | 152 ++++++++++++
 .../firebase/auth/ImportUserRecordTest.java   |   2 +-
 18 files changed, 1220 insertions(+), 13 deletions(-)
 create mode 100644 src/main/java/com/google/firebase/auth/DeleteUsersResult.java
 create mode 100644 src/main/java/com/google/firebase/auth/EmailIdentifier.java
 create mode 100644 src/main/java/com/google/firebase/auth/GetUsersResult.java
 create mode 100644 src/main/java/com/google/firebase/auth/PhoneIdentifier.java
 create mode 100644 src/main/java/com/google/firebase/auth/ProviderIdentifier.java
 create mode 100644 src/main/java/com/google/firebase/auth/UidIdentifier.java
 create mode 100644 src/main/java/com/google/firebase/auth/UserIdentifier.java
 create mode 100644 src/main/java/com/google/firebase/auth/internal/BatchDeleteResponse.java
 create mode 100644 src/main/java/com/google/firebase/auth/internal/GetAccountInfoRequest.java
 create mode 100644 src/test/java/com/google/firebase/auth/GetUsersIT.java

diff --git a/src/main/java/com/google/firebase/auth/DeleteUsersResult.java b/src/main/java/com/google/firebase/auth/DeleteUsersResult.java
new file mode 100644
index 000000000..e8ca7dba5
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/DeleteUsersResult.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.auth.internal.BatchDeleteResponse;
+import com.google.firebase.internal.NonNull;
+import java.util.List;
+
+/**
+ * Represents the result of the {@link FirebaseAuth#deleteUsersAsync(List)} API.
+ */
+public final class DeleteUsersResult {
+
+  private final int successCount;
+  private final List<ErrorInfo> errors;
+
+  DeleteUsersResult(int users, BatchDeleteResponse response) {
+    ImmutableList.Builder<ErrorInfo> errorsBuilder = ImmutableList.builder();
+    List<BatchDeleteResponse.ErrorInfo> responseErrors = response.getErrors();
+    if (responseErrors != null) {
+      checkArgument(users >= responseErrors.size());
+      for (BatchDeleteResponse.ErrorInfo error : responseErrors) {
+        errorsBuilder.add(new ErrorInfo(error.getIndex(), error.getMessage()));
+      }
+    }
+    errors = errorsBuilder.build();
+    successCount = users - errors.size();
+  }
+
+  /**
+   * Returns the number of users that were deleted successfully (possibly zero). Users that did not
+   * exist prior to calling {@link FirebaseAuth#deleteUsersAsync(List)} are considered to be
+   * successfully deleted.
+   */ 
+  public int getSuccessCount() {
+    return successCount;
+  }
+
+  /**
+   * Returns the number of users that failed to be deleted (possibly zero).
+   */
+  public int getFailureCount() {
+    return errors.size();
+  }
+
+  /**
+   * A list of {@link ErrorInfo} instances describing the errors that were encountered during
+   * the deletion. Length of this list is equal to the return value of 
+   * {@link #getFailureCount()}.
+   *
+   * @return A non-null list (possibly empty).
+   */
+  @NonNull
+  public List<ErrorInfo> getErrors() {
+    return errors;
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/EmailIdentifier.java b/src/main/java/com/google/firebase/auth/EmailIdentifier.java
new file mode 100644
index 000000000..8e729c220
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/EmailIdentifier.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import com.google.firebase.auth.internal.GetAccountInfoRequest;
+import com.google.firebase.internal.NonNull;
+
+/**
+ * Used for looking up an account by email.
+ *
+ * @see {FirebaseAuth#getUsers}
+ */
+public final class EmailIdentifier extends UserIdentifier {
+  private final String email;
+
+  public EmailIdentifier(@NonNull String email) {
+    UserRecord.checkEmail(email);
+    this.email = email;
+  }
+
+  @Override
+  public String toString() {
+    return "EmailIdentifier(" + email + ")";
+  }
+
+  @Override
+  void populate(@NonNull GetAccountInfoRequest payload) {
+    payload.addEmail(email);
+  }
+
+  @Override
+  boolean matches(@NonNull UserRecord userRecord) {
+    return email.equals(userRecord.getEmail());
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/FirebaseAuth.java b/src/main/java/com/google/firebase/auth/FirebaseAuth.java
index f7f6231ad..923778af4 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseAuth.java
@@ -42,8 +42,11 @@
 import com.google.firebase.internal.Nullable;
 
 import java.io.IOException;
+import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 /**
@@ -601,7 +604,82 @@ protected UserRecord execute() throws FirebaseAuthException {
   }
 
   /**
-   * Gets a page of users starting from the specified {@code pageToken}. Page size will be
+   * Gets the user data corresponding to the specified identifiers.
+   *
+   * <p>There are no ordering guarantees; in particular, the nth entry in the users result list is
+   * not guaranteed to correspond to the nth entry in the input parameters list.
+   *
+   * <p>A maximum of 100 identifiers may be specified. If more than 100 identifiers are
+   * supplied, this method throws an {@link IllegalArgumentException}.
+   *
+   * @param identifiers The identifiers used to indicate which user records should be returned. Must
+   *     have 100 or fewer entries.
+   * @return The corresponding user records.
+   * @throws IllegalArgumentException If any of the identifiers are invalid or if more than 100
+   *     identifiers are specified.
+   * @throws NullPointerException If the identifiers parameter is null.
+   * @throws FirebaseAuthException If an error occurs while retrieving user data.
+   */
+  public GetUsersResult getUsers(@NonNull Collection<UserIdentifier> identifiers)
+      throws FirebaseAuthException {
+    return getUsersOp(identifiers).call();
+  }
+
+  /**
+   * Gets the user data corresponding to the specified identifiers.
+   *
+   * <p>There are no ordering guarantees; in particular, the nth entry in the users result list is
+   * not guaranteed to correspond to the nth entry in the input parameters list.
+   *
+   * <p>A maximum of 100 identifiers may be specified. If more than 100 identifiers are
+   * supplied, this method throws an {@link IllegalArgumentException}.
+   *
+   * @param identifiers The identifiers used to indicate which user records should be returned.
+   *     Must have 100 or fewer entries.
+   * @return An {@code ApiFuture} that resolves to the corresponding user records.
+   * @throws IllegalArgumentException If any of the identifiers are invalid or if more than 100
+   *     identifiers are specified.
+   * @throws NullPointerException If the identifiers parameter is null.
+   */
+  public ApiFuture<GetUsersResult> getUsersAsync(@NonNull Collection<UserIdentifier> identifiers) {
+    return getUsersOp(identifiers).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<GetUsersResult, FirebaseAuthException> getUsersOp(
+      @NonNull final Collection<UserIdentifier> identifiers) {
+    checkNotDestroyed();
+    checkNotNull(identifiers, "identifiers must not be null");
+    checkArgument(identifiers.size() <= FirebaseUserManager.MAX_GET_ACCOUNTS_BATCH_SIZE,
+        "identifiers parameter must have <= " + FirebaseUserManager.MAX_GET_ACCOUNTS_BATCH_SIZE
+        + " entries.");
+
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<GetUsersResult, FirebaseAuthException>() {
+      @Override
+      protected GetUsersResult execute() throws FirebaseAuthException {
+        Set<UserRecord> users = userManager.getAccountInfo(identifiers);
+        Set<UserIdentifier> notFound = new HashSet<>();
+        for (UserIdentifier id : identifiers) {
+          if (!isUserFound(id, users)) {
+            notFound.add(id);
+          }
+        }
+        return new GetUsersResult(users, notFound);
+      }
+    };
+  }
+
+  private boolean isUserFound(UserIdentifier id, Collection<UserRecord> userRecords) {
+    for (UserRecord userRecord : userRecords) {
+      if (id.matches(userRecord)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  /**
+   * Gets a page of users starting from the specified {@code pageToken}. Page size is
    * limited to 1000 users.
    *
    * @param pageToken A non-empty page token string, or null to retrieve the first page of users.
@@ -842,8 +920,67 @@ protected Void execute() throws FirebaseAuthException {
   }
 
   /**
-   * Imports the provided list of users into Firebase Auth. At most 1000 users can be imported at a
-   * time. This operation is optimized for bulk imports and will ignore checks on identifier
+   * Deletes the users specified by the given identifiers.
+   *
+   * <p>Deleting a non-existing user does not generate an error (the method is idempotent).
+   * Non-existing users are considered to be successfully deleted and are therefore included in the
+   * DeleteUsersResult.getSuccessCount() value.
+   *
+   * <p>A maximum of 1000 identifiers may be supplied. If more than 1000 identifiers are
+   * supplied, this method throws an {@link IllegalArgumentException}.
+   *
+   * <p>This API has a rate limit of 1 QPS. Exceeding the limit may result in a quota exceeded
+   * error. If you want to delete more than 1000 users, we suggest adding a delay to ensure you
+   * don't exceed this limit.
+   *
+   * @param uids The uids of the users to be deleted. Must have <= 1000 entries.
+   * @return The total number of successful/failed deletions, as well as the array of errors that
+   *     correspond to the failed deletions.
+   * @throw IllegalArgumentException If any of the identifiers are invalid or if more than 1000
+   *     identifiers are specified.
+   * @throws FirebaseAuthException If an error occurs while deleting users.
+   */
+  public DeleteUsersResult deleteUsers(List<String> uids) throws FirebaseAuthException {
+    return deleteUsersOp(uids).call();
+  }
+
+  /**
+   * Similar to {@link #deleteUsers(List)} but performs the operation asynchronously.
+   *
+   * @param uids The uids of the users to be deleted. Must have <= 1000 entries.
+   * @return An {@code ApiFuture} that resolves to the total number of successful/failed
+   *     deletions, as well as the array of errors that correspond to the failed deletions. If an
+   *     error occurs while deleting the user account, the future throws a
+   *     {@link FirebaseAuthException}.
+   * @throw IllegalArgumentException If any of the identifiers are invalid or if more than 1000
+   *     identifiers are specified.
+   */
+  public ApiFuture<DeleteUsersResult> deleteUsersAsync(List<String> uids) {
+    return deleteUsersOp(uids).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<DeleteUsersResult, FirebaseAuthException> deleteUsersOp(
+      final List<String> uids) {
+    checkNotDestroyed();
+    checkNotNull(uids, "uids must not be null");
+    for (String uid : uids) {
+      UserRecord.checkUid(uid);
+    }
+    checkArgument(uids.size() <= FirebaseUserManager.MAX_DELETE_ACCOUNTS_BATCH_SIZE,
+        "uids parameter must have <= " + FirebaseUserManager.MAX_DELETE_ACCOUNTS_BATCH_SIZE
+        + " entries.");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<DeleteUsersResult, FirebaseAuthException>() {
+      @Override
+      protected DeleteUsersResult execute() throws FirebaseAuthException {
+        return userManager.deleteUsers(uids);
+      }
+    };
+  }
+
+  /**
+   * Imports the provided list of users into Firebase Auth. You can import a maximum of 1000 users
+   * at a time.  This operation is optimized for bulk imports and does not check identifier
    * uniqueness which could result in duplications.
    *
    * <p>{@link UserImportOptions} is required to import users with passwords. See
diff --git a/src/main/java/com/google/firebase/auth/FirebaseUserManager.java b/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
index 03c2813bc..ab8759c4f 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
@@ -39,9 +39,10 @@
 import com.google.firebase.ImplFirebaseTrampolines;
 import com.google.firebase.auth.UserRecord.CreateRequest;
 import com.google.firebase.auth.UserRecord.UpdateRequest;
+import com.google.firebase.auth.internal.BatchDeleteResponse;
 import com.google.firebase.auth.internal.DownloadAccountResponse;
+import com.google.firebase.auth.internal.GetAccountInfoRequest;
 import com.google.firebase.auth.internal.GetAccountInfoResponse;
-
 import com.google.firebase.auth.internal.HttpErrorResponse;
 import com.google.firebase.auth.internal.UploadAccountResponse;
 import com.google.firebase.internal.ApiClientUtils;
@@ -50,8 +51,11 @@
 import com.google.firebase.internal.SdkUtils;
 
 import java.io.IOException;
+import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * FirebaseUserManager provides methods for interacting with the Google Identity Toolkit via its
@@ -86,6 +90,8 @@ class FirebaseUserManager {
       .put("INVALID_DYNAMIC_LINK_DOMAIN", "invalid-dynamic-link-domain")
       .build();
 
+  static final int MAX_GET_ACCOUNTS_BATCH_SIZE = 100;
+  static final int MAX_DELETE_ACCOUNTS_BATCH_SIZE = 1000;
   static final int MAX_LIST_USERS_RESULTS = 1000;
   static final int MAX_IMPORT_USERS = 1000;
 
@@ -171,6 +177,33 @@ UserRecord getUserByPhoneNumber(String phoneNumber) throws FirebaseAuthException
     return new UserRecord(response.getUsers().get(0), jsonFactory);
   }
 
+  Set<UserRecord> getAccountInfo(@NonNull Collection<UserIdentifier> identifiers)
+      throws FirebaseAuthException {
+    if (identifiers.isEmpty()) {
+      return new HashSet<UserRecord>();
+    }
+
+    GetAccountInfoRequest payload = new GetAccountInfoRequest();
+    for (UserIdentifier id : identifiers) {
+      id.populate(payload);
+    }
+
+    GetAccountInfoResponse response = post(
+        "/accounts:lookup", payload, GetAccountInfoResponse.class);
+
+    if (response == null) {
+      throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to parse server response");
+    }
+
+    Set<UserRecord> results = new HashSet<>();
+    if (response.getUsers() != null) {
+      for (GetAccountInfoResponse.User user : response.getUsers()) {
+        results.add(new UserRecord(user, jsonFactory));
+      }
+    }
+    return results;
+  }
+
   String createUser(CreateRequest request) throws FirebaseAuthException {
     GenericJson response = post(
         "/accounts", request.getProperties(), GenericJson.class);
@@ -200,6 +233,23 @@ void deleteUser(String uid) throws FirebaseAuthException {
     }
   }
 
+  /**
+   * @pre uids != null
+   * @pre uids.size() <= MAX_DELETE_ACCOUNTS_BATCH_SIZE
+   */
+  DeleteUsersResult deleteUsers(@NonNull List<String> uids) throws FirebaseAuthException {
+    final Map<String, Object> payload = ImmutableMap.<String, Object>of(
+        "localIds", uids,
+        "force", true);
+    BatchDeleteResponse response = post(
+        "/accounts:batchDelete", payload, BatchDeleteResponse.class);
+    if (response == null) {
+      throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to delete users");
+    }
+
+    return new DeleteUsersResult(uids.size(), response);
+  }
+
   DownloadAccountResponse listUsers(int maxResults, String pageToken) throws FirebaseAuthException {
     ImmutableMap.Builder<String, Object> builder = ImmutableMap.<String, Object>builder()
         .put("maxResults", maxResults);
diff --git a/src/main/java/com/google/firebase/auth/GetUsersResult.java b/src/main/java/com/google/firebase/auth/GetUsersResult.java
new file mode 100644
index 000000000..3ceec01cb
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/GetUsersResult.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.firebase.internal.NonNull;
+import java.util.Set;
+
+/**
+ * Represents the result of the {@link FirebaseAuth#getUsersAsync(Collection)} API.
+ */
+public final class GetUsersResult {
+  private final Set<UserRecord> users;
+  private final Set<UserIdentifier> notFound;
+
+  GetUsersResult(@NonNull Set<UserRecord> users, @NonNull Set<UserIdentifier> notFound) {
+    this.users = checkNotNull(users);
+    this.notFound = checkNotNull(notFound);
+  }
+
+  /**
+   * Set of user records corresponding to the set of users that were requested. Only users
+   * that were found are listed here. The result set is unordered.
+   */
+  @NonNull
+  public Set<UserRecord> getUsers() {
+    return this.users;
+  }
+
+  /**
+   * Set of identifiers that were requested, but not found.
+   */
+  @NonNull
+  public Set<UserIdentifier> getNotFound() {
+    return this.notFound;
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/PhoneIdentifier.java b/src/main/java/com/google/firebase/auth/PhoneIdentifier.java
new file mode 100644
index 000000000..bdc84fe92
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/PhoneIdentifier.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import com.google.firebase.auth.internal.GetAccountInfoRequest;
+import com.google.firebase.internal.NonNull;
+
+/**
+ * Used for looking up an account by phone number.
+ *
+ * @see {FirebaseAuth#getUsers}
+ */
+public final class PhoneIdentifier extends UserIdentifier {
+  private final String phoneNumber;
+
+  public PhoneIdentifier(@NonNull String phoneNumber) {
+    UserRecord.checkPhoneNumber(phoneNumber);
+    this.phoneNumber = phoneNumber;
+  }
+
+  @Override
+  public String toString() {
+    return "PhoneIdentifier(" + phoneNumber + ")";
+  }
+
+  @Override
+  void populate(@NonNull GetAccountInfoRequest payload) {
+    payload.addPhoneNumber(phoneNumber);
+  }
+
+  @Override
+  boolean matches(@NonNull UserRecord userRecord) {
+    return phoneNumber.equals(userRecord.getPhoneNumber());
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/ProviderIdentifier.java b/src/main/java/com/google/firebase/auth/ProviderIdentifier.java
new file mode 100644
index 000000000..25e00026d
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/ProviderIdentifier.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import com.google.firebase.auth.internal.GetAccountInfoRequest;
+import com.google.firebase.internal.NonNull;
+
+/**
+ * Used for looking up an account by provider.
+ *
+ * @see {FirebaseAuth#getUsers}
+ */
+public final class ProviderIdentifier extends UserIdentifier {
+  private final String providerId;
+  private final String providerUid;
+
+  public ProviderIdentifier(@NonNull String providerId, @NonNull String providerUid) {
+    UserRecord.checkProvider(providerId, providerUid);
+    this.providerId = providerId;
+    this.providerUid = providerUid;
+  }
+
+  @Override
+  public String toString() {
+    return "ProviderIdentifier(" + providerId + ", " + providerUid + ")";
+  }
+
+  @Override
+  void populate(@NonNull GetAccountInfoRequest payload) {
+    payload.addFederatedUserId(providerId, providerUid);
+  }
+
+  @Override
+  boolean matches(@NonNull UserRecord userRecord) {
+    for (UserInfo userInfo : userRecord.getProviderData()) {
+      if (providerId.equals(userInfo.getProviderId()) && providerUid.equals(userInfo.getUid())) {
+        return true;
+      }
+    }
+    return false;
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/UidIdentifier.java b/src/main/java/com/google/firebase/auth/UidIdentifier.java
new file mode 100644
index 000000000..a4f7069d9
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/UidIdentifier.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import com.google.firebase.auth.internal.GetAccountInfoRequest;
+import com.google.firebase.internal.NonNull;
+
+/**
+ * Used for looking up an account by uid.
+ *
+ * @see {FirebaseAuth#getUsers}
+ */
+public final class UidIdentifier extends UserIdentifier {
+  private final String uid;
+
+  public UidIdentifier(@NonNull String uid) {
+    UserRecord.checkUid(uid);
+    this.uid = uid;
+  }
+
+  @Override
+  public String toString() {
+    return "UidIdentifier(" + uid + ")";
+  }
+
+  @Override
+  void populate(@NonNull GetAccountInfoRequest payload) {
+    payload.addUid(uid);
+  }
+
+  @Override
+  boolean matches(@NonNull UserRecord userRecord) {
+    return uid.equals(userRecord.getUid());
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/UserIdentifier.java b/src/main/java/com/google/firebase/auth/UserIdentifier.java
new file mode 100644
index 000000000..7ec9699e6
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/UserIdentifier.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import com.google.firebase.auth.internal.GetAccountInfoRequest;
+import com.google.firebase.internal.NonNull;
+
+/**
+ * Identifies a user to be looked up.
+ */
+public abstract class UserIdentifier {
+  public abstract String toString();
+
+  abstract void populate(@NonNull GetAccountInfoRequest payload);
+
+  abstract boolean matches(@NonNull UserRecord userRecord);
+}
diff --git a/src/main/java/com/google/firebase/auth/UserMetadata.java b/src/main/java/com/google/firebase/auth/UserMetadata.java
index a2872371f..85a24a0fd 100644
--- a/src/main/java/com/google/firebase/auth/UserMetadata.java
+++ b/src/main/java/com/google/firebase/auth/UserMetadata.java
@@ -23,14 +23,16 @@ public class UserMetadata {
 
   private final long creationTimestamp;
   private final long lastSignInTimestamp;
+  private final long lastRefreshTimestamp;
 
   public UserMetadata(long creationTimestamp) {
-    this(creationTimestamp, 0L);
+    this(creationTimestamp, 0L, 0L);
   }
 
-  public UserMetadata(long creationTimestamp, long lastSignInTimestamp) {
+  public UserMetadata(long creationTimestamp, long lastSignInTimestamp, long lastRefreshTimestamp) {
     this.creationTimestamp = creationTimestamp;
     this.lastSignInTimestamp = lastSignInTimestamp;
+    this.lastRefreshTimestamp = lastRefreshTimestamp;
   }
 
   /**
@@ -50,4 +52,13 @@ public long getCreationTimestamp() {
   public long getLastSignInTimestamp() {
     return lastSignInTimestamp;
   }
+
+  /**
+   * Returns the time at which the user was last active (ID token refreshed).
+   * 
+   * @return Milliseconds since epoch timestamp, or 0 if the user was never active.
+   */
+  public long getLastRefreshTimestamp() {
+    return lastRefreshTimestamp;
+  }
 }
diff --git a/src/main/java/com/google/firebase/auth/UserRecord.java b/src/main/java/com/google/firebase/auth/UserRecord.java
index e00450079..64e7c278c 100644
--- a/src/main/java/com/google/firebase/auth/UserRecord.java
+++ b/src/main/java/com/google/firebase/auth/UserRecord.java
@@ -20,6 +20,7 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.api.client.json.JsonFactory;
+import com.google.api.client.util.DateTime;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
@@ -80,7 +81,15 @@ public class UserRecord implements UserInfo {
       }
     }
     this.tokensValidAfterTimestamp = response.getValidSince() * 1000;
-    this.userMetadata = new UserMetadata(response.getCreatedAt(), response.getLastLoginAt());
+
+    String lastRefreshAtRfc3339 = response.getLastRefreshAt();
+    long lastRefreshAtMillis = 0;
+    if (!Strings.isNullOrEmpty(lastRefreshAtRfc3339)) {
+      lastRefreshAtMillis = DateTime.parseRfc3339(lastRefreshAtRfc3339).getValue();
+    }
+
+    this.userMetadata = new UserMetadata(
+        response.getCreatedAt(), response.getLastLoginAt(), lastRefreshAtMillis);
     this.customClaims = parseCustomClaims(response.getCustomClaims(), jsonFactory);
   }
 
@@ -247,6 +256,11 @@ static void checkPhoneNumber(String phoneNumber) {
         "phone number must be a valid, E.164 compliant identifier starting with a '+' sign");
   }
 
+  static void checkProvider(String providerId, String providerUid) {
+    checkArgument(!Strings.isNullOrEmpty(providerId), "providerId must be a non-empty string");
+    checkArgument(!Strings.isNullOrEmpty(providerUid), "providerUid must be a non-empty string");
+  }
+
   static void checkUrl(String photoUrl) {
     checkArgument(!Strings.isNullOrEmpty(photoUrl), "url cannot be null or empty");
     try {
diff --git a/src/main/java/com/google/firebase/auth/internal/BatchDeleteResponse.java b/src/main/java/com/google/firebase/auth/internal/BatchDeleteResponse.java
new file mode 100644
index 000000000..728cf6358
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/internal/BatchDeleteResponse.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import com.google.api.client.util.Key;
+import java.util.List;
+
+/**
+ * Represents the response from Google identity Toolkit for a batch delete request.
+ */
+public class BatchDeleteResponse {
+
+  @Key("errors")
+  private List<ErrorInfo> errors;
+
+  public List<ErrorInfo> getErrors() {
+    return errors;
+  }
+
+  public static class ErrorInfo {
+    @Key("index")
+    private int index;
+
+    @Key("message")
+    private String message;
+
+    // A 'localId' field also exists here, but is not currently exposed in the Admin SDK.
+
+    public int getIndex() {
+      return index;
+    }
+
+    public String getMessage() {
+      return message;
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/internal/GetAccountInfoRequest.java b/src/main/java/com/google/firebase/auth/internal/GetAccountInfoRequest.java
new file mode 100644
index 000000000..67c4d0ee7
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/internal/GetAccountInfoRequest.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import com.google.api.client.util.Key;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Represents the request to look up account information.
+ */
+public final class GetAccountInfoRequest {
+
+  @Key("localId")
+  private List<String> uids = null;
+
+  @Key("email")
+  private List<String> emails = null;
+
+  @Key("phoneNumber")
+  private List<String> phoneNumbers = null;
+
+  @Key("federatedUserId")
+  private List<FederatedUserId> federatedUserIds = null;
+
+  private static final class FederatedUserId {
+    @Key("providerId")
+    private String providerId = null;
+
+    @Key("rawId")
+    private String rawId = null;
+
+    FederatedUserId(String providerId, String rawId) {
+      this.providerId = providerId;
+      this.rawId = rawId;
+    }
+  }
+
+  public void addUid(String uid) {
+    if (uids == null) {
+      uids = new ArrayList<>();
+    }
+    uids.add(uid);
+  }
+
+  public void addEmail(String email) {
+    if (emails == null) {
+      emails = new ArrayList<>();
+    }
+    emails.add(email);
+  }
+
+  public void addPhoneNumber(String phoneNumber) {
+    if (phoneNumbers == null) {
+      phoneNumbers = new ArrayList<>();
+    }
+    phoneNumbers.add(phoneNumber);
+  }
+
+  public void addFederatedUserId(String providerId, String providerUid) {
+    if (federatedUserIds == null) {
+      federatedUserIds = new ArrayList<>();
+    }
+    federatedUserIds.add(new FederatedUserId(providerId, providerUid));
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/internal/GetAccountInfoResponse.java b/src/main/java/com/google/firebase/auth/internal/GetAccountInfoResponse.java
index 3d17c50f6..e84335891 100644
--- a/src/main/java/com/google/firebase/auth/internal/GetAccountInfoResponse.java
+++ b/src/main/java/com/google/firebase/auth/internal/GetAccountInfoResponse.java
@@ -73,6 +73,9 @@ public static class User {
     @Key("lastLoginAt")
     private long lastLoginAt;
 
+    @Key("lastRefreshAt")
+    private String lastRefreshAt;
+
     @Key("validSince")
     private long validSince;
 
@@ -119,6 +122,10 @@ public long getLastLoginAt() {
       return lastLoginAt;
     }
 
+    public String getLastRefreshAt() {
+      return lastRefreshAt;
+    }
+
     public long getValidSince() {
       return validSince;
     }
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index 6a8361d0d..aa45f51b3 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -137,6 +137,78 @@ public void testDeleteNonExistingUser() throws Exception {
     }
   }
 
+  @Test
+  public void testDeleteUsers() throws Exception {
+    UserRecord user1 = newUserWithParams();
+    UserRecord user2 = newUserWithParams();
+    UserRecord user3 = newUserWithParams();
+
+    DeleteUsersResult deleteUsersResult =
+        slowDeleteUsersAsync(ImmutableList.of(user1.getUid(), user2.getUid(), user3.getUid()))
+            .get();
+
+    assertEquals(3, deleteUsersResult.getSuccessCount());
+    assertEquals(0, deleteUsersResult.getFailureCount());
+    assertTrue(deleteUsersResult.getErrors().isEmpty());
+
+    GetUsersResult getUsersResult =
+        auth.getUsersAsync(
+                ImmutableList.<UserIdentifier>of(new UidIdentifier(user1.getUid()),
+                    new UidIdentifier(user2.getUid()), new UidIdentifier(user3.getUid())))
+            .get();
+
+    assertTrue(getUsersResult.getUsers().isEmpty());
+    assertEquals(3, getUsersResult.getNotFound().size());
+  }
+
+  @Test
+  public void testDeleteExistingAndNonExistingUsers() throws Exception {
+    UserRecord user1 = newUserWithParams();
+
+    DeleteUsersResult deleteUsersResult =
+        slowDeleteUsersAsync(ImmutableList.of(user1.getUid(), "uid-that-doesnt-exist")).get();
+
+    assertEquals(2, deleteUsersResult.getSuccessCount());
+    assertEquals(0, deleteUsersResult.getFailureCount());
+    assertTrue(deleteUsersResult.getErrors().isEmpty());
+
+    GetUsersResult getUsersResult =
+        auth.getUsersAsync(ImmutableList.<UserIdentifier>of(new UidIdentifier(user1.getUid()),
+                               new UidIdentifier("uid-that-doesnt-exist")))
+            .get();
+
+    assertTrue(getUsersResult.getUsers().isEmpty());
+    assertEquals(2, getUsersResult.getNotFound().size());
+  }
+
+  @Test
+  public void testDeleteUsersIsIdempotent() throws Exception {
+    UserRecord user1 = newUserWithParams();
+
+    DeleteUsersResult result = slowDeleteUsersAsync(ImmutableList.of(user1.getUid())).get();
+
+    assertEquals(1, result.getSuccessCount());
+    assertEquals(0, result.getFailureCount());
+    assertTrue(result.getErrors().isEmpty());
+
+    // Delete the user again to ensure that everything still counts as a success.
+    result = slowDeleteUsersAsync(ImmutableList.of(user1.getUid())).get();
+
+    assertEquals(1, result.getSuccessCount());
+    assertEquals(0, result.getFailureCount());
+    assertTrue(result.getErrors().isEmpty());
+  }
+
+  /**
+   * The {@code batchDelete} endpoint has a rate limit of 1 QPS. Use this test
+   * helper to ensure you don't exceed the quota.
+   */
+  // TODO(rsgowman): When/if the rate limit is relaxed, eliminate this helper.
+  private ApiFuture<DeleteUsersResult> slowDeleteUsersAsync(List<String> uids) throws Exception {
+    TimeUnit.SECONDS.sleep(1);
+    return auth.deleteUsersAsync(uids);
+  }
+
   @Test
   public void testCreateUserWithParams() throws Exception {
     RandomUser randomUser = RandomUser.create();
@@ -248,6 +320,35 @@ public void testUserLifecycle() throws Exception {
     }
   }
 
+  @Test
+  public void testLastRefreshTime() throws Exception {
+    RandomUser user = RandomUser.create();
+    UserRecord newUserRecord = auth.createUser(new CreateRequest()
+                                                   .setUid(user.uid)
+                                                   .setEmail(user.email)
+                                                   .setEmailVerified(false)
+                                                   .setPassword("password"));
+
+    try {
+      // New users should not have a lastRefreshTimestamp set.
+      assertEquals(0, newUserRecord.getUserMetadata().getLastRefreshTimestamp());
+
+      // Login to cause the lastRefreshTimestamp to be set.
+      signInWithPassword(newUserRecord.getEmail(), "password");
+
+      UserRecord userRecord = auth.getUser(newUserRecord.getUid());
+
+      // Ensure the lastRefreshTimestamp is approximately "now" (with a tollerance of 10 minutes).
+      long now = System.currentTimeMillis();
+      long tollerance = TimeUnit.MINUTES.toMillis(10);
+      long lastRefreshTimestamp = userRecord.getUserMetadata().getLastRefreshTimestamp();
+      assertTrue(now - tollerance <= lastRefreshTimestamp);
+      assertTrue(lastRefreshTimestamp <= now + tollerance);
+    } finally {
+      auth.deleteUser(newUserRecord.getUid());
+    }
+  }
+
   @Test
   public void testListUsers() throws Exception {
     final List<String> uids = new ArrayList<>();
@@ -607,7 +708,7 @@ private Map<String, String> parseLinkParameters(String link) throws Exception {
     return result;
   }
 
-  private String randomPhoneNumber() {
+  static String randomPhoneNumber() {
     Random random = new Random();
     StringBuilder builder = new StringBuilder("+1");
     for (int i = 0; i < 10; i++) {
@@ -637,7 +738,7 @@ private String signInWithPassword(String email, String password) throws IOExcept
     GenericUrl url = new GenericUrl(VERIFY_PASSWORD_URL + "?key="
         + IntegrationTestUtils.getApiKey());
     Map<String, Object> content = ImmutableMap.<String, Object>of(
-        "email", email, "password", password);
+        "email", email, "password", password, "returnSecureToken", true);
     HttpRequest request = transport.createRequestFactory().buildPostRequest(url,
         new JsonHttpContent(jsonFactory, content));
     request.setParser(new JsonObjectParser(jsonFactory));
@@ -696,9 +797,9 @@ private void checkRecreate(String uid) throws Exception {
     }
   }
 
-  private static class RandomUser {
-    private final String uid;
-    private final String email;
+  static class RandomUser {
+    final String uid;
+    final String email;
 
     private RandomUser(String uid, String email) {
       this.uid = uid;
@@ -712,4 +813,21 @@ static RandomUser create() {
       return new RandomUser(uid, email);
     }
   }
+
+  static UserRecord newUserWithParams() throws Exception {
+    return newUserWithParams(auth);
+  }
+
+  static UserRecord newUserWithParams(FirebaseAuth auth) throws Exception {
+    // TODO(rsgowman): This function could be used throughout this file (similar to the other
+    // ports).
+    RandomUser randomUser = RandomUser.create();
+    return auth.createUser(new CreateRequest()
+                               .setUid(randomUser.uid)
+                               .setEmail(randomUser.email)
+                               .setPhoneNumber(randomPhoneNumber())
+                               .setDisplayName("Random User")
+                               .setPhotoUrl("https://example.com/photo.png")
+                               .setPassword("password"));
+  }
 }
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index de0b7fa29..67d0448e9 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -33,6 +33,7 @@
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.auth.oauth2.GoogleCredentials;
+import com.google.common.base.Strings;
 import com.google.common.base.Supplier;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
@@ -41,6 +42,8 @@
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.FirebaseUserManager.EmailLinkType;
+import com.google.firebase.auth.UidIdentifier;
+import com.google.firebase.auth.UserIdentifier;
 import com.google.firebase.auth.UserRecord.CreateRequest;
 import com.google.firebase.auth.UserRecord.UpdateRequest;
 import com.google.firebase.internal.SdkUtils;
@@ -52,6 +55,8 @@
 import java.io.IOException;
 import java.math.BigDecimal;
 import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 
@@ -167,6 +172,153 @@ public void testGetUserByPhoneNumberWithNotFoundError() throws Exception {
     }
   }
 
+  @Test
+  public void testGetUsersExceeds100() throws Exception {
+    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+            .setCredentials(credentials)
+            .build());
+    List<UserIdentifier> identifiers = new ArrayList<>();
+    for (int i = 0; i < 101; i++) {
+      identifiers.add(new UidIdentifier("uid_" + i));
+    }
+
+    try {
+      FirebaseAuth.getInstance().getUsers(identifiers);
+      fail("No error thrown for too many supplied identifiers");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testGetUsersNull() throws Exception {
+    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+            .setCredentials(credentials)
+            .build());
+    try {
+      FirebaseAuth.getInstance().getUsers(null);
+      fail("No error thrown for null identifiers");
+    } catch (NullPointerException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testGetUsersEmpty() throws Exception {
+    initializeAppForUserManagement();
+    GetUsersResult result = FirebaseAuth.getInstance().getUsers(new ArrayList<UserIdentifier>());
+    assertTrue(result.getUsers().isEmpty());
+    assertTrue(result.getNotFound().isEmpty());
+  }
+
+  @Test
+  public void testGetUsersAllNonExisting() throws Exception {
+    initializeAppForUserManagement("{ \"users\": [] }");
+    List<UserIdentifier> ids = ImmutableList.<UserIdentifier>of(
+        new UidIdentifier("id-that-doesnt-exist"));
+    GetUsersResult result = FirebaseAuth.getInstance().getUsers(ids);
+    assertTrue(result.getUsers().isEmpty());
+    assertEquals(ids.size(), result.getNotFound().size());
+    assertTrue(result.getNotFound().containsAll(ids));
+  }
+
+  @Test
+  public void testGetUsersMultipleIdentifierTypes() throws Exception {
+    initializeAppForUserManagement((""
+        + "{ "
+        + "    'users': [{ "
+        + "        'localId': 'uid1', "
+        + "        'email': 'user1@example.com', "
+        + "        'phoneNumber': '+15555550001' "
+        + "    }, { "
+        + "        'localId': 'uid2', "
+        + "        'email': 'user2@example.com', "
+        + "        'phoneNumber': '+15555550002' "
+        + "    }, { "
+        + "        'localId': 'uid3', "
+        + "        'email': 'user3@example.com', "
+        + "        'phoneNumber': '+15555550003' "
+        + "    }, { "
+        + "        'localId': 'uid4', "
+        + "        'email': 'user4@example.com', "
+        + "        'phoneNumber': '+15555550004', "
+        + "        'providerUserInfo': [{ "
+        + "            'providerId': 'google.com', "
+        + "            'rawId': 'google_uid4' "
+        + "        }] "
+        + "    }] "
+        + "} "
+        ).replace("'", "\""));
+
+    UidIdentifier doesntExist = new UidIdentifier("this-uid-doesnt-exist");
+    List<UserIdentifier> ids = ImmutableList.<UserIdentifier>of(
+        new UidIdentifier("uid1"),
+        new EmailIdentifier("user2@example.com"),
+        new PhoneIdentifier("+15555550003"),
+        new ProviderIdentifier("google.com", "google_uid4"),
+        doesntExist);
+    GetUsersResult result = FirebaseAuth.getInstance().getUsers(ids);
+    Collection<String> uids = userRecordsToUids(result.getUsers());
+    assertTrue(uids.containsAll(ImmutableList.of("uid1", "uid2", "uid3", "uid4")));
+    assertEquals(1, result.getNotFound().size());
+    assertTrue(result.getNotFound().contains(doesntExist));
+  }
+
+  private Collection<String> userRecordsToUids(Collection<UserRecord> userRecords) {
+    Collection<String> uids = new HashSet<>();
+    for (UserRecord userRecord : userRecords) {
+      uids.add(userRecord.getUid());
+    }
+    return uids;
+  }
+
+  @Test
+  public void testInvalidUidIdentifier() throws Exception {
+    try {
+      new UidIdentifier("too long " + Strings.repeat(".", 128));
+      fail("No error thrown for invalid uid");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testInvalidEmailIdentifier() throws Exception {
+    try {
+      new EmailIdentifier("invalid email addr");
+      fail("No error thrown for invalid email");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testInvalidPhoneIdentifier() throws Exception {
+    try {
+      new PhoneIdentifier("invalid phone number");
+      fail("No error thrown for invalid phone number");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testInvalidProviderIdentifier() throws Exception {
+    try {
+      new ProviderIdentifier("", "valid-uid");
+      fail("No error thrown for invalid provider id");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+
+    try {
+      new ProviderIdentifier("valid-id", "");
+      fail("No error thrown for invalid provider uid");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
   @Test
   public void testListUsers() throws Exception {
     final TestResponseInterceptor interceptor = initializeAppForUserManagement(
@@ -278,6 +430,81 @@ public void testDeleteUser() throws Exception {
     checkRequestHeaders(interceptor);
   }
 
+  @Test
+  public void testDeleteUsersExceeds1000() throws Exception {
+    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+            .setCredentials(credentials)
+            .build());
+    List<String> ids = new ArrayList<>();
+    for (int i = 0; i < 1001; i++) {
+      ids.add("id" + i);
+    }
+    try {
+      FirebaseAuth.getInstance().deleteUsersAsync(ids);
+      fail("No error thrown for too many uids");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testDeleteUsersInvalidId() throws Exception {
+    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+            .setCredentials(credentials)
+            .build());
+    try {
+      FirebaseAuth.getInstance().deleteUsersAsync(
+          ImmutableList.of("too long " + Strings.repeat(".", 128)));
+      fail("No error thrown for too long uid");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testDeleteUsersIndexesErrorsCorrectly() throws Exception {
+    initializeAppForUserManagement((""
+        + "{ "
+        + "    'errors': [{ "
+        + "        'index': 0, "
+        + "        'localId': 'uid1', "
+        + "        'message': 'NOT_DISABLED : Disable the account before batch deletion.' "
+        + "    }, { "
+        + "        'index': 2, "
+        + "        'localId': 'uid3', "
+        + "        'message': 'something awful' "
+        + "    }] "
+        + "} "
+        ).replace("'", "\""));
+
+    DeleteUsersResult result = FirebaseAuth.getInstance().deleteUsersAsync(ImmutableList.of(
+          "uid1", "uid2", "uid3", "uid4"
+          )).get();
+
+    assertEquals(2, result.getSuccessCount());
+    assertEquals(2, result.getFailureCount());
+    assertEquals(2, result.getErrors().size());
+    assertEquals(0, result.getErrors().get(0).getIndex());
+    assertEquals(
+        "NOT_DISABLED : Disable the account before batch deletion.",
+        result.getErrors().get(0).getReason());
+    assertEquals(2, result.getErrors().get(1).getIndex());
+    assertEquals("something awful", result.getErrors().get(1).getReason());
+  }
+
+  @Test
+  public void testDeleteUsersSuccess() throws Exception {
+    initializeAppForUserManagement("{}");
+
+    DeleteUsersResult result = FirebaseAuth.getInstance().deleteUsersAsync(ImmutableList.of(
+          "uid1", "uid2", "uid3"
+          )).get();
+
+    assertEquals(3, result.getSuccessCount());
+    assertEquals(0, result.getFailureCount());
+    assertTrue(result.getErrors().isEmpty());
+  }
+
   @Test
   public void testImportUsers() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForUserManagement("{}");
diff --git a/src/test/java/com/google/firebase/auth/GetUsersIT.java b/src/test/java/com/google/firebase/auth/GetUsersIT.java
new file mode 100644
index 000000000..efe2f783f
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/GetUsersIT.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.testing.IntegrationTestUtils;
+import java.util.Collection;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class GetUsersIT {
+  private static FirebaseAuth auth;
+  private static UserRecord testUser1;
+  private static UserRecord testUser2;
+  private static UserRecord testUser3;
+  private static String importUserUid;
+
+  @BeforeClass
+  public static void setUpClass() throws Exception {
+    FirebaseApp masterApp = IntegrationTestUtils.ensureDefaultApp();
+    auth = FirebaseAuth.getInstance(masterApp);
+
+    testUser1 = FirebaseAuthIT.newUserWithParams(auth);
+    testUser2 = FirebaseAuthIT.newUserWithParams(auth);
+    testUser3 = FirebaseAuthIT.newUserWithParams(auth);
+
+    FirebaseAuthIT.RandomUser randomUser = FirebaseAuthIT.RandomUser.create();
+    importUserUid = randomUser.uid;
+    String phone = FirebaseAuthIT.randomPhoneNumber();
+    UserImportResult result = auth.importUsers(ImmutableList.of(
+          ImportUserRecord.builder()
+          .setUid(randomUser.uid)
+          .setEmail(randomUser.email)
+          .setPhoneNumber(phone)
+          .addUserProvider(
+              UserProvider.builder()
+                  .setProviderId("google.com")
+                  .setUid("google_" + randomUser.uid)
+                  .build())
+          .build()
+          ));
+    assertEquals(1, result.getSuccessCount());
+    assertEquals(0, result.getFailureCount());
+  }
+
+  @AfterClass
+  public static void cleanup() throws Exception {
+    // TODO(rsgowman): deleteUsers (plural) would make more sense here, but it's currently rate
+    // limited to 1qps. When/if that's relaxed, change this to just delete them all at once.
+    auth.deleteUser(testUser1.getUid());
+    auth.deleteUser(testUser2.getUid());
+    auth.deleteUser(testUser3.getUid());
+    auth.deleteUser(importUserUid);
+  }
+
+  @Test
+  public void testVariousIdentifiers() throws Exception {
+    GetUsersResult result = auth.getUsersAsync(ImmutableList.<UserIdentifier>of(
+          new UidIdentifier(testUser1.getUid()),
+          new EmailIdentifier(testUser2.getEmail()),
+          new PhoneIdentifier(testUser3.getPhoneNumber()),
+          new ProviderIdentifier("google.com", "google_" + importUserUid)
+          )).get();
+
+    Collection<String> expectedUids = ImmutableList.of(
+        testUser1.getUid(), testUser2.getUid(), testUser3.getUid(), importUserUid);
+
+    assertTrue(sameUsers(result.getUsers(), expectedUids));
+    assertEquals(0, result.getNotFound().size());
+  }
+
+  @Test
+  public void testIgnoresNonExistingUsers() throws Exception {
+    UidIdentifier doesntExistId = new UidIdentifier("uid_that_doesnt_exist");
+    GetUsersResult result = auth.getUsersAsync(ImmutableList.<UserIdentifier>of(
+          new UidIdentifier(testUser1.getUid()),
+          doesntExistId,
+          new UidIdentifier(testUser3.getUid())
+          )).get();
+
+    Collection<String> expectedUids = ImmutableList.of(testUser1.getUid(), testUser3.getUid());
+
+    assertTrue(sameUsers(result.getUsers(), expectedUids));
+    assertEquals(1, result.getNotFound().size());
+    assertTrue(result.getNotFound().contains(doesntExistId));
+  }
+
+  @Test
+  public void testOnlyNonExistingUsers() throws Exception {
+    UidIdentifier doesntExistId = new UidIdentifier("uid_that_doesnt_exist");
+    GetUsersResult result = auth.getUsersAsync(ImmutableList.<UserIdentifier>of(
+          doesntExistId
+          )).get();
+
+    assertEquals(0, result.getUsers().size());
+    assertEquals(1, result.getNotFound().size());
+    assertTrue(result.getNotFound().contains(doesntExistId));
+  }
+
+  @Test
+  public void testDedupsDuplicateUsers() throws Exception {
+    GetUsersResult result = auth.getUsersAsync(ImmutableList.<UserIdentifier>of(
+          new UidIdentifier(testUser1.getUid()),
+          new UidIdentifier(testUser1.getUid())
+          )).get();
+
+    Collection<String> expectedUids = ImmutableList.of(testUser1.getUid());
+
+    assertEquals(1, result.getUsers().size());
+    assertTrue(sameUsers(result.getUsers(), expectedUids));
+    assertEquals(0, result.getNotFound().size());
+  }
+
+  /**
+   * Checks to see if the userRecords collection contains the given uids.
+   *
+   * <p>Behaviour is undefined if there are duplicate entries in either of the parameters.
+   */
+  private boolean sameUsers(Collection<UserRecord> userRecords, Collection<String> uids) {
+    if (userRecords.size() != uids.size()) {
+      return false;
+    }
+
+    for (UserRecord userRecord : userRecords) {
+      if (!uids.contains(userRecord.getUid())) {
+        return false;
+      }
+    }
+
+    return true;
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/ImportUserRecordTest.java b/src/test/java/com/google/firebase/auth/ImportUserRecordTest.java
index 011a5cc04..e2ae36c09 100644
--- a/src/test/java/com/google/firebase/auth/ImportUserRecordTest.java
+++ b/src/test/java/com/google/firebase/auth/ImportUserRecordTest.java
@@ -62,7 +62,7 @@ public void testAllProperties() throws IOException {
         .setDisplayName("Test User")
         .setPhotoUrl("https://test.com/user.png")
         .setPhoneNumber("+1234567890")
-        .setUserMetadata(new UserMetadata(date.getTime(), date.getTime()))
+        .setUserMetadata(new UserMetadata(date.getTime(), date.getTime(), date.getTime()))
         .setDisabled(false)
         .setEmailVerified(true)
         .setPasswordHash("password".getBytes())

From 30801e312b53215d60c8c9a79fa9f3b7c9cd1d00 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Wed, 13 May 2020 10:37:37 -0700
Subject: [PATCH 008/354] chore: Setting the version of the Maven Javadoc
 plugin (#412)

---
 pom.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pom.xml b/pom.xml
index b71b4e773..d89d227e1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -99,6 +99,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
+                        <version>2.10.4</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -303,6 +304,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
+                <version>2.10.4</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From a4a5315f621ef48e026ab9058590b7977a6d8873 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Thu, 14 May 2020 11:01:54 -0700
Subject: [PATCH 009/354] [chore] Release 6.13.0 (#413)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d89d227e1..ca1657fb8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>6.12.3-SNAPSHOT</version>
+    <version>6.13.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 200d1f9efebb03201026d7f3b92857b954099676 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Thu, 14 May 2020 12:05:15 -0700
Subject: [PATCH 010/354] [chore] Release 6.13.0 take 2 (#414)

* Upgated the gpg keys

* Added temp verify script

* Disabled tty for gpg import

* Removing temp verification script

* Updated publish commands
---
 .github/resources/firebase.asc.gpg   | Bin 4056 -> 4061 bytes
 .github/scripts/publish_artifacts.sh |   2 +-
 .github/workflows/release.yml        |  16 ++++++++--------
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/resources/firebase.asc.gpg b/.github/resources/firebase.asc.gpg
index a946776c7fd1498a0399836a94785dc8fd5293ed..8fd7d0769b6056896ebff240b9955656f7c98a60 100644
GIT binary patch
literal 4061
zcmV<34<hi44Fm}T0;1e~Uq6v&ZU55i0XZ@X8m7GywFb2t{hr^|4{g*4e1b<9dMkI+
zxkb&yKU`9_;D{y5>>TRDh<w(!$u7~y_d+d*^Ea!u)%;~WT$p??w?dKX%dp9zzz1h#
z22kNNL8wk^^+Kl6?LkR>12twaxxgrB=~nu4Ie_l{B4=u%Z!ZxI0Yr=F9w=iT{b&g_
zw-c$@r|V{b{y-ay=@PtDT7)9C*C09hepY{5sNuZs*%)_x^`u}LsM4fZ+W>w_1huO(
z%@c>7hIE>+#}dDaru{9lKFrrwJ~m)gys#I`B@&VNwDt<aiQxG-`iZ8`p2aCkE$4k&
z?tnNhnM|IWC-p5U`L>H@F5_E$O!~J06yi;j2f+<IWNp#K4Sk%~%W8u?f?MLD!IMXV
zL1h-^#wM?0R7Es)jt0lpRKfpw(}yQ3mS#t^X4P~^&ueeJFGB4vv^vuJC-HeCwS?fy
z5hSz!EjAK#67)2~lxyi8jkhizGiH@N6bh@mE`NV&_qkMg6(FlfKIh3L0+|bAIOTz!
zLrjlT#gug7;xL+U#7%6~hDccc!3PL>Lr=e)3IkT*mj|4P^3n6MwY;}sTk0@P%l&sf
zVK}afzDH%-Ga~<Sjc8*w^D3>R6e&tt7&eFqLx~Kt9?Ch$wFpKravh*+vc|l1uZmRT
zQg6pu(L&zpsvS1Fb0qpUAjJEAsZi&$WXyKuG&`;?AOE@od`tm&azIt-fvFjs$A77A
zfwiwhOi#eI35UZx0i*oi8-BQlmhFg1W38YzFUkDZSkQT$cL`$mecv+p`NPne#*Q-`
z^a}Xh-T%r6-fU1CT|MxK0}z0VwojB5_C35grZ}bVI<37u$q9V-snzMXRL`QH_s;pd
z+JH9TQ3Tw1_n<7(glRHMhS2AYVoU$#GSlj$XkS710%aSznI4joqCgvZ8J;d2{xi-G
zK#|Pk6-9oXY5<5P6d%XxOaui|Bvt2T5dgXZ-Z%fG=6C|0j14qIKw&}K-pT;f7#{&9
zrBvU-Hdib)$<RcBpn=_Dj7C8YC=O-!<GIe$upe^qkAwr}o+mch*udXOG_TePDLo08
zL{<kJ^CBPF%v6*pN*S|f2>r$$lx#w4fIXS;V_9N4S`0CHoS!gc*q<#Weu{g2yOR0_
zLbV|rO2){j48X0>)z~!Wk735N1OfNmiePSpB~vNurH6r%&9R^AwdTu!-=RB@6$tOu
zFD=1luY?>%-(4`F8+^R6DLU_c{Nf$L_S8=~nt^V~jg>_`a?(rdv4M}co;tcE84tR_
zbAFf;!T+q!6?VThSH2VesUu>vHl-E^v@#LXC~kLnjP}6%{CCYDQ(3wh5V?QDqf2px
zUmyq|`daYnw_i~B8m^)fz5@b!?m`tNh|z^!xxV8Xw6G+gqxC}?hW67f{z~FZq59W6
z^^@;&xL)PZHT$aB%p%!D9HP&qJscOSi=^~T{BaEaVnLFx(e3PN$e%KKc<CWg?un^a
z)4is(EbjFhwojW5d)w1(3aOU*WXG=*r>YSXCR11LpRq)QJWnyvh&58kSVK<%e=hI%
zdOEP>StfE5yeD99e2B+Q=BP+~X2_;q4*+0!vY}E5Iq4$uVb&`1b)u6Ib4Z>3DYBbD
zydh-S5Km;^20iFd-8#w>=r_PDxMpR5Z)Sv}fjB8ED2G=fD)CevCX&$?%kMrRGRQKr
zlhjT$1oB1@bC+L!g5=3!P#@>zWm#0DBHi3d>V)*~&=xo02z@S9xX$~fLIgt337n=y
zWC&~j_SM?|$JU{?Hj-B4eYqcEE6HK`ewdgRj{E``^)!rAcn&<mgF*DbpyB~8#RzMC
zx{_0ncdh_LM11_cudD*U8O2=Tj!))_Fk6!{ETj`+QbG{3DWs!w9hb70-X&lU@A*}(
z%Bm@XwtBK3YXp)2saBGECK@Fp9Cj;j>Y(E(Su6x2*k5QqFkdLqoSylqxE(D&K1sj+
zq{)|j&VLF{*+I${cFiX^m6e|Mg>OOh<Ipvi6p8newT~1@P58_LJ3VYJvt_+q_O)W#
zCh>KdY3Ug+;t{+hO9BqxN+zT`;vAaz9gKi5&t;6N9hQC8Jh~Lb&mxdoDzRf<M+S=^
z2HFw(0K2iZ03mLOKD<$V5d`WR4!+T29_u@uF5@P|Zkqm8=)yo{fYTV$$hDtQUq6@p
zI`%R1#yBR^@KlyvF4)7rDfA{uwEVMHM3fN!s{xl|FuStg?3eN;+4y=^?ZWbY(5Y8R
z#rPE{o#7%xp=DUJSvW~23l*B7(iO&#whg!yi218^Hs7ltE)q*Px>gu=JkqV@QlhVO
z#DG|EbK$Bl5m4~9n;t{`A=*xPn+VP{ZOPTF%Rix5qI?tm5~H)4L(9AOa*FcC#!4h$
zay6GGE+!(A@34Nh-_9@+-IAn}t^q~`fp6Ypgk?7&5IM6cdlo=oo<2Y)evnV$5N0Q9
z(d^pc&3h9aPo{Ri`3mGV-(Z*yre1c7xmhKmCIWF2fAy~B62OYXzIh7q)+rjmx2d%r
zG&BL~G9NN%Wdu;P6A-}l7mB3#;};>bLJu%Zf5*LD!SQxit_ydd%RCSOG)5T2ZN++v
znv=;S8`vSB0@e|sS#z#20S`Z-L?o`0z3Tj})7$;JX=*RR)KqnjZ9!=mpbJt8hpsRR
zS98jB&cJm}8r>@$rK}rb`>AihF?l#SJOC>LChFmA3>=2detiMok)NLr>PR|A>_hZ+
zIx>&#L=O4sapFtit<shKEC|a7ANHnK^wk0T?1$pQcbf<=N9qb-N~cKKn+sjBIj0Wu
zUKkfBnFtvx76P3XRy%MICNO9Cj0294tKM9gf(65vVI}_3spl#xAz2w+YIi37CL6S>
zwi+1b%q~hcr{1P-<mP=wePFIV-F#<La`qxe@6mwxrGmr$F@KmTv@k#+T&8xJt|6ub
z-rCN2UqNcbm96`<4MFxp?fZ)_tNbcq@L`(j9JmpUtT^vX8C4#}^}X3ToKbPdaAS|0
zLbQ!ci&N=crLAWgUu%$|Vq%gv=_bH>_W3FUYfdlArUU_HK<OtT;MAdp$>eOSBakbl
zGsPs&JSxcOA7$L&B!TI@HwL}Ed9#lEQ4P<hQHj)u`%GRNEnLYdmpSg9us%Psv9{ui
zJ!^x<X6bspPD@cT_bX}Bk{q`~yYRS{_DCA~ro(^>h+M3!tR<hA*895J1yFaoSKWVX
z3OR^(=2J(XsOxJ|n-5Gt1`&o)bxEJ*g1-=T9x9RFCQio~%8897Z0xbe@wUCGi52K0
z=fhULzV?T$ZZgJ>EoCx>p|;=tr`)5uLr1<4!4)$M#KvhVNWK&n4m4$pu};hZKI;2?
zRD}0k<hfhBXp9n7y<ktMV#Wer_~<2yu`qkc+7=8gXstP308@!}+7T>q_+arS4lQ0J
zyV!~G@};dT53c&SFB-gJ%KFJyvgKTO?69z~7}SrHXCB-|pU>@Jx71J3ZEv_<5Q8q)
zkt`{Wh#aZ~1)7|o*dGQktcJ+0_NYL3UxK6pUUWVikKFc-=fzqrniwP!K7%dNV`Rvm
zwI5o@g$isY*jX&K{GZ?i=+SmL_Vul(ROv#oMj{eqRioz26fx7Tpdov3mdKzW)}r0r
z2!CL#4s6j<&CH~ls&lZaPn7>%%o}NlnG%5DO;d#Dwt&;6NvEy>sN=`7db^O^)i)$~
z4@&y<U^5wPVg~bH>o4XW4S|t{h`jM_)%krF4g_bJcZ6>dk`_WNZ4nHcF@2(5I<MAj
z(QNI!JEbCJzJC7--YaCEux*hv#(aFczRSA2-~($|yhXSn=$X`9?OF+=xJ%|!GKEWr
zgB1lOzcD|!l{0XL^D+sLKtA}T;AQ5=Z!AGd-czDm%((%vlgti)RZx7%noY?u`YYyv
z^uX(<<8qYq?+N}&X{SOQ9dve5JS*mLTRoJJI+UL7{xR~EZmEEKFbntJycg#ANR8+?
zK8dy{t2_!YBFRBKccI>uCgy$!3U2@`Z2TnKK~3Xl0JTzVNg}$Z(RpH)to$6lf|FFF
zGS{o&YE@nLc^U^}fNxAWgl|JrZIY|$^(|wjvFS$3Cf0W)kFuCTQrCDLnnWY=8a7Q6
zQM`YT4>_ktr+<{7=q5A^xn=4^tSmyIs;)BcW9>{eoHt<dI#rxf9cgcINa+@U@jV)o
zTon{Hb)PLARXwy{r+hfZ^?^x~s!dDmAP{u;+-t=_g1SGvG9uCmVFC6QV;ktKEue@1
zop6<sFoyGtln{4Oh9gu$!Z8j&dq$E_8t$epW5j=8C~C67u8`biou*VXIjw&SA91vq
z<Qt%EZO^b4VvE;t!6kbIw)dkqfKqEas~vxF`P_|E%@}eg3aePAst@R0=RSvqUf=+7
zHrsXXQfmQsS?jg61Vh_5Kf=YdY3uvUVf0db7GTk6W+!l}-y+y=;v|^wX51hm@}P&b
zc7wm<YuwH9lc)3v?8T2GFF-IZ{?8q;@?WJ>bTN*p%9WltA)oxjT&D3Mb-E!8h6)>=
ztCx0Ml9{PAY|aDh>Ldw^9al>|o?eW><8J`aY0>~&&=b=Q0(KrCb{}LpX!bg7v_HDx
z`KM|v-ie?zh?24vxs2;fPVS`gVas!_;C29sG6Osdq%p?@<!jlc==&ZOl~KQTEXbu7
zI53P-hpGlb?ZBKKw;eVWp*|Rbx)9XtcsnXTiv(kDccY<adfardQPKiP0KZ$fu|38H
zTFanga^rxfs{ri7mwgoInwr*|4A{X4&Xh(xvd|Jm_eByFL@+fA1->nZ!ON-vpZz-g
z>58&!*nw1zH-!A5`bI2^`O_r)zq#;3@xFVy#*S+OlTR@21g0ARQSD&UkE1uzyd8E3
zgLcJ9*X57fRX4uTJni0buamcXX37vnR&BL8zFMO}Lgc9qO`c)oY5=%a$4*RKMQ3F?
zSRs(o+f_N`CSh2lO5sA9kHbsK*Yr%>yFADTS^~|}A*AATR6O^!#Kvd!cbY963!(|l
z^nkJ+FJe?ski7dpkYt)sNZzA#RKqd0rr{vfoQYI}1U|pGDt^;=g;sC4L$8gUwrT3;
zEUDvmKIN@72!otR4vr0dMaHq-)oQ}~a{lHfV#nKZ+-QC7>!iWG;-OA}N3XFq=`RG|
z$LQHwMAu@sDw}|UE-b*9ZJS0^SCdD0_Qlkf_%uAQ(U{diEIPV4<MEnR5afL(S5>@j
z<<`PYX%@`#0!a0tdWO*|3C1FrKnAiL!1SerD<}n<py?x^OKZYRz;ch0uW4s#e(|j8
zw%w~K_8zanZ(EmfGBQL)yuv{B(1p0@S31W*@g#v6^os=@kzasJ<~Q^<_AwK{p)xeD
PR2h)2T?R;9F?4@&KGxAW

literal 4056
zcmV;}4=3=94Fm}T0y&=z%W?c1O8?U90o%rSLxzz3Cs`6<0^{*c`lR7N#ikp)!>DCQ
z2so>P8Xz5P`%krULZ%hwWtW!=gEFCn@5ZoJkLvVsjQj?_gTijiyjQd;s;+?fEMEIl
zCW_+-tHe1(pA!HtoTeq|lxrM{iU@)90o<HD=-I)pT67s<s2K(^3<``qEt@AA9<@-O
zQ<O2&1We@c+t)82*!d!1*8s~ch}ZP&^Ri|X^$7IVS~mc+rZ0JUz+iL$@kF43sP$<u
z1Xkv+9e%m;9JhU!85tRW(omv79du>ap)GEIqUB-CIKkMVwgc7A5iMm|VXlX9c;YSx
z3RIqP!LqF6ofr8ell_En&(EMvLLs1qA4|f=kV=jbPQ76z_u0iIsBI(<Hid1$y~d8|
z4;-4#7BE|xwS2{X*(Xt_?fyyBkgD7rOE(a0cUrFv@Hz9UZ?;3qxX*?a*^hw`^u$gq
zI3tJ^(A-HU%o7wVk!w$}d4(R69<qH%AeTW_>(a|_S(VY-`*o&I+#7og2mvd1bVY^0
zA*7F*e;zlI^~iUzzhHPPLG^UG8LnIYHnC=D_HwMyZ8+%J>EEXHy*$CCin!zIgn)r&
zeHOTG)WpHuyy3PDf7ogl1~I`lrUe)%qVtb$eDdDeZ@A8iku6Tjet@7P)bfU7#guou
zNb?bve9@1LDToX%)Ev253ot{ZD&&1G#`Y`jLmP#YO>Q=2tLod!NV>DwuooOnEEYwd
z%wu*~D`sKW5)K2S;}>U+y_=@mAnxRQ6opOoWzm#mRSppcyD!tUjZM|;Px{@dP<av-
zvlvH#_fh!lz61@JuEvQk9?Ee=T0<h*VDQQK6ZH=X^}LC0pj#|CWY;?0xvok2A<m!I
zT+zF(IR7oY8jPqmKdp8rdwq9olq6$}^!`E9qAW*P8d56NDak~*6^*W7#2bkq2wXw>
zBG{0!Sh6P!W{N>7`Iv7y{~m4XVvzfBP=^b<7s5>mK*)n!RHgfXGw_f31aJ&4N^sd}
zKi}q$0l3trF9<yow)@YbwQ=~A9W_YajS>dJx;9_Px#Vj?A_#0mF_z0|j*R$(DO7Xr
zZpNqdnM~+ZY>e@$;S(kIV-V^a@J8BL)H&)4@&9HzfXT=Il+j@CSI@?zoDiESCgN>^
z#pHteO6U&MCvWmwSq8|;RRUvm<3^0BE|>K0i~@WuuaYpOz&I*9xh8}|@dg%V&CF|L
zjFb)OOOe8-KaVW=c#S`Ss}RlrOZ?#O*e$Zfq;e%ryTPGShAnu~lCvuHZMrihx7xlx
zOldQSRd0@j9j--aCzT7^QKEl=V$5g~I@@Wwp>jI<q?bR-Ff#pYKul4B%sBbroWYN+
zgHt%WDA_JsP<9uB<A3cN>3>!f7QuG#g>wSdkhT2p?%dzVVg5laj~V|<v2hP7((Zq3
zRBSLT!XIq)>q>A|JFUL}b98ib12!uE-b?Bau8(pUW}a91l>SVGGx;XOV)6025jq&C
z=twVclr4(}0I?N&^aaVxtCBQCR))pC@EqriFb%+<vx!&!zf9sxCWx<DYN(Om#bE%E
z4sK;}9`LMqH$A?k{bYcXd&!##?TjUVUnIIISy$8AyYf7eYJKejIbV1Uz`NJ-F%^h<
zdKI)02g}4QH~*E$lE6Dg6vPk~dbW#{kRAs_T*A~)o<YwN)>-DI5CrhP_PhAa9Y7<X
z4$&0xL&E0C{uz8AN)N(99VKVN)(TONHuS5?ZB845BCn0kk0@D+EBpH12qAJ*>I)@w
zAM_59o0Qvqd3}Z+V6=o`M><gX02pbj3LPB=rAqd6^1XezZWlSVvga&?tJ5X{({CUm
zBlrg@R~hAk?wWov&86Ce+-GbUDb5sGCHcYqn~wqJ-s_G+<c0{N`Dt>WWVXE+&!?nF
zLvnv8yA!_8okUw9?3-ONUs2IYTt}$V2|G^fgO<<RyUz+Bbj=?{UL^C&jZ5)3pw7VQ
zddmi1jNLqZ1_Byg!g0Vj-uEXwHkGw8q^OU<BRip&4G=`{W-ngca>7OMVu!PXI9%Et
z5s1`~8iy6(0=AAfa8|uITcKp490(SSVaum>4=Jh>ronEnW>OrY9<dMC!QhyDw1@p2
zP!|i3_9$Is_s1raUb+s2<4UoVet3tHP?wIU4z8eo)YXh7kou>wJ!mAe9Nte2*on?U
zT?a*nuNb5(!8XBRAX&Flbv`2-6JPU)+QZd~>Y47db7Jx#eK<&zabmE98=cxKS(4eH
z`~LxwSvU7Ve(gS#jSZH>(QfE86u7?#JTl6+$H~qAfD&Azhw=VtmZGh1f}l5yRriKO
zX3M|cmHms6?b7brMTiPh)v#(~tj$p{+VI59Ahkf0I%tVP+Xj?1R=dnULjCiSmB;Cc
zzX@;6nt{_4HjG2s=ocb|Z(~geFdCvH!qGK3{H6$Tt;%08lj+{Xb`OMw=DGkjlV{h_
zx9iiwLi3&5l>!iJ$*7<_?7dQnf`W4u`o2_78XQrmKSF^Z!L(q$2Cx*)8^bN}x$4h2
zPc!gA|Ee6=3VN*$WfOlPn2oiNcVVv4l}{Lag$6_g#i{+wc3b{JPE})$0Ls`Ly8NKx
zaLzE8Ox77z1_sYV%zeTx%^~OcbNhtxQXGc!?+7{iV6Y1^7Gz;g&;d;w>0lgUe22E~
zroyyWSlW?m69<CuQ5vl%cd|#?V#6@?8&!ERfdGmU67%YBBbl74Gc__!>Sv_H8w6(}
z+xj5L1e3|mf@0}hxL)4wM&~%rV~a8p(g*_onDrC7%H3ckPbodKsE&y}hUW^iPB0YS
zKQVl&_8p>?Iz|#3+QB^u4(nN<>I+5Os+4wTYOmAEP0i5wS%O$RFCHYuBN(C%R6Hs;
zOe)l~$Ku1MN0fcI8&0cra9jplsOyUl3?+lOylU)YyUv8f2az|~#pXg{P<%~TSPV&%
zyM^15lsNqI$ClcwXIjr;vmG5Alzg23T>^XwXFP=lXA|xipmA^L=c_Yb5tug$9cuS$
z25^~Q8azMB>oq7o#U-|4SIq)>HQp2Iy!uc>s#*_X71mG*Qm32k%8h<9w0}0LhcGd3
zxYyQGK+!}J1_V$Y>EobOVhcOY!xcBR5CA}j2WC-@<=w9j)-`uUaj#DLF!_HznM#Lz
zY%1K9k61k8JS!~W!OCJ@!r+fds8CMcc^4<Fy!MtippC^cwGJKgPUwebt37YEl@3yt
zKm%#ZJ3IID8)r?C@=$VTjkNGJFAF{v)mL>VVHOp*umI1e0un{e<o);+>=lkW@<U+y
zIJwkG3iEXrSgZR{zxQDdwIp6uLGz+%+CyIaqS1wq#r6nU_1BZAdzq9~a%M6flU&31
zt$_J__Envg(nj!kR0UpFBn~u^Iy`}_lwUDO3U=Q1f(<OPZ+s2t*-8dYH#+@|yvH?;
z>3-8A6{H$63bSEi^yFI;=q3{WtI|mI_}hmX5=8hD3!XCA4jA)ty$VeRhT!cfcTUV+
zK3XpIA(E-?V%<@jAurSB3lw2Ip%BO>p|Tu2=1Eez7S{=0wQmt8Yv{KmyNz(#8^qlq
zW7rZ}3i8jb5eukdrQv0!PQOc<XQ;;E5;FBN;F7cCsa~MKs7!L3NSNV;$ts|CyeTFy
zNyh+D;o^aUMaTzVkm@fH{c(>Ohev=~y-T+%1Mv+VJr2tJ7Mu$PMenudb8iF(prngJ
zIEuBG;~hkP?>IDcTO@3vUC#;HCv$Sv!VdM#5&0>P-v&(K2e2Hzx{K*a><Hn^uDRjm
zdGLy)LkZof+N?ZJWW2?u9bi`Zp)6O;@)-*P0)^Tez-uOr^+H);XX%}35gYI+5pqD4
zf~)L?=cnKB>fXmcR1wqe3Z8{5+CFGDx5l!PvCe#wMNn%eApGB0;`?EY{JZHY`28~L
zB=22wfOTv01{hJNXn8(G!PWNTuNq|dB)6xI$2^`NHro7vTmPmbFM<^KefX_TSPTg;
zl*h&qo-dZ+$%a5yUNi+tbm(|zu={)Do3<1A4CNiurj6(It`Frh*sGKl=1UQN^^E^I
z9FAjNimgI(YM*F+B6aANlQ&8Z9gXhok+j^{6zSo(cN8!i{KS9X+s{!r#x^7@kbth)
z$+b5ul8vGL{J!_#OB^uHd&4K3dBk7rB~J$)fo;OFm%@aVAGE(ZPCZ1PrH(KtMo1~t
z+Y9X5?o;j~Z5MN=C*A$7-a(UHc|fPyuFh^e!{~wJAJ9AzO;jj^hX#tL2Y@Me2++(m
z){lC!<vJYX`(-8a-h}!$E*O|GEJeNXSX!L%(L^*E972p8GFMBGNwfgLba^oH8=NY}
z5>c;^egc?B^a)Fla4><DdWZt|oQa%=@>M3YTZ#5b=&OciVJCQDF<<d^TbOAUta#Uo
z>h~nMeWb9n*u6nmnT!UW{+K-Fpba>kTBsChG!vmLMk7CNGIo3=d-`YOBWZ@wT1{K^
zD0*+k1^Uy=_fL1&o()tA>K3E944{K;J8f6c=M9sXM?|H>?rUP&o0@7=QYB5|+Q{s^
zu4p?+s8d$@zcO6->L*;nG<JOsL7FPv&VvCG<+u(Q-<36poZ+3T9l>JXL_Y3Sv^_yF
z=G;x4p%gDB0zUvhxk#G?iGD8Yk5dy6yGI5VlHX&d@l4ebjr;x8?iHtp&U%4@ZLjf~
zt%J+l3NK6v&&7VEwTV&Ely+pvh~5-Cs&qAo&5S*YA8?Jj?X}*PKE{0@b!=_Sg2^Ux
zY{w0(nR)c$p3~SsxwI^&uCV}%z7oL$+ciBkJZ5aR0UA%cw-&;vy$|~_jFK`EQwP+(
z4KwsI@xrjC-9h$FmJg-36Om%AG}fRW`H*+hfb)XOloW1Z3L7f{<Qjc*TsTW*d!C4C
zwMzz*W$_6VT-nP?M07h&9XO6*ZZ%FD@PI!M4_h~xi4@Cmw<{3GlsM5@HUTSFlO!Eg
z<5R1$OX6d}T6Eo)0TMU9TuNy1ChLGa(u9=-%!>ub%JdpIJUgPA-bq6BG|q_Fs-h;T
z>yD<eO?mQVA!d@BKnO$aC5&~2V|lRAEXg#Px0n@!j4l_L&he}#YQu8sH|h-NIa8u(
zi7Rx`&Re(s+?L3nAXdzc55;~#0wA$M|DbVICrXJ|g_u!Wp_`_JpB`}{5u~Nx1beCI
zfZNhgtB_B}2eQ8{2h#vq0)X<_pu>bjZIOs91!|4^+n`~dYA4JH+1LBHCNjabPA+o&
z9XgjmGBm>#@WC!hDn9~uqaId;^A`Ny^~BNK8nF713ReS%2Grj5^oShCV@jF}dL?^s
z*gf`7^qQ2G6bNwg(Sz&<p>z4r*r|VPWM6hN{&7xv$RQO}Zn7RnRZ!)V9sRB$hC;}*
KX);zY-!1|?!O3F)

diff --git a/.github/scripts/publish_artifacts.sh b/.github/scripts/publish_artifacts.sh
index f4a2f1734..cd1a5b75c 100755
--- a/.github/scripts/publish_artifacts.sh
+++ b/.github/scripts/publish_artifacts.sh
@@ -20,7 +20,7 @@ set -u
 gpg --quiet --batch --yes --decrypt --passphrase="${GPG_PRIVATE_KEY}" \
   --output firebase.asc .github/resources/firebase.asc.gpg
 
-gpg --import firebase.asc
+gpg --import --no-tty --batch --yes firebase.asc
 
 # Does the following:
 #  1. Compiles the source (compile phase)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0e1c307bc..985ce94d6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -91,6 +91,14 @@ jobs:
       id: preflight
       run: ./.github/scripts/publish_preflight_check.sh
 
+    - name: Publish to Maven Central
+      run: ./.github/scripts/publish_artifacts.sh
+      env:
+        GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+        NEXUS_OSSRH_USERNAME: ${{ secrets.NEXUS_OSSRH_USERNAME }}
+        NEXUS_OSSRH_PASSWORD: ${{ secrets.NEXUS_OSSRH_PASSWORD }}
+
     # We pull this action from a custom fork of a contributor until
     # https://github.com/actions/create-release/pull/32 is merged. Also note that v1 of
     # this action does not support the "body" parameter.
@@ -105,14 +113,6 @@ jobs:
         draft: false
         prerelease: false
 
-    - name: Publish to Maven Central
-      run: ./.github/scripts/publish_artifacts.sh
-      env:
-        GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-        GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-        NEXUS_OSSRH_USERNAME: ${{ secrets.NEXUS_OSSRH_USERNAME }}
-        NEXUS_OSSRH_PASSWORD: ${{ secrets.NEXUS_OSSRH_PASSWORD }}
-
     # Post to Twitter if explicitly opted-in by adding the label 'release:tweet'.
     - name: Post to Twitter
       if: success() &&

From 68c05d7e19c4f2e91a14b650753019f15ef2e05a Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Thu, 14 May 2020 12:16:43 -0700
Subject: [PATCH 011/354] [chore] Release 6.13.0 take 3 (#415)

---
 .github/resources/settings.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/resources/settings.xml b/.github/resources/settings.xml
index 708bbcb75..4afbaca26 100644
--- a/.github/resources/settings.xml
+++ b/.github/resources/settings.xml
@@ -21,7 +21,7 @@
       </activation>
       <properties>
         <gpg.executable>gpg</gpg.executable>
-        <gpg.keyname>B652FFD3865AF7A75830876F5F55C8F6985BB9DD</gpg.keyname>
+        <gpg.keyname>A9B90B41060565F56F348F948B6B459CFD695DE8</gpg.keyname>
         <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
       </properties>
     </profile>

From 8c9608dbe300cc7d0c6ddff98e3ab51dc41c05ea Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Thu, 14 May 2020 12:31:01 -0700
Subject: [PATCH 012/354] [chore] Release 6.13.0 take 4 (#416)

---
 pom.xml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pom.xml b/pom.xml
index ca1657fb8..6a2989169 100644
--- a/pom.xml
+++ b/pom.xml
@@ -174,6 +174,12 @@
                                 <goals>
                                     <goal>sign</goal>
                                 </goals>
+                                <configuration>
+                                    <gpgArguments>
+                                        <arg>--pinentry-mode</arg>
+                                        <arg>loopback</arg>
+                                    </gpgArguments>
+                                </configuration>
                             </execution>
                         </executions>
                     </plugin>

From a6b81e8b597d390cc9d4728ddaf54a2d6f3e0357 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Tue, 19 May 2020 10:59:49 -0700
Subject: [PATCH 013/354] chore: Updated integration tests to use non-public
 rules (#417)

---
 .../firebase/database/integration/OrderByTestIT.java | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/test/java/com/google/firebase/database/integration/OrderByTestIT.java b/src/test/java/com/google/firebase/database/integration/OrderByTestIT.java
index f1cc99dca..2160406eb 100644
--- a/src/test/java/com/google/firebase/database/integration/OrderByTestIT.java
+++ b/src/test/java/com/google/firebase/database/integration/OrderByTestIT.java
@@ -19,7 +19,6 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
 
-import com.google.api.client.json.GenericJson;
 import com.google.common.collect.ImmutableList;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.database.ChildEventListener;
@@ -66,7 +65,9 @@ public static void setUpClass() {
 
   @AfterClass
   public static void tearDownClass() throws IOException {
-    uploadRules(masterApp, "{\"rules\": {\".read\": true, \".write\": true}}");
+    uploadRules(
+        masterApp,
+        "{\"rules\": {\".read\": \"auth != null\", \".write\": \"auth != null\"}}");
   }
 
   @Before
@@ -81,7 +82,8 @@ public void checkAndCleanupApp() {
 
   private static String formatRules(DatabaseReference ref, String rules) {
     return String.format(
-        "{\"rules\": {\".read\": true, \".write\": true, \"%s\": %s}}", ref.getKey(), rules);
+        "{\"rules\": {\".read\": \"auth != null\", \".write\": \"auth != null\", \"%s\": %s}}",
+        ref.getKey(), rules);
   }
 
   private static void uploadRules(FirebaseApp app, String rules) throws IOException {
@@ -922,7 +924,7 @@ public void onComplete(DatabaseError error, DatabaseReference ref) {
 
   @Test
   public void testStartAtAndEndAtOnValueIndex()
-      throws InterruptedException, ExecutionException, TimeoutException, TestFailure, IOException {
+      throws InterruptedException, ExecutionException, TimeoutException, TestFailure {
     DatabaseReference ref = IntegrationTestUtils.getRandomNode(masterApp) ;
 
     Map<String, Object> initial =
@@ -982,7 +984,7 @@ public void onChildAdded(DataSnapshot snapshot, String previousChildName) {
 
   @Test
   public void testRemovingDefaultListener()
-      throws InterruptedException, ExecutionException, TimeoutException, TestFailure, IOException {
+      throws InterruptedException, ExecutionException, TimeoutException, TestFailure {
     DatabaseReference ref = IntegrationTestUtils.getRandomNode(masterApp) ;
 
     Object initialData = MapBuilder.of("key", "value");

From b128b9bc03305c6ee9fae62787a2a63821b92c11 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Tue, 9 Jun 2020 12:03:01 -0700
Subject: [PATCH 014/354] chore: Upgraded GCP and other util dependencies
 (#438)

---
 pom.xml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6a2989169..c663e2c7c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.45.Final</netty.version>
+        <netty.version>4.1.50.Final</netty.version>
     </properties>
 
     <scm>
@@ -393,37 +393,37 @@
         <dependency>
             <groupId>com.google.api-client</groupId>
             <artifactId>google-api-client</artifactId>
-            <version>1.30.1</version>
+            <version>1.30.9</version>
         </dependency>
         <dependency>
             <groupId>com.google.api-client</groupId>
             <artifactId>google-api-client-gson</artifactId>
-            <version>1.30.1</version>
+            <version>1.30.9</version>
         </dependency>
         <dependency>
             <groupId>com.google.http-client</groupId>
             <artifactId>google-http-client</artifactId>
-            <version>1.30.1</version>
+            <version>1.35.0</version>
         </dependency>
         <dependency>
             <groupId>com.google.api</groupId>
             <artifactId>api-common</artifactId>
-            <version>1.8.1</version>
+            <version>1.9.2</version>
         </dependency>
         <dependency>
             <groupId>com.google.auth</groupId>
             <artifactId>google-auth-library-oauth2-http</artifactId>
-            <version>0.17.1</version>
+            <version>0.20.0</version>
         </dependency>
         <dependency>
             <groupId>com.google.cloud</groupId>
             <artifactId>google-cloud-storage</artifactId>
-            <version>1.91.0</version>
+            <version>1.108.0</version>
         </dependency>
         <dependency>
             <groupId>com.google.cloud</groupId>
             <artifactId>google-cloud-firestore</artifactId>
-            <version>1.31.0</version>
+            <version>1.34.0</version>
         </dependency>
 
         <!-- Utilities -->

From 3485c98f42d483b2336aa4357546f6d56d2a9346 Mon Sep 17 00:00:00 2001
From: Pavlos-Petros Tournaris <p.tournaris@gmail.com>
Date: Tue, 9 Jun 2020 22:43:37 +0300
Subject: [PATCH 015/354] Add FcmOptions on MulticastMessage (#439)

---
 .../firebase/messaging/MulticastMessage.java      | 15 ++++++++++++++-
 .../firebase/messaging/MulticastMessageTest.java  |  5 ++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/google/firebase/messaging/MulticastMessage.java b/src/main/java/com/google/firebase/messaging/MulticastMessage.java
index 96a6f19db..b15e58e5f 100644
--- a/src/main/java/com/google/firebase/messaging/MulticastMessage.java
+++ b/src/main/java/com/google/firebase/messaging/MulticastMessage.java
@@ -51,6 +51,7 @@ public class MulticastMessage {
   private final AndroidConfig androidConfig;
   private final WebpushConfig webpushConfig;
   private final ApnsConfig apnsConfig;
+  private final FcmOptions fcmOptions;
 
   private MulticastMessage(Builder builder) {
     this.tokens = builder.tokens.build();
@@ -64,6 +65,7 @@ private MulticastMessage(Builder builder) {
     this.androidConfig = builder.androidConfig;
     this.webpushConfig = builder.webpushConfig;
     this.apnsConfig = builder.apnsConfig;
+    this.fcmOptions = builder.fcmOptions;
   }
 
   List<Message> getMessageList() {
@@ -71,7 +73,8 @@ List<Message> getMessageList() {
         .setNotification(this.notification)
         .setAndroidConfig(this.androidConfig)
         .setApnsConfig(this.apnsConfig)
-        .setWebpushConfig(this.webpushConfig);
+        .setWebpushConfig(this.webpushConfig)
+        .setFcmOptions(this.fcmOptions);
     if (this.data != null) {
       builder.putAllData(this.data);
     }
@@ -99,6 +102,7 @@ public static class Builder {
     private AndroidConfig androidConfig;
     private WebpushConfig webpushConfig;
     private ApnsConfig apnsConfig;
+    private FcmOptions fcmOptions;
 
     private Builder() {}
 
@@ -170,6 +174,15 @@ public Builder setApnsConfig(ApnsConfig apnsConfig) {
       return this;
     }
 
+    /**
+     * Sets the {@link FcmOptions}, which can be overridden by the platform-specific {@code
+     * fcm_options} fields.
+     */
+    public Builder setFcmOptions(FcmOptions fcmOptions) {
+      this.fcmOptions = fcmOptions;
+      return this;
+    }
+
     /**
      * Adds the given key-value pair to the message as a data field. Key or the value may not be
      * null.
diff --git a/src/test/java/com/google/firebase/messaging/MulticastMessageTest.java b/src/test/java/com/google/firebase/messaging/MulticastMessageTest.java
index 25018ed4c..1ea57d8d5 100644
--- a/src/test/java/com/google/firebase/messaging/MulticastMessageTest.java
+++ b/src/test/java/com/google/firebase/messaging/MulticastMessageTest.java
@@ -39,6 +39,7 @@ public class MulticastMessageTest {
       .putData("key", "value")
       .build();
   private static final Notification NOTIFICATION = new Notification("title", "body");
+  private static final FcmOptions FCM_OPTIONS = FcmOptions.withAnalyticsLabel("analytics_label");
 
   @Test
   public void testMulticastMessage() {
@@ -47,6 +48,7 @@ public void testMulticastMessage() {
         .setApnsConfig(APNS)
         .setWebpushConfig(WEBPUSH)
         .setNotification(NOTIFICATION)
+        .setFcmOptions(FCM_OPTIONS)
         .putData("key1", "value1")
         .putAllData(ImmutableMap.of("key2", "value2"))
         .addToken("token1")
@@ -96,7 +98,8 @@ private void assertMessage(Message message, String expectedToken) {
     assertSame(APNS, message.getApnsConfig());
     assertSame(WEBPUSH, message.getWebpushConfig());
     assertSame(NOTIFICATION, message.getNotification());
+    assertSame(FCM_OPTIONS, message.getFcmOptions());
     assertEquals(ImmutableMap.of("key1", "value1", "key2", "value2"), message.getData());
     assertEquals(expectedToken, message.getToken());
   }
-}
\ No newline at end of file
+}

From 2fa81c701159265a9aaf8a15ca427254300a4e4c Mon Sep 17 00:00:00 2001
From: chong-shao <31256040+chong-shao@users.noreply.github.com>
Date: Mon, 15 Jun 2020 13:55:46 -0700
Subject: [PATCH 016/354] Support direct_boot_ok parameter (#329)

---
 .../firebase/messaging/AndroidConfig.java     | 14 +++++++++++
 .../firebase/messaging/MessageTest.java       | 23 +++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/src/main/java/com/google/firebase/messaging/AndroidConfig.java b/src/main/java/com/google/firebase/messaging/AndroidConfig.java
index dc0a45526..d16190881 100644
--- a/src/main/java/com/google/firebase/messaging/AndroidConfig.java
+++ b/src/main/java/com/google/firebase/messaging/AndroidConfig.java
@@ -51,6 +51,9 @@ public class AndroidConfig {
 
   @Key("fcm_options")
   private final AndroidFcmOptions fcmOptions;
+  
+  @Key("direct_boot_ok")
+  private final Boolean directBootOk;
 
   private AndroidConfig(Builder builder) {
     this.collapseKey = builder.collapseKey;
@@ -75,6 +78,7 @@ private AndroidConfig(Builder builder) {
     this.data = builder.data.isEmpty() ? null : ImmutableMap.copyOf(builder.data);
     this.notification = builder.notification;
     this.fcmOptions = builder.fcmOptions;
+    this.directBootOk = builder.directBootOk;
   }
 
   /**
@@ -103,6 +107,7 @@ public static class Builder {
     private final Map<String, String> data = new HashMap<>();
     private AndroidNotification notification;
     private AndroidFcmOptions fcmOptions;
+    private Boolean directBootOk;
 
     private Builder() {}
 
@@ -201,6 +206,15 @@ public Builder setFcmOptions(AndroidFcmOptions androidFcmOptions) {
       return this;
     }
 
+    /**
+     * Sets the direct_boot_ok flag, If set to true, messages will be allowed to be delivered to 
+     * the app while the device is in direct boot mode.
+     */
+    public Builder setDirectBootOk(boolean directBootOk) {
+      this.directBootOk = directBootOk;
+      return this;
+    }
+
     /**
      * Creates a new {@link AndroidConfig} instance from the parameters set on this builder.
      *
diff --git a/src/test/java/com/google/firebase/messaging/MessageTest.java b/src/test/java/com/google/firebase/messaging/MessageTest.java
index 778b4f109..c97fb6b67 100644
--- a/src/test/java/com/google/firebase/messaging/MessageTest.java
+++ b/src/test/java/com/google/firebase/messaging/MessageTest.java
@@ -200,6 +200,29 @@ public void testAndroidMessageWithNotification() throws IOException {
     assertJsonEquals(ImmutableMap.of("topic", "test-topic", "android", data), message);
   }
 
+  @Test
+  public void testAndroidMessageWithDirectBootOk() throws IOException {
+    Message message = Message.builder()
+        .setAndroidConfig(AndroidConfig.builder()
+            .setDirectBootOk(true)
+            .setNotification(AndroidNotification.builder()
+                .setTitle("android-title")
+                .setBody("android-body")
+                .build())
+            .build())
+        .setTopic("test-topic")
+        .build();
+    Map<String, Object> notification = ImmutableMap.<String, Object>builder()
+        .put("title", "android-title")
+        .put("body", "android-body")
+        .build();
+    Map<String, Object> data = ImmutableMap.of(
+        "direct_boot_ok", true,
+        "notification", notification
+    );
+    assertJsonEquals(ImmutableMap.of("topic", "test-topic", "android", data), message);
+  }
+
   @Test(expected = IllegalArgumentException.class)
   public void testAndroidNotificationWithNegativeCount() throws IllegalArgumentException {
     AndroidNotification.builder().setNotificationCount(-1).build();

From cc93b06796091de3207def69e8d23482fba52e7f Mon Sep 17 00:00:00 2001
From: rsgowman <rich@gowman.noip.me>
Date: Tue, 16 Jun 2020 14:25:14 -0400
Subject: [PATCH 017/354] Fixed a flaky auth integration test by retrying the
 GetUser() API call a few times with a small delay (#442)

---
 .../com/google/firebase/auth/FirebaseAuthIT.java  | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index aa45f51b3..2915d1ddd 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -336,7 +336,20 @@ public void testLastRefreshTime() throws Exception {
       // Login to cause the lastRefreshTimestamp to be set.
       signInWithPassword(newUserRecord.getEmail(), "password");
 
-      UserRecord userRecord = auth.getUser(newUserRecord.getUid());
+      // Attempt to retrieve the user 3 times (with a small delay between each
+      // attempt). Occassionally, this call retrieves the user data without the
+      // lastLoginTime/lastRefreshTime set; possibly because it's hitting a
+      // different server than the login request uses.
+      UserRecord userRecord = null;
+      for (int i = 0; i < 3; i++) {
+        userRecord = auth.getUser(newUserRecord.getUid());
+
+        if (userRecord.getUserMetadata().getLastRefreshTimestamp() != 0) {
+          break;
+        }
+
+        TimeUnit.SECONDS.sleep((long)Math.pow(2, i));
+      }
 
       // Ensure the lastRefreshTimestamp is approximately "now" (with a tollerance of 10 minutes).
       long now = System.currentTimeMillis();

From ebb0c9475a4fa6ffabc245249dd81aee78b7bf45 Mon Sep 17 00:00:00 2001
From: Horatiu Lazu <horatiulazu@gmail.com>
Date: Wed, 17 Jun 2020 21:25:17 +0000
Subject: [PATCH 018/354] [chore] Release 6.14.0 (#444)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c663e2c7c..49e72ad8b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>6.13.0</version>
+    <version>6.14.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From f938b3b06fcc01141a7b2e706972bc7a9b970928 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Fri, 19 Jun 2020 14:39:56 -0400
Subject: [PATCH 019/354] Fix documentation strings in Android Notification
 (#445)

* Fix doc strings

* Fix code font

* Fix punctuation
---
 .../java/com/google/firebase/messaging/AndroidConfig.java     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/google/firebase/messaging/AndroidConfig.java b/src/main/java/com/google/firebase/messaging/AndroidConfig.java
index d16190881..888f00f0d 100644
--- a/src/main/java/com/google/firebase/messaging/AndroidConfig.java
+++ b/src/main/java/com/google/firebase/messaging/AndroidConfig.java
@@ -198,7 +198,7 @@ public Builder setNotification(AndroidNotification notification) {
     }
 
     /**
-     * Sets the {@link AndroidFcmOptions}, which will override values set in the {@link FcmOptions}
+     * Sets the {@link AndroidFcmOptions}, which overrides values set in the {@link FcmOptions}
      * for Android messages.
      */
     public Builder setFcmOptions(AndroidFcmOptions androidFcmOptions) {
@@ -207,7 +207,7 @@ public Builder setFcmOptions(AndroidFcmOptions androidFcmOptions) {
     }
 
     /**
-     * Sets the direct_boot_ok flag, If set to true, messages will be allowed to be delivered to 
+     * Sets the {@code direct_boot_ok} flag. If set to true, messages are delivered to 
      * the app while the device is in direct boot mode.
      */
     public Builder setDirectBootOk(boolean directBootOk) {

From eeee30b52bb6340aa1653da21645c34678e49070 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Fri, 10 Jul 2020 11:19:49 -0700
Subject: [PATCH 020/354] fix: Importing GCP dependencies via official BOMs
 (#451)

* fix: Importing GCP dependencies via official BOMs

* Upgraded api-client BOM to 1.30.10
---
 pom.xml | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index 49e72ad8b..e9a2fc038 100644
--- a/pom.xml
+++ b/pom.xml
@@ -388,49 +388,60 @@
         </plugins>
     </reporting>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>com.google.cloud</groupId>
+                <artifactId>libraries-bom</artifactId>
+                <version>8.0.0</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+            <dependency>
+                <groupId>com.google.api-client</groupId>
+                <artifactId>google-api-client-bom</artifactId>
+                <version>1.30.10</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <dependencies>
         <!-- Google Cloud Platform dependencies -->
         <dependency>
             <groupId>com.google.api-client</groupId>
             <artifactId>google-api-client</artifactId>
-            <version>1.30.9</version>
         </dependency>
         <dependency>
             <groupId>com.google.api-client</groupId>
             <artifactId>google-api-client-gson</artifactId>
-            <version>1.30.9</version>
         </dependency>
         <dependency>
             <groupId>com.google.http-client</groupId>
             <artifactId>google-http-client</artifactId>
-            <version>1.35.0</version>
         </dependency>
         <dependency>
             <groupId>com.google.api</groupId>
             <artifactId>api-common</artifactId>
-            <version>1.9.2</version>
         </dependency>
         <dependency>
             <groupId>com.google.auth</groupId>
             <artifactId>google-auth-library-oauth2-http</artifactId>
-            <version>0.20.0</version>
         </dependency>
         <dependency>
             <groupId>com.google.cloud</groupId>
             <artifactId>google-cloud-storage</artifactId>
-            <version>1.108.0</version>
         </dependency>
         <dependency>
             <groupId>com.google.cloud</groupId>
             <artifactId>google-cloud-firestore</artifactId>
-            <version>1.34.0</version>
         </dependency>
 
         <!-- Utilities -->
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>26.0-android</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>

From 0a0662e61d91d40cbd725ffd70c7c0268f868cb9 Mon Sep 17 00:00:00 2001
From: Micah Stairs <micah.stairs@gmail.com>
Date: Thu, 16 Jul 2020 17:25:21 -0400
Subject: [PATCH 021/354] feat(auth): Add tenant operations, tenant-aware user
 operations, and provider config operations (#395)

* Pull parts of FirebaseAuth into an abstract class. (#352)

This moves parts of FirebaseAuth into an abstract class as part of adding multi-tenancy support.

* Add Tenant class and its create and update request classes. (#344)

This pull request adds the Tenant class (including it's create/update inner classes) as part of adding multi-tenancy support.

* Add ListTenantsPage class. (#358)

Add ListTenantsPage and some supporting code as part of adding multi-tenancy support. This code was very largely based off of ListUsersPage and ListUsersPageTest.

* Add updateRequest method to Tenant class and add unit tests. (#361)

Added some things to the Tenant class and added a few unit tests. This is part of the initiative to adding multi-tenancy support (see issue #332).

* Create TenantManager class and wire through listTenants operation. (#369)

Add the TenantManager class and wire through the listTenants operation. Also add unit tests to FirebaseUserManagerTest.

* Add deleteTenant operation to TenantManager. (#372)

This adds deleteTenant to the TenantManager class. I've added the relevant unit tests to FirebaseUserManagerTest. This is part of the initiative to adding multi-tenancy support (see issue #332).

* Add getTenant operation to TenantManager. (#371)

Added getTenant to the TenantManager class. Also added the relevant unit tests to FirebaseUserManagerTest. This is part of the initiative to adding multi-tenancy support (see issue #332).

* Add createTenant and updateTenant operations. (#377)

Added createTenant and updateTenant to the TenantManager class. Also added the relevant unit tests to FirebaseUserManagerTest. This is part of the initiative to adding multi-tenancy support (see issue #332).

* Add integration tests for TenantManager operations. (#385)

This adds some integration testing for all of the tenant operations in TenantManager. Several bugs were uncovered after running the tests, so these have been fixed. This is part of the initiative to adding multi-tenancy support (see issue #332).

* Add firebase auth destroy check before tenant operations. (#386)

This addresses some TODOs left as part of the initiative to add multi-tenancy support (see issue #332).

* Make user operations tenant-aware. (#387)

This makes user operations tenant-aware. I've added some integration tests to ensure that this is working correctly. This is part of the initiative to adding multi-tenancy support (see issue #332).

* Remove unused AutoValue dependency. (#392)

Remove unused AutoValue dependency (and remove Java 8 API dependency which was accidentally introduced).

* Indicate how to get set up for the multitenancy integration tests. (#393)

This documentation is based off of the instructions in https://github.com/firebase/firebase-admin-node/blob/master/CONTRIBUTING.md.

* Add tenant-aware token generation and verification. (#391)

This incorporates the tenant ID into the token generation and validation when using a tenant-aware client. This is part of the initiative to add multi-tenancy support (see issue #332).

* Fix javadoc comment.

* Trigger CI

* Make several Op methods private.

* Move createSessionCookie and verifySessionCookie back to FirebaseAuth.

* Make verifySessionCookieOp private.

* Fix a few javadoc comments.

* Address Kevin's feedback.

* Make TenantAwareFirebaseAuth final.

* chore: Merging master into tenant-mgt (#422)

* Fixed a bad merge

* Add provider config management operations. (#433)

Adds all of the OIDC and SAML provider config operations, related to adding multi-tenancy support.

* Stop using deprecated MockHttpTransport.builder() method.

* Moved tenant management code into a new package (#449)

* Multi-tenancy refactor experiment

* fix(auth): Completed tenant mgt refactor

* Added license header to new class

* Responding to code review comments: Consolidated error codes in AuthHttpClient

* Improve unit test coverage of tenant/provider-related code (#453)

I've improved the unit test coverage of tenant/provider-related code, and I've also removed a number of unused imports.

* Fix integration tests.
---
 CONTRIBUTING.md                               |   17 +-
 checkstyle.xml                                |    9 +-
 .../firebase/auth/AbstractFirebaseAuth.java   | 1723 +++++++++++++++++
 .../google/firebase/auth/FirebaseAuth.java    | 1231 +-----------
 .../google/firebase/auth/FirebaseToken.java   |   13 +-
 .../firebase/auth/FirebaseTokenUtils.java     |   15 +-
 .../auth/FirebaseTokenVerifierImpl.java       |   26 +-
 .../firebase/auth/FirebaseUserManager.java    |  311 +--
 .../auth/ListProviderConfigsPage.java         |  268 +++
 .../google/firebase/auth/ListUsersPage.java   |    8 +-
 .../firebase/auth/OidcProviderConfig.java     |  177 ++
 .../google/firebase/auth/ProviderConfig.java  |  157 ++
 .../firebase/auth/SamlProviderConfig.java     |  343 ++++
 .../com/google/firebase/auth/UserRecord.java  |   20 +-
 .../auth/internal/AuthHttpClient.java         |  160 ++
 .../internal/FirebaseCustomAuthToken.java     |   13 +
 .../auth/internal/FirebaseTokenFactory.java   |   13 +-
 .../auth/internal/GetAccountInfoResponse.java |    9 +-
 .../ListOidcProviderConfigsResponse.java      |   62 +
 .../internal/ListProviderConfigsResponse.java |   32 +
 .../ListSamlProviderConfigsResponse.java      |   62 +
 .../auth/internal/ListTenantsResponse.java    |   55 +
 .../multitenancy/FirebaseTenantClient.java    |  111 ++
 .../auth/multitenancy/ListTenantsPage.java    |  245 +++
 .../firebase/auth/multitenancy/Tenant.java    |  195 ++
 .../multitenancy/TenantAwareFirebaseAuth.java |   50 +
 .../auth/multitenancy/TenantManager.java      |  287 +++
 .../google/firebase/auth/FirebaseAuthIT.java  |  712 ++++---
 .../firebase/auth/FirebaseAuthTest.java       |   25 +-
 .../auth/FirebaseTokenVerifierImplTest.java   |   51 +
 .../auth/FirebaseUserManagerTest.java         | 1446 ++++++++++++--
 .../com/google/firebase/auth/GetUsersIT.java  |   14 +-
 .../auth/ListProviderConfigsPageTest.java     |  376 ++++
 .../firebase/auth/ListUsersPageTest.java      |   33 +-
 .../firebase/auth/OidcProviderConfigTest.java |  160 ++
 .../auth/ProviderConfigTestUtils.java         |  125 ++
 .../firebase/auth/SamlProviderConfigTest.java |  322 +++
 .../google/firebase/auth/UserTestUtils.java   |  124 ++
 .../internal/FirebaseTokenFactoryTest.java    |   20 +
 .../ListOidcProviderConfigsResponseTest.java  |   70 +
 .../ListSamlProviderConfigsResponseTest.java  |   70 +
 .../internal/ListTenantsResponseTest.java     |   69 +
 .../FirebaseTenantClientTest.java             |  363 ++++
 .../multitenancy/ListTenantsPageTest.java     |  349 ++++
 .../TenantAwareFirebaseAuthIT.java            |  450 +++++
 .../auth/multitenancy/TenantManagerIT.java    |  158 ++
 .../auth/multitenancy/TenantTest.java         |   92 +
 .../database/FirebaseDatabaseTest.java        |    8 +-
 src/test/resources/getUser.json               |    3 +-
 src/test/resources/listOidc.json              |   15 +
 src/test/resources/listSaml.json              |   35 +
 src/test/resources/listTenants.json           |   17 +
 src/test/resources/listUsers.json             |    6 +-
 src/test/resources/oidc.json                  |    7 +
 src/test/resources/saml.json                  |   17 +
 src/test/resources/tenant.json                |    8 +
 56 files changed, 9028 insertions(+), 1729 deletions(-)
 create mode 100644 src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
 create mode 100644 src/main/java/com/google/firebase/auth/ListProviderConfigsPage.java
 create mode 100644 src/main/java/com/google/firebase/auth/OidcProviderConfig.java
 create mode 100644 src/main/java/com/google/firebase/auth/ProviderConfig.java
 create mode 100644 src/main/java/com/google/firebase/auth/SamlProviderConfig.java
 create mode 100644 src/main/java/com/google/firebase/auth/internal/AuthHttpClient.java
 create mode 100644 src/main/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponse.java
 create mode 100644 src/main/java/com/google/firebase/auth/internal/ListProviderConfigsResponse.java
 create mode 100644 src/main/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponse.java
 create mode 100644 src/main/java/com/google/firebase/auth/internal/ListTenantsResponse.java
 create mode 100644 src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java
 create mode 100644 src/main/java/com/google/firebase/auth/multitenancy/ListTenantsPage.java
 create mode 100644 src/main/java/com/google/firebase/auth/multitenancy/Tenant.java
 create mode 100644 src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java
 create mode 100644 src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java
 create mode 100644 src/test/java/com/google/firebase/auth/ListProviderConfigsPageTest.java
 create mode 100644 src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
 create mode 100644 src/test/java/com/google/firebase/auth/ProviderConfigTestUtils.java
 create mode 100644 src/test/java/com/google/firebase/auth/SamlProviderConfigTest.java
 create mode 100644 src/test/java/com/google/firebase/auth/UserTestUtils.java
 create mode 100644 src/test/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponseTest.java
 create mode 100644 src/test/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponseTest.java
 create mode 100644 src/test/java/com/google/firebase/auth/internal/ListTenantsResponseTest.java
 create mode 100644 src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
 create mode 100644 src/test/java/com/google/firebase/auth/multitenancy/ListTenantsPageTest.java
 create mode 100644 src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
 create mode 100644 src/test/java/com/google/firebase/auth/multitenancy/TenantManagerIT.java
 create mode 100644 src/test/java/com/google/firebase/auth/multitenancy/TenantTest.java
 create mode 100644 src/test/resources/listOidc.json
 create mode 100644 src/test/resources/listSaml.json
 create mode 100644 src/test/resources/listTenants.json
 create mode 100644 src/test/resources/oidc.json
 create mode 100644 src/test/resources/saml.json
 create mode 100644 src/test/resources/tenant.json

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 11012bfff..c346c5b9d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -141,8 +141,17 @@ Authentication Admin` role at
 [Google Cloud Platform Console / IAM & admin](https://console.cloud.google.com/iam-admin). This is
 required to ensure that exported user records contain the password hashes of the user accounts.
 Also obtain the web API key of the project from the "Settings > General" page, and save it as
-`integration_apikey.txt` at the root of the codebase. Now run the following command to invoke the
-integration test suite:
+`integration_apikey.txt` at the root of the codebase.
+
+Some of the integration tests require an
+[Identity Platform](https://cloud.google.com/identity-platform/) project with multi-tenancy
+[enabled](https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart#enabling_multi-tenancy).
+An existing Firebase project can be upgraded to an Identity Platform project without losing any
+functionality via the
+[Identity Platform Marketplace Page](https://console.cloud.google.com/customer-identity). Note that
+charges may be incurred for active users beyond the Identity Platform free tier.
+
+Now run the following command to invoke the integration test suite:
 
 ```
 mvn verify
@@ -153,14 +162,14 @@ tests, specify the `-DskipUTs` flag.
 
 ### Generating API Docs
 
-Invoke the [Maven Javadoc plugin](https://maven.apache.org/plugins/maven-javadoc-plugin/) as 
+Invoke the [Maven Javadoc plugin](https://maven.apache.org/plugins/maven-javadoc-plugin/) as
 follows to generate API docs for all packages in the codebase:
 
 ```
 mvn javadoc:javadoc
 ```
 
-This will generate the API docs, and place them in the `target/site/apidocs` directory. 
+This will generate the API docs, and place them in the `target/site/apidocs` directory.
 
 To generate API docs for only the public APIs (i.e. ones that are not marked with `@hide` tags),
 you need to trigger the `devsite-apidocs` Maven profile. This profile uses Maven Javadoc plugin
diff --git a/checkstyle.xml b/checkstyle.xml
index 663918173..77e2dba54 100644
--- a/checkstyle.xml
+++ b/checkstyle.xml
@@ -42,15 +42,15 @@
     <module name="FileTabCharacter">
         <property name="eachLine" value="true"/>
     </module>
-    
+
     <module name="SuppressionCommentFilter">
       <property name="offCommentFormat" value="CSOFF\: ([\w\|]+)"/>
       <property name="onCommentFormat" value="CSON\: ([\w\|]+)"/>
       <property name="checkFormat" value="$1"/>
     </module>
 
-    <module name="TreeWalker">   
-        <module name="FileContentsHolder"/>     
+    <module name="TreeWalker">
+        <module name="FileContentsHolder"/>
         <module name="OuterTypeFilename"/>
         <module name="IllegalTokenText">
             <property name="tokens" value="STRING_LITERAL, CHAR_LITERAL"/>
@@ -229,6 +229,9 @@
             <property name="allowedAnnotations" value="Override, Test"/>
             <property name="allowThrowsTagsForSubclasses" value="true"/>
             <property name="allowMissingJavadoc" value="true"/>
+            <!-- Setting this property helps avoid some strange errors. For more information, see -->
+            <!-- https://stackoverflow.com/questions/27938039/unable-to-get-class-information-for-checkstyle. -->
+            <property name="suppressLoadErrors" value="true"/>
         </module>
         <module name="MethodName">
             <property name="format" value="^[a-z][a-z0-9][a-zA-Z0-9_]*$"/>
diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
new file mode 100644
index 000000000..ad30d2cc3
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -0,0 +1,1723 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
+
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.util.Clock;
+import com.google.api.core.ApiFuture;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
+import com.google.common.base.Supplier;
+import com.google.common.base.Suppliers;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.auth.FirebaseUserManager.EmailLinkType;
+import com.google.firebase.auth.FirebaseUserManager.UserImportRequest;
+import com.google.firebase.auth.ListProviderConfigsPage.DefaultOidcProviderConfigSource;
+import com.google.firebase.auth.ListProviderConfigsPage.DefaultSamlProviderConfigSource;
+import com.google.firebase.auth.ListUsersPage.DefaultUserSource;
+import com.google.firebase.auth.internal.FirebaseTokenFactory;
+import com.google.firebase.internal.CallableOperation;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+/**
+ * This is the abstract class for server-side Firebase Authentication actions.
+ */
+public abstract class AbstractFirebaseAuth {
+
+  private static final String ERROR_CUSTOM_TOKEN = "ERROR_CUSTOM_TOKEN";
+
+  private final Object lock = new Object();
+  private final AtomicBoolean destroyed = new AtomicBoolean(false);
+
+  private final FirebaseApp firebaseApp;
+  private final Supplier<FirebaseTokenFactory> tokenFactory;
+  private final Supplier<? extends FirebaseTokenVerifier> idTokenVerifier;
+  private final Supplier<? extends FirebaseTokenVerifier> cookieVerifier;
+  private final Supplier<? extends FirebaseUserManager> userManager;
+  private final JsonFactory jsonFactory;
+
+  protected AbstractFirebaseAuth(Builder builder) {
+    this.firebaseApp = checkNotNull(builder.firebaseApp);
+    this.tokenFactory = threadSafeMemoize(builder.tokenFactory);
+    this.idTokenVerifier = threadSafeMemoize(builder.idTokenVerifier);
+    this.cookieVerifier = threadSafeMemoize(builder.cookieVerifier);
+    this.userManager = threadSafeMemoize(builder.userManager);
+    this.jsonFactory = builder.firebaseApp.getOptions().getJsonFactory();
+  }
+
+  protected static Builder builderFromAppAndTenantId(final FirebaseApp app, final String tenantId) {
+    return AbstractFirebaseAuth.builder()
+        .setFirebaseApp(app)
+        .setTokenFactory(
+            new Supplier<FirebaseTokenFactory>() {
+              @Override
+              public FirebaseTokenFactory get() {
+                return FirebaseTokenUtils.createTokenFactory(app, Clock.SYSTEM, tenantId);
+              }
+            })
+        .setIdTokenVerifier(
+            new Supplier<FirebaseTokenVerifier>() {
+              @Override
+              public FirebaseTokenVerifier get() {
+                return FirebaseTokenUtils.createIdTokenVerifier(app, Clock.SYSTEM, tenantId);
+              }
+            })
+        .setCookieVerifier(
+            new Supplier<FirebaseTokenVerifier>() {
+              @Override
+              public FirebaseTokenVerifier get() {
+                return FirebaseTokenUtils.createSessionCookieVerifier(app, Clock.SYSTEM);
+              }
+            })
+        .setUserManager(
+            new Supplier<FirebaseUserManager>() {
+              @Override
+              public FirebaseUserManager get() {
+                return FirebaseUserManager
+                    .builder()
+                    .setFirebaseApp(app)
+                    .setTenantId(tenantId)
+                    .build();
+              }
+            });
+  }
+
+  /**
+   * Creates a Firebase custom token for the given UID. This token can then be sent back to a client
+   * application to be used with the <a
+   * href="/docs/auth/admin/create-custom-tokens#sign_in_using_custom_tokens_on_clients">signInWithCustomToken</a>
+   * authentication API.
+   *
+   * <p>{@link FirebaseApp} must have been initialized with service account credentials to use call
+   * this method.
+   *
+   * @param uid The UID to store in the token. This identifies the user to other Firebase services
+   *     (Realtime Database, Firebase Auth, etc.). Should be less than 128 characters.
+   * @return A Firebase custom token string.
+   * @throws IllegalArgumentException If the specified uid is null or empty, or if the app has not
+   *     been initialized with service account credentials.
+   * @throws FirebaseAuthException If an error occurs while generating the custom token.
+   */
+  public String createCustomToken(@NonNull String uid) throws FirebaseAuthException {
+    return createCustomToken(uid, null);
+  }
+
+  /**
+   * Creates a Firebase custom token for the given UID, containing the specified additional claims.
+   * This token can then be sent back to a client application to be used with the <a
+   * href="/docs/auth/admin/create-custom-tokens#sign_in_using_custom_tokens_on_clients">signInWithCustomToken</a>
+   * authentication API.
+   *
+   * <p>This method attempts to generate a token using:
+   *
+   * <ol>
+   *   <li>the private key of {@link FirebaseApp}'s service account credentials, if provided at
+   *       initialization.
+   *   <li>the <a
+   *       href="https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/signBlob">IAM
+   *       service</a> if a service account email was specified via {@link
+   *       com.google.firebase.FirebaseOptions.Builder#setServiceAccountId(String)}.
+   *   <li>the <a href="https://cloud.google.com/appengine/docs/standard/java/appidentity/">App
+   *       Identity service</a> if the code is deployed in the Google App Engine standard
+   *       environment.
+   *   <li>the <a href="https://cloud.google.com/compute/docs/storing-retrieving-metadata">local
+   *       Metadata server</a> if the code is deployed in a different GCP-managed environment like
+   *       Google Compute Engine.
+   * </ol>
+   *
+   * <p>This method throws an exception when all the above fail.
+   *
+   * @param uid The UID to store in the token. This identifies the user to other Firebase services
+   *     (Realtime Database, Firebase Auth, etc.). Should be less than 128 characters.
+   * @param developerClaims Additional claims to be stored in the token (and made available to
+   *     security rules in Database, Storage, etc.). These must be able to be serialized to JSON
+   *     (e.g. contain only Maps, Arrays, Strings, Booleans, Numbers, etc.)
+   * @return A Firebase custom token string.
+   * @throws IllegalArgumentException If the specified uid is null or empty.
+   * @throws IllegalStateException If the SDK fails to discover a viable approach for signing
+   *     tokens.
+   * @throws FirebaseAuthException If an error occurs while generating the custom token.
+   */
+  public String createCustomToken(
+      @NonNull String uid, @Nullable Map<String, Object> developerClaims)
+      throws FirebaseAuthException {
+    return createCustomTokenOp(uid, developerClaims).call();
+  }
+
+  /**
+   * Similar to {@link #createCustomToken(String)} but performs the operation asynchronously.
+   *
+   * @param uid The UID to store in the token. This identifies the user to other Firebase services
+   *     (Realtime Database, Firebase Auth, etc.). Should be less than 128 characters.
+   * @return An {@code ApiFuture} which will complete successfully with the created Firebase custom
+   *     token, or unsuccessfully with the failure Exception.
+   * @throws IllegalArgumentException If the specified uid is null or empty, or if the app has not
+   *     been initialized with service account credentials.
+   */
+  public ApiFuture<String> createCustomTokenAsync(@NonNull String uid) {
+    return createCustomTokenAsync(uid, null);
+  }
+
+  /**
+   * Similar to {@link #createCustomToken(String, Map)} but performs the operation asynchronously.
+   *
+   * @param uid The UID to store in the token. This identifies the user to other Firebase services
+   *     (Realtime Database, Storage, etc.). Should be less than 128 characters.
+   * @param developerClaims Additional claims to be stored in the token (and made available to
+   *     security rules in Database, Storage, etc.). These must be able to be serialized to JSON
+   *     (e.g. contain only Maps, Arrays, Strings, Booleans, Numbers, etc.)
+   * @return An {@code ApiFuture} which will complete successfully with the created Firebase custom
+   *     token, or unsuccessfully with the failure Exception.
+   * @throws IllegalArgumentException If the specified uid is null or empty, or if the app has not
+   *     been initialized with service account credentials.
+   */
+  public ApiFuture<String> createCustomTokenAsync(
+      @NonNull String uid, @Nullable Map<String, Object> developerClaims) {
+    return createCustomTokenOp(uid, developerClaims).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<String, FirebaseAuthException> createCustomTokenOp(
+      final String uid, final Map<String, Object> developerClaims) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
+    final FirebaseTokenFactory tokenFactory = this.tokenFactory.get();
+    return new CallableOperation<String, FirebaseAuthException>() {
+      @Override
+      public String execute() throws FirebaseAuthException {
+        try {
+          return tokenFactory.createSignedCustomAuthTokenForUser(uid, developerClaims);
+        } catch (IOException e) {
+          throw new FirebaseAuthException(
+              ERROR_CUSTOM_TOKEN, "Failed to generate a custom token", e);
+        }
+      }
+    };
+  }
+
+  /**
+   * Parses and verifies a Firebase ID Token.
+   *
+   * <p>A Firebase application can identify itself to a trusted backend server by sending its
+   * Firebase ID Token (accessible via the {@code getToken} API in the Firebase Authentication
+   * client) with its requests. The backend server can then use the {@code verifyIdToken()} method
+   * to verify that the token is valid. This method ensures that the token is correctly signed, has
+   * not expired, and it was issued to the Firebase project associated with this {@link
+   * FirebaseAuth} instance.
+   *
+   * <p>This method does not check whether a token has been revoked. Use {@link
+   * #verifyIdToken(String, boolean)} to perform an additional revocation check.
+   *
+   * @param idToken A Firebase ID token string to parse and verify.
+   * @return A {@link FirebaseToken} representing the verified and decoded token.
+   * @throws IllegalArgumentException If the token is null, empty, or if the {@link FirebaseApp}
+   *     instance does not have a project ID associated with it.
+   * @throws FirebaseAuthException If an error occurs while parsing or validating the token.
+   */
+  public FirebaseToken verifyIdToken(@NonNull String idToken) throws FirebaseAuthException {
+    return verifyIdToken(idToken, false);
+  }
+
+  /**
+   * Parses and verifies a Firebase ID Token.
+   *
+   * <p>A Firebase application can identify itself to a trusted backend server by sending its
+   * Firebase ID Token (accessible via the {@code getToken} API in the Firebase Authentication
+   * client) with its requests. The backend server can then use the {@code verifyIdToken()} method
+   * to verify that the token is valid. This method ensures that the token is correctly signed, has
+   * not expired, and it was issued to the Firebase project associated with this {@link
+   * FirebaseAuth} instance.
+   *
+   * <p>If {@code checkRevoked} is set to true, this method performs an additional check to see if
+   * the ID token has been revoked since it was issues. This requires making an additional remote
+   * API call.
+   *
+   * @param idToken A Firebase ID token string to parse and verify.
+   * @param checkRevoked A boolean denoting whether to check if the tokens were revoked.
+   * @return A {@link FirebaseToken} representing the verified and decoded token.
+   * @throws IllegalArgumentException If the token is null, empty, or if the {@link FirebaseApp}
+   *     instance does not have a project ID associated with it.
+   * @throws FirebaseAuthException If an error occurs while parsing or validating the token.
+   */
+  public FirebaseToken verifyIdToken(@NonNull String idToken, boolean checkRevoked)
+      throws FirebaseAuthException {
+    return verifyIdTokenOp(idToken, checkRevoked).call();
+  }
+
+  /**
+   * Similar to {@link #verifyIdToken(String)} but performs the operation asynchronously.
+   *
+   * @param idToken A Firebase ID Token to verify and parse.
+   * @return An {@code ApiFuture} which will complete successfully with the parsed token, or
+   *     unsuccessfully with a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the token is null, empty, or if the {@link FirebaseApp}
+   *     instance does not have a project ID associated with it.
+   */
+  public ApiFuture<FirebaseToken> verifyIdTokenAsync(@NonNull String idToken) {
+    return verifyIdTokenAsync(idToken, false);
+  }
+
+  /**
+   * Similar to {@link #verifyIdToken(String, boolean)} but performs the operation asynchronously.
+   *
+   * @param idToken A Firebase ID Token to verify and parse.
+   * @param checkRevoked A boolean denoting whether to check if the tokens were revoked.
+   * @return An {@code ApiFuture} which will complete successfully with the parsed token, or
+   *     unsuccessfully with a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the token is null, empty, or if the {@link FirebaseApp}
+   *     instance does not have a project ID associated with it.
+   */
+  public ApiFuture<FirebaseToken>
+      verifyIdTokenAsync(@NonNull String idToken, boolean checkRevoked) {
+    return verifyIdTokenOp(idToken, checkRevoked).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<FirebaseToken, FirebaseAuthException> verifyIdTokenOp(
+      final String idToken, final boolean checkRevoked) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(idToken), "ID token must not be null or empty");
+    final FirebaseTokenVerifier verifier = getIdTokenVerifier(checkRevoked);
+    return new CallableOperation<FirebaseToken, FirebaseAuthException>() {
+      @Override
+      protected FirebaseToken execute() throws FirebaseAuthException {
+        return verifier.verifyToken(idToken);
+      }
+    };
+  }
+
+  @VisibleForTesting
+  FirebaseTokenVerifier getIdTokenVerifier(boolean checkRevoked) {
+    FirebaseTokenVerifier verifier = idTokenVerifier.get();
+    if (checkRevoked) {
+      FirebaseUserManager userManager = getUserManager();
+      verifier = RevocationCheckDecorator.decorateIdTokenVerifier(verifier, userManager);
+    }
+    return verifier;
+  }
+
+  /**
+   * Revokes all refresh tokens for the specified user.
+   *
+   * <p>Updates the user's tokensValidAfterTimestamp to the current UTC time expressed in
+   * milliseconds since the epoch and truncated to 1 second accuracy. It is important that the
+   * server on which this is called has its clock set correctly and synchronized.
+   *
+   * <p>While this will revoke all sessions for a specified user and disable any new ID tokens for
+   * existing sessions from getting minted, existing ID tokens may remain active until their natural
+   * expiration (one hour). To verify that ID tokens are revoked, use {@link
+   * #verifyIdTokenAsync(String, boolean)}.
+   *
+   * @param uid The user id for which tokens are revoked.
+   * @throws IllegalArgumentException If the user ID is null or empty.
+   * @throws FirebaseAuthException If an error occurs while revoking tokens.
+   */
+  public void revokeRefreshTokens(@NonNull String uid) throws FirebaseAuthException {
+    revokeRefreshTokensOp(uid).call();
+  }
+
+  /**
+   * Similar to {@link #revokeRefreshTokens(String)} but performs the operation asynchronously.
+   *
+   * @param uid The user id for which tokens are revoked.
+   * @return An {@code ApiFuture} which will complete successfully or fail with a {@link
+   *     FirebaseAuthException} in the event of an error.
+   * @throws IllegalArgumentException If the user ID is null or empty.
+   */
+  public ApiFuture<Void> revokeRefreshTokensAsync(@NonNull String uid) {
+    return revokeRefreshTokensOp(uid).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<Void, FirebaseAuthException> revokeRefreshTokensOp(final String uid) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<Void, FirebaseAuthException>() {
+      @Override
+      protected Void execute() throws FirebaseAuthException {
+        int currentTimeSeconds = (int) (System.currentTimeMillis() / 1000);
+        UserRecord.UpdateRequest request =
+            new UserRecord.UpdateRequest(uid).setValidSince(currentTimeSeconds);
+        userManager.updateUser(request, jsonFactory);
+        return null;
+      }
+    };
+  }
+
+  /**
+   * Gets the user data corresponding to the specified user ID.
+   *
+   * @param uid A user ID string.
+   * @return A {@link UserRecord} instance.
+   * @throws IllegalArgumentException If the user ID string is null or empty.
+   * @throws FirebaseAuthException If an error occurs while retrieving user data.
+   */
+  public UserRecord getUser(@NonNull String uid) throws FirebaseAuthException {
+    return getUserOp(uid).call();
+  }
+
+  /**
+   * Similar to {@link #getUser(String)} but performs the operation asynchronously.
+   *
+   * @param uid A user ID string.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
+   *     instance. If an error occurs while retrieving user data or if the specified user ID does
+   *     not exist, the future throws a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the user ID string is null or empty.
+   */
+  public ApiFuture<UserRecord> getUserAsync(@NonNull String uid) {
+    return getUserOp(uid).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<UserRecord, FirebaseAuthException> getUserOp(final String uid) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<UserRecord, FirebaseAuthException>() {
+      @Override
+      protected UserRecord execute() throws FirebaseAuthException {
+        return userManager.getUserById(uid);
+      }
+    };
+  }
+
+  /**
+   * Gets the user data corresponding to the specified user email.
+   *
+   * @param email A user email address string.
+   * @return A {@link UserRecord} instance.
+   * @throws IllegalArgumentException If the email is null or empty.
+   * @throws FirebaseAuthException If an error occurs while retrieving user data.
+   */
+  public UserRecord getUserByEmail(@NonNull String email) throws FirebaseAuthException {
+    return getUserByEmailOp(email).call();
+  }
+
+  /**
+   * Similar to {@link #getUserByEmail(String)} but performs the operation asynchronously.
+   *
+   * @param email A user email address string.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
+   *     instance. If an error occurs while retrieving user data or if the email address does not
+   *     correspond to a user, the future throws a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the email is null or empty.
+   */
+  public ApiFuture<UserRecord> getUserByEmailAsync(@NonNull String email) {
+    return getUserByEmailOp(email).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<UserRecord, FirebaseAuthException> getUserByEmailOp(
+      final String email) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(email), "email must not be null or empty");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<UserRecord, FirebaseAuthException>() {
+      @Override
+      protected UserRecord execute() throws FirebaseAuthException {
+        return userManager.getUserByEmail(email);
+      }
+    };
+  }
+
+  /**
+   * Gets the user data corresponding to the specified user phone number.
+   *
+   * @param phoneNumber A user phone number string.
+   * @return A a {@link UserRecord} instance.
+   * @throws IllegalArgumentException If the phone number is null or empty.
+   * @throws FirebaseAuthException If an error occurs while retrieving user data.
+   */
+  public UserRecord getUserByPhoneNumber(@NonNull String phoneNumber) throws FirebaseAuthException {
+    return getUserByPhoneNumberOp(phoneNumber).call();
+  }
+
+  /**
+   * Gets the user data corresponding to the specified user phone number.
+   *
+   * @param phoneNumber A user phone number string.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
+   *     instance. If an error occurs while retrieving user data or if the phone number does not
+   *     correspond to a user, the future throws a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the phone number is null or empty.
+   */
+  public ApiFuture<UserRecord> getUserByPhoneNumberAsync(@NonNull String phoneNumber) {
+    return getUserByPhoneNumberOp(phoneNumber).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<UserRecord, FirebaseAuthException> getUserByPhoneNumberOp(
+      final String phoneNumber) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(phoneNumber), "phone number must not be null or empty");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<UserRecord, FirebaseAuthException>() {
+      @Override
+      protected UserRecord execute() throws FirebaseAuthException {
+        return userManager.getUserByPhoneNumber(phoneNumber);
+      }
+    };
+  }
+
+  /**
+   * Gets a page of users starting from the specified {@code pageToken}. Page size is limited to
+   * 1000 users.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of users.
+   * @return A {@link ListUsersPage} instance.
+   * @throws IllegalArgumentException If the specified page token is empty.
+   * @throws FirebaseAuthException If an error occurs while retrieving user data.
+   */
+  public ListUsersPage listUsers(@Nullable String pageToken) throws FirebaseAuthException {
+    return listUsers(pageToken, FirebaseUserManager.MAX_LIST_USERS_RESULTS);
+  }
+
+  /**
+   * Gets a page of users starting from the specified {@code pageToken}.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of users.
+   * @param maxResults Maximum number of users to include in the returned page. This may not exceed
+   *     1000.
+   * @return A {@link ListUsersPage} instance.
+   * @throws IllegalArgumentException If the specified page token is empty, or max results value is
+   *     invalid.
+   * @throws FirebaseAuthException If an error occurs while retrieving user data.
+   */
+  public ListUsersPage listUsers(@Nullable String pageToken, int maxResults)
+      throws FirebaseAuthException {
+    return listUsersOp(pageToken, maxResults).call();
+  }
+
+  /**
+   * Similar to {@link #listUsers(String)} but performs the operation asynchronously.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of users.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link ListUsersPage}
+   *     instance. If an error occurs while retrieving user data, the future throws an exception.
+   * @throws IllegalArgumentException If the specified page token is empty.
+   */
+  public ApiFuture<ListUsersPage> listUsersAsync(@Nullable String pageToken) {
+    return listUsersAsync(pageToken, FirebaseUserManager.MAX_LIST_USERS_RESULTS);
+  }
+
+  /**
+   * Similar to {@link #listUsers(String, int)} but performs the operation asynchronously.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of users.
+   * @param maxResults Maximum number of users to include in the returned page. This may not exceed
+   *     1000.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link ListUsersPage}
+   *     instance. If an error occurs while retrieving user data, the future throws an exception.
+   * @throws IllegalArgumentException If the specified page token is empty, or max results value is
+   *     invalid.
+   */
+  public ApiFuture<ListUsersPage> listUsersAsync(@Nullable String pageToken, int maxResults) {
+    return listUsersOp(pageToken, maxResults).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<ListUsersPage, FirebaseAuthException> listUsersOp(
+      @Nullable final String pageToken, final int maxResults) {
+    checkNotDestroyed();
+    final FirebaseUserManager userManager = getUserManager();
+    final DefaultUserSource source = new DefaultUserSource(userManager, jsonFactory);
+    final ListUsersPage.Factory factory = new ListUsersPage.Factory(source, maxResults, pageToken);
+    return new CallableOperation<ListUsersPage, FirebaseAuthException>() {
+      @Override
+      protected ListUsersPage execute() throws FirebaseAuthException {
+        return factory.create();
+      }
+    };
+  }
+
+  /**
+   * Creates a new user account with the attributes contained in the specified {@link
+   * UserRecord.CreateRequest}.
+   *
+   * @param request A non-null {@link UserRecord.CreateRequest} instance.
+   * @return A {@link UserRecord} instance corresponding to the newly created account.
+   * @throws NullPointerException if the provided request is null.
+   * @throws FirebaseAuthException if an error occurs while creating the user account.
+   */
+  public UserRecord createUser(@NonNull UserRecord.CreateRequest request)
+      throws FirebaseAuthException {
+    return createUserOp(request).call();
+  }
+
+  /**
+   * Similar to {@link #createUser} but performs the operation asynchronously.
+   *
+   * @param request A non-null {@link UserRecord.CreateRequest} instance.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
+   *     instance corresponding to the newly created account. If an error occurs while creating the
+   *     user account, the future throws a {@link FirebaseAuthException}.
+   * @throws NullPointerException if the provided request is null.
+   */
+  public ApiFuture<UserRecord> createUserAsync(@NonNull UserRecord.CreateRequest request) {
+    return createUserOp(request).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<UserRecord, FirebaseAuthException> createUserOp(
+      final UserRecord.CreateRequest request) {
+    checkNotDestroyed();
+    checkNotNull(request, "create request must not be null");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<UserRecord, FirebaseAuthException>() {
+      @Override
+      protected UserRecord execute() throws FirebaseAuthException {
+        String uid = userManager.createUser(request);
+        return userManager.getUserById(uid);
+      }
+    };
+  }
+
+  /**
+   * Updates an existing user account with the attributes contained in the specified {@link
+   * UserRecord.UpdateRequest}.
+   *
+   * @param request A non-null {@link UserRecord.UpdateRequest} instance.
+   * @return A {@link UserRecord} instance corresponding to the updated user account.
+   * @throws NullPointerException if the provided update request is null.
+   * @throws FirebaseAuthException if an error occurs while updating the user account.
+   */
+  public UserRecord updateUser(@NonNull UserRecord.UpdateRequest request)
+      throws FirebaseAuthException {
+    return updateUserOp(request).call();
+  }
+
+  /**
+   * Similar to {@link #updateUser} but performs the operation asynchronously.
+   *
+   * @param request A non-null {@link UserRecord.UpdateRequest} instance.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
+   *     instance corresponding to the updated user account. If an error occurs while updating the
+   *     user account, the future throws a {@link FirebaseAuthException}.
+   */
+  public ApiFuture<UserRecord> updateUserAsync(@NonNull UserRecord.UpdateRequest request) {
+    return updateUserOp(request).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<UserRecord, FirebaseAuthException> updateUserOp(
+      final UserRecord.UpdateRequest request) {
+    checkNotDestroyed();
+    checkNotNull(request, "update request must not be null");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<UserRecord, FirebaseAuthException>() {
+      @Override
+      protected UserRecord execute() throws FirebaseAuthException {
+        userManager.updateUser(request, jsonFactory);
+        return userManager.getUserById(request.getUid());
+      }
+    };
+  }
+
+  /**
+   * Sets the specified custom claims on an existing user account. A null claims value removes any
+   * claims currently set on the user account. The claims should serialize into a valid JSON string.
+   * The serialized claims must not be larger than 1000 characters.
+   *
+   * @param uid A user ID string.
+   * @param claims A map of custom claims or null.
+   * @throws FirebaseAuthException If an error occurs while updating custom claims.
+   * @throws IllegalArgumentException If the user ID string is null or empty, or the claims payload
+   *     is invalid or too large.
+   */
+  public void setCustomUserClaims(@NonNull String uid, @Nullable Map<String, Object> claims)
+      throws FirebaseAuthException {
+    setCustomUserClaimsOp(uid, claims).call();
+  }
+
+  /**
+   * @deprecated Use {@link #setCustomUserClaims(String, Map)} instead.
+   */
+  public void setCustomClaims(@NonNull String uid, @Nullable Map<String, Object> claims)
+      throws FirebaseAuthException {
+    setCustomUserClaims(uid, claims);
+  }
+
+  /**
+   * Similar to {@link #setCustomUserClaims(String, Map)} but performs the operation asynchronously.
+   *
+   * @param uid A user ID string.
+   * @param claims A map of custom claims or null.
+   * @return An {@code ApiFuture} which will complete successfully when the user account has been
+   *     updated. If an error occurs while deleting the user account, the future throws a {@link
+   *     FirebaseAuthException}.
+   * @throws IllegalArgumentException If the user ID string is null or empty.
+   */
+  public ApiFuture<Void> setCustomUserClaimsAsync(
+      @NonNull String uid, @Nullable Map<String, Object> claims) {
+    return setCustomUserClaimsOp(uid, claims).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<Void, FirebaseAuthException> setCustomUserClaimsOp(
+      final String uid, final Map<String, Object> claims) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<Void, FirebaseAuthException>() {
+      @Override
+      protected Void execute() throws FirebaseAuthException {
+        final UserRecord.UpdateRequest request =
+            new UserRecord.UpdateRequest(uid).setCustomClaims(claims);
+        userManager.updateUser(request, jsonFactory);
+        return null;
+      }
+    };
+  }
+
+  /**
+   * Deletes the user identified by the specified user ID.
+   *
+   * @param uid A user ID string.
+   * @throws IllegalArgumentException If the user ID string is null or empty.
+   * @throws FirebaseAuthException If an error occurs while deleting the user.
+   */
+  public void deleteUser(@NonNull String uid) throws FirebaseAuthException {
+    deleteUserOp(uid).call();
+  }
+
+  /**
+   * Similar to {@link #deleteUser(String)} but performs the operation asynchronously.
+   *
+   * @param uid A user ID string.
+   * @return An {@code ApiFuture} which will complete successfully when the specified user account
+   *     has been deleted. If an error occurs while deleting the user account, the future throws a
+   *     {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the user ID string is null or empty.
+   */
+  public ApiFuture<Void> deleteUserAsync(String uid) {
+    return deleteUserOp(uid).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<Void, FirebaseAuthException> deleteUserOp(final String uid) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<Void, FirebaseAuthException>() {
+      @Override
+      protected Void execute() throws FirebaseAuthException {
+        userManager.deleteUser(uid);
+        return null;
+      }
+    };
+  }
+
+  /**
+   * Imports the provided list of users into Firebase Auth. At most 1000 users can be imported at a
+   * time. This operation is optimized for bulk imports and will ignore checks on identifier
+   * uniqueness which could result in duplications.
+   *
+   * <p>{@link UserImportOptions} is required to import users with passwords. See {@link
+   * #importUsers(List, UserImportOptions)}.
+   *
+   * @param users A non-empty list of users to be imported. Length must not exceed 1000.
+   * @return A {@link UserImportResult} instance.
+   * @throws IllegalArgumentException If the users list is null, empty or has more than 1000
+   *     elements. Or if at least one user specifies a password.
+   * @throws FirebaseAuthException If an error occurs while importing users.
+   */
+  public UserImportResult importUsers(List<ImportUserRecord> users) throws FirebaseAuthException {
+    return importUsers(users, null);
+  }
+
+  /**
+   * Imports the provided list of users into Firebase Auth. At most 1000 users can be imported at a
+   * time. This operation is optimized for bulk imports and will ignore checks on identifier
+   * uniqueness which could result in duplications.
+   *
+   * @param users A non-empty list of users to be imported. Length must not exceed 1000.
+   * @param options a {@link UserImportOptions} instance or null. Required when importing users with
+   *     passwords.
+   * @return A {@link UserImportResult} instance.
+   * @throws IllegalArgumentException If the users list is null, empty or has more than 1000
+   *     elements. Or if at least one user specifies a password, and options is null.
+   * @throws FirebaseAuthException If an error occurs while importing users.
+   */
+  public UserImportResult importUsers(
+      List<ImportUserRecord> users, @Nullable UserImportOptions options)
+      throws FirebaseAuthException {
+    return importUsersOp(users, options).call();
+  }
+
+  /**
+   * Similar to {@link #importUsers(List)} but performs the operation asynchronously.
+   *
+   * @param users A non-empty list of users to be imported. Length must not exceed 1000.
+   * @return An {@code ApiFuture} which will complete successfully when the user accounts are
+   *     imported. If an error occurs while importing the users, the future throws a {@link
+   *     FirebaseAuthException}.
+   * @throws IllegalArgumentException If the users list is null, empty or has more than 1000
+   *     elements. Or if at least one user specifies a password.
+   */
+  public ApiFuture<UserImportResult> importUsersAsync(List<ImportUserRecord> users) {
+    return importUsersAsync(users, null);
+  }
+
+  /**
+   * Similar to {@link #importUsers(List, UserImportOptions)} but performs the operation
+   * asynchronously.
+   *
+   * @param users A non-empty list of users to be imported. Length must not exceed 1000.
+   * @param options a {@link UserImportOptions} instance or null. Required when importing users with
+   *     passwords.
+   * @return An {@code ApiFuture} which will complete successfully when the user accounts are
+   *     imported. If an error occurs while importing the users, the future throws a {@link
+   *     FirebaseAuthException}.
+   * @throws IllegalArgumentException If the users list is null, empty or has more than 1000
+   *     elements. Or if at least one user specifies a password, and options is null.
+   */
+  public ApiFuture<UserImportResult> importUsersAsync(
+      List<ImportUserRecord> users, @Nullable UserImportOptions options) {
+    return importUsersOp(users, options).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<UserImportResult, FirebaseAuthException> importUsersOp(
+      final List<ImportUserRecord> users, final UserImportOptions options) {
+    checkNotDestroyed();
+    final UserImportRequest request = new UserImportRequest(users, options, jsonFactory);
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<UserImportResult, FirebaseAuthException>() {
+      @Override
+      protected UserImportResult execute() throws FirebaseAuthException {
+        return userManager.importUsers(request);
+      }
+    };
+  }
+
+  /**
+   * Gets the user data corresponding to the specified identifiers.
+   *
+   * <p>There are no ordering guarantees; in particular, the nth entry in the users result list is
+   * not guaranteed to correspond to the nth entry in the input parameters list.
+   *
+   * <p>A maximum of 100 identifiers may be specified. If more than 100 identifiers are
+   * supplied, this method throws an {@link IllegalArgumentException}.
+   *
+   * @param identifiers The identifiers used to indicate which user records should be returned. Must
+   *     have 100 or fewer entries.
+   * @return The corresponding user records.
+   * @throws IllegalArgumentException If any of the identifiers are invalid or if more than 100
+   *     identifiers are specified.
+   * @throws NullPointerException If the identifiers parameter is null.
+   * @throws FirebaseAuthException If an error occurs while retrieving user data.
+   */
+  public GetUsersResult getUsers(@NonNull Collection<UserIdentifier> identifiers)
+      throws FirebaseAuthException {
+    return getUsersOp(identifiers).call();
+  }
+
+  /**
+   * Gets the user data corresponding to the specified identifiers.
+   *
+   * <p>There are no ordering guarantees; in particular, the nth entry in the users result list is
+   * not guaranteed to correspond to the nth entry in the input parameters list.
+   *
+   * <p>A maximum of 100 identifiers may be specified. If more than 100 identifiers are
+   * supplied, this method throws an {@link IllegalArgumentException}.
+   *
+   * @param identifiers The identifiers used to indicate which user records should be returned.
+   *     Must have 100 or fewer entries.
+   * @return An {@code ApiFuture} that resolves to the corresponding user records.
+   * @throws IllegalArgumentException If any of the identifiers are invalid or if more than 100
+   *     identifiers are specified.
+   * @throws NullPointerException If the identifiers parameter is null.
+   */
+  public ApiFuture<GetUsersResult> getUsersAsync(@NonNull Collection<UserIdentifier> identifiers) {
+    return getUsersOp(identifiers).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<GetUsersResult, FirebaseAuthException> getUsersOp(
+      @NonNull final Collection<UserIdentifier> identifiers) {
+    checkNotDestroyed();
+    checkNotNull(identifiers, "identifiers must not be null");
+    checkArgument(identifiers.size() <= FirebaseUserManager.MAX_GET_ACCOUNTS_BATCH_SIZE,
+        "identifiers parameter must have <= " + FirebaseUserManager.MAX_GET_ACCOUNTS_BATCH_SIZE
+            + " entries.");
+
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<GetUsersResult, FirebaseAuthException>() {
+      @Override
+      protected GetUsersResult execute() throws FirebaseAuthException {
+        Set<UserRecord> users = userManager.getAccountInfo(identifiers);
+        Set<UserIdentifier> notFound = new HashSet<>();
+        for (UserIdentifier id : identifiers) {
+          if (!isUserFound(id, users)) {
+            notFound.add(id);
+          }
+        }
+        return new GetUsersResult(users, notFound);
+      }
+    };
+  }
+
+  private boolean isUserFound(UserIdentifier id, Collection<UserRecord> userRecords) {
+    for (UserRecord userRecord : userRecords) {
+      if (id.matches(userRecord)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  /**
+   * Deletes the users specified by the given identifiers.
+   *
+   * <p>Deleting a non-existing user does not generate an error (the method is idempotent).
+   * Non-existing users are considered to be successfully deleted and are therefore included in the
+   * DeleteUsersResult.getSuccessCount() value.
+   *
+   * <p>A maximum of 1000 identifiers may be supplied. If more than 1000 identifiers are
+   * supplied, this method throws an {@link IllegalArgumentException}.
+   *
+   * <p>This API has a rate limit of 1 QPS. Exceeding the limit may result in a quota exceeded
+   * error. If you want to delete more than 1000 users, we suggest adding a delay to ensure you
+   * don't exceed this limit.
+   *
+   * @param uids The uids of the users to be deleted. Must have <= 1000 entries.
+   * @return The total number of successful/failed deletions, as well as the array of errors that
+   *     correspond to the failed deletions.
+   * @throw IllegalArgumentException If any of the identifiers are invalid or if more than 1000
+   *     identifiers are specified.
+   * @throws FirebaseAuthException If an error occurs while deleting users.
+   */
+  public DeleteUsersResult deleteUsers(List<String> uids) throws FirebaseAuthException {
+    return deleteUsersOp(uids).call();
+  }
+
+  /**
+   * Similar to {@link #deleteUsers(List)} but performs the operation asynchronously.
+   *
+   * @param uids The uids of the users to be deleted. Must have <= 1000 entries.
+   * @return An {@code ApiFuture} that resolves to the total number of successful/failed
+   *     deletions, as well as the array of errors that correspond to the failed deletions. If an
+   *     error occurs while deleting the user account, the future throws a
+   *     {@link FirebaseAuthException}.
+   * @throw IllegalArgumentException If any of the identifiers are invalid or if more than 1000
+   *     identifiers are specified.
+   */
+  public ApiFuture<DeleteUsersResult> deleteUsersAsync(List<String> uids) {
+    return deleteUsersOp(uids).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<DeleteUsersResult, FirebaseAuthException> deleteUsersOp(
+      final List<String> uids) {
+    checkNotDestroyed();
+    checkNotNull(uids, "uids must not be null");
+    for (String uid : uids) {
+      UserRecord.checkUid(uid);
+    }
+    checkArgument(uids.size() <= FirebaseUserManager.MAX_DELETE_ACCOUNTS_BATCH_SIZE,
+        "uids parameter must have <= " + FirebaseUserManager.MAX_DELETE_ACCOUNTS_BATCH_SIZE
+            + " entries.");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<DeleteUsersResult, FirebaseAuthException>() {
+      @Override
+      protected DeleteUsersResult execute() throws FirebaseAuthException {
+        return userManager.deleteUsers(uids);
+      }
+    };
+  }
+
+  /**
+   * Generates the out-of-band email action link for password reset flows for the specified email
+   * address.
+   *
+   * @param email The email of the user whose password is to be reset.
+   * @return A password reset link.
+   * @throws IllegalArgumentException If the email address is null or empty.
+   * @throws FirebaseAuthException If an error occurs while generating the link.
+   */
+  public String generatePasswordResetLink(@NonNull String email) throws FirebaseAuthException {
+    return generatePasswordResetLink(email, null);
+  }
+
+  /**
+   * Generates the out-of-band email action link for password reset flows for the specified email
+   * address.
+   *
+   * @param email The email of the user whose password is to be reset.
+   * @param settings The action code settings object which defines whether the link is to be handled
+   *     by a mobile app and the additional state information to be passed in the deep link.
+   * @return A password reset link.
+   * @throws IllegalArgumentException If the email address is null or empty.
+   * @throws FirebaseAuthException If an error occurs while generating the link.
+   */
+  public String generatePasswordResetLink(
+      @NonNull String email, @Nullable ActionCodeSettings settings) throws FirebaseAuthException {
+    return generateEmailActionLinkOp(EmailLinkType.PASSWORD_RESET, email, settings).call();
+  }
+
+  /**
+   * Similar to {@link #generatePasswordResetLink(String)} but performs the operation
+   * asynchronously.
+   *
+   * @param email The email of the user whose password is to be reset.
+   * @return An {@code ApiFuture} which will complete successfully with the generated email action
+   *     link. If an error occurs while generating the link, the future throws a {@link
+   *     FirebaseAuthException}.
+   * @throws IllegalArgumentException If the email address is null or empty.
+   */
+  public ApiFuture<String> generatePasswordResetLinkAsync(@NonNull String email) {
+    return generatePasswordResetLinkAsync(email, null);
+  }
+
+  /**
+   * Similar to {@link #generatePasswordResetLink(String, ActionCodeSettings)} but performs the
+   * operation asynchronously.
+   *
+   * @param email The email of the user whose password is to be reset.
+   * @param settings The action code settings object which defines whether the link is to be handled
+   *     by a mobile app and the additional state information to be passed in the deep link.
+   * @return An {@code ApiFuture} which will complete successfully with the generated email action
+   *     link. If an error occurs while generating the link, the future throws a {@link
+   *     FirebaseAuthException}.
+   * @throws IllegalArgumentException If the email address is null or empty.
+   */
+  public ApiFuture<String> generatePasswordResetLinkAsync(
+      @NonNull String email, @Nullable ActionCodeSettings settings) {
+    return generateEmailActionLinkOp(EmailLinkType.PASSWORD_RESET, email, settings)
+        .callAsync(firebaseApp);
+  }
+
+  /**
+   * Generates the out-of-band email action link for email verification flows for the specified
+   * email address.
+   *
+   * @param email The email of the user to be verified.
+   * @return An email verification link.
+   * @throws IllegalArgumentException If the email address is null or empty.
+   * @throws FirebaseAuthException If an error occurs while generating the link.
+   */
+  public String generateEmailVerificationLink(@NonNull String email) throws FirebaseAuthException {
+    return generateEmailVerificationLink(email, null);
+  }
+
+  /**
+   * Generates the out-of-band email action link for email verification flows for the specified
+   * email address, using the action code settings provided.
+   *
+   * @param email The email of the user to be verified.
+   * @return An email verification link.
+   * @throws IllegalArgumentException If the email address is null or empty.
+   * @throws FirebaseAuthException If an error occurs while generating the link.
+   */
+  public String generateEmailVerificationLink(
+      @NonNull String email, @Nullable ActionCodeSettings settings) throws FirebaseAuthException {
+    return generateEmailActionLinkOp(EmailLinkType.VERIFY_EMAIL, email, settings).call();
+  }
+
+  /**
+   * Similar to {@link #generateEmailVerificationLink(String)} but performs the operation
+   * asynchronously.
+   *
+   * @param email The email of the user to be verified.
+   * @return An {@code ApiFuture} which will complete successfully with the generated email action
+   *     link. If an error occurs while generating the link, the future throws a {@link
+   *     FirebaseAuthException}.
+   * @throws IllegalArgumentException If the email address is null or empty.
+   */
+  public ApiFuture<String> generateEmailVerificationLinkAsync(@NonNull String email) {
+    return generateEmailVerificationLinkAsync(email, null);
+  }
+
+  /**
+   * Similar to {@link #generateEmailVerificationLink(String, ActionCodeSettings)} but performs the
+   * operation asynchronously.
+   *
+   * @param email The email of the user to be verified.
+   * @param settings The action code settings object which defines whether the link is to be handled
+   *     by a mobile app and the additional state information to be passed in the deep link.
+   * @return An {@code ApiFuture} which will complete successfully with the generated email action
+   *     link. If an error occurs while generating the link, the future throws a {@link
+   *     FirebaseAuthException}.
+   * @throws IllegalArgumentException If the email address is null or empty.
+   */
+  public ApiFuture<String> generateEmailVerificationLinkAsync(
+      @NonNull String email, @Nullable ActionCodeSettings settings) {
+    return generateEmailActionLinkOp(EmailLinkType.VERIFY_EMAIL, email, settings)
+        .callAsync(firebaseApp);
+  }
+
+  /**
+   * Generates the out-of-band email action link for email link sign-in flows, using the action code
+   * settings provided.
+   *
+   * @param email The email of the user signing in.
+   * @param settings The action code settings object which defines whether the link is to be handled
+   *     by a mobile app and the additional state information to be passed in the deep link.
+   * @return An email verification link.
+   * @throws IllegalArgumentException If the email address is null or empty.
+   * @throws FirebaseAuthException If an error occurs while generating the link.
+   */
+  public String generateSignInWithEmailLink(
+      @NonNull String email, @NonNull ActionCodeSettings settings) throws FirebaseAuthException {
+    return generateEmailActionLinkOp(EmailLinkType.EMAIL_SIGNIN, email, settings).call();
+  }
+
+  /**
+   * Similar to {@link #generateSignInWithEmailLink(String, ActionCodeSettings)} but performs the
+   * operation asynchronously.
+   *
+   * @param email The email of the user signing in.
+   * @param settings The action code settings object which defines whether the link is to be handled
+   *     by a mobile app and the additional state information to be passed in the deep link.
+   * @return An {@code ApiFuture} which will complete successfully with the generated email action
+   *     link. If an error occurs while generating the link, the future throws a {@link
+   *     FirebaseAuthException}.
+   * @throws IllegalArgumentException If the email address is null or empty.
+   * @throws NullPointerException If the settings is null.
+   */
+  public ApiFuture<String> generateSignInWithEmailLinkAsync(
+      String email, @NonNull ActionCodeSettings settings) {
+    return generateEmailActionLinkOp(EmailLinkType.EMAIL_SIGNIN, email, settings)
+        .callAsync(firebaseApp);
+  }
+
+  private CallableOperation<String, FirebaseAuthException> generateEmailActionLinkOp(
+      final EmailLinkType type, final String email, final ActionCodeSettings settings) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(email), "email must not be null or empty");
+    if (type == EmailLinkType.EMAIL_SIGNIN) {
+      checkNotNull(settings, "ActionCodeSettings must not be null when generating sign-in links");
+    }
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<String, FirebaseAuthException>() {
+      @Override
+      protected String execute() throws FirebaseAuthException {
+        return userManager.getEmailActionLink(type, email, settings);
+      }
+    };
+  }
+
+  /**
+   * Creates a new OpenID Connect auth provider config with the attributes contained in the
+   * specified {@link OidcProviderConfig.CreateRequest}.
+   *
+   * @param request A non-null {@link OidcProviderConfig.CreateRequest} instance.
+   * @return An {@link OidcProviderConfig} instance corresponding to the newly created provider
+   *     config.
+   * @throws NullPointerException if the provided request is null.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not
+   *     prefixed with 'oidc.'.
+   * @throws FirebaseAuthException if an error occurs while creating the provider config.
+   */
+  public OidcProviderConfig createOidcProviderConfig(
+      @NonNull OidcProviderConfig.CreateRequest request) throws FirebaseAuthException {
+    return createOidcProviderConfigOp(request).call();
+  }
+
+  /**
+   * Similar to {@link #createOidcProviderConfig} but performs the operation asynchronously.
+   *
+   * @param request A non-null {@link OidcProviderConfig.CreateRequest} instance.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link OidcProviderConfig}
+   *     instance corresponding to the newly created provider config. If an error occurs while
+   *     creating the provider config, the future throws a {@link FirebaseAuthException}.
+   * @throws NullPointerException if the provided request is null.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not
+   *     prefixed with 'oidc.'.
+   */
+  public ApiFuture<OidcProviderConfig> createOidcProviderConfigAsync(
+      @NonNull OidcProviderConfig.CreateRequest request) {
+    return createOidcProviderConfigOp(request).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<OidcProviderConfig, FirebaseAuthException>
+      createOidcProviderConfigOp(final OidcProviderConfig.CreateRequest request) {
+    checkNotDestroyed();
+    checkNotNull(request, "Create request must not be null.");
+    OidcProviderConfig.checkOidcProviderId(request.getProviderId());
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<OidcProviderConfig, FirebaseAuthException>() {
+      @Override
+      protected OidcProviderConfig execute() throws FirebaseAuthException {
+        return userManager.createOidcProviderConfig(request);
+      }
+    };
+  }
+
+  /**
+   * Updates an existing OpenID Connect auth provider config with the attributes contained in the
+   * specified {@link OidcProviderConfig.UpdateRequest}.
+   *
+   * @param request A non-null {@link OidcProviderConfig.UpdateRequest} instance.
+   * @return A {@link OidcProviderConfig} instance corresponding to the updated provider config.
+   * @throws NullPointerException if the provided update request is null.
+   * @throws IllegalArgumentException If the provided update request is invalid.
+   * @throws FirebaseAuthException if an error occurs while updating the provider config.
+   */
+  public OidcProviderConfig updateOidcProviderConfig(
+      @NonNull OidcProviderConfig.UpdateRequest request) throws FirebaseAuthException {
+    return updateOidcProviderConfigOp(request).call();
+  }
+
+  /**
+   * Similar to {@link #updateOidcProviderConfig} but performs the operation asynchronously.
+   *
+   * @param request A non-null {@link OidcProviderConfig.UpdateRequest} instance.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link OidcProviderConfig}
+   *     instance corresponding to the updated provider config. If an error occurs while updating
+   *     the provider config, the future throws a {@link FirebaseAuthException}.
+   * @throws NullPointerException if the provided update request is null.
+   * @throws IllegalArgumentException If the provided update request is invalid.
+   */
+  public ApiFuture<OidcProviderConfig> updateOidcProviderConfigAsync(
+      @NonNull OidcProviderConfig.UpdateRequest request) {
+    return updateOidcProviderConfigOp(request).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<OidcProviderConfig, FirebaseAuthException> updateOidcProviderConfigOp(
+      final OidcProviderConfig.UpdateRequest request) {
+    checkNotDestroyed();
+    checkNotNull(request, "Update request must not be null.");
+    checkArgument(!request.getProperties().isEmpty(),
+        "Update request must have at least one property set.");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<OidcProviderConfig, FirebaseAuthException>() {
+      @Override
+      protected OidcProviderConfig execute() throws FirebaseAuthException {
+        return userManager.updateOidcProviderConfig(request);
+      }
+    };
+  }
+
+  /**
+   * Gets the OpenID Connect auth provider corresponding to the specified provider ID.
+   *
+   * @param providerId A provider ID string.
+   * @return An {@link OidcProviderConfig} instance.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not prefixed
+   *     with 'oidc'.
+   * @throws FirebaseAuthException If an error occurs while retrieving the provider config.
+   */
+  public OidcProviderConfig getOidcProviderConfig(@NonNull String providerId)
+      throws FirebaseAuthException {
+    return getOidcProviderConfigOp(providerId).call();
+  }
+
+  /**
+   * Similar to {@link #getOidcProviderConfig(String)} but performs the operation asynchronously.
+   * Page size is limited to 100 provider configs.
+   *
+   * @param providerId A provider ID string.
+   * @return An {@code ApiFuture} which will complete successfully with an
+   *     {@link OidcProviderConfig} instance. If an error occurs while retrieving the provider
+   *     config or if the specified provider ID does not exist, the future throws a
+   *     {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not
+   *     prefixed with 'oidc.'.
+   */
+  public ApiFuture<OidcProviderConfig> getOidcProviderConfigAsync(@NonNull String providerId) {
+    return getOidcProviderConfigOp(providerId).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<OidcProviderConfig, FirebaseAuthException>
+      getOidcProviderConfigOp(final String providerId) {
+    checkNotDestroyed();
+    OidcProviderConfig.checkOidcProviderId(providerId);
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<OidcProviderConfig, FirebaseAuthException>() {
+      @Override
+      protected OidcProviderConfig execute() throws FirebaseAuthException {
+        return userManager.getOidcProviderConfig(providerId);
+      }
+    };
+  }
+
+  /**
+   * Gets a page of OpenID Connect auth provider configs starting from the specified
+   * {@code pageToken}. Page size is limited to 100 provider configs.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of provider
+   *     configs.
+   * @return A {@link ListProviderConfigsPage} instance.
+   * @throws IllegalArgumentException If the specified page token is empty
+   * @throws FirebaseAuthException If an error occurs while retrieving provider config data.
+   */
+  public ListProviderConfigsPage<OidcProviderConfig> listOidcProviderConfigs(
+        @Nullable String pageToken) throws FirebaseAuthException {
+    int maxResults = FirebaseUserManager.MAX_LIST_PROVIDER_CONFIGS_RESULTS;
+    return listOidcProviderConfigsOp(pageToken, maxResults).call();
+  }
+
+  /**
+   * Gets a page of OpenID Connect auth provider configs starting from the specified
+   * {@code pageToken}.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of provider
+   *     configs.
+   * @param maxResults Maximum number of provider configs to include in the returned page. This may
+   *     not exceed 100.
+   * @return A {@link ListProviderConfigsPage} instance.
+   * @throws IllegalArgumentException If the specified page token is empty, or max results value is
+   *     invalid.
+   * @throws FirebaseAuthException If an error occurs while retrieving provider config data.
+   */
+  public ListProviderConfigsPage<OidcProviderConfig> listOidcProviderConfigs(
+        @Nullable String pageToken, int maxResults) throws FirebaseAuthException {
+    return listOidcProviderConfigsOp(pageToken, maxResults).call();
+  }
+
+  /**
+   * Similar to {@link #listOidcProviderConfigs(String)} but performs the operation asynchronously.
+   * Page size is limited to 100 provider configs.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of provider
+   *     configs.
+   * @return An {@code ApiFuture} which will complete successfully with a
+   *     {@link ListProviderConfigsPage} instance. If an error occurs while retrieving provider
+   *     config data, the future throws an exception.
+   * @throws IllegalArgumentException If the specified page token is empty.
+   */
+  public ApiFuture<ListProviderConfigsPage<OidcProviderConfig>> listOidcProviderConfigsAsync(
+      @Nullable String pageToken) {
+    int maxResults = FirebaseUserManager.MAX_LIST_PROVIDER_CONFIGS_RESULTS;
+    return listOidcProviderConfigsAsync(pageToken, maxResults);
+  }
+
+  /**
+   * Similar to {@link #listOidcProviderConfigs(String, int)} but performs the operation
+   * asynchronously.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of provider
+   *     configs.
+   * @param maxResults Maximum number of provider configs to include in the returned page. This may
+   *     not exceed 100.
+   * @return An {@code ApiFuture} which will complete successfully with a
+   *     {@link ListProviderConfigsPage} instance. If an error occurs while retrieving provider
+   *     config data, the future throws an exception.
+   * @throws IllegalArgumentException If the specified page token is empty, or max results value is
+   *     invalid.
+   */
+  public ApiFuture<ListProviderConfigsPage<OidcProviderConfig>> listOidcProviderConfigsAsync(
+      @Nullable String pageToken,
+      int maxResults) {
+    return listOidcProviderConfigsOp(pageToken, maxResults).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<ListProviderConfigsPage<OidcProviderConfig>, FirebaseAuthException>
+      listOidcProviderConfigsOp(@Nullable final String pageToken, final int maxResults) {
+    checkNotDestroyed();
+    final FirebaseUserManager userManager = getUserManager();
+    final DefaultOidcProviderConfigSource source = new DefaultOidcProviderConfigSource(userManager);
+    final ListProviderConfigsPage.Factory<OidcProviderConfig> factory =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source, maxResults, pageToken);
+    return
+      new CallableOperation<ListProviderConfigsPage<OidcProviderConfig>, FirebaseAuthException>() {
+        @Override
+        protected ListProviderConfigsPage<OidcProviderConfig> execute()
+            throws FirebaseAuthException {
+          return factory.create();
+        }
+    };
+  }
+
+  /**
+   * Deletes the OpenID Connect auth provider config identified by the specified provider ID.
+   *
+   * @param providerId A provider ID string.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not prefixed
+   *     with 'oidc'.
+   * @throws FirebaseAuthException If an error occurs while deleting the provider config.
+   */
+  public void deleteOidcProviderConfig(@NonNull String providerId) throws FirebaseAuthException {
+    deleteOidcProviderConfigOp(providerId).call();
+  }
+
+  /**
+   * Similar to {@link #deleteOidcProviderConfig} but performs the operation asynchronously.
+   *
+   * @param providerId A provider ID string.
+   * @return An {@code ApiFuture} which will complete successfully when the specified provider
+   *     config has been deleted. If an error occurs while deleting the provider config, the future
+   *     throws a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not prefixed
+   *     with "oidc.".
+   */
+  public ApiFuture<Void> deleteOidcProviderConfigAsync(String providerId) {
+    return deleteOidcProviderConfigOp(providerId).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<Void, FirebaseAuthException> deleteOidcProviderConfigOp(
+      final String providerId) {
+    checkNotDestroyed();
+    OidcProviderConfig.checkOidcProviderId(providerId);
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<Void, FirebaseAuthException>() {
+      @Override
+      protected Void execute() throws FirebaseAuthException {
+        userManager.deleteOidcProviderConfig(providerId);
+        return null;
+      }
+    };
+  }
+
+  /**
+   * Creates a new SAML Auth provider config with the attributes contained in the specified
+   * {@link SamlProviderConfig.CreateRequest}.
+   *
+   * @param request A non-null {@link SamlProviderConfig.CreateRequest} instance.
+   * @return An {@link SamlProviderConfig} instance corresponding to the newly created provider
+   *     config.
+   * @throws NullPointerException if the provided request is null.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not prefixed
+   *     with 'saml'.
+   * @throws FirebaseAuthException if an error occurs while creating the provider config.
+   */
+  public SamlProviderConfig createSamlProviderConfig(
+      @NonNull SamlProviderConfig.CreateRequest request) throws FirebaseAuthException {
+    return createSamlProviderConfigOp(request).call();
+  }
+
+  /**
+   * Similar to {@link #createSamlProviderConfig} but performs the operation asynchronously.
+   *
+   * @param request A non-null {@link SamlProviderConfig.CreateRequest} instance.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link SamlProviderConfig}
+   *     instance corresponding to the newly created provider config. If an error occurs while
+   *     creating the provider config, the future throws a {@link FirebaseAuthException}.
+   * @throws NullPointerException if the provided request is null.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not prefixed
+   *     with 'saml'.
+   */
+  public ApiFuture<SamlProviderConfig> createSamlProviderConfigAsync(
+      @NonNull SamlProviderConfig.CreateRequest request) {
+    return createSamlProviderConfigOp(request).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<SamlProviderConfig, FirebaseAuthException>
+      createSamlProviderConfigOp(final SamlProviderConfig.CreateRequest request) {
+    checkNotDestroyed();
+    checkNotNull(request, "Create request must not be null.");
+    SamlProviderConfig.checkSamlProviderId(request.getProviderId());
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<SamlProviderConfig, FirebaseAuthException>() {
+      @Override
+      protected SamlProviderConfig execute() throws FirebaseAuthException {
+        return userManager.createSamlProviderConfig(request);
+      }
+    };
+  }
+
+  /**
+   * Updates an existing SAML Auth provider config with the attributes contained in the specified
+   * {@link SamlProviderConfig.UpdateRequest}.
+   *
+   * @param request A non-null {@link SamlProviderConfig.UpdateRequest} instance.
+   * @return A {@link SamlProviderConfig} instance corresponding to the updated provider config.
+   * @throws NullPointerException if the provided update request is null.
+   * @throws IllegalArgumentException If the provided update request is invalid.
+   * @throws FirebaseAuthException if an error occurs while updating the provider config.
+   */
+  public SamlProviderConfig updateSamlProviderConfig(
+      @NonNull SamlProviderConfig.UpdateRequest request) throws FirebaseAuthException {
+    return updateSamlProviderConfigOp(request).call();
+  }
+
+  /**
+   * Similar to {@link #updateSamlProviderConfig} but performs the operation asynchronously.
+   *
+   * @param request A non-null {@link SamlProviderConfig.UpdateRequest} instance.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link SamlProviderConfig}
+   *     instance corresponding to the updated provider config. If an error occurs while updating
+   *     the provider config, the future throws a {@link FirebaseAuthException}.
+   * @throws NullPointerException if the provided update request is null.
+   * @throws IllegalArgumentException If the provided update request is invalid.
+   */
+  public ApiFuture<SamlProviderConfig> updateSamlProviderConfigAsync(
+      @NonNull SamlProviderConfig.UpdateRequest request) {
+    return updateSamlProviderConfigOp(request).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<SamlProviderConfig, FirebaseAuthException> updateSamlProviderConfigOp(
+      final SamlProviderConfig.UpdateRequest request) {
+    checkNotDestroyed();
+    checkNotNull(request, "Update request must not be null.");
+    checkArgument(!request.getProperties().isEmpty(),
+        "Update request must have at least one property set.");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<SamlProviderConfig, FirebaseAuthException>() {
+      @Override
+      protected SamlProviderConfig execute() throws FirebaseAuthException {
+        return userManager.updateSamlProviderConfig(request);
+      }
+    };
+  }
+
+  /**
+   * Gets the SAML Auth provider config corresponding to the specified provider ID.
+   *
+   * @param providerId A provider ID string.
+   * @return An {@link SamlProviderConfig} instance.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not prefixed
+   *     with 'saml'.
+   * @throws FirebaseAuthException If an error occurs while retrieving the provider config.
+   */
+  public SamlProviderConfig getSamlProviderConfig(@NonNull String providerId)
+      throws FirebaseAuthException {
+    return getSamlProviderConfigOp(providerId).call();
+  }
+
+  /**
+   * Similar to {@link #getSamlProviderConfig(String)} but performs the operation asynchronously.
+   * Page size is limited to 100 provider configs.
+   *
+   * @param providerId A provider ID string.
+   * @return An {@code ApiFuture} which will complete successfully with an
+   *     {@link SamlProviderConfig} instance. If an error occurs while retrieving the provider
+   *     config or if the specified provider ID does not exist, the future throws a
+   *     {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not prefixed
+   *     with 'saml'.
+   */
+  public ApiFuture<SamlProviderConfig> getSamlProviderConfigAsync(@NonNull String providerId) {
+    return getSamlProviderConfigOp(providerId).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<SamlProviderConfig, FirebaseAuthException>
+      getSamlProviderConfigOp(final String providerId) {
+    checkNotDestroyed();
+    SamlProviderConfig.checkSamlProviderId(providerId);
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<SamlProviderConfig, FirebaseAuthException>() {
+      @Override
+      protected SamlProviderConfig execute() throws FirebaseAuthException {
+        return userManager.getSamlProviderConfig(providerId);
+      }
+    };
+  }
+
+  /**
+   * Gets a page of SAML Auth provider configs starting from the specified {@code pageToken}. Page
+   * size is limited to 100 provider configs.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of provider
+   *     configs.
+   * @return A {@link ListProviderConfigsPage} instance.
+   * @throws IllegalArgumentException If the specified page token is empty.
+   * @throws FirebaseAuthException If an error occurs while retrieving provider config data.
+   */
+  public ListProviderConfigsPage<SamlProviderConfig> listSamlProviderConfigs(
+        @Nullable String pageToken) throws FirebaseAuthException {
+    return listSamlProviderConfigs(
+        pageToken,
+        FirebaseUserManager.MAX_LIST_PROVIDER_CONFIGS_RESULTS);
+  }
+
+  /**
+   * Gets a page of SAML Auth provider configs starting from the specified {@code pageToken}.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of provider
+   *     configs.
+   * @param maxResults Maximum number of provider configs to include in the returned page. This may
+   *     not exceed 100.
+   * @return A {@link ListProviderConfigsPage} instance.
+   * @throws IllegalArgumentException If the specified page token is empty, or max results value is
+   *     invalid.
+   * @throws FirebaseAuthException If an error occurs while retrieving provider config data.
+   */
+  public ListProviderConfigsPage<SamlProviderConfig> listSamlProviderConfigs(
+        @Nullable String pageToken, int maxResults) throws FirebaseAuthException {
+    return listSamlProviderConfigsOp(pageToken, maxResults).call();
+  }
+
+  /**
+   * Similar to {@link #listSamlProviderConfigs(String)} but performs the operation asynchronously.
+   * Page size is limited to 100 provider configs.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of provider
+   *     configs.
+   * @return An {@code ApiFuture} which will complete successfully with a
+   *     {@link ListProviderConfigsPage} instance. If an error occurs while retrieving provider
+   *     config data, the future throws an exception.
+   * @throws IllegalArgumentException If the specified page token is empty.
+   */
+  public ApiFuture<ListProviderConfigsPage<SamlProviderConfig>> listSamlProviderConfigsAsync(
+      @Nullable String pageToken) {
+    int maxResults = FirebaseUserManager.MAX_LIST_PROVIDER_CONFIGS_RESULTS;
+    return listSamlProviderConfigsAsync(pageToken, maxResults);
+  }
+
+  /**
+   * Similar to {@link #listSamlProviderConfigs(String, int)} but performs the operation
+   * asynchronously.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of provider
+   *     configs.
+   * @param maxResults Maximum number of provider configs to include in the returned page. This may
+   *     not exceed 100.
+   * @return An {@code ApiFuture} which will complete successfully with a
+   *     {@link ListProviderConfigsPage} instance. If an error occurs while retrieving provider
+   *     config data, the future throws an exception.
+   * @throws IllegalArgumentException If the specified page token is empty, or max results value is
+   *     invalid.
+   */
+  public ApiFuture<ListProviderConfigsPage<SamlProviderConfig>> listSamlProviderConfigsAsync(
+      @Nullable String pageToken,
+      int maxResults) {
+    return listSamlProviderConfigsOp(pageToken, maxResults).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<ListProviderConfigsPage<SamlProviderConfig>, FirebaseAuthException>
+      listSamlProviderConfigsOp(@Nullable final String pageToken, final int maxResults) {
+    checkNotDestroyed();
+    final FirebaseUserManager userManager = getUserManager();
+    final DefaultSamlProviderConfigSource source = new DefaultSamlProviderConfigSource(userManager);
+    final ListProviderConfigsPage.Factory<SamlProviderConfig> factory =
+        new ListProviderConfigsPage.Factory<SamlProviderConfig>(source, maxResults, pageToken);
+    return
+      new CallableOperation<ListProviderConfigsPage<SamlProviderConfig>, FirebaseAuthException>() {
+        @Override
+        protected ListProviderConfigsPage<SamlProviderConfig> execute()
+            throws FirebaseAuthException {
+          return factory.create();
+        }
+    };
+  }
+
+  /**
+   * Deletes the SAML Auth provider config identified by the specified provider ID.
+   *
+   * @param providerId A provider ID string.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not prefixed
+   *     with "saml.".
+   * @throws FirebaseAuthException If an error occurs while deleting the provider config.
+   */
+  public void deleteSamlProviderConfig(@NonNull String providerId) throws FirebaseAuthException {
+    deleteSamlProviderConfigOp(providerId).call();
+  }
+
+  /**
+   * Similar to {@link #deleteSamlProviderConfig} but performs the operation asynchronously.
+   *
+   * @param providerId A provider ID string.
+   * @return An {@code ApiFuture} which will complete successfully when the specified provider
+   *     config has been deleted. If an error occurs while deleting the provider config, the future
+   *     throws a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the provider ID string is null or empty, or is not prefixed
+   *     with "saml.".
+   */
+  public ApiFuture<Void> deleteSamlProviderConfigAsync(String providerId) {
+    return deleteSamlProviderConfigOp(providerId).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<Void, FirebaseAuthException> deleteSamlProviderConfigOp(
+      final String providerId) {
+    checkNotDestroyed();
+    SamlProviderConfig.checkSamlProviderId(providerId);
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<Void, FirebaseAuthException>() {
+      @Override
+      protected Void execute() throws FirebaseAuthException {
+        userManager.deleteSamlProviderConfig(providerId);
+        return null;
+      }
+    };
+  }
+
+  FirebaseApp getFirebaseApp() {
+    return this.firebaseApp;
+  }
+
+  FirebaseTokenVerifier getCookieVerifier() {
+    return this.cookieVerifier.get();
+  }
+
+  FirebaseUserManager getUserManager() {
+    return this.userManager.get();
+  }
+
+  protected <T> Supplier<T> threadSafeMemoize(final Supplier<T> supplier) {
+    return Suppliers.memoize(
+        new Supplier<T>() {
+          @Override
+          public T get() {
+            checkNotNull(supplier);
+            synchronized (lock) {
+              checkNotDestroyed();
+              return supplier.get();
+            }
+          }
+        });
+  }
+
+  void checkNotDestroyed() {
+    synchronized (lock) {
+      checkState(
+          !destroyed.get(),
+          "FirebaseAuth instance is no longer alive. This happens when "
+              + "the parent FirebaseApp instance has been deleted.");
+    }
+  }
+
+  final void destroy() {
+    synchronized (lock) {
+      doDestroy();
+      destroyed.set(true);
+    }
+  }
+
+  /** Performs any additional required clean up. */
+  protected abstract void doDestroy();
+
+  static Builder builder() {
+    return new Builder();
+  }
+
+  static class Builder {
+    protected FirebaseApp firebaseApp;
+    private Supplier<FirebaseTokenFactory> tokenFactory;
+    private Supplier<? extends FirebaseTokenVerifier> idTokenVerifier;
+    private Supplier<? extends FirebaseTokenVerifier> cookieVerifier;
+    private Supplier<FirebaseUserManager> userManager;
+
+    private Builder() {}
+
+    Builder setFirebaseApp(FirebaseApp firebaseApp) {
+      this.firebaseApp = firebaseApp;
+      return this;
+    }
+
+    Builder setTokenFactory(Supplier<FirebaseTokenFactory> tokenFactory) {
+      this.tokenFactory = tokenFactory;
+      return this;
+    }
+
+    Builder setIdTokenVerifier(Supplier<? extends FirebaseTokenVerifier> idTokenVerifier) {
+      this.idTokenVerifier = idTokenVerifier;
+      return this;
+    }
+
+    Builder setCookieVerifier(Supplier<? extends FirebaseTokenVerifier> cookieVerifier) {
+      this.cookieVerifier = cookieVerifier;
+      return this;
+    }
+
+    Builder setUserManager(Supplier<FirebaseUserManager> userManager) {
+      this.userManager = userManager;
+      return this;
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/FirebaseAuth.java b/src/main/java/com/google/firebase/auth/FirebaseAuth.java
index 923778af4..f44bd2343 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseAuth.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 Google Inc.
+ * Copyright 2017 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,36 +18,19 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Preconditions.checkState;
 
-import com.google.api.client.json.JsonFactory;
 import com.google.api.client.util.Clock;
 import com.google.api.core.ApiFuture;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
 import com.google.common.base.Supplier;
-import com.google.common.base.Suppliers;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.ImplFirebaseTrampolines;
-import com.google.firebase.auth.FirebaseUserManager.EmailLinkType;
-import com.google.firebase.auth.FirebaseUserManager.UserImportRequest;
-import com.google.firebase.auth.ListUsersPage.DefaultUserSource;
-import com.google.firebase.auth.ListUsersPage.PageFactory;
-import com.google.firebase.auth.UserRecord.CreateRequest;
-import com.google.firebase.auth.UserRecord.UpdateRequest;
 import com.google.firebase.auth.internal.FirebaseTokenFactory;
+import com.google.firebase.auth.multitenancy.TenantManager;
 import com.google.firebase.internal.CallableOperation;
 import com.google.firebase.internal.FirebaseService;
 import com.google.firebase.internal.NonNull;
-import com.google.firebase.internal.Nullable;
-
-import java.io.IOException;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.atomic.AtomicBoolean;
 
 /**
  * This class is the entry point for all server-side Firebase Authentication actions.
@@ -57,29 +40,24 @@
  * custom tokens for use by client-side code, verifying Firebase ID Tokens received from clients, or
  * creating new FirebaseApp instances that are scoped to a particular authentication UID.
  */
-public class FirebaseAuth {
+public final class FirebaseAuth extends AbstractFirebaseAuth {
 
   private static final String SERVICE_ID = FirebaseAuth.class.getName();
 
-  private static final String ERROR_CUSTOM_TOKEN = "ERROR_CUSTOM_TOKEN";
-
-  private final Object lock = new Object();
-  private final AtomicBoolean destroyed = new AtomicBoolean(false);
+  private final Supplier<TenantManager> tenantManager;
 
-  private final FirebaseApp firebaseApp;
-  private final Supplier<FirebaseTokenFactory> tokenFactory;
-  private final Supplier<? extends FirebaseTokenVerifier> idTokenVerifier;
-  private final Supplier<? extends FirebaseTokenVerifier> cookieVerifier;
-  private final Supplier<? extends FirebaseUserManager> userManager;
-  private final JsonFactory jsonFactory;
+  FirebaseAuth(final Builder builder) {
+    super(builder);
+    tenantManager = threadSafeMemoize(new Supplier<TenantManager>() {
+      @Override
+      public TenantManager get() {
+        return new TenantManager(builder.firebaseApp);
+      }
+    });
+  }
 
-  private FirebaseAuth(Builder builder) {
-    this.firebaseApp = checkNotNull(builder.firebaseApp);
-    this.tokenFactory = threadSafeMemoize(builder.tokenFactory);
-    this.idTokenVerifier = threadSafeMemoize(builder.idTokenVerifier);
-    this.cookieVerifier = threadSafeMemoize(builder.cookieVerifier);
-    this.userManager = threadSafeMemoize(builder.userManager);
-    this.jsonFactory = firebaseApp.getOptions().getJsonFactory();
+  public TenantManager getTenantManager() {
+    return tenantManager.get();
   }
 
   /**
@@ -98,8 +76,8 @@ public static FirebaseAuth getInstance() {
    * @return A FirebaseAuth instance.
    */
   public static synchronized FirebaseAuth getInstance(FirebaseApp app) {
-    FirebaseAuthService service = ImplFirebaseTrampolines.getService(app, SERVICE_ID,
-        FirebaseAuthService.class);
+    FirebaseAuthService service =
+        ImplFirebaseTrampolines.getService(app, SERVICE_ID, FirebaseAuthService.class);
     if (service == null) {
       service = ImplFirebaseTrampolines.addService(app, new FirebaseAuthService(app));
     }
@@ -107,8 +85,8 @@ public static synchronized FirebaseAuth getInstance(FirebaseApp app) {
   }
 
   /**
-   * Creates a new Firebase session cookie from the given ID token and options. The returned JWT
-   * can be set as a server-side session cookie with a custom cookie policy.
+   * Creates a new Firebase session cookie from the given ID token and options. The returned JWT can
+   * be set as a server-side session cookie with a custom cookie policy.
    *
    * @param idToken The Firebase ID token to exchange for a session cookie.
    * @param options Additional options required to create the cookie.
@@ -116,8 +94,8 @@ public static synchronized FirebaseAuth getInstance(FirebaseApp app) {
    * @throws IllegalArgumentException If the ID token is null or empty, or if options is null.
    * @throws FirebaseAuthException If an error occurs while generating the session cookie.
    */
-  public String createSessionCookie(
-      @NonNull String idToken, @NonNull SessionCookieOptions options) throws FirebaseAuthException {
+  public String createSessionCookie(@NonNull String idToken, @NonNull SessionCookieOptions options)
+      throws FirebaseAuthException {
     return createSessionCookieOp(idToken, options).call();
   }
 
@@ -127,14 +105,14 @@ public String createSessionCookie(
    *
    * @param idToken The Firebase ID token to exchange for a session cookie.
    * @param options Additional options required to create the cookie.
-   * @return An {@code ApiFuture} which will complete successfully with a session cookie string.
-   *     If an error occurs while generating the cookie or if the specified ID token is invalid,
-   *     the future throws a {@link FirebaseAuthException}.
+   * @return An {@code ApiFuture} which will complete successfully with a session cookie string. If
+   *     an error occurs while generating the cookie or if the specified ID token is invalid, the
+   *     future throws a {@link FirebaseAuthException}.
    * @throws IllegalArgumentException If the ID token is null or empty, or if options is null.
    */
   public ApiFuture<String> createSessionCookieAsync(
       @NonNull String idToken, @NonNull SessionCookieOptions options) {
-    return createSessionCookieOp(idToken, options).callAsync(firebaseApp);
+    return createSessionCookieOp(idToken, options).callAsync(getFirebaseApp());
   }
 
   private CallableOperation<String, FirebaseAuthException> createSessionCookieOp(
@@ -157,8 +135,8 @@ protected String execute() throws FirebaseAuthException {
    * <p>If verified successfully, returns a parsed version of the cookie from which the UID and the
    * other claims can be read. If the cookie is invalid, throws a {@link FirebaseAuthException}.
    *
-   * <p>This method does not check whether the cookie has been revoked. See
-   * {@link #verifySessionCookie(String, boolean)}.
+   * <p>This method does not check whether the cookie has been revoked. See {@link
+   * #verifySessionCookie(String, boolean)}.
    *
    * @param cookie A Firebase session cookie string to verify and parse.
    * @return A {@link FirebaseToken} representing the verified and decoded cookie.
@@ -170,20 +148,18 @@ public FirebaseToken verifySessionCookie(String cookie) throws FirebaseAuthExcep
   /**
    * Parses and verifies a Firebase session cookie.
    *
-   * <p>If {@code checkRevoked} is true, additionally verifies that the cookie has not been
-   * revoked.
+   * <p>If {@code checkRevoked} is true, additionally verifies that the cookie has not been revoked.
    *
    * <p>If verified successfully, returns a parsed version of the cookie from which the UID and the
-   * other claims can be read. If the cookie is invalid or has been revoked while
-   * {@code checkRevoked} is true, throws a {@link FirebaseAuthException}.
+   * other claims can be read. If the cookie is invalid or has been revoked while {@code
+   * checkRevoked} is true, throws a {@link FirebaseAuthException}.
    *
    * @param cookie A Firebase session cookie string to verify and parse.
-   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly
-   *     revoked.
+   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
    * @return A {@link FirebaseToken} representing the verified and decoded cookie.
    */
-  public FirebaseToken verifySessionCookie(
-      String cookie, boolean checkRevoked) throws FirebaseAuthException {
+  public FirebaseToken verifySessionCookie(String cookie, boolean checkRevoked)
+      throws FirebaseAuthException {
     return verifySessionCookieOp(cookie, checkRevoked).call();
   }
 
@@ -203,13 +179,12 @@ public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie) {
    * asynchronously.
    *
    * @param cookie A Firebase session cookie string to verify and parse.
-   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly
-   *     revoked.
+   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
    * @return An {@code ApiFuture} which will complete successfully with the parsed cookie, or
    *     unsuccessfully with the failure Exception.
    */
   public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie, boolean checkRevoked) {
-    return verifySessionCookieOp(cookie, checkRevoked).callAsync(firebaseApp);
+    return verifySessionCookieOp(cookie, checkRevoked).callAsync(getFirebaseApp());
   }
 
   private CallableOperation<FirebaseToken, FirebaseAuthException> verifySessionCookieOp(
@@ -227,7 +202,7 @@ public FirebaseToken execute() throws FirebaseAuthException {
 
   @VisibleForTesting
   FirebaseTokenVerifier getSessionCookieVerifier(boolean checkRevoked) {
-    FirebaseTokenVerifier verifier = cookieVerifier.get();
+    FirebaseTokenVerifier verifier = getCookieVerifier();
     if (checkRevoked) {
       FirebaseUserManager userManager = getUserManager();
       verifier = RevocationCheckDecorator.decorateSessionCookieVerifier(verifier, userManager);
@@ -235,1109 +210,41 @@ FirebaseTokenVerifier getSessionCookieVerifier(boolean checkRevoked) {
     return verifier;
   }
 
-  /**
-   * Creates a Firebase custom token for the given UID. This token can then be sent back to a client
-   * application to be used with the
-   * <a href="/docs/auth/admin/create-custom-tokens#sign_in_using_custom_tokens_on_clients">signInWithCustomToken</a>
-   * authentication API.
-   *
-   * <p>{@link FirebaseApp} must have been initialized with service account credentials to use
-   * call this method.
-   *
-   * @param uid The UID to store in the token. This identifies the user to other Firebase services
-   *     (Realtime Database, Firebase Auth, etc.). Should be less than 128 characters.
-   * @return A Firebase custom token string.
-   * @throws IllegalArgumentException If the specified uid is null or empty, or if the app has not
-   *     been initialized with service account credentials.
-   * @throws FirebaseAuthException If an error occurs while generating the custom token.
-   */
-  public String createCustomToken(@NonNull String uid) throws FirebaseAuthException {
-    return createCustomToken(uid, null);
-  }
-
-  /**
-   * Creates a Firebase custom token for the given UID, containing the specified additional
-   * claims. This token can then be sent back to a client application to be used with the
-   * <a href="/docs/auth/admin/create-custom-tokens#sign_in_using_custom_tokens_on_clients">signInWithCustomToken</a>
-   * authentication API.
-   *
-   * <p>This method attempts to generate a token using:
-   * <ol>
-   *   <li>the private key of {@link FirebaseApp}'s service account credentials, if provided at
-   *   initialization.
-   *   <li>the <a href="https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/signBlob">IAM service</a>
-   *   if a service account email was specified via
-   *   {@link com.google.firebase.FirebaseOptions.Builder#setServiceAccountId(String)}.
-   *   <li>the <a href="https://cloud.google.com/appengine/docs/standard/java/appidentity/">App Identity
-   *   service</a> if the code is deployed in the Google App Engine standard environment.
-   *   <li>the <a href="https://cloud.google.com/compute/docs/storing-retrieving-metadata">
-   *   local Metadata server</a> if the code is deployed in a different GCP-managed environment
-   *   like Google Compute Engine.
-   * </ol>
-   *
-   * <p>This method throws an exception when all the above fail.
-   *
-   * @param uid The UID to store in the token. This identifies the user to other Firebase services
-   *     (Realtime Database, Firebase Auth, etc.). Should be less than 128 characters.
-   * @param developerClaims Additional claims to be stored in the token (and made available to
-   *     security rules in Database, Storage, etc.). These must be able to be serialized to JSON
-   *     (e.g. contain only Maps, Arrays, Strings, Booleans, Numbers, etc.)
-   * @return A Firebase custom token string.
-   * @throws IllegalArgumentException If the specified uid is null or empty.
-   * @throws IllegalStateException If the SDK fails to discover a viable approach for signing
-   *     tokens.
-   * @throws FirebaseAuthException If an error occurs while generating the custom token.
-   */
-  public String createCustomToken(@NonNull String uid,
-      @Nullable Map<String, Object> developerClaims) throws FirebaseAuthException {
-    return createCustomTokenOp(uid, developerClaims).call();
-  }
-
-  /**
-   * Similar to {@link #createCustomToken(String)} but performs the operation asynchronously.
-   *
-   * @param uid The UID to store in the token. This identifies the user to other Firebase services
-   *     (Realtime Database, Firebase Auth, etc.). Should be less than 128 characters.
-   * @return An {@code ApiFuture} which will complete successfully with the created Firebase custom
-   *     token, or unsuccessfully with the failure Exception.
-   * @throws IllegalArgumentException If the specified uid is null or empty, or if the app has not
-   *     been initialized with service account credentials.
-   */
-  public ApiFuture<String> createCustomTokenAsync(@NonNull String uid) {
-    return createCustomTokenAsync(uid, null);
-  }
-
-  /**
-   * Similar to {@link #createCustomToken(String, Map)} but performs the operation
-   * asynchronously.
-   *
-   * @param uid The UID to store in the token. This identifies the user to other Firebase services
-   *     (Realtime Database, Storage, etc.). Should be less than 128 characters.
-   * @param developerClaims Additional claims to be stored in the token (and made available to
-   *     security rules in Database, Storage, etc.). These must be able to be serialized to JSON
-   *     (e.g. contain only Maps, Arrays, Strings, Booleans, Numbers, etc.)
-   * @return An {@code ApiFuture} which will complete successfully with the created Firebase custom
-   *     token, or unsuccessfully with the failure Exception.
-   * @throws IllegalArgumentException If the specified uid is null or empty, or if the app has not
-   *     been initialized with service account credentials.
-   */
-  public ApiFuture<String> createCustomTokenAsync(
-      @NonNull String uid, @Nullable Map<String, Object> developerClaims) {
-    return createCustomTokenOp(uid, developerClaims).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<String, FirebaseAuthException> createCustomTokenOp(
-      final String uid, final Map<String, Object> developerClaims) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
-    final FirebaseTokenFactory tokenFactory = this.tokenFactory.get();
-    return new CallableOperation<String, FirebaseAuthException>() {
-      @Override
-      public String execute() throws FirebaseAuthException {
-        try {
-          return tokenFactory.createSignedCustomAuthTokenForUser(uid, developerClaims);
-        } catch (IOException e) {
-          throw new FirebaseAuthException(ERROR_CUSTOM_TOKEN,
-              "Failed to generate a custom token", e);
-        }
-      }
-    };
-  }
-
-  /**
-   * Parses and verifies a Firebase ID Token.
-   *
-   * <p>A Firebase application can identify itself to a trusted backend server by sending its
-   * Firebase ID Token (accessible via the {@code getToken} API in the Firebase Authentication
-   * client) with its requests. The backend server can then use the {@code verifyIdToken()} method
-   * to verify that the token is valid. This method ensures that the token is correctly signed,
-   * has not expired, and it was issued to the Firebase project associated with this
-   * {@link FirebaseAuth} instance.
-   *
-   * <p>This method does not check whether a token has been revoked. Use
-   * {@link #verifyIdToken(String, boolean)} to perform an additional revocation check.
-   *
-   * @param token A Firebase ID token string to parse and verify.
-   * @return A {@link FirebaseToken} representing the verified and decoded token.
-   * @throws IllegalArgumentException If the token is null, empty, or if the {@link FirebaseApp}
-   *     instance does not have a project ID associated with it.
-   * @throws FirebaseAuthException If an error occurs while parsing or validating the token.
-   */
-  public FirebaseToken verifyIdToken(@NonNull String token) throws FirebaseAuthException {
-    return verifyIdToken(token, false);
-  }
-
-  /**
-   * Parses and verifies a Firebase ID Token.
-   *
-   * <p>A Firebase application can identify itself to a trusted backend server by sending its
-   * Firebase ID Token (accessible via the {@code getToken} API in the Firebase Authentication
-   * client) with its requests. The backend server can then use the {@code verifyIdToken()} method
-   * to verify that the token is valid. This method ensures that the token is correctly signed,
-   * has not expired, and it was issued to the Firebase project associated with this
-   * {@link FirebaseAuth} instance.
-   *
-   * <p>If {@code checkRevoked} is set to true, this method performs an additional check to see
-   * if the ID token has been revoked since it was issues. This requires making an additional
-   * remote API call.
-   *
-   * @param token A Firebase ID token string to parse and verify.
-   * @param checkRevoked A boolean denoting whether to check if the tokens were revoked.
-   * @return A {@link FirebaseToken} representing the verified and decoded token.
-   * @throws IllegalArgumentException If the token is null, empty, or if the {@link FirebaseApp}
-   *     instance does not have a project ID associated with it.
-   * @throws FirebaseAuthException If an error occurs while parsing or validating the token.
-   */
-  public FirebaseToken verifyIdToken(
-      @NonNull String token, boolean checkRevoked) throws FirebaseAuthException {
-    return verifyIdTokenOp(token, checkRevoked).call();
-  }
-
-  /**
-   * Similar to {@link #verifyIdToken(String)} but performs the operation asynchronously.
-   *
-   * @param token A Firebase ID Token to verify and parse.
-   * @return An {@code ApiFuture} which will complete successfully with the parsed token, or
-   *     unsuccessfully with a {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the token is null, empty, or if the {@link FirebaseApp}
-   *     instance does not have a project ID associated with it.
-   */
-  public ApiFuture<FirebaseToken> verifyIdTokenAsync(@NonNull String token) {
-    return verifyIdTokenAsync(token, false);
-  }
-
-  /**
-   * Similar to {@link #verifyIdToken(String, boolean)} but performs the operation asynchronously.
-   *
-   * @param token A Firebase ID Token to verify and parse.
-   * @param checkRevoked A boolean denoting whether to check if the tokens were revoked.
-   * @return An {@code ApiFuture} which will complete successfully with the parsed token, or
-   *     unsuccessfully with a {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the token is null, empty, or if the {@link FirebaseApp}
-   *     instance does not have a project ID associated with it.
-   */
-  public ApiFuture<FirebaseToken> verifyIdTokenAsync(@NonNull String token, boolean checkRevoked) {
-    return verifyIdTokenOp(token, checkRevoked).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<FirebaseToken, FirebaseAuthException> verifyIdTokenOp(
-      final String token, final boolean checkRevoked) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(token), "ID token must not be null or empty");
-    final FirebaseTokenVerifier verifier = getIdTokenVerifier(checkRevoked);
-    return new CallableOperation<FirebaseToken, FirebaseAuthException>() {
-      @Override
-      protected FirebaseToken execute() throws FirebaseAuthException {
-        return verifier.verifyToken(token);
-      }
-    };
-  }
-
-  @VisibleForTesting
-  FirebaseTokenVerifier getIdTokenVerifier(boolean checkRevoked) {
-    FirebaseTokenVerifier verifier = idTokenVerifier.get();
-    if (checkRevoked) {
-      FirebaseUserManager userManager = getUserManager();
-      verifier = RevocationCheckDecorator.decorateIdTokenVerifier(verifier, userManager);
-    }
-    return verifier;
-  }
-
-  /**
-   * Revokes all refresh tokens for the specified user.
-   *
-   * <p>Updates the user's tokensValidAfterTimestamp to the current UTC time expressed in
-   * milliseconds since the epoch and truncated to 1 second accuracy. It is important that the
-   * server on which this is called has its clock set correctly and synchronized.
-   *
-   * <p>While this will revoke all sessions for a specified user and disable any new ID tokens for
-   * existing sessions from getting minted, existing ID tokens may remain active until their
-   * natural expiration (one hour).
-   * To verify that ID tokens are revoked, use {@link #verifyIdTokenAsync(String, boolean)}.
-   *
-   * @param uid The user id for which tokens are revoked.
-   * @throws IllegalArgumentException If the user ID is null or empty.
-   * @throws FirebaseAuthException If an error occurs while revoking tokens.
-   */
-  public void revokeRefreshTokens(@NonNull String uid) throws FirebaseAuthException {
-    revokeRefreshTokensOp(uid).call();
-  }
-
-  /**
-   * Similar to {@link #revokeRefreshTokens(String)} but performs the operation asynchronously.
-   * 
-   * @param uid The user id for which tokens are revoked.
-   * @return An {@code ApiFuture} which will complete successfully or fail with a
-   *     {@link FirebaseAuthException} in the event of an error.
-   * @throws IllegalArgumentException If the user ID is null or empty.
-   */
-  public ApiFuture<Void> revokeRefreshTokensAsync(@NonNull String uid) {
-    return revokeRefreshTokensOp(uid).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<Void, FirebaseAuthException> revokeRefreshTokensOp(final String uid) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<Void, FirebaseAuthException>() {
-      @Override
-      protected Void execute() throws FirebaseAuthException {
-        int currentTimeSeconds = (int) (System.currentTimeMillis() / 1000);
-        UpdateRequest request = new UpdateRequest(uid).setValidSince(currentTimeSeconds);
-        userManager.updateUser(request, jsonFactory);
-        return null;
-      }
-    };
-  }
-
-  /**
-   * Gets the user data corresponding to the specified user ID.
-   *
-   * @param uid A user ID string.
-   * @return A {@link UserRecord} instance.
-   * @throws IllegalArgumentException If the user ID string is null or empty.
-   * @throws FirebaseAuthException If an error occurs while retrieving user data.
-   */
-  public UserRecord getUser(@NonNull String uid) throws FirebaseAuthException {
-    return getUserOp(uid).call();
-  }
-
-  /**
-   * Similar to {@link #getUser(String)} but performs the operation asynchronously.
-   *
-   * @param uid A user ID string.
-   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
-   *     instance. If an error occurs while retrieving user data or if the specified user ID does
-   *     not exist, the future throws a {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the user ID string is null or empty.
-   */
-  public ApiFuture<UserRecord> getUserAsync(@NonNull String uid) {
-    return getUserOp(uid).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<UserRecord, FirebaseAuthException> getUserOp(final String uid) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<UserRecord, FirebaseAuthException>() {
-      @Override
-      protected UserRecord execute() throws FirebaseAuthException {
-        return userManager.getUserById(uid);
-      }
-    };
-  }
-
-  /**
-   * Gets the user data corresponding to the specified user email.
-   *
-   * @param email A user email address string.
-   * @return A {@link UserRecord} instance.
-   * @throws IllegalArgumentException If the email is null or empty.
-   * @throws FirebaseAuthException If an error occurs while retrieving user data.
-   */
-  public UserRecord getUserByEmail(@NonNull String email) throws FirebaseAuthException {
-    return getUserByEmailOp(email).call();
-  }
-
-  /**
-   * Similar to {@link #getUserByEmail(String)} but performs the operation asynchronously.
-   *
-   * @param email A user email address string.
-   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
-   *     instance. If an error occurs while retrieving user data or if the email address does not
-   *     correspond to a user, the future throws a {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the email is null or empty.
-   */
-  public ApiFuture<UserRecord> getUserByEmailAsync(@NonNull String email) {
-    return getUserByEmailOp(email).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<UserRecord, FirebaseAuthException> getUserByEmailOp(
-      final String email) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(email), "email must not be null or empty");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<UserRecord, FirebaseAuthException>() {
-      @Override
-      protected UserRecord execute() throws FirebaseAuthException {
-        return userManager.getUserByEmail(email);
-      }
-    };
-  }
-
-  /**
-   * Gets the user data corresponding to the specified user phone number.
-   *
-   * @param phoneNumber A user phone number string.
-   * @return A a {@link UserRecord} instance.
-   * @throws IllegalArgumentException If the phone number is null or empty.
-   * @throws FirebaseAuthException If an error occurs while retrieving user data.
-   */
-  public UserRecord getUserByPhoneNumber(@NonNull String phoneNumber) throws FirebaseAuthException {
-    return getUserByPhoneNumberOp(phoneNumber).call();
-  }
-
-  /**
-   * Gets the user data corresponding to the specified user phone number.
-   *
-   * @param phoneNumber A user phone number string.
-   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
-   *     instance. If an error occurs while retrieving user data or if the phone number does not
-   *     correspond to a user, the future throws a {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the phone number is null or empty.
-   */
-  public ApiFuture<UserRecord> getUserByPhoneNumberAsync(@NonNull String phoneNumber) {
-    return getUserByPhoneNumberOp(phoneNumber).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<UserRecord, FirebaseAuthException> getUserByPhoneNumberOp(
-      final String phoneNumber) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(phoneNumber), "phone number must not be null or empty");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<UserRecord, FirebaseAuthException>() {
-      @Override
-      protected UserRecord execute() throws FirebaseAuthException {
-        return userManager.getUserByPhoneNumber(phoneNumber);
-      }
-    };
-  }
-
-  /**
-   * Gets the user data corresponding to the specified identifiers.
-   *
-   * <p>There are no ordering guarantees; in particular, the nth entry in the users result list is
-   * not guaranteed to correspond to the nth entry in the input parameters list.
-   *
-   * <p>A maximum of 100 identifiers may be specified. If more than 100 identifiers are
-   * supplied, this method throws an {@link IllegalArgumentException}.
-   *
-   * @param identifiers The identifiers used to indicate which user records should be returned. Must
-   *     have 100 or fewer entries.
-   * @return The corresponding user records.
-   * @throws IllegalArgumentException If any of the identifiers are invalid or if more than 100
-   *     identifiers are specified.
-   * @throws NullPointerException If the identifiers parameter is null.
-   * @throws FirebaseAuthException If an error occurs while retrieving user data.
-   */
-  public GetUsersResult getUsers(@NonNull Collection<UserIdentifier> identifiers)
-      throws FirebaseAuthException {
-    return getUsersOp(identifiers).call();
-  }
-
-  /**
-   * Gets the user data corresponding to the specified identifiers.
-   *
-   * <p>There are no ordering guarantees; in particular, the nth entry in the users result list is
-   * not guaranteed to correspond to the nth entry in the input parameters list.
-   *
-   * <p>A maximum of 100 identifiers may be specified. If more than 100 identifiers are
-   * supplied, this method throws an {@link IllegalArgumentException}.
-   *
-   * @param identifiers The identifiers used to indicate which user records should be returned.
-   *     Must have 100 or fewer entries.
-   * @return An {@code ApiFuture} that resolves to the corresponding user records.
-   * @throws IllegalArgumentException If any of the identifiers are invalid or if more than 100
-   *     identifiers are specified.
-   * @throws NullPointerException If the identifiers parameter is null.
-   */
-  public ApiFuture<GetUsersResult> getUsersAsync(@NonNull Collection<UserIdentifier> identifiers) {
-    return getUsersOp(identifiers).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<GetUsersResult, FirebaseAuthException> getUsersOp(
-      @NonNull final Collection<UserIdentifier> identifiers) {
-    checkNotDestroyed();
-    checkNotNull(identifiers, "identifiers must not be null");
-    checkArgument(identifiers.size() <= FirebaseUserManager.MAX_GET_ACCOUNTS_BATCH_SIZE,
-        "identifiers parameter must have <= " + FirebaseUserManager.MAX_GET_ACCOUNTS_BATCH_SIZE
-        + " entries.");
-
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<GetUsersResult, FirebaseAuthException>() {
-      @Override
-      protected GetUsersResult execute() throws FirebaseAuthException {
-        Set<UserRecord> users = userManager.getAccountInfo(identifiers);
-        Set<UserIdentifier> notFound = new HashSet<>();
-        for (UserIdentifier id : identifiers) {
-          if (!isUserFound(id, users)) {
-            notFound.add(id);
-          }
-        }
-        return new GetUsersResult(users, notFound);
-      }
-    };
-  }
-
-  private boolean isUserFound(UserIdentifier id, Collection<UserRecord> userRecords) {
-    for (UserRecord userRecord : userRecords) {
-      if (id.matches(userRecord)) {
-        return true;
-      }
-    }
-    return false;
-  }
-
-  /**
-   * Gets a page of users starting from the specified {@code pageToken}. Page size is
-   * limited to 1000 users.
-   *
-   * @param pageToken A non-empty page token string, or null to retrieve the first page of users.
-   * @return A {@link ListUsersPage} instance.
-   * @throws IllegalArgumentException If the specified page token is empty.
-   * @throws FirebaseAuthException If an error occurs while retrieving user data.
-   */
-  public ListUsersPage listUsers(@Nullable String pageToken) throws FirebaseAuthException {
-    return listUsers(pageToken, FirebaseUserManager.MAX_LIST_USERS_RESULTS);
-  }
-
-  /**
-   * Gets a page of users starting from the specified {@code pageToken}.
-   *
-   * @param pageToken A non-empty page token string, or null to retrieve the first page of users.
-   * @param maxResults Maximum number of users to include in the returned page. This may not
-   *     exceed 1000.
-   * @return A {@link ListUsersPage} instance.
-   * @throws IllegalArgumentException If the specified page token is empty, or max results value
-   *     is invalid.
-   * @throws FirebaseAuthException If an error occurs while retrieving user data.
-   */
-  public ListUsersPage listUsers(
-      @Nullable String pageToken, int maxResults) throws FirebaseAuthException {
-    return listUsersOp(pageToken, maxResults).call();
-  }
-
-  /**
-   * Similar to {@link #listUsers(String)} but performs the operation asynchronously.
-   *
-   * @param pageToken A non-empty page token string, or null to retrieve the first page of users.
-   * @return An {@code ApiFuture} which will complete successfully with a {@link ListUsersPage}
-   *     instance. If an error occurs while retrieving user data, the future throws an exception.
-   * @throws IllegalArgumentException If the specified page token is empty.
-   */
-  public ApiFuture<ListUsersPage> listUsersAsync(@Nullable String pageToken) {
-    return listUsersAsync(pageToken, FirebaseUserManager.MAX_LIST_USERS_RESULTS);
-  }
-
-  /**
-   * Similar to {@link #listUsers(String, int)} but performs the operation asynchronously.
-   *
-   * @param pageToken A non-empty page token string, or null to retrieve the first page of users.
-   * @param maxResults Maximum number of users to include in the returned page. This may not
-   *     exceed 1000.
-   * @return An {@code ApiFuture} which will complete successfully with a {@link ListUsersPage}
-   *     instance. If an error occurs while retrieving user data, the future throws an exception.
-   * @throws IllegalArgumentException If the specified page token is empty, or max results value
-   *     is invalid.
-   */
-  public ApiFuture<ListUsersPage> listUsersAsync(@Nullable String pageToken, int maxResults) {
-    return listUsersOp(pageToken, maxResults).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<ListUsersPage, FirebaseAuthException> listUsersOp(
-      @Nullable final String pageToken, final int maxResults) {
-    checkNotDestroyed();
-    final FirebaseUserManager userManager = getUserManager();
-    final PageFactory factory = new PageFactory(
-        new DefaultUserSource(userManager, jsonFactory), maxResults, pageToken);
-    return new CallableOperation<ListUsersPage, FirebaseAuthException>() {
-      @Override
-      protected ListUsersPage execute() throws FirebaseAuthException {
-        return factory.create();
-      }
-    };
-  }
-
-  /**
-   * Creates a new user account with the attributes contained in the specified
-   * {@link CreateRequest}.
-   *
-   * @param request A non-null {@link CreateRequest} instance.
-   * @return A {@link UserRecord} instance corresponding to the newly created account.
-   * @throws NullPointerException if the provided request is null.
-   * @throws FirebaseAuthException if an error occurs while creating the user account.
-   */
-  public UserRecord createUser(@NonNull CreateRequest request) throws FirebaseAuthException {
-    return createUserOp(request).call();
-  }
-
-  /**
-   * Similar to {@link #createUser(CreateRequest)} but performs the operation asynchronously.
-   *
-   * @param request A non-null {@link CreateRequest} instance.
-   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
-   *     instance corresponding to the newly created account. If an error occurs while creating the
-   *     user account, the future throws a {@link FirebaseAuthException}.
-   * @throws NullPointerException if the provided request is null.
-   */
-  public ApiFuture<UserRecord> createUserAsync(@NonNull CreateRequest request) {
-    return createUserOp(request).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<UserRecord, FirebaseAuthException> createUserOp(
-      final CreateRequest request) {
-    checkNotDestroyed();
-    checkNotNull(request, "create request must not be null");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<UserRecord, FirebaseAuthException>() {
-      @Override
-      protected UserRecord execute() throws FirebaseAuthException {
-        String uid = userManager.createUser(request);
-        return userManager.getUserById(uid);
-      }
-    };
-  }
-
-  /**
-   * Updates an existing user account with the attributes contained in the specified
-   * {@link UpdateRequest}.
-   *
-   * @param request A non-null {@link UpdateRequest} instance.
-   * @return A {@link UserRecord} instance corresponding to the updated user account.
-   *     account, the task fails with a {@link FirebaseAuthException}.
-   * @throws NullPointerException if the provided update request is null.
-   * @throws FirebaseAuthException if an error occurs while updating the user account.
-   */
-  public UserRecord updateUser(@NonNull UpdateRequest request) throws FirebaseAuthException {
-    return updateUserOp(request).call();
-  }
-
-  /**
-   * Similar to {@link #updateUser(UpdateRequest)} but performs the operation asynchronously.
-   *
-   * @param request A non-null {@link UpdateRequest} instance.
-   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
-   *     instance corresponding to the updated user account. If an error occurs while updating the
-   *     user account, the future throws a {@link FirebaseAuthException}.
-   */
-  public ApiFuture<UserRecord> updateUserAsync(@NonNull UpdateRequest request) {
-    return updateUserOp(request).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<UserRecord, FirebaseAuthException> updateUserOp(
-      final UpdateRequest request) {
-    checkNotDestroyed();
-    checkNotNull(request, "update request must not be null");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<UserRecord, FirebaseAuthException>() {
-      @Override
-      protected UserRecord execute() throws FirebaseAuthException {
-        userManager.updateUser(request, jsonFactory);
-        return userManager.getUserById(request.getUid());
-      }
-    };
-  }
-
-  /**
-   * Sets the specified custom claims on an existing user account. A null claims value removes
-   * any claims currently set on the user account. The claims should serialize into a valid JSON
-   * string. The serialized claims must not be larger than 1000 characters.
-   *
-   * @param uid A user ID string.
-   * @param claims A map of custom claims or null.
-   * @throws FirebaseAuthException If an error occurs while updating custom claims.
-   * @throws IllegalArgumentException If the user ID string is null or empty, or the claims
-   *     payload is invalid or too large.
-   */
-  public void setCustomUserClaims(@NonNull String uid,
-      @Nullable Map<String, Object> claims) throws FirebaseAuthException {
-    setCustomUserClaimsOp(uid, claims).call();
-  }
-
-  /**
-   * @deprecated Use {@link #setCustomUserClaims(String, Map)} instead.
-   */
-  public void setCustomClaims(@NonNull String uid,
-      @Nullable Map<String, Object> claims) throws FirebaseAuthException {
-    setCustomUserClaims(uid, claims);
-  }
-
-  /**
-   * Similar to {@link #setCustomUserClaims(String, Map)} but performs the operation asynchronously.
-   *
-   * @param uid A user ID string.
-   * @param claims A map of custom claims or null.
-   * @return An {@code ApiFuture} which will complete successfully when the user account has been
-   *     updated. If an error occurs while deleting the user account, the future throws a
-   *     {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the user ID string is null or empty.
-   */
-  public ApiFuture<Void> setCustomUserClaimsAsync(
-      @NonNull String uid, @Nullable Map<String, Object> claims) {
-    return setCustomUserClaimsOp(uid, claims).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<Void, FirebaseAuthException> setCustomUserClaimsOp(
-      final String uid, final Map<String, Object> claims) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<Void, FirebaseAuthException>() {
-      @Override
-      protected Void execute() throws FirebaseAuthException {
-        final UpdateRequest request = new UpdateRequest(uid).setCustomClaims(claims);
-        userManager.updateUser(request, jsonFactory);
-        return null;
-      }
-    };
-  }
-
-  /**
-   * Deletes the user identified by the specified user ID.
-   *
-   * @param uid A user ID string.
-   * @throws IllegalArgumentException If the user ID string is null or empty.
-   * @throws FirebaseAuthException If an error occurs while deleting the user.
-   */
-  public void deleteUser(@NonNull String uid) throws FirebaseAuthException {
-    deleteUserOp(uid).call();
-  }
-
-  /**
-   * Similar to {@link #deleteUser(String)} but performs the operation asynchronously.
-   *
-   * @param uid A user ID string.
-   * @return An {@code ApiFuture} which will complete successfully when the specified user account
-   *     has been deleted. If an error occurs while deleting the user account, the future throws a
-   *     {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the user ID string is null or empty.
-   */
-  public ApiFuture<Void> deleteUserAsync(String uid) {
-    return deleteUserOp(uid).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<Void, FirebaseAuthException> deleteUserOp(final String uid) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<Void, FirebaseAuthException>() {
-      @Override
-      protected Void execute() throws FirebaseAuthException {
-        userManager.deleteUser(uid);
-        return null;
-      }
-    };
-  }
-
-  /**
-   * Deletes the users specified by the given identifiers.
-   *
-   * <p>Deleting a non-existing user does not generate an error (the method is idempotent).
-   * Non-existing users are considered to be successfully deleted and are therefore included in the
-   * DeleteUsersResult.getSuccessCount() value.
-   *
-   * <p>A maximum of 1000 identifiers may be supplied. If more than 1000 identifiers are
-   * supplied, this method throws an {@link IllegalArgumentException}.
-   *
-   * <p>This API has a rate limit of 1 QPS. Exceeding the limit may result in a quota exceeded
-   * error. If you want to delete more than 1000 users, we suggest adding a delay to ensure you
-   * don't exceed this limit.
-   *
-   * @param uids The uids of the users to be deleted. Must have <= 1000 entries.
-   * @return The total number of successful/failed deletions, as well as the array of errors that
-   *     correspond to the failed deletions.
-   * @throw IllegalArgumentException If any of the identifiers are invalid or if more than 1000
-   *     identifiers are specified.
-   * @throws FirebaseAuthException If an error occurs while deleting users.
-   */
-  public DeleteUsersResult deleteUsers(List<String> uids) throws FirebaseAuthException {
-    return deleteUsersOp(uids).call();
-  }
-
-  /**
-   * Similar to {@link #deleteUsers(List)} but performs the operation asynchronously.
-   *
-   * @param uids The uids of the users to be deleted. Must have <= 1000 entries.
-   * @return An {@code ApiFuture} that resolves to the total number of successful/failed
-   *     deletions, as well as the array of errors that correspond to the failed deletions. If an
-   *     error occurs while deleting the user account, the future throws a
-   *     {@link FirebaseAuthException}.
-   * @throw IllegalArgumentException If any of the identifiers are invalid or if more than 1000
-   *     identifiers are specified.
-   */
-  public ApiFuture<DeleteUsersResult> deleteUsersAsync(List<String> uids) {
-    return deleteUsersOp(uids).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<DeleteUsersResult, FirebaseAuthException> deleteUsersOp(
-      final List<String> uids) {
-    checkNotDestroyed();
-    checkNotNull(uids, "uids must not be null");
-    for (String uid : uids) {
-      UserRecord.checkUid(uid);
-    }
-    checkArgument(uids.size() <= FirebaseUserManager.MAX_DELETE_ACCOUNTS_BATCH_SIZE,
-        "uids parameter must have <= " + FirebaseUserManager.MAX_DELETE_ACCOUNTS_BATCH_SIZE
-        + " entries.");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<DeleteUsersResult, FirebaseAuthException>() {
-      @Override
-      protected DeleteUsersResult execute() throws FirebaseAuthException {
-        return userManager.deleteUsers(uids);
-      }
-    };
-  }
-
-  /**
-   * Imports the provided list of users into Firebase Auth. You can import a maximum of 1000 users
-   * at a time.  This operation is optimized for bulk imports and does not check identifier
-   * uniqueness which could result in duplications.
-   *
-   * <p>{@link UserImportOptions} is required to import users with passwords. See
-   * {@link #importUsers(List, UserImportOptions)}.
-   *
-   * @param users A non-empty list of users to be imported. Length must not exceed 1000.
-   * @return A {@link UserImportResult} instance.
-   * @throws IllegalArgumentException If the users list is null, empty or has more than 1000
-   *     elements. Or if at least one user specifies a password.
-   * @throws FirebaseAuthException If an error occurs while importing users.
-   */
-  public UserImportResult importUsers(List<ImportUserRecord> users) throws FirebaseAuthException {
-    return importUsers(users, null);
-  }
-
-  /**
-   * Imports the provided list of users into Firebase Auth. At most 1000 users can be imported at a
-   * time. This operation is optimized for bulk imports and will ignore checks on identifier
-   * uniqueness which could result in duplications.
-   *
-   * @param users A non-empty list of users to be imported. Length must not exceed 1000.
-   * @param options a {@link UserImportOptions} instance or null. Required when importing users
-   *     with passwords.
-   * @return A {@link UserImportResult} instance.
-   * @throws IllegalArgumentException If the users list is null, empty or has more than 1000
-   *     elements. Or if at least one user specifies a password, and options is null.
-   * @throws FirebaseAuthException If an error occurs while importing users.
-   */
-  public UserImportResult importUsers(List<ImportUserRecord> users,
-      @Nullable UserImportOptions options) throws FirebaseAuthException {
-    return importUsersOp(users, options).call();
-  }
-
-  /**
-   * Similar to {@link #importUsers(List)} but performs the operation asynchronously.
-   *
-   * @param users A non-empty list of users to be imported. Length must not exceed 1000.
-   * @return An {@code ApiFuture} which will complete successfully when the user accounts are
-   *      imported. If an error occurs while importing the users, the future throws a
-   *     {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the users list is null, empty or has more than 1000
-   *     elements. Or if at least one user specifies a password.
-   */
-  public ApiFuture<UserImportResult> importUsersAsync(List<ImportUserRecord> users) {
-    return importUsersAsync(users, null);
-  }
-
-  /**
-   * Similar to {@link #importUsers(List, UserImportOptions)} but performs the operation
-   * asynchronously.
-   *
-   * @param users A non-empty list of users to be imported. Length must not exceed 1000.
-   * @param options a {@link UserImportOptions} instance or null. Required when importing users
-   *     with passwords.
-   * @return An {@code ApiFuture} which will complete successfully when the user accounts are
-   *      imported. If an error occurs while importing the users, the future throws a
-   *     {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the users list is null, empty or has more than 1000
-   *     elements. Or if at least one user specifies a password, and options is null.
-   */
-  public ApiFuture<UserImportResult> importUsersAsync(List<ImportUserRecord> users,
-      @Nullable UserImportOptions options) {
-    return importUsersOp(users, options).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<UserImportResult, FirebaseAuthException> importUsersOp(
-      final List<ImportUserRecord> users, final UserImportOptions options) {
-    checkNotDestroyed();
-    final UserImportRequest request = new UserImportRequest(users, options, jsonFactory);
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<UserImportResult, FirebaseAuthException>() {
-      @Override
-      protected UserImportResult execute() throws FirebaseAuthException {
-        return userManager.importUsers(request);
-      }
-    };
-  }
-
-  /**
-   * Generates the out-of-band email action link for password reset flows for the specified email
-   * address.
-   *
-   * @param email The email of the user whose password is to be reset.
-   * @return A password reset link.
-   * @throws IllegalArgumentException If the email address is null or empty.
-   * @throws FirebaseAuthException If an error occurs while generating the link.
-   */
-  public String generatePasswordResetLink(@NonNull String email) throws FirebaseAuthException {
-    return generatePasswordResetLink(email, null);
-  }
-
-  /**
-   * Generates the out-of-band email action link for password reset flows for the specified email
-   * address.
-   *
-   * @param email The email of the user whose password is to be reset.
-   * @param settings The action code settings object which defines whether
-   *     the link is to be handled by a mobile app and the additional state information to be
-   *     passed in the deep link.
-   * @return A password reset link.
-   * @throws IllegalArgumentException If the email address is null or empty.
-   * @throws FirebaseAuthException If an error occurs while generating the link.
-   */
-  public String generatePasswordResetLink(
-      @NonNull String email, @Nullable ActionCodeSettings settings) throws FirebaseAuthException {
-    return generateEmailActionLinkOp(EmailLinkType.PASSWORD_RESET, email, settings).call();
-  }
-
-  /**
-   * Similar to {@link #generatePasswordResetLink(String)} but performs the operation
-   * asynchronously.
-   *
-   * @param email The email of the user whose password is to be reset.
-   * @return An {@code ApiFuture} which will complete successfully with the generated email action
-   *     link. If an error occurs while generating the link, the future throws a
-   *     {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the email address is null or empty.
-   */
-  public ApiFuture<String> generatePasswordResetLinkAsync(@NonNull String email) {
-    return generatePasswordResetLinkAsync(email, null);
-  }
-
-  /**
-   * Similar to {@link #generatePasswordResetLink(String, ActionCodeSettings)} but performs the
-   * operation asynchronously.
-   *
-   * @param email The email of the user whose password is to be reset.
-   * @param settings The action code settings object which defines whether
-   *     the link is to be handled by a mobile app and the additional state information to be
-   *     passed in the deep link.
-   * @return An {@code ApiFuture} which will complete successfully with the generated email action
-   *     link. If an error occurs while generating the link, the future throws a
-   *     {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the email address is null or empty.
-   */
-  public ApiFuture<String> generatePasswordResetLinkAsync(
-      @NonNull String email, @Nullable ActionCodeSettings settings) {
-    return generateEmailActionLinkOp(EmailLinkType.PASSWORD_RESET, email, settings)
-            .callAsync(firebaseApp);
-  }
-
-  /**
-   * Generates the out-of-band email action link for email verification flows for the specified
-   * email address.
-   *
-   * @param email The email of the user to be verified.
-   * @return An email verification link.
-   * @throws IllegalArgumentException If the email address is null or empty.
-   * @throws FirebaseAuthException If an error occurs while generating the link.
-   */
-  public String generateEmailVerificationLink(@NonNull String email) throws FirebaseAuthException {
-    return generateEmailVerificationLink(email, null);
-  }
-
-  /**
-   * Generates the out-of-band email action link for email verification flows for the specified
-   * email address, using the action code settings provided.
-   *
-   * @param email The email of the user to be verified.
-   * @return An email verification link.
-   * @throws IllegalArgumentException If the email address is null or empty.
-   * @throws FirebaseAuthException If an error occurs while generating the link.
-   */
-  public String generateEmailVerificationLink(
-      @NonNull String email, @Nullable ActionCodeSettings settings) throws FirebaseAuthException {
-    return generateEmailActionLinkOp(EmailLinkType.VERIFY_EMAIL, email, settings).call();
-  }
-
-  /**
-   * Similar to {@link #generateEmailVerificationLink(String)} but performs the
-   * operation asynchronously.
-   *
-   * @param email The email of the user to be verified.
-   * @return An {@code ApiFuture} which will complete successfully with the generated email action
-   *     link. If an error occurs while generating the link, the future throws a
-   *     {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the email address is null or empty.
-   */
-  public ApiFuture<String> generateEmailVerificationLinkAsync(@NonNull String email) {
-    return generateEmailVerificationLinkAsync(email, null);
-  }
-
-  /**
-   * Similar to {@link #generateEmailVerificationLink(String, ActionCodeSettings)} but performs the
-   * operation asynchronously.
-   *
-   * @param email The email of the user to be verified.
-   * @param settings The action code settings object which defines whether
-   *     the link is to be handled by a mobile app and the additional state information to be
-   *     passed in the deep link.
-   * @return An {@code ApiFuture} which will complete successfully with the generated email action
-   *     link. If an error occurs while generating the link, the future throws a
-   *     {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the email address is null or empty.
-   */
-  public ApiFuture<String> generateEmailVerificationLinkAsync(
-      @NonNull String email, @Nullable ActionCodeSettings settings) {
-    return generateEmailActionLinkOp(EmailLinkType.VERIFY_EMAIL, email, settings)
-            .callAsync(firebaseApp);
-  }
-
-  /**
-   * Generates the out-of-band email action link for email link sign-in flows, using the action
-   * code settings provided.
-   *
-   * @param email The email of the user signing in.
-   * @param settings The action code settings object which defines whether
-   *     the link is to be handled by a mobile app and the additional state information to be
-   *     passed in the deep link.
-   * @return An email verification link.
-   * @throws IllegalArgumentException If the email address is null or empty.
-   * @throws FirebaseAuthException If an error occurs while generating the link.
-   */
-  public String generateSignInWithEmailLink(
-      @NonNull String email, @NonNull ActionCodeSettings settings) throws FirebaseAuthException {
-    return generateEmailActionLinkOp(EmailLinkType.EMAIL_SIGNIN, email, settings).call();
-  }
-
-  /**
-   * Similar to {@link #generateSignInWithEmailLink(String, ActionCodeSettings)} but performs the
-   * operation asynchronously.
-   *
-   * @param email The email of the user signing in.
-   * @param settings The action code settings object which defines whether
-   *     the link is to be handled by a mobile app and the additional state information to be
-   *     passed in the deep link.
-   * @return An {@code ApiFuture} which will complete successfully with the generated email action
-   *     link. If an error occurs while generating the link, the future throws a
-   *     {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the email address is null or empty.
-   * @throws NullPointerException If the settings is null.
-   */
-  public ApiFuture<String> generateSignInWithEmailLinkAsync(
-          String email, @NonNull ActionCodeSettings settings) {
-    return generateEmailActionLinkOp(EmailLinkType.EMAIL_SIGNIN, email, settings)
-            .callAsync(firebaseApp);
-  }
-
-  @VisibleForTesting
-  FirebaseUserManager getUserManager() {
-    return this.userManager.get();
-  }
-
-  private CallableOperation<String, FirebaseAuthException> generateEmailActionLinkOp(
-          final EmailLinkType type, final String email, final ActionCodeSettings settings) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(email), "email must not be null or empty");
-    if (type == EmailLinkType.EMAIL_SIGNIN) {
-      checkNotNull(settings, "ActionCodeSettings must not be null when generating sign-in links");
-    }
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<String, FirebaseAuthException>() {
-      @Override
-      protected String execute() throws FirebaseAuthException {
-        return userManager.getEmailActionLink(type, email, settings);
-      }
-    };
-  }
-
-  private <T> Supplier<T> threadSafeMemoize(final Supplier<T> supplier) {
-    return Suppliers.memoize(new Supplier<T>() {
-      @Override
-      public T get() {
-        checkNotNull(supplier);
-        synchronized (lock) {
-          checkNotDestroyed();
-          return supplier.get();
-        }
-      }
-    });
-  }
-
-  private void checkNotDestroyed() {
-    synchronized (lock) {
-      checkState(!destroyed.get(), "FirebaseAuth instance is no longer alive. This happens when "
-          + "the parent FirebaseApp instance has been deleted.");
-    }
-  }
-
-  private void destroy() {
-    synchronized (lock) {
-      destroyed.set(true);
-    }
-  }
+  @Override
+  protected void doDestroy() { }
 
   private static FirebaseAuth fromApp(final FirebaseApp app) {
-    return FirebaseAuth.builder()
-        .setFirebaseApp(app)
-        .setTokenFactory(new Supplier<FirebaseTokenFactory>() {
-          @Override
-          public FirebaseTokenFactory get() {
-            return FirebaseTokenUtils.createTokenFactory(app, Clock.SYSTEM);
-          }
-        })
-        .setIdTokenVerifier(new Supplier<FirebaseTokenVerifier>() {
-          @Override
-          public FirebaseTokenVerifier get() {
-            return FirebaseTokenUtils.createIdTokenVerifier(app, Clock.SYSTEM);
-          }
-        })
-        .setCookieVerifier(new Supplier<FirebaseTokenVerifier>() {
-          @Override
-          public FirebaseTokenVerifier get() {
-            return FirebaseTokenUtils.createSessionCookieVerifier(app, Clock.SYSTEM);
-          }
-        })
-        .setUserManager(new Supplier<FirebaseUserManager>() {
-          @Override
-          public FirebaseUserManager get() {
-            return new FirebaseUserManager(app);
-          }
-        })
-        .build();
-  }
-
-  @VisibleForTesting
-  static Builder builder() {
-    return new Builder();
-  }
-
-  static class Builder {
-    private FirebaseApp firebaseApp;
-    private Supplier<FirebaseTokenFactory> tokenFactory;
-    private Supplier<? extends FirebaseTokenVerifier> idTokenVerifier;
-    private Supplier<? extends FirebaseTokenVerifier> cookieVerifier;
-    private Supplier<FirebaseUserManager> userManager;
-
-    private Builder() { }
-
-    Builder setFirebaseApp(FirebaseApp firebaseApp) {
-      this.firebaseApp = firebaseApp;
-      return this;
-    }
-
-    Builder setTokenFactory(Supplier<FirebaseTokenFactory> tokenFactory) {
-      this.tokenFactory = tokenFactory;
-      return this;
-    }
-
-    Builder setIdTokenVerifier(Supplier<? extends FirebaseTokenVerifier> idTokenVerifier) {
-      this.idTokenVerifier = idTokenVerifier;
-      return this;
-    }
-
-    Builder setCookieVerifier(Supplier<? extends FirebaseTokenVerifier> cookieVerifier) {
-      this.cookieVerifier = cookieVerifier;
-      return this;
-    }
-
-    Builder setUserManager(Supplier<FirebaseUserManager> userManager) {
-      this.userManager = userManager;
-      return this;
-    }
-
-    FirebaseAuth build() {
-      return new FirebaseAuth(this);
-    }
+    return new FirebaseAuth(
+        AbstractFirebaseAuth.builder()
+          .setFirebaseApp(app)
+          .setTokenFactory(
+              new Supplier<FirebaseTokenFactory>() {
+                @Override
+                public FirebaseTokenFactory get() {
+                  return FirebaseTokenUtils.createTokenFactory(app, Clock.SYSTEM);
+                }
+              })
+          .setIdTokenVerifier(
+              new Supplier<FirebaseTokenVerifier>() {
+                @Override
+                public FirebaseTokenVerifier get() {
+                  return FirebaseTokenUtils.createIdTokenVerifier(app, Clock.SYSTEM);
+                }
+              })
+          .setCookieVerifier(
+              new Supplier<FirebaseTokenVerifier>() {
+                @Override
+                public FirebaseTokenVerifier get() {
+                  return FirebaseTokenUtils.createSessionCookieVerifier(app, Clock.SYSTEM);
+                }
+            })
+          .setUserManager(
+              new Supplier<FirebaseUserManager>() {
+                @Override
+                public FirebaseUserManager get() {
+                  return FirebaseUserManager.builder().setFirebaseApp(app).build();
+                }
+              }));
   }
 
   private static class FirebaseAuthService extends FirebaseService<FirebaseAuth> {
diff --git a/src/main/java/com/google/firebase/auth/FirebaseToken.java b/src/main/java/com/google/firebase/auth/FirebaseToken.java
index 3d7b0b254..835fa41c9 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseToken.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseToken.java
@@ -42,6 +42,15 @@ public String getUid() {
     return (String) claims.get("sub");
   }
 
+  /** Returns the tenant ID for the this token. */
+  public String getTenantId() {
+    Map<String, Object> firebase = (Map<String, Object>) claims.get("firebase");
+    if (firebase == null) {
+      return null;
+    }
+    return (String) firebase.get("tenant");
+  }
+
   /** Returns the Issuer for the this token. */
   public String getIssuer() {
     return (String) claims.get("iss");
@@ -57,14 +66,14 @@ public String getPicture() {
     return (String) claims.get("picture");
   }
 
-  /** 
+  /**
    * Returns the e-mail address for this user, or {@code null} if it's unavailable.
    */
   public String getEmail() {
     return (String) claims.get("email");
   }
 
-  /** 
+  /**
    * Indicates if the email address returned by {@link #getEmail()} has been verified as good.
    */
   public boolean isEmailVerified() {
diff --git a/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java b/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java
index dbb562872..e0105e9aa 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java
@@ -30,6 +30,7 @@
 import com.google.firebase.ImplFirebaseTrampolines;
 import com.google.firebase.auth.internal.CryptoSigners;
 import com.google.firebase.auth.internal.FirebaseTokenFactory;
+import com.google.firebase.internal.Nullable;
 
 import java.io.IOException;
 
@@ -52,11 +53,17 @@ final class FirebaseTokenUtils {
   private FirebaseTokenUtils() { }
 
   static FirebaseTokenFactory createTokenFactory(FirebaseApp firebaseApp, Clock clock) {
+    return createTokenFactory(firebaseApp, clock, null);
+  }
+
+  static FirebaseTokenFactory createTokenFactory(
+      FirebaseApp firebaseApp, Clock clock, @Nullable String tenantId) {
     try {
       return new FirebaseTokenFactory(
           firebaseApp.getOptions().getJsonFactory(),
           clock,
-          CryptoSigners.getCryptoSigner(firebaseApp));
+          CryptoSigners.getCryptoSigner(firebaseApp),
+          tenantId);
     } catch (IOException e) {
       throw new IllegalStateException(
           "Failed to initialize FirebaseTokenFactory. Make sure to initialize the SDK "
@@ -68,6 +75,11 @@ static FirebaseTokenFactory createTokenFactory(FirebaseApp firebaseApp, Clock cl
   }
 
   static FirebaseTokenVerifierImpl createIdTokenVerifier(FirebaseApp app, Clock clock) {
+    return createIdTokenVerifier(app, clock, null);
+  }
+
+  static FirebaseTokenVerifierImpl createIdTokenVerifier(
+      FirebaseApp app, Clock clock, @Nullable String tenantId) {
     String projectId = ImplFirebaseTrampolines.getProjectId(app);
     checkState(!Strings.isNullOrEmpty(projectId),
         "Must initialize FirebaseApp with a project ID to call verifyIdToken()");
@@ -82,6 +94,7 @@ static FirebaseTokenVerifierImpl createIdTokenVerifier(FirebaseApp app, Clock cl
         .setJsonFactory(app.getOptions().getJsonFactory())
         .setPublicKeysManager(publicKeysManager)
         .setIdTokenVerifier(idTokenVerifier)
+        .setTenantId(tenantId)
         .build();
   }
 
diff --git a/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java b/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
index c164173a6..e1a5a9a19 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
@@ -28,6 +28,7 @@
 import com.google.api.client.util.ArrayMap;
 import com.google.common.base.Joiner;
 import com.google.common.base.Strings;
+import com.google.firebase.internal.Nullable;
 import java.io.IOException;
 import java.math.BigDecimal;
 import java.security.GeneralSecurityException;
@@ -45,6 +46,7 @@ final class FirebaseTokenVerifierImpl implements FirebaseTokenVerifier {
       "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit";
   private static final String ERROR_INVALID_CREDENTIAL = "ERROR_INVALID_CREDENTIAL";
   private static final String ERROR_RUNTIME_EXCEPTION = "ERROR_RUNTIME_EXCEPTION";
+  static final String TENANT_ID_MISMATCH_ERROR = "tenant-id-mismatch";
 
   private final JsonFactory jsonFactory;
   private final GooglePublicKeysManager publicKeysManager;
@@ -53,6 +55,7 @@ final class FirebaseTokenVerifierImpl implements FirebaseTokenVerifier {
   private final String shortName;
   private final String articledShortName;
   private final String docUrl;
+  private final String tenantId;
 
   private FirebaseTokenVerifierImpl(Builder builder) {
     this.jsonFactory = checkNotNull(builder.jsonFactory);
@@ -65,6 +68,7 @@ private FirebaseTokenVerifierImpl(Builder builder) {
     this.shortName = builder.shortName;
     this.articledShortName = prefixWithIndefiniteArticle(this.shortName);
     this.docUrl = builder.docUrl;
+    this.tenantId = Strings.nullToEmpty(builder.tenantId);
   }
 
   /**
@@ -90,7 +94,9 @@ public FirebaseToken verifyToken(String token) throws FirebaseAuthException {
     IdToken idToken = parse(token);
     checkContents(idToken);
     checkSignature(idToken);
-    return new FirebaseToken(idToken.getPayload());
+    FirebaseToken firebaseToken = new FirebaseToken(idToken.getPayload());
+    checkTenantId(firebaseToken);
+    return firebaseToken;
   }
 
   GooglePublicKeysManager getPublicKeysManager() {
@@ -278,6 +284,18 @@ private boolean containsLegacyUidField(IdToken.Payload payload) {
     return false;
   }
 
+  private void checkTenantId(final FirebaseToken firebaseToken) throws FirebaseAuthException {
+    String tokenTenantId = Strings.nullToEmpty(firebaseToken.getTenantId());
+    if (!this.tenantId.equals(tokenTenantId)) {
+      throw new FirebaseAuthException(
+          TENANT_ID_MISMATCH_ERROR,
+          String.format(
+            "The tenant ID ('%s') of the token did not match the expected value ('%s')",
+            tokenTenantId,
+            tenantId));
+    }
+  }
+
   static Builder builder() {
     return new Builder();
   }
@@ -290,6 +308,7 @@ static final class Builder {
     private String shortName;
     private IdTokenVerifier idTokenVerifier;
     private String docUrl;
+    private String tenantId;
 
     private Builder() { }
 
@@ -323,6 +342,11 @@ Builder setDocUrl(String docUrl) {
       return this;
     }
 
+    Builder setTenantId(@Nullable String tenantId) {
+      this.tenantId = tenantId;
+      return this;
+    }
+
     FirebaseTokenVerifierImpl build() {
       return new FirebaseTokenVerifierImpl(this);
     }
diff --git a/src/main/java/com/google/firebase/auth/FirebaseUserManager.java b/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
index ab8759c4f..b73882277 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
@@ -20,37 +20,30 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.api.client.http.GenericUrl;
-import com.google.api.client.http.HttpContent;
-import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestFactory;
-import com.google.api.client.http.HttpResponse;
-import com.google.api.client.http.HttpResponseException;
 import com.google.api.client.http.HttpResponseInterceptor;
-import com.google.api.client.http.json.JsonHttpContent;
 import com.google.api.client.json.GenericJson;
 import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.JsonObjectParser;
 import com.google.api.client.util.Key;
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Joiner;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.ImplFirebaseTrampolines;
-import com.google.firebase.auth.UserRecord.CreateRequest;
-import com.google.firebase.auth.UserRecord.UpdateRequest;
+import com.google.firebase.auth.internal.AuthHttpClient;
 import com.google.firebase.auth.internal.BatchDeleteResponse;
 import com.google.firebase.auth.internal.DownloadAccountResponse;
 import com.google.firebase.auth.internal.GetAccountInfoRequest;
 import com.google.firebase.auth.internal.GetAccountInfoResponse;
-import com.google.firebase.auth.internal.HttpErrorResponse;
+import com.google.firebase.auth.internal.ListOidcProviderConfigsResponse;
+import com.google.firebase.auth.internal.ListSamlProviderConfigsResponse;
 import com.google.firebase.auth.internal.UploadAccountResponse;
 import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.NonNull;
 import com.google.firebase.internal.Nullable;
-import com.google.firebase.internal.SdkUtils;
 
-import java.io.IOException;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
@@ -66,30 +59,7 @@
  */
 class FirebaseUserManager {
 
-  static final String USER_NOT_FOUND_ERROR = "user-not-found";
-  static final String INTERNAL_ERROR = "internal-error";
-
-  // Map of server-side error codes to SDK error codes.
-  // SDK error codes defined at: https://firebase.google.com/docs/auth/admin/errors
-  private static final Map<String, String> ERROR_CODES = ImmutableMap.<String, String>builder()
-      .put("CLAIMS_TOO_LARGE", "claims-too-large")
-      .put("CONFIGURATION_NOT_FOUND", "project-not-found")
-      .put("INSUFFICIENT_PERMISSION", "insufficient-permission")
-      .put("DUPLICATE_EMAIL", "email-already-exists")
-      .put("DUPLICATE_LOCAL_ID", "uid-already-exists")
-      .put("EMAIL_EXISTS", "email-already-exists")
-      .put("INVALID_CLAIMS", "invalid-claims")
-      .put("INVALID_EMAIL", "invalid-email")
-      .put("INVALID_PAGE_SELECTION", "invalid-page-token")
-      .put("INVALID_PHONE_NUMBER", "invalid-phone-number")
-      .put("PHONE_NUMBER_EXISTS", "phone-number-already-exists")
-      .put("PROJECT_NOT_FOUND", "project-not-found")
-      .put("USER_NOT_FOUND", USER_NOT_FOUND_ERROR)
-      .put("WEAK_PASSWORD", "invalid-password")
-      .put("UNAUTHORIZED_DOMAIN", "unauthorized-continue-uri")
-      .put("INVALID_DYNAMIC_LINK_DOMAIN", "invalid-dynamic-link-domain")
-      .build();
-
+  static final int MAX_LIST_PROVIDER_CONFIGS_RESULTS = 100;
   static final int MAX_GET_ACCOUNTS_BATCH_SIZE = 100;
   static final int MAX_DELETE_ACCOUNTS_BATCH_SIZE = 1000;
   static final int MAX_LIST_USERS_RESULTS = 1000;
@@ -100,45 +70,41 @@ class FirebaseUserManager {
       "iss", "jti", "nbf", "nonce", "sub", "firebase");
 
   private static final String ID_TOOLKIT_URL =
-      "https://identitytoolkit.googleapis.com/v1/projects/%s";
-  private static final String CLIENT_VERSION_HEADER = "X-Client-Version";
+      "https://identitytoolkit.googleapis.com/%s/projects/%s";
 
-  private final String baseUrl;
+  private final String userMgtBaseUrl;
+  private final String idpConfigMgtBaseUrl;
   private final JsonFactory jsonFactory;
-  private final HttpRequestFactory requestFactory;
-  private final String clientVersion = "Java/Admin/" + SdkUtils.getVersion();
-
-  private HttpResponseInterceptor interceptor;
-
-  /**
-   * Creates a new FirebaseUserManager instance.
-   *
-   * @param app A non-null {@link FirebaseApp}.
-   */
-  FirebaseUserManager(@NonNull FirebaseApp app) {
-    this(app, null);
-  }
+  private final AuthHttpClient httpClient;
 
-  FirebaseUserManager(@NonNull FirebaseApp app, @Nullable HttpRequestFactory requestFactory) {
-    checkNotNull(app, "FirebaseApp must not be null");
+  private FirebaseUserManager(Builder builder) {
+    FirebaseApp app = checkNotNull(builder.app, "FirebaseApp must not be null");
     String projectId = ImplFirebaseTrampolines.getProjectId(app);
     checkArgument(!Strings.isNullOrEmpty(projectId),
         "Project ID is required to access the auth service. Use a service account credential or "
             + "set the project ID explicitly via FirebaseOptions. Alternatively you can also "
             + "set the project ID via the GOOGLE_CLOUD_PROJECT environment variable.");
-    this.baseUrl = String.format(ID_TOOLKIT_URL, projectId);
-    this.jsonFactory = app.getOptions().getJsonFactory();
-
-    if (requestFactory == null) {
-      requestFactory = ApiClientUtils.newAuthorizedRequestFactory(app);
+    final String idToolkitUrlV1 = String.format(ID_TOOLKIT_URL, "v1", projectId);
+    final String idToolkitUrlV2 = String.format(ID_TOOLKIT_URL, "v2", projectId);
+    final String tenantId = builder.tenantId;
+    if (tenantId == null) {
+      this.userMgtBaseUrl = idToolkitUrlV1;
+      this.idpConfigMgtBaseUrl = idToolkitUrlV2;
+    } else {
+      checkArgument(!tenantId.isEmpty(), "Tenant ID must not be empty.");
+      this.userMgtBaseUrl = idToolkitUrlV1 + "/tenants/" + tenantId;
+      this.idpConfigMgtBaseUrl = idToolkitUrlV2 + "/tenants/" + tenantId;
     }
 
-    this.requestFactory = requestFactory;
+    this.jsonFactory = app.getOptions().getJsonFactory();
+    HttpRequestFactory requestFactory = builder.requestFactory == null
+        ? ApiClientUtils.newAuthorizedRequestFactory(app) : builder.requestFactory;
+    this.httpClient = new AuthHttpClient(jsonFactory, requestFactory);
   }
 
   @VisibleForTesting
   void setInterceptor(HttpResponseInterceptor interceptor) {
-    this.interceptor = interceptor;
+    httpClient.setInterceptor(interceptor);
   }
 
   UserRecord getUserById(String uid) throws FirebaseAuthException {
@@ -147,7 +113,8 @@ UserRecord getUserById(String uid) throws FirebaseAuthException {
     GetAccountInfoResponse response = post(
         "/accounts:lookup", payload, GetAccountInfoResponse.class);
     if (response == null || response.getUsers() == null || response.getUsers().isEmpty()) {
-      throw new FirebaseAuthException(USER_NOT_FOUND_ERROR,
+      throw new FirebaseAuthException(
+          AuthHttpClient.USER_NOT_FOUND_ERROR,
           "No user record found for the provided user ID: " + uid);
     }
     return new UserRecord(response.getUsers().get(0), jsonFactory);
@@ -159,7 +126,8 @@ UserRecord getUserByEmail(String email) throws FirebaseAuthException {
     GetAccountInfoResponse response = post(
         "/accounts:lookup", payload, GetAccountInfoResponse.class);
     if (response == null || response.getUsers() == null || response.getUsers().isEmpty()) {
-      throw new FirebaseAuthException(USER_NOT_FOUND_ERROR,
+      throw new FirebaseAuthException(
+          AuthHttpClient.USER_NOT_FOUND_ERROR,
           "No user record found for the provided email: " + email);
     }
     return new UserRecord(response.getUsers().get(0), jsonFactory);
@@ -171,7 +139,8 @@ UserRecord getUserByPhoneNumber(String phoneNumber) throws FirebaseAuthException
     GetAccountInfoResponse response = post(
         "/accounts:lookup", payload, GetAccountInfoResponse.class);
     if (response == null || response.getUsers() == null || response.getUsers().isEmpty()) {
-      throw new FirebaseAuthException(USER_NOT_FOUND_ERROR,
+      throw new FirebaseAuthException(
+          AuthHttpClient.USER_NOT_FOUND_ERROR,
           "No user record found for the provided phone number: " + phoneNumber);
     }
     return new UserRecord(response.getUsers().get(0), jsonFactory);
@@ -180,7 +149,7 @@ UserRecord getUserByPhoneNumber(String phoneNumber) throws FirebaseAuthException
   Set<UserRecord> getAccountInfo(@NonNull Collection<UserIdentifier> identifiers)
       throws FirebaseAuthException {
     if (identifiers.isEmpty()) {
-      return new HashSet<UserRecord>();
+      return new HashSet<>();
     }
 
     GetAccountInfoRequest payload = new GetAccountInfoRequest();
@@ -192,7 +161,8 @@ Set<UserRecord> getAccountInfo(@NonNull Collection<UserIdentifier> identifiers)
         "/accounts:lookup", payload, GetAccountInfoResponse.class);
 
     if (response == null) {
-      throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to parse server response");
+      throw new FirebaseAuthException(
+          AuthHttpClient.INTERNAL_ERROR, "Failed to parse server response");
     }
 
     Set<UserRecord> results = new HashSet<>();
@@ -204,7 +174,7 @@ Set<UserRecord> getAccountInfo(@NonNull Collection<UserIdentifier> identifiers)
     return results;
   }
 
-  String createUser(CreateRequest request) throws FirebaseAuthException {
+  String createUser(UserRecord.CreateRequest request) throws FirebaseAuthException {
     GenericJson response = post(
         "/accounts", request.getProperties(), GenericJson.class);
     if (response != null) {
@@ -213,14 +183,16 @@ String createUser(CreateRequest request) throws FirebaseAuthException {
         return uid;
       }
     }
-    throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to create new user");
+    throw new FirebaseAuthException(AuthHttpClient.INTERNAL_ERROR, "Failed to create new user");
   }
 
-  void updateUser(UpdateRequest request, JsonFactory jsonFactory) throws FirebaseAuthException {
+  void updateUser(UserRecord.UpdateRequest request, JsonFactory jsonFactory)
+      throws FirebaseAuthException {
     GenericJson response = post(
         "/accounts:update", request.getProperties(jsonFactory), GenericJson.class);
     if (response == null || !request.getUid().equals(response.get("localId"))) {
-      throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to update user: " + request.getUid());
+      throw new FirebaseAuthException(
+          AuthHttpClient.INTERNAL_ERROR, "Failed to update user: " + request.getUid());
     }
   }
 
@@ -229,7 +201,8 @@ void deleteUser(String uid) throws FirebaseAuthException {
     GenericJson response = post(
         "/accounts:delete", payload, GenericJson.class);
     if (response == null || !response.containsKey("kind")) {
-      throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to delete user: " + uid);
+      throw new FirebaseAuthException(
+          AuthHttpClient.INTERNAL_ERROR, "Failed to delete user: " + uid);
     }
   }
 
@@ -238,13 +211,13 @@ void deleteUser(String uid) throws FirebaseAuthException {
    * @pre uids.size() <= MAX_DELETE_ACCOUNTS_BATCH_SIZE
    */
   DeleteUsersResult deleteUsers(@NonNull List<String> uids) throws FirebaseAuthException {
-    final Map<String, Object> payload = ImmutableMap.<String, Object>of(
+    final Map<String, Object> payload = ImmutableMap.of(
         "localIds", uids,
         "force", true);
     BatchDeleteResponse response = post(
         "/accounts:batchDelete", payload, BatchDeleteResponse.class);
     if (response == null) {
-      throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to delete users");
+      throw new FirebaseAuthException(AuthHttpClient.INTERNAL_ERROR, "Failed to delete users");
     }
 
     return new DeleteUsersResult(uids.size(), response);
@@ -258,12 +231,12 @@ DownloadAccountResponse listUsers(int maxResults, String pageToken) throws Fireb
       builder.put("nextPageToken", pageToken);
     }
 
-    GenericUrl url = new GenericUrl(baseUrl + "/accounts:batchGet");
+    GenericUrl url = new GenericUrl(userMgtBaseUrl + "/accounts:batchGet");
     url.putAll(builder.build());
-    DownloadAccountResponse response = sendRequest(
+    DownloadAccountResponse response = httpClient.sendRequest(
             "GET", url, null, DownloadAccountResponse.class);
     if (response == null) {
-      throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to retrieve users.");
+      throw new FirebaseAuthException(AuthHttpClient.INTERNAL_ERROR, "Failed to retrieve users.");
     }
     return response;
   }
@@ -273,7 +246,7 @@ UserImportResult importUsers(UserImportRequest request) throws FirebaseAuthExcep
     UploadAccountResponse response = post(
             "/accounts:batchCreate", request, UploadAccountResponse.class);
     if (response == null) {
-      throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to import users.");
+      throw new FirebaseAuthException(AuthHttpClient.INTERNAL_ERROR, "Failed to import users.");
     }
     return new UserImportResult(request.getUsersCount(), response);
   }
@@ -289,7 +262,8 @@ String createSessionCookie(String idToken,
         return cookie;
       }
     }
-    throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to create session cookie");
+    throw new FirebaseAuthException(
+        AuthHttpClient.INTERNAL_ERROR, "Failed to create session cookie");
   }
 
   String getEmailActionLink(EmailLinkType type, String email,
@@ -308,64 +282,119 @@ String getEmailActionLink(EmailLinkType type, String email,
         return link;
       }
     }
-    throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to create email action link");
+    throw new FirebaseAuthException(
+        AuthHttpClient.INTERNAL_ERROR, "Failed to create email action link");
   }
 
-  private <T> T post(String path, Object content, Class<T> clazz) throws FirebaseAuthException {
-    checkArgument(!Strings.isNullOrEmpty(path), "path must not be null or empty");
-    checkNotNull(content, "content must not be null for POST requests");
-    GenericUrl url = new GenericUrl(baseUrl + path);
-    return sendRequest("POST", url, content, clazz);
+  OidcProviderConfig createOidcProviderConfig(
+      OidcProviderConfig.CreateRequest request) throws FirebaseAuthException {
+    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + "/oauthIdpConfigs");
+    url.set("oauthIdpConfigId", request.getProviderId());
+    return httpClient.sendRequest("POST", url, request.getProperties(), OidcProviderConfig.class);
   }
 
-  private <T> T sendRequest(
-          String method, GenericUrl url,
-          @Nullable Object content, Class<T> clazz) throws FirebaseAuthException {
-
-    checkArgument(!Strings.isNullOrEmpty(method), "method must not be null or empty");
-    checkNotNull(url, "url must not be null");
-    checkNotNull(clazz, "response class must not be null");
-    HttpResponse response = null;
-    try {
-      HttpContent httpContent = content != null ? new JsonHttpContent(jsonFactory, content) : null;
-      HttpRequest request = requestFactory.buildRequest(method, url, httpContent);
-      request.setParser(new JsonObjectParser(jsonFactory));
-      request.getHeaders().set(CLIENT_VERSION_HEADER, clientVersion);
-      request.setResponseInterceptor(interceptor);
-      response = request.execute();
-      return response.parseAs(clazz);
-    } catch (HttpResponseException e) {
-      // Server responded with an HTTP error
-      handleHttpError(e);
-      return null;
-    } catch (IOException e) {
-      // All other IO errors (Connection refused, reset, parse error etc.)
+  SamlProviderConfig createSamlProviderConfig(
+      SamlProviderConfig.CreateRequest request) throws FirebaseAuthException {
+    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + "/inboundSamlConfigs");
+    url.set("inboundSamlConfigId", request.getProviderId());
+    return httpClient.sendRequest("POST", url, request.getProperties(), SamlProviderConfig.class);
+  }
+
+  OidcProviderConfig updateOidcProviderConfig(OidcProviderConfig.UpdateRequest request)
+      throws FirebaseAuthException {
+    Map<String, Object> properties = request.getProperties();
+    GenericUrl url =
+        new GenericUrl(idpConfigMgtBaseUrl + getOidcUrlSuffix(request.getProviderId()));
+    url.put("updateMask", Joiner.on(",").join(AuthHttpClient.generateMask(properties)));
+    return httpClient.sendRequest("PATCH", url, properties, OidcProviderConfig.class);
+  }
+
+  SamlProviderConfig updateSamlProviderConfig(SamlProviderConfig.UpdateRequest request)
+      throws FirebaseAuthException {
+    Map<String, Object> properties = request.getProperties();
+    GenericUrl url =
+        new GenericUrl(idpConfigMgtBaseUrl + getSamlUrlSuffix(request.getProviderId()));
+    url.put("updateMask", Joiner.on(",").join(AuthHttpClient.generateMask(properties)));
+    return httpClient.sendRequest("PATCH", url, properties, SamlProviderConfig.class);
+  }
+
+  OidcProviderConfig getOidcProviderConfig(String providerId) throws FirebaseAuthException {
+    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + getOidcUrlSuffix(providerId));
+    return httpClient.sendRequest("GET", url, null, OidcProviderConfig.class);
+  }
+
+  SamlProviderConfig getSamlProviderConfig(String providerId) throws FirebaseAuthException {
+    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + getSamlUrlSuffix(providerId));
+    return httpClient.sendRequest("GET", url, null, SamlProviderConfig.class);
+  }
+
+  ListOidcProviderConfigsResponse listOidcProviderConfigs(int maxResults, String pageToken)
+      throws FirebaseAuthException {
+    ImmutableMap.Builder<String, Object> builder =
+        ImmutableMap.<String, Object>builder().put("pageSize", maxResults);
+    if (pageToken != null) {
+      checkArgument(!pageToken.equals(
+          ListProviderConfigsPage.END_OF_LIST), "Invalid end of list page token.");
+      builder.put("nextPageToken", pageToken);
+    }
+
+    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + "/oauthIdpConfigs");
+    url.putAll(builder.build());
+    ListOidcProviderConfigsResponse response =
+        httpClient.sendRequest("GET", url, null, ListOidcProviderConfigsResponse.class);
+    if (response == null) {
       throw new FirebaseAuthException(
-          INTERNAL_ERROR, "Error while calling user management backend service", e);
-    } finally {
-      if (response != null) {
-        try {
-          response.disconnect();
-        } catch (IOException ignored) {
-          // Ignored
-        }
-      }
+          AuthHttpClient.INTERNAL_ERROR, "Failed to retrieve provider configs.");
     }
+    return response;
   }
 
-  private void handleHttpError(HttpResponseException e) throws FirebaseAuthException {
-    try {
-      HttpErrorResponse response = jsonFactory.fromString(e.getContent(), HttpErrorResponse.class);
-      String code = ERROR_CODES.get(response.getErrorCode());
-      if (code != null) {
-        throw new FirebaseAuthException(code, "User management service responded with an error", e);
-      }
-    } catch (IOException ignored) {
-      // Ignored
+  ListSamlProviderConfigsResponse listSamlProviderConfigs(int maxResults, String pageToken)
+      throws FirebaseAuthException {
+    ImmutableMap.Builder<String, Object> builder =
+        ImmutableMap.<String, Object>builder().put("pageSize", maxResults);
+    if (pageToken != null) {
+      checkArgument(!pageToken.equals(
+          ListProviderConfigsPage.END_OF_LIST), "Invalid end of list page token.");
+      builder.put("nextPageToken", pageToken);
+    }
+
+    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + "/inboundSamlConfigs");
+    url.putAll(builder.build());
+    ListSamlProviderConfigsResponse response =
+        httpClient.sendRequest("GET", url, null, ListSamlProviderConfigsResponse.class);
+    if (response == null) {
+      throw new FirebaseAuthException(
+          AuthHttpClient.INTERNAL_ERROR, "Failed to retrieve provider configs.");
     }
-    String msg = String.format(
-        "Unexpected HTTP response with status: %d; body: %s", e.getStatusCode(), e.getContent());
-    throw new FirebaseAuthException(INTERNAL_ERROR, msg, e);
+    return response;
+  }
+
+  void deleteOidcProviderConfig(String providerId) throws FirebaseAuthException {
+    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + getOidcUrlSuffix(providerId));
+    httpClient.sendRequest("DELETE", url, null, GenericJson.class);
+  }
+
+  void deleteSamlProviderConfig(String providerId) throws FirebaseAuthException {
+    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + getSamlUrlSuffix(providerId));
+    httpClient.sendRequest("DELETE", url, null, GenericJson.class);
+  }
+
+  private static String getOidcUrlSuffix(String providerId) {
+    checkArgument(!Strings.isNullOrEmpty(providerId), "Provider ID must not be null or empty.");
+    return "/oauthIdpConfigs/" + providerId;
+  }
+
+  private static String getSamlUrlSuffix(String providerId) {
+    checkArgument(!Strings.isNullOrEmpty(providerId), "Provider ID must not be null or empty.");
+    return "/inboundSamlConfigs/" + providerId;
+  }
+
+  private <T> T post(String path, Object content, Class<T> clazz) throws FirebaseAuthException {
+    checkArgument(!Strings.isNullOrEmpty(path), "path must not be null or empty");
+    checkNotNull(content, "content must not be null for POST requests");
+    GenericUrl url = new GenericUrl(userMgtBaseUrl + path);
+    return httpClient.sendRequest("POST", url, content, clazz);
   }
 
   static class UserImportRequest extends GenericJson {
@@ -407,4 +436,34 @@ enum EmailLinkType {
     EMAIL_SIGNIN,
     PASSWORD_RESET,
   }
+
+  static Builder builder() {
+    return new Builder();
+  }
+
+  static class Builder {
+
+    private FirebaseApp app;
+    private String tenantId;
+    private HttpRequestFactory requestFactory;
+
+    Builder setFirebaseApp(FirebaseApp app) {
+      this.app = app;
+      return this;
+    }
+
+    Builder setTenantId(String tenantId) {
+      this.tenantId = tenantId;
+      return this;
+    }
+
+    Builder setHttpRequestFactory(HttpRequestFactory requestFactory) {
+      this.requestFactory = requestFactory;
+      return this;
+    }
+
+    FirebaseUserManager build() {
+      return new FirebaseUserManager(this);
+    }
+  }
 }
diff --git a/src/main/java/com/google/firebase/auth/ListProviderConfigsPage.java b/src/main/java/com/google/firebase/auth/ListProviderConfigsPage.java
new file mode 100644
index 000000000..361f932bd
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/ListProviderConfigsPage.java
@@ -0,0 +1,268 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.gax.paging.Page;
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.auth.internal.ListOidcProviderConfigsResponse;
+import com.google.firebase.auth.internal.ListProviderConfigsResponse;
+import com.google.firebase.auth.internal.ListSamlProviderConfigsResponse;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.NoSuchElementException;
+
+/**
+ * Represents a page of {@link ProviderConfig} instances.
+ *
+ * <p>Provides methods for iterating over the provider configs in the current page, and calling up
+ * subsequent pages of provider configs.
+ *
+ * <p>Instances of this class are thread-safe and immutable.
+ */
+public class ListProviderConfigsPage<T extends ProviderConfig> implements Page<T> {
+
+  static final String END_OF_LIST = "";
+
+  private final ListProviderConfigsResponse<T> currentBatch;
+  private final ProviderConfigSource<T> source;
+  private final int maxResults;
+
+  private ListProviderConfigsPage(
+      @NonNull ListProviderConfigsResponse<T> currentBatch,
+      @NonNull ProviderConfigSource<T> source,
+      int maxResults) {
+    this.currentBatch = checkNotNull(currentBatch);
+    this.source = checkNotNull(source);
+    this.maxResults = maxResults;
+  }
+
+  /**
+   * Checks if there is another page of provider configs available to retrieve.
+   *
+   * @return true if another page is available, or false otherwise.
+   */
+  @Override
+  public boolean hasNextPage() {
+    return !END_OF_LIST.equals(currentBatch.getPageToken());
+  }
+
+  /**
+   * Returns the string token that identifies the next page.
+   *
+   * <p>Never returns null. Returns empty string if there are no more pages available to be
+   * retrieved.
+   *
+   * @return A non-null string token (possibly empty, representing no more pages)
+   */
+  @NonNull
+  @Override
+  public String getNextPageToken() {
+    return currentBatch.getPageToken();
+  }
+
+  /**
+   * Returns the next page of provider configs.
+   *
+   * @return A new {@link ListProviderConfigsPage} instance, or null if there are no more pages.
+   */
+  @Nullable
+  @Override
+  public ListProviderConfigsPage<T> getNextPage() {
+    if (hasNextPage()) {
+      Factory<T> factory = new Factory<T>(source, maxResults, currentBatch.getPageToken());
+      try {
+        return factory.create();
+      } catch (FirebaseAuthException e) {
+        throw new RuntimeException(e);
+      }
+    }
+    return null;
+  }
+
+  /**
+   * Returns an {@link Iterable} that facilitates transparently iterating over all the provider
+   * configs in the current Firebase project, starting from this page.
+   *
+   * <p>The {@link Iterator} instances produced by the returned {@link Iterable} never buffers more
+   * than one page of provider configs at a time. It is safe to abandon the iterators (i.e. break
+   * the loops) at any time.
+   *
+   * @return a new {@link Iterable} instance.
+   */
+  @NonNull
+  @Override
+  public Iterable<T> iterateAll() {
+    return new ProviderConfigIterable<T>(this);
+  }
+
+  /**
+   * Returns an {@link Iterable} over the provider configs in this page.
+   *
+   * @return a {@link Iterable} instance.
+   */
+  @NonNull
+  @Override
+  public Iterable<T> getValues() {
+    return currentBatch.getProviderConfigs();
+  }
+
+  private static class ProviderConfigIterable<T extends ProviderConfig> implements Iterable<T> {
+
+    private final ListProviderConfigsPage<T> startingPage;
+
+    ProviderConfigIterable(@NonNull ListProviderConfigsPage<T> startingPage) {
+      this.startingPage = checkNotNull(startingPage, "starting page must not be null");
+    }
+
+    @Override
+    @NonNull
+    public Iterator<T> iterator() {
+      return new ProviderConfigIterator<T>(startingPage);
+    }
+
+    /**
+     * An {@link Iterator} that cycles through provider configs, one at a time.
+     *
+     * <p>It buffers the last retrieved batch of provider configs in memory. The {@code maxResults}
+     * parameter is an upper bound on the batch size.
+     */
+    private static class ProviderConfigIterator<T extends ProviderConfig> implements Iterator<T> {
+
+      private ListProviderConfigsPage<T> currentPage;
+      private List<T> batch;
+      private int index = 0;
+
+      private ProviderConfigIterator(ListProviderConfigsPage<T> startingPage) {
+        setCurrentPage(startingPage);
+      }
+
+      @Override
+      public boolean hasNext() {
+        if (index == batch.size()) {
+          if (currentPage.hasNextPage()) {
+            setCurrentPage(currentPage.getNextPage());
+          } else {
+            return false;
+          }
+        }
+
+        return index < batch.size();
+      }
+
+      @Override
+      public T next() {
+        if (!hasNext()) {
+          throw new NoSuchElementException();
+        }
+        return batch.get(index++);
+      }
+
+      @Override
+      public void remove() {
+        throw new UnsupportedOperationException("remove operation not supported");
+      }
+
+      private void setCurrentPage(ListProviderConfigsPage<T> page) {
+        this.currentPage = checkNotNull(page);
+        this.batch = ImmutableList.copyOf(page.getValues());
+        this.index = 0;
+      }
+    }
+  }
+
+  /**
+   * Represents a source of provider config data that can be queried to load a batch of provider
+   * configs.
+   */
+  interface ProviderConfigSource<T extends ProviderConfig> {
+    @NonNull
+    ListProviderConfigsResponse<T> fetch(int maxResults, String pageToken)
+      throws FirebaseAuthException;
+  }
+
+  static class DefaultOidcProviderConfigSource implements ProviderConfigSource<OidcProviderConfig> {
+
+    private final FirebaseUserManager userManager;
+
+    DefaultOidcProviderConfigSource(FirebaseUserManager userManager) {
+      this.userManager = checkNotNull(userManager, "User manager must not be null.");
+    }
+
+    @Override
+    public ListOidcProviderConfigsResponse fetch(int maxResults, String pageToken)
+        throws FirebaseAuthException {
+      return userManager.listOidcProviderConfigs(maxResults, pageToken);
+    }
+  }
+
+  static class DefaultSamlProviderConfigSource implements ProviderConfigSource<SamlProviderConfig> {
+
+    private final FirebaseUserManager userManager;
+
+    DefaultSamlProviderConfigSource(FirebaseUserManager userManager) {
+      this.userManager = checkNotNull(userManager, "User manager must not be null.");
+    }
+
+    @Override
+    public ListSamlProviderConfigsResponse fetch(int maxResults, String pageToken)
+        throws FirebaseAuthException {
+      return userManager.listSamlProviderConfigs(maxResults, pageToken);
+    }
+  }
+
+  /**
+   * A simple factory class for {@link ProviderConfigsPage} instances.
+   *
+   * <p>Performs argument validation before attempting to load any provider config data (which is
+   * expensive, and hence may be performed asynchronously on a separate thread).
+   */
+  static class Factory<T extends ProviderConfig> {
+
+    private final ProviderConfigSource<T> source;
+    private final int maxResults;
+    private final String pageToken;
+
+    Factory(@NonNull ProviderConfigSource<T> source) {
+      this(source, FirebaseUserManager.MAX_LIST_PROVIDER_CONFIGS_RESULTS, null);
+    }
+
+    Factory(
+        @NonNull ProviderConfigSource<T> source,
+        int maxResults,
+        @Nullable String pageToken) {
+      checkArgument(
+          maxResults > 0 && maxResults <= FirebaseUserManager.MAX_LIST_PROVIDER_CONFIGS_RESULTS,
+          "maxResults must be a positive integer that does not exceed %s",
+          FirebaseUserManager.MAX_LIST_PROVIDER_CONFIGS_RESULTS);
+      checkArgument(!END_OF_LIST.equals(pageToken), "invalid end of list page token");
+      this.source = checkNotNull(source, "source must not be null");
+      this.maxResults = maxResults;
+      this.pageToken = pageToken;
+    }
+
+    ListProviderConfigsPage<T> create() throws FirebaseAuthException {
+      ListProviderConfigsResponse<T> batch = source.fetch(maxResults, pageToken);
+      return new ListProviderConfigsPage<T>(batch, source, maxResults);
+    }
+  }
+}
+
diff --git a/src/main/java/com/google/firebase/auth/ListUsersPage.java b/src/main/java/com/google/firebase/auth/ListUsersPage.java
index f406366ba..ba727af5a 100644
--- a/src/main/java/com/google/firebase/auth/ListUsersPage.java
+++ b/src/main/java/com/google/firebase/auth/ListUsersPage.java
@@ -80,7 +80,7 @@ public String getNextPageToken() {
   @Override
   public ListUsersPage getNextPage() {
     if (hasNextPage()) {
-      PageFactory factory = new PageFactory(source, maxResults, currentBatch.getNextPageToken());
+      Factory factory = new Factory(source, maxResults, currentBatch.getNextPageToken());
       try {
         return factory.create();
       } catch (FirebaseAuthException e) {
@@ -237,17 +237,17 @@ String getNextPageToken() {
    * before attempting to load any user data (which is expensive, and hence may be performed
    * asynchronously on a separate thread).
    */
-  static class PageFactory {
+  static class Factory {
 
     private final UserSource source;
     private final int maxResults;
     private final String pageToken;
 
-    PageFactory(@NonNull UserSource source) {
+    Factory(@NonNull UserSource source) {
       this(source, FirebaseUserManager.MAX_LIST_USERS_RESULTS, null);
     }
 
-    PageFactory(@NonNull UserSource source, int maxResults, @Nullable String pageToken) {
+    Factory(@NonNull UserSource source, int maxResults, @Nullable String pageToken) {
       checkArgument(maxResults > 0 && maxResults <= FirebaseUserManager.MAX_LIST_USERS_RESULTS,
           "maxResults must be a positive integer that does not exceed %s",
           FirebaseUserManager.MAX_LIST_USERS_RESULTS);
diff --git a/src/main/java/com/google/firebase/auth/OidcProviderConfig.java b/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
new file mode 100644
index 000000000..879b7e79f
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.api.client.util.Key;
+import com.google.common.base.Strings;
+
+/**
+ * Contains metadata associated with an OIDC Auth provider.
+ *
+ * <p>Instances of this class are immutable and thread safe.
+ */
+public final class OidcProviderConfig extends ProviderConfig {
+
+  @Key("clientId")
+  private String clientId;
+
+  @Key("issuer")
+  private String issuer;
+
+  public String getClientId() {
+    return clientId;
+  }
+
+  public String getIssuer() {
+    return issuer;
+  }
+
+  /**
+   * Returns a new {@link UpdateRequest}, which can be used to update the attributes of this
+   * provider config.
+   *
+   * @return A non-null {@link UpdateRequest} instance.
+   */
+  public UpdateRequest updateRequest() {
+    return new UpdateRequest(getProviderId());
+  }
+
+  static void checkOidcProviderId(String providerId) {
+    checkArgument(!Strings.isNullOrEmpty(providerId), "Provider ID must not be null or empty.");
+    checkArgument(providerId.startsWith("oidc."),
+        "Invalid OIDC provider ID (must be prefixed with 'oidc.'): " + providerId);
+  }
+
+  /**
+   * A specification class for creating a new OIDC Auth provider.
+   *
+   * <p>Set the initial attributes of the new provider by calling various setter methods available
+   * in this class.
+   */
+  public static final class CreateRequest extends AbstractCreateRequest<CreateRequest> {
+
+    /**
+     * Creates a new {@link CreateRequest}, which can be used to create a new OIDC Auth provider.
+     *
+     * <p>The returned object should be passed to
+     * {@link AbstractFirebaseAuth#createOidcProviderConfig(CreateRequest)} to save the config.
+     */
+    public CreateRequest() { }
+
+    /**
+     * Sets the ID for the new provider.
+     *
+     * @param providerId A non-null, non-empty provider ID string.
+     * @throws IllegalArgumentException If the provider ID is null or empty, or is not prefixed with
+     *     'oidc.'.
+     */
+    @Override
+    public CreateRequest setProviderId(String providerId) {
+      checkOidcProviderId(providerId);
+      return super.setProviderId(providerId);
+    }
+
+    /**
+     * Sets the client ID for the new provider.
+     *
+     * @param clientId A non-null, non-empty client ID string.
+     * @throws IllegalArgumentException If the client ID is null or empty.
+     */
+    public CreateRequest setClientId(String clientId) {
+      checkArgument(!Strings.isNullOrEmpty(clientId), "Client ID must not be null or empty.");
+      properties.put("clientId", clientId);
+      return this;
+    }
+
+    /**
+     * Sets the issuer for the new provider.
+     *
+     * @param issuer A non-null, non-empty issuer URL string.
+     * @throws IllegalArgumentException If the issuer URL is null or empty, or if the format is
+     *     invalid.
+     */
+    public CreateRequest setIssuer(String issuer) {
+      checkArgument(!Strings.isNullOrEmpty(issuer), "Issuer must not be null or empty.");
+      assertValidUrl(issuer);
+      properties.put("issuer", issuer);
+      return this;
+    }
+
+    CreateRequest getThis() {
+      return this;
+    }
+  }
+
+  /**
+   * A specification class for updating an existing OIDC Auth provider.
+   *
+   * <p>An instance of this class can be obtained via a {@link OidcProviderConfig} object, or from
+   * a provider ID string. Specify the changes to be made to the provider config by calling the
+   * various setter methods available in this class.
+   */
+  public static final class UpdateRequest extends AbstractUpdateRequest<UpdateRequest> {
+
+    /**
+     * Creates a new {@link UpdateRequest}, which can be used to updates an existing OIDC Auth
+     * provider.
+     *
+     * <p>The returned object should be passed to
+     * {@link AbstractFirebaseAuth#updateOidcProviderConfig(CreateRequest)} to save the updated
+     * config.
+     *
+     * @param providerId A non-null, non-empty provider ID string.
+     * @throws IllegalArgumentException If the provider ID is null or empty, or is not prefixed with
+     *     "oidc.".
+     */
+    public UpdateRequest(String providerId) {
+      super(providerId);
+      checkOidcProviderId(providerId);
+    }
+
+    /**
+     * Sets the client ID for the exsting provider.
+     *
+     * @param clientId A non-null, non-empty client ID string.
+     * @throws IllegalArgumentException If the client ID is null or empty.
+     */
+    public UpdateRequest setClientId(String clientId) {
+      checkArgument(!Strings.isNullOrEmpty(clientId), "Client ID must not be null or empty.");
+      properties.put("clientId", clientId);
+      return this;
+    }
+
+    /**
+     * Sets the issuer for the existing provider.
+     *
+     * @param issuer A non-null, non-empty issuer URL string.
+     * @throws IllegalArgumentException If the issuer URL is null or empty, or if the format is
+     *     invalid.
+     */
+    public UpdateRequest setIssuer(String issuer) {
+      checkArgument(!Strings.isNullOrEmpty(issuer), "Issuer must not be null or empty.");
+      assertValidUrl(issuer);
+      properties.put("issuer", issuer);
+      return this;
+    }
+
+    UpdateRequest getThis() {
+      return this;
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/ProviderConfig.java b/src/main/java/com/google/firebase/auth/ProviderConfig.java
new file mode 100644
index 000000000..921a07b5b
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/ProviderConfig.java
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.api.client.util.Key;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * The base class for Auth providers.
+ */
+public abstract class ProviderConfig {
+
+  @Key("name")
+  private String resourceName;
+
+  @Key("displayName")
+  private String displayName;
+
+  @Key("enabled")
+  private boolean enabled;
+
+  public String getProviderId() {
+    return resourceName.substring(resourceName.lastIndexOf("/") + 1);
+  }
+
+  public String getDisplayName() {
+    return displayName;
+  }
+
+  public boolean isEnabled() {
+    return enabled;
+  }
+
+  static void assertValidUrl(String url) throws IllegalArgumentException {
+    try {
+      new URL(url);
+    } catch (MalformedURLException e) {
+      throw new IllegalArgumentException(url + " is a malformed URL.", e);
+    }
+  }
+
+  /**
+   * A base specification class for creating a new provider.
+   *
+   * <p>Set the initial attributes of the new provider by calling various setter methods available
+   * in this class.
+   */
+  public abstract static class AbstractCreateRequest<T extends AbstractCreateRequest<T>> {
+
+    final Map<String,Object> properties = new HashMap<>();
+    String providerId;
+
+    T setProviderId(String providerId) {
+      this.providerId = providerId;
+      return getThis();
+    }
+
+    String getProviderId() {
+      return providerId;
+    }
+
+    /**
+     * Sets the display name for the new provider.
+     *
+     * @param displayName A non-null, non-empty display name string.
+     * @throws IllegalArgumentException If the display name is null or empty.
+     */
+    public T setDisplayName(String displayName) {
+      checkArgument(!Strings.isNullOrEmpty(displayName), "Display name must not be null or empty.");
+      properties.put("displayName", displayName);
+      return getThis();
+    }
+
+    /**
+     * Sets whether to allow the user to sign in with the provider.
+     *
+     * @param enabled A boolean indicating whether the user can sign in with the provider.
+     */
+    public T setEnabled(boolean enabled) {
+      properties.put("enabled", enabled);
+      return getThis();
+    }
+
+    Map<String, Object> getProperties() {
+      return ImmutableMap.copyOf(properties);
+    }
+
+    abstract T getThis();
+  }
+
+  /**
+   * A base class for updating the attributes of an existing provider.
+   */
+  public abstract static class AbstractUpdateRequest<T extends AbstractUpdateRequest<T>> {
+
+    final String providerId;
+    final Map<String,Object> properties = new HashMap<>();
+
+    AbstractUpdateRequest(String providerId) {
+      checkArgument(!Strings.isNullOrEmpty(providerId), "Provider ID must not be null or empty.");
+      this.providerId = providerId;
+    }
+
+    String getProviderId() {
+      return providerId;
+    }
+
+    /**
+     * Sets the display name for the existing provider.
+     *
+     * @param displayName A non-null, non-empty display name string.
+     * @throws IllegalArgumentException If the display name is null or empty.
+     */
+    public T setDisplayName(String displayName) {
+      checkArgument(!Strings.isNullOrEmpty(displayName), "Display name must not be null or empty.");
+      properties.put("displayName", displayName);
+      return getThis();
+    }
+
+    /**
+     * Sets whether to allow the user to sign in with the provider.
+     *
+     * @param enabled A boolean indicating whether the user can sign in with the provider.
+     */
+    public T setEnabled(boolean enabled) {
+      properties.put("enabled", enabled);
+      return getThis();
+    }
+
+    Map<String, Object> getProperties() {
+      return ImmutableMap.copyOf(properties);
+    }
+
+    abstract T getThis();
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/SamlProviderConfig.java b/src/main/java/com/google/firebase/auth/SamlProviderConfig.java
new file mode 100644
index 000000000..76f8594a8
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/SamlProviderConfig.java
@@ -0,0 +1,343 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.json.GenericJson;
+import com.google.api.client.util.Key;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Contains metadata associated with a SAML Auth provider.
+ *
+ * <p>Instances of this class are immutable and thread safe.
+ */
+public final class SamlProviderConfig extends ProviderConfig {
+
+  @Key("idpConfig")
+  private GenericJson idpConfig;
+
+  @Key("spConfig")
+  private GenericJson spConfig;
+
+  public String getIdpEntityId() {
+    return (String) idpConfig.get("idpEntityId");
+  }
+
+  public String getSsoUrl() {
+    return (String) idpConfig.get("ssoUrl");
+  }
+
+  public List<String> getX509Certificates() {
+    List<Map<String, String>> idpCertificates =
+        (List<Map<String, String>>) idpConfig.get("idpCertificates");
+    checkNotNull(idpCertificates);
+    ImmutableList.Builder<String> certificates = ImmutableList.<String>builder();
+    for (Map<String, String> idpCertificate : idpCertificates) {
+      certificates.add(idpCertificate.get("x509Certificate"));
+    }
+    return certificates.build();
+  }
+
+  public String getRpEntityId() {
+    return (String) spConfig.get("spEntityId");
+  }
+
+  public String getCallbackUrl() {
+    return (String) spConfig.get("callbackUri");
+  }
+
+  /**
+   * Returns a new {@link UpdateRequest}, which can be used to update the attributes of this
+   * provider config.
+   *
+   * @return a non-null {@link UpdateRequest} instance.
+   */
+  public UpdateRequest updateRequest() {
+    return new UpdateRequest(getProviderId());
+  }
+
+  static void checkSamlProviderId(String providerId) {
+    checkArgument(!Strings.isNullOrEmpty(providerId), "Provider ID must not be null or empty.");
+    checkArgument(providerId.startsWith("saml."),
+        "Invalid SAML provider ID (must be prefixed with 'saml.'): " + providerId);
+  }
+
+  private static List<Object> ensureNestedList(Map<String, Object> outerMap, String id) {
+    List<Object> list = (List<Object>) outerMap.get(id);
+    if (list == null) {
+      list = new ArrayList<Object>();
+      outerMap.put(id, list);
+    }
+    return list;
+  }
+
+  private static Map<String, Object> ensureNestedMap(Map<String, Object> outerMap, String id) {
+    Map<String, Object> map = (Map<String, Object>) outerMap.get(id);
+    if (map == null) {
+      map = new HashMap<String, Object>();
+      outerMap.put(id, map);
+    }
+    return map;
+  }
+
+  /**
+   * A specification class for creating a new SAML Auth provider.
+   *
+   * <p>Set the initial attributes of the new provider by calling various setter methods available
+   * in this class.
+   */
+  public static final class CreateRequest extends AbstractCreateRequest<CreateRequest> {
+
+    /**
+     * Creates a new {@link CreateRequest}, which can be used to create a new SAML Auth provider.
+     *
+     * <p>The returned object should be passed to
+     * {@link AbstractFirebaseAuth#createSamlProviderConfig(CreateRequest)} to register the provider
+     * information persistently.
+     */
+    public CreateRequest() { }
+
+    /**
+     * Sets the ID for the new provider.
+     *
+     * @param providerId A non-null, non-empty provider ID string.
+     * @throws IllegalArgumentException If the provider ID is null or empty, or is not prefixed with
+     *     'saml.'.
+     */
+    @Override
+    public CreateRequest setProviderId(String providerId) {
+      checkSamlProviderId(providerId);
+      return super.setProviderId(providerId);
+    }
+
+    /**
+     * Sets the IDP entity ID for the new provider.
+     *
+     * @param idpEntityId A non-null, non-empty IDP entity ID string.
+     * @throws IllegalArgumentException If the IDP entity ID is null or empty.
+     */
+    public CreateRequest setIdpEntityId(String idpEntityId) {
+      checkArgument(!Strings.isNullOrEmpty(idpEntityId),
+          "IDP entity ID must not be null or empty.");
+      ensureNestedMap(properties, "idpConfig").put("idpEntityId", idpEntityId);
+      return this;
+    }
+
+    /**
+     * Sets the SSO URL for the new provider.
+     *
+     * @param ssoUrl A non-null, non-empty SSO URL string.
+     * @throws IllegalArgumentException If the SSO URL is null or empty, or if the format is
+     *     invalid.
+     */
+    public CreateRequest setSsoUrl(String ssoUrl) {
+      checkArgument(!Strings.isNullOrEmpty(ssoUrl), "SSO URL must not be null or empty.");
+      assertValidUrl(ssoUrl);
+      ensureNestedMap(properties, "idpConfig").put("ssoUrl", ssoUrl);
+      return this;
+    }
+
+    /**
+     * Adds a x509 certificate to the new provider.
+     *
+     * @param x509Certificate A non-null, non-empty x509 certificate string.
+     * @throws IllegalArgumentException If the x509 certificate is null or empty.
+     */
+    public CreateRequest addX509Certificate(String x509Certificate) {
+      checkArgument(!Strings.isNullOrEmpty(x509Certificate),
+          "The x509 certificate must not be null or empty.");
+      Map<String, Object> idpConfigProperties = ensureNestedMap(properties, "idpConfig");
+      List<Object> x509Certificates = ensureNestedList(idpConfigProperties, "idpCertificates");
+      x509Certificates.add(ImmutableMap.<String, Object>of("x509Certificate", x509Certificate));
+      return this;
+    }
+
+    /**
+     * Adds a collection of x509 certificates to the new provider.
+     *
+     * @param x509Certificates A non-null, non-empty collection of x509 certificate strings.
+     * @throws IllegalArgumentException If the collection is null or empty, or if any x509
+     *     certificates are null or empty.
+     */
+    public CreateRequest addAllX509Certificates(Collection<String> x509Certificates) {
+      checkArgument(x509Certificates != null,
+          "The collection of x509 certificates must not be null.");
+      checkArgument(!x509Certificates.isEmpty(),
+          "The collection of x509 certificates must not be empty.");
+      for (String certificate : x509Certificates) {
+        addX509Certificate(certificate);
+      }
+      return this;
+    }
+
+    /**
+     * Sets the RP entity ID for the new provider.
+     *
+     * @param rpEntityId A non-null, non-empty RP entity ID string.
+     * @throws IllegalArgumentException If the RP entity ID is null or empty.
+     */
+    public CreateRequest setRpEntityId(String rpEntityId) {
+      checkArgument(!Strings.isNullOrEmpty(rpEntityId), "RP entity ID must not be null or empty.");
+      ensureNestedMap(properties, "spConfig").put("spEntityId", rpEntityId);
+      return this;
+    }
+
+    /**
+     * Sets the callback URL for the new provider.
+     *
+     * @param callbackUrl A non-null, non-empty callback URL string.
+     * @throws IllegalArgumentException If the callback URL is null or empty, or if the format is
+     *     invalid.
+     */
+    public CreateRequest setCallbackUrl(String callbackUrl) {
+      checkArgument(!Strings.isNullOrEmpty(callbackUrl), "Callback URL must not be null or empty.");
+      assertValidUrl(callbackUrl);
+      ensureNestedMap(properties, "spConfig").put("callbackUri", callbackUrl);
+      return this;
+    }
+
+    CreateRequest getThis() {
+      return this;
+    }
+  }
+
+  /**
+   * A specification class for updating an existing SAML Auth provider.
+   *
+   * <p>An instance of this class can be obtained via a {@link SamlProviderConfig} object, or from
+   * a provider ID string. Specify the changes to be made to the provider config by calling the
+   * various setter methods available in this class.
+   */
+  public static final class UpdateRequest extends AbstractUpdateRequest<UpdateRequest> {
+    /**
+     * Creates a new {@link UpdateRequest}, which can be used to updates an existing SAML Auth
+     * provider.
+     *
+     * <p>The returned object should be passed to
+     * {@link AbstractFirebaseAuth#updateSamlProviderConfig(UpdateRequest)} to update the provider
+     * information persistently.
+     *
+     * @param providerId a non-null, non-empty provider ID string.
+     * @throws IllegalArgumentException If the provider ID is null or empty, or is not prefixed with
+     *     'saml.'.
+     */
+    public UpdateRequest(String providerId) {
+      super(providerId);
+      checkSamlProviderId(providerId);
+    }
+
+    /**
+     * Sets the IDP entity ID for the existing provider.
+     *
+     * @param idpEntityId A non-null, non-empty IDP entity ID string.
+     * @throws IllegalArgumentException If the IDP entity ID is null or empty.
+     */
+    public UpdateRequest setIdpEntityId(String idpEntityId) {
+      checkArgument(!Strings.isNullOrEmpty(idpEntityId),
+          "IDP entity ID must not be null or empty.");
+      ensureNestedMap(properties, "idpConfig").put("idpEntityId", idpEntityId);
+      return this;
+    }
+
+    /**
+     * Sets the SSO URL for the existing provider.
+     *
+     * @param ssoUrl A non-null, non-empty SSO URL string.
+     * @throws IllegalArgumentException If the SSO URL is null or empty, or if the format is
+     *     invalid.
+     */
+    public UpdateRequest setSsoUrl(String ssoUrl) {
+      checkArgument(!Strings.isNullOrEmpty(ssoUrl), "SSO URL must not be null or empty.");
+      assertValidUrl(ssoUrl);
+      ensureNestedMap(properties, "idpConfig").put("ssoUrl", ssoUrl);
+      return this;
+    }
+
+    /**
+     * Adds a x509 certificate to the existing provider.
+     *
+     * @param x509Certificate A non-null, non-empty x509 certificate string.
+     * @throws IllegalArgumentException If the x509 certificate is null or empty.
+     */
+    public UpdateRequest addX509Certificate(String x509Certificate) {
+      checkArgument(!Strings.isNullOrEmpty(x509Certificate),
+          "The x509 certificate must not be null or empty.");
+      Map<String, Object> idpConfigProperties = ensureNestedMap(properties, "idpConfig");
+      List<Object> x509Certificates = ensureNestedList(idpConfigProperties, "idpCertificates");
+      x509Certificates.add(ImmutableMap.<String, Object>of("x509Certificate", x509Certificate));
+      return this;
+    }
+
+    /**
+     * Adds a collection of x509 certificates to the existing provider.
+     *
+     * @param x509Certificates A non-null, non-empty collection of x509 certificate strings.
+     * @throws IllegalArgumentException If the collection is null or empty, or if any x509
+     *     certificates are null or empty.
+     */
+    public UpdateRequest addAllX509Certificates(Collection<String> x509Certificates) {
+      checkArgument(x509Certificates != null,
+          "The collection of x509 certificates must not be null.");
+      checkArgument(!x509Certificates.isEmpty(),
+          "The collection of x509 certificates must not be empty.");
+      for (String certificate : x509Certificates) {
+        addX509Certificate(certificate);
+      }
+      return this;
+    }
+
+    /**
+     * Sets the RP entity ID for the existing provider.
+     *
+     * @param rpEntityId A non-null, non-empty RP entity ID string.
+     * @throws IllegalArgumentException If the RP entity ID is null or empty.
+     */
+    public UpdateRequest setRpEntityId(String rpEntityId) {
+      checkArgument(!Strings.isNullOrEmpty(rpEntityId), "RP entity ID must not be null or empty.");
+      ensureNestedMap(properties, "spConfig").put("spEntityId", rpEntityId);
+      return this;
+    }
+
+    /**
+     * Sets the callback URL for the exising provider.
+     *
+     * @param callbackUrl A non-null, non-empty callback URL string.
+     * @throws IllegalArgumentException If the callback URL is null or empty, or if the format is
+     *     invalid.
+     */
+    public UpdateRequest setCallbackUrl(String callbackUrl) {
+      checkArgument(!Strings.isNullOrEmpty(callbackUrl), "Callback URL must not be null or empty.");
+      assertValidUrl(callbackUrl);
+      ensureNestedMap(properties, "spConfig").put("callbackUri", callbackUrl);
+      return this;
+    }
+
+    UpdateRequest getThis() {
+      return this;
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/UserRecord.java b/src/main/java/com/google/firebase/auth/UserRecord.java
index 64e7c278c..0af08f65b 100644
--- a/src/main/java/com/google/firebase/auth/UserRecord.java
+++ b/src/main/java/com/google/firebase/auth/UserRecord.java
@@ -50,6 +50,7 @@ public class UserRecord implements UserInfo {
   private static final int MAX_CLAIMS_PAYLOAD_SIZE = 1000;
 
   private final String uid;
+  private final String tenantId;
   private final String email;
   private final String phoneNumber;
   private final boolean emailVerified;
@@ -66,6 +67,7 @@ public class UserRecord implements UserInfo {
     checkNotNull(jsonFactory, "jsonFactory must not be null");
     checkArgument(!Strings.isNullOrEmpty(response.getUid()), "uid must not be null or empty");
     this.uid = response.getUid();
+    this.tenantId = response.getTenantId();
     this.email = response.getEmail();
     this.phoneNumber = response.getPhoneNumber();
     this.emailVerified = response.isEmailVerified();
@@ -116,6 +118,16 @@ public String getUid() {
     return uid;
   }
 
+  /**
+   * Returns the tenant ID associated with this user, if one exists.
+   *
+   * @return a tenant ID string or null.
+   */
+  @Nullable
+  public String getTenantId() {
+    return this.tenantId;
+  }
+
   /**
    * Returns the provider ID of this user.
    *
@@ -199,9 +211,9 @@ public UserInfo[] getProviderData() {
   }
 
   /**
-   * Returns a timestamp in milliseconds since epoch, truncated down to the closest second. 
+   * Returns a timestamp in milliseconds since epoch, truncated down to the closest second.
    * Tokens minted before this timestamp are considered invalid.
-   * 
+   *
    * @return Timestamp in milliseconds since the epoch. Tokens minted before this timestamp are
    *     considered invalid.
    */
@@ -371,10 +383,10 @@ public CreateRequest setEmailVerified(boolean emailVerified) {
     /**
      * Sets the display name for the new user.
      *
-     * @param displayName a non-null, non-empty display name string.
+     * @param displayName a non-null display name string.
      */
     public CreateRequest setDisplayName(String displayName) {
-      checkNotNull(displayName, "displayName cannot be null or empty");
+      checkNotNull(displayName, "displayName cannot be null");
       properties.put("displayName", displayName);
       return this;
     }
diff --git a/src/main/java/com/google/firebase/auth/internal/AuthHttpClient.java b/src/main/java/com/google/firebase/auth/internal/AuthHttpClient.java
new file mode 100644
index 000000000..ad77236d1
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/internal/AuthHttpClient.java
@@ -0,0 +1,160 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpContent;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.HttpResponse;
+import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.http.HttpResponseInterceptor;
+import com.google.api.client.http.json.JsonHttpContent;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.json.JsonObjectParser;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSortedSet;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.internal.SdkUtils;
+import java.io.IOException;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Provides a convenient API for making REST calls to the Firebase Auth backend servers.
+ */
+public final class AuthHttpClient {
+
+  public static final String CONFIGURATION_NOT_FOUND_ERROR = "configuration-not-found";
+  public static final String INTERNAL_ERROR = "internal-error";
+  public static final String TENANT_NOT_FOUND_ERROR = "tenant-not-found";
+  public static final String USER_NOT_FOUND_ERROR = "user-not-found";
+
+  private static final String CLIENT_VERSION_HEADER = "X-Client-Version";
+
+  private static final String CLIENT_VERSION = "Java/Admin/" + SdkUtils.getVersion();
+
+  // Map of server-side error codes to SDK error codes.
+  // SDK error codes defined at: https://firebase.google.com/docs/auth/admin/errors
+  private static final Map<String, String> ERROR_CODES = ImmutableMap.<String, String>builder()
+      .put("CLAIMS_TOO_LARGE", "claims-too-large")
+      .put("CONFIGURATION_NOT_FOUND", CONFIGURATION_NOT_FOUND_ERROR)
+      .put("INSUFFICIENT_PERMISSION", "insufficient-permission")
+      .put("DUPLICATE_EMAIL", "email-already-exists")
+      .put("DUPLICATE_LOCAL_ID", "uid-already-exists")
+      .put("EMAIL_EXISTS", "email-already-exists")
+      .put("INVALID_CLAIMS", "invalid-claims")
+      .put("INVALID_EMAIL", "invalid-email")
+      .put("INVALID_PAGE_SELECTION", "invalid-page-token")
+      .put("INVALID_PHONE_NUMBER", "invalid-phone-number")
+      .put("PHONE_NUMBER_EXISTS", "phone-number-already-exists")
+      .put("PROJECT_NOT_FOUND", "project-not-found")
+      .put("USER_NOT_FOUND", USER_NOT_FOUND_ERROR)
+      .put("WEAK_PASSWORD", "invalid-password")
+      .put("UNAUTHORIZED_DOMAIN", "unauthorized-continue-uri")
+      .put("INVALID_DYNAMIC_LINK_DOMAIN", "invalid-dynamic-link-domain")
+      .put("TENANT_NOT_FOUND", TENANT_NOT_FOUND_ERROR)
+      .build();
+
+  private final JsonFactory jsonFactory;
+  private final HttpRequestFactory requestFactory;
+
+  private HttpResponseInterceptor interceptor;
+
+  public AuthHttpClient(JsonFactory jsonFactory, HttpRequestFactory requestFactory) {
+    this.jsonFactory = jsonFactory;
+    this.requestFactory = requestFactory;
+  }
+
+  public static Set<String> generateMask(Map<String, Object> properties) {
+    ImmutableSortedSet.Builder<String> maskBuilder = ImmutableSortedSet.naturalOrder();
+    for (Map.Entry<String, Object> entry : properties.entrySet()) {
+      if (entry.getValue() instanceof Map) {
+        Set<String> childMask = generateMask((Map<String, Object>) entry.getValue());
+        for (String childProperty : childMask) {
+          maskBuilder.add(entry.getKey() + "." + childProperty);
+        }
+      } else {
+        maskBuilder.add(entry.getKey());
+      }
+    }
+    return maskBuilder.build();
+  }
+
+  public void setInterceptor(HttpResponseInterceptor interceptor) {
+    this.interceptor = interceptor;
+  }
+
+  public <T> T sendRequest(
+      String method, GenericUrl url,
+      @Nullable Object content, Class<T> clazz) throws FirebaseAuthException {
+
+    checkArgument(!Strings.isNullOrEmpty(method), "method must not be null or empty");
+    checkNotNull(url, "url must not be null");
+    checkNotNull(clazz, "response class must not be null");
+    HttpResponse response = null;
+    try {
+      HttpContent httpContent = content != null ? new JsonHttpContent(jsonFactory, content) : null;
+      HttpRequest request =
+          requestFactory.buildRequest(method.equals("PATCH") ? "POST" : method, url, httpContent);
+      request.setParser(new JsonObjectParser(jsonFactory));
+      request.getHeaders().set(CLIENT_VERSION_HEADER, CLIENT_VERSION);
+      if (method.equals("PATCH")) {
+        request.getHeaders().set("X-HTTP-Method-Override", "PATCH");
+      }
+      request.setResponseInterceptor(interceptor);
+      response = request.execute();
+      return response.parseAs(clazz);
+    } catch (HttpResponseException e) {
+      // Server responded with an HTTP error
+      handleHttpError(e);
+      return null;
+    } catch (IOException e) {
+      // All other IO errors (Connection refused, reset, parse error etc.)
+      throw new FirebaseAuthException(
+          INTERNAL_ERROR, "Error while calling the Firebase Auth backend service", e);
+    } finally {
+      if (response != null) {
+        try {
+          response.disconnect();
+        } catch (IOException ignored) {
+          // Ignored
+        }
+      }
+    }
+  }
+
+  private void handleHttpError(HttpResponseException e) throws FirebaseAuthException {
+    try {
+      HttpErrorResponse response = jsonFactory.fromString(e.getContent(), HttpErrorResponse.class);
+      String code = ERROR_CODES.get(response.getErrorCode());
+      if (code != null) {
+        throw new FirebaseAuthException(code, "Firebase Auth service responded with an error", e);
+      }
+    } catch (IOException ignored) {
+      // Ignored
+    }
+    String msg = String.format(
+        "Unexpected HTTP response with status: %d; body: %s", e.getStatusCode(), e.getContent());
+    throw new FirebaseAuthException(INTERNAL_ERROR, msg, e);
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/internal/FirebaseCustomAuthToken.java b/src/main/java/com/google/firebase/auth/internal/FirebaseCustomAuthToken.java
index e67576464..2fe0b1859 100644
--- a/src/main/java/com/google/firebase/auth/internal/FirebaseCustomAuthToken.java
+++ b/src/main/java/com/google/firebase/auth/internal/FirebaseCustomAuthToken.java
@@ -22,6 +22,7 @@
 import com.google.api.client.json.webtoken.JsonWebSignature;
 import com.google.api.client.util.Key;
 import com.google.firebase.auth.FirebaseToken;
+import com.google.firebase.internal.Nullable;
 
 import java.io.IOException;
 
@@ -77,6 +78,9 @@ public static class Payload extends IdToken.Payload {
     @Key("claims")
     private GenericJson developerClaims;
 
+    @Key("tenant_id")
+    private String tenantId;
+
     public final String getUid() {
       return uid;
     }
@@ -95,6 +99,15 @@ public Payload setDeveloperClaims(GenericJson developerClaims) {
       return this;
     }
 
+    public final String getTenantId() {
+      return tenantId;
+    }
+
+    public Payload setTenantId(String tenantId) {
+      this.tenantId = tenantId;
+      return this;
+    }
+
     @Override
     public Payload setIssuer(String issuer) {
       return (Payload) super.setIssuer(issuer);
diff --git a/src/main/java/com/google/firebase/auth/internal/FirebaseTokenFactory.java b/src/main/java/com/google/firebase/auth/internal/FirebaseTokenFactory.java
index 95d313134..778911d46 100644
--- a/src/main/java/com/google/firebase/auth/internal/FirebaseTokenFactory.java
+++ b/src/main/java/com/google/firebase/auth/internal/FirebaseTokenFactory.java
@@ -25,8 +25,9 @@
 import com.google.api.client.util.Base64;
 import com.google.api.client.util.Clock;
 import com.google.api.client.util.StringUtils;
-
 import com.google.common.base.Strings;
+import com.google.firebase.internal.Nullable;
+
 import java.io.IOException;
 import java.util.Collection;
 import java.util.Map;
@@ -41,11 +42,18 @@ public class FirebaseTokenFactory {
   private final JsonFactory jsonFactory;
   private final Clock clock;
   private final CryptoSigner signer;
+  private final String tenantId;
 
   public FirebaseTokenFactory(JsonFactory jsonFactory, Clock clock, CryptoSigner signer) {
+    this(jsonFactory, clock, signer, null);
+  }
+
+  public FirebaseTokenFactory(
+      JsonFactory jsonFactory, Clock clock, CryptoSigner signer, @Nullable String tenantId) {
     this.jsonFactory = checkNotNull(jsonFactory);
     this.clock = checkNotNull(clock);
     this.signer = checkNotNull(signer);
+    this.tenantId = tenantId;
   }
 
   String createSignedCustomAuthTokenForUser(String uid) throws IOException {
@@ -68,6 +76,9 @@ public String createSignedCustomAuthTokenForUser(
             .setAudience(FirebaseCustomAuthToken.FIREBASE_AUDIENCE)
             .setIssuedAtTimeSeconds(issuedAt)
             .setExpirationTimeSeconds(issuedAt + FirebaseCustomAuthToken.TOKEN_DURATION_SECONDS);
+    if (!Strings.isNullOrEmpty(tenantId)) {
+      payload.setTenantId(tenantId);
+    }
 
     if (developerClaims != null) {
       Collection<String> reservedNames = payload.getClassInfo().getNames();
diff --git a/src/main/java/com/google/firebase/auth/internal/GetAccountInfoResponse.java b/src/main/java/com/google/firebase/auth/internal/GetAccountInfoResponse.java
index e84335891..7bde3eb39 100644
--- a/src/main/java/com/google/firebase/auth/internal/GetAccountInfoResponse.java
+++ b/src/main/java/com/google/firebase/auth/internal/GetAccountInfoResponse.java
@@ -46,6 +46,9 @@ public static class User {
     @Key("localId")
     private String uid;
 
+    @Key("tenantId")
+    private String tenantId;
+
     @Key("email")
     private String email;
 
@@ -86,6 +89,10 @@ public String getUid() {
       return uid;
     }
 
+    public String getTenantId() {
+      return tenantId;
+    }
+
     public String getEmail() {
       return email;
     }
@@ -129,7 +136,7 @@ public String getLastRefreshAt() {
     public long getValidSince() {
       return validSince;
     }
-    
+
     public String getCustomClaims() {
       return customClaims;
     }
diff --git a/src/main/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponse.java b/src/main/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponse.java
new file mode 100644
index 000000000..187f98cf5
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponse.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import com.google.api.client.util.Key;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.auth.OidcProviderConfig;
+import java.util.List;
+
+/**
+ * JSON data binding for ListOAuthIdpConfigsResponse messages sent by Google identity toolkit
+ * service.
+ */
+public final class ListOidcProviderConfigsResponse
+    implements ListProviderConfigsResponse<OidcProviderConfig> {
+
+  @Key("oauthIdpConfigs")
+  private List<OidcProviderConfig> providerConfigs;
+
+  @Key("nextPageToken")
+  private String pageToken;
+
+  @VisibleForTesting
+  public ListOidcProviderConfigsResponse(
+      List<OidcProviderConfig> providerConfigs, String pageToken) {
+    this.providerConfigs = providerConfigs;
+    this.pageToken = pageToken;
+  }
+
+  public ListOidcProviderConfigsResponse() { }
+
+  @Override
+  public List<OidcProviderConfig> getProviderConfigs() {
+    return providerConfigs == null ? ImmutableList.<OidcProviderConfig>of() : providerConfigs;
+  }
+
+  @Override
+  public boolean hasProviderConfigs() {
+    return providerConfigs != null && !providerConfigs.isEmpty();
+  }
+
+  @Override
+  public String getPageToken() {
+    return Strings.nullToEmpty(pageToken);
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/internal/ListProviderConfigsResponse.java b/src/main/java/com/google/firebase/auth/internal/ListProviderConfigsResponse.java
new file mode 100644
index 000000000..2f25ae623
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/internal/ListProviderConfigsResponse.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import com.google.firebase.auth.ProviderConfig;
+import java.util.List;
+
+/**
+ * Interface for config list response messages sent by Google identity toolkit service.
+ */
+public interface ListProviderConfigsResponse<T extends ProviderConfig> {
+
+  public List<T> getProviderConfigs();
+
+  public boolean hasProviderConfigs();
+
+  public String getPageToken();
+}
diff --git a/src/main/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponse.java b/src/main/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponse.java
new file mode 100644
index 000000000..55b944d53
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponse.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import com.google.api.client.util.Key;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.auth.SamlProviderConfig;
+import java.util.List;
+
+/**
+ * JSON data binding for ListInboundSamlConfigsResponse messages sent by Google identity toolkit
+ * service.
+ */
+public final class ListSamlProviderConfigsResponse
+    implements ListProviderConfigsResponse<SamlProviderConfig> {
+
+  @Key("inboundSamlConfigs")
+  private List<SamlProviderConfig> providerConfigs;
+
+  @Key("nextPageToken")
+  private String pageToken;
+
+  @VisibleForTesting
+  public ListSamlProviderConfigsResponse(
+      List<SamlProviderConfig> providerConfigs, String pageToken) {
+    this.providerConfigs = providerConfigs;
+    this.pageToken = pageToken;
+  }
+
+  public ListSamlProviderConfigsResponse() { }
+
+  @Override
+  public List<SamlProviderConfig> getProviderConfigs() {
+    return providerConfigs == null ? ImmutableList.<SamlProviderConfig>of() : providerConfigs;
+  }
+
+  @Override
+  public boolean hasProviderConfigs() {
+    return providerConfigs != null && !providerConfigs.isEmpty();
+  }
+
+  @Override
+  public String getPageToken() {
+    return Strings.nullToEmpty(pageToken);
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/internal/ListTenantsResponse.java b/src/main/java/com/google/firebase/auth/internal/ListTenantsResponse.java
new file mode 100644
index 000000000..f1086921f
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/internal/ListTenantsResponse.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import com.google.api.client.util.Key;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.auth.multitenancy.Tenant;
+import java.util.List;
+
+/**
+ * JSON data binding for ListTenantsResponse messages sent by Google identity toolkit service.
+ */
+public final class ListTenantsResponse {
+
+  @Key("tenants")
+  private List<Tenant> tenants;
+
+  @Key("pageToken")
+  private String pageToken;
+
+  @VisibleForTesting
+  public ListTenantsResponse(List<Tenant> tenants, String pageToken) {
+    this.tenants = tenants;
+    this.pageToken = pageToken;
+  }
+
+  public ListTenantsResponse() { }
+
+  public List<Tenant> getTenants() {
+    return tenants == null ? ImmutableList.<Tenant>of() : tenants;
+  }
+
+  public boolean hasTenants() {
+    return tenants != null && !tenants.isEmpty();
+  }
+
+  public String getPageToken() {
+    return pageToken == null ? "" : pageToken;
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java b/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java
new file mode 100644
index 000000000..1278e63d5
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.HttpResponseInterceptor;
+import com.google.api.client.json.GenericJson;
+import com.google.api.client.json.JsonFactory;
+import com.google.common.base.Joiner;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.ImplFirebaseTrampolines;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.auth.internal.AuthHttpClient;
+import com.google.firebase.auth.internal.ListTenantsResponse;
+import com.google.firebase.internal.ApiClientUtils;
+import java.util.Map;
+
+final class FirebaseTenantClient {
+
+  static final int MAX_LIST_TENANTS_RESULTS = 100;
+
+  private static final String ID_TOOLKIT_URL =
+      "https://identitytoolkit.googleapis.com/%s/projects/%s";
+
+  private final String tenantMgtBaseUrl;
+  private final AuthHttpClient httpClient;
+
+  FirebaseTenantClient(FirebaseApp app) {
+    checkNotNull(app, "FirebaseApp must not be null");
+    String projectId = ImplFirebaseTrampolines.getProjectId(app);
+    checkArgument(!Strings.isNullOrEmpty(projectId),
+        "Project ID is required to access the auth service. Use a service account credential or "
+            + "set the project ID explicitly via FirebaseOptions. Alternatively you can also "
+            + "set the project ID via the GOOGLE_CLOUD_PROJECT environment variable.");
+    this.tenantMgtBaseUrl = String.format(ID_TOOLKIT_URL, "v2", projectId);
+    JsonFactory jsonFactory = app.getOptions().getJsonFactory();
+    HttpRequestFactory requestFactory = ApiClientUtils.newAuthorizedRequestFactory(app);
+    this.httpClient = new AuthHttpClient(jsonFactory, requestFactory);
+  }
+
+  void setInterceptor(HttpResponseInterceptor interceptor) {
+    httpClient.setInterceptor(interceptor);
+  }
+
+  Tenant getTenant(String tenantId) throws FirebaseAuthException {
+    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + getTenantUrlSuffix(tenantId));
+    return httpClient.sendRequest("GET", url, null, Tenant.class);
+  }
+
+  Tenant createTenant(Tenant.CreateRequest request) throws FirebaseAuthException {
+    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + "/tenants");
+    return httpClient.sendRequest("POST", url, request.getProperties(), Tenant.class);
+  }
+
+  Tenant updateTenant(Tenant.UpdateRequest request) throws FirebaseAuthException {
+    Map<String, Object> properties = request.getProperties();
+    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + getTenantUrlSuffix(request.getTenantId()));
+    url.put("updateMask", Joiner.on(",").join(AuthHttpClient.generateMask(properties)));
+    return httpClient.sendRequest("PATCH", url, properties, Tenant.class);
+  }
+
+  void deleteTenant(String tenantId) throws FirebaseAuthException {
+    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + getTenantUrlSuffix(tenantId));
+    httpClient.sendRequest("DELETE", url, null, GenericJson.class);
+  }
+
+  ListTenantsResponse listTenants(int maxResults, String pageToken)
+      throws FirebaseAuthException {
+    ImmutableMap.Builder<String, Object> builder =
+        ImmutableMap.<String, Object>builder().put("pageSize", maxResults);
+    if (pageToken != null) {
+      checkArgument(!pageToken.equals(
+          ListTenantsPage.END_OF_LIST), "Invalid end of list page token.");
+      builder.put("pageToken", pageToken);
+    }
+
+    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + "/tenants");
+    url.putAll(builder.build());
+    ListTenantsResponse response = httpClient.sendRequest(
+        "GET", url, null, ListTenantsResponse.class);
+    if (response == null) {
+      throw new FirebaseAuthException(AuthHttpClient.INTERNAL_ERROR, "Failed to retrieve tenants.");
+    }
+    return response;
+  }
+
+  private static String getTenantUrlSuffix(String tenantId) {
+    checkArgument(!Strings.isNullOrEmpty(tenantId), "Tenant ID must not be null or empty.");
+    return "/tenants/" + tenantId;
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/ListTenantsPage.java b/src/main/java/com/google/firebase/auth/multitenancy/ListTenantsPage.java
new file mode 100644
index 000000000..c1f393ddb
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/multitenancy/ListTenantsPage.java
@@ -0,0 +1,245 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.gax.paging.Page;
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.auth.internal.ListTenantsResponse;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.NoSuchElementException;
+
+/**
+ * Represents a page of {@link Tenant} instances.
+ *
+ * <p>Provides methods for iterating over the tenants in the current page, and calling up
+ * subsequent pages of tenants.
+ *
+ * <p>Instances of this class are thread-safe and immutable.
+ */
+public class ListTenantsPage implements Page<Tenant> {
+
+  static final String END_OF_LIST = "";
+
+  private final ListTenantsResponse currentBatch;
+  private final TenantSource source;
+  private final int maxResults;
+
+  private ListTenantsPage(
+      @NonNull ListTenantsResponse currentBatch, @NonNull TenantSource source, int maxResults) {
+    this.currentBatch = checkNotNull(currentBatch);
+    this.source = checkNotNull(source);
+    this.maxResults = maxResults;
+  }
+
+  /**
+   * Checks if there is another page of tenants available to retrieve.
+   *
+   * @return true if another page is available, or false otherwise.
+   */
+  @Override
+  public boolean hasNextPage() {
+    return !END_OF_LIST.equals(currentBatch.getPageToken());
+  }
+
+  /**
+   * Returns the string token that identifies the next page.
+   *
+   * <p>Never returns null. Returns empty string if there are no more pages available to be
+   * retrieved.
+   *
+   * @return A non-null string token (possibly empty, representing no more pages)
+   */
+  @NonNull
+  @Override
+  public String getNextPageToken() {
+    return currentBatch.getPageToken();
+  }
+
+  /**
+   * Returns the next page of tenants.
+   *
+   * @return A new {@link ListTenantsPage} instance, or null if there are no more pages.
+   */
+  @Nullable
+  @Override
+  public ListTenantsPage getNextPage() {
+    if (hasNextPage()) {
+      PageFactory factory = new PageFactory(source, maxResults, currentBatch.getPageToken());
+      try {
+        return factory.create();
+      } catch (FirebaseAuthException e) {
+        throw new RuntimeException(e);
+      }
+    }
+    return null;
+  }
+
+  /**
+   * Returns an {@link Iterable} that facilitates transparently iterating over all the tenants in
+   * the current Firebase project, starting from this page.
+   *
+   * <p>The {@link Iterator} instances produced by the returned {@link Iterable} never buffers more
+   * than one page of tenants at a time. It is safe to abandon the iterators (i.e. break the loops)
+   * at any time.
+   *
+   * @return a new {@link Iterable} instance.
+   */
+  @NonNull
+  @Override
+  public Iterable<Tenant> iterateAll() {
+    return new TenantIterable(this);
+  }
+
+  /**
+   * Returns an {@link Iterable} over the tenants in this page.
+   *
+   * @return a {@link Iterable} instance.
+   */
+  @NonNull
+  @Override
+  public Iterable<Tenant> getValues() {
+    return currentBatch.getTenants();
+  }
+
+  private static class TenantIterable implements Iterable<Tenant> {
+
+    private final ListTenantsPage startingPage;
+
+    TenantIterable(@NonNull ListTenantsPage startingPage) {
+      this.startingPage = checkNotNull(startingPage, "starting page must not be null");
+    }
+
+    @Override
+    @NonNull
+    public Iterator<Tenant> iterator() {
+      return new TenantIterator(startingPage);
+    }
+
+    /**
+     * An {@link Iterator} that cycles through tenants, one at a time.
+     *
+     * <p>It buffers the last retrieved batch of tenants in memory. The {@code maxResults} parameter
+     * is an upper bound on the batch size.
+     */
+    private static class TenantIterator implements Iterator<Tenant> {
+
+      private ListTenantsPage currentPage;
+      private List<Tenant> batch;
+      private int index = 0;
+
+      private TenantIterator(ListTenantsPage startingPage) {
+        setCurrentPage(startingPage);
+      }
+
+      @Override
+      public boolean hasNext() {
+        if (index == batch.size()) {
+          if (currentPage.hasNextPage()) {
+            setCurrentPage(currentPage.getNextPage());
+          } else {
+            return false;
+          }
+        }
+
+        return index < batch.size();
+      }
+
+      @Override
+      public Tenant next() {
+        if (!hasNext()) {
+          throw new NoSuchElementException();
+        }
+        return batch.get(index++);
+      }
+
+      @Override
+      public void remove() {
+        throw new UnsupportedOperationException("remove operation not supported");
+      }
+
+      private void setCurrentPage(ListTenantsPage page) {
+        this.currentPage = checkNotNull(page);
+        this.batch = ImmutableList.copyOf(page.getValues());
+        this.index = 0;
+      }
+    }
+  }
+
+  /**
+   * Represents a source of tenant data that can be queried to load a batch of tenants.
+   */
+  interface TenantSource {
+    @NonNull
+    ListTenantsResponse fetch(int maxResults, String pageToken)
+      throws FirebaseAuthException;
+  }
+
+  static class DefaultTenantSource implements TenantSource {
+
+    private final FirebaseTenantClient tenantClient;
+
+    DefaultTenantSource(FirebaseTenantClient tenantClient) {
+      this.tenantClient = checkNotNull(tenantClient, "Tenant client must not be null.");
+    }
+
+    @Override
+    public ListTenantsResponse fetch(int maxResults, String pageToken)
+        throws FirebaseAuthException {
+      return tenantClient.listTenants(maxResults, pageToken);
+    }
+  }
+
+  /**
+   * A simple factory class for {@link ListTenantsPage} instances.
+   *
+   * <p>Performs argument validation before attempting to load any tenant data (which is expensive,
+   * and hence may be performed asynchronously on a separate thread).
+   */
+  static class PageFactory {
+
+    private final TenantSource source;
+    private final int maxResults;
+    private final String pageToken;
+
+    PageFactory(@NonNull TenantSource source) {
+      this(source, FirebaseTenantClient.MAX_LIST_TENANTS_RESULTS, null);
+    }
+
+    PageFactory(@NonNull TenantSource source, int maxResults, @Nullable String pageToken) {
+      checkArgument(maxResults > 0 && maxResults <= FirebaseTenantClient.MAX_LIST_TENANTS_RESULTS,
+          "maxResults must be a positive integer that does not exceed %s",
+          FirebaseTenantClient.MAX_LIST_TENANTS_RESULTS);
+      checkArgument(!END_OF_LIST.equals(pageToken), "Invalid end of list page token.");
+      this.source = checkNotNull(source, "Source must not be null.");
+      this.maxResults = maxResults;
+      this.pageToken = pageToken;
+    }
+
+    ListTenantsPage create() throws FirebaseAuthException {
+      ListTenantsResponse batch = source.fetch(maxResults, pageToken);
+      return new ListTenantsPage(batch, source, maxResults);
+    }
+  }
+}
+
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/Tenant.java b/src/main/java/com/google/firebase/auth/multitenancy/Tenant.java
new file mode 100644
index 000000000..57d215e96
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/multitenancy/Tenant.java
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.api.client.util.Key;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Contains metadata associated with a Firebase tenant.
+ *
+ * <p>Instances of this class are immutable and thread safe.
+ */
+public final class Tenant {
+
+  @Key("name")
+  private String resourceName;
+
+  @Key("displayName")
+  private String displayName;
+
+  @Key("allowPasswordSignup")
+  private boolean passwordSignInAllowed;
+
+  @Key("enableEmailLinkSignin")
+  private boolean emailLinkSignInEnabled;
+
+  public String getTenantId() {
+    return resourceName.substring(resourceName.lastIndexOf("/") + 1);
+  }
+
+  public String getDisplayName() {
+    return displayName;
+  }
+
+  public boolean isPasswordSignInAllowed() {
+    return passwordSignInAllowed;
+  }
+
+  public boolean isEmailLinkSignInEnabled() {
+    return emailLinkSignInEnabled;
+  }
+
+  /**
+   * Returns a new {@link UpdateRequest}, which can be used to update the attributes of this tenant.
+   *
+   * @return a non-null {@link UpdateRequest} instance.
+   */
+  public UpdateRequest updateRequest() {
+    return new UpdateRequest(getTenantId());
+  }
+
+  /**
+   * A specification class for creating a new tenant.
+   *
+   * <p>Set the initial attributes of the new tenant by calling various setter methods available in
+   * this class. None of the attributes are required.
+   */
+  public static final class CreateRequest {
+
+    private final Map<String,Object> properties = new HashMap<>();
+
+    /**
+     * Creates a new {@link CreateRequest}, which can be used to create a new tenant.
+     *
+     * <p>The returned object should be passed to {@link TenantManager#createTenant(CreateRequest)}
+     * to register the tenant information persistently.
+     */
+    public CreateRequest() { }
+
+    /**
+     * Sets the display name for the new tenant.
+     *
+     * @param displayName a non-null, non-empty display name string.
+     */
+    public CreateRequest setDisplayName(String displayName) {
+      checkArgument(!Strings.isNullOrEmpty(displayName), "display name must not be null or empty");
+      properties.put("displayName", displayName);
+      return this;
+    }
+
+    /**
+     * Sets whether to allow email/password user authentication.
+     *
+     * @param passwordSignInAllowed a boolean indicating whether users can be authenticated using
+     *     an email and password.
+     */
+    public CreateRequest setPasswordSignInAllowed(boolean passwordSignInAllowed) {
+      properties.put("allowPasswordSignup", passwordSignInAllowed);
+      return this;
+    }
+
+    /**
+     * Sets whether to enable email link user authentication.
+     *
+     * @param emailLinkSignInEnabled a boolean indicating whether users can be authenticated using
+     *     an email link.
+     */
+    public CreateRequest setEmailLinkSignInEnabled(boolean emailLinkSignInEnabled) {
+      properties.put("enableEmailLinkSignin", emailLinkSignInEnabled);
+      return this;
+    }
+
+    Map<String, Object> getProperties() {
+      return ImmutableMap.copyOf(properties);
+    }
+  }
+
+  /**
+   * A class for updating the attributes of an existing tenant.
+   *
+   * <p>An instance of this class can be obtained via a {@link Tenant} object, or from a tenant ID
+   * string. Specify the changes to be made to the tenant by calling the various setter methods
+   * available in this class.
+   */
+  public static final class UpdateRequest {
+
+    private final String tenantId;
+    private final Map<String,Object> properties = new HashMap<>();
+
+    /**
+     * Creates a new {@link UpdateRequest}, which can be used to update the attributes of the
+     * of the tenant identified by the specified tenant ID.
+     *
+     * <p>This method allows updating attributes of a tenant account, without first having to call
+     * {@link TenantManager#getTenant(String)}.
+     *
+     * @param tenantId a non-null, non-empty tenant ID string.
+     * @throws IllegalArgumentException If the tenant ID is null or empty.
+     */
+    public UpdateRequest(String tenantId) {
+      checkArgument(!Strings.isNullOrEmpty(tenantId), "tenant ID must not be null or empty");
+      this.tenantId = tenantId;
+    }
+
+    String getTenantId() {
+      return tenantId;
+    }
+
+    /**
+     * Sets the display name of the existing tenant.
+     *
+     * @param displayName a non-null, non-empty display name string.
+     */
+    public UpdateRequest setDisplayName(String displayName) {
+      checkArgument(!Strings.isNullOrEmpty(displayName), "display name must not be null or empty");
+      properties.put("displayName", displayName);
+      return this;
+    }
+
+    /**
+     * Sets whether to allow email/password user authentication.
+     *
+     * @param passwordSignInAllowed a boolean indicating whether users can be authenticated using
+     *     an email and password.
+     */
+    public UpdateRequest setPasswordSignInAllowed(boolean passwordSignInAllowed) {
+      properties.put("allowPasswordSignup", passwordSignInAllowed);
+      return this;
+    }
+
+    /**
+     * Sets whether to enable email link user authentication.
+     *
+     * @param emailLinkSignInEnabled a boolean indicating whether users can be authenticated using
+     *     an email link.
+     */
+    public UpdateRequest setEmailLinkSignInEnabled(boolean emailLinkSignInEnabled) {
+      properties.put("enableEmailLinkSignin", emailLinkSignInEnabled);
+      return this;
+    }
+
+    Map<String, Object> getProperties() {
+      return ImmutableMap.copyOf(properties);
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java b/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java
new file mode 100644
index 000000000..540437404
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.common.base.Strings;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.auth.AbstractFirebaseAuth;
+
+/**
+ * The tenant-aware Firebase client.
+ *
+ * <p>This can be used to perform a variety of authentication-related operations, scoped to a
+ * particular tenant.
+ */
+public final class TenantAwareFirebaseAuth extends AbstractFirebaseAuth {
+
+  private final String tenantId;
+
+  TenantAwareFirebaseAuth(final FirebaseApp firebaseApp, final String tenantId) {
+    super(builderFromAppAndTenantId(firebaseApp, tenantId));
+    checkArgument(!Strings.isNullOrEmpty(tenantId));
+    this.tenantId = tenantId;
+  }
+
+  /** Returns the client's tenant ID. */
+  public String getTenantId() {
+    return tenantId;
+  }
+
+  @Override
+  protected void doDestroy() {
+    // Nothing extra needs to be destroyed.
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java b/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java
new file mode 100644
index 000000000..11f26b096
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java
@@ -0,0 +1,287 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.http.HttpResponseInterceptor;
+import com.google.api.core.ApiFuture;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.auth.FirebaseAuth;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.auth.multitenancy.ListTenantsPage.DefaultTenantSource;
+import com.google.firebase.auth.multitenancy.ListTenantsPage.PageFactory;
+import com.google.firebase.auth.multitenancy.ListTenantsPage.TenantSource;
+import com.google.firebase.auth.multitenancy.Tenant.CreateRequest;
+import com.google.firebase.auth.multitenancy.Tenant.UpdateRequest;
+import com.google.firebase.internal.CallableOperation;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * This class can be used to perform a variety of tenant-related operations, including creating,
+ * updating, and listing tenants.
+ */
+public final class TenantManager {
+
+  private final FirebaseApp firebaseApp;
+  private final FirebaseTenantClient tenantClient;
+  private final Map<String, TenantAwareFirebaseAuth> tenantAwareAuths;
+
+  /**
+   * Creates a new {@link TenantManager} instance. For internal use only. Use
+   * {@link FirebaseAuth#getTenantManager()} to obtain an instance for regular use.
+   *
+   * @hide
+   */
+  public TenantManager(FirebaseApp firebaseApp) {
+    this.firebaseApp = firebaseApp;
+    this.tenantClient = new FirebaseTenantClient(firebaseApp);
+    this.tenantAwareAuths = new HashMap<>();
+  }
+
+  @VisibleForTesting
+  void setInterceptor(HttpResponseInterceptor interceptor) {
+    this.tenantClient.setInterceptor(interceptor);
+  }
+
+  /**
+   * Gets the tenant corresponding to the specified tenant ID.
+   *
+   * @param tenantId A tenant ID string.
+   * @return A {@link Tenant} instance.
+   * @throws IllegalArgumentException If the tenant ID string is null or empty.
+   * @throws FirebaseAuthException If an error occurs while retrieving user data.
+   */
+  public Tenant getTenant(@NonNull String tenantId) throws FirebaseAuthException {
+    return getTenantOp(tenantId).call();
+  }
+
+  public synchronized TenantAwareFirebaseAuth getAuthForTenant(@NonNull String tenantId) {
+    checkArgument(!Strings.isNullOrEmpty(tenantId), "Tenant ID must not be null or empty.");
+    if (!tenantAwareAuths.containsKey(tenantId)) {
+      tenantAwareAuths.put(tenantId, new TenantAwareFirebaseAuth(firebaseApp, tenantId));
+    }
+    return tenantAwareAuths.get(tenantId);
+  }
+
+  /**
+   * Similar to {@link #getTenant(String)} but performs the operation asynchronously.
+   *
+   * @param tenantId A tenantId string.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link Tenant} instance
+   *     If an error occurs while retrieving tenant data or if the specified tenant ID does not
+   *     exist, the future throws a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the tenant ID string is null or empty.
+   */
+  public ApiFuture<Tenant> getTenantAsync(@NonNull String tenantId) {
+    return getTenantOp(tenantId).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<Tenant, FirebaseAuthException> getTenantOp(final String tenantId) {
+    checkArgument(!Strings.isNullOrEmpty(tenantId), "Tenant ID must not be null or empty.");
+    return new CallableOperation<Tenant, FirebaseAuthException>() {
+      @Override
+      protected Tenant execute() throws FirebaseAuthException {
+        return tenantClient.getTenant(tenantId);
+      }
+    };
+  }
+
+  /**
+   * Gets a page of tenants starting from the specified {@code pageToken}. Page size will be limited
+   * to 1000 tenants.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of tenants.
+   * @return A {@link ListTenantsPage} instance.
+   * @throws IllegalArgumentException If the specified page token is empty.
+   * @throws FirebaseAuthException If an error occurs while retrieving tenant data.
+   */
+  public ListTenantsPage listTenants(@Nullable String pageToken) throws FirebaseAuthException {
+    return listTenants(pageToken, FirebaseTenantClient.MAX_LIST_TENANTS_RESULTS);
+  }
+
+  /**
+   * Gets a page of tenants starting from the specified {@code pageToken}.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of tenants.
+   * @param maxResults Maximum number of tenants to include in the returned page. This may not
+   *     exceed 1000.
+   * @return A {@link ListTenantsPage} instance.
+   * @throws IllegalArgumentException If the specified page token is empty, or max results value is
+   *     invalid.
+   * @throws FirebaseAuthException If an error occurs while retrieving tenant data.
+   */
+  public ListTenantsPage listTenants(@Nullable String pageToken, int maxResults)
+      throws FirebaseAuthException {
+    return listTenantsOp(pageToken, maxResults).call();
+  }
+
+  /**
+   * Similar to {@link #listTenants(String)} but performs the operation asynchronously.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of tenants.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link ListTenantsPage}
+   *     instance. If an error occurs while retrieving tenant data, the future throws an exception.
+   * @throws IllegalArgumentException If the specified page token is empty.
+   */
+  public ApiFuture<ListTenantsPage> listTenantsAsync(@Nullable String pageToken) {
+    return listTenantsAsync(pageToken, FirebaseTenantClient.MAX_LIST_TENANTS_RESULTS);
+  }
+
+  /**
+   * Similar to {@link #listTenants(String, int)} but performs the operation asynchronously.
+   *
+   * @param pageToken A non-empty page token string, or null to retrieve the first page of tenants.
+   * @param maxResults Maximum number of tenants to include in the returned page. This may not
+   *     exceed 1000.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link ListTenantsPage}
+   *     instance. If an error occurs while retrieving tenant data, the future throws an exception.
+   * @throws IllegalArgumentException If the specified page token is empty, or max results value is
+   *     invalid.
+   */
+  public ApiFuture<ListTenantsPage> listTenantsAsync(@Nullable String pageToken, int maxResults) {
+    return listTenantsOp(pageToken, maxResults).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<ListTenantsPage, FirebaseAuthException> listTenantsOp(
+      @Nullable final String pageToken, final int maxResults) {
+    final TenantSource tenantSource = new DefaultTenantSource(tenantClient);
+    final PageFactory factory = new PageFactory(tenantSource, maxResults, pageToken);
+    return new CallableOperation<ListTenantsPage, FirebaseAuthException>() {
+      @Override
+      protected ListTenantsPage execute() throws FirebaseAuthException {
+        return factory.create();
+      }
+    };
+  }
+
+  /**
+   * Creates a new tenant with the attributes contained in the specified {@link CreateRequest}.
+   *
+   * @param request A non-null {@link CreateRequest} instance.
+   * @return A {@link Tenant} instance corresponding to the newly created tenant.
+   * @throws NullPointerException if the provided request is null.
+   * @throws FirebaseAuthException if an error occurs while creating the tenant.
+   */
+  public Tenant createTenant(@NonNull CreateRequest request) throws FirebaseAuthException {
+    return createTenantOp(request).call();
+  }
+
+  /**
+   * Similar to {@link #createTenant(CreateRequest)} but performs the operation asynchronously.
+   *
+   * @param request A non-null {@link CreateRequest} instance.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link Tenant}
+   *     instance corresponding to the newly created tenant. If an error occurs while creating the
+   *     tenant, the future throws a {@link FirebaseAuthException}.
+   * @throws NullPointerException if the provided request is null.
+   */
+  public ApiFuture<Tenant> createTenantAsync(@NonNull CreateRequest request) {
+    return createTenantOp(request).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<Tenant, FirebaseAuthException> createTenantOp(
+      final CreateRequest request) {
+    checkNotNull(request, "Create request must not be null.");
+    return new CallableOperation<Tenant, FirebaseAuthException>() {
+      @Override
+      protected Tenant execute() throws FirebaseAuthException {
+        return tenantClient.createTenant(request);
+      }
+    };
+  }
+
+
+  /**
+   * Updates an existing user account with the attributes contained in the specified {@link
+   * UpdateRequest}.
+   *
+   * @param request A non-null {@link UpdateRequest} instance.
+   * @return A {@link Tenant} instance corresponding to the updated user account.
+   * @throws NullPointerException if the provided update request is null.
+   * @throws FirebaseAuthException if an error occurs while updating the user account.
+   */
+  public Tenant updateTenant(@NonNull UpdateRequest request) throws FirebaseAuthException {
+    return updateTenantOp(request).call();
+  }
+
+  /**
+   * Similar to {@link #updateTenant(UpdateRequest)} but performs the operation asynchronously.
+   *
+   * @param request A non-null {@link UpdateRequest} instance.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link Tenant}
+   *     instance corresponding to the updated user account. If an error occurs while updating the
+   *     user account, the future throws a {@link FirebaseAuthException}.
+   */
+  public ApiFuture<Tenant> updateTenantAsync(@NonNull UpdateRequest request) {
+    return updateTenantOp(request).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<Tenant, FirebaseAuthException> updateTenantOp(
+      final UpdateRequest request) {
+    checkNotNull(request, "Update request must not be null.");
+    checkArgument(!request.getProperties().isEmpty(),
+        "Tenant update must have at least one property set.");
+    return new CallableOperation<Tenant, FirebaseAuthException>() {
+      @Override
+      protected Tenant execute() throws FirebaseAuthException {
+        return tenantClient.updateTenant(request);
+      }
+    };
+  }
+
+  /**
+   * Deletes the tenant identified by the specified tenant ID.
+   *
+   * @param tenantId A tenant ID string.
+   * @throws IllegalArgumentException If the tenant ID string is null or empty.
+   * @throws FirebaseAuthException If an error occurs while deleting the tenant.
+   */
+  public void deleteTenant(@NonNull String tenantId) throws FirebaseAuthException {
+    deleteTenantOp(tenantId).call();
+  }
+
+  /**
+   * Similar to {@link #deleteTenant(String)} but performs the operation asynchronously.
+   *
+   * @param tenantId A tenant ID string.
+   * @return An {@code ApiFuture} which will complete successfully when the specified tenant account
+   *     has been deleted. If an error occurs while deleting the tenant account, the future throws a
+   *     {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the tenant ID string is null or empty.
+   */
+  public ApiFuture<Void> deleteTenantAsync(String tenantId) {
+    return deleteTenantOp(tenantId).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<Void, FirebaseAuthException> deleteTenantOp(final String tenantId) {
+    checkArgument(!Strings.isNullOrEmpty(tenantId), "Tenant ID must not be null or empty.");
+    return new CallableOperation<Void, FirebaseAuthException>() {
+      @Override
+      protected Void execute() throws FirebaseAuthException {
+        tenantClient.deleteTenant(tenantId);
+        return null;
+      }
+    };
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index 2915d1ddd..803591d81 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -46,9 +46,12 @@
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.ImplFirebaseTrampolines;
-import com.google.firebase.auth.UserRecord.CreateRequest;
-import com.google.firebase.auth.UserRecord.UpdateRequest;
+import com.google.firebase.auth.ProviderConfigTestUtils.TemporaryProviderConfig;
+import com.google.firebase.auth.UserTestUtils.RandomUser;
+import com.google.firebase.auth.UserTestUtils.TemporaryUser;
 import com.google.firebase.auth.hash.Scrypt;
+import com.google.firebase.auth.internal.AuthHttpClient;
+import com.google.firebase.internal.Nullable;
 import com.google.firebase.testing.IntegrationTestUtils;
 import java.io.IOException;
 import java.net.URLDecoder;
@@ -56,15 +59,13 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Random;
-import java.util.UUID;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Semaphore;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicReference;
 
-import org.junit.BeforeClass;
+import org.junit.Rule;
 import org.junit.Test;
 
 public class FirebaseAuthIT {
@@ -81,13 +82,12 @@ public class FirebaseAuthIT {
   private static final HttpTransport transport = Utils.getDefaultTransport();
   private static final String ACTION_LINK_CONTINUE_URL = "http://localhost/?a=1&b=2#c=3";
 
-  private static FirebaseAuth auth;
+  private static final FirebaseAuth auth = FirebaseAuth.getInstance(
+      IntegrationTestUtils.ensureDefaultApp());
 
-  @BeforeClass
-  public static void setUpClass() {
-    FirebaseApp masterApp = IntegrationTestUtils.ensureDefaultApp();
-    auth = FirebaseAuth.getInstance(masterApp);
-  }
+  @Rule public final TemporaryUser temporaryUser = new TemporaryUser(auth);
+  @Rule public final TemporaryProviderConfig temporaryProviderConfig =
+      new TemporaryProviderConfig(auth);
 
   @Test
   public void testGetNonExistingUser() throws Exception {
@@ -96,7 +96,7 @@ public void testGetNonExistingUser() throws Exception {
       fail("No error thrown for non existing uid");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(FirebaseUserManager.USER_NOT_FOUND_ERROR,
+      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR,
           ((FirebaseAuthException) e.getCause()).getErrorCode());
     }
   }
@@ -108,7 +108,7 @@ public void testGetNonExistingUserByEmail() throws Exception {
       fail("No error thrown for non existing email");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(FirebaseUserManager.USER_NOT_FOUND_ERROR,
+      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR,
           ((FirebaseAuthException) e.getCause()).getErrorCode());
     }
   }
@@ -116,11 +116,11 @@ public void testGetNonExistingUserByEmail() throws Exception {
   @Test
   public void testUpdateNonExistingUser() throws Exception {
     try {
-      auth.updateUserAsync(new UpdateRequest("non.existing")).get();
+      auth.updateUserAsync(new UserRecord.UpdateRequest("non.existing")).get();
       fail("No error thrown for non existing uid");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(FirebaseUserManager.USER_NOT_FOUND_ERROR,
+      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR,
           ((FirebaseAuthException) e.getCause()).getErrorCode());
     }
   }
@@ -132,7 +132,7 @@ public void testDeleteNonExistingUser() throws Exception {
       fail("No error thrown for non existing uid");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(FirebaseUserManager.USER_NOT_FOUND_ERROR,
+      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR,
           ((FirebaseAuthException) e.getCause()).getErrorCode());
     }
   }
@@ -211,50 +211,46 @@ private ApiFuture<DeleteUsersResult> slowDeleteUsersAsync(List<String> uids) thr
 
   @Test
   public void testCreateUserWithParams() throws Exception {
-    RandomUser randomUser = RandomUser.create();
-    String phone = randomPhoneNumber();
-    CreateRequest user = new CreateRequest()
-        .setUid(randomUser.uid)
-        .setEmail(randomUser.email)
-        .setPhoneNumber(phone)
+    RandomUser randomUser = UserTestUtils.generateRandomUserInfo();
+    UserRecord.CreateRequest user = new UserRecord.CreateRequest()
+        .setUid(randomUser.getUid())
+        .setEmail(randomUser.getEmail())
+        .setPhoneNumber(randomUser.getPhoneNumber())
         .setDisplayName("Random User")
         .setPhotoUrl("https://example.com/photo.png")
         .setEmailVerified(true)
         .setPassword("password");
 
-    UserRecord userRecord = auth.createUserAsync(user).get();
-    try {
-      assertEquals(randomUser.uid, userRecord.getUid());
-      assertEquals("Random User", userRecord.getDisplayName());
-      assertEquals(randomUser.email, userRecord.getEmail());
-      assertEquals(phone, userRecord.getPhoneNumber());
-      assertEquals("https://example.com/photo.png", userRecord.getPhotoUrl());
-      assertTrue(userRecord.isEmailVerified());
-      assertFalse(userRecord.isDisabled());
-
-      assertEquals(2, userRecord.getProviderData().length);
-      List<String> providers = new ArrayList<>();
-      for (UserInfo provider : userRecord.getProviderData()) {
-        providers.add(provider.getProviderId());
-      }
-      assertTrue(providers.contains("password"));
-      assertTrue(providers.contains("phone"));
+    UserRecord userRecord = temporaryUser.create(user);
+    assertEquals(randomUser.getUid(), userRecord.getUid());
+    assertEquals("Random User", userRecord.getDisplayName());
+    assertEquals(randomUser.getEmail(), userRecord.getEmail());
+    assertEquals(randomUser.getPhoneNumber(), userRecord.getPhoneNumber());
+    assertEquals("https://example.com/photo.png", userRecord.getPhotoUrl());
+    assertTrue(userRecord.isEmailVerified());
+    assertFalse(userRecord.isDisabled());
 
-      checkRecreate(randomUser.uid);
-    } finally {
-      auth.deleteUserAsync(userRecord.getUid()).get();
+    assertEquals(2, userRecord.getProviderData().length);
+    List<String> providers = new ArrayList<>();
+    for (UserInfo provider : userRecord.getProviderData()) {
+      providers.add(provider.getProviderId());
     }
+    assertTrue(providers.contains("password"));
+    assertTrue(providers.contains("phone"));
+
+    checkRecreateUser(randomUser.getUid());
   }
 
   @Test
   public void testUserLifecycle() throws Exception {
     // Create user
-    UserRecord userRecord = auth.createUserAsync(new CreateRequest()).get();
+    UserRecord userRecord = auth.createUserAsync(new UserRecord.CreateRequest()).get();
     String uid = userRecord.getUid();
 
     // Get user
     userRecord = auth.getUserAsync(userRecord.getUid()).get();
     assertEquals(uid, userRecord.getUid());
+    assertNull(userRecord.getTenantId());
     assertNull(userRecord.getDisplayName());
     assertNull(userRecord.getEmail());
     assertNull(userRecord.getPhoneNumber());
@@ -267,20 +263,20 @@ public void testUserLifecycle() throws Exception {
     assertTrue(userRecord.getCustomClaims().isEmpty());
 
     // Update user
-    RandomUser randomUser = RandomUser.create();
-    String phone = randomPhoneNumber();
-    UpdateRequest request = userRecord.updateRequest()
+    RandomUser randomUser = UserTestUtils.generateRandomUserInfo();
+    UserRecord.UpdateRequest request = userRecord.updateRequest()
         .setDisplayName("Updated Name")
-        .setEmail(randomUser.email)
-        .setPhoneNumber(phone)
+        .setEmail(randomUser.getEmail())
+        .setPhoneNumber(randomUser.getPhoneNumber())
         .setPhotoUrl("https://example.com/photo.png")
         .setEmailVerified(true)
         .setPassword("secret");
     userRecord = auth.updateUserAsync(request).get();
     assertEquals(uid, userRecord.getUid());
+    assertNull(userRecord.getTenantId());
     assertEquals("Updated Name", userRecord.getDisplayName());
-    assertEquals(randomUser.email, userRecord.getEmail());
-    assertEquals(phone, userRecord.getPhoneNumber());
+    assertEquals(randomUser.getEmail(), userRecord.getEmail());
+    assertEquals(randomUser.getPhoneNumber(), userRecord.getPhoneNumber());
     assertEquals("https://example.com/photo.png", userRecord.getPhotoUrl());
     assertTrue(userRecord.isEmailVerified());
     assertFalse(userRecord.isDisabled());
@@ -299,8 +295,9 @@ public void testUserLifecycle() throws Exception {
         .setDisabled(true);
     userRecord = auth.updateUserAsync(request).get();
     assertEquals(uid, userRecord.getUid());
+    assertNull(userRecord.getTenantId());
     assertNull(userRecord.getDisplayName());
-    assertEquals(randomUser.email, userRecord.getEmail());
+    assertEquals(randomUser.getEmail(), userRecord.getEmail());
     assertNull(userRecord.getPhoneNumber());
     assertNull(userRecord.getPhotoUrl());
     assertTrue(userRecord.isEmailVerified());
@@ -310,22 +307,15 @@ public void testUserLifecycle() throws Exception {
 
     // Delete user
     auth.deleteUserAsync(userRecord.getUid()).get();
-    try {
-      auth.getUserAsync(userRecord.getUid()).get();
-      fail("No error thrown for deleted user");
-    } catch (ExecutionException e) {
-      assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(FirebaseUserManager.USER_NOT_FOUND_ERROR,
-          ((FirebaseAuthException) e.getCause()).getErrorCode());
-    }
+    UserTestUtils.assertUserDoesNotExist(auth, userRecord.getUid());
   }
 
   @Test
   public void testLastRefreshTime() throws Exception {
-    RandomUser user = RandomUser.create();
-    UserRecord newUserRecord = auth.createUser(new CreateRequest()
-                                                   .setUid(user.uid)
-                                                   .setEmail(user.email)
+    RandomUser user = UserTestUtils.generateRandomUserInfo();
+    UserRecord newUserRecord = auth.createUser(new UserRecord.CreateRequest()
+                                                   .setUid(user.getUid())
+                                                   .setEmail(user.getEmail())
                                                    .setEmailVerified(false)
                                                    .setPassword("password"));
 
@@ -366,110 +356,105 @@ public void testLastRefreshTime() throws Exception {
   public void testListUsers() throws Exception {
     final List<String> uids = new ArrayList<>();
 
-    try {
-      uids.add(auth.createUserAsync(new CreateRequest().setPassword("password")).get().getUid());
-      uids.add(auth.createUserAsync(new CreateRequest().setPassword("password")).get().getUid());
-      uids.add(auth.createUserAsync(new CreateRequest().setPassword("password")).get().getUid());
-
-      // Test list by batches
-      final AtomicInteger collected = new AtomicInteger(0);
-      ListUsersPage page = auth.listUsersAsync(null).get();
-      while (page != null) {
-        for (ExportedUserRecord user : page.getValues()) {
-          if (uids.contains(user.getUid())) {
-            collected.incrementAndGet();
-            assertNotNull("Missing passwordHash field. A common cause would be "
-                + "forgetting to add the \"Firebase Authentication Admin\" permission. See "
-                + "instructions in CONTRIBUTING.md", user.getPasswordHash());
-            assertNotNull(user.getPasswordSalt());
-          }
-        }
-        page = page.getNextPage();
-      }
-      assertEquals(uids.size(), collected.get());
+    for (int i = 0; i < 3; i++) {
+      UserRecord.CreateRequest createRequest =
+          new UserRecord.CreateRequest().setPassword("password");
+      uids.add(temporaryUser.create(createRequest).getUid());
+    }
 
-      // Test iterate all
-      collected.set(0);
-      page = auth.listUsersAsync(null).get();
-      for (ExportedUserRecord user : page.iterateAll()) {
+    // Test list by batches
+    final AtomicInteger collected = new AtomicInteger(0);
+    ListUsersPage page = auth.listUsersAsync(null).get();
+    while (page != null) {
+      for (ExportedUserRecord user : page.getValues()) {
         if (uids.contains(user.getUid())) {
           collected.incrementAndGet();
-          assertNotNull(user.getPasswordHash());
+          assertNotNull("Missing passwordHash field. A common cause would be "
+              + "forgetting to add the \"Firebase Authentication Admin\" permission. See "
+              + "instructions in CONTRIBUTING.md", user.getPasswordHash());
           assertNotNull(user.getPasswordSalt());
+          assertNull(user.getTenantId());
         }
       }
-      assertEquals(uids.size(), collected.get());
-
-      // Test iterate async
-      collected.set(0);
-      final Semaphore semaphore = new Semaphore(0);
-      final AtomicReference<Throwable> error = new AtomicReference<>();
-      ApiFuture<ListUsersPage> pageFuture = auth.listUsersAsync(null);
-      ApiFutures.addCallback(pageFuture, new ApiFutureCallback<ListUsersPage>() {
-        @Override
-        public void onFailure(Throwable t) {
-          error.set(t);
-          semaphore.release();
-        }
+      page = page.getNextPage();
+    }
+    assertEquals(uids.size(), collected.get());
+
+    // Test iterate all
+    collected.set(0);
+    page = auth.listUsersAsync(null).get();
+    for (ExportedUserRecord user : page.iterateAll()) {
+      if (uids.contains(user.getUid())) {
+        collected.incrementAndGet();
+        assertNotNull(user.getPasswordHash());
+        assertNotNull(user.getPasswordSalt());
+        assertNull(user.getTenantId());
+      }
+    }
+    assertEquals(uids.size(), collected.get());
+
+    // Test iterate async
+    collected.set(0);
+    final Semaphore semaphore = new Semaphore(0);
+    final AtomicReference<Throwable> error = new AtomicReference<>();
+    ApiFuture<ListUsersPage> pageFuture = auth.listUsersAsync(null);
+    ApiFutures.addCallback(pageFuture, new ApiFutureCallback<ListUsersPage>() {
+      @Override
+      public void onFailure(Throwable t) {
+        error.set(t);
+        semaphore.release();
+      }
 
-        @Override
-        public void onSuccess(ListUsersPage result) {
-          for (ExportedUserRecord user : result.iterateAll()) {
-            if (uids.contains(user.getUid())) {
-              collected.incrementAndGet();
-              assertNotNull(user.getPasswordHash());
-              assertNotNull(user.getPasswordSalt());
-            }
+      @Override
+      public void onSuccess(ListUsersPage result) {
+        for (ExportedUserRecord user : result.iterateAll()) {
+          if (uids.contains(user.getUid())) {
+            collected.incrementAndGet();
+            assertNotNull(user.getPasswordHash());
+            assertNotNull(user.getPasswordSalt());
+            assertNull(user.getTenantId());
           }
-          semaphore.release();
         }
-      }, MoreExecutors.directExecutor());
-      semaphore.acquire();
-      assertEquals(uids.size(), collected.get());
-      assertNull(error.get());
-    } finally {
-      for (String uid : uids) {
-        auth.deleteUserAsync(uid).get();
+        semaphore.release();
       }
-    }
+    }, MoreExecutors.directExecutor());
+    semaphore.acquire();
+    assertEquals(uids.size(), collected.get());
+    assertNull(error.get());
   }
 
   @Test
   public void testCustomClaims() throws Exception {
-    UserRecord userRecord = auth.createUserAsync(new CreateRequest()).get();
+    UserRecord userRecord = temporaryUser.create(new UserRecord.CreateRequest());
     String uid = userRecord.getUid();
 
-    try {
-      // New user should not have any claims
-      assertTrue(userRecord.getCustomClaims().isEmpty());
-
-      Map<String, Object> expected = ImmutableMap.<String, Object>of(
-          "admin", true, "package", "gold");
-      auth.setCustomUserClaimsAsync(uid, expected).get();
-
-      // Should have 2 claims
-      UserRecord updatedUser = auth.getUserAsync(uid).get();
-      assertEquals(2, updatedUser.getCustomClaims().size());
-      for (Map.Entry<String, Object> entry : expected.entrySet()) {
-        assertEquals(entry.getValue(), updatedUser.getCustomClaims().get(entry.getKey()));
-      }
+    // New user should not have any claims
+    assertTrue(userRecord.getCustomClaims().isEmpty());
 
-      // User's ID token should have the custom claims
-      String customToken = auth.createCustomTokenAsync(uid).get();
-      String idToken = signInWithCustomToken(customToken);
-      FirebaseToken decoded = auth.verifyIdTokenAsync(idToken).get();
-      Map<String, Object> result = decoded.getClaims();
-      for (Map.Entry<String, Object> entry : expected.entrySet()) {
-        assertEquals(entry.getValue(), result.get(entry.getKey()));
-      }
+    Map<String, Object> expected = ImmutableMap.<String, Object>of(
+        "admin", true, "package", "gold");
+    auth.setCustomUserClaimsAsync(uid, expected).get();
 
-      // Should be able to remove custom claims
-      auth.setCustomUserClaimsAsync(uid, null).get();
-      updatedUser = auth.getUserAsync(uid).get();
-      assertTrue(updatedUser.getCustomClaims().isEmpty());
-    } finally {
-      auth.deleteUserAsync(uid).get();
+    // Should have 2 claims
+    UserRecord updatedUser = auth.getUserAsync(uid).get();
+    assertEquals(2, updatedUser.getCustomClaims().size());
+    for (Map.Entry<String, Object> entry : expected.entrySet()) {
+      assertEquals(entry.getValue(), updatedUser.getCustomClaims().get(entry.getKey()));
     }
+
+    // User's ID token should have the custom claims
+    String customToken = auth.createCustomTokenAsync(uid).get();
+    String idToken = signInWithCustomToken(customToken);
+    FirebaseToken decoded = auth.verifyIdTokenAsync(idToken).get();
+    Map<String, Object> result = decoded.getClaims();
+    for (Map.Entry<String, Object> entry : expected.entrySet()) {
+      assertEquals(entry.getValue(), result.get(entry.getKey()));
+    }
+
+    // Should be able to remove custom claims
+    auth.setCustomUserClaimsAsync(uid, null).get();
+    updatedUser = auth.getUserAsync(uid).get();
+    assertTrue(updatedUser.getCustomClaims().isEmpty());
   }
 
   @Test
@@ -527,7 +512,7 @@ public void testVerifyIdToken() throws Exception {
     }
     idToken = signInWithCustomToken(customToken);
     decoded = auth.verifyIdTokenAsync(idToken, true).get();
-    assertEquals("user2", decoded.getUid());    
+    assertEquals("user2", decoded.getUid());
     auth.deleteUserAsync("user2");
   }
 
@@ -581,32 +566,29 @@ public void testCustomTokenWithClaims() throws Exception {
 
   @Test
   public void testImportUsers() throws Exception {
-    RandomUser randomUser = RandomUser.create();
+    RandomUser randomUser = UserTestUtils.generateRandomUserInfo();
     ImportUserRecord user = ImportUserRecord.builder()
-        .setUid(randomUser.uid)
-        .setEmail(randomUser.email)
+        .setUid(randomUser.getUid())
+        .setEmail(randomUser.getEmail())
         .build();
 
     UserImportResult result = auth.importUsersAsync(ImmutableList.of(user)).get();
+    temporaryUser.registerUid(randomUser.getUid());
     assertEquals(1, result.getSuccessCount());
     assertEquals(0, result.getFailureCount());
 
-    try {
-      UserRecord savedUser = auth.getUserAsync(randomUser.uid).get();
-      assertEquals(randomUser.email, savedUser.getEmail());
-    } finally {
-      auth.deleteUserAsync(randomUser.uid).get();
-    }
+    UserRecord savedUser = auth.getUserAsync(randomUser.getUid()).get();
+    assertEquals(randomUser.getEmail(), savedUser.getEmail());
   }
 
   @Test
   public void testImportUsersWithPassword() throws Exception {
-    RandomUser randomUser = RandomUser.create();
+    RandomUser randomUser = UserTestUtils.generateRandomUserInfo();
     final byte[] passwordHash = BaseEncoding.base64().decode(
         "V358E8LdWJXAO7muq0CufVpEOXaj8aFiC7T/rcaGieN04q/ZPJ08WhJEHGjj9lz/2TT+/86N5VjVoc5DdBhBiw==");
     ImportUserRecord user = ImportUserRecord.builder()
-        .setUid(randomUser.uid)
-        .setEmail(randomUser.email)
+        .setUid(randomUser.getUid())
+        .setEmail(randomUser.getEmail())
         .setPasswordHash(passwordHash)
         .setPasswordSalt("NaCl".getBytes())
         .build();
@@ -622,88 +604,309 @@ public void testImportUsersWithPassword() throws Exception {
             .setRounds(8)
             .setMemoryCost(14)
             .build())).get();
+    temporaryUser.registerUid(randomUser.getUid());
     assertEquals(1, result.getSuccessCount());
     assertEquals(0, result.getFailureCount());
 
-    try {
-      UserRecord savedUser = auth.getUserAsync(randomUser.uid).get();
-      assertEquals(randomUser.email, savedUser.getEmail());
-      String idToken = signInWithPassword(randomUser.email, "password");
-      assertFalse(Strings.isNullOrEmpty(idToken));
-    } finally {
-      auth.deleteUserAsync(randomUser.uid).get();
-    }
+    UserRecord savedUser = auth.getUserAsync(randomUser.getUid()).get();
+    assertEquals(randomUser.getEmail(), savedUser.getEmail());
+    String idToken = signInWithPassword(randomUser.getEmail(), "password");
+    assertFalse(Strings.isNullOrEmpty(idToken));
   }
 
   @Test
   public void testGeneratePasswordResetLink() throws Exception {
-    RandomUser user = RandomUser.create();
-    auth.createUser(new CreateRequest()
-        .setUid(user.uid)
-        .setEmail(user.email)
+    RandomUser user = UserTestUtils.generateRandomUserInfo();
+    temporaryUser.create(new UserRecord.CreateRequest()
+        .setUid(user.getUid())
+        .setEmail(user.getEmail())
         .setEmailVerified(false)
         .setPassword("password"));
-    try {
-      String link = auth.generatePasswordResetLink(user.email, ActionCodeSettings.builder()
-          .setUrl(ACTION_LINK_CONTINUE_URL)
-          .setHandleCodeInApp(false)
-          .build());
-      Map<String, String> linkParams = parseLinkParameters(link);
-      assertEquals(ACTION_LINK_CONTINUE_URL, linkParams.get("continueUrl"));
-      String email = resetPassword(user.email, "password", "newpassword",
-          linkParams.get("oobCode"));
-      assertEquals(user.email, email);
-      // Password reset also verifies the user's email
-      assertTrue(auth.getUser(user.uid).isEmailVerified());
-    } finally {
-      auth.deleteUser(user.uid);
-    }
+    String link = auth.generatePasswordResetLink(user.getEmail(), ActionCodeSettings.builder()
+        .setUrl(ACTION_LINK_CONTINUE_URL)
+        .setHandleCodeInApp(false)
+        .build());
+    Map<String, String> linkParams = parseLinkParameters(link);
+    assertEquals(ACTION_LINK_CONTINUE_URL, linkParams.get("continueUrl"));
+    String email = resetPassword(user.getEmail(), "password", "newpassword",
+        linkParams.get("oobCode"));
+    assertEquals(user.getEmail(), email);
+    // Password reset also verifies the user's email
+    assertTrue(auth.getUser(user.getUid()).isEmailVerified());
   }
 
   @Test
   public void testGenerateEmailVerificationResetLink() throws Exception {
-    RandomUser user = RandomUser.create();
-    auth.createUser(new CreateRequest()
-        .setUid(user.uid)
-        .setEmail(user.email)
+    RandomUser user = UserTestUtils.generateRandomUserInfo();
+    temporaryUser.create(new UserRecord.CreateRequest()
+        .setUid(user.getUid())
+        .setEmail(user.getEmail())
         .setEmailVerified(false)
         .setPassword("password"));
-    try {
-      String link = auth.generateEmailVerificationLink(user.email, ActionCodeSettings.builder()
-          .setUrl(ACTION_LINK_CONTINUE_URL)
-          .setHandleCodeInApp(false)
-          .build());
-      Map<String, String> linkParams = parseLinkParameters(link);
-      assertEquals(ACTION_LINK_CONTINUE_URL, linkParams.get("continueUrl"));
-      // There doesn't seem to be a public API for verifying an email, so we cannot do a more
-      // thorough test here.
-      assertEquals("verifyEmail", linkParams.get("mode"));
-    } finally {
-      auth.deleteUser(user.uid);
-    }
+    String link = auth.generateEmailVerificationLink(user.getEmail(), ActionCodeSettings.builder()
+        .setUrl(ACTION_LINK_CONTINUE_URL)
+        .setHandleCodeInApp(false)
+        .build());
+    Map<String, String> linkParams = parseLinkParameters(link);
+    assertEquals(ACTION_LINK_CONTINUE_URL, linkParams.get("continueUrl"));
+    // There doesn't seem to be a public API for verifying an email, so we cannot do a more
+    // thorough test here.
+    assertEquals("verifyEmail", linkParams.get("mode"));
   }
 
   @Test
   public void testGenerateSignInWithEmailLink() throws Exception {
-    RandomUser user = RandomUser.create();
-    auth.createUser(new CreateRequest()
-        .setUid(user.uid)
-        .setEmail(user.email)
+    RandomUser user = UserTestUtils.generateRandomUserInfo();
+    temporaryUser.create(new UserRecord.CreateRequest()
+        .setUid(user.getUid())
+        .setEmail(user.getEmail())
         .setEmailVerified(false)
         .setPassword("password"));
-    try {
-      String link = auth.generateSignInWithEmailLink(user.email, ActionCodeSettings.builder()
-          .setUrl(ACTION_LINK_CONTINUE_URL)
-          .setHandleCodeInApp(false)
-          .build());
-      Map<String, String> linkParams = parseLinkParameters(link);
-      assertEquals(ACTION_LINK_CONTINUE_URL, linkParams.get("continueUrl"));
-      String idToken = signInWithEmailLink(user.email, linkParams.get("oobCode"));
-      assertFalse(Strings.isNullOrEmpty(idToken));
-      assertTrue(auth.getUser(user.uid).isEmailVerified());
-    } finally {
-      auth.deleteUser(user.uid);
+    String link = auth.generateSignInWithEmailLink(user.getEmail(), ActionCodeSettings.builder()
+        .setUrl(ACTION_LINK_CONTINUE_URL)
+        .setHandleCodeInApp(false)
+        .build());
+    Map<String, String> linkParams = parseLinkParameters(link);
+    assertEquals(ACTION_LINK_CONTINUE_URL, linkParams.get("continueUrl"));
+    String idToken = signInWithEmailLink(user.getEmail(), linkParams.get("oobCode"));
+    assertFalse(Strings.isNullOrEmpty(idToken));
+    assertTrue(auth.getUser(user.getUid()).isEmailVerified());
+  }
+
+  @Test
+  public void testOidcProviderConfigLifecycle() throws Exception {
+    // Create provider config
+    String providerId = "oidc.provider-id";
+    OidcProviderConfig config = temporaryProviderConfig.createOidcProviderConfig(
+        new OidcProviderConfig.CreateRequest()
+            .setProviderId(providerId)
+            .setDisplayName("DisplayName")
+            .setEnabled(true)
+            .setClientId("ClientId")
+            .setIssuer("https://oidc.com/issuer"));
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("DisplayName", config.getDisplayName());
+    assertTrue(config.isEnabled());
+    assertEquals("ClientId", config.getClientId());
+    assertEquals("https://oidc.com/issuer", config.getIssuer());
+
+    // Get provider config
+    config = auth.getOidcProviderConfigAsync(providerId).get();
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("DisplayName", config.getDisplayName());
+    assertTrue(config.isEnabled());
+    assertEquals("ClientId", config.getClientId());
+    assertEquals("https://oidc.com/issuer", config.getIssuer());
+
+    // Update provider config
+    OidcProviderConfig.UpdateRequest updateRequest =
+        new OidcProviderConfig.UpdateRequest(providerId)
+            .setDisplayName("NewDisplayName")
+            .setEnabled(false)
+            .setClientId("NewClientId")
+            .setIssuer("https://oidc.com/new-issuer");
+    config = auth.updateOidcProviderConfigAsync(updateRequest).get();
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("NewDisplayName", config.getDisplayName());
+    assertFalse(config.isEnabled());
+    assertEquals("NewClientId", config.getClientId());
+    assertEquals("https://oidc.com/new-issuer", config.getIssuer());
+
+    // Delete provider config
+    temporaryProviderConfig.deleteOidcProviderConfig(providerId);
+    ProviderConfigTestUtils.assertOidcProviderConfigDoesNotExist(auth, providerId);
+  }
+
+  @Test
+  public void testListOidcProviderConfigs() throws Exception {
+    final List<String> providerIds = new ArrayList<>();
+
+    // Create provider configs
+    for (int i = 0; i < 3; i++) {
+      String providerId = "oidc.provider-id" + i;
+      providerIds.add(providerId);
+      temporaryProviderConfig.createOidcProviderConfig(
+          new OidcProviderConfig.CreateRequest()
+            .setProviderId(providerId)
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com/issuer"));
+    }
+
+    // Test list by batches
+    final AtomicInteger collected = new AtomicInteger(0);
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        auth.listOidcProviderConfigsAsync(null).get();
+    while (page != null) {
+      for (OidcProviderConfig providerConfig : page.getValues()) {
+        if (checkOidcProviderConfig(providerIds, providerConfig)) {
+          collected.incrementAndGet();
+        }
+      }
+      page = page.getNextPage();
+    }
+    assertEquals(providerIds.size(), collected.get());
+
+    // Test iterate all
+    collected.set(0);
+    page = auth.listOidcProviderConfigsAsync(null).get();
+    for (OidcProviderConfig providerConfig : page.iterateAll()) {
+      if (checkOidcProviderConfig(providerIds, providerConfig)) {
+        collected.incrementAndGet();
+      }
+    }
+    assertEquals(providerIds.size(), collected.get());
+
+    // Test iterate async
+    collected.set(0);
+    final Semaphore semaphore = new Semaphore(0);
+    final AtomicReference<Throwable> error = new AtomicReference<>();
+    ApiFuture<ListProviderConfigsPage<OidcProviderConfig>> pageFuture =
+        auth.listOidcProviderConfigsAsync(null);
+    ApiFutures.addCallback(
+        pageFuture,
+        new ApiFutureCallback<ListProviderConfigsPage<OidcProviderConfig>>() {
+          @Override
+          public void onFailure(Throwable t) {
+            error.set(t);
+            semaphore.release();
+          }
+
+          @Override
+          public void onSuccess(ListProviderConfigsPage<OidcProviderConfig> result) {
+            for (OidcProviderConfig providerConfig : result.iterateAll()) {
+              if (checkOidcProviderConfig(providerIds, providerConfig)) {
+                collected.incrementAndGet();
+              }
+            }
+            semaphore.release();
+          }
+        }, MoreExecutors.directExecutor());
+    semaphore.acquire();
+    assertEquals(providerIds.size(), collected.get());
+    assertNull(error.get());
+  }
+
+  @Test
+  public void testSamlProviderConfigLifecycle() throws Exception {
+    // Create provider config
+    String providerId = "saml.provider-id";
+    SamlProviderConfig config = temporaryProviderConfig.createSamlProviderConfig(
+        new SamlProviderConfig.CreateRequest()
+            .setProviderId(providerId)
+            .setDisplayName("DisplayName")
+            .setEnabled(true)
+            .setIdpEntityId("IDP_ENTITY_ID")
+            .setSsoUrl("https://example.com/login")
+            .addX509Certificate("certificate1")
+            .addX509Certificate("certificate2")
+            .setRpEntityId("RP_ENTITY_ID")
+            .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler"));
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("DisplayName", config.getDisplayName());
+    assertTrue(config.isEnabled());
+    assertEquals("IDP_ENTITY_ID", config.getIdpEntityId());
+    assertEquals("https://example.com/login", config.getSsoUrl());
+    assertEquals(ImmutableList.of("certificate1", "certificate2"), config.getX509Certificates());
+    assertEquals("RP_ENTITY_ID", config.getRpEntityId());
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", config.getCallbackUrl());
+
+    config = auth.getSamlProviderConfig(providerId);
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("DisplayName", config.getDisplayName());
+    assertTrue(config.isEnabled());
+    assertEquals("IDP_ENTITY_ID", config.getIdpEntityId());
+    assertEquals("https://example.com/login", config.getSsoUrl());
+    assertEquals(ImmutableList.of("certificate1", "certificate2"), config.getX509Certificates());
+    assertEquals("RP_ENTITY_ID", config.getRpEntityId());
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", config.getCallbackUrl());
+
+    // Update provider config
+    SamlProviderConfig.UpdateRequest updateRequest =
+        new SamlProviderConfig.UpdateRequest(providerId)
+            .setDisplayName("NewDisplayName")
+            .setEnabled(false)
+            .addX509Certificate("certificate");
+    config = auth.updateSamlProviderConfigAsync(updateRequest).get();
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("NewDisplayName", config.getDisplayName());
+    assertFalse(config.isEnabled());
+    assertEquals(ImmutableList.of("certificate"), config.getX509Certificates());
+
+    // Delete provider config
+    temporaryProviderConfig.deleteSamlProviderConfig(providerId);
+    ProviderConfigTestUtils.assertSamlProviderConfigDoesNotExist(auth, providerId);
+  }
+
+  @Test
+  public void testListSamlProviderConfigs() throws Exception {
+    final List<String> providerIds = new ArrayList<>();
+
+    // Create provider configs
+    for (int i = 0; i < 3; i++) {
+      String providerId = "saml.provider-id" + i;
+      providerIds.add(providerId);
+      temporaryProviderConfig.createSamlProviderConfig(
+          new SamlProviderConfig.CreateRequest()
+            .setProviderId(providerId)
+            .setIdpEntityId("IDP_ENTITY_ID")
+            .setSsoUrl("https://example.com/login")
+            .addX509Certificate("certificate")
+            .setRpEntityId("RP_ENTITY_ID")
+            .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler"));
+    }
+
+    // Test list by batches
+    final AtomicInteger collected = new AtomicInteger(0);
+    ListProviderConfigsPage<SamlProviderConfig> page =
+        auth.listSamlProviderConfigsAsync(null).get();
+    while (page != null) {
+      for (SamlProviderConfig providerConfig : page.getValues()) {
+        if (checkSamlProviderConfig(providerIds, providerConfig)) {
+          collected.incrementAndGet();
+        }
+      }
+      page = page.getNextPage();
+    }
+    assertEquals(providerIds.size(), collected.get());
+
+    // Test iterate all
+    collected.set(0);
+    page = auth.listSamlProviderConfigsAsync(null).get();
+    for (SamlProviderConfig providerConfig : page.iterateAll()) {
+      if (checkSamlProviderConfig(providerIds, providerConfig)) {
+        collected.incrementAndGet();
+      }
     }
+    assertEquals(providerIds.size(), collected.get());
+
+    // Test iterate async
+    collected.set(0);
+    final Semaphore semaphore = new Semaphore(0);
+    final AtomicReference<Throwable> error = new AtomicReference<>();
+    ApiFuture<ListProviderConfigsPage<SamlProviderConfig>> pageFuture =
+        auth.listSamlProviderConfigsAsync(null);
+    ApiFutures.addCallback(
+        pageFuture,
+        new ApiFutureCallback<ListProviderConfigsPage<SamlProviderConfig>>() {
+          @Override
+          public void onFailure(Throwable t) {
+            error.set(t);
+            semaphore.release();
+          }
+
+          @Override
+          public void onSuccess(ListProviderConfigsPage<SamlProviderConfig> result) {
+            for (SamlProviderConfig providerConfig : result.iterateAll()) {
+              if (checkSamlProviderConfig(providerIds, providerConfig)) {
+                collected.incrementAndGet();
+              }
+            }
+            semaphore.release();
+          }
+        }, MoreExecutors.directExecutor());
+    semaphore.acquire();
+    assertEquals(providerIds.size(), collected.get());
+    assertNull(error.get());
   }
 
   private Map<String, String> parseLinkParameters(String link) throws Exception {
@@ -721,22 +924,22 @@ private Map<String, String> parseLinkParameters(String link) throws Exception {
     return result;
   }
 
-  static String randomPhoneNumber() {
-    Random random = new Random();
-    StringBuilder builder = new StringBuilder("+1");
-    for (int i = 0; i < 10; i++) {
-      builder.append(random.nextInt(10));
-    }
-    return builder.toString();
+  private String signInWithCustomToken(String customToken) throws IOException {
+    return signInWithCustomToken(customToken, null);
   }
 
-  private String signInWithCustomToken(String customToken) throws IOException {
-    GenericUrl url = new GenericUrl(VERIFY_CUSTOM_TOKEN_URL + "?key="
+  private String signInWithCustomToken(
+      String customToken, @Nullable String tenantId) throws IOException {
+    final GenericUrl url = new GenericUrl(VERIFY_CUSTOM_TOKEN_URL + "?key="
         + IntegrationTestUtils.getApiKey());
-    Map<String, Object> content = ImmutableMap.<String, Object>of(
-        "token", customToken, "returnSecureToken", true);
+    ImmutableMap.Builder<String, Object> content = ImmutableMap.<String, Object>builder();
+    content.put("token", customToken);
+    content.put("returnSecureToken", true);
+    if (tenantId != null) {
+      content.put("tenantId", tenantId);
+    }
     HttpRequest request = transport.createRequestFactory().buildPostRequest(url,
-        new JsonHttpContent(jsonFactory, content));
+        new JsonHttpContent(jsonFactory, content.build()));
     request.setParser(new JsonObjectParser(jsonFactory));
     HttpResponse response = request.execute();
     try {
@@ -800,9 +1003,9 @@ private String signInWithEmailLink(
     }
   }
 
-  private void checkRecreate(String uid) throws Exception {
+  private void checkRecreateUser(String uid) throws Exception {
     try {
-      auth.createUserAsync(new CreateRequest().setUid(uid)).get();
+      auth.createUserAsync(new UserRecord.CreateRequest().setUid(uid)).get();
       fail("No error thrown for creating user with existing ID");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
@@ -810,21 +1013,25 @@ private void checkRecreate(String uid) throws Exception {
     }
   }
 
-  static class RandomUser {
-    final String uid;
-    final String email;
-
-    private RandomUser(String uid, String email) {
-      this.uid = uid;
-      this.email = email;
+  private boolean checkOidcProviderConfig(List<String> providerIds, OidcProviderConfig config) {
+    if (providerIds.contains(config.getProviderId())) {
+      assertEquals("CLIENT_ID", config.getClientId());
+      assertEquals("https://oidc.com/issuer", config.getIssuer());
+      return true;
     }
+    return false;
+  }
 
-    static RandomUser create() {
-      final String uid = UUID.randomUUID().toString().replaceAll("-", "");
-      final String email = ("test" + uid.substring(0, 12) + "@example."
-          + uid.substring(12) + ".com").toLowerCase();
-      return new RandomUser(uid, email);
+  private boolean checkSamlProviderConfig(List<String> providerIds, SamlProviderConfig config) {
+    if (providerIds.contains(config.getProviderId())) {
+      assertEquals("IDP_ENTITY_ID", config.getIdpEntityId());
+      assertEquals("https://example.com/login", config.getSsoUrl());
+      assertEquals(ImmutableList.of("certificate"), config.getX509Certificates());
+      assertEquals("RP_ENTITY_ID", config.getRpEntityId());
+      assertEquals("https://projectId.firebaseapp.com/__/auth/handler", config.getCallbackUrl());
+      return true;
     }
+    return false;
   }
 
   static UserRecord newUserWithParams() throws Exception {
@@ -834,13 +1041,14 @@ static UserRecord newUserWithParams() throws Exception {
   static UserRecord newUserWithParams(FirebaseAuth auth) throws Exception {
     // TODO(rsgowman): This function could be used throughout this file (similar to the other
     // ports).
-    RandomUser randomUser = RandomUser.create();
-    return auth.createUser(new CreateRequest()
-                               .setUid(randomUser.uid)
-                               .setEmail(randomUser.email)
-                               .setPhoneNumber(randomPhoneNumber())
+    RandomUser randomUser = UserTestUtils.generateRandomUserInfo();
+    return auth.createUser(new UserRecord.CreateRequest()
+                               .setUid(randomUser.getUid())
+                               .setEmail(randomUser.getEmail())
+                               .setPhoneNumber(randomUser.getPhoneNumber())
                                .setDisplayName("Random User")
                                .setPhotoUrl("https://example.com/photo.png")
                                .setPassword("password"));
   }
 }
+
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
index 1bc05174f..635e1bfba 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
@@ -32,7 +32,6 @@
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
-import com.google.firebase.auth.internal.FirebaseTokenFactory;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestUtils;
 import java.lang.reflect.InvocationTargetException;
@@ -429,12 +428,12 @@ private FirebaseAuth getAuthForIdTokenVerification(FirebaseTokenVerifier tokenVe
   private FirebaseAuth getAuthForIdTokenVerification(
       Supplier<? extends FirebaseTokenVerifier> tokenVerifierSupplier) {
     FirebaseApp app = FirebaseApp.initializeApp(firebaseOptions);
-    FirebaseUserManager userManager = new FirebaseUserManager(app);
-    return FirebaseAuth.builder()
-        .setFirebaseApp(app)
-        .setIdTokenVerifier(tokenVerifierSupplier)
-        .setUserManager(Suppliers.ofInstance(userManager))
-        .build();
+    FirebaseUserManager userManager = FirebaseUserManager.builder().setFirebaseApp(app).build();
+    return new FirebaseAuth(
+        AbstractFirebaseAuth.builder()
+          .setFirebaseApp(app)
+          .setIdTokenVerifier(tokenVerifierSupplier)
+          .setUserManager(Suppliers.ofInstance(userManager)));
   }
 
   private FirebaseAuth getAuthForSessionCookieVerification(FirebaseTokenVerifier tokenVerifier) {
@@ -444,12 +443,12 @@ private FirebaseAuth getAuthForSessionCookieVerification(FirebaseTokenVerifier t
   private FirebaseAuth getAuthForSessionCookieVerification(
       Supplier<? extends FirebaseTokenVerifier> tokenVerifierSupplier) {
     FirebaseApp app = FirebaseApp.initializeApp(firebaseOptions);
-    FirebaseUserManager userManager = new FirebaseUserManager(app);
-    return FirebaseAuth.builder()
-        .setFirebaseApp(app)
-        .setCookieVerifier(tokenVerifierSupplier)
-        .setUserManager(Suppliers.ofInstance(userManager))
-        .build();
+    FirebaseUserManager userManager = FirebaseUserManager.builder().setFirebaseApp(app).build();
+    return new FirebaseAuth(
+          AbstractFirebaseAuth.builder()
+          .setFirebaseApp(app)
+          .setCookieVerifier(tokenVerifierSupplier)
+          .setUserManager(Suppliers.ofInstance(userManager)));
   }
 
   private static class MockTokenVerifier implements FirebaseTokenVerifier {
diff --git a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
index b10817afb..5dd1e9c14 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
@@ -29,6 +29,7 @@
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import com.google.firebase.testing.ServiceAccount;
 import java.io.IOException;
 import java.util.concurrent.TimeUnit;
@@ -216,6 +217,50 @@ public void testMalformedToken() throws Exception {
     tokenVerifier.verifyToken("not.a.jwt");
   }
 
+  @Test
+  public void testVerifyTokenDifferentTenantIds() {
+    try {
+      fullyPopulatedBuilder()
+        .setTenantId("TENANT_1")
+        .build()
+        .verifyToken(createTokenWithTenantId("TENANT_2"));
+    } catch (FirebaseAuthException e) {
+      assertEquals(FirebaseTokenVerifierImpl.TENANT_ID_MISMATCH_ERROR, e.getErrorCode());
+      assertEquals(
+          "The tenant ID ('TENANT_2') of the token did not match the expected value ('TENANT_1')",
+          e.getMessage());
+    }
+  }
+
+  @Test
+  public void testVerifyTokenMissingTenantId() {
+    try {
+      fullyPopulatedBuilder()
+        .setTenantId("TENANT_ID")
+        .build()
+        .verifyToken(tokenFactory.createToken());
+    } catch (FirebaseAuthException e) {
+      assertEquals(FirebaseTokenVerifierImpl.TENANT_ID_MISMATCH_ERROR, e.getErrorCode());
+      assertEquals(
+          "The tenant ID ('') of the token did not match the expected value ('TENANT_ID')",
+          e.getMessage());
+    }
+  }
+
+  @Test
+  public void testVerifyTokenUnexpectedTenantId() {
+    try {
+      fullyPopulatedBuilder()
+        .build()
+        .verifyToken(createTokenWithTenantId("TENANT_ID"));
+    } catch (FirebaseAuthException e) {
+      assertEquals(FirebaseTokenVerifierImpl.TENANT_ID_MISMATCH_ERROR, e.getErrorCode());
+      assertEquals(
+          "The tenant ID ('TENANT_ID') of the token did not match the expected value ('')",
+          e.getMessage());
+    }
+  }
+
   @Test(expected = NullPointerException.class)
   public void testBuilderNoPublicKeysManager() {
     fullyPopulatedBuilder().setPublicKeysManager(null).build();
@@ -337,4 +382,10 @@ private String createTokenWithTimestamps(long issuedAtSeconds, long expirationSe
     payload.setExpirationTimeSeconds(expirationSeconds);
     return tokenFactory.createToken(payload);
   }
+
+  private String createTokenWithTenantId(String tenantId) {
+    Payload payload = tokenFactory.createTokenPayload();
+    payload.set("firebase", ImmutableMap.of("tenant", tenantId));
+    return tokenFactory.createToken(payload);
+  }
 }
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index 67d0448e9..d407fd8ec 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -16,10 +16,12 @@
 
 package com.google.firebase.auth;
 
+import static org.hamcrest.core.IsInstanceOf.instanceOf;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -42,10 +44,9 @@
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.FirebaseUserManager.EmailLinkType;
-import com.google.firebase.auth.UidIdentifier;
-import com.google.firebase.auth.UserIdentifier;
-import com.google.firebase.auth.UserRecord.CreateRequest;
-import com.google.firebase.auth.UserRecord.UpdateRequest;
+import com.google.firebase.auth.internal.AuthHttpClient;
+import com.google.firebase.auth.multitenancy.TenantAwareFirebaseAuth;
+import com.google.firebase.auth.multitenancy.TenantManager;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.TestResponseInterceptor;
@@ -67,8 +68,12 @@
 
 public class FirebaseUserManagerTest {
 
+  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+
   private static final String TEST_TOKEN = "token";
+
   private static final GoogleCredentials credentials = new MockGoogleCredentials(TEST_TOKEN);
+
   private static final ActionCodeSettings ACTION_CODE_SETTINGS = ActionCodeSettings.builder()
           .setUrl("https://example.dynamic.link")
           .setHandleCodeInApp(true)
@@ -78,9 +83,15 @@ public class FirebaseUserManagerTest {
           .setAndroidInstallApp(true)
           .setAndroidMinimumVersion("6")
           .build();
+
   private static final Map<String, Object> ACTION_CODE_SETTINGS_MAP =
           ACTION_CODE_SETTINGS.getProperties();
 
+  private static final String PROJECT_BASE_URL =
+      "https://identitytoolkit.googleapis.com/v2/projects/test-project-id";
+
+  private static final String TENANTS_BASE_URL = PROJECT_BASE_URL + "/tenants";
+
   @After
   public void tearDown() {
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
@@ -120,9 +131,9 @@ public void testGetUserWithNotFoundError() throws Exception {
       FirebaseAuth.getInstance().getUserAsync("testuser").get();
       fail("No error thrown for invalid response");
     } catch (ExecutionException e) {
-      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals(FirebaseUserManager.USER_NOT_FOUND_ERROR, authException.getErrorCode());
+      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR, authException.getErrorCode());
     }
   }
 
@@ -143,9 +154,9 @@ public void testGetUserByEmailWithNotFoundError() throws Exception {
       FirebaseAuth.getInstance().getUserByEmailAsync("testuser@example.com").get();
       fail("No error thrown for invalid response");
     } catch (ExecutionException e) {
-      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals(FirebaseUserManager.USER_NOT_FOUND_ERROR, authException.getErrorCode());
+      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR, authException.getErrorCode());
     }
   }
 
@@ -166,9 +177,9 @@ public void testGetUserByPhoneNumberWithNotFoundError() throws Exception {
       FirebaseAuth.getInstance().getUserByPhoneNumberAsync("+1234567890").get();
       fail("No error thrown for invalid response");
     } catch (ExecutionException e) {
-      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals(FirebaseUserManager.USER_NOT_FOUND_ERROR, authException.getErrorCode());
+      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR, authException.getErrorCode());
     }
   }
 
@@ -371,7 +382,8 @@ public void testCreateUser() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForUserManagement(
         TestUtils.loadResource("createUser.json"),
         TestUtils.loadResource("getUser.json"));
-    UserRecord user = FirebaseAuth.getInstance().createUserAsync(new CreateRequest()).get();
+    UserRecord user =
+        FirebaseAuth.getInstance().createUserAsync(new UserRecord.CreateRequest()).get();
     checkUserRecord(user);
     checkRequestHeaders(interceptor);
   }
@@ -382,7 +394,7 @@ public void testUpdateUser() throws Exception {
         TestUtils.loadResource("createUser.json"),
         TestUtils.loadResource("getUser.json"));
     UserRecord user = FirebaseAuth.getInstance()
-        .updateUserAsync(new UpdateRequest("testuser")).get();
+        .updateUserAsync(new UserRecord.UpdateRequest("testuser")).get();
     checkUserRecord(user);
     checkRequestHeaders(interceptor);
   }
@@ -397,12 +409,9 @@ public void testSetCustomAttributes() throws Exception {
     FirebaseAuth.getInstance().setCustomUserClaimsAsync("testuser", claims).get();
     checkRequestHeaders(interceptor);
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals("testuser", parsed.get("localId"));
-    assertEquals(jsonFactory.toString(claims), parsed.get("customAttributes"));
+    assertEquals(JSON_FACTORY.toString(claims), parsed.get("customAttributes"));
   }
 
   @Test
@@ -413,10 +422,7 @@ public void testRevokeRefreshTokens() throws Exception {
     FirebaseAuth.getInstance().revokeRefreshTokensAsync("testuser").get();
     checkRequestHeaders(interceptor);
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals("testuser", parsed.get("localId"));
     assertNotNull(parsed.get("validSince"));
   }
@@ -518,14 +524,11 @@ public void testImportUsers() throws Exception {
     assertEquals(0, result.getFailureCount());
     assertTrue(result.getErrors().isEmpty());
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals(1, parsed.size());
     List<Map<String, Object>> expected = ImmutableList.of(
-        user1.getProperties(jsonFactory),
-        user2.getProperties(jsonFactory)
+        user1.getProperties(JSON_FACTORY),
+        user2.getProperties(JSON_FACTORY)
     );
     assertEquals(expected, parsed.get("users"));
   }
@@ -558,15 +561,12 @@ public void testImportUsersError() throws Exception {
     assertEquals(2, error.getIndex());
     assertEquals("Another error occurred in user3", error.getReason());
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals(1, parsed.size());
     List<Map<String, Object>> expected = ImmutableList.of(
-        user1.getProperties(jsonFactory),
-        user2.getProperties(jsonFactory),
-        user3.getProperties(jsonFactory)
+        user1.getProperties(JSON_FACTORY),
+        user2.getProperties(JSON_FACTORY),
+        user3.getProperties(JSON_FACTORY)
     );
     assertEquals(expected, parsed.get("users"));
   }
@@ -596,14 +596,11 @@ protected Map<String, Object> getOptions() {
     assertEquals(0, result.getFailureCount());
     assertTrue(result.getErrors().isEmpty());
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals(4, parsed.size());
     List<Map<String, Object>> expected = ImmutableList.of(
-        user1.getProperties(jsonFactory),
-        user2.getProperties(jsonFactory)
+        user1.getProperties(JSON_FACTORY),
+        user2.getProperties(JSON_FACTORY)
     );
     assertEquals(expected, parsed.get("users"));
     assertEquals("MOCK_HASH", parsed.get("hashAlgorithm"));
@@ -669,10 +666,7 @@ public void testCreateSessionCookie() throws Exception {
     assertEquals("MockCookieString", cookie);
     checkRequestHeaders(interceptor);
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals(2, parsed.size());
     assertEquals("testToken", parsed.get("idToken"));
     assertEquals(new BigDecimal(3600), parsed.get("validDuration"));
@@ -754,13 +748,13 @@ public void call(FirebaseAuth auth) throws Exception {
         .add(new UserManagerOp() {
           @Override
           public void call(FirebaseAuth auth) throws Exception {
-            auth.createUserAsync(new CreateRequest()).get();
+            auth.createUserAsync(new UserRecord.CreateRequest()).get();
           }
         })
         .add(new UserManagerOp() {
           @Override
           public void call(FirebaseAuth auth) throws Exception {
-            auth.updateUserAsync(new UpdateRequest("test")).get();
+            auth.updateUserAsync(new UserRecord.UpdateRequest("test")).get();
           }
         })
         .add(new UserManagerOp() {
@@ -790,12 +784,12 @@ public void call(FirebaseAuth auth) throws Exception {
           operation.call(auth);
           fail("No error thrown for HTTP error: " + code);
         } catch (ExecutionException e) {
-          assertTrue(e.getCause() instanceof FirebaseAuthException);
+          assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
           FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
           String msg = String.format("Unexpected HTTP response with status: %d; body: {}", code);
           assertEquals(msg, authException.getMessage());
-          assertTrue(authException.getCause() instanceof HttpResponseException);
-          assertEquals(FirebaseUserManager.INTERNAL_ERROR, authException.getErrorCode());
+          assertThat(authException.getCause(), instanceOf(HttpResponseException.class));
+          assertEquals(AuthHttpClient.INTERNAL_ERROR, authException.getErrorCode());
         }
       }
     }
@@ -808,11 +802,11 @@ public void call(FirebaseAuth auth) throws Exception {
         operation.call(auth);
         fail("No error thrown for HTTP error");
       }  catch (ExecutionException e) {
-        assertTrue(e.getCause().toString(), e.getCause() instanceof FirebaseAuthException);
+        assertThat(e.getCause().toString(), e.getCause(), instanceOf(FirebaseAuthException.class));
         FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-        assertEquals("User management service responded with an error", authException.getMessage());
-        assertTrue(authException.getCause() instanceof HttpResponseException);
-        assertEquals(FirebaseUserManager.USER_NOT_FOUND_ERROR, authException.getErrorCode());
+        assertEquals("Firebase Auth service responded with an error", authException.getMessage());
+        assertThat(authException.getCause(), instanceOf(HttpResponseException.class));
+        assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR, authException.getErrorCode());
       }
     }
   }
@@ -824,10 +818,10 @@ public void testGetUserMalformedJsonError() throws Exception {
       FirebaseAuth.getInstance().getUserAsync("testuser").get();
       fail("No error thrown for JSON error");
     }  catch (ExecutionException e) {
-      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertTrue(authException.getCause() instanceof IOException);
-      assertEquals(FirebaseUserManager.INTERNAL_ERROR, authException.getErrorCode());
+      assertThat(authException.getCause(), instanceOf(IOException.class));
+      assertEquals(AuthHttpClient.INTERNAL_ERROR, authException.getErrorCode());
     }
   }
 
@@ -841,12 +835,12 @@ public void testGetUserUnexpectedHttpError() throws Exception {
       auth.getUserAsync("testuser").get();
       fail("No error thrown for JSON error");
     }  catch (ExecutionException e) {
-      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertTrue(authException.getCause() instanceof HttpResponseException);
+      assertThat(authException.getCause(), instanceOf(HttpResponseException.class));
       assertEquals("Unexpected HTTP response with status: 500; body: {\"not\" json}",
           authException.getMessage());
-      assertEquals(FirebaseUserManager.INTERNAL_ERROR, authException.getErrorCode());
+      assertEquals(AuthHttpClient.INTERNAL_ERROR, authException.getErrorCode());
     }
   }
 
@@ -874,13 +868,13 @@ public void testTimeout() throws Exception {
 
   @Test
   public void testUserBuilder() {
-    Map<String, Object> map = new CreateRequest().getProperties();
+    Map<String, Object> map = new UserRecord.CreateRequest().getProperties();
     assertTrue(map.isEmpty());
   }
 
   @Test
   public void testUserBuilderWithParams() {
-    Map<String, Object> map = new CreateRequest()
+    Map<String, Object> map = new UserRecord.CreateRequest()
         .setUid("TestUid")
         .setDisplayName("Display Name")
         .setPhotoUrl("http://test.com/example.png")
@@ -901,7 +895,7 @@ public void testUserBuilderWithParams() {
 
   @Test
   public void testInvalidUid() {
-    CreateRequest user = new CreateRequest();
+    UserRecord.CreateRequest user = new UserRecord.CreateRequest();
     try {
       user.setUid(null);
       fail("No error thrown for null uid");
@@ -926,7 +920,7 @@ public void testInvalidUid() {
 
   @Test
   public void testInvalidDisplayName() {
-    CreateRequest user = new CreateRequest();
+    UserRecord.CreateRequest user = new UserRecord.CreateRequest();
     try {
       user.setDisplayName(null);
       fail("No error thrown for null display name");
@@ -937,7 +931,7 @@ public void testInvalidDisplayName() {
 
   @Test
   public void testInvalidPhotoUrl() {
-    CreateRequest user = new CreateRequest();
+    UserRecord.CreateRequest user = new UserRecord.CreateRequest();
     try {
       user.setPhotoUrl(null);
       fail("No error thrown for null photo url");
@@ -962,7 +956,7 @@ public void testInvalidPhotoUrl() {
 
   @Test
   public void testInvalidEmail() {
-    CreateRequest user = new CreateRequest();
+    UserRecord.CreateRequest user = new UserRecord.CreateRequest();
     try {
       user.setEmail(null);
       fail("No error thrown for null email");
@@ -987,7 +981,7 @@ public void testInvalidEmail() {
 
   @Test
   public void testInvalidPhoneNumber() {
-    CreateRequest user = new CreateRequest();
+    UserRecord.CreateRequest user = new UserRecord.CreateRequest();
     try {
       user.setPhoneNumber(null);
       fail("No error thrown for null phone number");
@@ -1012,7 +1006,7 @@ public void testInvalidPhoneNumber() {
 
   @Test
   public void testInvalidPassword() {
-    CreateRequest user = new CreateRequest();
+    UserRecord.CreateRequest user = new UserRecord.CreateRequest();
     try {
       user.setPassword(null);
       fail("No error thrown for null password");
@@ -1030,7 +1024,7 @@ public void testInvalidPassword() {
 
   @Test
   public void testUserUpdater() throws IOException {
-    UpdateRequest update = new UpdateRequest("test");
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     Map<String, Object> claims = ImmutableMap.<String, Object>of("admin", true, "package", "gold");
     Map<String, Object> map = update
         .setDisplayName("Display Name")
@@ -1040,7 +1034,7 @@ public void testUserUpdater() throws IOException {
         .setEmailVerified(true)
         .setPassword("secret")
         .setCustomClaims(claims)
-        .getProperties(Utils.getDefaultJsonFactory());
+        .getProperties(JSON_FACTORY);
     assertEquals(8, map.size());
     assertEquals(update.getUid(), map.get("localId"));
     assertEquals("Display Name", map.get("displayName"));
@@ -1049,12 +1043,12 @@ public void testUserUpdater() throws IOException {
     assertEquals("+1234567890", map.get("phoneNumber"));
     assertTrue((Boolean) map.get("emailVerified"));
     assertEquals("secret", map.get("password"));
-    assertEquals(Utils.getDefaultJsonFactory().toString(claims), map.get("customAttributes"));
+    assertEquals(JSON_FACTORY.toString(claims), map.get("customAttributes"));
   }
 
   @Test
   public void testNullJsonFactory() {
-    UpdateRequest update = new UpdateRequest("test");
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     Map<String, Object> claims = ImmutableMap.<String, Object>of("admin", true, "package", "gold");
     update.setCustomClaims(claims);
     try {
@@ -1067,10 +1061,10 @@ public void testNullJsonFactory() {
 
   @Test
   public void testNullCustomClaims() {
-    UpdateRequest update = new UpdateRequest("test");
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     Map<String, Object> map = update
         .setCustomClaims(null)
-        .getProperties(Utils.getDefaultJsonFactory());
+        .getProperties(JSON_FACTORY);
     assertEquals(2, map.size());
     assertEquals(update.getUid(), map.get("localId"));
     assertEquals("{}", map.get("customAttributes"));
@@ -1078,10 +1072,10 @@ public void testNullCustomClaims() {
 
   @Test
   public void testEmptyCustomClaims() {
-    UpdateRequest update = new UpdateRequest("test");
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     Map<String, Object> map = update
         .setCustomClaims(ImmutableMap.<String, Object>of())
-        .getProperties(Utils.getDefaultJsonFactory());
+        .getProperties(JSON_FACTORY);
     assertEquals(2, map.size());
     assertEquals(update.getUid(), map.get("localId"));
     assertEquals("{}", map.get("customAttributes"));
@@ -1089,31 +1083,31 @@ public void testEmptyCustomClaims() {
 
   @Test
   public void testDeleteDisplayName() {
-    Map<String, Object> map = new UpdateRequest("test")
+    Map<String, Object> map = new UserRecord.UpdateRequest("test")
         .setDisplayName(null)
-        .getProperties(Utils.getDefaultJsonFactory());
+        .getProperties(JSON_FACTORY);
     assertEquals(ImmutableList.of("DISPLAY_NAME"), map.get("deleteAttribute"));
   }
 
   @Test
   public void testDeletePhotoUrl() {
-    Map<String, Object> map = new UpdateRequest("test")
+    Map<String, Object> map = new UserRecord.UpdateRequest("test")
         .setPhotoUrl(null)
-        .getProperties(Utils.getDefaultJsonFactory());
+        .getProperties(JSON_FACTORY);
     assertEquals(ImmutableList.of("PHOTO_URL"), map.get("deleteAttribute"));
   }
 
   @Test
   public void testDeletePhoneNumber() {
-    Map<String, Object> map = new UpdateRequest("test")
+    Map<String, Object> map = new UserRecord.UpdateRequest("test")
         .setPhoneNumber(null)
-        .getProperties(Utils.getDefaultJsonFactory());
+        .getProperties(JSON_FACTORY);
     assertEquals(ImmutableList.of("phone"), map.get("deleteProvider"));
   }
 
   @Test
   public void testInvalidUpdatePhotoUrl() {
-    UpdateRequest update = new UpdateRequest("test");
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     try {
       update.setPhotoUrl("");
       fail("No error thrown for invalid photo url");
@@ -1131,7 +1125,7 @@ public void testInvalidUpdatePhotoUrl() {
 
   @Test
   public void testInvalidUpdateEmail() {
-    UpdateRequest update = new UpdateRequest("test");
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     try {
       update.setEmail(null);
       fail("No error thrown for null email");
@@ -1156,7 +1150,7 @@ public void testInvalidUpdateEmail() {
 
   @Test
   public void testInvalidUpdatePhoneNumber() {
-    UpdateRequest update = new UpdateRequest("test");
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
 
     try {
       update.setPhoneNumber("");
@@ -1175,7 +1169,7 @@ public void testInvalidUpdatePhoneNumber() {
 
   @Test
   public void testInvalidUpdatePassword() {
-    UpdateRequest update = new UpdateRequest("test");
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     try {
       update.setPassword(null);
       fail("No error thrown for null password");
@@ -1193,7 +1187,7 @@ public void testInvalidUpdatePassword() {
 
   @Test
   public void testInvalidCustomClaims() {
-    UpdateRequest update = new UpdateRequest("test");
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     for (String claim : FirebaseUserManager.RESERVED_CLAIMS) {
       try {
         update.setCustomClaims(ImmutableMap.<String, Object>of(claim, "value"));
@@ -1210,10 +1204,10 @@ public void testLargeCustomClaims() {
     for (int i = 0; i < 1001; i++) {
       builder.append("a");
     }
-    UpdateRequest update = new UpdateRequest("test");
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     update.setCustomClaims(ImmutableMap.<String, Object>of("key", builder.toString()));
     try {
-      update.getProperties(Utils.getDefaultJsonFactory());
+      update.getProperties(JSON_FACTORY);
       fail("No error thrown for large claims payload");
     } catch (Exception ignore) {
       // expected
@@ -1245,10 +1239,7 @@ public void testGeneratePasswordResetLinkWithSettings() throws Exception {
     assertEquals("https://mock-oob-link.for.auth.tests", link);
     checkRequestHeaders(interceptor);
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals(3 + ACTION_CODE_SETTINGS_MAP.size(), parsed.size());
     assertEquals("test@example.com", parsed.get("email"));
     assertEquals("PASSWORD_RESET", parsed.get("requestType"));
@@ -1267,10 +1258,7 @@ public void testGeneratePasswordResetLink() throws Exception {
     assertEquals("https://mock-oob-link.for.auth.tests", link);
     checkRequestHeaders(interceptor);
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals(3, parsed.size());
     assertEquals("test@example.com", parsed.get("email"));
     assertEquals("PASSWORD_RESET", parsed.get("requestType"));
@@ -1302,10 +1290,7 @@ public void testGenerateEmailVerificationLinkWithSettings() throws Exception {
     assertEquals("https://mock-oob-link.for.auth.tests", link);
     checkRequestHeaders(interceptor);
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals(3 + ACTION_CODE_SETTINGS_MAP.size(), parsed.size());
     assertEquals("test@example.com", parsed.get("email"));
     assertEquals("VERIFY_EMAIL", parsed.get("requestType"));
@@ -1324,10 +1309,7 @@ public void testGenerateEmailVerificationLink() throws Exception {
     assertEquals("https://mock-oob-link.for.auth.tests", link);
     checkRequestHeaders(interceptor);
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals(3, parsed.size());
     assertEquals("test@example.com", parsed.get("email"));
     assertEquals("VERIFY_EMAIL", parsed.get("requestType"));
@@ -1372,10 +1354,7 @@ public void testGenerateSignInWithEmailLinkWithSettings() throws Exception {
     assertEquals("https://mock-oob-link.for.auth.tests", link);
     checkRequestHeaders(interceptor);
 
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    interceptor.getResponse().getRequest().getContent().writeTo(out);
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    GenericJson parsed = jsonFactory.fromString(new String(out.toByteArray()), GenericJson.class);
+    GenericJson parsed = parseRequestContent(interceptor);
     assertEquals(3 + ACTION_CODE_SETTINGS_MAP.size(), parsed.size());
     assertEquals("test@example.com", parsed.get("email"));
     assertEquals("EMAIL_SIGNIN", parsed.get("requestType"));
@@ -1397,7 +1376,7 @@ public void testHttpErrorWithCode() {
       fail("No exception thrown for HTTP error");
     } catch (FirebaseAuthException e) {
       assertEquals("unauthorized-continue-uri", e.getErrorCode());
-      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertThat(e.getCause(), instanceOf(HttpResponseException.class));
     }
   }
 
@@ -1413,11 +1392,1188 @@ public void testUnexpectedHttpError() {
       fail("No exception thrown for HTTP error");
     } catch (FirebaseAuthException e) {
       assertEquals("internal-error", e.getErrorCode());
-      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertThat(e.getCause(), instanceOf(HttpResponseException.class));
+    }
+  }
+
+  @Test
+  public void testCreateOidcProvider() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("oidc.json"));
+    OidcProviderConfig.CreateRequest createRequest =
+        new OidcProviderConfig.CreateRequest()
+            .setProviderId("oidc.provider-id")
+            .setDisplayName("DISPLAY_NAME")
+            .setEnabled(true)
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com/issuer");
+
+    OidcProviderConfig config = FirebaseAuth.getInstance().createOidcProviderConfig(createRequest);
+
+    checkOidcProviderConfig(config, "oidc.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", PROJECT_BASE_URL + "/oauthIdpConfigs");
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+    assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("oidc.provider-id", url.getFirst("oauthIdpConfigId"));
+  }
+
+  @Test
+  public void testCreateOidcProviderAsync() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("oidc.json"));
+    OidcProviderConfig.CreateRequest createRequest =
+        new OidcProviderConfig.CreateRequest()
+            .setProviderId("oidc.provider-id")
+            .setDisplayName("DISPLAY_NAME")
+            .setEnabled(true)
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com/issuer");
+
+    OidcProviderConfig config = 
+        FirebaseAuth.getInstance().createOidcProviderConfigAsync(createRequest).get();
+
+    checkOidcProviderConfig(config, "oidc.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", PROJECT_BASE_URL + "/oauthIdpConfigs");
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+    assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("oidc.provider-id", url.getFirst("oauthIdpConfigId"));
+  }
+
+  @Test
+  public void testCreateOidcProviderMinimal() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("oidc.json"));
+    // Only the 'enabled' and 'displayName' fields can be omitted from an OIDC provider config
+    // creation request.
+    OidcProviderConfig.CreateRequest createRequest =
+        new OidcProviderConfig.CreateRequest()
+            .setProviderId("oidc.provider-id")
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com/issuer");
+
+    FirebaseAuth.getInstance().createOidcProviderConfig(createRequest);
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", PROJECT_BASE_URL + "/oauthIdpConfigs");
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertNull(parsed.get("displayName"));
+    assertNull(parsed.get("enabled"));
+    assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("oidc.provider-id", url.getFirst("oauthIdpConfigId"));
+  }
+
+  @Test
+  public void testCreateOidcProviderError() throws Exception {
+    TestResponseInterceptor interceptor =
+        initializeAppForUserManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+    OidcProviderConfig.CreateRequest createRequest =
+        new OidcProviderConfig.CreateRequest().setProviderId("oidc.provider-id");
+    try {
+      FirebaseAuth.getInstance().createOidcProviderConfig(createRequest);
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "POST", PROJECT_BASE_URL + "/oauthIdpConfigs");
+  }
+
+  @Test
+  public void testCreateOidcProviderMissingId() throws Exception {
+    initializeAppForUserManagement(TestUtils.loadResource("oidc.json"));
+    OidcProviderConfig.CreateRequest createRequest =
+        new OidcProviderConfig.CreateRequest()
+            .setDisplayName("DISPLAY_NAME")
+            .setEnabled(true)
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com/issuer");
+    try {
+      FirebaseAuth.getInstance().createOidcProviderConfig(createRequest);
+      fail("No error thrown for invalid response");
+    } catch (IllegalArgumentException e) {
+      // Expected.
+    }
+  }
+
+  @Test
+  public void testTenantAwareCreateOidcProvider() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
+        "TENANT_ID",
+        TestUtils.loadResource("oidc.json"));
+    OidcProviderConfig.CreateRequest createRequest =
+        new OidcProviderConfig.CreateRequest()
+            .setProviderId("oidc.provider-id")
+            .setDisplayName("DISPLAY_NAME")
+            .setEnabled(true)
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com/issuer");
+    TenantAwareFirebaseAuth tenantAwareAuth =
+        FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
+
+    tenantAwareAuth.createOidcProviderConfig(createRequest);
+
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", TENANTS_BASE_URL + "/TENANT_ID/oauthIdpConfigs");
+  }
+
+  @Test
+  public void testUpdateOidcProvider() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("oidc.json"));
+    OidcProviderConfig.UpdateRequest request =
+        new OidcProviderConfig.UpdateRequest("oidc.provider-id")
+            .setDisplayName("DISPLAY_NAME")
+            .setEnabled(true)
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com/issuer");
+
+    OidcProviderConfig config = FirebaseAuth.getInstance().updateOidcProviderConfig(request);
+
+    checkOidcProviderConfig(config, "oidc.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "PATCH", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("clientId,displayName,enabled,issuer", url.getFirst("updateMask"));
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+    assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+  }
+
+  @Test
+  public void testUpdateOidcProviderAsync() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("oidc.json"));
+    OidcProviderConfig.UpdateRequest request =
+        new OidcProviderConfig.UpdateRequest("oidc.provider-id")
+            .setDisplayName("DISPLAY_NAME")
+            .setEnabled(true)
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com/issuer");
+
+    OidcProviderConfig config =
+        FirebaseAuth.getInstance().updateOidcProviderConfigAsync(request).get();
+
+    checkOidcProviderConfig(config, "oidc.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "PATCH", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("clientId,displayName,enabled,issuer", url.getFirst("updateMask"));
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+    assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+  }
+
+  @Test
+  public void testUpdateOidcProviderMinimal() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("oidc.json"));
+    OidcProviderConfig.UpdateRequest request =
+        new OidcProviderConfig.UpdateRequest("oidc.provider-id").setDisplayName("DISPLAY_NAME");
+
+    OidcProviderConfig config = FirebaseAuth.getInstance().updateOidcProviderConfig(request);
+
+    checkOidcProviderConfig(config, "oidc.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "PATCH", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("displayName", url.getFirst("updateMask"));
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals(1, parsed.size());
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+  }
+
+  @Test
+  public void testUpdateOidcProviderConfigNoValues() throws Exception {
+    initializeAppForUserManagement(TestUtils.loadResource("oidc.json"));
+    try {
+      FirebaseAuth.getInstance().updateOidcProviderConfig(
+          new OidcProviderConfig.UpdateRequest("oidc.provider-id"));
+      fail("No error thrown for empty provider config update");
+    } catch (IllegalArgumentException e) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testUpdateOidcProviderConfigError() {
+    TestResponseInterceptor interceptor =
+        initializeAppForUserManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+    OidcProviderConfig.UpdateRequest request =
+        new OidcProviderConfig.UpdateRequest("oidc.provider-id").setDisplayName("DISPLAY_NAME");
+    try {
+      FirebaseAuth.getInstance().updateOidcProviderConfig(request);
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "PATCH", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
+  }
+
+  @Test
+  public void testTenantAwareUpdateOidcProvider() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
+        "TENANT_ID",
+        TestUtils.loadResource("oidc.json"));
+    TenantAwareFirebaseAuth tenantAwareAuth =
+        FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
+    OidcProviderConfig.UpdateRequest request =
+        new OidcProviderConfig.UpdateRequest("oidc.provider-id")
+            .setDisplayName("DISPLAY_NAME")
+            .setEnabled(true)
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com/issuer");
+
+    OidcProviderConfig config = tenantAwareAuth.updateOidcProviderConfig(request);
+
+    checkOidcProviderConfig(config, "oidc.provider-id");
+    checkRequestHeaders(interceptor);
+    String expectedUrl = TENANTS_BASE_URL + "/TENANT_ID/oauthIdpConfigs/oidc.provider-id";
+    checkUrl(interceptor, "PATCH", expectedUrl);
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("clientId,displayName,enabled,issuer", url.getFirst("updateMask"));
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+    assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+  }
+
+  @Test
+  public void testGetOidcProviderConfig() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("oidc.json"));
+
+    OidcProviderConfig config =
+        FirebaseAuth.getInstance().getOidcProviderConfig("oidc.provider-id");
+
+    checkOidcProviderConfig(config, "oidc.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
+  }
+
+  @Test
+  public void testGetOidcProviderConfigAsync() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("oidc.json"));
+
+    OidcProviderConfig config =
+        FirebaseAuth.getInstance().getOidcProviderConfigAsync("oidc.provider-id").get();
+
+    checkOidcProviderConfig(config, "oidc.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
+  }
+
+  @Test
+  public void testGetOidcProviderConfigMissingId() throws Exception {
+    initializeAppForUserManagement(TestUtils.loadResource("oidc.json"));
+
+    try {
+      FirebaseAuth.getInstance().getOidcProviderConfig(null);
+      fail("No error thrown for missing provider ID.");
+    } catch (IllegalArgumentException e) {
+      // Expected.
+    }
+  }
+
+  @Test
+  public void testGetOidcProviderConfigInvalidId() throws Exception {
+    initializeAppForUserManagement(TestUtils.loadResource("oidc.json"));
+
+    try {
+      FirebaseAuth.getInstance().getOidcProviderConfig("saml.invalid-oidc-provider-id");
+      fail("No error thrown for invalid provider ID.");
+    } catch (IllegalArgumentException e) {
+      // Expected.
+    }
+  }
+
+  @Test
+  public void testGetOidcProviderConfigWithNotFoundError() throws Exception {
+    TestResponseInterceptor interceptor =
+        initializeAppForUserManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"CONFIGURATION_NOT_FOUND\"}}");
+    try {
+      FirebaseAuth.getInstance().getOidcProviderConfig("oidc.provider-id");
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
+  }
+
+  @Test
+  public void testGetTenantAwareOidcProviderConfig() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
+        "TENANT_ID",
+        TestUtils.loadResource("oidc.json"));
+    TenantAwareFirebaseAuth tenantAwareAuth =
+        FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
+
+    OidcProviderConfig config = tenantAwareAuth.getOidcProviderConfig("oidc.provider-id");
+
+    checkOidcProviderConfig(config, "oidc.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", TENANTS_BASE_URL + "/TENANT_ID/oauthIdpConfigs/oidc.provider-id");
+  }
+
+  @Test
+  public void testListOidcProviderConfigs() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("listOidc.json"));
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        FirebaseAuth.getInstance().listOidcProviderConfigs(null, 99);
+
+    ImmutableList<OidcProviderConfig> providerConfigs = ImmutableList.copyOf(page.getValues());
+    assertEquals(2, providerConfigs.size());
+    checkOidcProviderConfig(providerConfigs.get(0), "oidc.provider-id1");
+    checkOidcProviderConfig(providerConfigs.get(1), "oidc.provider-id2");
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/oauthIdpConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(99, url.getFirst("pageSize"));
+    assertNull(url.getFirst("nextPageToken"));
+  }
+
+  @Test
+  public void testListOidcProviderConfigsAsync() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("listOidc.json"));
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        FirebaseAuth.getInstance().listOidcProviderConfigsAsync(null, 99).get();
+
+    ImmutableList<OidcProviderConfig> providerConfigs = ImmutableList.copyOf(page.getValues());
+    assertEquals(2, providerConfigs.size());
+    checkOidcProviderConfig(providerConfigs.get(0), "oidc.provider-id1");
+    checkOidcProviderConfig(providerConfigs.get(1), "oidc.provider-id2");
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/oauthIdpConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(99, url.getFirst("pageSize"));
+    assertNull(url.getFirst("nextPageToken"));
+  }
+
+  @Test
+  public void testListOidcProviderConfigsError() throws Exception {
+    TestResponseInterceptor interceptor =
+        initializeAppForUserManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+
+    try {
+      FirebaseAuth.getInstance().listOidcProviderConfigs(null, 99);
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/oauthIdpConfigs");
+  }
+
+  @Test
+  public void testListOidcProviderConfigsWithPageToken() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("listOidc.json"));
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        FirebaseAuth.getInstance().listOidcProviderConfigs("token", 99);
+
+    ImmutableList<OidcProviderConfig> providerConfigs = ImmutableList.copyOf(page.getValues());
+    assertEquals(2, providerConfigs.size());
+    checkOidcProviderConfig(providerConfigs.get(0), "oidc.provider-id1");
+    checkOidcProviderConfig(providerConfigs.get(1), "oidc.provider-id2");
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/oauthIdpConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(99, url.getFirst("pageSize"));
+    assertEquals("token", url.getFirst("nextPageToken"));
+  }
+
+  @Test
+  public void testListZeroOidcProviderConfigs() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement("{}");
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        FirebaseAuth.getInstance().listOidcProviderConfigs(null);
+    assertTrue(Iterables.isEmpty(page.getValues()));
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+  }
+
+  @Test
+  public void testTenantAwareListOidcProviderConfigs() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
+        "TENANT_ID",
+        TestUtils.loadResource("listOidc.json"));
+    TenantAwareFirebaseAuth tenantAwareAuth =
+        FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        tenantAwareAuth.listOidcProviderConfigs(null, 99);
+
+    ImmutableList<OidcProviderConfig> providerConfigs = ImmutableList.copyOf(page.getValues());
+    assertEquals(2, providerConfigs.size());
+    checkOidcProviderConfig(providerConfigs.get(0), "oidc.provider-id1");
+    checkOidcProviderConfig(providerConfigs.get(1), "oidc.provider-id2");
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", TENANTS_BASE_URL + "/TENANT_ID/oauthIdpConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(99, url.getFirst("pageSize"));
+    assertNull(url.getFirst("nextPageToken"));
+  }
+
+  @Test
+  public void testDeleteOidcProviderConfig() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement("{}");
+
+    FirebaseAuth.getInstance().deleteOidcProviderConfig("oidc.provider-id");
+
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "DELETE", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
+  }
+
+  @Test
+  public void testDeleteOidcProviderConfigAsync() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement("{}");
+
+    FirebaseAuth.getInstance().deleteOidcProviderConfigAsync("oidc.provider-id").get();
+
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "DELETE", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
+  }
+
+  @Test
+  public void testDeleteOidcProviderMissingId() throws Exception {
+    initializeAppForUserManagement("{}");
+
+    try {
+      FirebaseAuth.getInstance().deleteOidcProviderConfig(null);
+      fail("No error thrown for missing provider ID.");
+    } catch (IllegalArgumentException e) {
+      // Expected.
+    }
+  }
+
+  @Test
+  public void testDeleteOidcProviderInvalidId() throws Exception {
+    initializeAppForUserManagement("{}");
+
+    try {
+      FirebaseAuth.getInstance().deleteOidcProviderConfig("saml.invalid-oidc-provider-id");
+      fail("No error thrown for invalid provider ID.");
+    } catch (IllegalArgumentException e) {
+      // Expected.
+    }
+  }
+
+  @Test
+  public void testDeleteOidcProviderConfigWithNotFoundError() {
+    TestResponseInterceptor interceptor =
+        initializeAppForUserManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"CONFIGURATION_NOT_FOUND\"}}");
+    try {
+      FirebaseAuth.getInstance().deleteOidcProviderConfig("oidc.UNKNOWN");
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR, e.getErrorCode());
     }
+    checkUrl(interceptor, "DELETE", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.UNKNOWN");
   }
 
-  private static TestResponseInterceptor initializeAppForUserManagement(String ...responses) {
+  @Test
+  public void testTenantAwareDeleteOidcProviderConfig() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
+        "TENANT_ID",
+        "{}");
+    TenantAwareFirebaseAuth tenantAwareAuth =
+        FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
+
+    tenantAwareAuth.deleteOidcProviderConfig("oidc.provider-id");
+
+    checkRequestHeaders(interceptor);
+    String expectedUrl = TENANTS_BASE_URL + "/TENANT_ID/oauthIdpConfigs/oidc.provider-id";
+    checkUrl(interceptor, "DELETE", expectedUrl);
+  }
+
+  @Test
+  public void testCreateSamlProvider() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("saml.json"));
+    SamlProviderConfig.CreateRequest createRequest =
+        new SamlProviderConfig.CreateRequest()
+          .setProviderId("saml.provider-id")
+          .setDisplayName("DISPLAY_NAME")
+          .setEnabled(true)
+          .setIdpEntityId("IDP_ENTITY_ID")
+          .setSsoUrl("https://example.com/login")
+          .addX509Certificate("certificate1")
+          .addX509Certificate("certificate2")
+          .setRpEntityId("RP_ENTITY_ID")
+          .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler");
+
+    SamlProviderConfig config = FirebaseAuth.getInstance().createSamlProviderConfig(createRequest);
+
+    checkSamlProviderConfig(config, "saml.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", PROJECT_BASE_URL + "/inboundSamlConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("saml.provider-id", url.getFirst("inboundSamlConfigId"));
+
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+
+    Map<String, Object> idpConfig = (Map<String, Object>) parsed.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(3, idpConfig.size());
+    assertEquals("IDP_ENTITY_ID", idpConfig.get("idpEntityId"));
+    assertEquals("https://example.com/login", idpConfig.get("ssoUrl"));
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(2, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+
+    Map<String, Object> spConfig = (Map<String, Object>) parsed.get("spConfig");
+    assertNotNull(spConfig);
+    assertEquals(2, spConfig.size());
+    assertEquals("RP_ENTITY_ID", spConfig.get("spEntityId"));
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", spConfig.get("callbackUri"));
+  }
+
+  @Test
+  public void testCreateSamlProviderAsync() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("saml.json"));
+    SamlProviderConfig.CreateRequest createRequest =
+        new SamlProviderConfig.CreateRequest()
+          .setProviderId("saml.provider-id")
+          .setDisplayName("DISPLAY_NAME")
+          .setEnabled(true)
+          .setIdpEntityId("IDP_ENTITY_ID")
+          .setSsoUrl("https://example.com/login")
+          .addX509Certificate("certificate1")
+          .addX509Certificate("certificate2")
+          .setRpEntityId("RP_ENTITY_ID")
+          .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler");
+
+    SamlProviderConfig config =
+        FirebaseAuth.getInstance().createSamlProviderConfigAsync(createRequest).get();
+
+    checkSamlProviderConfig(config, "saml.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", PROJECT_BASE_URL + "/inboundSamlConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("saml.provider-id", url.getFirst("inboundSamlConfigId"));
+
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+
+    Map<String, Object> idpConfig = (Map<String, Object>) parsed.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(3, idpConfig.size());
+    assertEquals("IDP_ENTITY_ID", idpConfig.get("idpEntityId"));
+    assertEquals("https://example.com/login", idpConfig.get("ssoUrl"));
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(2, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+
+    Map<String, Object> spConfig = (Map<String, Object>) parsed.get("spConfig");
+    assertNotNull(spConfig);
+    assertEquals(2, spConfig.size());
+    assertEquals("RP_ENTITY_ID", spConfig.get("spEntityId"));
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", spConfig.get("callbackUri"));
+  }
+
+  @Test
+  public void testCreateSamlProviderMinimal() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("saml.json"));
+    // Only the 'enabled', 'displayName', and 'signRequest' fields can be omitted from a SAML
+    // provider config creation request.
+    SamlProviderConfig.CreateRequest createRequest =
+        new SamlProviderConfig.CreateRequest()
+          .setProviderId("saml.provider-id")
+          .setIdpEntityId("IDP_ENTITY_ID")
+          .setSsoUrl("https://example.com/login")
+          .addX509Certificate("certificate")
+          .setRpEntityId("RP_ENTITY_ID")
+          .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler");
+
+    FirebaseAuth.getInstance().createSamlProviderConfig(createRequest);
+
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", PROJECT_BASE_URL + "/inboundSamlConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("saml.provider-id", url.getFirst("inboundSamlConfigId"));
+
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertNull(parsed.get("displayName"));
+    assertNull(parsed.get("enabled"));
+    Map<String, Object> idpConfig = (Map<String, Object>) parsed.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(3, idpConfig.size());
+    assertEquals("IDP_ENTITY_ID", idpConfig.get("idpEntityId"));
+    assertEquals("https://example.com/login", idpConfig.get("ssoUrl"));
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(1, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate"), idpCertificates.get(0));
+    Map<String, Object> spConfig = (Map<String, Object>) parsed.get("spConfig");
+    assertNotNull(spConfig);
+    assertEquals(2, spConfig.size());
+    assertEquals("RP_ENTITY_ID", spConfig.get("spEntityId"));
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", spConfig.get("callbackUri"));
+  }
+
+  @Test
+  public void testCreateSamlProviderError() {
+    TestResponseInterceptor interceptor =
+        initializeAppForUserManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+    SamlProviderConfig.CreateRequest createRequest =
+        new SamlProviderConfig.CreateRequest().setProviderId("saml.provider-id");
+    try {
+      FirebaseAuth.getInstance().createSamlProviderConfig(createRequest);
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "POST", PROJECT_BASE_URL + "/inboundSamlConfigs");
+  }
+
+  @Test
+  public void testCreateSamlProviderMissingId() throws Exception {
+    initializeAppForUserManagement(TestUtils.loadResource("saml.json"));
+    SamlProviderConfig.CreateRequest createRequest =
+        new SamlProviderConfig.CreateRequest()
+          .setDisplayName("DISPLAY_NAME")
+          .setEnabled(true)
+          .setIdpEntityId("IDP_ENTITY_ID")
+          .setSsoUrl("https://example.com/login")
+          .addX509Certificate("certificate1")
+          .addX509Certificate("certificate2")
+          .setRpEntityId("RP_ENTITY_ID")
+          .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler");
+    try {
+      FirebaseAuth.getInstance().createSamlProviderConfig(createRequest);
+      fail("No error thrown for invalid response");
+    } catch (IllegalArgumentException e) {
+      // Expected.
+    }
+  }
+
+  @Test
+  public void testTenantAwareCreateSamlProvider() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
+        "TENANT_ID",
+        TestUtils.loadResource("saml.json"));
+    SamlProviderConfig.CreateRequest createRequest =
+        new SamlProviderConfig.CreateRequest()
+          .setProviderId("saml.provider-id")
+          .setDisplayName("DISPLAY_NAME")
+          .setEnabled(true)
+          .setIdpEntityId("IDP_ENTITY_ID")
+          .setSsoUrl("https://example.com/login")
+          .addX509Certificate("certificate1")
+          .addX509Certificate("certificate2")
+          .setRpEntityId("RP_ENTITY_ID")
+          .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler");
+    TenantAwareFirebaseAuth tenantAwareAuth =
+        FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
+
+    tenantAwareAuth.createSamlProviderConfig(createRequest);
+
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", TENANTS_BASE_URL + "/TENANT_ID/inboundSamlConfigs");
+  }
+
+  @Test
+  public void testUpdateSamlProvider() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("saml.json"));
+    SamlProviderConfig.UpdateRequest updateRequest =
+        new SamlProviderConfig.UpdateRequest("saml.provider-id")
+          .setDisplayName("DISPLAY_NAME")
+          .setEnabled(true)
+          .setIdpEntityId("IDP_ENTITY_ID")
+          .setSsoUrl("https://example.com/login")
+          .addX509Certificate("certificate1")
+          .addX509Certificate("certificate2")
+          .setRpEntityId("RP_ENTITY_ID")
+          .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler");
+
+    SamlProviderConfig config = FirebaseAuth.getInstance().updateSamlProviderConfig(updateRequest);
+
+    checkSamlProviderConfig(config, "saml.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "PATCH", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(
+        "displayName,enabled,idpConfig.idpCertificates,idpConfig.idpEntityId,idpConfig.ssoUrl,"
+          + "spConfig.callbackUri,spConfig.spEntityId",
+        url.getFirst("updateMask"));
+
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+
+    Map<String, Object> idpConfig = (Map<String, Object>) parsed.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(3, idpConfig.size());
+    assertEquals("IDP_ENTITY_ID", idpConfig.get("idpEntityId"));
+    assertEquals("https://example.com/login", idpConfig.get("ssoUrl"));
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(2, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+
+    Map<String, Object> spConfig = (Map<String, Object>) parsed.get("spConfig");
+    assertNotNull(spConfig);
+    assertEquals(2, spConfig.size());
+    assertEquals("RP_ENTITY_ID", spConfig.get("spEntityId"));
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", spConfig.get("callbackUri"));
+  }
+
+  @Test
+  public void testUpdateSamlProviderAsync() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("saml.json"));
+    SamlProviderConfig.UpdateRequest updateRequest =
+        new SamlProviderConfig.UpdateRequest("saml.provider-id")
+          .setDisplayName("DISPLAY_NAME")
+          .setEnabled(true)
+          .setIdpEntityId("IDP_ENTITY_ID")
+          .setSsoUrl("https://example.com/login")
+          .addX509Certificate("certificate1")
+          .addX509Certificate("certificate2")
+          .setRpEntityId("RP_ENTITY_ID")
+          .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler");
+
+    SamlProviderConfig config =
+        FirebaseAuth.getInstance().updateSamlProviderConfigAsync(updateRequest).get();
+
+    checkSamlProviderConfig(config, "saml.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "PATCH", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(
+        "displayName,enabled,idpConfig.idpCertificates,idpConfig.idpEntityId,idpConfig.ssoUrl,"
+          + "spConfig.callbackUri,spConfig.spEntityId",
+        url.getFirst("updateMask"));
+
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+
+    Map<String, Object> idpConfig = (Map<String, Object>) parsed.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(3, idpConfig.size());
+    assertEquals("IDP_ENTITY_ID", idpConfig.get("idpEntityId"));
+    assertEquals("https://example.com/login", idpConfig.get("ssoUrl"));
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(2, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+
+    Map<String, Object> spConfig = (Map<String, Object>) parsed.get("spConfig");
+    assertNotNull(spConfig);
+    assertEquals(2, spConfig.size());
+    assertEquals("RP_ENTITY_ID", spConfig.get("spEntityId"));
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", spConfig.get("callbackUri"));
+  }
+
+  @Test
+  public void testUpdateSamlProviderMinimal() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("saml.json"));
+    SamlProviderConfig.UpdateRequest request =
+        new SamlProviderConfig.UpdateRequest("saml.provider-id").setDisplayName("DISPLAY_NAME");
+
+    SamlProviderConfig config = FirebaseAuth.getInstance().updateSamlProviderConfig(request);
+
+    checkSamlProviderConfig(config, "saml.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "PATCH", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("displayName", url.getFirst("updateMask"));
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals(1, parsed.size());
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+  }
+
+  @Test
+  public void testUpdateSamlProviderConfigNoValues() throws Exception {
+    initializeAppForUserManagement(TestUtils.loadResource("saml.json"));
+    try {
+      FirebaseAuth.getInstance().updateSamlProviderConfig(
+          new SamlProviderConfig.UpdateRequest("saml.provider-id"));
+      fail("No error thrown for empty provider config update");
+    } catch (IllegalArgumentException e) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testUpdateSamlProviderConfigError() throws Exception {
+    TestResponseInterceptor interceptor =
+        initializeAppForUserManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+    SamlProviderConfig.UpdateRequest request =
+        new SamlProviderConfig.UpdateRequest("saml.provider-id").setDisplayName("DISPLAY_NAME");
+    try {
+      FirebaseAuth.getInstance().updateSamlProviderConfig(request);
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "PATCH", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
+  }
+
+  @Test
+  public void testTenantAwareUpdateSamlProvider() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
+        "TENANT_ID",
+        TestUtils.loadResource("saml.json"));
+    TenantAwareFirebaseAuth tenantAwareAuth =
+        FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
+    SamlProviderConfig.UpdateRequest updateRequest =
+        new SamlProviderConfig.UpdateRequest("saml.provider-id")
+          .setDisplayName("DISPLAY_NAME")
+          .setEnabled(true)
+          .setIdpEntityId("IDP_ENTITY_ID")
+          .setSsoUrl("https://example.com/login");
+
+    SamlProviderConfig config = tenantAwareAuth.updateSamlProviderConfig(updateRequest);
+
+    checkSamlProviderConfig(config, "saml.provider-id");
+    checkRequestHeaders(interceptor);
+    String expectedUrl = TENANTS_BASE_URL + "/TENANT_ID/inboundSamlConfigs/saml.provider-id";
+    checkUrl(interceptor, "PATCH", expectedUrl);
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("displayName,enabled,idpConfig.idpEntityId,idpConfig.ssoUrl",
+        url.getFirst("updateMask"));
+
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+    Map<String, Object> idpConfig = (Map<String, Object>) parsed.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(2, idpConfig.size());
+    assertEquals("IDP_ENTITY_ID", idpConfig.get("idpEntityId"));
+    assertEquals("https://example.com/login", idpConfig.get("ssoUrl"));
+  }
+
+  @Test
+  public void testGetSamlProviderConfig() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("saml.json"));
+
+    SamlProviderConfig config =
+        FirebaseAuth.getInstance().getSamlProviderConfig("saml.provider-id");
+
+    checkSamlProviderConfig(config, "saml.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
+  }
+
+  @Test
+  public void testGetSamlProviderConfigAsync() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("saml.json"));
+
+    SamlProviderConfig config =
+        FirebaseAuth.getInstance().getSamlProviderConfigAsync("saml.provider-id").get();
+
+    checkSamlProviderConfig(config, "saml.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
+  }
+
+  @Test
+  public void testGetSamlProviderConfigMissingId() throws Exception {
+    initializeAppForUserManagement(TestUtils.loadResource("saml.json"));
+
+    try {
+      FirebaseAuth.getInstance().getSamlProviderConfig(null);
+      fail("No error thrown for missing provider ID.");
+    } catch (IllegalArgumentException e) {
+      // Expected.
+    }
+  }
+
+  @Test
+  public void testGetSamlProviderConfigInvalidId() throws Exception {
+    initializeAppForUserManagement(TestUtils.loadResource("saml.json"));
+
+    try {
+      FirebaseAuth.getInstance().getSamlProviderConfig("oidc.invalid-saml-provider-id");
+      fail("No error thrown for invalid provider ID.");
+    } catch (IllegalArgumentException e) {
+      // Expected.
+    }
+  }
+
+  @Test
+  public void testGetSamlProviderConfigWithNotFoundError() {
+    TestResponseInterceptor interceptor =
+        initializeAppForUserManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"CONFIGURATION_NOT_FOUND\"}}");
+    try {
+      FirebaseAuth.getInstance().getSamlProviderConfig("saml.provider-id");
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
+  }
+
+  @Test
+  public void testGetTenantAwareSamlProviderConfig() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
+        "TENANT_ID",
+        TestUtils.loadResource("saml.json"));
+    TenantAwareFirebaseAuth tenantAwareAuth =
+        FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
+
+    SamlProviderConfig config = tenantAwareAuth.getSamlProviderConfig("saml.provider-id");
+
+    checkSamlProviderConfig(config, "saml.provider-id");
+    checkRequestHeaders(interceptor);
+    String expectedUrl = TENANTS_BASE_URL + "/TENANT_ID/inboundSamlConfigs/saml.provider-id";
+    checkUrl(interceptor, "GET", expectedUrl);
+  }
+
+  @Test
+  public void testListSamlProviderConfigs() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("listSaml.json"));
+    ListProviderConfigsPage<SamlProviderConfig> page =
+        FirebaseAuth.getInstance().listSamlProviderConfigs(null, 99);
+
+    ImmutableList<SamlProviderConfig> providerConfigs = ImmutableList.copyOf(page.getValues());
+    assertEquals(2, providerConfigs.size());
+    checkSamlProviderConfig(providerConfigs.get(0), "saml.provider-id1");
+    checkSamlProviderConfig(providerConfigs.get(1), "saml.provider-id2");
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/inboundSamlConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(99, url.getFirst("pageSize"));
+    assertNull(url.getFirst("nextPageToken"));
+  }
+
+  @Test
+  public void testListSamlProviderConfigsAsync() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("listSaml.json"));
+    ListProviderConfigsPage<SamlProviderConfig> page =
+        FirebaseAuth.getInstance().listSamlProviderConfigsAsync(null, 99).get();
+
+    ImmutableList<SamlProviderConfig> providerConfigs = ImmutableList.copyOf(page.getValues());
+    assertEquals(2, providerConfigs.size());
+    checkSamlProviderConfig(providerConfigs.get(0), "saml.provider-id1");
+    checkSamlProviderConfig(providerConfigs.get(1), "saml.provider-id2");
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/inboundSamlConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(99, url.getFirst("pageSize"));
+    assertNull(url.getFirst("nextPageToken"));
+  }
+
+  @Test
+  public void testListSamlProviderConfigsError() throws Exception {
+    TestResponseInterceptor interceptor =
+        initializeAppForUserManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+
+    try {
+      FirebaseAuth.getInstance().listSamlProviderConfigs(null, 99);
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/inboundSamlConfigs");
+  }
+
+  @Test
+  public void testListSamlProviderConfigsWithPageToken() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("listSaml.json"));
+    ListProviderConfigsPage<SamlProviderConfig> page =
+        FirebaseAuth.getInstance().listSamlProviderConfigs("token", 99);
+
+    ImmutableList<SamlProviderConfig> providerConfigs = ImmutableList.copyOf(page.getValues());
+    assertEquals(2, providerConfigs.size());
+    checkSamlProviderConfig(providerConfigs.get(0), "saml.provider-id1");
+    checkSamlProviderConfig(providerConfigs.get(1), "saml.provider-id2");
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/inboundSamlConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(99, url.getFirst("pageSize"));
+    assertEquals("token", url.getFirst("nextPageToken"));
+  }
+
+  @Test
+  public void testListZeroSamlProviderConfigs() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement("{}");
+    ListProviderConfigsPage<SamlProviderConfig> page =
+        FirebaseAuth.getInstance().listSamlProviderConfigs(null);
+    assertTrue(Iterables.isEmpty(page.getValues()));
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+  }
+
+  @Test
+  public void testTenantAwareListSamlProviderConfigs() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
+        "TENANT_ID",
+        TestUtils.loadResource("listSaml.json"));
+    TenantAwareFirebaseAuth tenantAwareAuth =
+        FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
+    ListProviderConfigsPage<SamlProviderConfig> page =
+        tenantAwareAuth.listSamlProviderConfigs(null, 99);
+
+    ImmutableList<SamlProviderConfig> providerConfigs = ImmutableList.copyOf(page.getValues());
+    assertEquals(2, providerConfigs.size());
+    checkSamlProviderConfig(providerConfigs.get(0), "saml.provider-id1");
+    checkSamlProviderConfig(providerConfigs.get(1), "saml.provider-id2");
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", TENANTS_BASE_URL + "/TENANT_ID/inboundSamlConfigs");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(99, url.getFirst("pageSize"));
+    assertNull(url.getFirst("nextPageToken"));
+  }
+
+  @Test
+  public void testDeleteSamlProviderConfig() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement("{}");
+
+    FirebaseAuth.getInstance().deleteSamlProviderConfig("saml.provider-id");
+
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "DELETE", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
+  }
+
+  @Test
+  public void testDeleteSamlProviderConfigAsync() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement("{}");
+
+    FirebaseAuth.getInstance().deleteSamlProviderConfigAsync("saml.provider-id").get();
+
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "DELETE", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
+  }
+
+  @Test
+  public void testDeleteSamlProviderMissingId() throws Exception {
+    initializeAppForUserManagement("{}");
+
+    try {
+      FirebaseAuth.getInstance().deleteSamlProviderConfig(null);
+      fail("No error thrown for missing provider ID.");
+    } catch (IllegalArgumentException e) {
+      // Expected.
+    }
+  }
+
+  @Test
+  public void testDeleteSamlProviderInvalidId() throws Exception {
+    initializeAppForUserManagement("{}");
+
+    try {
+      FirebaseAuth.getInstance().deleteSamlProviderConfig("oidc.invalid-saml-provider-id");
+      fail("No error thrown for invalid provider ID.");
+    } catch (IllegalArgumentException e) {
+      // Expected.
+    }
+  }
+
+  @Test
+  public void testDeleteSamlProviderConfigWithNotFoundError() {
+    TestResponseInterceptor interceptor =
+        initializeAppForUserManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"CONFIGURATION_NOT_FOUND\"}}");
+    try {
+      FirebaseAuth.getInstance().deleteSamlProviderConfig("saml.UNKNOWN");
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "DELETE", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.UNKNOWN");
+  }
+
+  @Test
+  public void testTenantAwareDeleteSamlProviderConfig() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
+        "TENANT_ID",
+        "{}");
+    TenantAwareFirebaseAuth tenantAwareAuth =
+        FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
+
+    tenantAwareAuth.deleteSamlProviderConfig("saml.provider-id");
+
+    checkRequestHeaders(interceptor);
+    String expectedUrl = TENANTS_BASE_URL + "/TENANT_ID/inboundSamlConfigs/saml.provider-id";
+    checkUrl(interceptor, "DELETE", expectedUrl);
+  }
+
+  private static TestResponseInterceptor initializeAppForUserManagementWithStatusCode(
+      int statusCode, String response) {
+    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+        .setCredentials(credentials)
+        .setHttpTransport(
+          new MockHttpTransport.Builder().setLowLevelHttpResponse(
+            new MockLowLevelHttpResponse().setContent(response).setStatusCode(statusCode)).build())
+        .setProjectId("test-project-id")
+        .build());
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    FirebaseAuth.getInstance().getUserManager().setInterceptor(interceptor);
+    return interceptor;
+  }
+
+  private static TestResponseInterceptor initializeAppForTenantAwareUserManagement(
+      String tenantId,
+      String... responses) {
+    initializeAppWithResponses(responses);
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    TenantManager tenantManager =  FirebaseAuth.getInstance().getTenantManager();
+    AbstractFirebaseAuth auth = tenantManager.getAuthForTenant(tenantId);
+    auth.getUserManager().setInterceptor(interceptor);
+    return interceptor;
+  }
+
+  private static TestResponseInterceptor initializeAppForUserManagement(String... responses) {
+    initializeAppWithResponses(responses);
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    FirebaseAuth.getInstance().getUserManager().setInterceptor(interceptor);
+    return interceptor;
+  }
+
+  private static void initializeAppWithResponses(String... responses) {
     List<MockLowLevelHttpResponse> mocks = new ArrayList<>();
     for (String response : responses) {
       mocks.add(new MockLowLevelHttpResponse().setContent(response));
@@ -1428,11 +2584,13 @@ private static TestResponseInterceptor initializeAppForUserManagement(String ...
         .setHttpTransport(transport)
         .setProjectId("test-project-id")
         .build());
-    FirebaseAuth auth = FirebaseAuth.getInstance();
-    FirebaseUserManager userManager = auth.getUserManager();
-    TestResponseInterceptor interceptor = new TestResponseInterceptor();
-    userManager.setInterceptor(interceptor);
-    return interceptor;
+  }
+
+  private static GenericJson parseRequestContent(TestResponseInterceptor interceptor)
+      throws IOException {
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    interceptor.getResponse().getRequest().getContent().writeTo(out);
+    return JSON_FACTORY.fromString(new String(out.toByteArray()), GenericJson.class);
   }
 
   private static FirebaseAuth getRetryDisabledAuth(MockLowLevelHttpResponse response) {
@@ -1444,15 +2602,19 @@ private static FirebaseAuth getRetryDisabledAuth(MockLowLevelHttpResponse respon
         .setProjectId("test-project-id")
         .setHttpTransport(transport)
         .build());
-    return FirebaseAuth.builder()
-        .setFirebaseApp(app)
-        .setUserManager(new Supplier<FirebaseUserManager>() {
-          @Override
-          public FirebaseUserManager get() {
-            return new FirebaseUserManager(app, transport.createRequestFactory());
-          }
-        })
-        .build();
+    return new FirebaseAuth(
+        AbstractFirebaseAuth.builder()
+          .setFirebaseApp(app)
+          .setUserManager(new Supplier<FirebaseUserManager>() {
+            @Override
+            public FirebaseUserManager get() {
+              return FirebaseUserManager
+                .builder()
+                .setFirebaseApp(app)
+                .setHttpRequestFactory(transport.createRequestFactory())
+                .build();
+            }
+          }));
   }
 
   private static void checkUserRecord(UserRecord userRecord) {
@@ -1467,6 +2629,7 @@ private static void checkUserRecord(UserRecord userRecord) {
     assertFalse(userRecord.isDisabled());
     assertTrue(userRecord.isEmailVerified());
     assertEquals(1494364393000L, userRecord.getTokensValidAfterTimestamp());
+    assertEquals("testTenant", userRecord.getTenantId());
 
     UserInfo provider = userRecord.getProviderData()[0];
     assertEquals("testuser@example.com", provider.getUid());
@@ -1488,6 +2651,25 @@ private static void checkUserRecord(UserRecord userRecord) {
     assertEquals("gold", claims.get("package"));
   }
 
+  private static void checkOidcProviderConfig(OidcProviderConfig config, String providerId) {
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("DISPLAY_NAME", config.getDisplayName());
+    assertTrue(config.isEnabled());
+    assertEquals("CLIENT_ID", config.getClientId());
+    assertEquals("https://oidc.com/issuer", config.getIssuer());
+  }
+
+  private static void checkSamlProviderConfig(SamlProviderConfig config, String providerId) {
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("DISPLAY_NAME", config.getDisplayName());
+    assertTrue(config.isEnabled());
+    assertEquals("IDP_ENTITY_ID", config.getIdpEntityId());
+    assertEquals("https://example.com/login", config.getSsoUrl());
+    assertEquals(ImmutableList.of("certificate1", "certificate2"), config.getX509Certificates());
+    assertEquals("RP_ENTITY_ID", config.getRpEntityId());
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", config.getCallbackUrl());
+  }
+
   private static void checkRequestHeaders(TestResponseInterceptor interceptor) {
     HttpHeaders headers = interceptor.getResponse().getRequest().getHeaders();
     String auth = "Bearer " + TEST_TOKEN;
@@ -1497,8 +2679,20 @@ private static void checkRequestHeaders(TestResponseInterceptor interceptor) {
     assertEquals(clientVersion, headers.getFirstHeaderStringValue("X-Client-Version"));
   }
 
+  private static void checkUrl(TestResponseInterceptor interceptor, String method, String url) {
+    HttpRequest request = interceptor.getResponse().getRequest();
+    if (method.equals("PATCH")) {
+      assertEquals("PATCH",
+          request.getHeaders().getFirstHeaderStringValue("X-HTTP-Method-Override"));
+      assertEquals("POST", request.getRequestMethod());
+    } else {
+      assertEquals(method, request.getRequestMethod());
+    }
+    assertEquals(url, request.getUrl().toString().split("\\?")[0]);
+  }
+
   private interface UserManagerOp {
     void call(FirebaseAuth auth) throws Exception;
   }
-  
+
 }
diff --git a/src/test/java/com/google/firebase/auth/GetUsersIT.java b/src/test/java/com/google/firebase/auth/GetUsersIT.java
index efe2f783f..a0bdcb6c6 100644
--- a/src/test/java/com/google/firebase/auth/GetUsersIT.java
+++ b/src/test/java/com/google/firebase/auth/GetUsersIT.java
@@ -21,6 +21,7 @@
 
 import com.google.common.collect.ImmutableList;
 import com.google.firebase.FirebaseApp;
+import com.google.firebase.auth.UserTestUtils.RandomUser;
 import com.google.firebase.testing.IntegrationTestUtils;
 import java.util.Collection;
 
@@ -44,18 +45,17 @@ public static void setUpClass() throws Exception {
     testUser2 = FirebaseAuthIT.newUserWithParams(auth);
     testUser3 = FirebaseAuthIT.newUserWithParams(auth);
 
-    FirebaseAuthIT.RandomUser randomUser = FirebaseAuthIT.RandomUser.create();
-    importUserUid = randomUser.uid;
-    String phone = FirebaseAuthIT.randomPhoneNumber();
+    RandomUser randomUser = UserTestUtils.generateRandomUserInfo();
+    importUserUid = randomUser.getUid();
     UserImportResult result = auth.importUsers(ImmutableList.of(
           ImportUserRecord.builder()
-          .setUid(randomUser.uid)
-          .setEmail(randomUser.email)
-          .setPhoneNumber(phone)
+          .setUid(randomUser.getUid())
+          .setEmail(randomUser.getEmail())
+          .setPhoneNumber(randomUser.getPhoneNumber())
           .addUserProvider(
               UserProvider.builder()
                   .setProviderId("google.com")
-                  .setUid("google_" + randomUser.uid)
+                  .setUid("google_" + randomUser.getUid())
                   .build())
           .build()
           ));
diff --git a/src/test/java/com/google/firebase/auth/ListProviderConfigsPageTest.java b/src/test/java/com/google/firebase/auth/ListProviderConfigsPageTest.java
new file mode 100644
index 000000000..ba08f9c77
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/ListProviderConfigsPageTest.java
@@ -0,0 +1,376 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static junit.framework.TestCase.assertTrue;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.fail;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.auth.internal.ListOidcProviderConfigsResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.NoSuchElementException;
+
+import org.junit.Test;
+
+public class ListProviderConfigsPageTest {
+
+  @Test
+  public void testSinglePage() throws FirebaseAuthException, IOException {
+    TestProviderConfigSource source = new TestProviderConfigSource(3);
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source).create();
+    assertFalse(page.hasNextPage());
+    assertEquals(ListProviderConfigsPage.END_OF_LIST, page.getNextPageToken());
+    assertNull(page.getNextPage());
+
+    ImmutableList<OidcProviderConfig> providerConfigs = ImmutableList.copyOf(page.getValues());
+    assertEquals(3, providerConfigs.size());
+    for (int i = 0; i < 3; i++) {
+      assertEquals("oidc.provider-id-" + i, providerConfigs.get(i).getProviderId());
+    }
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+  }
+
+  @Test
+  public void testMultiplePages() throws FirebaseAuthException, IOException {
+    ListOidcProviderConfigsResponse response = new ListOidcProviderConfigsResponse(
+        ImmutableList.of(
+          newOidcProviderConfig("oidc.provider-id-0"),
+          newOidcProviderConfig("oidc.provider-id-1"),
+          newOidcProviderConfig("oidc.provider-id-2")),
+        "token");
+    TestProviderConfigSource source = new TestProviderConfigSource(response);
+    ListProviderConfigsPage<OidcProviderConfig> page1 =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source).create();
+    assertTrue(page1.hasNextPage());
+    assertEquals("token", page1.getNextPageToken());
+    ImmutableList<OidcProviderConfig> providerConfigs = ImmutableList.copyOf(page1.getValues());
+    assertEquals(3, providerConfigs.size());
+    for (int i = 0; i < 3; i++) {
+      assertEquals("oidc.provider-id-" + i, providerConfigs.get(i).getProviderId());
+    }
+
+    response = new ListOidcProviderConfigsResponse(
+        ImmutableList.of(
+          newOidcProviderConfig("oidc.provider-id-3"),
+          newOidcProviderConfig("oidc.provider-id-4"),
+          newOidcProviderConfig("oidc.provider-id-5")),
+        ListProviderConfigsPage.END_OF_LIST);
+    source.response = response;
+    ListProviderConfigsPage<OidcProviderConfig> page2 = page1.getNextPage();
+    assertFalse(page2.hasNextPage());
+    assertEquals(ListProviderConfigsPage.END_OF_LIST, page2.getNextPageToken());
+    providerConfigs = ImmutableList.copyOf(page2.getValues());
+    assertEquals(3, providerConfigs.size());
+    for (int i = 3; i < 6; i++) {
+      assertEquals("oidc.provider-id-" + i, providerConfigs.get(i - 3).getProviderId());
+    }
+
+    assertEquals(2, source.calls.size());
+    assertNull(source.calls.get(0));
+    assertEquals("token", source.calls.get(1));
+
+    // Should iterate all provider configs from both pages
+    int iterations = 0;
+    for (OidcProviderConfig providerConfig : page1.iterateAll()) {
+      iterations++;
+    }
+    assertEquals(6, iterations);
+    assertEquals(3, source.calls.size());
+    assertEquals("token", source.calls.get(2));
+
+    // Should only iterate provider configs in the last page
+    iterations = 0;
+    for (OidcProviderConfig providerConfig : page2.iterateAll()) {
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(3, source.calls.size());
+  }
+
+  @Test
+  public void testListProviderConfigsIterable() throws FirebaseAuthException, IOException {
+    TestProviderConfigSource source = new TestProviderConfigSource(3);
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source).create();
+    Iterable<OidcProviderConfig> providerConfigs = page.iterateAll();
+
+    int iterations = 0;
+    for (OidcProviderConfig providerConfig : providerConfigs) {
+      assertEquals("oidc.provider-id-" + iterations, providerConfig.getProviderId());
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+
+    // Should result in a new iterator
+    iterations = 0;
+    for (OidcProviderConfig providerConfig : providerConfigs) {
+      assertEquals("oidc.provider-id-" + iterations, providerConfig.getProviderId());
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+  }
+
+  @Test
+  public void testListProviderConfigsIterator() throws FirebaseAuthException, IOException {
+    TestProviderConfigSource source = new TestProviderConfigSource(3);
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source).create();
+    Iterable<OidcProviderConfig> providerConfigs = page.iterateAll();
+    Iterator<OidcProviderConfig> iterator = providerConfigs.iterator();
+    int iterations = 0;
+    while (iterator.hasNext()) {
+      assertEquals("oidc.provider-id-" + iterations, iterator.next().getProviderId());
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+
+    while (iterator.hasNext()) {
+      fail("Should not be able to to iterate any more");
+    }
+    try {
+      iterator.next();
+      fail("Should not be able to iterate any more");
+    } catch (NoSuchElementException expected) {
+      // expected
+    }
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testListProviderConfigsPagedIterable() throws FirebaseAuthException, IOException {
+    ListOidcProviderConfigsResponse response = new ListOidcProviderConfigsResponse(
+        ImmutableList.of(
+          newOidcProviderConfig("oidc.provider-id-0"),
+          newOidcProviderConfig("oidc.provider-id-1"),
+          newOidcProviderConfig("oidc.provider-id-2")),
+        "token");
+    TestProviderConfigSource source = new TestProviderConfigSource(response);
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source).create();
+    int iterations = 0;
+    for (OidcProviderConfig providerConfig : page.iterateAll()) {
+      assertEquals("oidc.provider-id-" + iterations, providerConfig.getProviderId());
+      iterations++;
+      if (iterations == 3) {
+        assertEquals(1, source.calls.size());
+        assertNull(source.calls.get(0));
+        response = new ListOidcProviderConfigsResponse(
+            ImmutableList.of(
+              newOidcProviderConfig("oidc.provider-id-3"),
+              newOidcProviderConfig("oidc.provider-id-4"),
+              newOidcProviderConfig("oidc.provider-id-5")),
+            ListProviderConfigsPage.END_OF_LIST);
+        source.response = response;
+      }
+    }
+
+    assertEquals(6, iterations);
+    assertEquals(2, source.calls.size());
+    assertEquals("token", source.calls.get(1));
+  }
+
+  @Test
+  public void testListProviderConfigsPagedIterator() throws FirebaseAuthException, IOException {
+    ListOidcProviderConfigsResponse response = new ListOidcProviderConfigsResponse(
+        ImmutableList.of(
+          newOidcProviderConfig("oidc.provider-id-0"),
+          newOidcProviderConfig("oidc.provider-id-1"),
+          newOidcProviderConfig("oidc.provider-id-2")),
+        "token");
+    TestProviderConfigSource source = new TestProviderConfigSource(response);
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source).create();
+    Iterator<OidcProviderConfig> providerConfigs = page.iterateAll().iterator();
+    int iterations = 0;
+    while (providerConfigs.hasNext()) {
+      assertEquals("oidc.provider-id-" + iterations, providerConfigs.next().getProviderId());
+      iterations++;
+      if (iterations == 3) {
+        assertEquals(1, source.calls.size());
+        assertNull(source.calls.get(0));
+        response = new ListOidcProviderConfigsResponse(
+            ImmutableList.of(
+              newOidcProviderConfig("oidc.provider-id-3"),
+              newOidcProviderConfig("oidc.provider-id-4"),
+              newOidcProviderConfig("oidc.provider-id-5")),
+            ListProviderConfigsPage.END_OF_LIST);
+        source.response = response;
+      }
+    }
+
+    assertEquals(6, iterations);
+    assertEquals(2, source.calls.size());
+    assertEquals("token", source.calls.get(1));
+    assertFalse(providerConfigs.hasNext());
+    try {
+      providerConfigs.next();
+    } catch (NoSuchElementException e) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testPageWithNoproviderConfigs() throws FirebaseAuthException {
+    ListOidcProviderConfigsResponse response = new ListOidcProviderConfigsResponse(
+        ImmutableList.<OidcProviderConfig>of(), ListProviderConfigsPage.END_OF_LIST);
+    TestProviderConfigSource source = new TestProviderConfigSource(response);
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source).create();
+    assertFalse(page.hasNextPage());
+    assertEquals(ListProviderConfigsPage.END_OF_LIST, page.getNextPageToken());
+    assertNull(page.getNextPage());
+    assertEquals(0, ImmutableList.copyOf(page.getValues()).size());
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testIterableWithNoproviderConfigs() throws FirebaseAuthException {
+    ListOidcProviderConfigsResponse response = new ListOidcProviderConfigsResponse(
+        ImmutableList.<OidcProviderConfig>of(), ListProviderConfigsPage.END_OF_LIST);
+    TestProviderConfigSource source = new TestProviderConfigSource(response);
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source).create();
+    for (OidcProviderConfig providerConfig : page.iterateAll()) {
+      fail("Should not be able to iterate, but got: " + providerConfig);
+    }
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testIteratorWithNoproviderConfigs() throws FirebaseAuthException {
+    ListOidcProviderConfigsResponse response = new ListOidcProviderConfigsResponse(
+        ImmutableList.<OidcProviderConfig>of(), ListProviderConfigsPage.END_OF_LIST);
+    TestProviderConfigSource source = new TestProviderConfigSource(response);
+
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source).create();
+    Iterator<OidcProviderConfig> iterator = page.iterateAll().iterator();
+    while (iterator.hasNext()) {
+      fail("Should not be able to iterate");
+    }
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testRemove() throws FirebaseAuthException, IOException {
+    ListOidcProviderConfigsResponse response = new ListOidcProviderConfigsResponse(
+        ImmutableList.of(newOidcProviderConfig("oidc.provider-id-1")),
+        ListProviderConfigsPage.END_OF_LIST);
+    TestProviderConfigSource source = new TestProviderConfigSource(response);
+
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        new ListProviderConfigsPage.Factory<OidcProviderConfig>(source).create();
+    Iterator<OidcProviderConfig> iterator = page.iterateAll().iterator();
+    while (iterator.hasNext()) {
+      assertNotNull(iterator.next());
+      try {
+        iterator.remove();
+      } catch (UnsupportedOperationException expected) {
+        // expected
+      }
+    }
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testNullSource() {
+    new ListProviderConfigsPage.Factory<OidcProviderConfig>(null);
+  }
+
+  @Test
+  public void testInvalidPageToken() throws IOException {
+    TestProviderConfigSource source = new TestProviderConfigSource(1);
+    try {
+      new ListProviderConfigsPage.Factory<OidcProviderConfig>(source, 1000, "");
+      fail("No error thrown for empty page token");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testInvalidMaxResults() throws IOException {
+    TestProviderConfigSource source = new TestProviderConfigSource(1);
+    try {
+      new ListProviderConfigsPage.Factory<OidcProviderConfig>(source, 1001, "");
+      fail("No error thrown for maxResult > 1000");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+
+    try {
+      new ListProviderConfigsPage.Factory<OidcProviderConfig>(source, 0, "next");
+      fail("No error thrown for maxResult = 0");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+
+    try {
+      new ListProviderConfigsPage.Factory<OidcProviderConfig>(source, -1, "next");
+      fail("No error thrown for maxResult < 0");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  private static OidcProviderConfig newOidcProviderConfig(String providerConfigId)
+      throws IOException {
+    return Utils.getDefaultJsonFactory().fromString(
+        String.format("{\"name\":\"%s\"}", providerConfigId), OidcProviderConfig.class);
+  }
+
+  private static class TestProviderConfigSource
+      implements ListProviderConfigsPage.ProviderConfigSource<OidcProviderConfig> {
+
+    private ListOidcProviderConfigsResponse response;
+    private final List<String> calls = new ArrayList<>();
+
+    TestProviderConfigSource(int providerConfigCount) throws IOException {
+      ImmutableList.Builder<OidcProviderConfig> providerConfigs = ImmutableList.builder();
+      for (int i = 0; i < providerConfigCount; i++) {
+        providerConfigs.add(newOidcProviderConfig("oidc.provider-id-" + i));
+      }
+      this.response = new ListOidcProviderConfigsResponse(
+        providerConfigs.build(), ListProviderConfigsPage.END_OF_LIST);
+    }
+
+    TestProviderConfigSource(ListOidcProviderConfigsResponse response) {
+      this.response = response;
+    }
+
+    @Override
+    public ListOidcProviderConfigsResponse fetch(int maxResults, String pageToken) {
+      calls.add(pageToken);
+      return response;
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/ListUsersPageTest.java b/src/test/java/com/google/firebase/auth/ListUsersPageTest.java
index fb4a7d275..5e848069d 100644
--- a/src/test/java/com/google/firebase/auth/ListUsersPageTest.java
+++ b/src/test/java/com/google/firebase/auth/ListUsersPageTest.java
@@ -27,6 +27,7 @@
 import com.google.api.client.json.JsonFactory;
 import com.google.common.collect.ImmutableList;
 import com.google.common.io.BaseEncoding;
+import com.google.firebase.auth.ListUsersPage;
 import com.google.firebase.auth.ListUsersPage.ListUsersResult;
 import com.google.firebase.auth.internal.DownloadAccountResponse;
 import java.io.IOException;
@@ -45,7 +46,7 @@ public class ListUsersPageTest {
   @Test
   public void testSinglePage() throws FirebaseAuthException, IOException {
     TestUserSource source = new TestUserSource(3);
-    ListUsersPage page = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page = new ListUsersPage.Factory(source).create();
     assertFalse(page.hasNextPage());
     assertEquals(ListUsersPage.END_OF_LIST, page.getNextPageToken());
     assertNull(page.getNextPage());
@@ -68,7 +69,7 @@ public void testRedactedPasswords() throws FirebaseAuthException, IOException {
             newUser("user2", REDACTED_BASE64)),
         ListUsersPage.END_OF_LIST);
     TestUserSource source = new TestUserSource(result);
-    ListUsersPage page = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page = new ListUsersPage.Factory(source).create();
     assertFalse(page.hasNextPage());
     assertEquals(ListUsersPage.END_OF_LIST, page.getNextPageToken());
     assertNull(page.getNextPage());
@@ -89,7 +90,7 @@ public void testMultiplePages() throws FirebaseAuthException, IOException {
         ImmutableList.of(newUser("user0"), newUser("user1"), newUser("user2")),
         "token");
     TestUserSource source = new TestUserSource(result);
-    ListUsersPage page1 = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page1 = new ListUsersPage.Factory(source).create();
     assertTrue(page1.hasNextPage());
     assertEquals("token", page1.getNextPageToken());
     ImmutableList<ExportedUserRecord> users = ImmutableList.copyOf(page1.getValues());
@@ -136,7 +137,7 @@ public void testMultiplePages() throws FirebaseAuthException, IOException {
   @Test
   public void testListUsersIterable() throws FirebaseAuthException, IOException {
     TestUserSource source = new TestUserSource(3);
-    ListUsersPage page = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page = new ListUsersPage.Factory(source).create();
     Iterable<ExportedUserRecord> users = page.iterateAll();
 
     int iterations = 0;
@@ -162,7 +163,7 @@ public void testListUsersIterable() throws FirebaseAuthException, IOException {
   @Test
   public void testListUsersIterator() throws FirebaseAuthException, IOException {
     TestUserSource source = new TestUserSource(3);
-    ListUsersPage page = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page = new ListUsersPage.Factory(source).create();
     Iterable<ExportedUserRecord> users = page.iterateAll();
     Iterator<ExportedUserRecord> iterator = users.iterator();
     int iterations = 0;
@@ -192,7 +193,7 @@ public void testListUsersPagedIterable() throws FirebaseAuthException, IOExcepti
         ImmutableList.of(newUser("user0"), newUser("user1"), newUser("user2")),
         "token");
     TestUserSource source = new TestUserSource(result);
-    ListUsersPage page = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page = new ListUsersPage.Factory(source).create();
     int iterations = 0;
     for (ExportedUserRecord user : page.iterateAll()) {
       assertEquals("user" + iterations, user.getUid());
@@ -218,7 +219,7 @@ public void testListUsersPagedIterator() throws FirebaseAuthException, IOExcepti
         ImmutableList.of(newUser("user0"), newUser("user1"), newUser("user2")),
         "token");
     TestUserSource source = new TestUserSource(result);
-    ListUsersPage page = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page = new ListUsersPage.Factory(source).create();
     Iterator<ExportedUserRecord> users = page.iterateAll().iterator();
     int iterations = 0;
     while (users.hasNext()) {
@@ -251,7 +252,7 @@ public void testPageWithNoUsers() throws FirebaseAuthException {
         ImmutableList.<ExportedUserRecord>of(),
         ListUsersPage.END_OF_LIST);
     TestUserSource source = new TestUserSource(result);
-    ListUsersPage page = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page = new ListUsersPage.Factory(source).create();
     assertFalse(page.hasNextPage());
     assertEquals(ListUsersPage.END_OF_LIST, page.getNextPageToken());
     assertNull(page.getNextPage());
@@ -265,7 +266,7 @@ public void testIterableWithNoUsers() throws FirebaseAuthException {
         ImmutableList.<ExportedUserRecord>of(),
         ListUsersPage.END_OF_LIST);
     TestUserSource source = new TestUserSource(result);
-    ListUsersPage page = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page = new ListUsersPage.Factory(source).create();
     for (ExportedUserRecord user : page.iterateAll()) {
       fail("Should not be able to iterate, but got: " + user);
     }
@@ -279,7 +280,7 @@ public void testIteratorWithNoUsers() throws FirebaseAuthException {
         ListUsersPage.END_OF_LIST);
     TestUserSource source = new TestUserSource(result);
 
-    ListUsersPage page = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page = new ListUsersPage.Factory(source).create();
     Iterator<ExportedUserRecord> iterator = page.iterateAll().iterator();
     while (iterator.hasNext()) {
       fail("Should not be able to iterate");
@@ -294,7 +295,7 @@ public void testRemove() throws FirebaseAuthException, IOException {
         ListUsersPage.END_OF_LIST);
     TestUserSource source = new TestUserSource(result);
 
-    ListUsersPage page = new ListUsersPage.PageFactory(source).create();
+    ListUsersPage page = new ListUsersPage.Factory(source).create();
     Iterator<ExportedUserRecord> iterator = page.iterateAll().iterator();
     while (iterator.hasNext()) {
       assertNotNull(iterator.next());
@@ -308,14 +309,14 @@ public void testRemove() throws FirebaseAuthException, IOException {
 
   @Test(expected = NullPointerException.class)
   public void testNullSource() {
-    new ListUsersPage.PageFactory(null);
+    new ListUsersPage.Factory(null);
   }
 
   @Test
   public void testInvalidPageToken() throws IOException {
     TestUserSource source = new TestUserSource(1);
     try {
-      new ListUsersPage.PageFactory(source, 1000, "");
+      new ListUsersPage.Factory(source, 1000, "");
       fail("No error thrown for empty page token");
     } catch (IllegalArgumentException expected) {
       // expected
@@ -326,21 +327,21 @@ public void testInvalidPageToken() throws IOException {
   public void testInvalidMaxResults() throws IOException {
     TestUserSource source = new TestUserSource(1);
     try {
-      new ListUsersPage.PageFactory(source, 1001, "");
+      new ListUsersPage.Factory(source, 1001, "");
       fail("No error thrown for maxResult > 1000");
     } catch (IllegalArgumentException expected) {
       // expected
     }
 
     try {
-      new ListUsersPage.PageFactory(source, 0, "next");
+      new ListUsersPage.Factory(source, 0, "next");
       fail("No error thrown for maxResult = 0");
     } catch (IllegalArgumentException expected) {
       // expected
     }
 
     try {
-      new ListUsersPage.PageFactory(source, -1, "next");
+      new ListUsersPage.Factory(source, -1, "next");
       fail("No error thrown for maxResult < 0");
     } catch (IllegalArgumentException expected) {
       // expected
diff --git a/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java b/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
new file mode 100644
index 000000000..1fb4ca37b
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
@@ -0,0 +1,160 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.json.JsonFactory;
+import java.io.IOException;
+import java.util.Map;
+import org.junit.Test;
+
+public class OidcProviderConfigTest {
+
+  private static final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+
+  private static final String OIDC_JSON_STRING =
+      ("{"
+        + "  'name':        'projects/projectId/oauthIdpConfigs/oidc.provider-id',"
+        + "  'displayName': 'DISPLAY_NAME',"
+        + "  'enabled':      true,"
+        + "  'clientId':    'CLIENT_ID',"
+        + "  'issuer':      'https://oidc.com/issuer'"
+        + "}").replace("'", "\"");
+
+  @Test
+  public void testJsonDeserialization() throws IOException {
+    OidcProviderConfig config = jsonFactory.fromString(OIDC_JSON_STRING, OidcProviderConfig.class);
+
+    assertEquals("oidc.provider-id", config.getProviderId());
+    assertEquals("DISPLAY_NAME", config.getDisplayName());
+    assertTrue(config.isEnabled());
+    assertEquals("CLIENT_ID", config.getClientId());
+    assertEquals("https://oidc.com/issuer", config.getIssuer());
+  }
+
+  @Test
+  public void testCreateRequest() throws IOException {
+    OidcProviderConfig.CreateRequest createRequest = new OidcProviderConfig.CreateRequest();
+    createRequest
+      .setProviderId("oidc.provider-id")
+      .setDisplayName("DISPLAY_NAME")
+      .setEnabled(false)
+      .setClientId("CLIENT_ID")
+      .setIssuer("https://oidc.com/issuer");
+
+    assertEquals("oidc.provider-id", createRequest.getProviderId());
+    Map<String,Object> properties = createRequest.getProperties();
+    assertEquals(properties.size(), 4);
+    assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
+    assertFalse((boolean) properties.get("enabled"));
+    assertEquals("CLIENT_ID", (String) properties.get("clientId"));
+    assertEquals("https://oidc.com/issuer", (String) properties.get("issuer"));
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingProviderId() {
+    new OidcProviderConfig.CreateRequest().setProviderId(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestInvalidProviderId() {
+    new OidcProviderConfig.CreateRequest().setProviderId("saml.provider-id");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingDisplayName() {
+    new OidcProviderConfig.CreateRequest().setDisplayName(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingClientId() {
+    new OidcProviderConfig.CreateRequest().setClientId(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingIssuer() {
+    new OidcProviderConfig.CreateRequest().setIssuer(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestInvalidIssuerUrl() {
+    new OidcProviderConfig.CreateRequest().setIssuer("not a valid url");
+  }
+
+  @Test
+  public void testUpdateRequestFromOidcProviderConfig() throws IOException {
+    OidcProviderConfig config = jsonFactory.fromString(OIDC_JSON_STRING, OidcProviderConfig.class);
+
+    OidcProviderConfig.UpdateRequest updateRequest = config.updateRequest();
+
+    assertEquals("oidc.provider-id", updateRequest.getProviderId());
+    assertTrue(updateRequest.getProperties().isEmpty());
+  }
+
+  @Test
+  public void testUpdateRequest() throws IOException {
+    OidcProviderConfig.UpdateRequest updateRequest =
+        new OidcProviderConfig.UpdateRequest("oidc.provider-id");
+    updateRequest
+      .setDisplayName("DISPLAY_NAME")
+      .setEnabled(false)
+      .setClientId("CLIENT_ID")
+      .setIssuer("https://oidc.com/issuer");
+
+    assertEquals("oidc.provider-id", updateRequest.getProviderId());
+    Map<String,Object> properties = updateRequest.getProperties();
+    assertEquals(properties.size(), 4);
+    assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
+    assertFalse((boolean) properties.get("enabled"));
+    assertEquals("CLIENT_ID", (String) properties.get("clientId"));
+    assertEquals("https://oidc.com/issuer", (String) properties.get("issuer"));
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingProviderId() {
+    new OidcProviderConfig.UpdateRequest(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestInvalidProviderId() {
+    new OidcProviderConfig.UpdateRequest("saml.provider-id");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingDisplayName() {
+    new OidcProviderConfig.UpdateRequest("oidc.provider-id").setDisplayName(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingClientId() {
+    new OidcProviderConfig.UpdateRequest("oidc.provider-id").setClientId(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingIssuer() {
+    new OidcProviderConfig.UpdateRequest("oidc.provider-id").setIssuer(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestInvalidIssuerUrl() {
+    new OidcProviderConfig.UpdateRequest("oidc.provider-id").setIssuer("not a valid url");
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/ProviderConfigTestUtils.java b/src/test/java/com/google/firebase/auth/ProviderConfigTestUtils.java
new file mode 100644
index 000000000..c01ac6501
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/ProviderConfigTestUtils.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.firebase.auth.internal.AuthHttpClient;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.ExecutionException;
+import org.junit.rules.ExternalResource;
+
+public class ProviderConfigTestUtils {
+
+  public static void assertOidcProviderConfigDoesNotExist(
+      AbstractFirebaseAuth firebaseAuth, String providerId) throws Exception {
+    try {
+      firebaseAuth.getOidcProviderConfigAsync(providerId).get();
+      fail("No error thrown for getting a deleted OIDC provider config.");
+    } catch (ExecutionException e) {
+      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR,
+          ((FirebaseAuthException) e.getCause()).getErrorCode());
+    }
+  }
+
+  public static void assertSamlProviderConfigDoesNotExist(
+      AbstractFirebaseAuth firebaseAuth, String providerId) throws Exception {
+    try {
+      firebaseAuth.getSamlProviderConfigAsync(providerId).get();
+      fail("No error thrown for getting a deleted SAML provider config.");
+    } catch (ExecutionException e) {
+      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR,
+          ((FirebaseAuthException) e.getCause()).getErrorCode());
+    }
+  }
+
+  /**
+   * Creates temporary provider configs for testing, and deletes them at the end of each test case.
+   */
+  public static final class TemporaryProviderConfig extends ExternalResource {
+
+    private final AbstractFirebaseAuth auth;
+    private final List<String> oidcIds = new ArrayList<>();
+    private final List<String> samlIds = new ArrayList<>();
+
+    public TemporaryProviderConfig(AbstractFirebaseAuth auth) {
+      this.auth = auth;
+    }
+
+    public synchronized OidcProviderConfig createOidcProviderConfig(
+        OidcProviderConfig.CreateRequest request) throws FirebaseAuthException {
+      OidcProviderConfig config = auth.createOidcProviderConfig(request);
+      oidcIds.add(config.getProviderId());
+      return config;
+    }
+
+    public synchronized void deleteOidcProviderConfig(
+        String providerId) throws FirebaseAuthException {
+      checkArgument(oidcIds.contains(providerId),
+          "Provider ID is not currently associated with a temporary OIDC provider config: "
+          + providerId);
+      auth.deleteOidcProviderConfig(providerId);
+      oidcIds.remove(providerId);
+    }
+
+    public synchronized SamlProviderConfig createSamlProviderConfig(
+        SamlProviderConfig.CreateRequest request) throws FirebaseAuthException {
+      SamlProviderConfig config = auth.createSamlProviderConfig(request);
+      samlIds.add(config.getProviderId());
+      return config;
+    }
+
+    public synchronized void deleteSamlProviderConfig(
+        String providerId) throws FirebaseAuthException {
+      checkArgument(samlIds.contains(providerId),
+          "Provider ID is not currently associated with a temporary SAML provider config: "
+          + providerId);
+      auth.deleteSamlProviderConfig(providerId);
+      samlIds.remove(providerId);
+    }
+
+    @Override
+    protected synchronized void after() {
+      // Delete OIDC provider configs.
+      for (String id : oidcIds) {
+        try {
+          auth.deleteOidcProviderConfig(id);
+        } catch (Exception ignore) {
+          // Ignore
+        }
+      }
+      oidcIds.clear();
+
+      // Delete SAML provider configs.
+      for (String id : samlIds) {
+        try {
+          auth.deleteSamlProviderConfig(id);
+        } catch (Exception ignore) {
+          // Ignore
+        }
+      }
+      samlIds.clear();
+    }
+  }
+}
+
diff --git a/src/test/java/com/google/firebase/auth/SamlProviderConfigTest.java b/src/test/java/com/google/firebase/auth/SamlProviderConfigTest.java
new file mode 100644
index 000000000..e957c1ddb
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/SamlProviderConfigTest.java
@@ -0,0 +1,322 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.json.JsonFactory;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import org.junit.Test;
+
+public class SamlProviderConfigTest {
+
+  private static final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+
+  private static final String SAML_JSON_STRING =
+      ("{"
+        + "  'name':        'projects/projectId/inboundSamlConfigs/saml.provider-id',"
+        + "  'displayName': 'DISPLAY_NAME',"
+        + "  'enabled':      true,"
+        + "  'idpConfig': {"
+        + "    'idpEntityId': 'IDP_ENTITY_ID',"
+        + "    'ssoUrl':      'https://example.com/login',"
+        + "    'idpCertificates': ["
+        + "      { 'x509Certificate': 'certificate1' },"
+        + "      { 'x509Certificate': 'certificate2' }"
+        + "    ]"
+        + "  },"
+        + "  'spConfig': {"
+        + "    'spEntityId':  'RP_ENTITY_ID',"
+        + "    'callbackUri': 'https://projectId.firebaseapp.com/__/auth/handler'"
+        + "   }"
+        + "}").replace("'", "\"");
+
+  @Test
+  public void testJsonDeserialization() throws IOException {
+    SamlProviderConfig config = jsonFactory.fromString(SAML_JSON_STRING, SamlProviderConfig.class);
+
+    assertEquals("saml.provider-id", config.getProviderId());
+    assertEquals("DISPLAY_NAME", config.getDisplayName());
+    assertTrue(config.isEnabled());
+    assertEquals("IDP_ENTITY_ID", config.getIdpEntityId());
+    assertEquals("https://example.com/login", config.getSsoUrl());
+    assertEquals(ImmutableList.of("certificate1", "certificate2"), config.getX509Certificates());
+    assertEquals("RP_ENTITY_ID", config.getRpEntityId());
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", config.getCallbackUrl());
+  }
+
+  @Test
+  public void testCreateRequest() throws IOException {
+    SamlProviderConfig.CreateRequest createRequest =
+        new SamlProviderConfig.CreateRequest()
+          .setProviderId("saml.provider-id")
+          .setDisplayName("DISPLAY_NAME")
+          .setEnabled(false)
+          .setIdpEntityId("IDP_ENTITY_ID")
+          .setSsoUrl("https://example.com/login")
+          .addX509Certificate("certificate1")
+          .addX509Certificate("certificate2")
+          .setRpEntityId("RP_ENTITY_ID")
+          .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler");
+
+    assertEquals("saml.provider-id", createRequest.getProviderId());
+    Map<String,Object> properties = createRequest.getProperties();
+    assertEquals(4, properties.size());
+    assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
+    assertFalse((boolean) properties.get("enabled"));
+
+    Map<String, Object> idpConfig = (Map<String, Object>) properties.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(3, idpConfig.size());
+    assertEquals("IDP_ENTITY_ID", idpConfig.get("idpEntityId"));
+    assertEquals("https://example.com/login", idpConfig.get("ssoUrl"));
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(2, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+
+    Map<String, Object> spConfig = (Map<String, Object>) properties.get("spConfig");
+    assertNotNull(spConfig);
+    assertEquals(2, spConfig.size());
+    assertEquals("RP_ENTITY_ID", spConfig.get("spEntityId"));
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", spConfig.get("callbackUri"));
+  }
+
+  @Test
+  public void testCreateRequestX509Certificates() throws IOException {
+    SamlProviderConfig.CreateRequest createRequest =
+        new SamlProviderConfig.CreateRequest()
+          .addX509Certificate("certificate1")
+          .addAllX509Certificates(ImmutableList.of("certificate2", "certificate3"))
+          .addX509Certificate("certificate4");
+
+    Map<String,Object> properties = createRequest.getProperties();
+    assertEquals(1, properties.size());
+    Map<String, Object> idpConfig = (Map<String, Object>) properties.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(1, idpConfig.size());
+
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(4, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate3"), idpCertificates.get(2));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate4"), idpCertificates.get(3));
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingProviderId() {
+    new SamlProviderConfig.CreateRequest().setProviderId(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestInvalidProviderId() {
+    new SamlProviderConfig.CreateRequest().setProviderId("oidc.provider-id");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingDisplayName() {
+    new SamlProviderConfig.CreateRequest().setDisplayName(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingIdpEntityId() {
+    new SamlProviderConfig.CreateRequest().setIdpEntityId(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingSsoUrl() {
+    new SamlProviderConfig.CreateRequest().setSsoUrl(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestInvalidSsoUrl() {
+    new SamlProviderConfig.CreateRequest().setSsoUrl("not a valid url");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingX509Certificate() {
+    new SamlProviderConfig.CreateRequest().addX509Certificate(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestNullX509CertificatesCollection() {
+    new SamlProviderConfig.CreateRequest().addAllX509Certificates(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestEmptyX509CertificatesCollection() {
+    new SamlProviderConfig.CreateRequest().addAllX509Certificates(ImmutableList.<String>of());
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingRpEntityId() {
+    new SamlProviderConfig.CreateRequest().setRpEntityId(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingCallbackUrl() {
+    new SamlProviderConfig.CreateRequest().setCallbackUrl(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestInvalidCallbackUrl() {
+    new SamlProviderConfig.CreateRequest().setCallbackUrl("not a valid url");
+  }
+
+  @Test
+  public void testUpdateRequestFromSamlProviderConfig() throws IOException {
+    SamlProviderConfig config = jsonFactory.fromString(SAML_JSON_STRING, SamlProviderConfig.class);
+
+    SamlProviderConfig.UpdateRequest updateRequest = config.updateRequest();
+
+    assertEquals("saml.provider-id", updateRequest.getProviderId());
+    assertTrue(updateRequest.getProperties().isEmpty());
+  }
+
+  @Test
+  public void testUpdateRequest() throws IOException {
+    SamlProviderConfig.UpdateRequest updateRequest =
+        new SamlProviderConfig.UpdateRequest("saml.provider-id");
+    updateRequest
+      .setDisplayName("DISPLAY_NAME")
+      .setEnabled(false)
+      .setIdpEntityId("IDP_ENTITY_ID")
+      .setSsoUrl("https://example.com/login")
+      .addX509Certificate("certificate1")
+      .addX509Certificate("certificate2")
+      .setRpEntityId("RP_ENTITY_ID")
+      .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler");
+
+    Map<String,Object> properties = updateRequest.getProperties();
+    assertEquals(4, properties.size());
+    assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
+    assertFalse((boolean) properties.get("enabled"));
+
+    Map<String, Object> idpConfig = (Map<String, Object>) properties.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(3, idpConfig.size());
+    assertEquals("IDP_ENTITY_ID", idpConfig.get("idpEntityId"));
+    assertEquals("https://example.com/login", idpConfig.get("ssoUrl"));
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(2, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+
+    Map<String, Object> spConfig = (Map<String, Object>) properties.get("spConfig");
+    assertNotNull(spConfig);
+    assertEquals(2, spConfig.size());
+    assertEquals("RP_ENTITY_ID", spConfig.get("spEntityId"));
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", spConfig.get("callbackUri"));
+  }
+
+  @Test
+  public void testUpdateRequestX509Certificates() throws IOException {
+    SamlProviderConfig.UpdateRequest updateRequest =
+        new SamlProviderConfig.UpdateRequest("saml.provider-id");
+    updateRequest
+      .addX509Certificate("certificate1")
+      .addAllX509Certificates(ImmutableList.of("certificate2", "certificate3"))
+      .addX509Certificate("certificate4");
+
+    Map<String,Object> properties = updateRequest.getProperties();
+    assertEquals(1, properties.size());
+    Map<String, Object> idpConfig = (Map<String, Object>) properties.get("idpConfig");
+    assertNotNull(idpConfig);
+    assertEquals(1, idpConfig.size());
+
+    List<Object> idpCertificates = (List<Object>) idpConfig.get("idpCertificates");
+    assertNotNull(idpCertificates);
+    assertEquals(4, idpCertificates.size());
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate1"), idpCertificates.get(0));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate2"), idpCertificates.get(1));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate3"), idpCertificates.get(2));
+    assertEquals(ImmutableMap.of("x509Certificate", "certificate4"), idpCertificates.get(3));
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingProviderId() {
+    new SamlProviderConfig.UpdateRequest(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestInvalidProviderId() {
+    new SamlProviderConfig.UpdateRequest("oidc.invalid-saml-provider-id");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingDisplayName() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setDisplayName(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingIdpEntityId() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setIdpEntityId(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingSsoUrl() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setSsoUrl(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestInvalidSsoUrl() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setSsoUrl("not a valid url");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingX509Certificate() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").addX509Certificate(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestNullX509CertificatesCollection() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").addAllX509Certificates(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestEmptyX509CertificatesCollection() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id")
+        .addAllX509Certificates(ImmutableList.<String>of());
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingRpEntityId() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setRpEntityId(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingCallbackUrl() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setCallbackUrl(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestInvalidCallbackUrl() {
+    new SamlProviderConfig.UpdateRequest("saml.provider-id").setCallbackUrl("not a valid url");
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/UserTestUtils.java b/src/test/java/com/google/firebase/auth/UserTestUtils.java
new file mode 100644
index 000000000..aa86e6e19
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/UserTestUtils.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.firebase.auth.internal.AuthHttpClient;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.UUID;
+import java.util.concurrent.ExecutionException;
+import org.junit.rules.ExternalResource;
+
+public final class UserTestUtils {
+
+  public static void assertUserDoesNotExist(AbstractFirebaseAuth firebaseAuth, String uid)
+      throws Exception {
+    try {
+      firebaseAuth.getUserAsync(uid).get();
+      fail("No error thrown for getting a user which was expected to be absent.");
+    } catch (ExecutionException e) {
+      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR,
+          ((FirebaseAuthException) e.getCause()).getErrorCode());
+    }
+  }
+
+  public static RandomUser generateRandomUserInfo() {
+    String uid = UUID.randomUUID().toString().replaceAll("-", "");
+    String email = String.format(
+        "test%s@example.%s.com",
+        uid.substring(0, 12),
+        uid.substring(12)).toLowerCase();
+    return new RandomUser(uid, email, generateRandomPhoneNumber());
+  }
+
+  private static String generateRandomPhoneNumber() {
+    Random random = new Random();
+    StringBuilder builder = new StringBuilder("+1");
+    for (int i = 0; i < 10; i++) {
+      builder.append(random.nextInt(10));
+    }
+    return builder.toString();
+  }
+
+  public static class RandomUser {
+    private final String uid;
+    private final String email;
+    private final String phoneNumber;
+
+    private RandomUser(String uid, String email, String phoneNumber) {
+      this.uid = uid;
+      this.email = email;
+      this.phoneNumber = phoneNumber;
+    }
+
+    public String getUid() {
+      return uid;
+    }
+
+    public String getEmail() {
+      return email;
+    }
+
+    public String getPhoneNumber() {
+      return phoneNumber;
+    }
+  }
+
+  /**
+   * Creates temporary Firebase user accounts for testing, and deletes them at the end of each
+   * test case.
+   */
+  public static final class TemporaryUser extends ExternalResource {
+
+    private final AbstractFirebaseAuth auth;
+    private final List<String> users = new ArrayList<>();
+
+    public TemporaryUser(AbstractFirebaseAuth auth) {
+      this.auth = auth;
+    }
+
+    public UserRecord create(UserRecord.CreateRequest request) throws FirebaseAuthException {
+      UserRecord user = auth.createUser(request);
+      registerUid(user.getUid());
+      return user;
+    }
+
+    public synchronized void registerUid(String uid) {
+      users.add(uid);
+    }
+
+    @Override
+    protected synchronized void after() {
+      for (String uid : users) {
+        try {
+          auth.deleteUser(uid);
+        } catch (Exception ignore) {
+          // Ignore
+        }
+      }
+
+      users.clear();
+    }
+  }
+}
+
diff --git a/src/test/java/com/google/firebase/auth/internal/FirebaseTokenFactoryTest.java b/src/test/java/com/google/firebase/auth/internal/FirebaseTokenFactoryTest.java
index 71b95bee8..1c85ceeee 100644
--- a/src/test/java/com/google/firebase/auth/internal/FirebaseTokenFactoryTest.java
+++ b/src/test/java/com/google/firebase/auth/internal/FirebaseTokenFactoryTest.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
 import com.google.api.client.json.GenericJson;
@@ -45,6 +46,7 @@ public class FirebaseTokenFactoryTest {
   private static final String USER_ID = "fuber";
   private static final GenericJson EXTRA_CLAIMS = new GenericJson();
   private static final String ISSUER = "test-484@mg-test-1210.iam.gserviceaccount.com";
+  private static final String TENANT_ID = "tenant-id";
 
   static {
     EXTRA_CLAIMS.set("one", 2).set("three", "four").setFactory(FACTORY);
@@ -71,6 +73,7 @@ public void checkSignatureForToken() throws Exception {
     assertEquals(USER_ID, signedJwt.getPayload().getUid());
     assertEquals(2L, signedJwt.getPayload().getIssuedAtTimeSeconds().longValue());
     assertTrue(TestUtils.verifySignature(signedJwt, ImmutableList.of(keys.getPublic())));
+    assertNull(signedJwt.getPayload().getTenantId());
 
     jwt = tokenFactory.createSignedCustomAuthTokenForUser(USER_ID);
     signedJwt = FirebaseCustomAuthToken.parse(FACTORY, jwt);
@@ -80,6 +83,23 @@ public void checkSignatureForToken() throws Exception {
     assertEquals(USER_ID, signedJwt.getPayload().getUid());
     assertEquals(2L, signedJwt.getPayload().getIssuedAtTimeSeconds().longValue());
     assertTrue(TestUtils.verifySignature(signedJwt, ImmutableList.of(keys.getPublic())));
+    assertNull(signedJwt.getPayload().getTenantId());
+  }
+
+  @Test
+  public void tokenWithTenantId() throws Exception {
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+    keyGen.initialize(512);
+    KeyPair keys = keyGen.genKeyPair();
+    FixedClock clock = new FixedClock(2002L);
+    CryptoSigner cryptoSigner = new TestCryptoSigner(keys.getPrivate());
+    FirebaseTokenFactory tokenFactory =
+        new FirebaseTokenFactory(FACTORY, clock, cryptoSigner, TENANT_ID);
+
+    String jwt = tokenFactory.createSignedCustomAuthTokenForUser(USER_ID);
+    FirebaseCustomAuthToken signedJwt = FirebaseCustomAuthToken.parse(FACTORY, jwt);
+
+    assertEquals(TENANT_ID, signedJwt.getPayload().getTenantId());
   }
 
   @Test
diff --git a/src/test/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponseTest.java b/src/test/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponseTest.java
new file mode 100644
index 000000000..fbe587e56
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponseTest.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.json.JsonFactory;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.auth.OidcProviderConfig;
+
+import org.junit.Test;
+
+public class ListOidcProviderConfigsResponseTest {
+
+  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+
+  @Test
+  public void testDefaultValues() throws Exception {
+    ListOidcProviderConfigsResponse response = new ListOidcProviderConfigsResponse();
+
+    assertEquals(0, response.getProviderConfigs().size());
+    assertFalse(response.hasProviderConfigs());
+    assertEquals("", response.getPageToken());
+  }
+
+  @Test
+  public void testEmptyTenantList() throws Exception {
+    ListOidcProviderConfigsResponse response =
+        new ListOidcProviderConfigsResponse(ImmutableList.<OidcProviderConfig>of(), "PAGE_TOKEN");
+
+    assertEquals(0, response.getProviderConfigs().size());
+    assertFalse(response.hasProviderConfigs());
+  }
+
+  @Test
+  public void testDeserialization() throws Exception {
+    String json = JSON_FACTORY.toString(
+        ImmutableMap.of(
+          "oauthIdpConfigs", ImmutableList.of(
+            ImmutableMap.of("name", "projects/projectId/oauthIdpConfigs/oidc.provider-id-1"),
+            ImmutableMap.of("name", "projects/projectId/oauthIdpConfigs/oidc.provider-id-2")),
+          "nextPageToken", "PAGE_TOKEN"));
+    ListOidcProviderConfigsResponse response =
+        JSON_FACTORY.fromString(json, ListOidcProviderConfigsResponse.class);
+
+    assertEquals(2, response.getProviderConfigs().size());
+    assertEquals("oidc.provider-id-1", response.getProviderConfigs().get(0).getProviderId());
+    assertEquals("oidc.provider-id-2", response.getProviderConfigs().get(1).getProviderId());
+    assertTrue(response.hasProviderConfigs());
+    assertEquals("PAGE_TOKEN", response.getPageToken());
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponseTest.java b/src/test/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponseTest.java
new file mode 100644
index 000000000..6950fe352
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponseTest.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.json.JsonFactory;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.auth.SamlProviderConfig;
+
+import org.junit.Test;
+
+public class ListSamlProviderConfigsResponseTest {
+
+  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+
+  @Test
+  public void testDefaultValues() throws Exception {
+    ListSamlProviderConfigsResponse response = new ListSamlProviderConfigsResponse();
+
+    assertEquals(0, response.getProviderConfigs().size());
+    assertFalse(response.hasProviderConfigs());
+    assertEquals("", response.getPageToken());
+  }
+
+  @Test
+  public void testEmptyTenantList() throws Exception {
+    ListSamlProviderConfigsResponse response =
+        new ListSamlProviderConfigsResponse(ImmutableList.<SamlProviderConfig>of(), "PAGE_TOKEN");
+
+    assertEquals(0, response.getProviderConfigs().size());
+    assertFalse(response.hasProviderConfigs());
+  }
+
+  @Test
+  public void testDeserialization() throws Exception {
+    String json = JSON_FACTORY.toString(
+        ImmutableMap.of(
+          "inboundSamlConfigs", ImmutableList.of(
+            ImmutableMap.of("name", "projects/projectId/inboundSamlConfigs/saml.provider-id-1"),
+            ImmutableMap.of("name", "projects/projectId/inboundSamlConfigs/saml.provider-id-2")),
+          "nextPageToken", "PAGE_TOKEN"));
+    ListSamlProviderConfigsResponse response =
+        JSON_FACTORY.fromString(json, ListSamlProviderConfigsResponse.class);
+
+    assertEquals(2, response.getProviderConfigs().size());
+    assertEquals("saml.provider-id-1", response.getProviderConfigs().get(0).getProviderId());
+    assertEquals("saml.provider-id-2", response.getProviderConfigs().get(1).getProviderId());
+    assertTrue(response.hasProviderConfigs());
+    assertEquals("PAGE_TOKEN", response.getPageToken());
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/internal/ListTenantsResponseTest.java b/src/test/java/com/google/firebase/auth/internal/ListTenantsResponseTest.java
new file mode 100644
index 000000000..7d65966bb
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/internal/ListTenantsResponseTest.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.json.JsonFactory;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.auth.multitenancy.Tenant;
+
+import org.junit.Test;
+
+public class ListTenantsResponseTest {
+
+  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+
+  @Test
+  public void testDefaultValues() throws Exception {
+    ListTenantsResponse response = new ListTenantsResponse();
+
+    assertEquals(0, response.getTenants().size());
+    assertFalse(response.hasTenants());
+    assertEquals("", response.getPageToken());
+  }
+
+  @Test
+  public void testEmptyTenantList() throws Exception {
+    ListTenantsResponse response =
+        new ListTenantsResponse(ImmutableList.<Tenant>of(), "PAGE_TOKEN");
+
+    assertEquals(0, response.getTenants().size());
+    assertFalse(response.hasTenants());
+  }
+
+  @Test
+  public void testDeserialization() throws Exception {
+    String json = JSON_FACTORY.toString(
+        ImmutableMap.of(
+          "tenants", ImmutableList.of(
+            ImmutableMap.of("name", "projects/project-id/resource/TENANT_1"),
+            ImmutableMap.of("name", "projects/project-id/resource/TENANT_2")),
+          "pageToken", "PAGE_TOKEN"));
+    ListTenantsResponse response = JSON_FACTORY.fromString(json, ListTenantsResponse.class);
+
+    assertEquals(2, response.getTenants().size());
+    assertEquals("TENANT_1", response.getTenants().get(0).getTenantId());
+    assertEquals("TENANT_2", response.getTenants().get(1).getTenantId());
+    assertTrue(response.hasTenants());
+    assertEquals("PAGE_TOKEN", response.getPageToken());
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
new file mode 100644
index 000000000..36660dc28
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
@@ -0,0 +1,363 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpHeaders;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.json.GenericJson;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.testing.http.MockHttpTransport;
+import com.google.api.client.testing.http.MockLowLevelHttpResponse;
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Iterables;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseOptions;
+import com.google.firebase.TestOnlyImplFirebaseTrampolines;
+import com.google.firebase.auth.FirebaseAuth;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.auth.internal.AuthHttpClient;
+import com.google.firebase.internal.SdkUtils;
+import com.google.firebase.testing.MultiRequestMockHttpTransport;
+import com.google.firebase.testing.TestResponseInterceptor;
+import com.google.firebase.testing.TestUtils;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import org.junit.After;
+import org.junit.Test;
+
+public class FirebaseTenantClientTest {
+
+  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+
+  private static final String TEST_TOKEN = "token";
+
+  private static final GoogleCredentials credentials = new MockGoogleCredentials(TEST_TOKEN);
+
+  private static final String PROJECT_BASE_URL =
+      "https://identitytoolkit.googleapis.com/v2/projects/test-project-id";
+
+  private static final String TENANTS_BASE_URL = PROJECT_BASE_URL + "/tenants";
+
+  @After
+  public void tearDown() {
+    TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
+  }
+
+  @Test
+  public void testGetTenant() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantManagement(
+        TestUtils.loadResource("tenant.json"));
+
+    Tenant tenant = FirebaseAuth.getInstance().getTenantManager().getTenant("TENANT_1");
+
+    checkTenant(tenant, "TENANT_1");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", TENANTS_BASE_URL + "/TENANT_1");
+  }
+
+  @Test
+  public void testGetTenantWithNotFoundError() {
+    TestResponseInterceptor interceptor =
+        initializeAppForTenantManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"TENANT_NOT_FOUND\"}}");
+    try {
+      FirebaseAuth.getInstance().getTenantManager().getTenant("UNKNOWN");
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.TENANT_NOT_FOUND_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "GET", TENANTS_BASE_URL + "/UNKNOWN");
+  }
+
+  @Test
+  public void testListTenants() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForTenantManagement(
+        TestUtils.loadResource("listTenants.json"));
+
+    ListTenantsPage page = FirebaseAuth.getInstance().getTenantManager().listTenants(null, 99);
+
+    ImmutableList<Tenant> tenants = ImmutableList.copyOf(page.getValues());
+    assertEquals(2, tenants.size());
+    checkTenant(tenants.get(0), "TENANT_1");
+    checkTenant(tenants.get(1), "TENANT_2");
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", TENANTS_BASE_URL);
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(99, url.getFirst("pageSize"));
+    assertNull(url.getFirst("pageToken"));
+  }
+
+  @Test
+  public void testListTenantsWithPageToken() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForTenantManagement(
+        TestUtils.loadResource("listTenants.json"));
+
+    ListTenantsPage page = FirebaseAuth.getInstance().getTenantManager().listTenants("token", 99);
+
+    ImmutableList<Tenant> tenants = ImmutableList.copyOf(page.getValues());
+    assertEquals(2, tenants.size());
+    checkTenant(tenants.get(0), "TENANT_1");
+    checkTenant(tenants.get(1), "TENANT_2");
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", TENANTS_BASE_URL);
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals(99, url.getFirst("pageSize"));
+    assertEquals("token", url.getFirst("pageToken"));
+  }
+
+  @Test
+  public void testListZeroTenants() throws Exception {
+    final TestResponseInterceptor interceptor = initializeAppForTenantManagement("{}");
+
+    ListTenantsPage page = FirebaseAuth.getInstance().getTenantManager().listTenants(null);
+
+    assertTrue(Iterables.isEmpty(page.getValues()));
+    assertEquals("", page.getNextPageToken());
+    checkRequestHeaders(interceptor);
+  }
+
+  @Test
+  public void testCreateTenant() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantManagement(
+        TestUtils.loadResource("tenant.json"));
+    Tenant.CreateRequest request = new Tenant.CreateRequest()
+        .setDisplayName("DISPLAY_NAME")
+        .setPasswordSignInAllowed(true)
+        .setEmailLinkSignInEnabled(false);
+
+    Tenant tenant = FirebaseAuth.getInstance().getTenantManager().createTenant(request);
+
+    checkTenant(tenant, "TENANT_1");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", TENANTS_BASE_URL);
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertEquals(true, parsed.get("allowPasswordSignup"));
+    assertEquals(false, parsed.get("enableEmailLinkSignin"));
+  }
+
+  @Test
+  public void testCreateTenantMinimal() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantManagement(
+        TestUtils.loadResource("tenant.json"));
+    Tenant.CreateRequest request = new Tenant.CreateRequest();
+
+    Tenant tenant = FirebaseAuth.getInstance().getTenantManager().createTenant(request);
+
+    checkTenant(tenant, "TENANT_1");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", TENANTS_BASE_URL);
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertNull(parsed.get("displayName"));
+    assertNull(parsed.get("allowPasswordSignup"));
+    assertNull(parsed.get("enableEmailLinkSignin"));
+  }
+
+  @Test
+  public void testCreateTenantError() {
+    TestResponseInterceptor interceptor =
+        initializeAppForTenantManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+    try {
+      FirebaseAuth.getInstance().getTenantManager().createTenant(new Tenant.CreateRequest());
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "POST", TENANTS_BASE_URL);
+  }
+
+  @Test
+  public void testUpdateTenant() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantManagement(
+        TestUtils.loadResource("tenant.json"));
+    Tenant.UpdateRequest request = new Tenant.UpdateRequest("TENANT_1")
+        .setDisplayName("DISPLAY_NAME")
+        .setPasswordSignInAllowed(true)
+        .setEmailLinkSignInEnabled(false);
+
+    Tenant tenant = FirebaseAuth.getInstance().getTenantManager().updateTenant(request);
+
+    checkTenant(tenant, "TENANT_1");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "PATCH", TENANTS_BASE_URL + "/TENANT_1");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("allowPasswordSignup,displayName,enableEmailLinkSignin",
+        url.getFirst("updateMask"));
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertEquals(true, parsed.get("allowPasswordSignup"));
+    assertEquals(false, parsed.get("enableEmailLinkSignin"));
+  }
+
+  @Test
+  public void testUpdateTenantMinimal() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantManagement(
+        TestUtils.loadResource("tenant.json"));
+    Tenant.UpdateRequest request =
+        new Tenant.UpdateRequest("TENANT_1").setDisplayName("DISPLAY_NAME");
+
+    Tenant tenant = FirebaseAuth.getInstance().getTenantManager().updateTenant(request);
+
+    checkTenant(tenant, "TENANT_1");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "PATCH", TENANTS_BASE_URL + "/TENANT_1");
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("displayName", url.getFirst("updateMask"));
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertNull(parsed.get("allowPasswordSignup"));
+    assertNull(parsed.get("enableEmailLinkSignin"));
+  }
+
+  @Test
+  public void testUpdateTenantNoValues() throws Exception {
+    initializeAppForTenantManagement(TestUtils.loadResource("tenant.json"));
+    TenantManager tenantManager = FirebaseAuth.getInstance().getTenantManager();
+    try {
+      tenantManager.updateTenant(new Tenant.UpdateRequest("TENANT_1"));
+      fail("No error thrown for empty tenant update");
+    } catch (IllegalArgumentException e) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testUpdateTenantError() {
+    TestResponseInterceptor interceptor =
+        initializeAppForTenantManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+    Tenant.UpdateRequest request =
+        new Tenant.UpdateRequest("TENANT_1").setDisplayName("DISPLAY_NAME");
+    try {
+      FirebaseAuth.getInstance().getTenantManager().updateTenant(request);
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "PATCH", TENANTS_BASE_URL + "/TENANT_1");
+  }
+
+  @Test
+  public void testDeleteTenant() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForTenantManagement("{}");
+
+    FirebaseAuth.getInstance().getTenantManager().deleteTenant("TENANT_1");
+
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "DELETE", TENANTS_BASE_URL + "/TENANT_1");
+  }
+
+  @Test
+  public void testDeleteTenantWithNotFoundError() {
+    TestResponseInterceptor interceptor =
+        initializeAppForTenantManagementWithStatusCode(404,
+            "{\"error\": {\"message\": \"TENANT_NOT_FOUND\"}}");
+    try {
+      FirebaseAuth.getInstance().getTenantManager().deleteTenant("UNKNOWN");
+      fail("No error thrown for invalid response");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthHttpClient.TENANT_NOT_FOUND_ERROR, e.getErrorCode());
+    }
+    checkUrl(interceptor, "DELETE", TENANTS_BASE_URL + "/UNKNOWN");
+  }
+
+  private static void checkTenant(Tenant tenant, String tenantId) {
+    assertEquals(tenantId, tenant.getTenantId());
+    assertEquals("DISPLAY_NAME", tenant.getDisplayName());
+    assertTrue(tenant.isPasswordSignInAllowed());
+    assertFalse(tenant.isEmailLinkSignInEnabled());
+  }
+
+  private static void checkRequestHeaders(TestResponseInterceptor interceptor) {
+    HttpHeaders headers = interceptor.getResponse().getRequest().getHeaders();
+    String auth = "Bearer " + TEST_TOKEN;
+    assertEquals(auth, headers.getFirstHeaderStringValue("Authorization"));
+
+    String clientVersion = "Java/Admin/" + SdkUtils.getVersion();
+    assertEquals(clientVersion, headers.getFirstHeaderStringValue("X-Client-Version"));
+  }
+
+  private static void checkUrl(TestResponseInterceptor interceptor, String method, String url) {
+    HttpRequest request = interceptor.getResponse().getRequest();
+    if (method.equals("PATCH")) {
+      assertEquals("PATCH",
+          request.getHeaders().getFirstHeaderStringValue("X-HTTP-Method-Override"));
+      assertEquals("POST", request.getRequestMethod());
+    } else {
+      assertEquals(method, request.getRequestMethod());
+    }
+    assertEquals(url, request.getUrl().toString().split("\\?")[0]);
+  }
+
+  private static TestResponseInterceptor initializeAppForTenantManagement(String... responses) {
+    initializeAppWithResponses(responses);
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    FirebaseAuth.getInstance().getTenantManager().setInterceptor(interceptor);
+    return interceptor;
+  }
+
+  private static TestResponseInterceptor initializeAppForTenantManagementWithStatusCode(
+      int statusCode, String response) {
+    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+        .setCredentials(credentials)
+        .setHttpTransport(
+            new MockHttpTransport.Builder()
+                .setLowLevelHttpResponse(
+                  new MockLowLevelHttpResponse().setContent(response).setStatusCode(statusCode))
+                .build())
+        .setProjectId("test-project-id")
+        .build());
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    FirebaseAuth.getInstance().getTenantManager().setInterceptor(interceptor);
+    return interceptor;
+  }
+
+  private static void initializeAppWithResponses(String... responses) {
+    List<MockLowLevelHttpResponse> mocks = new ArrayList<>();
+    for (String response : responses) {
+      mocks.add(new MockLowLevelHttpResponse().setContent(response));
+    }
+    MockHttpTransport transport = new MultiRequestMockHttpTransport(mocks);
+    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+        .setCredentials(credentials)
+        .setHttpTransport(transport)
+        .setProjectId("test-project-id")
+        .build());
+  }
+
+  private static GenericJson parseRequestContent(TestResponseInterceptor interceptor)
+      throws IOException {
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    interceptor.getResponse().getRequest().getContent().writeTo(out);
+    return JSON_FACTORY.fromString(new String(out.toByteArray()), GenericJson.class);
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/ListTenantsPageTest.java b/src/test/java/com/google/firebase/auth/multitenancy/ListTenantsPageTest.java
new file mode 100644
index 000000000..10830592f
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/multitenancy/ListTenantsPageTest.java
@@ -0,0 +1,349 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static junit.framework.TestCase.assertTrue;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.fail;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.auth.internal.ListTenantsResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.NoSuchElementException;
+
+import org.junit.Test;
+
+public class ListTenantsPageTest {
+
+  @Test
+  public void testSinglePage() throws FirebaseAuthException, IOException {
+    TestTenantSource source = new TestTenantSource(3);
+    ListTenantsPage page = new ListTenantsPage.PageFactory(source).create();
+    assertFalse(page.hasNextPage());
+    assertEquals(ListTenantsPage.END_OF_LIST, page.getNextPageToken());
+    assertNull(page.getNextPage());
+
+    ImmutableList<Tenant> tenants = ImmutableList.copyOf(page.getValues());
+    assertEquals(3, tenants.size());
+    for (int i = 0; i < 3; i++) {
+      assertEquals("tenant" + i, tenants.get(i).getTenantId());
+    }
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+  }
+
+  @Test
+  public void testMultiplePages() throws FirebaseAuthException, IOException {
+    ListTenantsResponse response = new ListTenantsResponse(
+        ImmutableList.of(newTenant("tenant0"), newTenant("tenant1"), newTenant("tenant2")),
+        "token");
+    TestTenantSource source = new TestTenantSource(response);
+    ListTenantsPage page1 = new ListTenantsPage.PageFactory(source).create();
+    assertTrue(page1.hasNextPage());
+    assertEquals("token", page1.getNextPageToken());
+    ImmutableList<Tenant> tenants = ImmutableList.copyOf(page1.getValues());
+    assertEquals(3, tenants.size());
+    for (int i = 0; i < 3; i++) {
+      assertEquals("tenant" + i, tenants.get(i).getTenantId());
+    }
+
+    response = new ListTenantsResponse(
+        ImmutableList.of(newTenant("tenant3"), newTenant("tenant4"), newTenant("tenant5")),
+        ListTenantsPage.END_OF_LIST);
+    source.response = response;
+    ListTenantsPage page2 = page1.getNextPage();
+    assertFalse(page2.hasNextPage());
+    assertEquals(ListTenantsPage.END_OF_LIST, page2.getNextPageToken());
+    tenants = ImmutableList.copyOf(page2.getValues());
+    assertEquals(3, tenants.size());
+    for (int i = 3; i < 6; i++) {
+      assertEquals("tenant" + i, tenants.get(i - 3).getTenantId());
+    }
+
+    assertEquals(2, source.calls.size());
+    assertNull(source.calls.get(0));
+    assertEquals("token", source.calls.get(1));
+
+    // Should iterate all tenants from both pages
+    int iterations = 0;
+    for (Tenant tenant : page1.iterateAll()) {
+      iterations++;
+    }
+    assertEquals(6, iterations);
+    assertEquals(3, source.calls.size());
+    assertEquals("token", source.calls.get(2));
+
+    // Should only iterate tenants in the last page
+    iterations = 0;
+    for (Tenant tenant : page2.iterateAll()) {
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(3, source.calls.size());
+  }
+
+  @Test
+  public void testListTenantsIterable() throws FirebaseAuthException, IOException {
+    TestTenantSource source = new TestTenantSource(3);
+    ListTenantsPage page = new ListTenantsPage.PageFactory(source).create();
+    Iterable<Tenant> tenants = page.iterateAll();
+
+    int iterations = 0;
+    for (Tenant tenant : tenants) {
+      assertEquals("tenant" + iterations, tenant.getTenantId());
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+
+    // Should result in a new iterator
+    iterations = 0;
+    for (Tenant tenant : tenants) {
+      assertEquals("tenant" + iterations, tenant.getTenantId());
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+  }
+
+  @Test
+  public void testListTenantsIterator() throws FirebaseAuthException, IOException {
+    TestTenantSource source = new TestTenantSource(3);
+    ListTenantsPage page = new ListTenantsPage.PageFactory(source).create();
+    Iterable<Tenant> tenants = page.iterateAll();
+    Iterator<Tenant> iterator = tenants.iterator();
+    int iterations = 0;
+    while (iterator.hasNext()) {
+      assertEquals("tenant" + iterations, iterator.next().getTenantId());
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+
+    while (iterator.hasNext()) {
+      fail("Should not be able to to iterate any more");
+    }
+    try {
+      iterator.next();
+      fail("Should not be able to iterate any more");
+    } catch (NoSuchElementException expected) {
+      // expected
+    }
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testListTenantsPagedIterable() throws FirebaseAuthException, IOException {
+    ListTenantsResponse response = new ListTenantsResponse(
+        ImmutableList.of(newTenant("tenant0"), newTenant("tenant1"), newTenant("tenant2")),
+        "token");
+    TestTenantSource source = new TestTenantSource(response);
+    ListTenantsPage page = new ListTenantsPage.PageFactory(source).create();
+    int iterations = 0;
+    for (Tenant tenant : page.iterateAll()) {
+      assertEquals("tenant" + iterations, tenant.getTenantId());
+      iterations++;
+      if (iterations == 3) {
+        assertEquals(1, source.calls.size());
+        assertNull(source.calls.get(0));
+        response = new ListTenantsResponse(
+            ImmutableList.of(newTenant("tenant3"), newTenant("tenant4"), newTenant("tenant5")),
+            ListTenantsPage.END_OF_LIST);
+        source.response = response;
+      }
+    }
+
+    assertEquals(6, iterations);
+    assertEquals(2, source.calls.size());
+    assertEquals("token", source.calls.get(1));
+  }
+
+  @Test
+  public void testListTenantsPagedIterator() throws FirebaseAuthException, IOException {
+    ListTenantsResponse response = new ListTenantsResponse(
+        ImmutableList.of(newTenant("tenant0"), newTenant("tenant1"), newTenant("tenant2")),
+        "token");
+    TestTenantSource source = new TestTenantSource(response);
+    ListTenantsPage page = new ListTenantsPage.PageFactory(source).create();
+    Iterator<Tenant> tenants = page.iterateAll().iterator();
+    int iterations = 0;
+    while (tenants.hasNext()) {
+      assertEquals("tenant" + iterations, tenants.next().getTenantId());
+      iterations++;
+      if (iterations == 3) {
+        assertEquals(1, source.calls.size());
+        assertNull(source.calls.get(0));
+        response = new ListTenantsResponse(
+            ImmutableList.of(newTenant("tenant3"), newTenant("tenant4"), newTenant("tenant5")),
+            ListTenantsPage.END_OF_LIST);
+        source.response = response;
+      }
+    }
+
+    assertEquals(6, iterations);
+    assertEquals(2, source.calls.size());
+    assertEquals("token", source.calls.get(1));
+    assertFalse(tenants.hasNext());
+    try {
+      tenants.next();
+    } catch (NoSuchElementException e) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testPageWithNoTenants() throws FirebaseAuthException {
+    ListTenantsResponse response = new ListTenantsResponse(
+        ImmutableList.<Tenant>of(),
+        ListTenantsPage.END_OF_LIST);
+    TestTenantSource source = new TestTenantSource(response);
+    ListTenantsPage page = new ListTenantsPage.PageFactory(source).create();
+    assertFalse(page.hasNextPage());
+    assertEquals(ListTenantsPage.END_OF_LIST, page.getNextPageToken());
+    assertNull(page.getNextPage());
+    assertEquals(0, ImmutableList.copyOf(page.getValues()).size());
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testIterableWithNoTenants() throws FirebaseAuthException {
+    ListTenantsResponse response = new ListTenantsResponse(
+        ImmutableList.<Tenant>of(),
+        ListTenantsPage.END_OF_LIST);
+    TestTenantSource source = new TestTenantSource(response);
+    ListTenantsPage page = new ListTenantsPage.PageFactory(source).create();
+    for (Tenant tenant : page.iterateAll()) {
+      fail("Should not be able to iterate, but got: " + tenant);
+    }
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testIteratorWithNoTenants() throws FirebaseAuthException {
+    ListTenantsResponse response = new ListTenantsResponse(
+        ImmutableList.<Tenant>of(),
+        ListTenantsPage.END_OF_LIST);
+    TestTenantSource source = new TestTenantSource(response);
+
+    ListTenantsPage page = new ListTenantsPage.PageFactory(source).create();
+    Iterator<Tenant> iterator = page.iterateAll().iterator();
+    while (iterator.hasNext()) {
+      fail("Should not be able to iterate");
+    }
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testRemove() throws FirebaseAuthException, IOException {
+    ListTenantsResponse response = new ListTenantsResponse(
+        ImmutableList.of(newTenant("tenant1")),
+        ListTenantsPage.END_OF_LIST);
+    TestTenantSource source = new TestTenantSource(response);
+
+    ListTenantsPage page = new ListTenantsPage.PageFactory(source).create();
+    Iterator<Tenant> iterator = page.iterateAll().iterator();
+    while (iterator.hasNext()) {
+      assertNotNull(iterator.next());
+      try {
+        iterator.remove();
+      } catch (UnsupportedOperationException expected) {
+        // expected
+      }
+    }
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testNullSource() {
+    new ListTenantsPage.PageFactory(null);
+  }
+
+  @Test
+  public void testInvalidPageToken() throws IOException {
+    TestTenantSource source = new TestTenantSource(1);
+    try {
+      new ListTenantsPage.PageFactory(source, 1000, "");
+      fail("No error thrown for empty page token");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testInvalidMaxResults() throws IOException {
+    TestTenantSource source = new TestTenantSource(1);
+    try {
+      new ListTenantsPage.PageFactory(source, 1001, "");
+      fail("No error thrown for maxResult > 1000");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+
+    try {
+      new ListTenantsPage.PageFactory(source, 0, "next");
+      fail("No error thrown for maxResult = 0");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+
+    try {
+      new ListTenantsPage.PageFactory(source, -1, "next");
+      fail("No error thrown for maxResult < 0");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  private static Tenant newTenant(String tenantId) throws IOException {
+    return Utils.getDefaultJsonFactory().fromString(
+        String.format("{\"name\":\"%s\"}", tenantId), Tenant.class);
+  }
+
+  private static class TestTenantSource implements ListTenantsPage.TenantSource {
+
+    private ListTenantsResponse response;
+    private final List<String> calls = new ArrayList<>();
+
+    TestTenantSource(int tenantCount) throws IOException {
+      ImmutableList.Builder<Tenant> tenants = ImmutableList.builder();
+      for (int i = 0; i < tenantCount; i++) {
+        tenants.add(newTenant("tenant" + i));
+      }
+      this.response = new ListTenantsResponse(tenants.build(), ListTenantsPage.END_OF_LIST);
+    }
+
+    TestTenantSource(ListTenantsResponse response) {
+      this.response = response;
+    }
+
+    @Override
+    public ListTenantsResponse fetch(int maxResults, String pageToken) {
+      calls.add(pageToken);
+      return response;
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
new file mode 100644
index 000000000..61a841902
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
@@ -0,0 +1,450 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpResponse;
+import com.google.api.client.http.HttpTransport;
+import com.google.api.client.http.json.JsonHttpContent;
+import com.google.api.client.json.GenericJson;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.json.JsonObjectParser;
+import com.google.api.core.ApiFuture;
+import com.google.api.core.ApiFutureCallback;
+import com.google.api.core.ApiFutures;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.util.concurrent.MoreExecutors;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.auth.ExportedUserRecord;
+import com.google.firebase.auth.FirebaseAuth;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.auth.FirebaseToken;
+import com.google.firebase.auth.ListProviderConfigsPage;
+import com.google.firebase.auth.ListUsersPage;
+import com.google.firebase.auth.OidcProviderConfig;
+import com.google.firebase.auth.ProviderConfigTestUtils;
+import com.google.firebase.auth.ProviderConfigTestUtils.TemporaryProviderConfig;
+import com.google.firebase.auth.SamlProviderConfig;
+import com.google.firebase.auth.UserRecord;
+import com.google.firebase.auth.UserTestUtils;
+import com.google.firebase.auth.UserTestUtils.RandomUser;
+import com.google.firebase.auth.UserTestUtils.TemporaryUser;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.testing.IntegrationTestUtils;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicReference;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+
+public class TenantAwareFirebaseAuthIT {
+
+  private static final String VERIFY_CUSTOM_TOKEN_URL =
+      "https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken";
+  private static final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+  private static final HttpTransport transport = Utils.getDefaultTransport();
+
+  private static TenantManager tenantManager;
+  private static TenantAwareFirebaseAuth tenantAwareAuth;
+  private static String tenantId;
+
+  @Rule public final TemporaryUser temporaryUser = new TemporaryUser(tenantAwareAuth);
+  @Rule public final TemporaryProviderConfig temporaryProviderConfig =
+      new TemporaryProviderConfig(tenantAwareAuth);
+
+  @BeforeClass
+  public static void setUpClass() throws Exception {
+    FirebaseApp masterApp = IntegrationTestUtils.ensureDefaultApp();
+    tenantManager = FirebaseAuth.getInstance(masterApp).getTenantManager();
+    Tenant.CreateRequest tenantCreateRequest =
+        new Tenant.CreateRequest().setDisplayName("DisplayName");
+    tenantId = tenantManager.createTenant(tenantCreateRequest).getTenantId();
+    tenantAwareAuth = tenantManager.getAuthForTenant(tenantId);
+  }
+
+  @AfterClass
+  public static void tearDownClass() throws Exception {
+    tenantManager.deleteTenant(tenantId);
+  }
+
+  @Test
+  public void testUserLifecycle() throws Exception {
+    // Create user
+    UserRecord userRecord = temporaryUser.create(new UserRecord.CreateRequest());
+    String uid = userRecord.getUid();
+
+    // Get user
+    userRecord = tenantAwareAuth.getUserAsync(userRecord.getUid()).get();
+    assertEquals(uid, userRecord.getUid());
+    assertEquals(tenantId, userRecord.getTenantId());
+    assertNull(userRecord.getDisplayName());
+    assertNull(userRecord.getEmail());
+    assertNull(userRecord.getPhoneNumber());
+    assertNull(userRecord.getPhotoUrl());
+    assertFalse(userRecord.isEmailVerified());
+    assertFalse(userRecord.isDisabled());
+    assertTrue(userRecord.getUserMetadata().getCreationTimestamp() > 0);
+    assertEquals(0, userRecord.getUserMetadata().getLastSignInTimestamp());
+    assertEquals(0, userRecord.getProviderData().length);
+    assertTrue(userRecord.getCustomClaims().isEmpty());
+
+    // Update user
+    RandomUser randomUser = UserTestUtils.generateRandomUserInfo();
+    UserRecord.UpdateRequest request = userRecord.updateRequest()
+        .setDisplayName("Updated Name")
+        .setEmail(randomUser.getEmail())
+        .setPhoneNumber(randomUser.getPhoneNumber())
+        .setPhotoUrl("https://example.com/photo.png")
+        .setEmailVerified(true)
+        .setPassword("secret");
+    userRecord = tenantAwareAuth.updateUserAsync(request).get();
+    assertEquals(uid, userRecord.getUid());
+    assertEquals(tenantId, userRecord.getTenantId());
+    assertEquals("Updated Name", userRecord.getDisplayName());
+    assertEquals(randomUser.getEmail(), userRecord.getEmail());
+    assertEquals(randomUser.getPhoneNumber(), userRecord.getPhoneNumber());
+    assertEquals("https://example.com/photo.png", userRecord.getPhotoUrl());
+    assertTrue(userRecord.isEmailVerified());
+    assertFalse(userRecord.isDisabled());
+    assertEquals(2, userRecord.getProviderData().length);
+    assertTrue(userRecord.getCustomClaims().isEmpty());
+
+    // Get user by email
+    userRecord = tenantAwareAuth.getUserByEmailAsync(userRecord.getEmail()).get();
+    assertEquals(uid, userRecord.getUid());
+
+    // Disable user and remove properties
+    request = userRecord.updateRequest()
+        .setPhotoUrl(null)
+        .setDisplayName(null)
+        .setPhoneNumber(null)
+        .setDisabled(true);
+    userRecord = tenantAwareAuth.updateUserAsync(request).get();
+    assertEquals(uid, userRecord.getUid());
+    assertEquals(tenantId, userRecord.getTenantId());
+    assertNull(userRecord.getDisplayName());
+    assertEquals(randomUser.getEmail(), userRecord.getEmail());
+    assertNull(userRecord.getPhoneNumber());
+    assertNull(userRecord.getPhotoUrl());
+    assertTrue(userRecord.isEmailVerified());
+    assertTrue(userRecord.isDisabled());
+    assertEquals(1, userRecord.getProviderData().length);
+    assertTrue(userRecord.getCustomClaims().isEmpty());
+
+    // Delete user
+    tenantAwareAuth.deleteUserAsync(userRecord.getUid()).get();
+    UserTestUtils.assertUserDoesNotExist(tenantAwareAuth, userRecord.getUid());
+  }
+
+  @Test
+  public void testListUsers() throws Exception {
+    final List<String> uids = new ArrayList<>();
+
+    for (int i = 0; i < 3; i++) {
+      UserRecord.CreateRequest createRequest =
+          new UserRecord.CreateRequest().setPassword("password");
+      uids.add(temporaryUser.create(createRequest).getUid());
+    }
+
+    // Test list by batches
+    final AtomicInteger collected = new AtomicInteger(0);
+    ListUsersPage page = tenantAwareAuth.listUsersAsync(null).get();
+    while (page != null) {
+      for (ExportedUserRecord user : page.getValues()) {
+        if (uids.contains(user.getUid())) {
+          collected.incrementAndGet();
+          assertNotNull("Missing passwordHash field. A common cause would be "
+              + "forgetting to add the \"Firebase Authentication Admin\" permission. See "
+              + "instructions in CONTRIBUTING.md", user.getPasswordHash());
+          assertNotNull(user.getPasswordSalt());
+          assertEquals(tenantId, user.getTenantId());
+        }
+      }
+      page = page.getNextPage();
+    }
+    assertEquals(uids.size(), collected.get());
+
+    // Test iterate all
+    collected.set(0);
+    page = tenantAwareAuth.listUsersAsync(null).get();
+    for (ExportedUserRecord user : page.iterateAll()) {
+      if (uids.contains(user.getUid())) {
+        collected.incrementAndGet();
+        assertNotNull(user.getPasswordHash());
+        assertNotNull(user.getPasswordSalt());
+        assertEquals(tenantId, user.getTenantId());
+      }
+    }
+    assertEquals(uids.size(), collected.get());
+
+    // Test iterate async
+    collected.set(0);
+    final Semaphore semaphore = new Semaphore(0);
+    final AtomicReference<Throwable> error = new AtomicReference<>();
+    ApiFuture<ListUsersPage> pageFuture = tenantAwareAuth.listUsersAsync(null);
+    ApiFutures.addCallback(pageFuture, new ApiFutureCallback<ListUsersPage>() {
+      @Override
+      public void onFailure(Throwable t) {
+        error.set(t);
+        semaphore.release();
+      }
+
+      @Override
+      public void onSuccess(ListUsersPage result) {
+        for (ExportedUserRecord user : result.iterateAll()) {
+          if (uids.contains(user.getUid())) {
+            collected.incrementAndGet();
+            assertNotNull(user.getPasswordHash());
+            assertNotNull(user.getPasswordSalt());
+            assertEquals(tenantId, user.getTenantId());
+          }
+        }
+        semaphore.release();
+      }
+    }, MoreExecutors.directExecutor());
+    semaphore.acquire();
+    assertEquals(uids.size(), collected.get());
+    assertNull(error.get());
+  }
+
+  @Test
+  public void testCustomToken() throws Exception {
+    String customToken = tenantAwareAuth.createCustomTokenAsync("user1").get();
+    String idToken = signInWithCustomToken(customToken, tenantId);
+    FirebaseToken decoded = tenantAwareAuth.verifyIdTokenAsync(idToken).get();
+    assertEquals("user1", decoded.getUid());
+    assertEquals(tenantId, decoded.getTenantId());
+  }
+
+  @Test
+  public void testVerifyTokenWithWrongTenantAwareClient() throws Exception {
+    String customToken = tenantAwareAuth.createCustomTokenAsync("user").get();
+    String idToken = signInWithCustomToken(customToken, tenantId);
+
+    try {
+      tenantManager.getAuthForTenant("OTHER").verifyIdTokenAsync(idToken).get();
+      fail("No error thrown for verifying a token with the wrong tenant-aware client");
+    } catch (ExecutionException e) {
+      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      assertEquals("tenant-id-mismatch",
+          ((FirebaseAuthException) e.getCause()).getErrorCode());
+    }
+  }
+
+  @Test
+  public void testOidcProviderConfigLifecycle() throws Exception {
+    // Create provider config
+    String providerId = "oidc.provider-id";
+    OidcProviderConfig config =
+        temporaryProviderConfig.createOidcProviderConfig(
+          new OidcProviderConfig.CreateRequest()
+              .setProviderId(providerId)
+              .setDisplayName("DisplayName")
+              .setEnabled(true)
+              .setClientId("ClientId")
+              .setIssuer("https://oidc.com/issuer"));
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("DisplayName", config.getDisplayName());
+    assertEquals("ClientId", config.getClientId());
+    assertEquals("https://oidc.com/issuer", config.getIssuer());
+
+    // Get provider config
+    config = tenantAwareAuth.getOidcProviderConfigAsync(providerId).get();
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("DisplayName", config.getDisplayName());
+    assertEquals("ClientId", config.getClientId());
+    assertEquals("https://oidc.com/issuer", config.getIssuer());
+
+    // Update provider config
+    OidcProviderConfig.UpdateRequest updateRequest =
+        new OidcProviderConfig.UpdateRequest(providerId)
+            .setDisplayName("NewDisplayName")
+            .setEnabled(false)
+            .setClientId("NewClientId")
+            .setIssuer("https://oidc.com/new-issuer");
+    config = tenantAwareAuth.updateOidcProviderConfigAsync(updateRequest).get();
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("NewDisplayName", config.getDisplayName());
+    assertFalse(config.isEnabled());
+    assertEquals("NewClientId", config.getClientId());
+    assertEquals("https://oidc.com/new-issuer", config.getIssuer());
+
+    // Delete provider config
+    temporaryProviderConfig.deleteOidcProviderConfig(providerId);
+    ProviderConfigTestUtils.assertOidcProviderConfigDoesNotExist(tenantAwareAuth, providerId);
+  }
+
+  @Test
+  public void testListOidcProviderConfigs() throws Exception {
+    final List<String> providerIds = new ArrayList<>();
+
+    // Create provider configs
+    for (int i = 0; i < 3; i++) {
+      String providerId = "oidc.provider-id" + i;
+      providerIds.add(providerId);
+      temporaryProviderConfig.createOidcProviderConfig(
+          new OidcProviderConfig.CreateRequest()
+            .setProviderId(providerId)
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com/issuer"));
+    }
+
+    // List provider configs
+    // NOTE: We do not need to test all of the different ways we can iterate over the provider
+    // configs, since this testing is already performed in FirebaseAuthIT with the tenant-agnostic
+    // tests.
+    final AtomicInteger collected = new AtomicInteger(0);
+    ListProviderConfigsPage<OidcProviderConfig> page =
+        tenantAwareAuth.listOidcProviderConfigsAsync(null).get();
+    for (OidcProviderConfig providerConfig : page.iterateAll()) {
+      if (providerIds.contains(providerConfig.getProviderId())) {
+        collected.incrementAndGet();
+        assertEquals("CLIENT_ID", providerConfig.getClientId());
+        assertEquals("https://oidc.com/issuer", providerConfig.getIssuer());
+      }
+    }
+    assertEquals(providerIds.size(), collected.get());
+  }
+
+  @Test
+  public void testSamlProviderConfigLifecycle() throws Exception {
+    // Create provider config
+    String providerId = "saml.provider-id";
+    SamlProviderConfig config = temporaryProviderConfig.createSamlProviderConfig(
+        new SamlProviderConfig.CreateRequest()
+            .setProviderId(providerId)
+            .setDisplayName("DisplayName")
+            .setEnabled(true)
+            .setIdpEntityId("IDP_ENTITY_ID")
+            .setSsoUrl("https://example.com/login")
+            .addX509Certificate("certificate1")
+            .addX509Certificate("certificate2")
+            .setRpEntityId("RP_ENTITY_ID")
+            .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler"));
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("DisplayName", config.getDisplayName());
+    assertTrue(config.isEnabled());
+    assertEquals("IDP_ENTITY_ID", config.getIdpEntityId());
+    assertEquals("https://example.com/login", config.getSsoUrl());
+    assertEquals(ImmutableList.of("certificate1", "certificate2"), config.getX509Certificates());
+    assertEquals("RP_ENTITY_ID", config.getRpEntityId());
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", config.getCallbackUrl());
+
+    config = tenantAwareAuth.getSamlProviderConfig(providerId);
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("DisplayName", config.getDisplayName());
+    assertTrue(config.isEnabled());
+    assertEquals("IDP_ENTITY_ID", config.getIdpEntityId());
+    assertEquals("https://example.com/login", config.getSsoUrl());
+    assertEquals(ImmutableList.of("certificate1", "certificate2"), config.getX509Certificates());
+    assertEquals("RP_ENTITY_ID", config.getRpEntityId());
+    assertEquals("https://projectId.firebaseapp.com/__/auth/handler", config.getCallbackUrl());
+
+    // Update provider config
+    SamlProviderConfig.UpdateRequest updateRequest =
+        new SamlProviderConfig.UpdateRequest(providerId)
+            .setDisplayName("NewDisplayName")
+            .setEnabled(false)
+            .addX509Certificate("certificate");
+    config = tenantAwareAuth.updateSamlProviderConfigAsync(updateRequest).get();
+    assertEquals(providerId, config.getProviderId());
+    assertEquals("NewDisplayName", config.getDisplayName());
+    assertFalse(config.isEnabled());
+    assertEquals(ImmutableList.of("certificate"), config.getX509Certificates());
+
+    // Delete provider config
+    temporaryProviderConfig.deleteSamlProviderConfig(providerId);
+    ProviderConfigTestUtils.assertSamlProviderConfigDoesNotExist(tenantAwareAuth, providerId);
+  }
+
+  @Test
+  public void testListSamlProviderConfigs() throws Exception {
+    final List<String> providerIds = new ArrayList<>();
+
+    // Create provider configs
+    for (int i = 0; i < 3; i++) {
+      String providerId = "saml.provider-id" + i;
+      providerIds.add(providerId);
+      temporaryProviderConfig.createSamlProviderConfig(
+          new SamlProviderConfig.CreateRequest()
+            .setProviderId(providerId)
+            .setIdpEntityId("IDP_ENTITY_ID")
+            .setSsoUrl("https://example.com/login")
+            .addX509Certificate("certificate")
+            .setRpEntityId("RP_ENTITY_ID")
+            .setCallbackUrl("https://projectId.firebaseapp.com/__/auth/handler"));
+    }
+
+    // List provider configs
+    // NOTE: We do not need to test all of the different ways we can iterate over the provider
+    // configs, since this testing is already performed in FirebaseAuthIT with the tenant-agnostic
+    // tests.
+    final AtomicInteger collected = new AtomicInteger(0);
+    ListProviderConfigsPage<SamlProviderConfig> page =
+        tenantAwareAuth.listSamlProviderConfigsAsync(null).get();
+    for (SamlProviderConfig config : page.iterateAll()) {
+      if (providerIds.contains(config.getProviderId())) {
+        collected.incrementAndGet();
+        assertEquals("IDP_ENTITY_ID", config.getIdpEntityId());
+        assertEquals("https://example.com/login", config.getSsoUrl());
+        assertEquals(ImmutableList.of("certificate"), config.getX509Certificates());
+        assertEquals("RP_ENTITY_ID", config.getRpEntityId());
+        assertEquals("https://projectId.firebaseapp.com/__/auth/handler", config.getCallbackUrl());
+      }
+    }
+    assertEquals(providerIds.size(), collected.get());
+  }
+
+  private String signInWithCustomToken(
+      String customToken, @Nullable String tenantId) throws IOException {
+    final GenericUrl url = new GenericUrl(VERIFY_CUSTOM_TOKEN_URL + "?key="
+        + IntegrationTestUtils.getApiKey());
+    ImmutableMap.Builder<String, Object> content = ImmutableMap.builder();
+    content.put("token", customToken);
+    content.put("returnSecureToken", true);
+    if (tenantId != null) {
+      content.put("tenantId", tenantId);
+    }
+    HttpRequest request = transport.createRequestFactory().buildPostRequest(url,
+        new JsonHttpContent(jsonFactory, content.build()));
+    request.setParser(new JsonObjectParser(jsonFactory));
+    HttpResponse response = request.execute();
+    try {
+      GenericJson json = response.parseAs(GenericJson.class);
+      return json.get("idToken").toString();
+    } finally {
+      response.disconnect();
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantManagerIT.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantManagerIT.java
new file mode 100644
index 000000000..086e25aa2
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantManagerIT.java
@@ -0,0 +1,158 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.api.core.ApiFuture;
+import com.google.api.core.ApiFutureCallback;
+import com.google.api.core.ApiFutures;
+import com.google.common.util.concurrent.MoreExecutors;
+import com.google.firebase.auth.FirebaseAuth;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.auth.internal.AuthHttpClient;
+import com.google.firebase.testing.IntegrationTestUtils;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicReference;
+import org.junit.Test;
+
+public class TenantManagerIT {
+
+  private static final FirebaseAuth auth = FirebaseAuth.getInstance(
+      IntegrationTestUtils.ensureDefaultApp());
+
+  @Test
+  public void testTenantLifecycle() throws Exception {
+    TenantManager tenantManager = auth.getTenantManager();
+
+    // Create tenant
+    Tenant.CreateRequest createRequest = new Tenant.CreateRequest().setDisplayName("DisplayName");
+    Tenant tenant = tenantManager.createTenantAsync(createRequest).get();
+    assertEquals("DisplayName", tenant.getDisplayName());
+    assertFalse(tenant.isPasswordSignInAllowed());
+    assertFalse(tenant.isEmailLinkSignInEnabled());
+    String tenantId = tenant.getTenantId();
+
+    // Get tenant
+    tenant = tenantManager.getTenantAsync(tenantId).get();
+    assertEquals(tenantId, tenant.getTenantId());
+    assertEquals("DisplayName", tenant.getDisplayName());
+    assertFalse(tenant.isPasswordSignInAllowed());
+    assertFalse(tenant.isEmailLinkSignInEnabled());
+
+    // Update tenant
+    Tenant.UpdateRequest updateRequest = tenant.updateRequest()
+        .setDisplayName("UpdatedName")
+        .setPasswordSignInAllowed(true)
+        .setEmailLinkSignInEnabled(true);
+    tenant = tenantManager.updateTenantAsync(updateRequest).get();
+    assertEquals(tenantId, tenant.getTenantId());
+    assertEquals("UpdatedName", tenant.getDisplayName());
+    assertTrue(tenant.isPasswordSignInAllowed());
+    assertTrue(tenant.isEmailLinkSignInEnabled());
+
+    // Delete tenant
+    tenantManager.deleteTenantAsync(tenant.getTenantId()).get();
+    try {
+      tenantManager.getTenantAsync(tenant.getTenantId()).get();
+      fail("No error thrown for getting a deleted tenant");
+    } catch (ExecutionException e) {
+      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      assertEquals(AuthHttpClient.TENANT_NOT_FOUND_ERROR,
+          ((FirebaseAuthException) e.getCause()).getErrorCode());
+    }
+  }
+
+  @Test
+  public void testListTenants() throws Exception {
+    TenantManager tenantManager = auth.getTenantManager();
+    final List<String> tenantIds = new ArrayList<>();
+
+    try {
+      for (int i = 0; i < 3; i++) {
+        Tenant.CreateRequest createRequest =
+            new Tenant.CreateRequest().setDisplayName("DisplayName" + i);
+        tenantIds.add(tenantManager.createTenantAsync(createRequest).get().getTenantId());
+      }
+
+      // Test list by batches
+      final AtomicInteger collected = new AtomicInteger(0);
+      ListTenantsPage page = tenantManager.listTenantsAsync(null).get();
+      while (page != null) {
+        for (Tenant tenant : page.getValues()) {
+          if (tenantIds.contains(tenant.getTenantId())) {
+            collected.incrementAndGet();
+            assertNotNull(tenant.getDisplayName());
+          }
+        }
+        page = page.getNextPage();
+      }
+      assertEquals(tenantIds.size(), collected.get());
+
+      // Test iterate all
+      collected.set(0);
+      page = tenantManager.listTenantsAsync(null).get();
+      for (Tenant tenant : page.iterateAll()) {
+        if (tenantIds.contains(tenant.getTenantId())) {
+          collected.incrementAndGet();
+          assertNotNull(tenant.getDisplayName());
+        }
+      }
+      assertEquals(tenantIds.size(), collected.get());
+
+      // Test iterate async
+      collected.set(0);
+      final Semaphore semaphore = new Semaphore(0);
+      final AtomicReference<Throwable> error = new AtomicReference<>();
+      ApiFuture<ListTenantsPage> pageFuture = tenantManager.listTenantsAsync(null);
+      ApiFutures.addCallback(pageFuture, new ApiFutureCallback<ListTenantsPage>() {
+        @Override
+        public void onFailure(Throwable t) {
+          error.set(t);
+          semaphore.release();
+        }
+
+        @Override
+        public void onSuccess(ListTenantsPage result) {
+          for (Tenant tenant : result.iterateAll()) {
+            if (tenantIds.contains(tenant.getTenantId())) {
+              collected.incrementAndGet();
+              assertNotNull(tenant.getDisplayName());
+            }
+          }
+          semaphore.release();
+        }
+      }, MoreExecutors.directExecutor());
+      semaphore.acquire();
+      assertEquals(tenantIds.size(), collected.get());
+      assertNull(error.get());
+    } finally {
+      for (String tenantId : tenantIds) {
+        tenantManager.deleteTenantAsync(tenantId).get();
+      }
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantTest.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantTest.java
new file mode 100644
index 000000000..7ea4f2539
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantTest.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.json.JsonFactory;
+import java.io.IOException;
+import java.util.Map;
+import org.junit.Test;
+
+public class TenantTest {
+
+  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+
+  private static final String TENANT_JSON_STRING = 
+      "{"
+        + "\"name\":\"projects/project-id/resource/TENANT_ID\","
+        + "\"displayName\":\"DISPLAY_NAME\","
+        + "\"allowPasswordSignup\":true,"
+        + "\"enableEmailLinkSignin\":false"
+        + "}";
+
+  @Test
+  public void testJsonDeserialization() throws IOException {
+    Tenant tenant = JSON_FACTORY.fromString(TENANT_JSON_STRING, Tenant.class);
+
+    assertEquals(tenant.getTenantId(), "TENANT_ID");
+    assertEquals(tenant.getDisplayName(), "DISPLAY_NAME");
+    assertTrue(tenant.isPasswordSignInAllowed());
+    assertFalse(tenant.isEmailLinkSignInEnabled());
+  }
+
+  @Test
+  public void testUpdateRequestFromTenant() throws IOException {
+    Tenant tenant = JSON_FACTORY.fromString(TENANT_JSON_STRING, Tenant.class);
+
+    Tenant.UpdateRequest updateRequest = tenant.updateRequest();
+
+    assertEquals("TENANT_ID", updateRequest.getTenantId());
+    assertTrue(updateRequest.getProperties().isEmpty());
+  }
+
+  @Test
+  public void testUpdateRequestFromTenantId() throws IOException {
+    Tenant.UpdateRequest updateRequest = new Tenant.UpdateRequest("TENANT_ID");
+    updateRequest
+      .setDisplayName("DISPLAY_NAME")
+      .setPasswordSignInAllowed(false)
+      .setEmailLinkSignInEnabled(true);
+
+    assertEquals("TENANT_ID", updateRequest.getTenantId());
+    Map<String,Object> properties = updateRequest.getProperties();
+    assertEquals(properties.size(), 3);
+    assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
+    assertFalse((boolean) properties.get("allowPasswordSignup"));
+    assertTrue((boolean) properties.get("enableEmailLinkSignin"));
+  }
+
+  @Test
+  public void testCreateRequest() throws IOException {
+    Tenant.CreateRequest createRequest = new Tenant.CreateRequest();
+    createRequest
+      .setDisplayName("DISPLAY_NAME")
+      .setPasswordSignInAllowed(false)
+      .setEmailLinkSignInEnabled(true);
+
+    Map<String,Object> properties = createRequest.getProperties();
+    assertEquals(properties.size(), 3);
+    assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
+    assertFalse((boolean) properties.get("allowPasswordSignup"));
+    assertTrue((boolean) properties.get("enableEmailLinkSignin"));
+  }
+}
+
diff --git a/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java b/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java
index d8395035e..ba7816173 100644
--- a/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java
+++ b/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java
@@ -23,6 +23,7 @@
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.fail;
 
+import com.google.auth.oauth2.GoogleCredentials;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
@@ -33,11 +34,12 @@
 import com.google.firebase.database.util.EmulatorHelper;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestUtils;
+import java.io.IOException;
 import java.util.List;
 import org.junit.Test;
 
 public class FirebaseDatabaseTest {
-  
+
   private static final FirebaseOptions firebaseOptions =
       new FirebaseOptions.Builder()
           .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
@@ -198,7 +200,7 @@ public void testInitAfterAppDelete() {
   }
 
   @Test
-  public void testDbUrlIsEmulatorUrlWhenSettingOptionsManually() {
+  public void testDbUrlIsEmulatorUrlWhenSettingOptionsManually() throws IOException {
 
     List<CustomTestCase> testCases = ImmutableList.of(
         // cases where the env var is ignored because the supplied DB URL is a valid emulator URL
@@ -235,7 +237,7 @@ public void testDbUrlIsEmulatorUrlWhenSettingOptionsManually() {
   }
 
   @Test
-  public void testDbUrlIsEmulatorUrlForDbRefWithPath() {
+  public void testDbUrlIsEmulatorUrlForDbRefWithPath() throws IOException {
 
     List<CustomTestCase> testCases = ImmutableList.of(
         new CustomTestCase("http://my-custom-hosted-emulator.com:80?ns=dummy-ns",
diff --git a/src/test/resources/getUser.json b/src/test/resources/getUser.json
index 019c665be..3d57f1082 100644
--- a/src/test/resources/getUser.json
+++ b/src/test/resources/getUser.json
@@ -24,6 +24,7 @@
     "validSince" : "1494364393",
     "disabled" : false,
     "createdAt" : "1234567890",
-    "customAttributes" : "{\"admin\": true, \"package\": \"gold\"}"
+    "customAttributes" : "{\"admin\": true, \"package\": \"gold\"}",
+    "tenantId": "testTenant"
   } ]
 }
diff --git a/src/test/resources/listOidc.json b/src/test/resources/listOidc.json
new file mode 100644
index 000000000..0c13ea48b
--- /dev/null
+++ b/src/test/resources/listOidc.json
@@ -0,0 +1,15 @@
+{
+  "oauthIdpConfigs" : [ {
+    "name": "projects/projectId/oauthIdpConfigs/oidc.provider-id1",
+    "displayName" : "DISPLAY_NAME",
+    "enabled" : true,
+    "clientId" : "CLIENT_ID",
+    "issuer" : "https://oidc.com/issuer"
+  }, {
+    "name": "projects/projectId/oauthIdpConfigs/oidc.provider-id2",
+    "displayName" : "DISPLAY_NAME",
+    "enabled" : true,
+    "clientId" : "CLIENT_ID",
+    "issuer" : "https://oidc.com/issuer"
+  } ]
+}
diff --git a/src/test/resources/listSaml.json b/src/test/resources/listSaml.json
new file mode 100644
index 000000000..64b1e1e36
--- /dev/null
+++ b/src/test/resources/listSaml.json
@@ -0,0 +1,35 @@
+{
+  "inboundSamlConfigs" : [ {
+    "name": "projects/projectId/inboundSamlConfigs/saml.provider-id1",
+    "displayName" : "DISPLAY_NAME",
+    "enabled" : true,
+    "idpConfig": {
+      "idpEntityId": "IDP_ENTITY_ID",
+      "ssoUrl": "https://example.com/login",
+      "idpCertificates": [
+        { "x509Certificate": "certificate1" },
+        { "x509Certificate": "certificate2" }
+      ]
+    },
+    "spConfig": {
+      "spEntityId": "RP_ENTITY_ID",
+      "callbackUri": "https://projectId.firebaseapp.com/__/auth/handler"
+    }
+  }, {
+    "name": "projects/projectId/inboundSamlConfigs/saml.provider-id2",
+    "displayName" : "DISPLAY_NAME",
+    "enabled" : true,
+    "idpConfig": {
+      "idpEntityId": "IDP_ENTITY_ID",
+      "ssoUrl": "https://example.com/login",
+      "idpCertificates": [
+        { "x509Certificate": "certificate1" },
+        { "x509Certificate": "certificate2" }
+      ]
+    },
+    "spConfig": {
+      "spEntityId": "RP_ENTITY_ID",
+      "callbackUri": "https://projectId.firebaseapp.com/__/auth/handler"
+    }
+  } ]
+}
diff --git a/src/test/resources/listTenants.json b/src/test/resources/listTenants.json
new file mode 100644
index 000000000..1e2f3a01a
--- /dev/null
+++ b/src/test/resources/listTenants.json
@@ -0,0 +1,17 @@
+{
+  "tenants" : [ {
+    "name" : "TENANT_1",
+    "displayName" : "DISPLAY_NAME",
+    "allowPasswordSignup" : true,
+    "enableEmailLinkSignin" : false,
+    "disableAuth" : true,
+    "enableAnonymousUser" : false
+  }, {
+    "name" : "TENANT_2",
+    "displayName" : "DISPLAY_NAME",
+    "allowPasswordSignup" : true,
+    "enableEmailLinkSignin" : false,
+    "disableAuth" : true,
+    "enableAnonymousUser" : false
+  } ]
+}
diff --git a/src/test/resources/listUsers.json b/src/test/resources/listUsers.json
index 06d0b34c9..47e169709 100644
--- a/src/test/resources/listUsers.json
+++ b/src/test/resources/listUsers.json
@@ -24,7 +24,8 @@
     "validSince" : "1494364393",
     "disabled" : false,
     "createdAt" : "1234567890",
-    "customAttributes" : "{\"admin\": true, \"package\": \"gold\"}"
+    "customAttributes" : "{\"admin\": true, \"package\": \"gold\"}",
+    "tenantId": "testTenant"
   }, {
     "localId" : "testuser",
     "email" : "testuser@example.com",
@@ -50,6 +51,7 @@
     "validSince" : "1494364393",
     "disabled" : false,
     "createdAt" : "1234567890",
-    "customAttributes" : "{\"admin\": true, \"package\": \"gold\"}"
+    "customAttributes" : "{\"admin\": true, \"package\": \"gold\"}",
+    "tenantId": "testTenant"
   } ]
 }
diff --git a/src/test/resources/oidc.json b/src/test/resources/oidc.json
new file mode 100644
index 000000000..e2f1845de
--- /dev/null
+++ b/src/test/resources/oidc.json
@@ -0,0 +1,7 @@
+{
+  "name": "projects/projectId/oauthIdpConfigs/oidc.provider-id",
+  "displayName" : "DISPLAY_NAME",
+  "enabled" : true,
+  "clientId" : "CLIENT_ID",
+  "issuer" : "https://oidc.com/issuer"
+}
diff --git a/src/test/resources/saml.json b/src/test/resources/saml.json
new file mode 100644
index 000000000..ef425b0a8
--- /dev/null
+++ b/src/test/resources/saml.json
@@ -0,0 +1,17 @@
+{
+  "name": "projects/projectId/inboundSamlConfigs/saml.provider-id",
+  "displayName": "DISPLAY_NAME",
+  "enabled": true,
+  "idpConfig": {
+    "idpEntityId": "IDP_ENTITY_ID",
+    "ssoUrl": "https://example.com/login",
+    "idpCertificates": [
+      { "x509Certificate": "certificate1" },
+      { "x509Certificate": "certificate2" }
+    ]
+  },
+  "spConfig": {
+    "spEntityId": "RP_ENTITY_ID",
+    "callbackUri": "https://projectId.firebaseapp.com/__/auth/handler"
+  }
+}
diff --git a/src/test/resources/tenant.json b/src/test/resources/tenant.json
new file mode 100644
index 000000000..cc8565f8b
--- /dev/null
+++ b/src/test/resources/tenant.json
@@ -0,0 +1,8 @@
+{
+  "name" : "TENANT_1",
+  "displayName" : "DISPLAY_NAME",
+  "allowPasswordSignup" : true,
+  "enableEmailLinkSignin" : false,
+  "disableAuth" : true,
+  "enableAnonymousUser" : false
+}

From d347ad0c1737cc55f1c3d2b38a53646c43bd83bd Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 23 Jul 2020 14:41:55 -0400
Subject: [PATCH 022/354] [chore] Release 6.15.0 (#457)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e9a2fc038..adbf23931 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>6.14.0</version>
+    <version>6.15.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 7b991238067137818907847826513bbd62a8f68a Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Tue, 28 Jul 2020 12:59:01 -0700
Subject: [PATCH 023/354] chore(auth): Added snippets for multitenancy and IdP
 management (#461)

* chore(auth): Added snippets for multitenancy and IdP management

* fix: Fixed some broken snippet tags

* fix(auth): Fixed a typo and clarified a comment
---
 .../snippets/FirebaseAuthSnippets.java        | 478 +++++++++++++++++-
 1 file changed, 474 insertions(+), 4 deletions(-)

diff --git a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
index fec3f5d2d..b6103b4ef 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
@@ -24,8 +24,12 @@
 import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.auth.FirebaseToken;
 import com.google.firebase.auth.ImportUserRecord;
+import com.google.firebase.auth.ListProviderConfigsPage;
 import com.google.firebase.auth.ListUsersPage;
+import com.google.firebase.auth.OidcProviderConfig;
+import com.google.firebase.auth.SamlProviderConfig;
 import com.google.firebase.auth.SessionCookieOptions;
+import com.google.firebase.auth.UserImportHash;
 import com.google.firebase.auth.UserImportOptions;
 import com.google.firebase.auth.UserImportResult;
 import com.google.firebase.auth.UserProvider;
@@ -37,6 +41,10 @@
 import com.google.firebase.auth.hash.Pbkdf2Sha256;
 import com.google.firebase.auth.hash.Scrypt;
 import com.google.firebase.auth.hash.StandardScrypt;
+import com.google.firebase.auth.multitenancy.ListTenantsPage;
+import com.google.firebase.auth.multitenancy.Tenant;
+import com.google.firebase.auth.multitenancy.TenantAwareFirebaseAuth;
+import com.google.firebase.auth.multitenancy.TenantManager;
 import com.google.firebase.database.DatabaseReference;
 import com.google.firebase.database.FirebaseDatabase;
 import java.net.URI;
@@ -623,7 +631,7 @@ public void generatePasswordResetLink() {
           email, actionCodeSettings);
       // Construct email verification template, embed the link and send
       // using custom SMTP server.
-      sendCustomPasswordResetEmail(email, displayName, link);
+      sendCustomEmail(email, displayName, link);
     } catch (FirebaseAuthException e) {
       System.out.println("Error generating email link: " + e.getMessage());
     }
@@ -640,7 +648,7 @@ public void generateEmailVerificationLink() {
           email, actionCodeSettings);
       // Construct email verification template, embed the link and send
       // using custom SMTP server.
-      sendCustomPasswordResetEmail(email, displayName, link);
+      sendCustomEmail(email, displayName, link);
     } catch (FirebaseAuthException e) {
       System.out.println("Error generating email link: " + e.getMessage());
     }
@@ -657,14 +665,476 @@ public void generateSignInWithEmailLink() {
           email, actionCodeSettings);
       // Construct email verification template, embed the link and send
       // using custom SMTP server.
-      sendCustomPasswordResetEmail(email, displayName, link);
+      sendCustomEmail(email, displayName, link);
     } catch (FirebaseAuthException e) {
       System.out.println("Error generating email link: " + e.getMessage());
     }
     // [END sign_in_with_email_link]
   }
 
+  // =====================================================================================
+  // https://cloud.google.com/identity-platform/docs/managing-providers-programmatically
+  // =====================================================================================
+
+  public void createSamlProviderConfig() throws FirebaseAuthException {
+    // [START create_saml_provider]
+    SamlProviderConfig.CreateRequest request = new SamlProviderConfig.CreateRequest()
+        .setDisplayName("SAML provider name")
+        .setEnabled(true)
+        .setProviderId("saml.myProvider")
+        .setIdpEntityId("IDP_ENTITY_ID")
+        .setSsoUrl("https://example.com/saml/sso/1234/")
+        .addX509Certificate("-----BEGIN CERTIFICATE-----\nCERT1...\n-----END CERTIFICATE-----")
+        .addX509Certificate("-----BEGIN CERTIFICATE-----\nCERT2...\n-----END CERTIFICATE-----")
+        .setRpEntityId("RP_ENTITY_ID")
+        .setCallbackUrl("https://project-id.firebaseapp.com/__/auth/handler");
+    SamlProviderConfig saml = FirebaseAuth.getInstance().createSamlProviderConfig(request);
+    System.out.println("Created new SAML provider: " + saml.getProviderId());
+    // [END create_saml_provider]
+  }
+
+  public void updateSamlProviderConfig() throws FirebaseAuthException {
+    // [START update_saml_provider]
+    SamlProviderConfig.UpdateRequest request =
+        new SamlProviderConfig.UpdateRequest("saml.myProvider")
+          .addX509Certificate("-----BEGIN CERTIFICATE-----\nCERT2...\n-----END CERTIFICATE-----")
+          .addX509Certificate("-----BEGIN CERTIFICATE-----\nCERT3...\n-----END CERTIFICATE-----");
+    SamlProviderConfig saml = FirebaseAuth.getInstance().updateSamlProviderConfig(request);
+    System.out.println("Updated SAML provider: " + saml.getProviderId());
+    // [END update_saml_provider]
+  }
+
+  public void getSamlProviderConfig() throws FirebaseAuthException {
+    // [START get_saml_provider]
+    SamlProviderConfig saml = FirebaseAuth.getInstance().getSamlProviderConfig("saml.myProvider");
+    System.out.println(saml.getDisplayName() + ": " + saml.isEnabled());
+    // [END get_saml_provider]
+  }
+
+  public void deleteSamlProviderConfig() throws FirebaseAuthException {
+    // [START delete_saml_provider]
+    FirebaseAuth.getInstance().deleteSamlProviderConfig("saml.myProvider");
+    // [END delete_saml_provider]
+  }
+
+  public void listSamlProviderConfigs() throws FirebaseAuthException {
+    // [START list_saml_providers]
+    ListProviderConfigsPage<SamlProviderConfig> page = FirebaseAuth.getInstance()
+        .listSamlProviderConfigs("nextPageToken");
+    for (SamlProviderConfig config : page.iterateAll()) {
+      System.out.println(config.getProviderId());
+    }
+    // [END list_saml_providers]
+  }
+
+  public void createOidcProviderConfig() throws FirebaseAuthException {
+    // [START create_oidc_provider]
+    OidcProviderConfig.CreateRequest request = new OidcProviderConfig.CreateRequest()
+        .setDisplayName("OIDC provider name")
+        .setEnabled(true)
+        .setProviderId("oidc.myProvider")
+        .setClientId("CLIENT_ID2")
+        .setIssuer("https://oidc.com/CLIENT_ID2");
+    OidcProviderConfig oidc = FirebaseAuth.getInstance().createOidcProviderConfig(request);
+    System.out.println("Created new OIDC provider: " + oidc.getProviderId());
+    // [END create_oidc_provider]
+  }
+
+  public void updateOidcProviderConfig() throws FirebaseAuthException {
+    // [START update_oidc_provider]
+    OidcProviderConfig.UpdateRequest request =
+        new OidcProviderConfig.UpdateRequest("oidc.myProvider")
+            .setDisplayName("OIDC provider name")
+            .setEnabled(true)
+            .setClientId("CLIENT_ID")
+            .setIssuer("https://oidc.com");
+    OidcProviderConfig oidc = FirebaseAuth.getInstance().updateOidcProviderConfig(request);
+    System.out.println("Updated OIDC provider: " + oidc.getProviderId());
+    // [END update_oidc_provider]
+  }
+
+  public void getOidcProviderConfig() throws FirebaseAuthException {
+    // [START get_oidc_provider]
+    OidcProviderConfig oidc = FirebaseAuth.getInstance().getOidcProviderConfig("oidc.myProvider");
+    System.out.println(oidc.getDisplayName() + ": " + oidc.isEnabled());
+    // [END get_oidc_provider]
+  }
+
+  public void deleteOidcProviderConfig() throws FirebaseAuthException {
+    // [START delete_oidc_provider]
+    FirebaseAuth.getInstance().deleteOidcProviderConfig("oidc.myProvider");
+    // [END delete_oidc_provider]
+  }
+
+  public void listOidcProviderConfigs() throws FirebaseAuthException {
+    // [START list_oidc_providers]
+    ListProviderConfigsPage<OidcProviderConfig> page = FirebaseAuth.getInstance()
+        .listOidcProviderConfigs("nextPageToken");
+    for (OidcProviderConfig oidc : page.iterateAll()) {
+      System.out.println(oidc.getProviderId());
+    }
+    // [END list_oidc_providers]
+  }
+
+  // ================================================================================
+  // https://cloud.google.com/identity-platform/docs/multi-tenancy-managing-tenants
+  // =================================================================================
+
+  public TenantAwareFirebaseAuth getTenantAwareFirebaseAuth(String tenantId) {
+    // [START get_tenant_client]
+    FirebaseAuth auth = FirebaseAuth.getInstance();
+    TenantManager tenantManager = auth.getTenantManager();
+    TenantAwareFirebaseAuth tenantAuth = tenantManager.getAuthForTenant(tenantId);
+    // [END get_tenant_client]
+
+    return tenantAuth;
+  }
+
+  public void getTenant(String tenantId) throws FirebaseAuthException {
+    // [START get_tenant]
+    Tenant tenant = FirebaseAuth.getInstance().getTenantManager().getTenant(tenantId);
+    System.out.println("Retrieved tenant: " + tenant.getTenantId());
+    // [END get_tenant]
+  }
+
+  public void createTenant() throws FirebaseAuthException {
+    // [START create_tenant]
+    Tenant.CreateRequest request = new Tenant.CreateRequest()
+        .setDisplayName("myTenant1")
+        .setEmailLinkSignInEnabled(true)
+        .setPasswordSignInAllowed(true);
+    Tenant tenant = FirebaseAuth.getInstance().getTenantManager().createTenant(request);
+    System.out.println("Created tenant: " + tenant.getTenantId());
+    // [END create_tenant]
+  }
+
+  public void updateTenant(String tenantId) throws FirebaseAuthException {
+    // [START update_tenant]
+    Tenant.UpdateRequest request = new Tenant.UpdateRequest(tenantId)
+        .setDisplayName("updatedName")
+        .setPasswordSignInAllowed(false);
+    Tenant tenant = FirebaseAuth.getInstance().getTenantManager().updateTenant(request);
+    System.out.println("Updated tenant: " + tenant.getTenantId());
+    // [END update_tenant]
+  }
+
+  public void deleteTenant(String tenantId) throws FirebaseAuthException {
+    // [START delete_tenant]
+    FirebaseAuth.getInstance().getTenantManager().deleteTenant(tenantId);
+    // [END delete_tenant]
+  }
+
+  public void listTenants() throws FirebaseAuthException {
+    // [START list_tenants]
+    ListTenantsPage page = FirebaseAuth.getInstance().getTenantManager().listTenants(null);
+    for (Tenant tenant : page.iterateAll()) {
+      System.out.println("Retrieved tenant: " + tenant.getTenantId());
+    }
+    // [END list_tenants]
+  }
+
+  public void createProviderTenant() throws FirebaseAuthException {
+    // [START get_tenant_client_short]
+    TenantAwareFirebaseAuth tenantAuth = FirebaseAuth.getInstance().getTenantManager()
+        .getAuthForTenant("TENANT-ID");
+    // [END get_tenant_client_short]
+
+    // [START create_saml_provider_tenant]
+    SamlProviderConfig.CreateRequest request = new SamlProviderConfig.CreateRequest()
+        .setDisplayName("SAML provider name")
+        .setEnabled(true)
+        .setProviderId("saml.myProvider")
+        .setIdpEntityId("IDP_ENTITY_ID")
+        .setSsoUrl("https://example.com/saml/sso/1234/")
+        .addX509Certificate("-----BEGIN CERTIFICATE-----\nCERT1...\n-----END CERTIFICATE-----")
+        .addX509Certificate("-----BEGIN CERTIFICATE-----\nCERT2...\n-----END CERTIFICATE-----")
+        .setRpEntityId("RP_ENTITY_ID")
+        .setCallbackUrl("https://project-id.firebaseapp.com/__/auth/handler");
+    SamlProviderConfig saml = tenantAuth.createSamlProviderConfig(request);
+    System.out.println("Created new SAML provider: " + saml.getProviderId());
+    // [END create_saml_provider_tenant]
+  }
+
+  public void updateProviderTenant(
+      TenantAwareFirebaseAuth tenantAuth) throws FirebaseAuthException {
+    // [START update_saml_provider_tenant]
+    SamlProviderConfig.UpdateRequest request =
+        new SamlProviderConfig.UpdateRequest("saml.myProvider")
+          .addX509Certificate("-----BEGIN CERTIFICATE-----\nCERT2...\n-----END CERTIFICATE-----")
+          .addX509Certificate("-----BEGIN CERTIFICATE-----\nCERT3...\n-----END CERTIFICATE-----");
+    SamlProviderConfig saml = tenantAuth.updateSamlProviderConfig(request);
+    System.out.println("Updated SAML provider: " + saml.getProviderId());
+    // [END update_saml_provider_tenant]
+  }
+
+  public void getProviderTenant(TenantAwareFirebaseAuth tenantAuth) throws FirebaseAuthException {
+    // [START get_saml_provider_tenant]
+    SamlProviderConfig saml = tenantAuth.getSamlProviderConfig("saml.myProvider");
+
+    // Get display name and whether it is enabled.
+    System.out.println(saml.getDisplayName() + " " + saml.isEnabled());
+    // [END get_saml_provider_tenant]
+  }
+
+  public void listProvidersTenant(TenantAwareFirebaseAuth tenantAuth) throws FirebaseAuthException {
+    // [START list_saml_providers_tenant]
+    ListProviderConfigsPage<SamlProviderConfig> page = tenantAuth.listSamlProviderConfigs(
+        "nextPageToken");
+    for (SamlProviderConfig saml : page.iterateAll()) {
+      System.out.println(saml.getProviderId());
+    }
+    // [END list_saml_providers_tenant]
+  }
+
+  public void deleteProviderTenant(
+      TenantAwareFirebaseAuth tenantAuth) throws FirebaseAuthException {
+    // [START delete_saml_provider_tenant]
+    tenantAuth.deleteSamlProviderConfig("saml.myProvider");
+    // [END delete_saml_provider_tenant]
+  }
+
+  public void getUserTenant(
+      TenantAwareFirebaseAuth tenantAuth, String uid) throws FirebaseAuthException {
+    // [START get_user_tenant]
+    // Get an auth client from the firebase.App
+    UserRecord user = tenantAuth.getUser(uid);
+    System.out.println("Successfully fetched user data: " + user.getDisplayName());
+    // [END get_user_tenant]
+  }
+
+  public void getUserByEmailTenant(
+      TenantAwareFirebaseAuth tenantAuth, String email) throws FirebaseAuthException {
+    // [START get_user_by_email_tenant]
+    // Get an auth client from the firebase.App
+    UserRecord user = tenantAuth.getUserByEmail(email);
+    System.out.println("Successfully fetched user data: " + user.getDisplayName());
+    // [END get_user_by_email_tenant]
+  }
+
+  public void createUserTenant(TenantAwareFirebaseAuth tenantAuth) throws FirebaseAuthException {
+    // [START create_user_tenant]
+    UserRecord.CreateRequest request = new UserRecord.CreateRequest()
+        .setEmail("user@example.com")
+        .setEmailVerified(false)
+        .setPhoneNumber("+15555550100")
+        .setPassword("secretPassword")
+        .setDisplayName("John Doe")
+        .setPhotoUrl("http://www.example.com/12345678/photo.png")
+        .setDisabled(false);
+    UserRecord user = tenantAuth.createUser(request);
+    System.out.println("Successfully created user: " + user.getDisplayName());
+    // [END create_user_tenant]
+  }
+
+  public void updateUserTenant(
+      TenantAwareFirebaseAuth tenantAuth, String uid) throws FirebaseAuthException {
+    // [START update_user_tenant]
+    UserRecord.UpdateRequest request = new UserRecord.UpdateRequest(uid)
+        .setEmail("user@example.com")
+        .setEmailVerified(true)
+        .setPhoneNumber("+15555550100")
+        .setPassword("newPassword")
+        .setDisplayName("John Doe")
+        .setPhotoUrl("http://www.example.com/12345678/photo.png")
+        .setDisabled(true);
+    UserRecord user = tenantAuth.updateUser(request);
+    System.out.println("Successfully updated user: " + user.getDisplayName());
+    // [END update_user_tenant]
+  }
+
+  public void deleteUserTenant(
+      TenantAwareFirebaseAuth tenantAuth, String uid) throws FirebaseAuthException {
+    // [START delete_user_tenant]
+    tenantAuth.deleteUser(uid);
+
+    System.out.println("Successfully deleted user: " + uid);
+    // [END delete_user_tenant]
+  }
+
+  public void listUsersTenant(TenantAwareFirebaseAuth tenantAuth) throws FirebaseAuthException {
+    // [START list_all_users_tenant]
+    // Note, behind the scenes, the ListUsersPage retrieves 1000 Users at a time
+    // through the API
+    ListUsersPage  page = tenantAuth.listUsers(null);
+    for (ExportedUserRecord user : page.iterateAll()) {
+      System.out.println("User: " + user.getUid());
+    }
+
+    // Iterating by pages 100 users at a time.
+    page = tenantAuth.listUsers(null, 100);
+    while (page != null) {
+      for (ExportedUserRecord user : page.getValues()) {
+        System.out.println("User: " + user.getUid());
+      }
+
+      page = page.getNextPage();
+    }
+    // [END list_all_users_tenant]
+  }
+
+  public void importWithHmacTenant(
+      TenantAwareFirebaseAuth tenantAuth) throws FirebaseAuthException {
+    // [START import_with_hmac_tenant]
+    List<ImportUserRecord> users = new ArrayList<>();
+    users.add(ImportUserRecord.builder()
+        .setUid("uid1")
+        .setEmail("user1@example.com")
+        .setPasswordHash("password-hash-1".getBytes())
+        .setPasswordSalt("salt1".getBytes())
+        .build());
+    users.add(ImportUserRecord.builder()
+        .setUid("uid2")
+        .setEmail("user2@example.com")
+        .setPasswordHash("password-hash-2".getBytes())
+        .setPasswordSalt("salt2".getBytes())
+        .build());
+    UserImportHash hmacSha256 = HmacSha256.builder()
+        .setKey("secret".getBytes())
+        .build();
+    UserImportResult result = tenantAuth.importUsers(users, UserImportOptions.withHash(hmacSha256));
+
+    for (ErrorInfo error : result.getErrors()) {
+      System.out.println("Failed to import user: " + error.getReason());
+    }
+    // [END import_with_hmac_tenant]
+  }
+
+  public void importWithoutPasswordTenant(
+      TenantAwareFirebaseAuth tenantAuth) throws FirebaseAuthException {
+    // [START import_without_password_tenant]
+    List<ImportUserRecord> users = new ArrayList<>();
+    users.add(ImportUserRecord.builder()
+        .setUid("some-uid")
+        .setDisplayName("John Doe")
+        .setEmail("johndoe@acme.com")
+        .setPhotoUrl("https://www.example.com/12345678/photo.png")
+        .setEmailVerified(true)
+        .setPhoneNumber("+11234567890")
+        // Set this user as admin.
+        .putCustomClaim("admin", true)
+        // User with SAML provider.
+        .addUserProvider(UserProvider.builder()
+            .setUid("saml-uid")
+            .setEmail("johndoe@acme.com")
+            .setDisplayName("John Doe")
+            .setPhotoUrl("https://www.example.com/12345678/photo.png")
+            .setProviderId("saml.acme")
+            .build())
+        .build());
+
+    UserImportResult result = tenantAuth.importUsers(users);
+
+    for (ErrorInfo error : result.getErrors()) {
+      System.out.println("Failed to import user: " + error.getReason());
+    }
+    // [END import_without_password_tenant]
+  }
+
+  public void verifyIdTokenTenant(TenantAwareFirebaseAuth tenantAuth, String idToken) {
+    // [START verify_id_token_tenant]
+    try {
+      // idToken comes from the client app
+      FirebaseToken token = tenantAuth.verifyIdToken(idToken);
+      // TenantId on the FirebaseToken should be set to TENANT-ID.
+      // Otherwise "tenant-id-mismatch" error thrown.
+      System.out.println("Verified ID token from tenant: " + token.getTenantId());
+    } catch (FirebaseAuthException e) {
+      System.out.println("error verifying ID token: " + e.getMessage());
+    }
+    // [END verify_id_token_tenant]
+  }
+
+  public void verifyIdTokenAccessControlTenant(TenantAwareFirebaseAuth tenantAuth, String idToken) {
+    // [START id_token_access_control_tenant]
+    try {
+      // idToken comes from the client app
+      FirebaseToken token = tenantAuth.verifyIdToken(idToken);
+      if ("TENANT-ID1".equals(token.getTenantId())) {
+        // Allow appropriate level of access for TENANT-ID1.
+      } else if ("TENANT-ID2".equals(token.getTenantId())) {
+        // Allow appropriate level of access for TENANT-ID2.
+      } else {
+        // Access not allowed -- Handle error
+      }
+    } catch (FirebaseAuthException e) {
+      System.out.println("error verifying ID token: " + e.getMessage());
+    }
+    // [END id_token_access_control_tenant]
+  }
+
+  public void revokeRefreshTokensTenant(
+      TenantAwareFirebaseAuth tenantAuth, String uid) throws FirebaseAuthException {
+    // [START revoke_tokens_tenant]
+    // Revoke all refresh tokens for a specified user in a specified tenant for whatever reason.
+    // Retrieve the timestamp of the revocation, in seconds since the epoch.
+    tenantAuth.revokeRefreshTokens(uid);
+
+    // accessing the user's TokenValidAfter
+    UserRecord user = tenantAuth.getUser(uid);
+
+
+    long timestamp = user.getTokensValidAfterTimestamp() / 1000;
+    System.out.println("the refresh tokens were revoked at: " + timestamp + " (UTC seconds)");
+    // [END revoke_tokens_tenant]
+  }
+
+  public void verifyIdTokenAndCheckRevokedTenant(
+      TenantAwareFirebaseAuth tenantAuth, String idToken) {
+    // [START verify_id_token_and_check_revoked_tenant]
+    // Verify the ID token for a specific tenant while checking if the token is revoked.
+    boolean checkRevoked = true;
+    try {
+      FirebaseToken token = tenantAuth.verifyIdToken(idToken, checkRevoked);
+      System.out.println("Verified ID token for: " + token.getUid());
+    } catch (FirebaseAuthException e) {
+      if ("id-token-revoked".equals(e.getErrorCode())) {
+        // Token is revoked. Inform the user to re-authenticate or signOut() the user.
+      } else {
+        // Token is invalid
+      }
+    }
+    // [END verify_id_token_and_check_revoked_tenant]
+  }
+
+  public void customClaimsVerifyTenant(
+      TenantAwareFirebaseAuth tenantAuth, String idToken) throws FirebaseAuthException {
+    // [START verify_custom_claims_tenant]
+    // Verify the ID token first.
+    FirebaseToken token = tenantAuth.verifyIdToken(idToken);
+    if (Boolean.TRUE.equals(token.getClaims().get("admin"))) {
+      //Allow access to requested admin resource.
+    }
+    // [END verify_custom_claims_tenant]
+  }
+
+  public void generateEmailVerificationLinkTenant(
+      TenantAwareFirebaseAuth tenantAuth,
+      String email,
+      String displayName) throws FirebaseAuthException {
+    // [START email_verification_link_tenant]
+    ActionCodeSettings actionCodeSettings = ActionCodeSettings.builder()
+        // URL you want to redirect back to. The domain (www.example.com) for
+        // this URL must be whitelisted in the GCP Console.
+        .setUrl("https://www.example.com/checkout?cartId=1234")
+        // This must be true for email link sign-in.
+        .setHandleCodeInApp(true)
+        .setIosBundleId("com.example.ios")
+        .setAndroidPackageName("com.example.android")
+        .setAndroidInstallApp(true)
+        .setAndroidMinimumVersion("12")
+        // FDL custom domain.
+        .setDynamicLinkDomain("coolapp.page.link")
+        .build();
+
+    String link = tenantAuth.generateEmailVerificationLink(email, actionCodeSettings);
+
+    // Construct email verification template, embed the link and send
+    // using custom SMTP server.
+    sendCustomEmail(email, displayName, link);
+    // [END email_verification_link_tenant]
+  }
+
   // Place holder method to make the compiler happy. This is referenced by all email action
   // link snippets.
-  private void sendCustomPasswordResetEmail(String email, String displayName, String link) {}
+  private void sendCustomEmail(String email, String displayName, String link) {}
 }

From 3564eeb7a6593fb7f23264c81c2f41d015c0ef8b Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Mon, 10 Aug 2020 10:07:34 -0700
Subject: [PATCH 024/354] feat(auth): Support for creating tenant-scoped
 session cookies (#467)

* feat(auth): Support for creating tenant-scoped session cookies

* fix: Cleaned up the unit test
---
 pom.xml                                       |   4 +-
 .../firebase/auth/AbstractFirebaseAuth.java   | 251 +++++++++++----
 .../google/firebase/auth/FirebaseAuth.java    | 209 +++----------
 .../firebase/auth/FirebaseTokenUtils.java     |  12 +-
 .../multitenancy/TenantAwareFirebaseAuth.java |  65 +++-
 .../auth/multitenancy/TenantManager.java      |   2 +-
 .../firebase/auth/FirebaseAuthTest.java       | 110 +++----
 .../auth/FirebaseTokenVerifierImplTest.java   |  13 +
 .../auth/FirebaseUserManagerTest.java         |  25 +-
 .../firebase/auth/MockTokenVerifier.java      |  59 ++++
 .../TenantAwareFirebaseAuthTest.java          | 292 ++++++++++++++++++
 11 files changed, 705 insertions(+), 337 deletions(-)
 create mode 100644 src/test/java/com/google/firebase/auth/MockTokenVerifier.java
 create mode 100644 src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java

diff --git a/pom.xml b/pom.xml
index adbf23931..b0187543a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -198,7 +198,7 @@
                     <plugin>
                         <groupId>org.jacoco</groupId>
                         <artifactId>jacoco-maven-plugin</artifactId>
-                        <version>0.7.9</version>
+                        <version>0.8.5</version>
                         <executions>
                             <execution>
                                 <id>pre-unit-test</id>
@@ -289,7 +289,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.19.1</version>
+                <version>2.22.0</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>
diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
index ad30d2cc3..6c841070c 100644
--- a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -62,50 +62,13 @@ public abstract class AbstractFirebaseAuth {
   private final Supplier<? extends FirebaseUserManager> userManager;
   private final JsonFactory jsonFactory;
 
-  protected AbstractFirebaseAuth(Builder builder) {
+  protected AbstractFirebaseAuth(Builder<?> builder) {
     this.firebaseApp = checkNotNull(builder.firebaseApp);
     this.tokenFactory = threadSafeMemoize(builder.tokenFactory);
     this.idTokenVerifier = threadSafeMemoize(builder.idTokenVerifier);
     this.cookieVerifier = threadSafeMemoize(builder.cookieVerifier);
     this.userManager = threadSafeMemoize(builder.userManager);
-    this.jsonFactory = builder.firebaseApp.getOptions().getJsonFactory();
-  }
-
-  protected static Builder builderFromAppAndTenantId(final FirebaseApp app, final String tenantId) {
-    return AbstractFirebaseAuth.builder()
-        .setFirebaseApp(app)
-        .setTokenFactory(
-            new Supplier<FirebaseTokenFactory>() {
-              @Override
-              public FirebaseTokenFactory get() {
-                return FirebaseTokenUtils.createTokenFactory(app, Clock.SYSTEM, tenantId);
-              }
-            })
-        .setIdTokenVerifier(
-            new Supplier<FirebaseTokenVerifier>() {
-              @Override
-              public FirebaseTokenVerifier get() {
-                return FirebaseTokenUtils.createIdTokenVerifier(app, Clock.SYSTEM, tenantId);
-              }
-            })
-        .setCookieVerifier(
-            new Supplier<FirebaseTokenVerifier>() {
-              @Override
-              public FirebaseTokenVerifier get() {
-                return FirebaseTokenUtils.createSessionCookieVerifier(app, Clock.SYSTEM);
-              }
-            })
-        .setUserManager(
-            new Supplier<FirebaseUserManager>() {
-              @Override
-              public FirebaseUserManager get() {
-                return FirebaseUserManager
-                    .builder()
-                    .setFirebaseApp(app)
-                    .setTenantId(tenantId)
-                    .build();
-              }
-            });
+    this.jsonFactory = firebaseApp.getOptions().getJsonFactory();
   }
 
   /**
@@ -220,6 +183,51 @@ public String execute() throws FirebaseAuthException {
     };
   }
 
+  /**
+   * Creates a new Firebase session cookie from the given ID token and options. The returned JWT can
+   * be set as a server-side session cookie with a custom cookie policy.
+   *
+   * @param idToken The Firebase ID token to exchange for a session cookie.
+   * @param options Additional options required to create the cookie.
+   * @return A Firebase session cookie string.
+   * @throws IllegalArgumentException If the ID token is null or empty, or if options is null.
+   * @throws FirebaseAuthException If an error occurs while generating the session cookie.
+   */
+  public String createSessionCookie(@NonNull String idToken, @NonNull SessionCookieOptions options)
+      throws FirebaseAuthException {
+    return createSessionCookieOp(idToken, options).call();
+  }
+
+  /**
+   * Similar to {@link #createSessionCookie(String, SessionCookieOptions)} but performs the
+   * operation asynchronously.
+   *
+   * @param idToken The Firebase ID token to exchange for a session cookie.
+   * @param options Additional options required to create the cookie.
+   * @return An {@code ApiFuture} which will complete successfully with a session cookie string. If
+   *     an error occurs while generating the cookie or if the specified ID token is invalid, the
+   *     future throws a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the ID token is null or empty, or if options is null.
+   */
+  public ApiFuture<String> createSessionCookieAsync(
+      @NonNull String idToken, @NonNull SessionCookieOptions options) {
+    return createSessionCookieOp(idToken, options).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<String, FirebaseAuthException> createSessionCookieOp(
+      final String idToken, final SessionCookieOptions options) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(idToken), "idToken must not be null or empty");
+    checkNotNull(options, "options must not be null");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<String, FirebaseAuthException>() {
+      @Override
+      protected String execute() throws FirebaseAuthException {
+        return userManager.createSessionCookie(idToken, options);
+      }
+    };
+  }
+
   /**
    * Parses and verifies a Firebase ID Token.
    *
@@ -320,6 +328,87 @@ FirebaseTokenVerifier getIdTokenVerifier(boolean checkRevoked) {
     return verifier;
   }
 
+  /**
+   * Parses and verifies a Firebase session cookie.
+   *
+   * <p>If verified successfully, returns a parsed version of the cookie from which the UID and the
+   * other claims can be read. If the cookie is invalid, throws a {@link FirebaseAuthException}.
+   *
+   * <p>This method does not check whether the cookie has been revoked. See {@link
+   * #verifySessionCookie(String, boolean)}.
+   *
+   * @param cookie A Firebase session cookie string to verify and parse.
+   * @return A {@link FirebaseToken} representing the verified and decoded cookie.
+   */
+  public FirebaseToken verifySessionCookie(String cookie) throws FirebaseAuthException {
+    return verifySessionCookie(cookie, false);
+  }
+
+  /**
+   * Parses and verifies a Firebase session cookie.
+   *
+   * <p>If {@code checkRevoked} is true, additionally verifies that the cookie has not been revoked.
+   *
+   * <p>If verified successfully, returns a parsed version of the cookie from which the UID and the
+   * other claims can be read. If the cookie is invalid or has been revoked while {@code
+   * checkRevoked} is true, throws a {@link FirebaseAuthException}.
+   *
+   * @param cookie A Firebase session cookie string to verify and parse.
+   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
+   * @return A {@link FirebaseToken} representing the verified and decoded cookie.
+   */
+  public FirebaseToken verifySessionCookie(String cookie, boolean checkRevoked)
+      throws FirebaseAuthException {
+    return verifySessionCookieOp(cookie, checkRevoked).call();
+  }
+
+  /**
+   * Similar to {@link #verifySessionCookie(String)} but performs the operation asynchronously.
+   *
+   * @param cookie A Firebase session cookie string to verify and parse.
+   * @return An {@code ApiFuture} which will complete successfully with the parsed cookie, or
+   *     unsuccessfully with the failure Exception.
+   */
+  public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie) {
+    return verifySessionCookieAsync(cookie, false);
+  }
+
+  /**
+   * Similar to {@link #verifySessionCookie(String, boolean)} but performs the operation
+   * asynchronously.
+   *
+   * @param cookie A Firebase session cookie string to verify and parse.
+   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
+   * @return An {@code ApiFuture} which will complete successfully with the parsed cookie, or
+   *     unsuccessfully with the failure Exception.
+   */
+  public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie, boolean checkRevoked) {
+    return verifySessionCookieOp(cookie, checkRevoked).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<FirebaseToken, FirebaseAuthException> verifySessionCookieOp(
+      final String cookie, final boolean checkRevoked) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(cookie), "Session cookie must not be null or empty");
+    final FirebaseTokenVerifier sessionCookieVerifier = getSessionCookieVerifier(checkRevoked);
+    return new CallableOperation<FirebaseToken, FirebaseAuthException>() {
+      @Override
+      public FirebaseToken execute() throws FirebaseAuthException {
+        return sessionCookieVerifier.verifyToken(cookie);
+      }
+    };
+  }
+
+  @VisibleForTesting
+  FirebaseTokenVerifier getSessionCookieVerifier(boolean checkRevoked) {
+    FirebaseTokenVerifier verifier = cookieVerifier.get();
+    if (checkRevoked) {
+      FirebaseUserManager userManager = getUserManager();
+      verifier = RevocationCheckDecorator.decorateSessionCookieVerifier(verifier, userManager);
+    }
+    return verifier;
+  }
+
   /**
    * Revokes all refresh tokens for the specified user.
    *
@@ -1637,19 +1726,11 @@ protected Void execute() throws FirebaseAuthException {
     };
   }
 
-  FirebaseApp getFirebaseApp() {
-    return this.firebaseApp;
-  }
-
-  FirebaseTokenVerifier getCookieVerifier() {
-    return this.cookieVerifier.get();
-  }
-
   FirebaseUserManager getUserManager() {
     return this.userManager.get();
   }
 
-  protected <T> Supplier<T> threadSafeMemoize(final Supplier<T> supplier) {
+  <T> Supplier<T> threadSafeMemoize(final Supplier<T> supplier) {
     return Suppliers.memoize(
         new Supplier<T>() {
           @Override
@@ -1663,7 +1744,7 @@ public T get() {
         });
   }
 
-  void checkNotDestroyed() {
+  private void checkNotDestroyed() {
     synchronized (lock) {
       checkState(
           !destroyed.get(),
@@ -1682,42 +1763,80 @@ final void destroy() {
   /** Performs any additional required clean up. */
   protected abstract void doDestroy();
 
-  static Builder builder() {
-    return new Builder();
-  }
+  protected abstract static class Builder<T extends  Builder<T>> {
 
-  static class Builder {
-    protected FirebaseApp firebaseApp;
+    private FirebaseApp firebaseApp;
     private Supplier<FirebaseTokenFactory> tokenFactory;
     private Supplier<? extends FirebaseTokenVerifier> idTokenVerifier;
     private Supplier<? extends FirebaseTokenVerifier> cookieVerifier;
-    private Supplier<FirebaseUserManager> userManager;
+    private Supplier<? extends FirebaseUserManager> userManager;
 
-    private Builder() {}
+    protected abstract T getThis();
+
+    public FirebaseApp getFirebaseApp() {
+      return firebaseApp;
+    }
 
-    Builder setFirebaseApp(FirebaseApp firebaseApp) {
+    public T setFirebaseApp(FirebaseApp firebaseApp) {
       this.firebaseApp = firebaseApp;
-      return this;
+      return getThis();
     }
 
-    Builder setTokenFactory(Supplier<FirebaseTokenFactory> tokenFactory) {
+    public T setTokenFactory(Supplier<FirebaseTokenFactory> tokenFactory) {
       this.tokenFactory = tokenFactory;
-      return this;
+      return getThis();
     }
 
-    Builder setIdTokenVerifier(Supplier<? extends FirebaseTokenVerifier> idTokenVerifier) {
+    public T setIdTokenVerifier(Supplier<? extends FirebaseTokenVerifier> idTokenVerifier) {
       this.idTokenVerifier = idTokenVerifier;
-      return this;
+      return getThis();
     }
 
-    Builder setCookieVerifier(Supplier<? extends FirebaseTokenVerifier> cookieVerifier) {
+    public T setCookieVerifier(Supplier<? extends FirebaseTokenVerifier> cookieVerifier) {
       this.cookieVerifier = cookieVerifier;
-      return this;
+      return getThis();
     }
 
-    Builder setUserManager(Supplier<FirebaseUserManager> userManager) {
+    public T setUserManager(Supplier<FirebaseUserManager> userManager) {
       this.userManager = userManager;
-      return this;
+      return getThis();
     }
   }
+
+  protected static <T extends Builder<T>> T populateBuilderFromApp(
+      Builder<T> builder, final FirebaseApp app, @Nullable final String tenantId) {
+    return builder.setFirebaseApp(app)
+        .setTokenFactory(
+            new Supplier<FirebaseTokenFactory>() {
+              @Override
+              public FirebaseTokenFactory get() {
+                return FirebaseTokenUtils.createTokenFactory(app, Clock.SYSTEM, tenantId);
+              }
+            })
+        .setIdTokenVerifier(
+            new Supplier<FirebaseTokenVerifier>() {
+              @Override
+              public FirebaseTokenVerifier get() {
+                return FirebaseTokenUtils.createIdTokenVerifier(app, Clock.SYSTEM, tenantId);
+              }
+            })
+        .setCookieVerifier(
+            new Supplier<FirebaseTokenVerifier>() {
+              @Override
+              public FirebaseTokenVerifier get() {
+                return FirebaseTokenUtils.createSessionCookieVerifier(app, Clock.SYSTEM, tenantId);
+              }
+            })
+        .setUserManager(
+            new Supplier<FirebaseUserManager>() {
+              @Override
+              public FirebaseUserManager get() {
+                return FirebaseUserManager
+                    .builder()
+                    .setFirebaseApp(app)
+                    .setTenantId(tenantId)
+                    .build();
+              }
+            });
+  }
 }
diff --git a/src/main/java/com/google/firebase/auth/FirebaseAuth.java b/src/main/java/com/google/firebase/auth/FirebaseAuth.java
index f44bd2343..417ea6436 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseAuth.java
@@ -16,21 +16,11 @@
 
 package com.google.firebase.auth;
 
-import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.base.Preconditions.checkNotNull;
-
-import com.google.api.client.util.Clock;
-import com.google.api.core.ApiFuture;
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Strings;
 import com.google.common.base.Supplier;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.ImplFirebaseTrampolines;
-import com.google.firebase.auth.internal.FirebaseTokenFactory;
 import com.google.firebase.auth.multitenancy.TenantManager;
-import com.google.firebase.internal.CallableOperation;
 import com.google.firebase.internal.FirebaseService;
-import com.google.firebase.internal.NonNull;
 
 /**
  * This class is the entry point for all server-side Firebase Authentication actions.
@@ -46,14 +36,9 @@ public final class FirebaseAuth extends AbstractFirebaseAuth {
 
   private final Supplier<TenantManager> tenantManager;
 
-  FirebaseAuth(final Builder builder) {
+  private FirebaseAuth(final Builder builder) {
     super(builder);
-    tenantManager = threadSafeMemoize(new Supplier<TenantManager>() {
-      @Override
-      public TenantManager get() {
-        return new TenantManager(builder.firebaseApp);
-      }
-    });
+    tenantManager = threadSafeMemoize(builder.tenantManager);
   }
 
   public TenantManager getTenantManager() {
@@ -84,167 +69,18 @@ public static synchronized FirebaseAuth getInstance(FirebaseApp app) {
     return service.getInstance();
   }
 
-  /**
-   * Creates a new Firebase session cookie from the given ID token and options. The returned JWT can
-   * be set as a server-side session cookie with a custom cookie policy.
-   *
-   * @param idToken The Firebase ID token to exchange for a session cookie.
-   * @param options Additional options required to create the cookie.
-   * @return A Firebase session cookie string.
-   * @throws IllegalArgumentException If the ID token is null or empty, or if options is null.
-   * @throws FirebaseAuthException If an error occurs while generating the session cookie.
-   */
-  public String createSessionCookie(@NonNull String idToken, @NonNull SessionCookieOptions options)
-      throws FirebaseAuthException {
-    return createSessionCookieOp(idToken, options).call();
-  }
-
-  /**
-   * Similar to {@link #createSessionCookie(String, SessionCookieOptions)} but performs the
-   * operation asynchronously.
-   *
-   * @param idToken The Firebase ID token to exchange for a session cookie.
-   * @param options Additional options required to create the cookie.
-   * @return An {@code ApiFuture} which will complete successfully with a session cookie string. If
-   *     an error occurs while generating the cookie or if the specified ID token is invalid, the
-   *     future throws a {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the ID token is null or empty, or if options is null.
-   */
-  public ApiFuture<String> createSessionCookieAsync(
-      @NonNull String idToken, @NonNull SessionCookieOptions options) {
-    return createSessionCookieOp(idToken, options).callAsync(getFirebaseApp());
-  }
-
-  private CallableOperation<String, FirebaseAuthException> createSessionCookieOp(
-      final String idToken, final SessionCookieOptions options) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(idToken), "idToken must not be null or empty");
-    checkNotNull(options, "options must not be null");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<String, FirebaseAuthException>() {
-      @Override
-      protected String execute() throws FirebaseAuthException {
-        return userManager.createSessionCookie(idToken, options);
-      }
-    };
-  }
-
-  /**
-   * Parses and verifies a Firebase session cookie.
-   *
-   * <p>If verified successfully, returns a parsed version of the cookie from which the UID and the
-   * other claims can be read. If the cookie is invalid, throws a {@link FirebaseAuthException}.
-   *
-   * <p>This method does not check whether the cookie has been revoked. See {@link
-   * #verifySessionCookie(String, boolean)}.
-   *
-   * @param cookie A Firebase session cookie string to verify and parse.
-   * @return A {@link FirebaseToken} representing the verified and decoded cookie.
-   */
-  public FirebaseToken verifySessionCookie(String cookie) throws FirebaseAuthException {
-    return verifySessionCookie(cookie, false);
-  }
-
-  /**
-   * Parses and verifies a Firebase session cookie.
-   *
-   * <p>If {@code checkRevoked} is true, additionally verifies that the cookie has not been revoked.
-   *
-   * <p>If verified successfully, returns a parsed version of the cookie from which the UID and the
-   * other claims can be read. If the cookie is invalid or has been revoked while {@code
-   * checkRevoked} is true, throws a {@link FirebaseAuthException}.
-   *
-   * @param cookie A Firebase session cookie string to verify and parse.
-   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
-   * @return A {@link FirebaseToken} representing the verified and decoded cookie.
-   */
-  public FirebaseToken verifySessionCookie(String cookie, boolean checkRevoked)
-      throws FirebaseAuthException {
-    return verifySessionCookieOp(cookie, checkRevoked).call();
-  }
-
-  /**
-   * Similar to {@link #verifySessionCookie(String)} but performs the operation asynchronously.
-   *
-   * @param cookie A Firebase session cookie string to verify and parse.
-   * @return An {@code ApiFuture} which will complete successfully with the parsed cookie, or
-   *     unsuccessfully with the failure Exception.
-   */
-  public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie) {
-    return verifySessionCookieAsync(cookie, false);
-  }
-
-  /**
-   * Similar to {@link #verifySessionCookie(String, boolean)} but performs the operation
-   * asynchronously.
-   *
-   * @param cookie A Firebase session cookie string to verify and parse.
-   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
-   * @return An {@code ApiFuture} which will complete successfully with the parsed cookie, or
-   *     unsuccessfully with the failure Exception.
-   */
-  public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie, boolean checkRevoked) {
-    return verifySessionCookieOp(cookie, checkRevoked).callAsync(getFirebaseApp());
-  }
-
-  private CallableOperation<FirebaseToken, FirebaseAuthException> verifySessionCookieOp(
-      final String cookie, final boolean checkRevoked) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(cookie), "Session cookie must not be null or empty");
-    final FirebaseTokenVerifier sessionCookieVerifier = getSessionCookieVerifier(checkRevoked);
-    return new CallableOperation<FirebaseToken, FirebaseAuthException>() {
-      @Override
-      public FirebaseToken execute() throws FirebaseAuthException {
-        return sessionCookieVerifier.verifyToken(cookie);
-      }
-    };
-  }
-
-  @VisibleForTesting
-  FirebaseTokenVerifier getSessionCookieVerifier(boolean checkRevoked) {
-    FirebaseTokenVerifier verifier = getCookieVerifier();
-    if (checkRevoked) {
-      FirebaseUserManager userManager = getUserManager();
-      verifier = RevocationCheckDecorator.decorateSessionCookieVerifier(verifier, userManager);
-    }
-    return verifier;
-  }
-
   @Override
   protected void doDestroy() { }
 
   private static FirebaseAuth fromApp(final FirebaseApp app) {
-    return new FirebaseAuth(
-        AbstractFirebaseAuth.builder()
-          .setFirebaseApp(app)
-          .setTokenFactory(
-              new Supplier<FirebaseTokenFactory>() {
-                @Override
-                public FirebaseTokenFactory get() {
-                  return FirebaseTokenUtils.createTokenFactory(app, Clock.SYSTEM);
-                }
-              })
-          .setIdTokenVerifier(
-              new Supplier<FirebaseTokenVerifier>() {
-                @Override
-                public FirebaseTokenVerifier get() {
-                  return FirebaseTokenUtils.createIdTokenVerifier(app, Clock.SYSTEM);
-                }
-              })
-          .setCookieVerifier(
-              new Supplier<FirebaseTokenVerifier>() {
-                @Override
-                public FirebaseTokenVerifier get() {
-                  return FirebaseTokenUtils.createSessionCookieVerifier(app, Clock.SYSTEM);
-                }
-            })
-          .setUserManager(
-              new Supplier<FirebaseUserManager>() {
-                @Override
-                public FirebaseUserManager get() {
-                  return FirebaseUserManager.builder().setFirebaseApp(app).build();
-                }
-              }));
+    return populateBuilderFromApp(builder(), app, null)
+        .setTenantManager(new Supplier<TenantManager>() {
+          @Override
+          public TenantManager get() {
+            return new TenantManager(app);
+          }
+        })
+        .build();
   }
 
   private static class FirebaseAuthService extends FirebaseService<FirebaseAuth> {
@@ -258,4 +94,29 @@ public void destroy() {
       instance.destroy();
     }
   }
+
+  static Builder builder() {
+    return new Builder();
+  }
+
+  static class Builder extends AbstractFirebaseAuth.Builder<Builder> {
+
+    private Supplier<TenantManager> tenantManager;
+
+    private Builder() { }
+
+    @Override
+    protected Builder getThis() {
+      return this;
+    }
+
+    public Builder setTenantManager(Supplier<TenantManager> tenantManager) {
+      this.tenantManager = tenantManager;
+      return this;
+    }
+
+    public FirebaseAuth build() {
+      return new FirebaseAuth(this);
+    }
+  }
 }
diff --git a/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java b/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java
index e0105e9aa..7c8f9f0a5 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java
@@ -99,6 +99,11 @@ static FirebaseTokenVerifierImpl createIdTokenVerifier(
   }
 
   static FirebaseTokenVerifierImpl createSessionCookieVerifier(FirebaseApp app, Clock clock) {
+    return createSessionCookieVerifier(app, clock, null);
+  }
+
+  static FirebaseTokenVerifierImpl createSessionCookieVerifier(
+      FirebaseApp app, Clock clock, @Nullable String tenantId) {
     String projectId = ImplFirebaseTrampolines.getProjectId(app);
     checkState(!Strings.isNullOrEmpty(projectId),
         "Must initialize FirebaseApp with a project ID to call verifySessionCookie()");
@@ -107,12 +112,13 @@ static FirebaseTokenVerifierImpl createSessionCookieVerifier(FirebaseApp app, Cl
     GooglePublicKeysManager publicKeysManager = newPublicKeysManager(
         app.getOptions(), clock, SESSION_COOKIE_CERT_URL);
     return FirebaseTokenVerifierImpl.builder()
-        .setJsonFactory(app.getOptions().getJsonFactory())
-        .setPublicKeysManager(publicKeysManager)
-        .setIdTokenVerifier(idTokenVerifier)
         .setShortName("session cookie")
         .setMethod("verifySessionCookie()")
         .setDocUrl("https://firebase.google.com/docs/auth/admin/manage-cookies")
+        .setJsonFactory(app.getOptions().getJsonFactory())
+        .setPublicKeysManager(publicKeysManager)
+        .setIdTokenVerifier(idTokenVerifier)
+        .setTenantId(tenantId)
         .build();
   }
 
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java b/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java
index 540437404..95ef169da 100644
--- a/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java
@@ -18,9 +18,16 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 
+import com.google.api.core.ApiAsyncFunction;
+import com.google.api.core.ApiFuture;
+import com.google.api.core.ApiFutures;
 import com.google.common.base.Strings;
+import com.google.common.util.concurrent.MoreExecutors;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.auth.AbstractFirebaseAuth;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.auth.FirebaseToken;
+import com.google.firebase.auth.SessionCookieOptions;
 
 /**
  * The tenant-aware Firebase client.
@@ -32,10 +39,10 @@ public final class TenantAwareFirebaseAuth extends AbstractFirebaseAuth {
 
   private final String tenantId;
 
-  TenantAwareFirebaseAuth(final FirebaseApp firebaseApp, final String tenantId) {
-    super(builderFromAppAndTenantId(firebaseApp, tenantId));
-    checkArgument(!Strings.isNullOrEmpty(tenantId));
-    this.tenantId = tenantId;
+  private TenantAwareFirebaseAuth(Builder builder) {
+    super(builder);
+    checkArgument(!Strings.isNullOrEmpty(builder.tenantId));
+    this.tenantId = builder.tenantId;
   }
 
   /** Returns the client's tenant ID. */
@@ -43,8 +50,58 @@ public String getTenantId() {
     return tenantId;
   }
 
+  @Override
+  public String createSessionCookie(
+      String idToken, SessionCookieOptions options) throws FirebaseAuthException {
+    verifyIdToken(idToken);
+    return super.createSessionCookie(idToken, options);
+  }
+
+  @Override
+  public ApiFuture<String> createSessionCookieAsync(
+      final String idToken, final SessionCookieOptions options) {
+    ApiFuture<FirebaseToken> future = verifyIdTokenAsync(idToken);
+    return ApiFutures.transformAsync(future, new ApiAsyncFunction<FirebaseToken, String>() {
+      @Override
+      public ApiFuture<String> apply(FirebaseToken input) {
+        return TenantAwareFirebaseAuth.super.createSessionCookieAsync(idToken, options);
+      }
+    }, MoreExecutors.directExecutor());
+  }
+
   @Override
   protected void doDestroy() {
     // Nothing extra needs to be destroyed.
   }
+
+  static TenantAwareFirebaseAuth fromApp(FirebaseApp app, String tenantId) {
+    return populateBuilderFromApp(builder(), app, tenantId)
+        .setTenantId(tenantId)
+        .build();
+  }
+
+  static Builder builder() {
+    return new Builder();
+  }
+
+  static class Builder extends AbstractFirebaseAuth.Builder<Builder> {
+
+    private String tenantId;
+
+    private Builder() { }
+
+    @Override
+    protected Builder getThis() {
+      return this;
+    }
+
+    public Builder setTenantId(String tenantId) {
+      this.tenantId = tenantId;
+      return this;
+    }
+
+    TenantAwareFirebaseAuth build() {
+      return new TenantAwareFirebaseAuth(this);
+    }
+  }
 }
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java b/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java
index 11f26b096..dcb226d28 100644
--- a/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java
+++ b/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java
@@ -79,7 +79,7 @@ public Tenant getTenant(@NonNull String tenantId) throws FirebaseAuthException {
   public synchronized TenantAwareFirebaseAuth getAuthForTenant(@NonNull String tenantId) {
     checkArgument(!Strings.isNullOrEmpty(tenantId), "Tenant ID must not be null or empty.");
     if (!tenantAwareAuths.containsKey(tenantId)) {
-      tenantAwareAuths.put(tenantId, new TenantAwareFirebaseAuth(firebaseApp, tenantId));
+      tenantAwareAuths.put(tenantId, TenantAwareFirebaseAuth.fromApp(firebaseApp, tenantId));
     }
     return tenantAwareAuths.get(tenantId);
   }
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
index 635e1bfba..bfc8d1790 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
@@ -20,6 +20,7 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNotSame;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -28,11 +29,11 @@
 import com.google.common.base.Defaults;
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
-import com.google.common.collect.ImmutableMap;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.testing.ServiceAccount;
+import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
@@ -43,7 +44,6 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 import java.util.concurrent.atomic.AtomicInteger;
-
 import org.junit.After;
 import org.junit.Test;
 
@@ -169,8 +169,7 @@ public void testDefaultIdTokenVerifier() {
 
   @Test
   public void testIdTokenVerifierInitializedOnDemand() throws Exception {
-    FirebaseTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
-        getFirebaseToken("idTokenUser"));
+    FirebaseTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("idTokenUser");
     CountingSupplier<FirebaseTokenVerifier> countingSupplier = new CountingSupplier<>(
         Suppliers.ofInstance(tokenVerifier));
 
@@ -185,37 +184,33 @@ public void testIdTokenVerifierInitializedOnDemand() throws Exception {
 
   @Test
   public void testVerifyIdTokenWithNull() {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(null);
-    tokenVerifier.lastTokenString = "_init_";
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("uid");
     FirebaseAuth auth = getAuthForIdTokenVerification(tokenVerifier);
 
     try {
       auth.verifyIdTokenAsync(null);
       fail("No error thrown for null id token");
     } catch (IllegalArgumentException expected) {
-      assertEquals("_init_", tokenVerifier.getLastTokenString());
+      assertNull(tokenVerifier.getLastTokenString());
     }
   }
 
   @Test
   public void testVerifyIdTokenWithEmptyString() {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(null);
-    tokenVerifier.lastTokenString = "_init_";
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("uid");
     FirebaseAuth auth = getAuthForIdTokenVerification(tokenVerifier);
 
     try {
       auth.verifyIdTokenAsync("");
       fail("No error thrown for null id token");
     } catch (IllegalArgumentException expected) {
-      assertEquals("_init_", tokenVerifier.getLastTokenString());
+      assertNull(tokenVerifier.getLastTokenString());
     }
-
   }
 
   @Test
   public void testVerifyIdToken() throws Exception {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
-        getFirebaseToken("testUser"));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("testUser");
     FirebaseAuth auth = getAuthForIdTokenVerification(tokenVerifier);
 
     FirebaseToken firebaseToken = auth.verifyIdToken("idtoken");
@@ -242,8 +237,7 @@ public void testVerifyIdTokenFailure() {
 
   @Test
   public void testVerifyIdTokenAsync() throws Exception {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
-        getFirebaseToken("testUser"));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("testUser");
     FirebaseAuth auth = getAuthForIdTokenVerification(tokenVerifier);
 
     FirebaseToken firebaseToken = auth.verifyIdTokenAsync("idtoken").get();
@@ -300,8 +294,7 @@ public void testDefaultSessionCookieVerifier() {
 
   @Test
   public void testSessionCookieVerifierInitializedOnDemand() throws Exception {
-    FirebaseTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
-        getFirebaseToken("cookieUser"));
+    FirebaseTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("cookieUser");
     CountingSupplier<FirebaseTokenVerifier> countingSupplier = new CountingSupplier<>(
         Suppliers.ofInstance(tokenVerifier));
     FirebaseAuth auth = getAuthForSessionCookieVerification(countingSupplier);
@@ -316,37 +309,33 @@ public void testSessionCookieVerifierInitializedOnDemand() throws Exception {
 
   @Test
   public void testVerifySessionCookieWithNull() {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(null);
-    tokenVerifier.lastTokenString = "_init_";
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("uid");
     FirebaseAuth auth = getAuthForSessionCookieVerification(tokenVerifier);
 
     try {
       auth.verifySessionCookieAsync(null);
       fail("No error thrown for null id token");
     } catch (IllegalArgumentException expected) {
-      assertEquals("_init_", tokenVerifier.getLastTokenString());
+      assertNull(tokenVerifier.getLastTokenString());
     }
   }
 
   @Test
   public void testVerifySessionCookieWithEmptyString() {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(null);
-    tokenVerifier.lastTokenString = "_init_";
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("uid");
     FirebaseAuth auth = getAuthForSessionCookieVerification(tokenVerifier);
 
     try {
       auth.verifySessionCookieAsync("");
       fail("No error thrown for null id token");
     } catch (IllegalArgumentException expected) {
-      assertEquals("_init_", tokenVerifier.getLastTokenString());
+      assertNull(tokenVerifier.getLastTokenString());
     }
-
   }
 
   @Test
   public void testVerifySessionCookie() throws Exception {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
-        getFirebaseToken("testUser"));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("testUser");
     FirebaseAuth auth = getAuthForSessionCookieVerification(tokenVerifier);
 
     FirebaseToken firebaseToken = auth.verifySessionCookie("idtoken");
@@ -373,8 +362,7 @@ public void testVerifySessionCookieFailure() {
 
   @Test
   public void testVerifySessionCookieAsync() throws Exception {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
-        getFirebaseToken("testUser"));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("testUser");
     FirebaseAuth auth = getAuthForSessionCookieVerification(tokenVerifier);
 
     FirebaseToken firebaseToken = auth.verifySessionCookieAsync("idtoken").get();
@@ -417,10 +405,6 @@ public void testVerifySessionCookieWithCheckRevokedAsyncFailure() throws Interru
     }
   }
 
-  private FirebaseToken getFirebaseToken(String subject) {
-    return new FirebaseToken(ImmutableMap.<String, Object>of("sub", subject));
-  }
-
   private FirebaseAuth getAuthForIdTokenVerification(FirebaseTokenVerifier tokenVerifier) {
     return getAuthForIdTokenVerification(Suppliers.ofInstance(tokenVerifier));
   }
@@ -429,11 +413,11 @@ private FirebaseAuth getAuthForIdTokenVerification(
       Supplier<? extends FirebaseTokenVerifier> tokenVerifierSupplier) {
     FirebaseApp app = FirebaseApp.initializeApp(firebaseOptions);
     FirebaseUserManager userManager = FirebaseUserManager.builder().setFirebaseApp(app).build();
-    return new FirebaseAuth(
-        AbstractFirebaseAuth.builder()
-          .setFirebaseApp(app)
-          .setIdTokenVerifier(tokenVerifierSupplier)
-          .setUserManager(Suppliers.ofInstance(userManager)));
+    return FirebaseAuth.builder()
+        .setFirebaseApp(app)
+        .setIdTokenVerifier(tokenVerifierSupplier)
+        .setUserManager(Suppliers.ofInstance(userManager))
+        .build();
   }
 
   private FirebaseAuth getAuthForSessionCookieVerification(FirebaseTokenVerifier tokenVerifier) {
@@ -444,45 +428,23 @@ private FirebaseAuth getAuthForSessionCookieVerification(
       Supplier<? extends FirebaseTokenVerifier> tokenVerifierSupplier) {
     FirebaseApp app = FirebaseApp.initializeApp(firebaseOptions);
     FirebaseUserManager userManager = FirebaseUserManager.builder().setFirebaseApp(app).build();
-    return new FirebaseAuth(
-          AbstractFirebaseAuth.builder()
-          .setFirebaseApp(app)
-          .setCookieVerifier(tokenVerifierSupplier)
-          .setUserManager(Suppliers.ofInstance(userManager)));
+    return FirebaseAuth.builder()
+        .setFirebaseApp(app)
+        .setCookieVerifier(tokenVerifierSupplier)
+        .setUserManager(Suppliers.ofInstance(userManager))
+        .build();
   }
 
-  private static class MockTokenVerifier implements FirebaseTokenVerifier {
-
-    private String lastTokenString;
-
-    private FirebaseToken result;
-    private FirebaseAuthException exception;
-
-    private MockTokenVerifier(FirebaseToken result, FirebaseAuthException exception) {
-      this.result = result;
-      this.exception = exception;
-    }
-
-    @Override
-    public FirebaseToken verifyToken(String token) throws FirebaseAuthException {
-      lastTokenString = token;
-      if (exception != null) {
-        throw exception;
-      }
-      return result;
-    }
-
-    String getLastTokenString() {
-      return this.lastTokenString;
-    }
-
-    static MockTokenVerifier fromResult(FirebaseToken result) {
-      return new MockTokenVerifier(result, null);
-    }
-
-    static MockTokenVerifier fromException(FirebaseAuthException exception) {
-      return new MockTokenVerifier(null, exception);
-    }
+  public static TestResponseInterceptor setUserManager(
+      AbstractFirebaseAuth.Builder<?> builder, FirebaseApp app, String tenantId) {
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    FirebaseUserManager userManager = FirebaseUserManager.builder()
+        .setFirebaseApp(app)
+        .setTenantId(tenantId)
+        .build();
+    userManager.setInterceptor(interceptor);
+    builder.setUserManager(Suppliers.ofInstance(userManager));
+    return interceptor;
   }
 
   private static class CountingSupplier<T> implements Supplier<T> {
diff --git a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
index 5dd1e9c14..379da0a57 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
@@ -217,6 +217,19 @@ public void testMalformedToken() throws Exception {
     tokenVerifier.verifyToken("not.a.jwt");
   }
 
+  @Test
+  public void testVerifyTokenWithTenantId() throws FirebaseAuthException {
+    FirebaseTokenVerifierImpl verifier = fullyPopulatedBuilder()
+        .setTenantId("TENANT_1")
+        .build();
+
+    FirebaseToken firebaseToken = verifier.verifyToken(createTokenWithTenantId("TENANT_1"));
+
+    assertEquals(TEST_TOKEN_ISSUER, firebaseToken.getIssuer());
+    assertEquals(TestTokenFactory.UID, firebaseToken.getUid());
+    assertEquals("TENANT_1", firebaseToken.getTenantId());
+  }
+
   @Test
   public void testVerifyTokenDifferentTenantIds() {
     try {
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index d407fd8ec..7012ef6bf 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -2602,19 +2602,18 @@ private static FirebaseAuth getRetryDisabledAuth(MockLowLevelHttpResponse respon
         .setProjectId("test-project-id")
         .setHttpTransport(transport)
         .build());
-    return new FirebaseAuth(
-        AbstractFirebaseAuth.builder()
-          .setFirebaseApp(app)
-          .setUserManager(new Supplier<FirebaseUserManager>() {
-            @Override
-            public FirebaseUserManager get() {
-              return FirebaseUserManager
-                .builder()
-                .setFirebaseApp(app)
-                .setHttpRequestFactory(transport.createRequestFactory())
-                .build();
-            }
-          }));
+    return FirebaseAuth.builder()
+        .setFirebaseApp(app)
+        .setUserManager(new Supplier<FirebaseUserManager>() {
+          @Override
+          public FirebaseUserManager get() {
+            return FirebaseUserManager.builder()
+              .setFirebaseApp(app)
+              .setHttpRequestFactory(transport.createRequestFactory())
+              .build();
+          }
+          })
+        .build();
   }
 
   private static void checkUserRecord(UserRecord userRecord) {
diff --git a/src/test/java/com/google/firebase/auth/MockTokenVerifier.java b/src/test/java/com/google/firebase/auth/MockTokenVerifier.java
new file mode 100644
index 000000000..51f7d5a47
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/MockTokenVerifier.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import com.google.common.collect.ImmutableMap;
+import java.util.concurrent.atomic.AtomicReference;
+
+public class MockTokenVerifier implements FirebaseTokenVerifier {
+
+  private final FirebaseToken result;
+  private final FirebaseAuthException exception;
+  private final AtomicReference<String> lastTokenString = new AtomicReference<>();
+
+  private MockTokenVerifier(FirebaseToken result, FirebaseAuthException exception) {
+    this.result = result;
+    this.exception = exception;
+  }
+
+  @Override
+  public FirebaseToken verifyToken(String token) throws FirebaseAuthException {
+    lastTokenString.set(token);
+    if (exception != null) {
+      throw exception;
+    }
+    return result;
+  }
+
+  public String getLastTokenString() {
+    return this.lastTokenString.get();
+  }
+
+  public static MockTokenVerifier fromUid(String uid) {
+    long iat = System.currentTimeMillis() / 1000;
+    return fromResult(new FirebaseToken(ImmutableMap.<String, Object>of(
+        "sub", uid, "iat", iat)));
+  }
+
+  public static MockTokenVerifier fromResult(FirebaseToken result) {
+    return new MockTokenVerifier(result, null);
+  }
+
+  public static MockTokenVerifier fromException(FirebaseAuthException exception) {
+    return new MockTokenVerifier(null, exception);
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
new file mode 100644
index 000000000..df7bcf00d
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
@@ -0,0 +1,292 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.multitenancy;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.http.HttpMethods;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.json.GenericJson;
+import com.google.api.client.testing.http.MockHttpTransport;
+import com.google.api.client.testing.http.MockLowLevelHttpResponse;
+import com.google.common.base.Suppliers;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseOptions;
+import com.google.firebase.TestOnlyImplFirebaseTrampolines;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.auth.FirebaseAuthTest;
+import com.google.firebase.auth.FirebaseToken;
+import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.auth.MockTokenVerifier;
+import com.google.firebase.auth.SessionCookieOptions;
+import com.google.firebase.testing.TestResponseInterceptor;
+import com.google.firebase.testing.TestUtils;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigDecimal;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import org.junit.After;
+import org.junit.Test;
+
+public class TenantAwareFirebaseAuthTest {
+
+  private static final String TENANT_ID = "test-tenant";
+
+  private static final String AUTH_BASE_URL = "/v1/projects/test-project-id/tenants/" + TENANT_ID;
+
+  private static final SessionCookieOptions COOKIE_OPTIONS = SessionCookieOptions.builder()
+      .setExpiresIn(TimeUnit.HOURS.toMillis(1))
+      .build();
+
+  private static final FirebaseAuthException AUTH_EXCEPTION = new FirebaseAuthException(
+      "code", "reason");
+
+  private static final String CREATE_COOKIE_RESPONSE = TestUtils.loadResource(
+      "createSessionCookie.json");
+
+  @After
+  public void tearDown() {
+    TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
+  }
+
+  @Test
+  public void testCreateSessionCookieAsync() throws Exception {
+    MockTokenVerifier verifier = MockTokenVerifier.fromUid("uid");
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(verifier);
+    TestResponseInterceptor interceptor = setUserManager(builder, CREATE_COOKIE_RESPONSE);
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    String cookie = auth.createSessionCookieAsync("testToken", COOKIE_OPTIONS).get();
+
+    assertEquals("MockCookieString", cookie);
+    assertEquals("testToken", verifier.getLastTokenString());
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals(2, parsed.size());
+    assertEquals("testToken", parsed.get("idToken"));
+    assertEquals(new BigDecimal(3600), parsed.get("validDuration"));
+    checkUrl(interceptor, AUTH_BASE_URL + ":createSessionCookie");
+  }
+
+  @Test
+  public void testCreateSessionCookieAsyncError() throws Exception {
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(
+        MockTokenVerifier.fromException(AUTH_EXCEPTION));
+    TestResponseInterceptor interceptor = setUserManager(builder, CREATE_COOKIE_RESPONSE);
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    try {
+      auth.createSessionCookieAsync("testToken", COOKIE_OPTIONS).get();
+      fail("No error thrown for invalid ID token");
+    } catch (ExecutionException e) {
+      assertTrue(e.getCause() instanceof FirebaseAuthException);
+      FirebaseAuthException cause = (FirebaseAuthException) e.getCause();
+      assertEquals("code", cause.getErrorCode());
+    }
+
+    assertNull(interceptor.getResponse());
+  }
+
+  @Test
+  public void testCreateSessionCookie() throws Exception {
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(
+        MockTokenVerifier.fromUid("uid"));
+    TestResponseInterceptor interceptor = setUserManager(builder, CREATE_COOKIE_RESPONSE);
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    String cookie = auth.createSessionCookie("testToken", COOKIE_OPTIONS);
+
+    assertEquals("MockCookieString", cookie);
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals(2, parsed.size());
+    assertEquals("testToken", parsed.get("idToken"));
+    assertEquals(new BigDecimal(3600), parsed.get("validDuration"));
+    checkUrl(interceptor, AUTH_BASE_URL + ":createSessionCookie");
+  }
+
+  @Test
+  public void testCreateSessionCookieError() {
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(
+        MockTokenVerifier.fromException(AUTH_EXCEPTION));
+    TestResponseInterceptor interceptor = setUserManager(builder, CREATE_COOKIE_RESPONSE);
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    try {
+      auth.createSessionCookie("testToken", COOKIE_OPTIONS);
+      fail("No error thrown for invalid ID token");
+    } catch (FirebaseAuthException e) {
+      assertEquals("code", e.getErrorCode());
+    }
+
+    assertNull(interceptor.getResponse());
+  }
+
+  @Test
+  public void testVerifySessionCookie() throws FirebaseAuthException {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("uid");
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(tokenVerifier);
+    setUserManager(builder);
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    FirebaseToken token = auth.verifySessionCookie("cookie");
+
+    assertEquals("uid", token.getUid());
+    assertEquals("cookie", tokenVerifier.getLastTokenString());
+  }
+
+  @Test
+  public void testVerifySessionCookieFailure() {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(AUTH_EXCEPTION);
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(tokenVerifier);
+    setUserManager(builder);
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    try {
+      auth.verifySessionCookie("cookie");
+      fail("No error thrown for invalid token");
+    } catch (FirebaseAuthException authException) {
+      assertEquals("code", authException.getErrorCode());
+      assertEquals("cookie", tokenVerifier.getLastTokenString());
+    }
+  }
+
+  @Test
+  public void testVerifySessionCookieAsync() throws Exception {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("uid");
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(tokenVerifier);
+    setUserManager(builder);
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    FirebaseToken firebaseToken = auth.verifySessionCookieAsync("cookie").get();
+
+    assertEquals("uid", firebaseToken.getUid());
+    assertEquals("cookie", tokenVerifier.getLastTokenString());
+  }
+
+  @Test
+  public void testVerifySessionCookieAsyncFailure() throws InterruptedException {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(AUTH_EXCEPTION);
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(tokenVerifier);
+    setUserManager(builder);
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    try {
+      auth.verifySessionCookieAsync("cookie").get();
+      fail("No error thrown for invalid token");
+    } catch (ExecutionException e) {
+      FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+      assertEquals("code", authException.getErrorCode());
+      assertEquals("cookie", tokenVerifier.getLastTokenString());
+    }
+  }
+
+  @Test
+  public void testVerifySessionCookieWithCheckRevoked() throws FirebaseAuthException {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromUid("uid");
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(tokenVerifier);
+    TestResponseInterceptor interceptor = setUserManager(
+        builder, TestUtils.loadResource("getUser.json"));
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    FirebaseToken token = auth.verifySessionCookie("cookie", true);
+
+    assertEquals("uid", token.getUid());
+    assertEquals("cookie", tokenVerifier.getLastTokenString());
+    checkUrl(interceptor, AUTH_BASE_URL + "/accounts:lookup");
+  }
+
+  @Test
+  public void testVerifySessionCookieWithCheckRevokedFailure() {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(AUTH_EXCEPTION);
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(tokenVerifier);
+    setUserManager(builder);
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    try {
+      auth.verifySessionCookie("cookie", true);
+      fail("No error thrown for invalid token");
+    } catch (FirebaseAuthException e) {
+      assertEquals("code", e.getErrorCode());
+      assertEquals("cookie", tokenVerifier.getLastTokenString());
+    }
+  }
+
+  @Test
+  public void testVerifySessionCookieWithCheckRevokedAsyncFailure() throws InterruptedException {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(AUTH_EXCEPTION);
+    TenantAwareFirebaseAuth.Builder builder = builderForTokenVerification(tokenVerifier);
+    setUserManager(builder);
+    TenantAwareFirebaseAuth auth = builder.build();
+
+    try {
+      auth.verifySessionCookieAsync("cookie", true).get();
+      fail("No error thrown for invalid token");
+    } catch (ExecutionException e) {
+      FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+      assertEquals("code", authException.getErrorCode());
+      assertEquals("cookie", tokenVerifier.getLastTokenString());
+    }
+  }
+
+  private static TenantAwareFirebaseAuth.Builder builderForTokenVerification(
+      MockTokenVerifier verifier) {
+    return TenantAwareFirebaseAuth.builder()
+        .setTenantId(TENANT_ID)
+        .setIdTokenVerifier(Suppliers.ofInstance(verifier))
+        .setCookieVerifier(Suppliers.ofInstance(verifier));
+  }
+
+  private static TestResponseInterceptor setUserManager(TenantAwareFirebaseAuth.Builder builder) {
+    return setUserManager(builder, "{}");
+  }
+
+  private static TestResponseInterceptor setUserManager(
+      TenantAwareFirebaseAuth.Builder builder, String response) {
+    FirebaseApp app = initializeAppWithResponse(response);
+    builder.setFirebaseApp(app);
+    return FirebaseAuthTest.setUserManager(builder, app, TENANT_ID);
+  }
+
+  private static FirebaseApp initializeAppWithResponse(String response) {
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(new MockLowLevelHttpResponse().setContent(response))
+        .build();
+    return FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+        .setCredentials(new MockGoogleCredentials("token"))
+        .setHttpTransport(transport)
+        .setProjectId("test-project-id")
+        .build());
+  }
+
+  private static GenericJson parseRequestContent(TestResponseInterceptor interceptor)
+      throws IOException {
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    interceptor.getResponse().getRequest().getContent().writeTo(out);
+    return Utils.getDefaultJsonFactory().fromString(
+        new String(out.toByteArray()), GenericJson.class);
+  }
+
+  private static void checkUrl(TestResponseInterceptor interceptor, String url) {
+    HttpRequest request = interceptor.getResponse().getRequest();
+    assertEquals(HttpMethods.POST, request.getRequestMethod());
+    assertEquals(url, request.getUrl().getRawPath());
+  }
+}

From 8c86411a5acef67906699bb543df52161ee93a0a Mon Sep 17 00:00:00 2001
From: shambhand <33409682+shambhand@users.noreply.github.com>
Date: Tue, 11 Aug 2020 01:22:29 +0530
Subject: [PATCH 025/354] fix(fcm): Added toString() in TopicManagementResponse
 for logging (#469)

* Added toString() in TopicManagementResponse for logging (#343)

* Used MoreObjects.toStringHelper()

* removed .DS_Store & added it to .gitignore

* unit test case for TopicManagementResponse toString() functionality added for logging

* fixed checkStyle issue of line should not greater than 100 char
---
 .gitignore                                            |  1 +
 .../firebase/messaging/TopicManagementResponse.java   |  9 +++++++++
 .../firebase/messaging/InstanceIdClientImplTest.java  | 11 +++++++++++
 3 files changed, 21 insertions(+)

diff --git a/.gitignore b/.gitignore
index a869aa65d..6e7d29cfd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@ target/
 release.properties
 integration_cert.json
 integration_apikey.txt
+.DS_Store
diff --git a/src/main/java/com/google/firebase/messaging/TopicManagementResponse.java b/src/main/java/com/google/firebase/messaging/TopicManagementResponse.java
index b8f92576e..bbf4c944a 100644
--- a/src/main/java/com/google/firebase/messaging/TopicManagementResponse.java
+++ b/src/main/java/com/google/firebase/messaging/TopicManagementResponse.java
@@ -20,6 +20,7 @@
 import static com.google.common.base.Preconditions.checkState;
 
 import com.google.api.client.json.GenericJson;
+import com.google.common.base.MoreObjects;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.firebase.internal.NonNull;
@@ -122,5 +123,13 @@ public int getIndex() {
     public String getReason() {
       return reason;
     }
+
+    @Override
+    public String toString() {
+      return MoreObjects.toStringHelper(this)
+              .add("index", index)
+              .add("reason", reason)
+              .toString();
+    }
   }
 }
diff --git a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
index f939c8382..c7e1cc24a 100644
--- a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
@@ -340,6 +340,17 @@ public void testTopicManagementResponseWithEmptyList() {
     new TopicManagementResponse(ImmutableList.<GenericJson>of());
   }
 
+  @Test
+  public void testTopicManagementResponseErrorToString() {
+    GenericJson json = new GenericJson().set("error", "test error");
+    ImmutableList<GenericJson> jsonList = ImmutableList.of(json);
+
+    TopicManagementResponse topicManagementResponse = new TopicManagementResponse(jsonList);
+
+    String expected = "[Error{index=0, reason=unknown-error}]";
+    assertEquals(expected, topicManagementResponse.getErrors().toString());
+  }
+
   private static InstanceIdClientImpl initInstanceIdClient(
       final MockLowLevelHttpResponse mockResponse,
       final HttpResponseInterceptor interceptor) {

From e72bf8abb3fb7b681845f6d2cc0cdea5f80af61b Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Tue, 11 Aug 2020 16:23:20 -0400
Subject: [PATCH 026/354] Fix javadoc error caused by having protected
 parameters public methods (#470)

---
 .../google/firebase/auth/AbstractFirebaseAuth.java   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
index 6c841070c..7061d2b44 100644
--- a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -1782,11 +1782,6 @@ public T setFirebaseApp(FirebaseApp firebaseApp) {
       return getThis();
     }
 
-    public T setTokenFactory(Supplier<FirebaseTokenFactory> tokenFactory) {
-      this.tokenFactory = tokenFactory;
-      return getThis();
-    }
-
     public T setIdTokenVerifier(Supplier<? extends FirebaseTokenVerifier> idTokenVerifier) {
       this.idTokenVerifier = idTokenVerifier;
       return getThis();
@@ -1797,10 +1792,15 @@ public T setCookieVerifier(Supplier<? extends FirebaseTokenVerifier> cookieVerif
       return getThis();
     }
 
-    public T setUserManager(Supplier<FirebaseUserManager> userManager) {
+    T setUserManager(Supplier<FirebaseUserManager> userManager) {
       this.userManager = userManager;
       return getThis();
     }
+
+    T setTokenFactory(Supplier<FirebaseTokenFactory> tokenFactory) {
+      this.tokenFactory = tokenFactory;
+      return getThis();
+    }
   }
 
   protected static <T extends Builder<T>> T populateBuilderFromApp(

From 36eb4eaae143e808c529659b72c0aa234c8a4678 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 12 Aug 2020 13:46:18 -0400
Subject: [PATCH 027/354] [chore] Release 6.16.0 (#471)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b0187543a..c2dc9f336 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>6.15.0</version>
+    <version>6.16.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From cc520a721ef3ced13c6c1e34fa010d082a948b99 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Tue, 18 Aug 2020 10:24:17 -0700
Subject: [PATCH 028/354] change: New error handling APIs (merging v7 branch
 into master) (#465)

* Added core types for the error handling revamp (#350)

* Added core types for the error handling revamp

* Fixed copyright year

* Added ErrorHandlingHttpClient API (#353)

* Added core error handling abstractions

* Added unit tests for the new functionality

* Exposed getErrorCode as getErrorCodeNew

* Enabled error code assertions

* Error handling revamp for the FirebaseMessaging API (#357)

* Added core error handling abstractions

* Added unit tests for the new functionality

* Exposed getErrorCode as getErrorCodeNew

* Enabled error code assertions

* Error handling revamp for FCM APIs

* Cleaned up the FirebaseMessagingException

* Cleaned up the AbstractHttpErrorHandler class

* Updated tests

* Error handling revamp for FirebaseInstanceId API (#359)

* Delete instance ID API error handling revamp

* Added tests for IO and parse errors

* fix(auth): Migrated user management APIs to the new error handling scheme (#360)

* Error handling revamp in FirebaseUserManager

* Updated integration tests; Added documentation

* Assigning the correct ErrorCode for auth errors

* Moved AuthErrorHandler to a separate top-level class

* Error handling revamp for token verification APIs (#362)

* Error handling revamp for token verification APIs

* Updated javadocs

* Error handling revamp for the custom token creation API (#366)

* Error handlign revamp for the custom token creation API

* Using the correct authorized HTTP client for IAM requests

* Error handling revamp for the project management API (#367)

* Error handling revamp for the project management API

* Minor code and test cleanup

* Fixed some lint errors; Removed requestFactory reference from project mgt service impl

* Renamed getErrorCodeNew() to getErrorCode() (#379)

* Minor code and test cleanup

* Renamed getErrorCodeNew() to getErrorCode() in FirebaseException

* Fixing checkstyle error

* Fixing some deprecation warnings (#380)

* Handling IID error codes correctly (#381)

* Removed old deprecated APIs (#383)

* fix: Removed unused FirebaseAppStore abstraction (#427)

* fix: Removed unused FirebaseAppStore abstraction

* Using the keySet of App instances to populate the app names list

* chore: Removing redundant test dependency (#441)

* chore: Make user import hashing classes final (#425)

* chore: Merged with v7 branch with master (#456)

* fix(fcm): Replacing deprecated Batch API constructor (#460)

* fix: Handling http method override in ErrorHandlingHttpClient (#459)

* fix: Handling JSON serialization/response interception at ErrorHandlingHttpClient (#462)

* fix: Handling JSON serialization and response interception at ErrorHandlingHttpClient

* fix: Removing redundant method override header

* feat: Added new error codes for IdP management and multitenancy (#458)

* feat: Added new error codes for IdP management and multitenancy

* fix: Updated integration tests

* fix: Renamed helper method

* fix: Removing some calls to deprecated APIs (#464)

* chore: Support for specifying query parameters in HttpRequestInfo (#463)

* chore: Support for specifying query parameters in HttpRequestInfo

* fix: Removing redundant JsonObjectParser from HttpClient

* fix: Fixing a series of javadoc warnings (#466)

* fix: Made some APIs on AbstractFirebaseAuth.Builder package-protected for consistency

* Apply suggestions from code review

Co-authored-by: egilmorez <egilmore@google.com>
Co-authored-by: Kevin Cheung <kevinthecheung@users.noreply.github.com>

* fix: Minor updates to API ref docs based on code review comments

* fix: Fixing API doc wording

Co-authored-by: Horatiu Lazu <horatiulazu@gmail.com>
Co-authored-by: egilmorez <egilmore@google.com>
Co-authored-by: Kevin Cheung <kevinthecheung@users.noreply.github.com>
---
 pom.xml                                       |   6 -
 .../java/com/google/firebase/ErrorCode.java   | 109 +++++
 .../java/com/google/firebase/FirebaseApp.java |  42 +-
 .../FirebaseAppLifecycleListener.java         |   2 +-
 .../google/firebase/FirebaseException.java    |  51 ++-
 .../com/google/firebase/FirebaseOptions.java  |  20 +-
 .../google/firebase/IncomingHttpResponse.java | 114 +++++
 .../google/firebase/OutgoingHttpRequest.java  |  98 ++++
 .../firebase/auth/AbstractFirebaseAuth.java   |  26 +-
 .../google/firebase/auth/AuthErrorCode.java   | 104 +++++
 .../firebase/auth/FirebaseAuthException.java  |  36 +-
 .../firebase/auth/FirebaseTokenUtils.java     |   4 +
 .../auth/FirebaseTokenVerifierImpl.java       | 131 ++++--
 .../firebase/auth/FirebaseUserManager.java    | 230 ++++------
 .../auth/ListProviderConfigsPage.java         |  20 +-
 .../firebase/auth/OidcProviderConfig.java     |   2 +-
 .../auth/RevocationCheckDecorator.java        |  23 +-
 .../com/google/firebase/auth/hash/Bcrypt.java |   2 +-
 .../google/firebase/auth/hash/HmacMd5.java    |   2 +-
 .../google/firebase/auth/hash/HmacSha1.java   |   2 +-
 .../google/firebase/auth/hash/HmacSha256.java |   2 +-
 .../google/firebase/auth/hash/HmacSha512.java |   2 +-
 .../com/google/firebase/auth/hash/Md5.java    |   2 +-
 .../firebase/auth/hash/Pbkdf2Sha256.java      |   2 +-
 .../google/firebase/auth/hash/PbkdfSha1.java  |   2 +-
 .../com/google/firebase/auth/hash/Sha1.java   |   2 +-
 .../com/google/firebase/auth/hash/Sha256.java |   2 +-
 .../com/google/firebase/auth/hash/Sha512.java |   2 +-
 .../firebase/auth/hash/StandardScrypt.java    |   2 +-
 .../auth/internal/AuthErrorHandler.java       | 222 +++++++++
 .../auth/internal/AuthHttpClient.java         | 111 +----
 .../firebase/auth/internal/CryptoSigner.java  |   5 +-
 .../firebase/auth/internal/CryptoSigners.java |  90 ++--
 .../auth/internal/FirebaseTokenFactory.java   |  38 +-
 .../auth/internal/HttpErrorResponse.java      |  49 --
 .../multitenancy/FirebaseTenantClient.java    |  46 +-
 .../auth/multitenancy/ListTenantsPage.java    |  12 +-
 .../auth/multitenancy/TenantManager.java      |   9 +-
 .../database/core/JvmAuthTokenProvider.java   |   2 +-
 .../firebase/iid/FirebaseInstanceId.java      | 101 +++--
 .../iid/FirebaseInstanceIdException.java      |   6 +-
 .../internal/AbstractHttpErrorHandler.java    | 154 +++++++
 .../AbstractPlatformErrorHandler.java         |  98 ++++
 .../firebase/internal/ApiClientUtils.java     |   2 +
 .../internal/ErrorHandlingHttpClient.java     | 144 ++++++
 .../firebase/internal/FirebaseAppStore.java   |  78 ----
 .../firebase/internal/HttpErrorHandler.java   |  44 ++
 .../firebase/internal/HttpRequestInfo.java    | 132 ++++++
 .../firebase/messaging/FirebaseMessaging.java |   4 -
 .../FirebaseMessagingClientImpl.java          | 255 ++++++-----
 .../messaging/FirebaseMessagingException.java |  48 +-
 .../messaging/InstanceIdClientImpl.java       | 165 +++----
 .../firebase/messaging/LightSettings.java     |   4 +-
 .../messaging/MessagingErrorCode.java         |  43 ++
 .../firebase/messaging/Notification.java      |  31 +-
 .../MessagingServiceErrorResponse.java        |  37 +-
 .../FirebaseProjectManagementException.java   |  21 +-
 .../FirebaseProjectManagementServiceImpl.java |  66 +--
 .../projectmanagement/HttpHelper.java         | 170 +++----
 .../com/google/firebase/FirebaseAppTest.java  |  33 +-
 .../firebase/FirebaseExceptionTest.java       | 124 +++++
 .../google/firebase/FirebaseOptionsTest.java  |  39 +-
 .../firebase/IncomingHttpResponseTest.java    | 141 ++++++
 .../firebase/OutgoingHttpRequestTest.java     |  89 ++++
 .../google/firebase/ThreadManagerTest.java    |   7 +-
 .../google/firebase/auth/FirebaseAuthIT.java  | 121 +++--
 .../firebase/auth/FirebaseAuthTest.java       | 177 ++++++--
 .../auth/FirebaseTokenVerifierImplTest.java   | 244 +++++++---
 .../auth/FirebaseUserManagerTest.java         | 423 ++++++++++++------
 .../auth/ProviderConfigTestUtils.java         |  12 +-
 .../google/firebase/auth/UserTestUtils.java   |   4 +-
 .../auth/internal/CryptoSignersTest.java      |  54 ++-
 .../internal/FirebaseTokenFactoryTest.java    |   7 +-
 .../FirebaseTenantClientTest.java             |  91 ++--
 .../TenantAwareFirebaseAuthIT.java            |   5 +-
 .../TenantAwareFirebaseAuthTest.java          |  15 +-
 .../auth/multitenancy/TenantManagerIT.java    |   8 +-
 .../firebase/cloud/FirestoreClientTest.java   |  15 +-
 .../firebase/cloud/StorageClientTest.java     |  10 +-
 .../firebase/database/DataSnapshotTest.java   |   2 +-
 .../database/DatabaseReferenceTest.java       |   2 +-
 .../database/FirebaseDatabaseTest.java        |   4 +-
 .../google/firebase/database/TestHelpers.java |   4 +-
 .../database/ValueExpectationHelper.java      |   4 +-
 .../collection/RBTreeSortedMapTest.java       |  18 +-
 .../core/JvmAuthTokenProviderTest.java        |  28 +-
 .../database/core/JvmPlatformTest.java        |   4 +-
 .../firebase/database/core/RepoTest.java      |   2 +-
 .../firebase/database/core/SyncPointTest.java |   2 +-
 .../DefaultPersistenceManagerTest.java        |   2 +-
 .../persistence/RandomPersistenceTest.java    |   2 +-
 .../database/integration/DataTestIT.java      |   4 +-
 .../FirebaseDatabaseAuthTestIT.java           |  16 +-
 .../integration/FirebaseDatabaseTestIT.java   |   4 +-
 .../database/integration/RulesTestIT.java     |   2 +-
 .../database/integration/ShutdownExample.java |   2 +-
 .../database/utilities/ValidationTest.java    |  38 +-
 .../firebase/iid/FirebaseInstanceIdTest.java  | 170 +++++--
 .../AbstractPlatformErrorHandlerTest.java     | 298 ++++++++++++
 .../internal/CallableOperationTest.java       |   3 +-
 .../internal/ErrorHandlingHttpClientTest.java | 358 +++++++++++++++
 .../internal/FirebaseAppStoreTest.java        |  17 +-
 .../FirebaseRequestInitializerTest.java       |  10 +-
 .../internal/FirebaseThreadManagersTest.java  |   8 +-
 .../firebase/internal/TestApiClientUtils.java |  21 +-
 .../firebase/messaging/BatchResponseTest.java |   5 +-
 .../FirebaseMessagingClientImplTest.java      | 137 ++++--
 .../messaging/FirebaseMessagingIT.java        |  46 +-
 .../messaging/FirebaseMessagingTest.java      |   3 +-
 .../messaging/InstanceIdClientImplTest.java   | 127 ++++--
 .../firebase/messaging/MessageTest.java       |  33 +-
 .../messaging/MulticastMessageTest.java       |   5 +-
 .../firebase/messaging/SendResponseTest.java  |   5 +-
 ...ebaseProjectManagementServiceImplTest.java | 182 ++++++--
 .../FirebaseProjectManagementTest.java        |   5 +-
 .../projectmanagement/IosAppTest.java         |   3 +-
 .../snippets/FirebaseAppSnippets.java         |  14 +-
 .../snippets/FirebaseAuthSnippets.java        |   3 +-
 .../snippets/FirebaseDatabaseSnippets.java    |   2 +-
 .../snippets/FirebaseMessagingSnippets.java   |  24 +-
 .../snippets/FirebaseStorageSnippets.java     |   2 +-
 .../firebase/testing/FirebaseAppRule.java     |   2 -
 .../testing/IntegrationTestUtils.java         |   3 +-
 .../google/firebase/testing/TestUtils.java    |  10 +-
 124 files changed, 4687 insertions(+), 1797 deletions(-)
 create mode 100644 src/main/java/com/google/firebase/ErrorCode.java
 create mode 100644 src/main/java/com/google/firebase/IncomingHttpResponse.java
 create mode 100644 src/main/java/com/google/firebase/OutgoingHttpRequest.java
 create mode 100644 src/main/java/com/google/firebase/auth/AuthErrorCode.java
 create mode 100644 src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
 delete mode 100644 src/main/java/com/google/firebase/auth/internal/HttpErrorResponse.java
 create mode 100644 src/main/java/com/google/firebase/internal/AbstractHttpErrorHandler.java
 create mode 100644 src/main/java/com/google/firebase/internal/AbstractPlatformErrorHandler.java
 create mode 100644 src/main/java/com/google/firebase/internal/ErrorHandlingHttpClient.java
 delete mode 100644 src/main/java/com/google/firebase/internal/FirebaseAppStore.java
 create mode 100644 src/main/java/com/google/firebase/internal/HttpErrorHandler.java
 create mode 100644 src/main/java/com/google/firebase/internal/HttpRequestInfo.java
 create mode 100644 src/main/java/com/google/firebase/messaging/MessagingErrorCode.java
 create mode 100644 src/test/java/com/google/firebase/FirebaseExceptionTest.java
 create mode 100644 src/test/java/com/google/firebase/IncomingHttpResponseTest.java
 create mode 100644 src/test/java/com/google/firebase/OutgoingHttpRequestTest.java
 create mode 100644 src/test/java/com/google/firebase/internal/AbstractPlatformErrorHandlerTest.java
 create mode 100644 src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java

diff --git a/pom.xml b/pom.xml
index c2dc9f336..a72301d5b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -477,12 +477,6 @@
             <version>0.6</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>com.cedarsoftware</groupId>
-            <artifactId>java-util</artifactId>
-            <version>1.26.0</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
diff --git a/src/main/java/com/google/firebase/ErrorCode.java b/src/main/java/com/google/firebase/ErrorCode.java
new file mode 100644
index 000000000..0eaa9cec2
--- /dev/null
+++ b/src/main/java/com/google/firebase/ErrorCode.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase;
+
+/**
+ * Platform-wide error codes that can be raised by Admin SDK APIs.
+ */
+public enum ErrorCode {
+
+  /**
+   * Client specified an invalid argument.
+   */
+  INVALID_ARGUMENT,
+
+  /**
+   * Request cannot be executed in the current system state, such as deleting a non-empty
+   * directory.
+   */
+  FAILED_PRECONDITION,
+
+  /**
+   * Client specified an invalid range.
+   */
+  OUT_OF_RANGE,
+
+  /**
+   * Request not authenticated due to missing, invalid, or expired OAuth token.
+   */
+  UNAUTHENTICATED,
+
+  /**
+   * Client does not have sufficient permission. This can happen because the OAuth token does
+   * not have the right scopes, the client doesn't have permission, or the API has not been
+   * enabled for the client project.
+   */
+  PERMISSION_DENIED,
+
+  /**
+   * A specified resource is not found, or the request is rejected for unknown reasons,
+   * such as a blocked network address.
+   */
+  NOT_FOUND,
+
+  /**
+   * Concurrency conflict, such as read-modify-write conflict.
+   */
+  CONFLICT,
+
+  /**
+   * Concurrency conflict, such as read-modify-write conflict.
+   */
+  ABORTED,
+
+  /**
+   * The resource that a client tried to create already exists.
+   */
+  ALREADY_EXISTS,
+
+  /**
+   * Either out of resource quota or rate limited.
+   */
+  RESOURCE_EXHAUSTED,
+
+  /**
+   * Request cancelled by the client.
+   */
+  CANCELLED,
+
+  /**
+   * Unrecoverable data loss or data corruption. The client should report the error to the user.
+   */
+  DATA_LOSS,
+
+  /**
+   * Unknown server error. Typically a server bug.
+   */
+  UNKNOWN,
+
+  /**
+   * Internal server error. Typically a server bug.
+   */
+  INTERNAL,
+
+  /**
+   * Service unavailable. Typically the server is down.
+   */
+  UNAVAILABLE,
+
+  /**
+   * Request deadline exceeded. This happens only if the caller sets a deadline that is
+   * shorter than the method's default deadline (i.e. requested deadline is not enough for the
+   * server to process the request) and the request did not finish within the deadline.
+   */
+  DEADLINE_EXCEEDED,
+}
diff --git a/src/main/java/com/google/firebase/FirebaseApp.java b/src/main/java/com/google/firebase/FirebaseApp.java
index c60f0ad5e..38482541c 100644
--- a/src/main/java/com/google/firebase/FirebaseApp.java
+++ b/src/main/java/com/google/firebase/FirebaseApp.java
@@ -34,9 +34,7 @@
 import com.google.common.base.Joiner;
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Strings;
-import com.google.common.base.Supplier;
 import com.google.common.collect.ImmutableList;
-import com.google.firebase.internal.FirebaseAppStore;
 import com.google.firebase.internal.FirebaseScheduledExecutor;
 import com.google.firebase.internal.FirebaseService;
 import com.google.firebase.internal.ListenableFuture2ApiFuture;
@@ -48,10 +46,8 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 import java.util.concurrent.Callable;
 import java.util.concurrent.Future;
 import java.util.concurrent.ScheduledExecutorService;
@@ -121,7 +117,6 @@ private FirebaseApp(String name, FirebaseOptions options, TokenRefresher.Factory
 
   /** Returns a list of all FirebaseApps. */
   public static List<FirebaseApp> getApps() {
-    // TODO: reenable persistence. See b/28158809.
     synchronized (appsLock) {
       return ImmutableList.copyOf(instances.values());
     }
@@ -221,21 +216,16 @@ public static FirebaseApp initializeApp(FirebaseOptions options, String name) {
 
   static FirebaseApp initializeApp(FirebaseOptions options, String name,
       TokenRefresher.Factory tokenRefresherFactory) {
-    FirebaseAppStore appStore = FirebaseAppStore.initialize();
     String normalizedName = normalize(name);
-    final FirebaseApp firebaseApp;
     synchronized (appsLock) {
       checkState(
           !instances.containsKey(normalizedName),
           "FirebaseApp name " + normalizedName + " already exists!");
 
-      firebaseApp = new FirebaseApp(normalizedName, options, tokenRefresherFactory);
+      FirebaseApp firebaseApp = new FirebaseApp(normalizedName, options, tokenRefresherFactory);
       instances.put(normalizedName, firebaseApp);
+      return firebaseApp;
     }
-
-    appStore.persistApp(firebaseApp);
-
-    return firebaseApp;
   }
 
   @VisibleForTesting
@@ -251,19 +241,13 @@ static void clearInstancesForTest() {
   }
 
   private static List<String> getAllAppNames() {
-    Set<String> allAppNames = new HashSet<>();
+    List<String> allAppNames;
     synchronized (appsLock) {
-      for (FirebaseApp app : instances.values()) {
-        allAppNames.add(app.getName());
-      }
-      FirebaseAppStore appStore = FirebaseAppStore.getInstance();
-      if (appStore != null) {
-        allAppNames.addAll(appStore.getAllPersistedAppNames());
-      }
+      allAppNames = new ArrayList<>(instances.keySet());
     }
-    List<String> sortedNameList = new ArrayList<>(allAppNames);
-    Collections.sort(sortedNameList);
-    return sortedNameList;
+
+    Collections.sort(allAppNames);
+    return ImmutableList.copyOf(allAppNames);
   }
 
   /** Normalizes the app name. */
@@ -359,11 +343,6 @@ public void delete() {
     synchronized (appsLock) {
       instances.remove(name);
     }
-
-    FirebaseAppStore appStore = FirebaseAppStore.getInstance();
-    if (appStore != null) {
-      appStore.removeApp(name);
-    }
   }
 
   private void checkNotDeleted() {
@@ -582,18 +561,17 @@ enum State {
   private static FirebaseOptions getOptionsFromEnvironment() throws IOException {
     String defaultConfig = System.getenv(FIREBASE_CONFIG_ENV_VAR);
     if (Strings.isNullOrEmpty(defaultConfig)) {
-      return new FirebaseOptions.Builder()
+      return FirebaseOptions.builder()
           .setCredentials(APPLICATION_DEFAULT_CREDENTIALS)
           .build();
     }
     JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-    FirebaseOptions.Builder builder = new FirebaseOptions.Builder();
+    FirebaseOptions.Builder builder = FirebaseOptions.builder();
     JsonParser parser;
     if (defaultConfig.startsWith("{")) {
       parser = jsonFactory.createJsonParser(defaultConfig);
     } else {
-      FileReader reader;
-      reader = new FileReader(defaultConfig);
+      FileReader reader = new FileReader(defaultConfig);
       parser = jsonFactory.createJsonParser(reader);
     }
     parser.parseAndClose(builder);
diff --git a/src/main/java/com/google/firebase/FirebaseAppLifecycleListener.java b/src/main/java/com/google/firebase/FirebaseAppLifecycleListener.java
index 60118c249..6493edb60 100644
--- a/src/main/java/com/google/firebase/FirebaseAppLifecycleListener.java
+++ b/src/main/java/com/google/firebase/FirebaseAppLifecycleListener.java
@@ -19,7 +19,7 @@
 /** 
  * A listener which gets notified when {@link com.google.firebase.FirebaseApp} gets deleted. 
  */
-// TODO: consider making it public in a future release.
+@Deprecated
 interface FirebaseAppLifecycleListener {
 
   /**
diff --git a/src/main/java/com/google/firebase/FirebaseException.java b/src/main/java/com/google/firebase/FirebaseException.java
index f78b3fb98..a5bb80424 100644
--- a/src/main/java/com/google/firebase/FirebaseException.java
+++ b/src/main/java/com/google/firebase/FirebaseException.java
@@ -17,24 +17,55 @@
 package com.google.firebase;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.base.Strings;
 import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
 
-/** Base class for all Firebase exceptions. */
+/**
+ * Base class for all Firebase exceptions.
+ */
 public class FirebaseException extends Exception {
 
-  // TODO(b/27677218): Exceptions should have non-empty messages.
-  @Deprecated
-  protected FirebaseException() {}
+  private final ErrorCode errorCode;
+  private final IncomingHttpResponse httpResponse;
+
+  public FirebaseException(
+      @NonNull ErrorCode errorCode,
+      @NonNull String message,
+      @Nullable Throwable cause,
+      @Nullable IncomingHttpResponse httpResponse) {
+    super(message, cause);
+    checkArgument(!Strings.isNullOrEmpty(message), "Message must not be null or empty");
+    this.errorCode = checkNotNull(errorCode, "ErrorCode must not be null");
+    this.httpResponse = httpResponse;
+  }
+
+  public FirebaseException(
+      @NonNull ErrorCode errorCode,
+      @NonNull String message,
+      @Nullable Throwable cause) {
+    this(errorCode, message, cause, null);
+  }
 
-  public FirebaseException(@NonNull String detailMessage) {
-    super(detailMessage);
-    checkArgument(!Strings.isNullOrEmpty(detailMessage), "Detail message must not be empty");
+  /**
+   * Returns the platform-wide error code associated with this exception.
+   *
+   * @return A Firebase error code.
+   */
+  public final ErrorCode getErrorCode() {
+    return errorCode;
   }
 
-  public FirebaseException(@NonNull String detailMessage, Throwable cause) {
-    super(detailMessage, cause);
-    checkArgument(!Strings.isNullOrEmpty(detailMessage), "Detail message must not be empty");
+  /**
+   * Returns the HTTP response that resulted in this exception. If the exception was not caused by
+   * an HTTP error response, returns null.
+   *
+   * @return An HTTP response or null.
+   */
+  @Nullable
+  public final IncomingHttpResponse getHttpResponse() {
+    return httpResponse;
   }
 }
diff --git a/src/main/java/com/google/firebase/FirebaseOptions.java b/src/main/java/com/google/firebase/FirebaseOptions.java
index f0561d5e5..6ee074d6f 100644
--- a/src/main/java/com/google/firebase/FirebaseOptions.java
+++ b/src/main/java/com/google/firebase/FirebaseOptions.java
@@ -223,6 +223,16 @@ public static Builder builder() {
     return new Builder();
   }
 
+  /**
+   * Creates a new {@code Builder} from the options object.
+   *
+   * <p>The new builder is not backed by this object's values; that is, changes made to the new
+   * builder don't change the values of the origin object.
+   */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
   /**
    * Builder for constructing {@link FirebaseOptions}. 
    */
@@ -249,7 +259,12 @@ public static final class Builder {
     private int connectTimeout;
     private int readTimeout;
 
-    /** Constructs an empty builder. */
+    /**
+     * Constructs an empty builder.
+     *
+     * @deprecated Use {@link FirebaseOptions#builder()} instead.
+     */
+    @Deprecated
     public Builder() {}
 
     /**
@@ -257,7 +272,10 @@ public Builder() {}
      *
      * <p>The new builder is not backed by this object's values, that is changes made to the new
      * builder don't change the values of the origin object.
+     *
+     * @deprecated Use {@link FirebaseOptions#toBuilder()} instead.
      */
+    @Deprecated
     public Builder(FirebaseOptions options) {
       databaseUrl = options.databaseUrl;
       storageBucket = options.storageBucket;
diff --git a/src/main/java/com/google/firebase/IncomingHttpResponse.java b/src/main/java/com/google/firebase/IncomingHttpResponse.java
new file mode 100644
index 000000000..cfeac5e70
--- /dev/null
+++ b/src/main/java/com/google/firebase/IncomingHttpResponse.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpResponse;
+import com.google.api.client.http.HttpResponseException;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.database.annotations.Nullable;
+import java.util.Map;
+
+/**
+ * Contains information that describes an HTTP response received by the SDK.
+ */
+public final class IncomingHttpResponse {
+
+  private final int statusCode;
+  private final String content;
+  private final Map<String, Object> headers;
+  private final OutgoingHttpRequest request;
+
+  /**
+   * Creates an {@code IncomingHttpResponse} from a successful response and the content read
+   * from it. The caller is expected to read the content from the response, and handle any errors
+   * that may occur while reading.
+   *
+   * @param response A successful response.
+   * @param content Content read from the response.
+   */
+  public IncomingHttpResponse(HttpResponse response, @Nullable String content) {
+    checkNotNull(response, "response must not be null");
+    this.statusCode = response.getStatusCode();
+    this.content = content;
+    this.headers = ImmutableMap.copyOf(response.getHeaders());
+    this.request = new OutgoingHttpRequest(response.getRequest());
+  }
+
+  /**
+   * Creates an {@code IncomingHttpResponse} from an HTTP error response.
+   *
+   * @param e The exception representing the HTTP error response.
+   * @param request The request that resulted in the error.
+   */
+  public IncomingHttpResponse(HttpResponseException e, HttpRequest request) {
+    this(e, new OutgoingHttpRequest(request));
+  }
+
+  /**
+   * Creates an {@code IncomingHttpResponse} from an HTTP error response.
+   *
+   * @param e The exception representing the HTTP error response.
+   * @param request The request that resulted in the error.
+   */
+  public IncomingHttpResponse(HttpResponseException e, OutgoingHttpRequest request) {
+    checkNotNull(e, "exception must not be null");
+    this.statusCode = e.getStatusCode();
+    this.content = e.getContent();
+    this.headers = ImmutableMap.copyOf(e.getHeaders());
+    this.request = checkNotNull(request, "request must not be null");
+  }
+
+  /**
+   * Returns the status code of the response.
+   *
+   * @return An HTTP status code (e.g. 500).
+   */
+  public int getStatusCode() {
+    return this.statusCode;
+  }
+
+  /**
+   * Returns the content of the response as a string.
+   *
+   * @return HTTP content or null.
+   */
+  @Nullable
+  public String getContent() {
+    return this.content;
+  }
+
+  /**
+   * Returns the headers set on the response.
+   *
+   * @return An immutable map of headers (possibly empty).
+   */
+  public Map<String, Object> getHeaders() {
+    return this.headers;
+  }
+
+  /**
+   * Returns the request that resulted in this response.
+   *
+   * @return An HTTP request.
+   */
+  public OutgoingHttpRequest getRequest() {
+    return request;
+  }
+}
diff --git a/src/main/java/com/google/firebase/OutgoingHttpRequest.java b/src/main/java/com/google/firebase/OutgoingHttpRequest.java
new file mode 100644
index 000000000..44af4bff0
--- /dev/null
+++ b/src/main/java/com/google/firebase/OutgoingHttpRequest.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.http.HttpContent;
+import com.google.api.client.http.HttpRequest;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.internal.Nullable;
+import java.util.Map;
+
+/**
+ * Contains the information that describe an HTTP request made by the SDK.
+ */
+public final class OutgoingHttpRequest {
+
+  private final String method;
+  private final String url;
+  private final HttpContent content;
+  private final Map<String, Object> headers;
+
+  /**
+   * Creates an {@code OutgoingHttpRequest} from the HTTP method and URL.
+   *
+   * @param method HTTP method name.
+   * @param url Target HTTP URL of the request.
+   */
+  public OutgoingHttpRequest(String method, String url) {
+    checkArgument(!Strings.isNullOrEmpty(method), "method must not be null or empty");
+    checkArgument(!Strings.isNullOrEmpty(url), "url must not be empty");
+    this.method = method;
+    this.url = url;
+    this.content = null;
+    this.headers = ImmutableMap.of();
+  }
+
+  OutgoingHttpRequest(HttpRequest request) {
+    checkNotNull(request, "request must not be null");
+    this.method = request.getRequestMethod();
+    this.url = request.getUrl().toString();
+    this.content = request.getContent();
+    this.headers = ImmutableMap.copyOf(request.getHeaders());
+  }
+
+  /**
+   * Returns the HTTP method of the request.
+   *
+   * @return An HTTP method string (e.g. GET).
+   */
+  public String getMethod() {
+    return method;
+  }
+
+  /**
+   * Returns the URL of the request.
+   *
+   * @return An absolute HTTP URL.
+   */
+  public String getUrl() {
+    return url;
+  }
+
+  /**
+   * Returns any content that was sent with the request.
+   *
+   * @return HTTP content or null.
+   */
+  @Nullable
+  public HttpContent getContent() {
+    return content;
+  }
+
+  /**
+   * Returns the headers set on the request.
+   *
+   * @return An immutable map of headers (possibly empty).
+   */
+  public Map<String, Object> getHeaders() {
+    return headers;
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
index 7061d2b44..8004548a5 100644
--- a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -37,7 +37,6 @@
 import com.google.firebase.internal.CallableOperation;
 import com.google.firebase.internal.NonNull;
 import com.google.firebase.internal.Nullable;
-import java.io.IOException;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
@@ -50,8 +49,6 @@
  */
 public abstract class AbstractFirebaseAuth {
 
-  private static final String ERROR_CUSTOM_TOKEN = "ERROR_CUSTOM_TOKEN";
-
   private final Object lock = new Object();
   private final AtomicBoolean destroyed = new AtomicBoolean(false);
 
@@ -173,12 +170,7 @@ private CallableOperation<String, FirebaseAuthException> createCustomTokenOp(
     return new CallableOperation<String, FirebaseAuthException>() {
       @Override
       public String execute() throws FirebaseAuthException {
-        try {
-          return tokenFactory.createSignedCustomAuthTokenForUser(uid, developerClaims);
-        } catch (IOException e) {
-          throw new FirebaseAuthException(
-              ERROR_CUSTOM_TOKEN, "Failed to generate a custom token", e);
-        }
+        return tokenFactory.createSignedCustomAuthTokenForUser(uid, developerClaims);
       }
     };
   }
@@ -902,7 +894,7 @@ protected UserImportResult execute() throws FirebaseAuthException {
    * not guaranteed to correspond to the nth entry in the input parameters list.
    *
    * <p>A maximum of 100 identifiers may be specified. If more than 100 identifiers are
-   * supplied, this method throws an {@link IllegalArgumentException}.
+   * supplied, this method throws an {@code IllegalArgumentException}.
    *
    * @param identifiers The identifiers used to indicate which user records should be returned. Must
    *     have 100 or fewer entries.
@@ -924,7 +916,7 @@ public GetUsersResult getUsers(@NonNull Collection<UserIdentifier> identifiers)
    * not guaranteed to correspond to the nth entry in the input parameters list.
    *
    * <p>A maximum of 100 identifiers may be specified. If more than 100 identifiers are
-   * supplied, this method throws an {@link IllegalArgumentException}.
+   * supplied, this method throws an {@code IllegalArgumentException}.
    *
    * @param identifiers The identifiers used to indicate which user records should be returned.
    *     Must have 100 or fewer entries.
@@ -978,7 +970,7 @@ private boolean isUserFound(UserIdentifier id, Collection<UserRecord> userRecord
    * DeleteUsersResult.getSuccessCount() value.
    *
    * <p>A maximum of 1000 identifiers may be supplied. If more than 1000 identifiers are
-   * supplied, this method throws an {@link IllegalArgumentException}.
+   * supplied, this method throws an {@code IllegalArgumentException}.
    *
    * <p>This API has a rate limit of 1 QPS. Exceeding the limit may result in a quota exceeded
    * error. If you want to delete more than 1000 users, we suggest adding a delay to ensure you
@@ -987,7 +979,7 @@ private boolean isUserFound(UserIdentifier id, Collection<UserRecord> userRecord
    * @param uids The uids of the users to be deleted. Must have <= 1000 entries.
    * @return The total number of successful/failed deletions, as well as the array of errors that
    *     correspond to the failed deletions.
-   * @throw IllegalArgumentException If any of the identifiers are invalid or if more than 1000
+   * @throws IllegalArgumentException If any of the identifiers are invalid or if more than 1000
    *     identifiers are specified.
    * @throws FirebaseAuthException If an error occurs while deleting users.
    */
@@ -1003,7 +995,7 @@ public DeleteUsersResult deleteUsers(List<String> uids) throws FirebaseAuthExcep
    *     deletions, as well as the array of errors that correspond to the failed deletions. If an
    *     error occurs while deleting the user account, the future throws a
    *     {@link FirebaseAuthException}.
-   * @throw IllegalArgumentException If any of the identifiers are invalid or if more than 1000
+   * @throws IllegalArgumentException If any of the identifiers are invalid or if more than 1000
    *     identifiers are specified.
    */
   public ApiFuture<DeleteUsersResult> deleteUsersAsync(List<String> uids) {
@@ -1831,11 +1823,7 @@ public FirebaseTokenVerifier get() {
             new Supplier<FirebaseUserManager>() {
               @Override
               public FirebaseUserManager get() {
-                return FirebaseUserManager
-                    .builder()
-                    .setFirebaseApp(app)
-                    .setTenantId(tenantId)
-                    .build();
+                return FirebaseUserManager.createUserManager(app,  tenantId);
               }
             });
   }
diff --git a/src/main/java/com/google/firebase/auth/AuthErrorCode.java b/src/main/java/com/google/firebase/auth/AuthErrorCode.java
new file mode 100644
index 000000000..bea067eee
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/AuthErrorCode.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+/**
+ * Error codes that can be raised by the Firebase Auth APIs.
+ */
+public enum AuthErrorCode {
+
+  /**
+   * Failed to retrieve public key certificates required to verify JWTs.
+   */
+  CERTIFICATE_FETCH_FAILED,
+
+  /**
+   * No IdP configuration found for the given identifier.
+   */
+  CONFIGURATION_NOT_FOUND,
+
+  /**
+   * A user already exists with the provided email.
+   */
+  EMAIL_ALREADY_EXISTS,
+
+  /**
+   * The specified ID token is expired.
+   */
+  EXPIRED_ID_TOKEN,
+
+  /**
+   * The specified session cookie is expired.
+   */
+  EXPIRED_SESSION_COOKIE,
+
+  /**
+   * The provided dynamic link domain is not configured or authorized for the current project.
+   */
+  INVALID_DYNAMIC_LINK_DOMAIN,
+
+  /**
+   * The specified ID token is invalid.
+   */
+  INVALID_ID_TOKEN,
+
+  /**
+   * The specified session cookie is invalid.
+   */
+  INVALID_SESSION_COOKIE,
+
+  /**
+   * A user already exists with the provided phone number.
+   */
+  PHONE_NUMBER_ALREADY_EXISTS,
+
+  /**
+   * The specified ID token has been revoked.
+   */
+  REVOKED_ID_TOKEN,
+
+  /**
+   * The specified session cookie has been revoked.
+   */
+  REVOKED_SESSION_COOKIE,
+
+  /**
+   * Tenant ID in the JWT does not match.
+   */
+  TENANT_ID_MISMATCH,
+
+  /**
+   * No tenant found for the given identifier.
+   */
+  TENANT_NOT_FOUND,
+
+  /**
+   * A user already exists with the provided UID.
+   */
+  UID_ALREADY_EXISTS,
+
+  /**
+   * The domain of the continue URL is not whitelisted. Whitelist the domain in the Firebase
+   * console.
+   */
+  UNAUTHORIZED_CONTINUE_URL,
+
+  /**
+   * No user record found for the given identifier.
+   */
+  USER_NOT_FOUND,
+}
diff --git a/src/main/java/com/google/firebase/auth/FirebaseAuthException.java b/src/main/java/com/google/firebase/auth/FirebaseAuthException.java
index 2314a69d2..53c980668 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseAuthException.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseAuthException.java
@@ -16,17 +16,11 @@
 
 package com.google.firebase.auth;
 
-// TODO: Move it out from firebase-common. Temporary host it their for
-// database's integration.http://b/27624510.
-
-// TODO: Decide if changing this not enforcing an error code. Need to align
-// with the decision in http://b/27677218. Also, need to turn this into abstract later.
-
-import static com.google.common.base.Preconditions.checkArgument;
-
-import com.google.common.base.Strings;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseException;
+import com.google.firebase.IncomingHttpResponse;
 import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
 
 /**
  * Generic exception related to Firebase Authentication. Check the error code and message for more
@@ -34,22 +28,24 @@
  */
 public class FirebaseAuthException extends FirebaseException {
 
-  private final String errorCode;
+  private final AuthErrorCode errorCode;
 
-  public FirebaseAuthException(@NonNull String errorCode, @NonNull String detailMessage) {
-    this(errorCode, detailMessage, null);
+  public FirebaseAuthException(
+      @NonNull ErrorCode errorCode,
+      @NonNull String message,
+      Throwable cause,
+      IncomingHttpResponse response,
+      AuthErrorCode authErrorCode) {
+    super(errorCode, message, cause, response);
+    this.errorCode = authErrorCode;
   }
 
-  public FirebaseAuthException(@NonNull String errorCode, @NonNull String detailMessage,
-                               Throwable throwable) {
-    super(detailMessage, throwable);
-    checkArgument(!Strings.isNullOrEmpty(errorCode));
-    this.errorCode = errorCode;
+  public FirebaseAuthException(FirebaseException base) {
+    this(base.getErrorCode(), base.getMessage(), base.getCause(), base.getHttpResponse(), null);
   }
 
-  /** Returns an error code that may provide more information about the error. */
-  @NonNull
-  public String getErrorCode() {
+  @Nullable
+  public AuthErrorCode getAuthErrorCode() {
     return errorCode;
   }
 }
diff --git a/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java b/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java
index 7c8f9f0a5..873dbe7ac 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseTokenUtils.java
@@ -94,6 +94,8 @@ static FirebaseTokenVerifierImpl createIdTokenVerifier(
         .setJsonFactory(app.getOptions().getJsonFactory())
         .setPublicKeysManager(publicKeysManager)
         .setIdTokenVerifier(idTokenVerifier)
+        .setInvalidTokenErrorCode(AuthErrorCode.INVALID_ID_TOKEN)
+        .setExpiredTokenErrorCode(AuthErrorCode.EXPIRED_ID_TOKEN)
         .setTenantId(tenantId)
         .build();
   }
@@ -115,6 +117,8 @@ static FirebaseTokenVerifierImpl createSessionCookieVerifier(
         .setShortName("session cookie")
         .setMethod("verifySessionCookie()")
         .setDocUrl("https://firebase.google.com/docs/auth/admin/manage-cookies")
+        .setInvalidTokenErrorCode(AuthErrorCode.INVALID_SESSION_COOKIE)
+        .setExpiredTokenErrorCode(AuthErrorCode.EXPIRED_SESSION_COOKIE)
         .setJsonFactory(app.getOptions().getJsonFactory())
         .setPublicKeysManager(publicKeysManager)
         .setIdTokenVerifier(idTokenVerifier)
diff --git a/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java b/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
index e1a5a9a19..273ec1532 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
@@ -28,11 +28,13 @@
 import com.google.api.client.util.ArrayMap;
 import com.google.common.base.Joiner;
 import com.google.common.base.Strings;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.internal.Nullable;
 import java.io.IOException;
 import java.math.BigDecimal;
 import java.security.GeneralSecurityException;
 import java.security.PublicKey;
+import java.util.List;
 
 /**
  * The default implementation of the {@link FirebaseTokenVerifier} interface. Uses the Google API
@@ -44,9 +46,6 @@ final class FirebaseTokenVerifierImpl implements FirebaseTokenVerifier {
   private static final String RS256 = "RS256";
   private static final String FIREBASE_AUDIENCE =
       "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit";
-  private static final String ERROR_INVALID_CREDENTIAL = "ERROR_INVALID_CREDENTIAL";
-  private static final String ERROR_RUNTIME_EXCEPTION = "ERROR_RUNTIME_EXCEPTION";
-  static final String TENANT_ID_MISMATCH_ERROR = "tenant-id-mismatch";
 
   private final JsonFactory jsonFactory;
   private final GooglePublicKeysManager publicKeysManager;
@@ -55,6 +54,8 @@ final class FirebaseTokenVerifierImpl implements FirebaseTokenVerifier {
   private final String shortName;
   private final String articledShortName;
   private final String docUrl;
+  private final AuthErrorCode invalidTokenErrorCode;
+  private final AuthErrorCode expiredTokenErrorCode;
   private final String tenantId;
 
   private FirebaseTokenVerifierImpl(Builder builder) {
@@ -68,6 +69,8 @@ private FirebaseTokenVerifierImpl(Builder builder) {
     this.shortName = builder.shortName;
     this.articledShortName = prefixWithIndefiniteArticle(this.shortName);
     this.docUrl = builder.docUrl;
+    this.invalidTokenErrorCode = checkNotNull(builder.invalidTokenErrorCode);
+    this.expiredTokenErrorCode = checkNotNull(builder.expiredTokenErrorCode);
     this.tenantId = Strings.nullToEmpty(builder.tenantId);
   }
 
@@ -143,38 +146,28 @@ private IdToken parse(String token) throws FirebaseAuthException {
           shortName,
           docUrl,
           articledShortName);
-      throw new FirebaseAuthException(ERROR_INVALID_CREDENTIAL, detailedError, e);
-    }
-  }
-
-  private void checkContents(final IdToken token) throws FirebaseAuthException {
-    String errorMessage = getErrorIfContentInvalid(token);
-    if (errorMessage != null) {
-      String detailedError = String.format("%s %s", errorMessage, getVerifyTokenMessage());
-      throw new FirebaseAuthException(ERROR_INVALID_CREDENTIAL, detailedError);
+      throw newException(detailedError, invalidTokenErrorCode, e);
     }
   }
 
   private void checkSignature(IdToken token) throws FirebaseAuthException {
-    try {
-      if (!isSignatureValid(token)) {
-        throw new FirebaseAuthException(ERROR_INVALID_CREDENTIAL,
-            String.format(
-                "Failed to verify the signature of Firebase %s. %s",
-                shortName,
-                getVerifyTokenMessage()));
-      }
-    } catch (GeneralSecurityException | IOException e) {
-      throw new FirebaseAuthException(
-          ERROR_RUNTIME_EXCEPTION, "Error while verifying signature.", e);
+    if (!isSignatureValid(token)) {
+      String message = String.format(
+          "Failed to verify the signature of Firebase %s. %s",
+          shortName,
+          getVerifyTokenMessage());
+      throw newException(message, invalidTokenErrorCode);
     }
   }
 
-  private String getErrorIfContentInvalid(final IdToken idToken) {
+  private void checkContents(final IdToken idToken) throws FirebaseAuthException {
     final Header header = idToken.getHeader();
     final Payload payload = idToken.getPayload();
 
+    final long currentTimeMillis = idTokenVerifier.getClock().currentTimeMillis();
     String errorMessage = null;
+    AuthErrorCode errorCode = invalidTokenErrorCode;
+
     if (header.getKeyId() == null) {
       errorMessage = getErrorForTokenWithoutKid(header, payload);
     } else if (!RS256.equals(header.getAlgorithm())) {
@@ -209,14 +202,35 @@ private String getErrorIfContentInvalid(final IdToken idToken) {
       errorMessage = String.format(
           "Firebase %s has \"sub\" (subject) claim longer than 128 characters.",
           shortName);
-    } else if (!verifyTimestamps(idToken)) {
+    } else if (!idToken.verifyExpirationTime(
+        currentTimeMillis, idTokenVerifier.getAcceptableTimeSkewSeconds())) {
       errorMessage = String.format(
-          "Firebase %s has expired or is not yet valid. Get a fresh %s and try again.",
+          "Firebase %s has expired. Get a fresh %s and try again.",
           shortName,
           shortName);
+      // Also set the expired error code.
+      errorCode = expiredTokenErrorCode;
+    } else if (!idToken.verifyIssuedAtTime(
+        currentTimeMillis, idTokenVerifier.getAcceptableTimeSkewSeconds())) {
+      errorMessage = String.format(
+          "Firebase %s is not yet valid.",
+          shortName);
+    }
+
+    if (errorMessage != null) {
+      String detailedError = String.format("%s %s", errorMessage, getVerifyTokenMessage());
+      throw newException(detailedError, errorCode);
     }
+  }
 
-    return errorMessage;
+  private FirebaseAuthException newException(String message, AuthErrorCode errorCode) {
+    return newException(message, errorCode, null);
+  }
+
+  private FirebaseAuthException newException(
+      String message, AuthErrorCode errorCode, Throwable cause) {
+    return new FirebaseAuthException(
+        ErrorCode.INVALID_ARGUMENT, message, cause, null, errorCode);
   }
 
   private String getVerifyTokenMessage() {
@@ -230,15 +244,44 @@ private String getVerifyTokenMessage() {
    * Verifies the cryptographic signature on the FirebaseToken. Can block on a web request to fetch
    * the keys if they have expired.
    */
-  private boolean isSignatureValid(IdToken token) throws GeneralSecurityException, IOException {
-    for (PublicKey key : publicKeysManager.getPublicKeys()) {
-      if (token.verifySignature(key)) {
+  private boolean isSignatureValid(IdToken token) throws FirebaseAuthException {
+    for (PublicKey key : fetchPublicKeys()) {
+      if (isSignatureValid(token, key)) {
         return true;
       }
     }
+
     return false;
   }
 
+  private boolean isSignatureValid(IdToken token, PublicKey key) throws FirebaseAuthException {
+    try {
+      return token.verifySignature(key);
+    } catch (GeneralSecurityException e) {
+      // This doesn't happen under usual circumstances. Seems to only happen if the crypto
+      // setup of the runtime is incorrect in some way.
+      throw new FirebaseAuthException(
+          ErrorCode.UNKNOWN,
+          String.format("Unexpected error while verifying %s: %s", shortName, e.getMessage()),
+          e,
+          null,
+          invalidTokenErrorCode);
+    }
+  }
+
+  private List<PublicKey> fetchPublicKeys() throws FirebaseAuthException {
+    try {
+      return publicKeysManager.getPublicKeys();
+    } catch (GeneralSecurityException | IOException e) {
+      throw new FirebaseAuthException(
+          ErrorCode.UNKNOWN,
+          "Error while fetching public key certificates: " + e.getMessage(),
+          e,
+          null,
+          AuthErrorCode.CERTIFICATE_FETCH_FAILED);
+    }
+  }
+
   private String getErrorForTokenWithoutKid(IdToken.Header header, IdToken.Payload payload) {
     if (isCustomToken(payload)) {
       return String.format("%s expects %s, but was given a custom token.",
@@ -261,11 +304,6 @@ private String getProjectIdMatchMessage() {
         shortName);
   }
 
-  private boolean verifyTimestamps(IdToken token) {
-    long currentTimeMillis = idTokenVerifier.getClock().currentTimeMillis();
-    return token.verifyTime(currentTimeMillis, idTokenVerifier.getAcceptableTimeSkewSeconds());
-  }
-
   private boolean isCustomToken(IdToken.Payload payload) {
     return FIREBASE_AUDIENCE.equals(payload.getAudience());
   }
@@ -287,12 +325,11 @@ private boolean containsLegacyUidField(IdToken.Payload payload) {
   private void checkTenantId(final FirebaseToken firebaseToken) throws FirebaseAuthException {
     String tokenTenantId = Strings.nullToEmpty(firebaseToken.getTenantId());
     if (!this.tenantId.equals(tokenTenantId)) {
-      throw new FirebaseAuthException(
-          TENANT_ID_MISMATCH_ERROR,
-          String.format(
-            "The tenant ID ('%s') of the token did not match the expected value ('%s')",
-            tokenTenantId,
-            tenantId));
+      String message = String.format(
+          "The tenant ID ('%s') of the token did not match the expected value ('%s')",
+          tokenTenantId,
+          tenantId);
+      throw newException(message, AuthErrorCode.TENANT_ID_MISMATCH);
     }
   }
 
@@ -308,6 +345,8 @@ static final class Builder {
     private String shortName;
     private IdTokenVerifier idTokenVerifier;
     private String docUrl;
+    private AuthErrorCode invalidTokenErrorCode;
+    private AuthErrorCode expiredTokenErrorCode;
     private String tenantId;
 
     private Builder() { }
@@ -342,6 +381,16 @@ Builder setDocUrl(String docUrl) {
       return this;
     }
 
+    Builder setInvalidTokenErrorCode(AuthErrorCode invalidTokenErrorCode) {
+      this.invalidTokenErrorCode = invalidTokenErrorCode;
+      return this;
+    }
+
+    Builder setExpiredTokenErrorCode(AuthErrorCode expiredTokenErrorCode) {
+      this.expiredTokenErrorCode = expiredTokenErrorCode;
+      return this;
+    }
+
     Builder setTenantId(@Nullable String tenantId) {
       this.tenantId = tenantId;
       return this;
diff --git a/src/main/java/com/google/firebase/auth/FirebaseUserManager.java b/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
index b73882277..554d0179a 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
@@ -19,7 +19,6 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 
-import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpResponseInterceptor;
 import com.google.api.client.json.GenericJson;
@@ -30,8 +29,10 @@
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.ImplFirebaseTrampolines;
+import com.google.firebase.IncomingHttpResponse;
 import com.google.firebase.auth.internal.AuthHttpClient;
 import com.google.firebase.auth.internal.BatchDeleteResponse;
 import com.google.firebase.auth.internal.DownloadAccountResponse;
@@ -41,9 +42,9 @@
 import com.google.firebase.auth.internal.ListSamlProviderConfigsResponse;
 import com.google.firebase.auth.internal.UploadAccountResponse;
 import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.HttpRequestInfo;
 import com.google.firebase.internal.NonNull;
 import com.google.firebase.internal.Nullable;
-
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
@@ -57,7 +58,7 @@
  * @see <a href="https://developers.google.com/identity/toolkit/web/reference/relyingparty">
  *   Google Identity Toolkit</a>
  */
-class FirebaseUserManager {
+final class FirebaseUserManager {
 
   static final int MAX_LIST_PROVIDER_CONFIGS_RESULTS = 100;
   static final int MAX_GET_ACCOUNTS_BATCH_SIZE = 100;
@@ -78,12 +79,12 @@ class FirebaseUserManager {
   private final AuthHttpClient httpClient;
 
   private FirebaseUserManager(Builder builder) {
-    FirebaseApp app = checkNotNull(builder.app, "FirebaseApp must not be null");
-    String projectId = ImplFirebaseTrampolines.getProjectId(app);
+    String projectId = builder.projectId;
     checkArgument(!Strings.isNullOrEmpty(projectId),
         "Project ID is required to access the auth service. Use a service account credential or "
             + "set the project ID explicitly via FirebaseOptions. Alternatively you can also "
             + "set the project ID via the GOOGLE_CLOUD_PROJECT environment variable.");
+    this.jsonFactory = checkNotNull(builder.jsonFactory, "JsonFactory must not be null");
     final String idToolkitUrlV1 = String.format(ID_TOOLKIT_URL, "v1", projectId);
     final String idToolkitUrlV2 = String.format(ID_TOOLKIT_URL, "v2", projectId);
     final String tenantId = builder.tenantId;
@@ -96,10 +97,7 @@ private FirebaseUserManager(Builder builder) {
       this.idpConfigMgtBaseUrl = idToolkitUrlV2 + "/tenants/" + tenantId;
     }
 
-    this.jsonFactory = app.getOptions().getJsonFactory();
-    HttpRequestFactory requestFactory = builder.requestFactory == null
-        ? ApiClientUtils.newAuthorizedRequestFactory(app) : builder.requestFactory;
-    this.httpClient = new AuthHttpClient(jsonFactory, requestFactory);
+    this.httpClient = new AuthHttpClient(jsonFactory, builder.requestFactory);
   }
 
   @VisibleForTesting
@@ -110,40 +108,19 @@ void setInterceptor(HttpResponseInterceptor interceptor) {
   UserRecord getUserById(String uid) throws FirebaseAuthException {
     final Map<String, Object> payload = ImmutableMap.<String, Object>of(
         "localId", ImmutableList.of(uid));
-    GetAccountInfoResponse response = post(
-        "/accounts:lookup", payload, GetAccountInfoResponse.class);
-    if (response == null || response.getUsers() == null || response.getUsers().isEmpty()) {
-      throw new FirebaseAuthException(
-          AuthHttpClient.USER_NOT_FOUND_ERROR,
-          "No user record found for the provided user ID: " + uid);
-    }
-    return new UserRecord(response.getUsers().get(0), jsonFactory);
+    return lookupUserAccount(payload, "user ID: " + uid);
   }
 
   UserRecord getUserByEmail(String email) throws FirebaseAuthException {
     final Map<String, Object> payload = ImmutableMap.<String, Object>of(
         "email", ImmutableList.of(email));
-    GetAccountInfoResponse response = post(
-        "/accounts:lookup", payload, GetAccountInfoResponse.class);
-    if (response == null || response.getUsers() == null || response.getUsers().isEmpty()) {
-      throw new FirebaseAuthException(
-          AuthHttpClient.USER_NOT_FOUND_ERROR,
-          "No user record found for the provided email: " + email);
-    }
-    return new UserRecord(response.getUsers().get(0), jsonFactory);
+    return lookupUserAccount(payload, "email: " + email);
   }
 
   UserRecord getUserByPhoneNumber(String phoneNumber) throws FirebaseAuthException {
     final Map<String, Object> payload = ImmutableMap.<String, Object>of(
         "phoneNumber", ImmutableList.of(phoneNumber));
-    GetAccountInfoResponse response = post(
-        "/accounts:lookup", payload, GetAccountInfoResponse.class);
-    if (response == null || response.getUsers() == null || response.getUsers().isEmpty()) {
-      throw new FirebaseAuthException(
-          AuthHttpClient.USER_NOT_FOUND_ERROR,
-          "No user record found for the provided phone number: " + phoneNumber);
-    }
-    return new UserRecord(response.getUsers().get(0), jsonFactory);
+    return lookupUserAccount(payload, "phone number: " + phoneNumber);
   }
 
   Set<UserRecord> getAccountInfo(@NonNull Collection<UserIdentifier> identifiers)
@@ -159,12 +136,6 @@ Set<UserRecord> getAccountInfo(@NonNull Collection<UserIdentifier> identifiers)
 
     GetAccountInfoResponse response = post(
         "/accounts:lookup", payload, GetAccountInfoResponse.class);
-
-    if (response == null) {
-      throw new FirebaseAuthException(
-          AuthHttpClient.INTERNAL_ERROR, "Failed to parse server response");
-    }
-
     Set<UserRecord> results = new HashSet<>();
     if (response.getUsers() != null) {
       for (GetAccountInfoResponse.User user : response.getUsers()) {
@@ -175,51 +146,26 @@ Set<UserRecord> getAccountInfo(@NonNull Collection<UserIdentifier> identifiers)
   }
 
   String createUser(UserRecord.CreateRequest request) throws FirebaseAuthException {
-    GenericJson response = post(
-        "/accounts", request.getProperties(), GenericJson.class);
-    if (response != null) {
-      String uid = (String) response.get("localId");
-      if (!Strings.isNullOrEmpty(uid)) {
-        return uid;
-      }
-    }
-    throw new FirebaseAuthException(AuthHttpClient.INTERNAL_ERROR, "Failed to create new user");
+    GenericJson response = post("/accounts", request.getProperties(), GenericJson.class);
+    return (String) response.get("localId");
   }
 
   void updateUser(UserRecord.UpdateRequest request, JsonFactory jsonFactory)
       throws FirebaseAuthException {
-    GenericJson response = post(
-        "/accounts:update", request.getProperties(jsonFactory), GenericJson.class);
-    if (response == null || !request.getUid().equals(response.get("localId"))) {
-      throw new FirebaseAuthException(
-          AuthHttpClient.INTERNAL_ERROR, "Failed to update user: " + request.getUid());
-    }
+    post("/accounts:update", request.getProperties(jsonFactory), GenericJson.class);
   }
 
   void deleteUser(String uid) throws FirebaseAuthException {
     final Map<String, Object> payload = ImmutableMap.<String, Object>of("localId", uid);
-    GenericJson response = post(
-        "/accounts:delete", payload, GenericJson.class);
-    if (response == null || !response.containsKey("kind")) {
-      throw new FirebaseAuthException(
-          AuthHttpClient.INTERNAL_ERROR, "Failed to delete user: " + uid);
-    }
+    post("/accounts:delete", payload, GenericJson.class);
   }
 
-  /**
-   * @pre uids != null
-   * @pre uids.size() <= MAX_DELETE_ACCOUNTS_BATCH_SIZE
-   */
   DeleteUsersResult deleteUsers(@NonNull List<String> uids) throws FirebaseAuthException {
     final Map<String, Object> payload = ImmutableMap.of(
         "localIds", uids,
         "force", true);
     BatchDeleteResponse response = post(
         "/accounts:batchDelete", payload, BatchDeleteResponse.class);
-    if (response == null) {
-      throw new FirebaseAuthException(AuthHttpClient.INTERNAL_ERROR, "Failed to delete users");
-    }
-
     return new DeleteUsersResult(uids.size(), response);
   }
 
@@ -231,23 +177,16 @@ DownloadAccountResponse listUsers(int maxResults, String pageToken) throws Fireb
       builder.put("nextPageToken", pageToken);
     }
 
-    GenericUrl url = new GenericUrl(userMgtBaseUrl + "/accounts:batchGet");
-    url.putAll(builder.build());
-    DownloadAccountResponse response = httpClient.sendRequest(
-            "GET", url, null, DownloadAccountResponse.class);
-    if (response == null) {
-      throw new FirebaseAuthException(AuthHttpClient.INTERNAL_ERROR, "Failed to retrieve users.");
-    }
-    return response;
+    String url = userMgtBaseUrl + "/accounts:batchGet";
+    HttpRequestInfo requestInfo = HttpRequestInfo.buildGetRequest(url)
+        .addAllParameters(builder.build());
+    return httpClient.sendRequest(requestInfo, DownloadAccountResponse.class);
   }
 
   UserImportResult importUsers(UserImportRequest request) throws FirebaseAuthException {
     checkNotNull(request);
     UploadAccountResponse response = post(
             "/accounts:batchCreate", request, UploadAccountResponse.class);
-    if (response == null) {
-      throw new FirebaseAuthException(AuthHttpClient.INTERNAL_ERROR, "Failed to import users.");
-    }
     return new UserImportResult(request.getUsersCount(), response);
   }
 
@@ -256,14 +195,7 @@ String createSessionCookie(String idToken,
     final Map<String, Object> payload = ImmutableMap.<String, Object>of(
         "idToken", idToken, "validDuration", options.getExpiresInSeconds());
     GenericJson response = post(":createSessionCookie", payload, GenericJson.class);
-    if (response != null) {
-      String cookie = (String) response.get("sessionCookie");
-      if (!Strings.isNullOrEmpty(cookie)) {
-        return cookie;
-      }
-    }
-    throw new FirebaseAuthException(
-        AuthHttpClient.INTERNAL_ERROR, "Failed to create session cookie");
+    return (String) response.get("sessionCookie");
   }
 
   String getEmailActionLink(EmailLinkType type, String email,
@@ -275,57 +207,70 @@ String getEmailActionLink(EmailLinkType type, String email,
     if (settings != null) {
       payload.putAll(settings.getProperties());
     }
+
     GenericJson response = post("/accounts:sendOobCode", payload.build(), GenericJson.class);
-    if (response != null) {
-      String link = (String) response.get("oobLink");
-      if (!Strings.isNullOrEmpty(link)) {
-        return link;
-      }
+    return (String) response.get("oobLink");
+  }
+
+  private UserRecord lookupUserAccount(
+      Map<String, Object> payload, String identifier) throws FirebaseAuthException {
+    HttpRequestInfo requestInfo = HttpRequestInfo.buildJsonPostRequest(
+        userMgtBaseUrl + "/accounts:lookup", payload);
+    IncomingHttpResponse response = httpClient.sendRequest(requestInfo);
+    GetAccountInfoResponse parsed = httpClient.parse(response, GetAccountInfoResponse.class);
+    if (parsed.getUsers() == null || parsed.getUsers().isEmpty()) {
+      throw new FirebaseAuthException(ErrorCode.NOT_FOUND,
+          "No user record found for the provided " + identifier,
+          null,
+          response,
+          AuthErrorCode.USER_NOT_FOUND);
     }
-    throw new FirebaseAuthException(
-        AuthHttpClient.INTERNAL_ERROR, "Failed to create email action link");
+
+    return new UserRecord(parsed.getUsers().get(0), jsonFactory);
   }
 
   OidcProviderConfig createOidcProviderConfig(
       OidcProviderConfig.CreateRequest request) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + "/oauthIdpConfigs");
-    url.set("oauthIdpConfigId", request.getProviderId());
-    return httpClient.sendRequest("POST", url, request.getProperties(), OidcProviderConfig.class);
+    String url = idpConfigMgtBaseUrl + "/oauthIdpConfigs";
+    HttpRequestInfo requestInfo = HttpRequestInfo.buildJsonPostRequest(url, request.getProperties())
+        .addParameter("oauthIdpConfigId", request.getProviderId());
+    return httpClient.sendRequest(requestInfo, OidcProviderConfig.class);
   }
 
   SamlProviderConfig createSamlProviderConfig(
       SamlProviderConfig.CreateRequest request) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + "/inboundSamlConfigs");
-    url.set("inboundSamlConfigId", request.getProviderId());
-    return httpClient.sendRequest("POST", url, request.getProperties(), SamlProviderConfig.class);
+    String url = idpConfigMgtBaseUrl + "/inboundSamlConfigs";
+    HttpRequestInfo requestInfo = HttpRequestInfo.buildJsonPostRequest(url, request.getProperties())
+        .addParameter("inboundSamlConfigId", request.getProviderId());
+    return httpClient.sendRequest(requestInfo, SamlProviderConfig.class);
   }
 
   OidcProviderConfig updateOidcProviderConfig(OidcProviderConfig.UpdateRequest request)
       throws FirebaseAuthException {
     Map<String, Object> properties = request.getProperties();
-    GenericUrl url =
-        new GenericUrl(idpConfigMgtBaseUrl + getOidcUrlSuffix(request.getProviderId()));
-    url.put("updateMask", Joiner.on(",").join(AuthHttpClient.generateMask(properties)));
-    return httpClient.sendRequest("PATCH", url, properties, OidcProviderConfig.class);
+    String url = idpConfigMgtBaseUrl + getOidcUrlSuffix(request.getProviderId());
+    HttpRequestInfo requestInfo = HttpRequestInfo.buildJsonPatchRequest(url, properties)
+        .addParameter("updateMask", Joiner.on(",").join(AuthHttpClient.generateMask(properties)));
+    return httpClient.sendRequest(requestInfo, OidcProviderConfig.class);
   }
 
   SamlProviderConfig updateSamlProviderConfig(SamlProviderConfig.UpdateRequest request)
       throws FirebaseAuthException {
     Map<String, Object> properties = request.getProperties();
-    GenericUrl url =
-        new GenericUrl(idpConfigMgtBaseUrl + getSamlUrlSuffix(request.getProviderId()));
-    url.put("updateMask", Joiner.on(",").join(AuthHttpClient.generateMask(properties)));
-    return httpClient.sendRequest("PATCH", url, properties, SamlProviderConfig.class);
+    String url = idpConfigMgtBaseUrl + getSamlUrlSuffix(request.getProviderId());
+    HttpRequestInfo requestInfo = HttpRequestInfo.buildJsonPatchRequest(url, properties)
+        .addParameter("updateMask", Joiner.on(",").join(AuthHttpClient.generateMask(properties)));
+    return httpClient.sendRequest(requestInfo, SamlProviderConfig.class);
   }
 
   OidcProviderConfig getOidcProviderConfig(String providerId) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + getOidcUrlSuffix(providerId));
-    return httpClient.sendRequest("GET", url, null, OidcProviderConfig.class);
+    String url = idpConfigMgtBaseUrl + getOidcUrlSuffix(providerId);
+    return httpClient.sendRequest(HttpRequestInfo.buildGetRequest(url), OidcProviderConfig.class);
   }
 
   SamlProviderConfig getSamlProviderConfig(String providerId) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + getSamlUrlSuffix(providerId));
-    return httpClient.sendRequest("GET", url, null, SamlProviderConfig.class);
+    String url = idpConfigMgtBaseUrl + getSamlUrlSuffix(providerId);
+    return httpClient.sendRequest(HttpRequestInfo.buildGetRequest(url), SamlProviderConfig.class);
   }
 
   ListOidcProviderConfigsResponse listOidcProviderConfigs(int maxResults, String pageToken)
@@ -338,15 +283,10 @@ ListOidcProviderConfigsResponse listOidcProviderConfigs(int maxResults, String p
       builder.put("nextPageToken", pageToken);
     }
 
-    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + "/oauthIdpConfigs");
-    url.putAll(builder.build());
-    ListOidcProviderConfigsResponse response =
-        httpClient.sendRequest("GET", url, null, ListOidcProviderConfigsResponse.class);
-    if (response == null) {
-      throw new FirebaseAuthException(
-          AuthHttpClient.INTERNAL_ERROR, "Failed to retrieve provider configs.");
-    }
-    return response;
+    String url = idpConfigMgtBaseUrl + "/oauthIdpConfigs";
+    HttpRequestInfo requestInfo = HttpRequestInfo.buildGetRequest(url)
+        .addAllParameters(builder.build());
+    return httpClient.sendRequest(requestInfo, ListOidcProviderConfigsResponse.class);
   }
 
   ListSamlProviderConfigsResponse listSamlProviderConfigs(int maxResults, String pageToken)
@@ -359,25 +299,20 @@ ListSamlProviderConfigsResponse listSamlProviderConfigs(int maxResults, String p
       builder.put("nextPageToken", pageToken);
     }
 
-    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + "/inboundSamlConfigs");
-    url.putAll(builder.build());
-    ListSamlProviderConfigsResponse response =
-        httpClient.sendRequest("GET", url, null, ListSamlProviderConfigsResponse.class);
-    if (response == null) {
-      throw new FirebaseAuthException(
-          AuthHttpClient.INTERNAL_ERROR, "Failed to retrieve provider configs.");
-    }
-    return response;
+    String url = idpConfigMgtBaseUrl + "/inboundSamlConfigs";
+    HttpRequestInfo requestInfo = HttpRequestInfo.buildGetRequest(url)
+        .addAllParameters(builder.build());
+    return httpClient.sendRequest(requestInfo, ListSamlProviderConfigsResponse.class);
   }
 
   void deleteOidcProviderConfig(String providerId) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + getOidcUrlSuffix(providerId));
-    httpClient.sendRequest("DELETE", url, null, GenericJson.class);
+    String url = idpConfigMgtBaseUrl + getOidcUrlSuffix(providerId);
+    httpClient.sendRequest(HttpRequestInfo.buildDeleteRequest(url));
   }
 
   void deleteSamlProviderConfig(String providerId) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(idpConfigMgtBaseUrl + getSamlUrlSuffix(providerId));
-    httpClient.sendRequest("DELETE", url, null, GenericJson.class);
+    String url = idpConfigMgtBaseUrl + getSamlUrlSuffix(providerId);
+    httpClient.sendRequest(HttpRequestInfo.buildDeleteRequest(url));
   }
 
   private static String getOidcUrlSuffix(String providerId) {
@@ -393,8 +328,8 @@ private static String getSamlUrlSuffix(String providerId) {
   private <T> T post(String path, Object content, Class<T> clazz) throws FirebaseAuthException {
     checkArgument(!Strings.isNullOrEmpty(path), "path must not be null or empty");
     checkNotNull(content, "content must not be null for POST requests");
-    GenericUrl url = new GenericUrl(userMgtBaseUrl + path);
-    return httpClient.sendRequest("POST", url, content, clazz);
+    String url = userMgtBaseUrl + path;
+    return httpClient.sendRequest(HttpRequestInfo.buildJsonPostRequest(url, content), clazz);
   }
 
   static class UserImportRequest extends GenericJson {
@@ -437,18 +372,30 @@ enum EmailLinkType {
     PASSWORD_RESET,
   }
 
+  static FirebaseUserManager createUserManager(FirebaseApp app, String tenantId) {
+    return FirebaseUserManager.builder()
+        .setProjectId(ImplFirebaseTrampolines.getProjectId(app))
+        .setTenantId(tenantId)
+        .setHttpRequestFactory(ApiClientUtils.newAuthorizedRequestFactory(app))
+        .setJsonFactory(app.getOptions().getJsonFactory())
+        .build();
+  }
+
   static Builder builder() {
     return new Builder();
   }
 
   static class Builder {
 
-    private FirebaseApp app;
+    private String projectId;
     private String tenantId;
     private HttpRequestFactory requestFactory;
+    private JsonFactory jsonFactory;
 
-    Builder setFirebaseApp(FirebaseApp app) {
-      this.app = app;
+    private Builder() { }
+
+    public Builder setProjectId(String projectId) {
+      this.projectId = projectId;
       return this;
     }
 
@@ -462,6 +409,11 @@ Builder setHttpRequestFactory(HttpRequestFactory requestFactory) {
       return this;
     }
 
+    public Builder setJsonFactory(JsonFactory jsonFactory) {
+      this.jsonFactory = jsonFactory;
+      return this;
+    }
+
     FirebaseUserManager build() {
       return new FirebaseUserManager(this);
     }
diff --git a/src/main/java/com/google/firebase/auth/ListProviderConfigsPage.java b/src/main/java/com/google/firebase/auth/ListProviderConfigsPage.java
index 361f932bd..0e35337a9 100644
--- a/src/main/java/com/google/firebase/auth/ListProviderConfigsPage.java
+++ b/src/main/java/com/google/firebase/auth/ListProviderConfigsPage.java
@@ -88,7 +88,7 @@ public String getNextPageToken() {
   @Override
   public ListProviderConfigsPage<T> getNextPage() {
     if (hasNextPage()) {
-      Factory<T> factory = new Factory<T>(source, maxResults, currentBatch.getPageToken());
+      Factory<T> factory = new Factory<>(source, maxResults, currentBatch.getPageToken());
       try {
         return factory.create();
       } catch (FirebaseAuthException e) {
@@ -99,25 +99,25 @@ public ListProviderConfigsPage<T> getNextPage() {
   }
 
   /**
-   * Returns an {@link Iterable} that facilitates transparently iterating over all the provider
+   * Returns an {@code Iterable} that facilitates transparently iterating over all the provider
    * configs in the current Firebase project, starting from this page.
    *
-   * <p>The {@link Iterator} instances produced by the returned {@link Iterable} never buffers more
+   * <p>The {@code Iterator} instances produced by the returned {@code Iterable} never buffers more
    * than one page of provider configs at a time. It is safe to abandon the iterators (i.e. break
    * the loops) at any time.
    *
-   * @return a new {@link Iterable} instance.
+   * @return a new {@code Iterable} instance.
    */
   @NonNull
   @Override
   public Iterable<T> iterateAll() {
-    return new ProviderConfigIterable<T>(this);
+    return new ProviderConfigIterable<>(this);
   }
 
   /**
-   * Returns an {@link Iterable} over the provider configs in this page.
+   * Returns an {@code Iterable} over the provider configs in this page.
    *
-   * @return a {@link Iterable} instance.
+   * @return a {@code Iterable} instance.
    */
   @NonNull
   @Override
@@ -136,7 +136,7 @@ private static class ProviderConfigIterable<T extends ProviderConfig> implements
     @Override
     @NonNull
     public Iterator<T> iterator() {
-      return new ProviderConfigIterator<T>(startingPage);
+      return new ProviderConfigIterator<>(startingPage);
     }
 
     /**
@@ -230,7 +230,7 @@ public ListSamlProviderConfigsResponse fetch(int maxResults, String pageToken)
   }
 
   /**
-   * A simple factory class for {@link ProviderConfigsPage} instances.
+   * A simple factory class for {@link ListProviderConfigsPage} instances.
    *
    * <p>Performs argument validation before attempting to load any provider config data (which is
    * expensive, and hence may be performed asynchronously on a separate thread).
@@ -261,7 +261,7 @@ static class Factory<T extends ProviderConfig> {
 
     ListProviderConfigsPage<T> create() throws FirebaseAuthException {
       ListProviderConfigsResponse<T> batch = source.fetch(maxResults, pageToken);
-      return new ListProviderConfigsPage<T>(batch, source, maxResults);
+      return new ListProviderConfigsPage<>(batch, source, maxResults);
     }
   }
 }
diff --git a/src/main/java/com/google/firebase/auth/OidcProviderConfig.java b/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
index 879b7e79f..26931788e 100644
--- a/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
+++ b/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
@@ -132,7 +132,7 @@ public static final class UpdateRequest extends AbstractUpdateRequest<UpdateRequ
      * provider.
      *
      * <p>The returned object should be passed to
-     * {@link AbstractFirebaseAuth#updateOidcProviderConfig(CreateRequest)} to save the updated
+     * {@link AbstractFirebaseAuth#updateOidcProviderConfig(UpdateRequest)} to save the updated
      * config.
      *
      * @param providerId A non-null, non-empty provider ID string.
diff --git a/src/main/java/com/google/firebase/auth/RevocationCheckDecorator.java b/src/main/java/com/google/firebase/auth/RevocationCheckDecorator.java
index e53ad25c4..74cda69c9 100644
--- a/src/main/java/com/google/firebase/auth/RevocationCheckDecorator.java
+++ b/src/main/java/com/google/firebase/auth/RevocationCheckDecorator.java
@@ -20,30 +20,27 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.common.base.Strings;
+import com.google.firebase.ErrorCode;
 
 /**
  * A decorator for adding token revocation checks to an existing {@link FirebaseTokenVerifier}.
  */
 class RevocationCheckDecorator implements FirebaseTokenVerifier {
 
-  static final String ID_TOKEN_REVOKED_ERROR = "id-token-revoked";
-  static final String SESSION_COOKIE_REVOKED_ERROR = "session-cookie-revoked";
-
   private final FirebaseTokenVerifier tokenVerifier;
   private final FirebaseUserManager userManager;
-  private final String errorCode;
+  private final AuthErrorCode errorCode;
   private final String shortName;
 
   private RevocationCheckDecorator(
       FirebaseTokenVerifier tokenVerifier,
       FirebaseUserManager userManager,
-      String errorCode,
+      AuthErrorCode errorCode,
       String shortName) {
     this.tokenVerifier = checkNotNull(tokenVerifier);
     this.userManager = checkNotNull(userManager);
-    checkArgument(!Strings.isNullOrEmpty(errorCode));
+    this.errorCode = checkNotNull(errorCode);
     checkArgument(!Strings.isNullOrEmpty(shortName));
-    this.errorCode = errorCode;
     this.shortName = shortName;
   }
 
@@ -55,8 +52,14 @@ private RevocationCheckDecorator(
   public FirebaseToken verifyToken(String token) throws FirebaseAuthException {
     FirebaseToken firebaseToken = tokenVerifier.verifyToken(token);
     if (isRevoked(firebaseToken)) {
-      throw new FirebaseAuthException(errorCode, "Firebase " + shortName + " revoked");
+      throw new FirebaseAuthException(
+          ErrorCode.INVALID_ARGUMENT,
+          "Firebase " + shortName + " is revoked.",
+          null,
+          null,
+          errorCode);
     }
+
     return firebaseToken;
   }
 
@@ -69,12 +72,12 @@ private boolean isRevoked(FirebaseToken firebaseToken) throws FirebaseAuthExcept
   static RevocationCheckDecorator decorateIdTokenVerifier(
       FirebaseTokenVerifier tokenVerifier, FirebaseUserManager userManager) {
     return new RevocationCheckDecorator(
-        tokenVerifier, userManager, ID_TOKEN_REVOKED_ERROR, "id token");
+        tokenVerifier, userManager, AuthErrorCode.REVOKED_ID_TOKEN, "id token");
   }
 
   static RevocationCheckDecorator decorateSessionCookieVerifier(
       FirebaseTokenVerifier tokenVerifier, FirebaseUserManager userManager) {
     return new RevocationCheckDecorator(
-        tokenVerifier, userManager, SESSION_COOKIE_REVOKED_ERROR, "session cookie");
+        tokenVerifier, userManager, AuthErrorCode.REVOKED_SESSION_COOKIE, "session cookie");
   }
 }
diff --git a/src/main/java/com/google/firebase/auth/hash/Bcrypt.java b/src/main/java/com/google/firebase/auth/hash/Bcrypt.java
index 2b5f89029..9c55d8d56 100644
--- a/src/main/java/com/google/firebase/auth/hash/Bcrypt.java
+++ b/src/main/java/com/google/firebase/auth/hash/Bcrypt.java
@@ -24,7 +24,7 @@
  * Represents the Bcrypt password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class Bcrypt extends UserImportHash {
+public final class Bcrypt extends UserImportHash {
 
   private Bcrypt() {
     super("BCRYPT");
diff --git a/src/main/java/com/google/firebase/auth/hash/HmacMd5.java b/src/main/java/com/google/firebase/auth/hash/HmacMd5.java
index b67574358..b2ffdb852 100644
--- a/src/main/java/com/google/firebase/auth/hash/HmacMd5.java
+++ b/src/main/java/com/google/firebase/auth/hash/HmacMd5.java
@@ -20,7 +20,7 @@
  * Represents the HMAC MD5 password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class HmacMd5 extends Hmac {
+public final class HmacMd5 extends Hmac {
 
   private HmacMd5(Builder builder) {
     super("HMAC_MD5", builder);
diff --git a/src/main/java/com/google/firebase/auth/hash/HmacSha1.java b/src/main/java/com/google/firebase/auth/hash/HmacSha1.java
index a9ecefd6f..964e5e60d 100644
--- a/src/main/java/com/google/firebase/auth/hash/HmacSha1.java
+++ b/src/main/java/com/google/firebase/auth/hash/HmacSha1.java
@@ -20,7 +20,7 @@
  * Represents the HMAC SHA1 password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class HmacSha1 extends Hmac {
+public final class HmacSha1 extends Hmac {
 
   private HmacSha1(Builder builder) {
     super("HMAC_SHA1", builder);
diff --git a/src/main/java/com/google/firebase/auth/hash/HmacSha256.java b/src/main/java/com/google/firebase/auth/hash/HmacSha256.java
index 78f131cff..92917e6f3 100644
--- a/src/main/java/com/google/firebase/auth/hash/HmacSha256.java
+++ b/src/main/java/com/google/firebase/auth/hash/HmacSha256.java
@@ -20,7 +20,7 @@
  * Represents the HMAC SHA256 password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class HmacSha256 extends Hmac {
+public final class HmacSha256 extends Hmac {
 
   private HmacSha256(Builder builder) {
     super("HMAC_SHA256", builder);
diff --git a/src/main/java/com/google/firebase/auth/hash/HmacSha512.java b/src/main/java/com/google/firebase/auth/hash/HmacSha512.java
index 21e6a2b25..b5a0e09ec 100644
--- a/src/main/java/com/google/firebase/auth/hash/HmacSha512.java
+++ b/src/main/java/com/google/firebase/auth/hash/HmacSha512.java
@@ -20,7 +20,7 @@
  * Represents the HMAC SHA512 password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class HmacSha512 extends Hmac {
+public final class HmacSha512 extends Hmac {
 
   private HmacSha512(Builder builder) {
     super("HMAC_SHA512", builder);
diff --git a/src/main/java/com/google/firebase/auth/hash/Md5.java b/src/main/java/com/google/firebase/auth/hash/Md5.java
index 2abbe55ba..353b07f01 100644
--- a/src/main/java/com/google/firebase/auth/hash/Md5.java
+++ b/src/main/java/com/google/firebase/auth/hash/Md5.java
@@ -20,7 +20,7 @@
  * Represents the MD5 password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class Md5 extends RepeatableHash {
+public final class Md5 extends RepeatableHash {
 
   private Md5(Builder builder) {
     super("MD5", 0, 8192, builder);
diff --git a/src/main/java/com/google/firebase/auth/hash/Pbkdf2Sha256.java b/src/main/java/com/google/firebase/auth/hash/Pbkdf2Sha256.java
index 4c5108e35..6c3ffeff2 100644
--- a/src/main/java/com/google/firebase/auth/hash/Pbkdf2Sha256.java
+++ b/src/main/java/com/google/firebase/auth/hash/Pbkdf2Sha256.java
@@ -20,7 +20,7 @@
  * Represents the PBKDF2 SHA256 password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class Pbkdf2Sha256 extends RepeatableHash {
+public final class Pbkdf2Sha256 extends RepeatableHash {
 
   private Pbkdf2Sha256(Builder builder) {
     super("PBKDF2_SHA256", 0, 120000, builder);
diff --git a/src/main/java/com/google/firebase/auth/hash/PbkdfSha1.java b/src/main/java/com/google/firebase/auth/hash/PbkdfSha1.java
index 8afe3f4ab..647a365b3 100644
--- a/src/main/java/com/google/firebase/auth/hash/PbkdfSha1.java
+++ b/src/main/java/com/google/firebase/auth/hash/PbkdfSha1.java
@@ -20,7 +20,7 @@
  * Represents the PBKDF SHA1 password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class PbkdfSha1 extends RepeatableHash {
+public final class PbkdfSha1 extends RepeatableHash {
 
   private PbkdfSha1(Builder builder) {
     super("PBKDF_SHA1", 0, 120000, builder);
diff --git a/src/main/java/com/google/firebase/auth/hash/Sha1.java b/src/main/java/com/google/firebase/auth/hash/Sha1.java
index 385f4310c..9de01b0b8 100644
--- a/src/main/java/com/google/firebase/auth/hash/Sha1.java
+++ b/src/main/java/com/google/firebase/auth/hash/Sha1.java
@@ -20,7 +20,7 @@
  * Represents the SHA1 password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class Sha1 extends RepeatableHash {
+public final class Sha1 extends RepeatableHash {
 
   private Sha1(Builder builder) {
     super("SHA1", 1, 8192, builder);
diff --git a/src/main/java/com/google/firebase/auth/hash/Sha256.java b/src/main/java/com/google/firebase/auth/hash/Sha256.java
index f65aee19a..d0185195e 100644
--- a/src/main/java/com/google/firebase/auth/hash/Sha256.java
+++ b/src/main/java/com/google/firebase/auth/hash/Sha256.java
@@ -20,7 +20,7 @@
  * Represents the SHA256 password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class Sha256 extends RepeatableHash {
+public final class Sha256 extends RepeatableHash {
 
   private Sha256(Builder builder) {
     super("SHA256", 1, 8192, builder);
diff --git a/src/main/java/com/google/firebase/auth/hash/Sha512.java b/src/main/java/com/google/firebase/auth/hash/Sha512.java
index e582520a9..f468abe1c 100644
--- a/src/main/java/com/google/firebase/auth/hash/Sha512.java
+++ b/src/main/java/com/google/firebase/auth/hash/Sha512.java
@@ -20,7 +20,7 @@
  * Represents the SHA512 password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class Sha512 extends RepeatableHash {
+public final class Sha512 extends RepeatableHash {
 
   private Sha512(Builder builder) {
     super("SHA512", 1, 8192, builder);
diff --git a/src/main/java/com/google/firebase/auth/hash/StandardScrypt.java b/src/main/java/com/google/firebase/auth/hash/StandardScrypt.java
index 49f7d72f5..139fd114f 100644
--- a/src/main/java/com/google/firebase/auth/hash/StandardScrypt.java
+++ b/src/main/java/com/google/firebase/auth/hash/StandardScrypt.java
@@ -24,7 +24,7 @@
  * Represents the Standard Scrypt password hashing algorithm. Can be used as an instance of
  * {@link com.google.firebase.auth.UserImportHash} when importing users.
  */
-public class StandardScrypt extends UserImportHash {
+public final class StandardScrypt extends UserImportHash {
 
   private final int derivedKeyLength;
   private final int blockSize;
diff --git a/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java b/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
new file mode 100644
index 000000000..e98911407
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
@@ -0,0 +1,222 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.json.GenericJson;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.util.Key;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.auth.AuthErrorCode;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.internal.AbstractHttpErrorHandler;
+import com.google.firebase.internal.Nullable;
+import java.io.IOException;
+import java.util.Map;
+
+final class AuthErrorHandler extends AbstractHttpErrorHandler<FirebaseAuthException> {
+
+  private static final Map<String, AuthError> ERROR_CODES =
+      ImmutableMap.<String, AuthError>builder()
+          .put(
+              "CONFIGURATION_NOT_FOUND",
+              new AuthError(
+                  ErrorCode.NOT_FOUND,
+                  "No IdP configuration found corresponding to the provided identifier",
+                  AuthErrorCode.CONFIGURATION_NOT_FOUND))
+          .put(
+              "DUPLICATE_EMAIL",
+              new AuthError(
+                  ErrorCode.ALREADY_EXISTS,
+                  "The user with the provided email already exists",
+                  AuthErrorCode.EMAIL_ALREADY_EXISTS))
+          .put(
+              "DUPLICATE_LOCAL_ID",
+              new AuthError(
+                  ErrorCode.ALREADY_EXISTS,
+                  "The user with the provided uid already exists",
+                  AuthErrorCode.UID_ALREADY_EXISTS))
+          .put(
+              "EMAIL_EXISTS",
+              new AuthError(
+                  ErrorCode.ALREADY_EXISTS,
+                  "The user with the provided email already exists",
+                  AuthErrorCode.EMAIL_ALREADY_EXISTS))
+          .put(
+              "INVALID_DYNAMIC_LINK_DOMAIN",
+              new AuthError(
+                  ErrorCode.INVALID_ARGUMENT,
+                  "The provided dynamic link domain is not "
+                      + "configured or authorized for the current project",
+                  AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN))
+          .put(
+              "PHONE_NUMBER_EXISTS",
+              new AuthError(
+                  ErrorCode.ALREADY_EXISTS,
+                  "The user with the provided phone number already exists",
+                  AuthErrorCode.PHONE_NUMBER_ALREADY_EXISTS))
+          .put(
+              "TENANT_NOT_FOUND",
+              new AuthError(
+                  ErrorCode.NOT_FOUND,
+                  "No tenant found for the given identifier",
+                  AuthErrorCode.TENANT_NOT_FOUND))
+          .put(
+              "UNAUTHORIZED_DOMAIN",
+              new AuthError(
+                  ErrorCode.INVALID_ARGUMENT,
+                  "The domain of the continue URL is not whitelisted",
+                  AuthErrorCode.UNAUTHORIZED_CONTINUE_URL))
+          .put(
+              "USER_NOT_FOUND",
+              new AuthError(
+                  ErrorCode.NOT_FOUND,
+                  "No user record found for the given identifier",
+                  AuthErrorCode.USER_NOT_FOUND))
+          .build();
+
+  private final JsonFactory jsonFactory;
+
+  AuthErrorHandler(JsonFactory jsonFactory) {
+    this.jsonFactory = checkNotNull(jsonFactory);
+  }
+
+  @Override
+  protected FirebaseAuthException createException(FirebaseException base) {
+    String response = getResponse(base);
+    AuthServiceErrorResponse parsed = safeParse(response);
+    AuthError errorInfo = ERROR_CODES.get(parsed.getCode());
+    if (errorInfo != null) {
+      return new FirebaseAuthException(
+          errorInfo.getErrorCode(),
+          errorInfo.buildMessage(parsed),
+          base.getCause(),
+          base.getHttpResponse(),
+          errorInfo.getAuthErrorCode());
+    }
+
+    return new FirebaseAuthException(base);
+  }
+
+  private String getResponse(FirebaseException base) {
+    if (base.getHttpResponse() == null) {
+      return null;
+    }
+
+    return base.getHttpResponse().getContent();
+  }
+
+  private AuthServiceErrorResponse safeParse(String response) {
+    AuthServiceErrorResponse parsed = new AuthServiceErrorResponse();
+    if (!Strings.isNullOrEmpty(response)) {
+      try {
+        jsonFactory.createJsonParser(response).parse(parsed);
+      } catch (IOException ignore) {
+        // Ignore any error that may occur while parsing the error response. The server
+        // may have responded with a non-json payload.
+      }
+    }
+
+    return parsed;
+  }
+
+  private static class AuthError {
+
+    private final ErrorCode errorCode;
+    private final String message;
+    private final AuthErrorCode authErrorCode;
+
+    AuthError(ErrorCode errorCode, String message, AuthErrorCode authErrorCode) {
+      this.errorCode = errorCode;
+      this.message = message;
+      this.authErrorCode = authErrorCode;
+    }
+
+    ErrorCode getErrorCode() {
+      return errorCode;
+    }
+
+    AuthErrorCode getAuthErrorCode() {
+      return authErrorCode;
+    }
+
+    String buildMessage(AuthServiceErrorResponse response) {
+      StringBuilder builder = new StringBuilder(this.message)
+          .append(" (").append(response.getCode()).append(")");
+      String detail = response.getDetail();
+      if (!Strings.isNullOrEmpty(detail)) {
+        builder.append(": ").append(detail);
+      } else {
+        builder.append(".");
+      }
+
+      return builder.toString();
+    }
+  }
+
+  /**
+   * JSON data binding for JSON error messages sent by Google identity toolkit service. These
+   * error messages take the form `{"error": {"message": "CODE: OPTIONAL DETAILS"}}`.
+   */
+  private static class AuthServiceErrorResponse {
+
+    @Key("error")
+    private GenericJson error;
+
+    @Nullable
+    public String getCode() {
+      String message = getMessage();
+      if (Strings.isNullOrEmpty(message)) {
+        return null;
+      }
+
+      int separator = message.indexOf(':');
+      if (separator != -1) {
+        return message.substring(0, separator);
+      }
+
+      return message;
+    }
+
+    @Nullable
+    public String getDetail() {
+      String message = getMessage();
+      if (Strings.isNullOrEmpty(message)) {
+        return null;
+      }
+
+      int separator = message.indexOf(':');
+      if (separator != -1) {
+        return message.substring(separator + 1).trim();
+      }
+
+      return null;
+    }
+
+    private String getMessage() {
+      if (error == null) {
+        return null;
+      }
+
+      return (String) error.get("message");
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/auth/internal/AuthHttpClient.java b/src/main/java/com/google/firebase/auth/internal/AuthHttpClient.java
index ad77236d1..e8413f13f 100644
--- a/src/main/java/com/google/firebase/auth/internal/AuthHttpClient.java
+++ b/src/main/java/com/google/firebase/auth/internal/AuthHttpClient.java
@@ -16,26 +16,15 @@
 
 package com.google.firebase.auth.internal;
 
-import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.base.Preconditions.checkNotNull;
-
-import com.google.api.client.http.GenericUrl;
-import com.google.api.client.http.HttpContent;
-import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestFactory;
-import com.google.api.client.http.HttpResponse;
-import com.google.api.client.http.HttpResponseException;
 import com.google.api.client.http.HttpResponseInterceptor;
-import com.google.api.client.http.json.JsonHttpContent;
 import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.JsonObjectParser;
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSortedSet;
+import com.google.firebase.IncomingHttpResponse;
 import com.google.firebase.auth.FirebaseAuthException;
-import com.google.firebase.internal.Nullable;
+import com.google.firebase.internal.ErrorHandlingHttpClient;
+import com.google.firebase.internal.HttpRequestInfo;
 import com.google.firebase.internal.SdkUtils;
-import java.io.IOException;
 import java.util.Map;
 import java.util.Set;
 
@@ -44,45 +33,17 @@
  */
 public final class AuthHttpClient {
 
-  public static final String CONFIGURATION_NOT_FOUND_ERROR = "configuration-not-found";
-  public static final String INTERNAL_ERROR = "internal-error";
-  public static final String TENANT_NOT_FOUND_ERROR = "tenant-not-found";
-  public static final String USER_NOT_FOUND_ERROR = "user-not-found";
-
   private static final String CLIENT_VERSION_HEADER = "X-Client-Version";
 
   private static final String CLIENT_VERSION = "Java/Admin/" + SdkUtils.getVersion();
 
-  // Map of server-side error codes to SDK error codes.
-  // SDK error codes defined at: https://firebase.google.com/docs/auth/admin/errors
-  private static final Map<String, String> ERROR_CODES = ImmutableMap.<String, String>builder()
-      .put("CLAIMS_TOO_LARGE", "claims-too-large")
-      .put("CONFIGURATION_NOT_FOUND", CONFIGURATION_NOT_FOUND_ERROR)
-      .put("INSUFFICIENT_PERMISSION", "insufficient-permission")
-      .put("DUPLICATE_EMAIL", "email-already-exists")
-      .put("DUPLICATE_LOCAL_ID", "uid-already-exists")
-      .put("EMAIL_EXISTS", "email-already-exists")
-      .put("INVALID_CLAIMS", "invalid-claims")
-      .put("INVALID_EMAIL", "invalid-email")
-      .put("INVALID_PAGE_SELECTION", "invalid-page-token")
-      .put("INVALID_PHONE_NUMBER", "invalid-phone-number")
-      .put("PHONE_NUMBER_EXISTS", "phone-number-already-exists")
-      .put("PROJECT_NOT_FOUND", "project-not-found")
-      .put("USER_NOT_FOUND", USER_NOT_FOUND_ERROR)
-      .put("WEAK_PASSWORD", "invalid-password")
-      .put("UNAUTHORIZED_DOMAIN", "unauthorized-continue-uri")
-      .put("INVALID_DYNAMIC_LINK_DOMAIN", "invalid-dynamic-link-domain")
-      .put("TENANT_NOT_FOUND", TENANT_NOT_FOUND_ERROR)
-      .build();
-
+  private final ErrorHandlingHttpClient<FirebaseAuthException> httpClient;
   private final JsonFactory jsonFactory;
-  private final HttpRequestFactory requestFactory;
-
-  private HttpResponseInterceptor interceptor;
 
   public AuthHttpClient(JsonFactory jsonFactory, HttpRequestFactory requestFactory) {
+    AuthErrorHandler authErrorHandler = new AuthErrorHandler(jsonFactory);
+    this.httpClient = new ErrorHandlingHttpClient<>(requestFactory, jsonFactory, authErrorHandler);
     this.jsonFactory = jsonFactory;
-    this.requestFactory = requestFactory;
   }
 
   public static Set<String> generateMask(Map<String, Object> properties) {
@@ -101,60 +62,20 @@ public static Set<String> generateMask(Map<String, Object> properties) {
   }
 
   public void setInterceptor(HttpResponseInterceptor interceptor) {
-    this.interceptor = interceptor;
+    this.httpClient.setInterceptor(interceptor);
   }
 
-  public <T> T sendRequest(
-      String method, GenericUrl url,
-      @Nullable Object content, Class<T> clazz) throws FirebaseAuthException {
+  public <T> T sendRequest(HttpRequestInfo request, Class<T> clazz) throws FirebaseAuthException {
+    IncomingHttpResponse response = this.sendRequest(request);
+    return this.parse(response, clazz);
+  }
 
-    checkArgument(!Strings.isNullOrEmpty(method), "method must not be null or empty");
-    checkNotNull(url, "url must not be null");
-    checkNotNull(clazz, "response class must not be null");
-    HttpResponse response = null;
-    try {
-      HttpContent httpContent = content != null ? new JsonHttpContent(jsonFactory, content) : null;
-      HttpRequest request =
-          requestFactory.buildRequest(method.equals("PATCH") ? "POST" : method, url, httpContent);
-      request.setParser(new JsonObjectParser(jsonFactory));
-      request.getHeaders().set(CLIENT_VERSION_HEADER, CLIENT_VERSION);
-      if (method.equals("PATCH")) {
-        request.getHeaders().set("X-HTTP-Method-Override", "PATCH");
-      }
-      request.setResponseInterceptor(interceptor);
-      response = request.execute();
-      return response.parseAs(clazz);
-    } catch (HttpResponseException e) {
-      // Server responded with an HTTP error
-      handleHttpError(e);
-      return null;
-    } catch (IOException e) {
-      // All other IO errors (Connection refused, reset, parse error etc.)
-      throw new FirebaseAuthException(
-          INTERNAL_ERROR, "Error while calling the Firebase Auth backend service", e);
-    } finally {
-      if (response != null) {
-        try {
-          response.disconnect();
-        } catch (IOException ignored) {
-          // Ignored
-        }
-      }
-    }
+  public IncomingHttpResponse sendRequest(HttpRequestInfo request) throws FirebaseAuthException {
+    request.addHeader(CLIENT_VERSION_HEADER, CLIENT_VERSION);
+    return httpClient.send(request);
   }
 
-  private void handleHttpError(HttpResponseException e) throws FirebaseAuthException {
-    try {
-      HttpErrorResponse response = jsonFactory.fromString(e.getContent(), HttpErrorResponse.class);
-      String code = ERROR_CODES.get(response.getErrorCode());
-      if (code != null) {
-        throw new FirebaseAuthException(code, "Firebase Auth service responded with an error", e);
-      }
-    } catch (IOException ignored) {
-      // Ignored
-    }
-    String msg = String.format(
-        "Unexpected HTTP response with status: %d; body: %s", e.getStatusCode(), e.getContent());
-    throw new FirebaseAuthException(INTERNAL_ERROR, msg, e);
+  public <T> T parse(IncomingHttpResponse response, Class<T> clazz) throws FirebaseAuthException {
+    return httpClient.parse(response, clazz);
   }
 }
diff --git a/src/main/java/com/google/firebase/auth/internal/CryptoSigner.java b/src/main/java/com/google/firebase/auth/internal/CryptoSigner.java
index 3036f9f28..2ff30a20c 100644
--- a/src/main/java/com/google/firebase/auth/internal/CryptoSigner.java
+++ b/src/main/java/com/google/firebase/auth/internal/CryptoSigner.java
@@ -16,6 +16,7 @@
 
 package com.google.firebase.auth.internal;
 
+import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.internal.NonNull;
 import java.io.IOException;
 
@@ -32,10 +33,10 @@ interface CryptoSigner {
    *
    * @param payload Data to be signed
    * @return Signature as a byte array
-   * @throws IOException If an error occurs during signing
+   * @throws FirebaseAuthException If an error occurs during signing
    */
   @NonNull
-  byte[] sign(@NonNull byte[] payload) throws IOException;
+  byte[] sign(@NonNull byte[] payload) throws FirebaseAuthException;
 
   /**
    * Returns the client email of the service account used to sign payloads.
diff --git a/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java b/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java
index 6ea70b880..7bc54afdf 100644
--- a/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java
+++ b/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java
@@ -8,10 +8,8 @@
 import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpResponse;
 import com.google.api.client.http.HttpResponseInterceptor;
-import com.google.api.client.http.json.JsonHttpContent;
+import com.google.api.client.json.GenericJson;
 import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.JsonObjectParser;
-import com.google.api.client.util.Key;
 import com.google.api.client.util.StringUtils;
 import com.google.auth.ServiceAccountSigner;
 import com.google.auth.oauth2.GoogleCredentials;
@@ -21,9 +19,13 @@
 import com.google.common.io.BaseEncoding;
 import com.google.common.io.ByteStreams;
 import com.google.firebase.FirebaseApp;
-import com.google.firebase.FirebaseOptions;
+import com.google.firebase.FirebaseException;
 import com.google.firebase.ImplFirebaseTrampolines;
-import com.google.firebase.internal.FirebaseRequestInitializer;
+import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.internal.AbstractPlatformErrorHandler;
+import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.ErrorHandlingHttpClient;
+import com.google.firebase.internal.HttpRequestInfo;
 import com.google.firebase.internal.NonNull;
 import java.io.IOException;
 import java.util.Map;
@@ -34,7 +36,9 @@
 public class CryptoSigners {
 
   private static final String METADATA_SERVICE_URL =
-      "http://metadata/computeMetadata/v1/instance/service-accounts/default/email";
+      "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email";
+
+  private CryptoSigners() { }
 
   /**
    * A {@link CryptoSigner} implementation that uses service account credentials or equivalent
@@ -69,48 +73,33 @@ static class IAMCryptoSigner implements CryptoSigner {
     private static final String IAM_SIGN_BLOB_URL =
         "https://iam.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";
 
-    private final HttpRequestFactory requestFactory;
-    private final JsonFactory jsonFactory;
     private final String serviceAccount;
-    private HttpResponseInterceptor interceptor;
+    private final ErrorHandlingHttpClient<FirebaseAuthException> httpClient;
 
     IAMCryptoSigner(
         @NonNull HttpRequestFactory requestFactory,
         @NonNull JsonFactory jsonFactory,
         @NonNull String serviceAccount) {
-      this.requestFactory = checkNotNull(requestFactory);
-      this.jsonFactory = checkNotNull(jsonFactory);
       checkArgument(!Strings.isNullOrEmpty(serviceAccount));
       this.serviceAccount = serviceAccount;
+      this.httpClient = new ErrorHandlingHttpClient<>(
+          requestFactory,
+          jsonFactory,
+          new IAMErrorHandler(jsonFactory));
     }
 
     void setInterceptor(HttpResponseInterceptor interceptor) {
-      this.interceptor = interceptor;
+      httpClient.setInterceptor(interceptor);
     }
 
     @Override
-    public byte[] sign(byte[] payload) throws IOException {
-      String encodedUrl = String.format(IAM_SIGN_BLOB_URL, serviceAccount);
-      HttpResponse response = null;
+    public byte[] sign(byte[] payload) throws FirebaseAuthException {
       String encodedPayload = BaseEncoding.base64().encode(payload);
       Map<String, String> content = ImmutableMap.of("bytesToSign", encodedPayload);
-      try {
-        HttpRequest request = requestFactory.buildPostRequest(new GenericUrl(encodedUrl),
-            new JsonHttpContent(jsonFactory, content));
-        request.setParser(new JsonObjectParser(jsonFactory));
-        request.setResponseInterceptor(interceptor);
-        response = request.execute();
-        SignBlobResponse parsed = response.parseAs(SignBlobResponse.class);
-        return BaseEncoding.base64().decode(parsed.signature);
-      } finally {
-        if (response != null) {
-          try {
-            response.disconnect();
-          } catch (IOException ignored) {
-            // Ignored
-          }
-        }
-      }
+      String encodedUrl = String.format(IAM_SIGN_BLOB_URL, serviceAccount);
+      HttpRequestInfo requestInfo = HttpRequestInfo.buildJsonPostRequest(encodedUrl, content);
+      GenericJson parsed = httpClient.sendAndParse(requestInfo, GenericJson.class);
+      return BaseEncoding.base64().decode((String) parsed.get("signature"));
     }
 
     @Override
@@ -119,9 +108,17 @@ public String getAccount() {
     }
   }
 
-  public static class SignBlobResponse {
-    @Key("signature")
-    private String signature;
+  private static class IAMErrorHandler
+      extends AbstractPlatformErrorHandler<FirebaseAuthException> {
+
+    IAMErrorHandler(JsonFactory jsonFactory) {
+      super(jsonFactory);
+    }
+
+    @Override
+    protected FirebaseAuthException createException(FirebaseException base) {
+      return new FirebaseAuthException(base);
+    }
   }
 
   /**
@@ -136,14 +133,12 @@ public static CryptoSigner getCryptoSigner(FirebaseApp firebaseApp) throws IOExc
       return new ServiceAccountCryptoSigner((ServiceAccountCredentials) credentials);
     }
 
-    FirebaseOptions options = firebaseApp.getOptions();
-    HttpRequestFactory requestFactory = options.getHttpTransport().createRequestFactory(
-        new FirebaseRequestInitializer(firebaseApp));
-    JsonFactory jsonFactory = options.getJsonFactory();
+    HttpRequestFactory requestFactory = ApiClientUtils.newAuthorizedRequestFactory(firebaseApp);
+    JsonFactory jsonFactory = firebaseApp.getOptions().getJsonFactory();
 
     // If the SDK was initialized with a service account email, use it with the IAM service
     // to sign bytes.
-    String serviceAccountId = options.getServiceAccountId();
+    String serviceAccountId = firebaseApp.getOptions().getServiceAccountId();
     if (!Strings.isNullOrEmpty(serviceAccountId)) {
       return new IAMCryptoSigner(requestFactory, jsonFactory, serviceAccountId);
     }
@@ -156,15 +151,22 @@ public static CryptoSigner getCryptoSigner(FirebaseApp firebaseApp) throws IOExc
 
     // Attempt to discover a service account email from the local Metadata service. Use it
     // with the IAM service to sign bytes.
-    HttpRequest request = requestFactory.buildGetRequest(new GenericUrl(METADATA_SERVICE_URL));
+    serviceAccountId = discoverServiceAccountId(firebaseApp);
+    return new IAMCryptoSigner(requestFactory, jsonFactory, serviceAccountId);
+  }
+
+  private static String discoverServiceAccountId(FirebaseApp firebaseApp) throws IOException {
+    HttpRequestFactory metadataRequestFactory =
+        ApiClientUtils.newUnauthorizedRequestFactory(firebaseApp);
+    HttpRequest request = metadataRequestFactory.buildGetRequest(
+        new GenericUrl(METADATA_SERVICE_URL));
     request.getHeaders().set("Metadata-Flavor", "Google");
     HttpResponse response = request.execute();
     try {
       byte[] output = ByteStreams.toByteArray(response.getContent());
-      serviceAccountId = StringUtils.newStringUtf8(output).trim();
-      return new IAMCryptoSigner(requestFactory, jsonFactory, serviceAccountId);
+      return StringUtils.newStringUtf8(output).trim();
     } finally {
-      response.disconnect();
+      ApiClientUtils.disconnectQuietly(response);
     }
   }
 }
diff --git a/src/main/java/com/google/firebase/auth/internal/FirebaseTokenFactory.java b/src/main/java/com/google/firebase/auth/internal/FirebaseTokenFactory.java
index 778911d46..b5aa1e31a 100644
--- a/src/main/java/com/google/firebase/auth/internal/FirebaseTokenFactory.java
+++ b/src/main/java/com/google/firebase/auth/internal/FirebaseTokenFactory.java
@@ -25,7 +25,9 @@
 import com.google.api.client.util.Base64;
 import com.google.api.client.util.Clock;
 import com.google.api.client.util.StringUtils;
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
+import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.internal.Nullable;
 
 import java.io.IOException;
@@ -44,10 +46,6 @@ public class FirebaseTokenFactory {
   private final CryptoSigner signer;
   private final String tenantId;
 
-  public FirebaseTokenFactory(JsonFactory jsonFactory, Clock clock, CryptoSigner signer) {
-    this(jsonFactory, clock, signer, null);
-  }
-
   public FirebaseTokenFactory(
       JsonFactory jsonFactory, Clock clock, CryptoSigner signer, @Nullable String tenantId) {
     this.jsonFactory = checkNotNull(jsonFactory);
@@ -56,12 +54,17 @@ public FirebaseTokenFactory(
     this.tenantId = tenantId;
   }
 
-  String createSignedCustomAuthTokenForUser(String uid) throws IOException {
+  @VisibleForTesting
+  FirebaseTokenFactory(JsonFactory jsonFactory, Clock clock, CryptoSigner signer) {
+    this(jsonFactory, clock, signer, null);
+  }
+
+  String createSignedCustomAuthTokenForUser(String uid) throws FirebaseAuthException {
     return createSignedCustomAuthTokenForUser(uid, null);
   }
 
   public String createSignedCustomAuthTokenForUser(
-      String uid, Map<String, Object> developerClaims) throws IOException {
+      String uid, Map<String, Object> developerClaims) throws FirebaseAuthException {
     checkArgument(!Strings.isNullOrEmpty(uid), "Uid must be provided.");
     checkArgument(uid.length() <= 128, "Uid must be shorter than 128 characters.");
 
@@ -88,20 +91,33 @@ public String createSignedCustomAuthTokenForUser(
               String.format("developerClaims must not contain a reserved key: %s", key));
         }
       }
+
       GenericJson jsonObject = new GenericJson();
       jsonObject.putAll(developerClaims);
       payload.setDeveloperClaims(jsonObject);
     }
+
     return signPayload(header, payload);
   }
 
-  private String signPayload(JsonWebSignature.Header header,
-      FirebaseCustomAuthToken.Payload payload) throws IOException {
-    String headerString = Base64.encodeBase64URLSafeString(jsonFactory.toByteArray(header));
-    String payloadString = Base64.encodeBase64URLSafeString(jsonFactory.toByteArray(payload));
-    String content = headerString + "." + payloadString;
+  private String signPayload(
+      JsonWebSignature.Header header,
+      FirebaseCustomAuthToken.Payload payload) throws FirebaseAuthException {
+    String content = encodePayload(header, payload);
     byte[] contentBytes = StringUtils.getBytesUtf8(content);
     String signature = Base64.encodeBase64URLSafeString(signer.sign(contentBytes));
     return content + "." + signature;
   }
+
+  private String encodePayload(
+      JsonWebSignature.Header header, FirebaseCustomAuthToken.Payload payload) {
+    try {
+      String headerString = Base64.encodeBase64URLSafeString(jsonFactory.toByteArray(header));
+      String payloadString = Base64.encodeBase64URLSafeString(jsonFactory.toByteArray(payload));
+      return headerString + "." + payloadString;
+    } catch (IOException e) {
+      throw new IllegalArgumentException(
+          "Failed to encode JWT with the given claims: " + e.getMessage(), e);
+    }
+  }
 }
diff --git a/src/main/java/com/google/firebase/auth/internal/HttpErrorResponse.java b/src/main/java/com/google/firebase/auth/internal/HttpErrorResponse.java
deleted file mode 100644
index d4be4b4a6..000000000
--- a/src/main/java/com/google/firebase/auth/internal/HttpErrorResponse.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.google.firebase.auth.internal;
-
-import com.google.api.client.util.Key;
-import com.google.common.base.Strings;
-
-/**
- * JSON data binding for JSON error messages sent by Google identity toolkit service.
- */
-public class HttpErrorResponse {
-
-  @Key("error")
-  private Error error;
-
-  public String getErrorCode() {
-    if (error != null) {
-      if (!Strings.isNullOrEmpty(error.getCode())) {
-        return error.getCode();
-      }
-    }
-    return "unknown";
-  }
-
-  public static class Error {
-
-    @Key("message")
-    private String code;
-
-    public String getCode() {
-      return code;
-    }
-  }
-
-}
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java b/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java
index 1278e63d5..5b776a49a 100644
--- a/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java
+++ b/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java
@@ -19,7 +19,6 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 
-import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpResponseInterceptor;
 import com.google.api.client.json.GenericJson;
@@ -33,6 +32,7 @@
 import com.google.firebase.auth.internal.AuthHttpClient;
 import com.google.firebase.auth.internal.ListTenantsResponse;
 import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.HttpRequestInfo;
 import java.util.Map;
 
 final class FirebaseTenantClient {
@@ -46,15 +46,19 @@ final class FirebaseTenantClient {
   private final AuthHttpClient httpClient;
 
   FirebaseTenantClient(FirebaseApp app) {
-    checkNotNull(app, "FirebaseApp must not be null");
-    String projectId = ImplFirebaseTrampolines.getProjectId(app);
+    this(
+        ImplFirebaseTrampolines.getProjectId(checkNotNull(app)),
+        app.getOptions().getJsonFactory(),
+        ApiClientUtils.newAuthorizedRequestFactory(app));
+  }
+
+  FirebaseTenantClient(
+      String projectId, JsonFactory jsonFactory, HttpRequestFactory requestFactory) {
     checkArgument(!Strings.isNullOrEmpty(projectId),
         "Project ID is required to access the auth service. Use a service account credential or "
             + "set the project ID explicitly via FirebaseOptions. Alternatively you can also "
             + "set the project ID via the GOOGLE_CLOUD_PROJECT environment variable.");
     this.tenantMgtBaseUrl = String.format(ID_TOOLKIT_URL, "v2", projectId);
-    JsonFactory jsonFactory = app.getOptions().getJsonFactory();
-    HttpRequestFactory requestFactory = ApiClientUtils.newAuthorizedRequestFactory(app);
     this.httpClient = new AuthHttpClient(jsonFactory, requestFactory);
   }
 
@@ -63,25 +67,28 @@ void setInterceptor(HttpResponseInterceptor interceptor) {
   }
 
   Tenant getTenant(String tenantId) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + getTenantUrlSuffix(tenantId));
-    return httpClient.sendRequest("GET", url, null, Tenant.class);
+    String url = tenantMgtBaseUrl + getTenantUrlSuffix(tenantId);
+    return httpClient.sendRequest(HttpRequestInfo.buildGetRequest(url), Tenant.class);
   }
 
   Tenant createTenant(Tenant.CreateRequest request) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + "/tenants");
-    return httpClient.sendRequest("POST", url, request.getProperties(), Tenant.class);
+    String url = tenantMgtBaseUrl + "/tenants";
+    return httpClient.sendRequest(
+        HttpRequestInfo.buildJsonPostRequest(url, request.getProperties()),
+        Tenant.class);
   }
 
   Tenant updateTenant(Tenant.UpdateRequest request) throws FirebaseAuthException {
     Map<String, Object> properties = request.getProperties();
-    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + getTenantUrlSuffix(request.getTenantId()));
-    url.put("updateMask", Joiner.on(",").join(AuthHttpClient.generateMask(properties)));
-    return httpClient.sendRequest("PATCH", url, properties, Tenant.class);
+    String url = tenantMgtBaseUrl + getTenantUrlSuffix(request.getTenantId());
+    HttpRequestInfo requestInfo = HttpRequestInfo.buildJsonPatchRequest(url, properties)
+        .addParameter("updateMask", Joiner.on(",").join(AuthHttpClient.generateMask(properties)));
+    return httpClient.sendRequest(requestInfo, Tenant.class);
   }
 
   void deleteTenant(String tenantId) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + getTenantUrlSuffix(tenantId));
-    httpClient.sendRequest("DELETE", url, null, GenericJson.class);
+    String url = tenantMgtBaseUrl + getTenantUrlSuffix(tenantId);
+    httpClient.sendRequest(HttpRequestInfo.buildDeleteRequest(url), GenericJson.class);
   }
 
   ListTenantsResponse listTenants(int maxResults, String pageToken)
@@ -94,14 +101,9 @@ ListTenantsResponse listTenants(int maxResults, String pageToken)
       builder.put("pageToken", pageToken);
     }
 
-    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + "/tenants");
-    url.putAll(builder.build());
-    ListTenantsResponse response = httpClient.sendRequest(
-        "GET", url, null, ListTenantsResponse.class);
-    if (response == null) {
-      throw new FirebaseAuthException(AuthHttpClient.INTERNAL_ERROR, "Failed to retrieve tenants.");
-    }
-    return response;
+    HttpRequestInfo requestInfo = HttpRequestInfo.buildGetRequest(tenantMgtBaseUrl + "/tenants")
+        .addAllParameters(builder.build());
+    return httpClient.sendRequest(requestInfo, ListTenantsResponse.class);
   }
 
   private static String getTenantUrlSuffix(String tenantId) {
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/ListTenantsPage.java b/src/main/java/com/google/firebase/auth/multitenancy/ListTenantsPage.java
index c1f393ddb..5f9917bce 100644
--- a/src/main/java/com/google/firebase/auth/multitenancy/ListTenantsPage.java
+++ b/src/main/java/com/google/firebase/auth/multitenancy/ListTenantsPage.java
@@ -96,14 +96,14 @@ public ListTenantsPage getNextPage() {
   }
 
   /**
-   * Returns an {@link Iterable} that facilitates transparently iterating over all the tenants in
+   * Returns an {@code Iterable} that facilitates transparently iterating over all the tenants in
    * the current Firebase project, starting from this page.
    *
-   * <p>The {@link Iterator} instances produced by the returned {@link Iterable} never buffers more
+   * <p>The {@code Iterator} instances produced by the returned {@code Iterable} never buffers more
    * than one page of tenants at a time. It is safe to abandon the iterators (i.e. break the loops)
    * at any time.
    *
-   * @return a new {@link Iterable} instance.
+   * @return a new {@code Iterable} instance.
    */
   @NonNull
   @Override
@@ -112,9 +112,9 @@ public Iterable<Tenant> iterateAll() {
   }
 
   /**
-   * Returns an {@link Iterable} over the tenants in this page.
+   * Returns an {@code Iterable} over the tenants in this page.
    *
-   * @return a {@link Iterable} instance.
+   * @return a {@code Iterable} instance.
    */
   @NonNull
   @Override
@@ -137,7 +137,7 @@ public Iterator<Tenant> iterator() {
     }
 
     /**
-     * An {@link Iterator} that cycles through tenants, one at a time.
+     * An {@code Iterator} that cycles through tenants, one at a time.
      *
      * <p>It buffers the last retrieved batch of tenants in memory. The {@code maxResults} parameter
      * is an upper bound on the batch size.
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java b/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java
index dcb226d28..a30c0b884 100644
--- a/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java
+++ b/src/main/java/com/google/firebase/auth/multitenancy/TenantManager.java
@@ -54,8 +54,13 @@ public final class TenantManager {
    * @hide
    */
   public TenantManager(FirebaseApp firebaseApp) {
-    this.firebaseApp = firebaseApp;
-    this.tenantClient = new FirebaseTenantClient(firebaseApp);
+    this(firebaseApp, new FirebaseTenantClient(firebaseApp));
+  }
+
+  @VisibleForTesting
+  TenantManager(FirebaseApp firebaseApp, FirebaseTenantClient tenantClient) {
+    this.firebaseApp = checkNotNull(firebaseApp);
+    this.tenantClient = checkNotNull(tenantClient);
     this.tenantAwareAuths = new HashMap<>();
   }
 
diff --git a/src/main/java/com/google/firebase/database/core/JvmAuthTokenProvider.java b/src/main/java/com/google/firebase/database/core/JvmAuthTokenProvider.java
index a1cb79688..9b862ba86 100644
--- a/src/main/java/com/google/firebase/database/core/JvmAuthTokenProvider.java
+++ b/src/main/java/com/google/firebase/database/core/JvmAuthTokenProvider.java
@@ -112,7 +112,7 @@ private static class TokenChangeListenerWrapper implements CredentialsChangedLis
     }
 
     @Override
-    public void onChanged(OAuth2Credentials credentials) throws IOException {
+    public void onChanged(OAuth2Credentials credentials) {
       // When this event fires, it is guaranteed that credentials.getAccessToken() will return a
       // valid OAuth2 token.
       final AccessToken accessToken = credentials.getAccessToken();
diff --git a/src/main/java/com/google/firebase/iid/FirebaseInstanceId.java b/src/main/java/com/google/firebase/iid/FirebaseInstanceId.java
index 7ac527778..822654402 100644
--- a/src/main/java/com/google/firebase/iid/FirebaseInstanceId.java
+++ b/src/main/java/com/google/firebase/iid/FirebaseInstanceId.java
@@ -17,29 +17,27 @@
 package com.google.firebase.iid;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
 
-import com.google.api.client.http.GenericUrl;
-import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestFactory;
-import com.google.api.client.http.HttpResponse;
-import com.google.api.client.http.HttpResponseException;
 import com.google.api.client.http.HttpResponseInterceptor;
-import com.google.api.client.http.HttpTransport;
-import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.JsonObjectParser;
 import com.google.api.core.ApiFuture;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableMap;
-import com.google.common.io.ByteStreams;
 import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseException;
 import com.google.firebase.ImplFirebaseTrampolines;
+import com.google.firebase.IncomingHttpResponse;
+import com.google.firebase.database.annotations.Nullable;
+import com.google.firebase.internal.AbstractHttpErrorHandler;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.CallableOperation;
-import com.google.firebase.internal.FirebaseRequestInitializer;
+import com.google.firebase.internal.ErrorHandlingHttpClient;
 import com.google.firebase.internal.FirebaseService;
+import com.google.firebase.internal.HttpRequestInfo;
 import com.google.firebase.internal.NonNull;
 
-import java.io.IOException;
 import java.util.Map;
 
 /**
@@ -64,22 +62,30 @@ public class FirebaseInstanceId {
       .build();
 
   private final FirebaseApp app;
-  private final HttpRequestFactory requestFactory;
-  private final JsonFactory jsonFactory;
   private final String projectId;
-
-  private HttpResponseInterceptor interceptor;
+  private final ErrorHandlingHttpClient<FirebaseInstanceIdException> httpClient;
 
   private FirebaseInstanceId(FirebaseApp app) {
-    HttpTransport httpTransport = app.getOptions().getHttpTransport();
-    this.app = app;
-    this.requestFactory = httpTransport.createRequestFactory(new FirebaseRequestInitializer(app));
-    this.jsonFactory = app.getOptions().getJsonFactory();
-    this.projectId = ImplFirebaseTrampolines.getProjectId(app);
+    this(app, null);
+  }
+
+  @VisibleForTesting
+  FirebaseInstanceId(FirebaseApp app, @Nullable HttpRequestFactory requestFactory) {
+    this.app = checkNotNull(app, "app must not be null");
+    String projectId = ImplFirebaseTrampolines.getProjectId(app);
     checkArgument(!Strings.isNullOrEmpty(projectId),
         "Project ID is required to access instance ID service. Use a service account credential or "
             + "set the project ID explicitly via FirebaseOptions. Alternatively you can also "
             + "set the project ID via the GOOGLE_CLOUD_PROJECT environment variable.");
+    this.projectId = projectId;
+    if (requestFactory == null) {
+      requestFactory = ApiClientUtils.newAuthorizedRequestFactory(app);
+    }
+
+    this.httpClient = new ErrorHandlingHttpClient<>(
+        requestFactory,
+        app.getOptions().getJsonFactory(),
+        new InstanceIdErrorHandler());
   }
 
   /**
@@ -107,7 +113,7 @@ public static synchronized FirebaseInstanceId getInstance(FirebaseApp app) {
 
   @VisibleForTesting
   void setInterceptor(HttpResponseInterceptor interceptor) {
-    this.interceptor = interceptor;
+    httpClient.setInterceptor(interceptor);
   }
 
   /**
@@ -146,42 +152,45 @@ private CallableOperation<Void, FirebaseInstanceIdException> deleteInstanceIdOp(
       protected Void execute() throws FirebaseInstanceIdException {
         String url = String.format(
             "%s/project/%s/instanceId/%s", IID_SERVICE_URL, projectId, instanceId);
-        HttpResponse response = null;
-        try {
-          HttpRequest request = requestFactory.buildDeleteRequest(new GenericUrl(url));
-          request.setParser(new JsonObjectParser(jsonFactory));
-          request.setResponseInterceptor(interceptor);
-          response = request.execute();
-          ByteStreams.exhaust(response.getContent());
-        } catch (Exception e) {
-          handleError(instanceId, e);
-        } finally {
-          disconnectQuietly(response);
-        }
+        HttpRequestInfo request = HttpRequestInfo.buildDeleteRequest(url);
+        httpClient.send(request);
         return null;
       }
     };
   }
 
-  private static void disconnectQuietly(HttpResponse response) {
-    if (response != null) {
-      try {
-        response.disconnect();
-      } catch (IOException ignored) {
-        // ignored
+  private static class InstanceIdErrorHandler
+      extends AbstractHttpErrorHandler<FirebaseInstanceIdException> {
+
+    @Override
+    protected FirebaseInstanceIdException createException(FirebaseException base) {
+      String message = base.getMessage();
+      String customMessage = getCustomMessage(base);
+      if (!Strings.isNullOrEmpty(customMessage)) {
+        message = customMessage;
       }
+
+      return new FirebaseInstanceIdException(base, message);
     }
-  }
 
-  private void handleError(String instanceId, Exception e) throws FirebaseInstanceIdException {
-    String msg = "Error while invoking instance ID service.";
-    if (e instanceof HttpResponseException) {
-      int statusCode = ((HttpResponseException) e).getStatusCode();
-      if (ERROR_CODES.containsKey(statusCode)) {
-        msg = String.format("Instance ID \"%s\": %s", instanceId, ERROR_CODES.get(statusCode));
+    private String getCustomMessage(FirebaseException base) {
+      IncomingHttpResponse response = base.getHttpResponse();
+      if (response != null) {
+        String instanceId = extractInstanceId(response);
+        String description = ERROR_CODES.get(response.getStatusCode());
+        if (description != null) {
+          return String.format("Instance ID \"%s\": %s", instanceId, description);
+        }
       }
+
+      return null;
+    }
+
+    private String extractInstanceId(IncomingHttpResponse response) {
+      String url = response.getRequest().getUrl();
+      int index = url.lastIndexOf('/');
+      return url.substring(index + 1);
     }
-    throw new FirebaseInstanceIdException(msg, e);
   }
 
   private static final String SERVICE_ID = FirebaseInstanceId.class.getName();
diff --git a/src/main/java/com/google/firebase/iid/FirebaseInstanceIdException.java b/src/main/java/com/google/firebase/iid/FirebaseInstanceIdException.java
index dfe0087fc..482a23a3d 100644
--- a/src/main/java/com/google/firebase/iid/FirebaseInstanceIdException.java
+++ b/src/main/java/com/google/firebase/iid/FirebaseInstanceIdException.java
@@ -21,9 +21,9 @@
 /**
  * Represents an exception encountered while interacting with the Firebase instance ID service.
  */
-public class FirebaseInstanceIdException extends FirebaseException {
+public final class FirebaseInstanceIdException extends FirebaseException {
 
-  FirebaseInstanceIdException(String detailMessage, Throwable cause) {
-    super(detailMessage, cause);
+  FirebaseInstanceIdException(FirebaseException base, String message) {
+    super(base.getErrorCode(), message, base.getCause(), base.getHttpResponse());
   }
 }
diff --git a/src/main/java/com/google/firebase/internal/AbstractHttpErrorHandler.java b/src/main/java/com/google/firebase/internal/AbstractHttpErrorHandler.java
new file mode 100644
index 000000000..4d1f6b26e
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/AbstractHttpErrorHandler.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.http.HttpStatusCodes;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.IncomingHttpResponse;
+import java.io.IOException;
+import java.net.NoRouteToHostException;
+import java.net.SocketTimeoutException;
+import java.net.UnknownHostException;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * An abstract HttpErrorHandler implementation that maps HTTP status codes to Firebase error codes.
+ * Also provides reasonable default implementations to other error handler methods in the
+ * HttpErrorHandler interface.
+ */
+public abstract class AbstractHttpErrorHandler<T extends FirebaseException>
+    implements HttpErrorHandler<T> {
+
+  private static final Map<Integer, ErrorCode> HTTP_ERROR_CODES =
+      ImmutableMap.<Integer, ErrorCode>builder()
+          .put(HttpStatusCodes.STATUS_CODE_BAD_REQUEST, ErrorCode.INVALID_ARGUMENT)
+          .put(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED, ErrorCode.UNAUTHENTICATED)
+          .put(HttpStatusCodes.STATUS_CODE_FORBIDDEN, ErrorCode.PERMISSION_DENIED)
+          .put(HttpStatusCodes.STATUS_CODE_NOT_FOUND, ErrorCode.NOT_FOUND)
+          .put(HttpStatusCodes.STATUS_CODE_CONFLICT, ErrorCode.CONFLICT)
+          .put(429, ErrorCode.RESOURCE_EXHAUSTED)
+          .put(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, ErrorCode.INTERNAL)
+          .put(HttpStatusCodes.STATUS_CODE_SERVICE_UNAVAILABLE, ErrorCode.UNAVAILABLE)
+          .build();
+
+  @Override
+  public final T handleHttpResponseException(
+      HttpResponseException e, IncomingHttpResponse response) {
+    FirebaseException base = this.httpResponseErrorToBaseException(e, response);
+    return this.createException(base);
+  }
+
+  @Override
+  public final T handleIOException(IOException e) {
+    FirebaseException base = this.ioErrorToBaseException(e);
+    return this.createException(base);
+  }
+
+  @Override
+  public final T handleParseException(IOException e, IncomingHttpResponse response) {
+    FirebaseException base = this.parseErrorToBaseException(e, response);
+    return this.createException(base);
+  }
+
+  /**
+   * Creates a FirebaseException from the given HTTP response error. Error code is determined from
+   * the HTTP status code of the response. Error message includes both the status code and full
+   * response payload to aid in debugging.
+   *
+   * @param e HTTP response exception.
+   * @param response Incoming HTTP response.
+   * @return A FirebaseException instance.
+   */
+  protected FirebaseException httpResponseErrorToBaseException(
+      HttpResponseException e, IncomingHttpResponse response) {
+    ErrorCode code = HTTP_ERROR_CODES.get(e.getStatusCode());
+    if (code == null) {
+      code = ErrorCode.UNKNOWN;
+    }
+
+    String message = String.format("Unexpected HTTP response with status: %d\n%s",
+        e.getStatusCode(), e.getContent());
+    return new FirebaseException(code, message, e, response);
+  }
+
+  /**
+   * Creates a FirebaseException from the given IOException. If IOException resulted from a socket
+   * timeout, sets the error code DEADLINE_EXCEEDED. If the IOException resulted from a network
+   * outage or other connectivity issue, sets the error code to UNAVAILABLE. In all other cases sets
+   * the error code to UNKNOWN.
+   *
+   * @param e IOException to create the new exception from.
+   * @return A FirebaseException instance.
+   */
+  protected FirebaseException ioErrorToBaseException(IOException e) {
+    ErrorCode code = ErrorCode.UNKNOWN;
+    String message = "Unknown error while making a remote service call" ;
+    if (isInstance(e, SocketTimeoutException.class)) {
+      code = ErrorCode.DEADLINE_EXCEEDED;
+      message = "Timed out while making an API call";
+    }
+
+    if (isInstance(e, UnknownHostException.class) || isInstance(e, NoRouteToHostException.class)) {
+      code = ErrorCode.UNAVAILABLE;
+      message = "Failed to establish a connection";
+    }
+
+    return new FirebaseException(code, message + ": " + e.getMessage(), e);
+  }
+
+  protected FirebaseException parseErrorToBaseException(
+      IOException e, IncomingHttpResponse response) {
+    return new FirebaseException(
+        ErrorCode.UNKNOWN, "Error while parsing HTTP response: " + e.getMessage(), e, response);
+  }
+
+  /**
+   * Converts the given base FirebaseException to a more specific exception type. The base exception
+   * is guaranteed to have an error code, a message and a cause. But the HTTP response is only set
+   * if the exception occurred after receiving a response from a remote server.
+   *
+   * @param base A FirebaseException.
+   * @return A more specific exception created from the base.
+   */
+  protected abstract T createException(FirebaseException base);
+
+  /**
+   * Checks if the given exception stack t contains an instance of type.
+   */
+  private <U> boolean isInstance(IOException t, Class<U> type) {
+    Throwable current = t;
+    Set<Throwable> chain = new HashSet<>();
+    while (current != null) {
+      if (!chain.add(current)) {
+        break;
+      }
+
+      if (type.isInstance(current)) {
+        return true;
+      }
+
+      current = current.getCause();
+    }
+
+    return false;
+  }
+}
diff --git a/src/main/java/com/google/firebase/internal/AbstractPlatformErrorHandler.java b/src/main/java/com/google/firebase/internal/AbstractPlatformErrorHandler.java
new file mode 100644
index 000000000..b0909e4f7
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/AbstractPlatformErrorHandler.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.util.Key;
+import com.google.common.base.Strings;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.IncomingHttpResponse;
+import java.io.IOException;
+
+/**
+ * An abstract HttpErrorHandler that handles Google Cloud error responses. Format of these
+ * error responses are defined at https://cloud.google.com/apis/design/errors.
+ */
+public abstract class AbstractPlatformErrorHandler<T extends FirebaseException>
+    extends AbstractHttpErrorHandler<T> {
+
+  protected final JsonFactory jsonFactory;
+
+  public AbstractPlatformErrorHandler(JsonFactory jsonFactory) {
+    this.jsonFactory = checkNotNull(jsonFactory, "jsonFactory must not be null");
+  }
+
+  @Override
+  protected final FirebaseException httpResponseErrorToBaseException(
+      HttpResponseException e, IncomingHttpResponse response) {
+    FirebaseException base = super.httpResponseErrorToBaseException(e, response);
+    PlatformErrorResponse parsedError = this.parseErrorResponse(e.getContent());
+
+    ErrorCode code = base.getErrorCode();
+    String status = parsedError.getStatus();
+    if (!Strings.isNullOrEmpty(status)) {
+      code = Enum.valueOf(ErrorCode.class, parsedError.getStatus());
+    }
+
+    String message = parsedError.getMessage();
+    if (Strings.isNullOrEmpty(message)) {
+      message = base.getMessage();
+    }
+
+    return new FirebaseException(code, message, e, response);
+  }
+
+  private PlatformErrorResponse parseErrorResponse(String content) {
+    PlatformErrorResponse response = new PlatformErrorResponse();
+    if (!Strings.isNullOrEmpty(content)) {
+      try {
+        jsonFactory.createJsonParser(content).parseAndClose(response);
+      } catch (IOException e) {
+        // Ignore any error that may occur while parsing the error response. The server
+        // may have responded with a non-json payload. Return an empty return value, and
+        // let the base class logic come into play.
+      }
+    }
+
+    return response;
+  }
+
+  public static class PlatformErrorResponse {
+    @Key("error")
+    private PlatformError error;
+
+    String getStatus() {
+      return error != null ? error.status : null;
+    }
+
+    String getMessage() {
+      return error != null ? error.message : null;
+    }
+  }
+
+  public static class PlatformError {
+    @Key("status")
+    private String status;
+
+    @Key("message")
+    private String message;
+  }
+}
diff --git a/src/main/java/com/google/firebase/internal/ApiClientUtils.java b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
index 36ccf5cc8..f2724196b 100644
--- a/src/main/java/com/google/firebase/internal/ApiClientUtils.java
+++ b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
@@ -35,6 +35,8 @@ public class ApiClientUtils {
       .setMaxIntervalMillis(60 * 1000)
       .build();
 
+  private ApiClientUtils() { }
+
   /**
    * Creates a new {@code HttpRequestFactory} which provides authorization (OAuth2), timeouts and
    * automatic retries.
diff --git a/src/main/java/com/google/firebase/internal/ErrorHandlingHttpClient.java b/src/main/java/com/google/firebase/internal/ErrorHandlingHttpClient.java
new file mode 100644
index 000000000..5efdd0ec2
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/ErrorHandlingHttpClient.java
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.HttpResponse;
+import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.http.HttpResponseInterceptor;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.json.JsonParser;
+import com.google.common.io.CharStreams;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.IncomingHttpResponse;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+
+/**
+ * An HTTP client implementation that handles any errors that may occur during HTTP calls, and
+ * converts them into an instance of FirebaseException.
+ */
+public final class ErrorHandlingHttpClient<T extends FirebaseException> {
+
+  private final HttpRequestFactory requestFactory;
+  private final JsonFactory jsonFactory;
+  private final HttpErrorHandler<T> errorHandler;
+
+  private HttpResponseInterceptor interceptor;
+
+  public ErrorHandlingHttpClient(
+      HttpRequestFactory requestFactory,
+      JsonFactory jsonFactory,
+      HttpErrorHandler<T> errorHandler) {
+    this.requestFactory = checkNotNull(requestFactory, "requestFactory must not be null");
+    this.jsonFactory = checkNotNull(jsonFactory, "jsonFactory must not be null");
+    this.errorHandler = checkNotNull(errorHandler, "errorHandler must not be null");
+  }
+
+  public ErrorHandlingHttpClient<T> setInterceptor(HttpResponseInterceptor interceptor) {
+    this.interceptor = interceptor;
+    return this;
+  }
+
+  /**
+   * Sends the given HTTP request to the target endpoint, and parses the response while handling
+   * any errors that may occur along the way.
+   *
+   * @param requestInfo Outgoing request configuration.
+   * @param responseType Class to parse the response into.
+   * @param <V> Parsed response type.
+   * @return Parsed response object.
+   * @throws T If any error occurs while making the request.
+   */
+  public <V> V sendAndParse(HttpRequestInfo requestInfo, Class<V> responseType) throws T {
+    IncomingHttpResponse response = send(requestInfo);
+    return parse(response, responseType);
+  }
+
+  /**
+   * Sends the given HTTP request to the target endpoint, and parses the response while handling
+   * any errors that may occur along the way. This method can be used when the response should
+   * be parsed into an instance of a private or protected class, which cannot be instantiated
+   * outside the call-site.
+   *
+   * @param requestInfo Outgoing request configuration.
+   * @param destination Object to parse the response into.
+   * @throws T If any error occurs while making the request.
+   */
+  public void sendAndParse(HttpRequestInfo requestInfo, Object destination) throws T {
+    IncomingHttpResponse response = send(requestInfo);
+    parse(response, destination);
+  }
+
+  public IncomingHttpResponse send(HttpRequestInfo requestInfo) throws T {
+    HttpRequest request = createHttpRequest(requestInfo);
+
+    HttpResponse response = null;
+    try {
+      response = request.execute();
+      // Read and buffer the content. Otherwise if a parse error occurs later,
+      // we lose the content stream.
+      String content = null;
+      InputStream stream = response.getContent();
+      if (stream != null) {
+        // Stream is null when the response body is empty (e.g. 204 No Content responses).
+        content = CharStreams.toString(new InputStreamReader(stream, response.getContentCharset()));
+      }
+
+      return new IncomingHttpResponse(response, content);
+    } catch (HttpResponseException e) {
+      throw errorHandler.handleHttpResponseException(e, new IncomingHttpResponse(e, request));
+    } catch (IOException e) {
+      throw errorHandler.handleIOException(e);
+    } finally {
+      ApiClientUtils.disconnectQuietly(response);
+    }
+  }
+
+  public <V> V parse(IncomingHttpResponse response, Class<V> responseType) throws T {
+    checkNotNull(responseType, "responseType must not be null");
+    try {
+      JsonParser parser = jsonFactory.createJsonParser(response.getContent());
+      return parser.parseAndClose(responseType);
+    } catch (IOException e) {
+      throw errorHandler.handleParseException(e, response);
+    }
+  }
+
+  public void parse(IncomingHttpResponse response, Object destination) throws T {
+    try {
+      JsonParser parser = jsonFactory.createJsonParser(response.getContent());
+      parser.parse(destination);
+    } catch (IOException e) {
+      throw errorHandler.handleParseException(e, response);
+    }
+  }
+
+  private HttpRequest createHttpRequest(HttpRequestInfo requestInfo) throws T {
+    try {
+      return requestInfo.newHttpRequest(requestFactory, jsonFactory)
+          .setResponseInterceptor(interceptor);
+    } catch (IOException e) {
+      // Handle request initialization errors (credential loading and other config errors)
+      throw errorHandler.handleIOException(e);
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/internal/FirebaseAppStore.java b/src/main/java/com/google/firebase/internal/FirebaseAppStore.java
deleted file mode 100644
index 778295655..000000000
--- a/src/main/java/com/google/firebase/internal/FirebaseAppStore.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.google.firebase.internal;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.firebase.FirebaseApp;
-import com.google.firebase.FirebaseOptions;
-
-import java.util.Collections;
-import java.util.Set;
-import java.util.concurrent.atomic.AtomicReference;
-
-/** No-op base class of FirebaseAppStore. */
-public class FirebaseAppStore {
-
-  private static final AtomicReference<FirebaseAppStore> sInstance = new AtomicReference<>();
-
-  FirebaseAppStore() {}
-
-  @Nullable
-  public static FirebaseAppStore getInstance() {
-    return sInstance.get();
-  }
-
-  // TODO: reenable persistence. See b/28158809.
-  public static FirebaseAppStore initialize() {
-    sInstance.compareAndSet(null /* expected */, new FirebaseAppStore());
-    return sInstance.get();
-  }
-
-  /**
-   * @hide
-   */
-  public static void setInstanceForTest(FirebaseAppStore firebaseAppStore) {
-    sInstance.set(firebaseAppStore);
-  }
-
-  @VisibleForTesting
-  public static void clearInstanceForTest() {
-    FirebaseAppStore instance = sInstance.get();
-    if (instance != null) {
-      instance.resetStore();
-    }
-    sInstance.set(null);
-  }
-
-  /** The returned set is mutable. */
-  public Set<String> getAllPersistedAppNames() {
-    return Collections.emptySet();
-  }
-
-  public void persistApp(@NonNull FirebaseApp app) {}
-
-  public void removeApp(@NonNull String name) {}
-
-  /** 
-   * @return The restored {@link FirebaseOptions}, or null if it doesn't exist.
-   */
-  public FirebaseOptions restoreAppOptions(@NonNull String name) {
-    return null;
-  }
-
-  protected void resetStore() {}
-}
diff --git a/src/main/java/com/google/firebase/internal/HttpErrorHandler.java b/src/main/java/com/google/firebase/internal/HttpErrorHandler.java
new file mode 100644
index 000000000..988b45a45
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/HttpErrorHandler.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import com.google.api.client.http.HttpResponseException;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.IncomingHttpResponse;
+import java.io.IOException;
+
+/**
+ * An interface for handling all sorts of exceptions that may occur while making an HTTP call and
+ * converting them into some instance of FirebaseException.
+ */
+public interface HttpErrorHandler<T extends FirebaseException> {
+
+  /**
+   * Handle any low-level transport and initialization errors.
+   */
+  T handleIOException(IOException e);
+
+  /**
+   * Handle HTTP response exceptions (caused by HTTP error responses).
+   */
+  T handleHttpResponseException(HttpResponseException e, IncomingHttpResponse response);
+
+  /**
+   * Handle any errors that may occur while parsing the response payload.
+   */
+  T handleParseException(IOException e, IncomingHttpResponse response);
+}
diff --git a/src/main/java/com/google/firebase/internal/HttpRequestInfo.java b/src/main/java/com/google/firebase/internal/HttpRequestInfo.java
new file mode 100644
index 000000000..375e332fb
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/HttpRequestInfo.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpContent;
+import com.google.api.client.http.HttpMethods;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.json.JsonHttpContent;
+import com.google.api.client.json.JsonFactory;
+import com.google.common.base.Strings;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Internal API for configuring outgoing HTTP requests. To be used with the
+ * {@link ErrorHandlingHttpClient} class.
+ */
+public final class HttpRequestInfo {
+
+  private final String method;
+  private final GenericUrl url;
+  private final HttpContent content;
+  private final Object jsonContent;
+  private final Map<String, String> headers = new HashMap<>();
+
+  private HttpRequestInfo(String method, GenericUrl url, HttpContent content, Object jsonContent) {
+    checkArgument(!Strings.isNullOrEmpty(method), "method must not be null");
+    this.method = method;
+    this.url = checkNotNull(url, "url must not be null");
+    this.content = content;
+    this.jsonContent = jsonContent;
+  }
+
+  public HttpRequestInfo addHeader(String name, String value) {
+    this.headers.put(name, value);
+    return this;
+  }
+
+  public HttpRequestInfo addAllHeaders(Map<String, String> headers) {
+    this.headers.putAll(headers);
+    return this;
+  }
+
+  public HttpRequestInfo addParameter(String name, Object value) {
+    this.url.put(name, value);
+    return this;
+  }
+
+  public HttpRequestInfo addAllParameters(Map<String, Object> params) {
+    this.url.putAll(params);
+    return this;
+  }
+
+  public static HttpRequestInfo buildGetRequest(String url) {
+    return buildRequest(HttpMethods.GET, url, null);
+  }
+
+  public static HttpRequestInfo buildDeleteRequest(String url) {
+    return buildRequest(HttpMethods.DELETE, url, null);
+  }
+
+  public static HttpRequestInfo buildRequest(
+      String method, String url, @Nullable HttpContent content) {
+    return new HttpRequestInfo(method, new GenericUrl(url), content, null);
+  }
+
+  public static HttpRequestInfo buildJsonPostRequest(String url, @Nullable Object content) {
+    return buildJsonRequest(HttpMethods.POST, url, content);
+  }
+
+  public static HttpRequestInfo buildJsonPatchRequest(String url, @Nullable Object content) {
+    return buildJsonRequest(HttpMethods.PATCH, url, content);
+  }
+
+  public static HttpRequestInfo buildJsonRequest(
+      String method, String url, @Nullable Object content) {
+    return new HttpRequestInfo(method, new GenericUrl(url), null, content);
+  }
+
+  HttpRequest newHttpRequest(
+      HttpRequestFactory factory, JsonFactory jsonFactory) throws IOException {
+    HttpRequest request;
+    HttpContent httpContent = getContent(jsonFactory);
+    if (factory.getTransport().supportsMethod(method)) {
+      request = factory.buildRequest(method, url, httpContent);
+    } else {
+      // Some HttpTransport implementations (notably NetHttpTransport) don't support new methods
+      // like PATCH. We try to emulate such requests over POST by setting the method override
+      // header, which is recognized by most Google backend APIs.
+      request = factory.buildPostRequest(url, httpContent);
+      request.getHeaders().set("X-HTTP-Method-Override", method);
+    }
+
+    for (Map.Entry<String, String> entry : headers.entrySet()) {
+      request.getHeaders().set(entry.getKey(), entry.getValue());
+    }
+
+    return request;
+  }
+
+  private HttpContent getContent(JsonFactory jsonFactory) {
+    if (content != null) {
+      return content;
+    }
+
+    if (jsonContent != null) {
+      return new JsonHttpContent(jsonFactory, jsonContent);
+    }
+
+    return null;
+  }
+}
diff --git a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
index ee25957b3..e1b4f794c 100644
--- a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
+++ b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
@@ -41,10 +41,6 @@
  */
 public class FirebaseMessaging {
 
-  static final String INTERNAL_ERROR = "internal-error";
-
-  static final String UNKNOWN_ERROR = "unknown-error";
-
   private final FirebaseApp app;
   private final Supplier<? extends FirebaseMessagingClient> messagingClient;
   private final Supplier<? extends InstanceIdClient> instanceIdClient;
diff --git a/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java b/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java
index 53d5ab00b..43b9b340b 100644
--- a/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java
+++ b/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java
@@ -21,26 +21,33 @@
 
 import com.google.api.client.googleapis.batch.BatchCallback;
 import com.google.api.client.googleapis.batch.BatchRequest;
+import com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient;
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpHeaders;
+import com.google.api.client.http.HttpMethods;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpRequestInitializer;
-import com.google.api.client.http.HttpResponse;
 import com.google.api.client.http.HttpResponseException;
 import com.google.api.client.http.HttpResponseInterceptor;
+import com.google.api.client.http.HttpTransport;
 import com.google.api.client.http.json.JsonHttpContent;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.JsonObjectParser;
-import com.google.api.client.json.JsonParser;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseException;
 import com.google.firebase.ImplFirebaseTrampolines;
+import com.google.firebase.IncomingHttpResponse;
+import com.google.firebase.OutgoingHttpRequest;
+import com.google.firebase.internal.AbstractPlatformErrorHandler;
 import com.google.firebase.internal.ApiClientUtils;
-import com.google.firebase.internal.Nullable;
+import com.google.firebase.internal.ErrorHandlingHttpClient;
+import com.google.firebase.internal.HttpRequestInfo;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.messaging.internal.MessagingServiceErrorResponse;
 import com.google.firebase.messaging.internal.MessagingServiceResponse;
@@ -55,37 +62,19 @@ final class FirebaseMessagingClientImpl implements FirebaseMessagingClient {
 
   private static final String FCM_URL = "https://fcm.googleapis.com/v1/projects/%s/messages:send";
 
-  private static final String FCM_BATCH_URL = "https://fcm.googleapis.com/batch";
-
-  private static final String API_FORMAT_VERSION_HEADER = "X-GOOG-API-FORMAT-VERSION";
-
-  private static final String CLIENT_VERSION_HEADER = "X-Firebase-Client";
-
-  private static final Map<String, String> FCM_ERROR_CODES =
-      ImmutableMap.<String, String>builder()
-          // FCM v1 canonical error codes
-          .put("NOT_FOUND", "registration-token-not-registered")
-          .put("PERMISSION_DENIED", "mismatched-credential")
-          .put("RESOURCE_EXHAUSTED", "message-rate-exceeded")
-          .put("UNAUTHENTICATED", "third-party-auth-error")
-
-          // FCM v1 new error codes
-          .put("APNS_AUTH_ERROR", "third-party-auth-error")
-          .put("INTERNAL", FirebaseMessaging.INTERNAL_ERROR)
-          .put("INVALID_ARGUMENT", "invalid-argument")
-          .put("QUOTA_EXCEEDED", "message-rate-exceeded")
-          .put("SENDER_ID_MISMATCH", "mismatched-credential")
-          .put("THIRD_PARTY_AUTH_ERROR", "third-party-auth-error")
-          .put("UNAVAILABLE", "server-unavailable")
-          .put("UNREGISTERED", "registration-token-not-registered")
-          .build();
+  private static final Map<String, String> COMMON_HEADERS =
+      ImmutableMap.of(
+          "X-GOOG-API-FORMAT-VERSION", "2",
+          "X-Firebase-Client", "fire-admin-java/" + SdkUtils.getVersion());
 
   private final String fcmSendUrl;
   private final HttpRequestFactory requestFactory;
   private final HttpRequestFactory childRequestFactory;
   private final JsonFactory jsonFactory;
   private final HttpResponseInterceptor responseInterceptor;
-  private final String clientVersion = "fire-admin-java/" + SdkUtils.getVersion();
+  private final MessagingErrorHandler errorHandler;
+  private final ErrorHandlingHttpClient<FirebaseMessagingException> httpClient;
+  private final MessagingBatchClient batchClient;
 
   private FirebaseMessagingClientImpl(Builder builder) {
     checkArgument(!Strings.isNullOrEmpty(builder.projectId));
@@ -94,6 +83,10 @@ private FirebaseMessagingClientImpl(Builder builder) {
     this.childRequestFactory = checkNotNull(builder.childRequestFactory);
     this.jsonFactory = checkNotNull(builder.jsonFactory);
     this.responseInterceptor = builder.responseInterceptor;
+    this.errorHandler = new MessagingErrorHandler(this.jsonFactory);
+    this.httpClient = new ErrorHandlingHttpClient<>(requestFactory, jsonFactory, errorHandler)
+      .setInterceptor(responseInterceptor);
+    this.batchClient = new MessagingBatchClient(requestFactory.getTransport(), jsonFactory);
   }
 
   @VisibleForTesting
@@ -116,67 +109,48 @@ JsonFactory getJsonFactory() {
     return jsonFactory;
   }
 
-  @VisibleForTesting
-  String getClientVersion() {
-    return clientVersion;
-  }
-
   public String send(Message message, boolean dryRun) throws FirebaseMessagingException {
-    try {
-      return sendSingleRequest(message, dryRun);
-    } catch (HttpResponseException e) {
-      throw createExceptionFromResponse(e);
-    } catch (IOException e) {
-      throw new FirebaseMessagingException(
-          FirebaseMessaging.INTERNAL_ERROR, "Error while calling FCM backend service", e);
-    }
+    return sendSingleRequest(message, dryRun);
   }
 
   public BatchResponse sendAll(
       List<Message> messages, boolean dryRun) throws FirebaseMessagingException {
-    try {
-      return sendBatchRequest(messages, dryRun);
-    } catch (HttpResponseException e) {
-      throw createExceptionFromResponse(e);
-    } catch (IOException e) {
-      throw new FirebaseMessagingException(
-          FirebaseMessaging.INTERNAL_ERROR, "Error while calling FCM backend service", e);
-    }
+    return sendBatchRequest(messages, dryRun);
   }
 
-  private String sendSingleRequest(Message message, boolean dryRun) throws IOException {
-    HttpRequest request = requestFactory.buildPostRequest(
-        new GenericUrl(fcmSendUrl),
-        new JsonHttpContent(jsonFactory, message.wrapForTransport(dryRun)));
-    setCommonFcmHeaders(request.getHeaders());
-    request.setParser(new JsonObjectParser(jsonFactory));
-    request.setResponseInterceptor(responseInterceptor);
-    HttpResponse response = request.execute();
-    try {
-      MessagingServiceResponse parsed = new MessagingServiceResponse();
-      jsonFactory.createJsonParser(response.getContent()).parseAndClose(parsed);
-      return parsed.getMessageId();
-    } finally {
-      ApiClientUtils.disconnectQuietly(response);
-    }
+  private String sendSingleRequest(
+      Message message, boolean dryRun) throws FirebaseMessagingException {
+    HttpRequestInfo request =
+        HttpRequestInfo.buildJsonPostRequest(
+            fcmSendUrl, message.wrapForTransport(dryRun))
+            .addAllHeaders(COMMON_HEADERS);
+    MessagingServiceResponse parsed = httpClient.sendAndParse(
+        request, MessagingServiceResponse.class);
+    return parsed.getMessageId();
   }
 
   private BatchResponse sendBatchRequest(
-      List<Message> messages, boolean dryRun) throws IOException {
+      List<Message> messages, boolean dryRun) throws FirebaseMessagingException {
 
     MessagingBatchCallback callback = new MessagingBatchCallback();
-    BatchRequest batch = newBatchRequest(messages, dryRun, callback);
-    batch.execute();
-    return new BatchResponseImpl(callback.getResponses());
+    try {
+      BatchRequest batch = newBatchRequest(messages, dryRun, callback);
+      batch.execute();
+      return new BatchResponseImpl(callback.getResponses());
+    } catch (HttpResponseException e) {
+      OutgoingHttpRequest req = new OutgoingHttpRequest(
+          HttpMethods.POST, MessagingBatchClient.FCM_BATCH_URL);
+      IncomingHttpResponse resp = new IncomingHttpResponse(e, req);
+      throw errorHandler.handleHttpResponseException(e, resp);
+    } catch (IOException e) {
+      throw errorHandler.handleIOException(e);
+    }
   }
 
   private BatchRequest newBatchRequest(
       List<Message> messages, boolean dryRun, MessagingBatchCallback callback) throws IOException {
 
-    BatchRequest batch = new BatchRequest(
-        requestFactory.getTransport(), getBatchRequestInitializer());
-    batch.setBatchUrl(new GenericUrl(FCM_BATCH_URL));
-
+    BatchRequest batch = batchClient.batch(getBatchRequestInitializer());
     final JsonObjectParser jsonParser = new JsonObjectParser(this.jsonFactory);
     final GenericUrl sendUrl = new GenericUrl(fcmSendUrl);
     for (Message message : messages) {
@@ -186,36 +160,19 @@ private BatchRequest newBatchRequest(
           sendUrl,
           new JsonHttpContent(jsonFactory, message.wrapForTransport(dryRun)));
       request.setParser(jsonParser);
-      setCommonFcmHeaders(request.getHeaders());
+      request.getHeaders().putAll(COMMON_HEADERS);
       batch.queue(
           request, MessagingServiceResponse.class, MessagingServiceErrorResponse.class, callback);
     }
     return batch;
   }
 
-  private void setCommonFcmHeaders(HttpHeaders headers) {
-    headers.set(API_FORMAT_VERSION_HEADER, "2");
-    headers.set(CLIENT_VERSION_HEADER, clientVersion);
-  }
-
-  private FirebaseMessagingException createExceptionFromResponse(HttpResponseException e) {
-    MessagingServiceErrorResponse response = new MessagingServiceErrorResponse();
-    if (e.getContent() != null) {
-      try {
-        JsonParser parser = jsonFactory.createJsonParser(e.getContent());
-        parser.parseAndClose(response);
-      } catch (IOException ignored) {
-        // ignored
-      }
-    }
-
-    return newException(response, e);
-  }
-
   private HttpRequestInitializer getBatchRequestInitializer() {
     return new HttpRequestInitializer() {
       @Override
       public void initialize(HttpRequest request) throws IOException {
+        // Batch requests are not executed on the ErrorHandlingHttpClient. Therefore, they
+        // require some special handling at initialization.
         HttpRequestInitializer initializer = requestFactory.getInitializer();
         if (initializer != null) {
           initializer.initialize(request);
@@ -283,30 +240,6 @@ FirebaseMessagingClientImpl build() {
     }
   }
 
-  private static FirebaseMessagingException newException(MessagingServiceErrorResponse response) {
-    return newException(response, null);
-  }
-
-  private static FirebaseMessagingException newException(
-      MessagingServiceErrorResponse response, @Nullable HttpResponseException e) {
-    String code = FCM_ERROR_CODES.get(response.getErrorCode());
-    if (code == null) {
-      code = FirebaseMessaging.UNKNOWN_ERROR;
-    }
-
-    String msg = response.getErrorMessage();
-    if (Strings.isNullOrEmpty(msg)) {
-      if (e != null) {
-        msg = String.format("Unexpected HTTP response with status: %d; body: %s",
-            e.getStatusCode(), e.getContent());
-      } else {
-        msg = String.format("Unexpected HTTP response: %s", response.toString());
-      }
-    }
-
-    return new FirebaseMessagingException(code, msg, e);
-  }
-
   private static class MessagingBatchCallback
       implements BatchCallback<MessagingServiceResponse, MessagingServiceErrorResponse> {
 
@@ -319,13 +252,97 @@ public void onSuccess(
     }
 
     @Override
-    public void onFailure(
-        MessagingServiceErrorResponse error, HttpHeaders responseHeaders) {
-      responses.add(SendResponse.fromException(newException(error)));
+    public void onFailure(MessagingServiceErrorResponse error, HttpHeaders responseHeaders) {
+      // We only specify error codes and message for these partial failures. Recall that these
+      // exceptions are never actually thrown, but only made accessible via SendResponse.
+      FirebaseException base = createFirebaseException(error);
+      FirebaseMessagingException exception = FirebaseMessagingException.withMessagingErrorCode(
+          base, error.getMessagingErrorCode());
+      responses.add(SendResponse.fromException(exception));
     }
 
     List<SendResponse> getResponses() {
       return this.responses.build();
     }
+
+    private FirebaseException createFirebaseException(MessagingServiceErrorResponse error) {
+      String status = error.getStatus();
+      ErrorCode errorCode = Strings.isNullOrEmpty(status)
+          ? ErrorCode.UNKNOWN : Enum.valueOf(ErrorCode.class, status);
+
+      String msg = error.getErrorMessage();
+      if (Strings.isNullOrEmpty(msg)) {
+        msg = String.format("Unexpected HTTP response: %s", error.toString());
+      }
+
+      return new FirebaseException(errorCode, msg, null);
+    }
+  }
+
+  private static class MessagingErrorHandler
+      extends AbstractPlatformErrorHandler<FirebaseMessagingException> {
+
+    private MessagingErrorHandler(JsonFactory jsonFactory) {
+      super(jsonFactory);
+    }
+
+    @Override
+    protected FirebaseMessagingException createException(FirebaseException base) {
+      String response = getResponse(base);
+      MessagingServiceErrorResponse parsed = safeParse(response);
+      return FirebaseMessagingException.withMessagingErrorCode(
+          base, parsed.getMessagingErrorCode());
+    }
+
+    private String getResponse(FirebaseException base) {
+      if (base.getHttpResponse() == null) {
+        return null;
+      }
+
+      return base.getHttpResponse().getContent();
+    }
+
+    private MessagingServiceErrorResponse safeParse(String response) {
+      if (!Strings.isNullOrEmpty(response)) {
+        try {
+          return jsonFactory.createJsonParser(response)
+              .parseAndClose(MessagingServiceErrorResponse.class);
+        } catch (IOException ignore) {
+          // Ignore any error that may occur while parsing the error response. The server
+          // may have responded with a non-json payload.
+        }
+      }
+
+      return new MessagingServiceErrorResponse();
+    }
+  }
+
+  private static class MessagingBatchClient extends AbstractGoogleJsonClient {
+
+    private static final String FCM_ROOT_URL = "https://fcm.googleapis.com";
+    private static final String FCM_BATCH_PATH = "batch";
+    private static final String FCM_BATCH_URL = String.format(
+        "%s/%s", FCM_ROOT_URL, FCM_BATCH_PATH);
+
+    MessagingBatchClient(HttpTransport transport, JsonFactory jsonFactory) {
+      super(new Builder(transport, jsonFactory));
+    }
+
+    private MessagingBatchClient(Builder builder) {
+      super(builder);
+    }
+
+    private static class Builder extends AbstractGoogleJsonClient.Builder {
+      Builder(HttpTransport transport, JsonFactory jsonFactory) {
+        super(transport, jsonFactory, FCM_ROOT_URL, "", null, false);
+        setBatchPath(FCM_BATCH_PATH);
+        setApplicationName("fire-admin-java");
+      }
+
+      @Override
+      public AbstractGoogleJsonClient build() {
+        return new MessagingBatchClient(this);
+      }
+    }
   }
 }
diff --git a/src/main/java/com/google/firebase/messaging/FirebaseMessagingException.java b/src/main/java/com/google/firebase/messaging/FirebaseMessagingException.java
index 5f57474ea..a3d92788a 100644
--- a/src/main/java/com/google/firebase/messaging/FirebaseMessagingException.java
+++ b/src/main/java/com/google/firebase/messaging/FirebaseMessagingException.java
@@ -16,26 +16,54 @@
 
 package com.google.firebase.messaging;
 
-import static com.google.common.base.Preconditions.checkArgument;
-
-import com.google.common.base.Strings;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseException;
+import com.google.firebase.IncomingHttpResponse;
 import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+
+public final class FirebaseMessagingException extends FirebaseException {
 
-public class FirebaseMessagingException extends FirebaseException {
+  private final MessagingErrorCode errorCode;
 
-  private final String errorCode;
+  @VisibleForTesting
+  FirebaseMessagingException(@NonNull ErrorCode code, @NonNull String message) {
+    this(code, message, null, null, null);
+  }
 
-  FirebaseMessagingException(String errorCode, String message, Throwable cause) {
-    super(message, cause);
-    checkArgument(!Strings.isNullOrEmpty(errorCode));
+  private FirebaseMessagingException(
+      @NonNull ErrorCode code,
+      @NonNull String message,
+      @Nullable Throwable cause,
+      @Nullable IncomingHttpResponse response,
+      @Nullable MessagingErrorCode errorCode) {
+    super(code, message, cause, response);
     this.errorCode = errorCode;
   }
 
+  static FirebaseMessagingException withMessagingErrorCode(
+      FirebaseException base, @Nullable MessagingErrorCode errorCode) {
+    return new FirebaseMessagingException(
+        base.getErrorCode(),
+        base.getMessage(),
+        base.getCause(),
+        base.getHttpResponse(),
+        errorCode);
+  }
+
+  static FirebaseMessagingException withCustomMessage(FirebaseException base, String message) {
+    return new FirebaseMessagingException(
+        base.getErrorCode(),
+        message,
+        base.getCause(),
+        base.getHttpResponse(),
+        null);
+  }
 
   /** Returns an error code that may provide more information about the error. */
-  @NonNull
-  public String getErrorCode() {
+  @Nullable
+  public MessagingErrorCode getMessagingErrorCode() {
     return errorCode;
   }
 }
diff --git a/src/main/java/com/google/firebase/messaging/InstanceIdClientImpl.java b/src/main/java/com/google/firebase/messaging/InstanceIdClientImpl.java
index 15f8158a5..5648fcf0c 100644
--- a/src/main/java/com/google/firebase/messaging/InstanceIdClientImpl.java
+++ b/src/main/java/com/google/firebase/messaging/InstanceIdClientImpl.java
@@ -16,27 +16,20 @@
 
 package com.google.firebase.messaging;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
-import com.google.api.client.http.GenericUrl;
-import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestFactory;
-import com.google.api.client.http.HttpResponse;
-import com.google.api.client.http.HttpResponseException;
 import com.google.api.client.http.HttpResponseInterceptor;
-import com.google.api.client.http.json.JsonHttpContent;
 import com.google.api.client.json.GenericJson;
 import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.JsonObjectParser;
-import com.google.api.client.json.JsonParser;
 import com.google.api.client.util.Key;
-import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableMap;
 import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.internal.AbstractHttpErrorHandler;
 import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.ErrorHandlingHttpClient;
+import com.google.firebase.internal.HttpRequestInfo;
 import com.google.firebase.internal.Nullable;
-
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
@@ -53,18 +46,7 @@ final class InstanceIdClientImpl implements InstanceIdClient {
 
   private static final String IID_UNSUBSCRIBE_PATH = "iid/v1:batchRemove";
 
-  static final Map<Integer, String> IID_ERROR_CODES =
-      ImmutableMap.<Integer, String>builder()
-          .put(400, "invalid-argument")
-          .put(401, "authentication-error")
-          .put(403, "authentication-error")
-          .put(500, FirebaseMessaging.INTERNAL_ERROR)
-          .put(503, "server-unavailable")
-          .build();
-
-  private final HttpRequestFactory requestFactory;
-  private final JsonFactory jsonFactory;
-  private final HttpResponseInterceptor responseInterceptor;
+  private final ErrorHandlingHttpClient<FirebaseMessagingException> requestFactory;
 
   InstanceIdClientImpl(HttpRequestFactory requestFactory, JsonFactory jsonFactory) {
     this(requestFactory, jsonFactory, null);
@@ -74,9 +56,9 @@ final class InstanceIdClientImpl implements InstanceIdClient {
       HttpRequestFactory requestFactory,
       JsonFactory jsonFactory,
       @Nullable HttpResponseInterceptor responseInterceptor) {
-    this.requestFactory = checkNotNull(requestFactory);
-    this.jsonFactory = checkNotNull(jsonFactory);
-    this.responseInterceptor = responseInterceptor;
+    InstanceIdErrorHandler errorHandler = new InstanceIdErrorHandler(jsonFactory);
+    this.requestFactory = new ErrorHandlingHttpClient<>(requestFactory, jsonFactory, errorHandler)
+      .setInterceptor(responseInterceptor);
   }
 
   static InstanceIdClientImpl fromApp(FirebaseApp app) {
@@ -85,76 +67,32 @@ static InstanceIdClientImpl fromApp(FirebaseApp app) {
         app.getOptions().getJsonFactory());
   }
 
-  @VisibleForTesting
-  HttpRequestFactory getRequestFactory() {
-    return requestFactory;
-  }
-
-  @VisibleForTesting
-  JsonFactory getJsonFactory() {
-    return jsonFactory;
-  }
-
   public TopicManagementResponse subscribeToTopic(
       String topic, List<String> registrationTokens) throws FirebaseMessagingException {
-    try {
-      return sendInstanceIdRequest(topic, registrationTokens, IID_SUBSCRIBE_PATH);
-    } catch (HttpResponseException e) {
-      throw createExceptionFromResponse(e);
-    } catch (IOException e) {
-      throw new FirebaseMessagingException(
-          FirebaseMessaging.INTERNAL_ERROR, "Error while calling IID backend service", e);
-    }
+    return sendInstanceIdRequest(topic, registrationTokens, IID_SUBSCRIBE_PATH);
   }
 
   public TopicManagementResponse unsubscribeFromTopic(
       String topic, List<String> registrationTokens) throws FirebaseMessagingException {
-    try {
-      return sendInstanceIdRequest(topic, registrationTokens, IID_UNSUBSCRIBE_PATH);
-    } catch (HttpResponseException e) {
-      throw createExceptionFromResponse(e);
-    } catch (IOException e) {
-      throw new FirebaseMessagingException(
-          FirebaseMessaging.INTERNAL_ERROR, "Error while calling IID backend service", e);
-    }
+    return sendInstanceIdRequest(topic, registrationTokens, IID_UNSUBSCRIBE_PATH);
   }
 
   private TopicManagementResponse sendInstanceIdRequest(
-      String topic, List<String> registrationTokens, String path) throws IOException {
+      String topic,
+      List<String> registrationTokens,
+      String path) throws FirebaseMessagingException {
+
     String url = String.format("%s/%s", IID_HOST, path);
     Map<String, Object> payload = ImmutableMap.of(
         "to", getPrefixedTopic(topic),
         "registration_tokens", registrationTokens
     );
-    HttpResponse response = null;
-    try {
-      HttpRequest request = requestFactory.buildPostRequest(
-          new GenericUrl(url), new JsonHttpContent(jsonFactory, payload));
-      request.getHeaders().set("access_token_auth", "true");
-      request.setParser(new JsonObjectParser(jsonFactory));
-      request.setResponseInterceptor(responseInterceptor);
-      response = request.execute();
-
-      JsonParser parser = jsonFactory.createJsonParser(response.getContent());
-      InstanceIdServiceResponse parsedResponse = new InstanceIdServiceResponse();
-      parser.parse(parsedResponse);
-      return new TopicManagementResponse(parsedResponse.results);
-    } finally {
-      ApiClientUtils.disconnectQuietly(response);
-    }
-  }
 
-  private FirebaseMessagingException createExceptionFromResponse(HttpResponseException e) {
-    InstanceIdServiceErrorResponse response = new InstanceIdServiceErrorResponse();
-    if (e.getContent() != null) {
-      try {
-        JsonParser parser = jsonFactory.createJsonParser(e.getContent());
-        parser.parseAndClose(response);
-      } catch (IOException ignored) {
-        // ignored
-      }
-    }
-    return newException(response, e);
+    HttpRequestInfo request = HttpRequestInfo.buildJsonPostRequest(url, payload)
+        .addHeader("access_token_auth", "true");
+    InstanceIdServiceResponse response = new InstanceIdServiceResponse();
+    requestFactory.sendAndParse(request, response);
+    return new TopicManagementResponse(response.results);
   }
 
   private String getPrefixedTopic(String topic) {
@@ -165,21 +103,6 @@ private String getPrefixedTopic(String topic) {
     }
   }
 
-  private static FirebaseMessagingException newException(
-      InstanceIdServiceErrorResponse response, HttpResponseException e) {
-    // Infer error code from HTTP status
-    String code = IID_ERROR_CODES.get(e.getStatusCode());
-    if (code == null) {
-      code = FirebaseMessaging.UNKNOWN_ERROR;
-    }
-    String msg = response.error;
-    if (Strings.isNullOrEmpty(msg)) {
-      msg = String.format("Unexpected HTTP response with status: %d; body: %s",
-          e.getStatusCode(), e.getContent());
-    }
-    return new FirebaseMessagingException(code, msg, e);
-  }
-
   private static class InstanceIdServiceResponse {
     @Key("results")
     private List<GenericJson> results;
@@ -189,4 +112,54 @@ private static class InstanceIdServiceErrorResponse {
     @Key("error")
     private String error;
   }
+
+  private static class InstanceIdErrorHandler
+      extends AbstractHttpErrorHandler<FirebaseMessagingException> {
+
+    private final JsonFactory jsonFactory;
+
+    InstanceIdErrorHandler(JsonFactory jsonFactory) {
+      this.jsonFactory = jsonFactory;
+    }
+
+    @Override
+    protected FirebaseMessagingException createException(FirebaseException base) {
+      String message = getCustomMessage(base);
+      return FirebaseMessagingException.withCustomMessage(base, message);
+    }
+
+    private String getCustomMessage(FirebaseException base) {
+      String response = getResponse(base);
+      InstanceIdServiceErrorResponse parsed = safeParse(response);
+      if (!Strings.isNullOrEmpty(parsed.error)) {
+        return "Error while calling the IID service: " + parsed.error;
+      }
+
+      return base.getMessage();
+    }
+
+    private String getResponse(FirebaseException base) {
+      if (base.getHttpResponse() == null) {
+        return null;
+      }
+
+      return base.getHttpResponse().getContent();
+    }
+
+    private InstanceIdServiceErrorResponse safeParse(String response) {
+      InstanceIdServiceErrorResponse parsed = new InstanceIdServiceErrorResponse();
+      if (!Strings.isNullOrEmpty(response)) {
+        // Parse the error response from the IID service.
+        // Sample response: {"error": "error message text"}
+        try {
+          jsonFactory.createJsonParser(response).parse(parsed);
+        } catch (IOException ignore) {
+          // Ignore any error that may occur while parsing the error response. The server
+          // may have responded with a non-json payload.
+        }
+      }
+
+      return parsed;
+    }
+  }
 }
diff --git a/src/main/java/com/google/firebase/messaging/LightSettings.java b/src/main/java/com/google/firebase/messaging/LightSettings.java
index 75a692090..e0e898374 100644
--- a/src/main/java/com/google/firebase/messaging/LightSettings.java
+++ b/src/main/java/com/google/firebase/messaging/LightSettings.java
@@ -61,7 +61,7 @@ private Builder() {}
     /**
      * Sets the lightSettingsColor value with a string.   
      *
-     * @param lightSettingsColor LightSettingsColor specified in the {@code #rrggbb} format.
+     * @param color LightSettingsColor specified in the {@code #rrggbb} format.
      * @return This builder.
      */
     public Builder setColorFromString(String color) {
@@ -72,7 +72,7 @@ public Builder setColorFromString(String color) {
     /**
      * Sets the lightSettingsColor value in the light settings.   
      *
-     * @param lightSettingsColor Color to be used in the light settings.
+     * @param color Color to be used in the light settings.
      * @return This builder.
      */
     public Builder setColor(LightSettingsColor color) {
diff --git a/src/main/java/com/google/firebase/messaging/MessagingErrorCode.java b/src/main/java/com/google/firebase/messaging/MessagingErrorCode.java
new file mode 100644
index 000000000..b566befbd
--- /dev/null
+++ b/src/main/java/com/google/firebase/messaging/MessagingErrorCode.java
@@ -0,0 +1,43 @@
+package com.google.firebase.messaging;
+
+/**
+ * Error codes that can be raised by the Cloud Messaging APIs.
+ */
+public enum MessagingErrorCode {
+
+  /**
+   * APNs certificate or web push auth key was invalid or missing.
+   */
+  THIRD_PARTY_AUTH_ERROR,
+
+  /**
+   * One or more arguments specified in the request were invalid.
+   */
+  INVALID_ARGUMENT,
+
+  /**
+   * Internal server error.
+   */
+  INTERNAL,
+
+  /**
+   * Sending limit exceeded for the message target.
+   */
+  QUOTA_EXCEEDED,
+
+  /**
+   * The authenticated sender ID is different from the sender ID for the registration token.
+   */
+  SENDER_ID_MISMATCH,
+
+  /**
+   * Cloud Messaging service is temporarily unavailable.
+   */
+  UNAVAILABLE,
+
+  /**
+   * App instance was unregistered from FCM. This usually means that the token used is no longer
+   * valid and a new one must be used.
+   */
+  UNREGISTERED,
+}
diff --git a/src/main/java/com/google/firebase/messaging/Notification.java b/src/main/java/com/google/firebase/messaging/Notification.java
index d9b2034ee..a8f48c2ef 100644
--- a/src/main/java/com/google/firebase/messaging/Notification.java
+++ b/src/main/java/com/google/firebase/messaging/Notification.java
@@ -33,33 +33,6 @@ public class Notification {
   @Key("image")
   private final String image;
 
-  /**
-   * Creates a new {@code Notification} using the given title and body.
-   *
-   * @param title Title of the notification.
-   * @param body Body of the notification.
-   *
-   * @deprecated Use {@link #Notification(Builder)} instead.
-   */
-  public Notification(String title, String body) {
-    this(title, body, null);
-  }
-
-  /**
-   * Creates a new {@code Notification} using the given title, body, and image.
-   *
-   * @param title Title of the notification.
-   * @param body Body of the notification.
-   * @param imageUrl URL of the image that is going to be displayed in the notification.
-   *
-   * @deprecated Use {@link #Notification(Builder)} instead.
-   */
-  public Notification(String title, String body, String imageUrl) {
-    this.title = title;
-    this.body = body;
-    this.image = imageUrl;
-  }
-
   private Notification(Builder builder) {
     this.title = builder.title;
     this.body = builder.body;
@@ -67,9 +40,9 @@ private Notification(Builder builder) {
   }
 
   /**
-   * Creates a new {@link Notification.Builder}.
+   * Creates a new {@link Builder}.
    *
-   * @return A {@link Notification.Builder} instance.
+   * @return A {@link Builder} instance.
    */
   public static Builder builder() {
     return new Builder();
diff --git a/src/main/java/com/google/firebase/messaging/internal/MessagingServiceErrorResponse.java b/src/main/java/com/google/firebase/messaging/internal/MessagingServiceErrorResponse.java
index d63f3af95..7c21199cc 100644
--- a/src/main/java/com/google/firebase/messaging/internal/MessagingServiceErrorResponse.java
+++ b/src/main/java/com/google/firebase/messaging/internal/MessagingServiceErrorResponse.java
@@ -2,14 +2,28 @@
 
 import com.google.api.client.json.GenericJson;
 import com.google.api.client.util.Key;
+import com.google.common.collect.ImmutableMap;
 import com.google.firebase.internal.Nullable;
+import com.google.firebase.messaging.MessagingErrorCode;
 import java.util.List;
 import java.util.Map;
 
 /**
  * The DTO for parsing error responses from the FCM service.
  */
-public class MessagingServiceErrorResponse extends GenericJson {
+public final class MessagingServiceErrorResponse extends GenericJson {
+
+  private static final Map<String, MessagingErrorCode> MESSAGING_ERROR_CODES =
+      ImmutableMap.<String, MessagingErrorCode>builder()
+          .put("APNS_AUTH_ERROR", MessagingErrorCode.THIRD_PARTY_AUTH_ERROR)
+          .put("INTERNAL", MessagingErrorCode.INTERNAL)
+          .put("INVALID_ARGUMENT", MessagingErrorCode.INVALID_ARGUMENT)
+          .put("QUOTA_EXCEEDED", MessagingErrorCode.QUOTA_EXCEEDED)
+          .put("SENDER_ID_MISMATCH", MessagingErrorCode.SENDER_ID_MISMATCH)
+          .put("THIRD_PARTY_AUTH_ERROR", MessagingErrorCode.THIRD_PARTY_AUTH_ERROR)
+          .put("UNAVAILABLE", MessagingErrorCode.UNAVAILABLE)
+          .put("UNREGISTERED", MessagingErrorCode.UNREGISTERED)
+          .build();
 
   private static final String FCM_ERROR_TYPE =
       "type.googleapis.com/google.firebase.fcm.v1.FcmError";
@@ -17,23 +31,35 @@ public class MessagingServiceErrorResponse extends GenericJson {
   @Key("error")
   private Map<String, Object> error;
 
+  public String getStatus() {
+    if (error == null) {
+      return null;
+    }
+
+    return (String) error.get("status");
+  }
+
+
   @Nullable
-  public String getErrorCode() {
+  public MessagingErrorCode getMessagingErrorCode() {
     if (error == null) {
       return null;
     }
+
     Object details = error.get("details");
-    if (details != null && details instanceof List) {
+    if (details instanceof List) {
       for (Object detail : (List<?>) details) {
         if (detail instanceof Map) {
           Map<?,?> detailMap = (Map<?,?>) detail;
           if (FCM_ERROR_TYPE.equals(detailMap.get("@type"))) {
-            return (String) detailMap.get("errorCode");
+            String errorCode = (String) detailMap.get("errorCode");
+            return MESSAGING_ERROR_CODES.get(errorCode);
           }
         }
       }
     }
-    return (String) error.get("status");
+
+    return null;
   }
 
   @Nullable
@@ -41,6 +67,7 @@ public String getErrorMessage() {
     if (error != null) {
       return (String) error.get("message");
     }
+
     return null;
   }
 }
diff --git a/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementException.java b/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementException.java
index fa939b0c4..580ae76f6 100644
--- a/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementException.java
+++ b/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementException.java
@@ -15,18 +15,27 @@
 
 package com.google.firebase.projectmanagement;
 
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseException;
-import com.google.firebase.internal.Nullable;
+import com.google.firebase.IncomingHttpResponse;
+import com.google.firebase.database.annotations.Nullable;
+import com.google.firebase.internal.NonNull;
 
 /**
  * An exception encountered while interacting with the Firebase Project Management Service.
  */
-public class FirebaseProjectManagementException extends FirebaseException {
-  FirebaseProjectManagementException(String detailMessage) {
-    this(detailMessage, null);
+public final class FirebaseProjectManagementException extends FirebaseException {
+
+  FirebaseProjectManagementException(@NonNull FirebaseException base) {
+    this(base, base.getMessage());
+  }
+
+  FirebaseProjectManagementException(@NonNull FirebaseException base, @NonNull String message) {
+    super(base.getErrorCode(), message, base.getCause(), base.getHttpResponse());
   }
 
-  FirebaseProjectManagementException(String detailMessage, @Nullable Throwable cause) {
-    super(detailMessage, cause);
+  FirebaseProjectManagementException(
+      @NonNull ErrorCode code, @NonNull String message, @Nullable IncomingHttpResponse response) {
+    super(code, message, null, response);
   }
 }
diff --git a/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java b/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java
index 8abced696..0f9eb3b55 100644
--- a/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java
+++ b/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java
@@ -31,8 +31,10 @@
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.ImplFirebaseTrampolines;
+import com.google.firebase.IncomingHttpResponse;
 import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.CallableOperation;
 import java.nio.charset.StandardCharsets;
@@ -56,7 +58,6 @@ class FirebaseProjectManagementServiceImpl implements AndroidAppService, IosAppS
   private final FirebaseApp app;
   private final Sleeper sleeper;
   private final Scheduler scheduler;
-  private final HttpRequestFactory requestFactory;
   private final HttpHelper httpHelper;
 
   private final CreateAndroidAppFromAppIdFunction createAndroidAppFromAppIdFunction =
@@ -78,15 +79,9 @@ class FirebaseProjectManagementServiceImpl implements AndroidAppService, IosAppS
     this.app = checkNotNull(app);
     this.sleeper = checkNotNull(sleeper);
     this.scheduler = checkNotNull(scheduler);
-    this.requestFactory = checkNotNull(requestFactory);
     this.httpHelper = new HttpHelper(app.getOptions().getJsonFactory(), requestFactory);
   }
 
-  @VisibleForTesting
-  HttpRequestFactory getRequestFactory() {
-    return requestFactory;
-  }
-
   @VisibleForTesting
   void setInterceptor(HttpResponseInterceptor interceptor) {
     httpHelper.setInterceptor(interceptor);
@@ -318,14 +313,14 @@ protected String execute() throws FirebaseProjectManagementException {
           payloadBuilder.put("display_name", displayName);
         }
         OperationResponse operationResponseInstance = new OperationResponse();
-        httpHelper.makePostRequest(
+        IncomingHttpResponse response = httpHelper.makePostRequest(
             url, payloadBuilder.build(), operationResponseInstance, projectId, "Project ID");
         if (Strings.isNullOrEmpty(operationResponseInstance.name)) {
-          throw HttpHelper.createFirebaseProjectManagementException(
+          String message = buildMessage(
               namespace,
               "Bundle ID",
-              "Unable to create App: server returned null operation name.",
-              /* cause= */ null);
+              "Unable to create App: server returned null operation name.");
+          throw new FirebaseProjectManagementException(ErrorCode.INTERNAL, message, response);
         }
         return operationResponseInstance.name;
       }
@@ -341,7 +336,8 @@ private String pollOperation(String projectId, String operationName)
               * Math.pow(POLL_EXPONENTIAL_BACKOFF_FACTOR, currentAttempt));
       sleepOrThrow(projectId, delayMillis);
       OperationResponse operationResponseInstance = new OperationResponse();
-      httpHelper.makeGetRequest(url, operationResponseInstance, projectId, "Project ID");
+      IncomingHttpResponse response = httpHelper.makeGetRequest(
+          url, operationResponseInstance, projectId, "Project ID");
       if (!operationResponseInstance.done) {
         continue;
       }
@@ -349,19 +345,20 @@ private String pollOperation(String projectId, String operationName)
       // or 'error' is set.
       if (operationResponseInstance.response == null
           || Strings.isNullOrEmpty(operationResponseInstance.response.appId)) {
-        throw HttpHelper.createFirebaseProjectManagementException(
+        String message = buildMessage(
             projectId,
             "Project ID",
-            "Unable to create App: internal server error.",
-            /* cause= */ null);
+            "Unable to create App: internal server error.");
+        throw new FirebaseProjectManagementException(ErrorCode.INTERNAL, message, response);
       }
       return operationResponseInstance.response.appId;
     }
-    throw HttpHelper.createFirebaseProjectManagementException(
+
+    String message = buildMessage(
         projectId,
         "Project ID",
-        "Unable to create App: deadline exceeded.",
-        /* cause= */ null);
+        "Unable to create App: deadline exceeded.");
+    throw new FirebaseProjectManagementException(ErrorCode.DEADLINE_EXCEEDED, message, null);
   }
 
   /**
@@ -420,19 +417,22 @@ private WaitOperationRunnable(
     public void run() {
       String url = String.format("%s/v1/%s", FIREBASE_PROJECT_MANAGEMENT_URL, operationName);
       OperationResponse operationResponseInstance = new OperationResponse();
+      IncomingHttpResponse httpResponse;
       try {
-        httpHelper.makeGetRequest(url, operationResponseInstance, projectId, "Project ID");
+        httpResponse = httpHelper.makeGetRequest(
+            url, operationResponseInstance, projectId, "Project ID");
       } catch (FirebaseProjectManagementException e) {
         settableFuture.setException(e);
         return;
       }
       if (!operationResponseInstance.done) {
         if (numberOfPreviousPolls + 1 >= MAXIMUM_POLLING_ATTEMPTS) {
-          settableFuture.setException(HttpHelper.createFirebaseProjectManagementException(
-              projectId,
+          String message = buildMessage(projectId,
               "Project ID",
-              "Unable to create App: deadline exceeded.",
-              /* cause= */ null));
+              "Unable to create App: deadline exceeded.");
+          FirebaseProjectManagementException exception = new FirebaseProjectManagementException(
+              ErrorCode.DEADLINE_EXCEEDED, message, httpResponse);
+          settableFuture.setException(exception);
         } else {
           long delayMillis = (long) (
               POLL_BASE_WAIT_TIME_MILLIS
@@ -451,11 +451,12 @@ public void run() {
       // or 'error' is set.
       if (operationResponseInstance.response == null
           || Strings.isNullOrEmpty(operationResponseInstance.response.appId)) {
-        settableFuture.setException(HttpHelper.createFirebaseProjectManagementException(
-            projectId,
+        String message = buildMessage(projectId,
             "Project ID",
-            "Unable to create App: internal server error.",
-            /* cause= */ null));
+            "Unable to create App: internal server error.");
+        FirebaseProjectManagementException exception = new FirebaseProjectManagementException(
+            ErrorCode.INTERNAL, message, httpResponse);
+        settableFuture.setException(exception);
       } else {
         settableFuture.set(operationResponseInstance.response.appId);
       }
@@ -765,14 +766,17 @@ private void sleepOrThrow(String projectId, long delayMillis)
     try {
       sleeper.sleep(delayMillis);
     } catch (InterruptedException e) {
-      throw HttpHelper.createFirebaseProjectManagementException(
-          projectId,
+      String message = buildMessage(projectId,
           "Project ID",
-          "Unable to create App: exponential backoff interrupted.",
-          /* cause= */ null);
+          "Unable to create App: exponential backoff interrupted.");
+      throw new FirebaseProjectManagementException(ErrorCode.ABORTED, message, null);
     }
   }
 
+  private String buildMessage(String resourceId, String resourceIdName, String description) {
+    return String.format("%s \"%s\": %s", resourceIdName, resourceId, description);
+  }
+
   /* Helper types. */
 
   private interface CreateAppFromAppIdFunction<T> extends ApiFunction<String, T> {}
diff --git a/src/main/java/com/google/firebase/projectmanagement/HttpHelper.java b/src/main/java/com/google/firebase/projectmanagement/HttpHelper.java
index 2143c1453..fb29f7b86 100644
--- a/src/main/java/com/google/firebase/projectmanagement/HttpHelper.java
+++ b/src/main/java/com/google/firebase/projectmanagement/HttpHelper.java
@@ -16,84 +16,57 @@
 
 package com.google.firebase.projectmanagement;
 
-import com.google.api.client.http.GenericUrl;
-import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpMethods;
 import com.google.api.client.http.HttpRequestFactory;
-import com.google.api.client.http.HttpResponse;
-import com.google.api.client.http.HttpResponseException;
 import com.google.api.client.http.HttpResponseInterceptor;
-import com.google.api.client.http.json.JsonHttpContent;
 import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.JsonObjectParser;
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Charsets;
-import com.google.common.collect.ImmutableMap;
-import com.google.firebase.internal.Nullable;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.IncomingHttpResponse;
+import com.google.firebase.internal.AbstractPlatformErrorHandler;
+import com.google.firebase.internal.ErrorHandlingHttpClient;
+import com.google.firebase.internal.HttpRequestInfo;
 import com.google.firebase.internal.SdkUtils;
-import java.io.IOException;
-
-class HttpHelper {
-
-  @VisibleForTesting static final String PATCH_OVERRIDE_KEY = "X-HTTP-Method-Override";
-  @VisibleForTesting static final String PATCH_OVERRIDE_VALUE = "PATCH";
-  private static final ImmutableMap<Integer, String> ERROR_CODES =
-      ImmutableMap.<Integer, String>builder()
-          .put(401, "Request not authorized.")
-          .put(403, "Client does not have sufficient privileges.")
-          .put(404, "Failed to find the resource.")
-          .put(409, "The resource already exists.")
-          .put(429, "Request throttled by the backend server.")
-          .put(500, "Internal server error.")
-          .put(503, "Backend servers are over capacity. Try again later.")
-          .build();
+
+final class HttpHelper {
+
   private static final String CLIENT_VERSION_HEADER = "X-Client-Version";
 
-  private final String clientVersion = "Java/Admin/" + SdkUtils.getVersion();
-  private final JsonFactory jsonFactory;
-  private final HttpRequestFactory requestFactory;
-  private HttpResponseInterceptor interceptor;
+  private static final String CLIENT_VERSION = "Java/Admin/" + SdkUtils.getVersion();
+
+  private final ErrorHandlingHttpClient<FirebaseProjectManagementException> httpClient;
 
   HttpHelper(JsonFactory jsonFactory, HttpRequestFactory requestFactory) {
-    this.jsonFactory = jsonFactory;
-    this.requestFactory = requestFactory;
+    ProjectManagementErrorHandler errorHandler = new ProjectManagementErrorHandler(jsonFactory);
+    this.httpClient = new ErrorHandlingHttpClient<>(requestFactory, jsonFactory, errorHandler);
   }
 
   void setInterceptor(HttpResponseInterceptor interceptor) {
-    this.interceptor = interceptor;
+    httpClient.setInterceptor(interceptor);
   }
 
-  <T> void makeGetRequest(
+  <T> IncomingHttpResponse makeGetRequest(
       String url,
       T parsedResponseInstance,
       String requestIdentifier,
       String requestIdentifierDescription) throws FirebaseProjectManagementException {
-    try {
-      makeRequest(
-          requestFactory.buildGetRequest(new GenericUrl(url)),
-          parsedResponseInstance,
-          requestIdentifier,
-          requestIdentifierDescription);
-    } catch (IOException e) {
-      handleError(requestIdentifier, requestIdentifierDescription, e);
-    }
+    return makeRequest(
+        HttpRequestInfo.buildGetRequest(url),
+        parsedResponseInstance,
+        requestIdentifier,
+        requestIdentifierDescription);
   }
 
-  <T> void makePostRequest(
+  <T> IncomingHttpResponse makePostRequest(
       String url,
       Object payload,
       T parsedResponseInstance,
       String requestIdentifier,
       String requestIdentifierDescription) throws FirebaseProjectManagementException {
-    try {
-      makeRequest(
-          requestFactory.buildPostRequest(
-              new GenericUrl(url), new JsonHttpContent(jsonFactory, payload)),
-          parsedResponseInstance,
-          requestIdentifier,
-          requestIdentifierDescription);
-    } catch (IOException e) {
-      handleError(requestIdentifier, requestIdentifierDescription, e);
-    }
+    return makeRequest(
+        HttpRequestInfo.buildJsonPostRequest(url, payload),
+        parsedResponseInstance,
+        requestIdentifier,
+        requestIdentifierDescription);
   }
 
   <T> void makePatchRequest(
@@ -102,15 +75,11 @@ <T> void makePatchRequest(
       T parsedResponseInstance,
       String requestIdentifier,
       String requestIdentifierDescription) throws FirebaseProjectManagementException {
-    try {
-      HttpRequest baseRequest = requestFactory.buildPostRequest(
-          new GenericUrl(url), new JsonHttpContent(jsonFactory, payload));
-      baseRequest.getHeaders().set(PATCH_OVERRIDE_KEY, PATCH_OVERRIDE_VALUE);
-      makeRequest(
-          baseRequest, parsedResponseInstance, requestIdentifier, requestIdentifierDescription);
-    } catch (IOException e) {
-      handleError(requestIdentifier, requestIdentifierDescription, e);
-    }
+    makeRequest(
+        HttpRequestInfo.buildJsonRequest(HttpMethods.PATCH, url, payload),
+        parsedResponseInstance,
+        requestIdentifier,
+        requestIdentifierDescription);
   }
 
   <T> void makeDeleteRequest(
@@ -118,69 +87,40 @@ <T> void makeDeleteRequest(
       T parsedResponseInstance,
       String requestIdentifier,
       String requestIdentifierDescription) throws FirebaseProjectManagementException {
-    try {
-      makeRequest(
-          requestFactory.buildDeleteRequest(new GenericUrl(url)),
-          parsedResponseInstance,
-          requestIdentifier,
-          requestIdentifierDescription);
-    } catch (IOException e) {
-      handleError(requestIdentifier, requestIdentifierDescription, e);
-    }
+    makeRequest(
+        HttpRequestInfo.buildDeleteRequest(url),
+        parsedResponseInstance,
+        requestIdentifier,
+        requestIdentifierDescription);
   }
 
-  <T> void makeRequest(
-      HttpRequest baseRequest,
+  private <T> IncomingHttpResponse makeRequest(
+      HttpRequestInfo baseRequest,
       T parsedResponseInstance,
       String requestIdentifier,
       String requestIdentifierDescription) throws FirebaseProjectManagementException {
-    HttpResponse response = null;
     try {
-      baseRequest.getHeaders().set(CLIENT_VERSION_HEADER, clientVersion);
-      baseRequest.setParser(new JsonObjectParser(jsonFactory));
-      baseRequest.setResponseInterceptor(interceptor);
-      response = baseRequest.execute();
-      jsonFactory.createJsonParser(response.getContent(), Charsets.UTF_8)
-          .parseAndClose(parsedResponseInstance);
-    } catch (Exception e) {
-      handleError(requestIdentifier, requestIdentifierDescription, e);
-    } finally {
-      disconnectQuietly(response);
+      baseRequest.addHeader(CLIENT_VERSION_HEADER, CLIENT_VERSION);
+      IncomingHttpResponse response = httpClient.send(baseRequest);
+      httpClient.parse(response, parsedResponseInstance);
+      return response;
+    } catch (FirebaseProjectManagementException e) {
+      String message = String.format(
+          "%s \"%s\": %s", requestIdentifierDescription, requestIdentifier, e.getMessage());
+      throw new FirebaseProjectManagementException(e, message);
     }
   }
 
-  private static void disconnectQuietly(HttpResponse response) {
-    if (response != null) {
-      try {
-        response.disconnect();
-      } catch (IOException ignored) {
-        // Ignored.
-      }
-    }
-  }
+  private static class ProjectManagementErrorHandler
+      extends AbstractPlatformErrorHandler<FirebaseProjectManagementException> {
 
-  private static void handleError(
-      String requestIdentifier, String requestIdentifierDescription, Exception e)
-          throws FirebaseProjectManagementException {
-    String messageBody = "Error while invoking Firebase Project Management service.";
-    if (e instanceof HttpResponseException) {
-      int statusCode = ((HttpResponseException) e).getStatusCode();
-      if (ERROR_CODES.containsKey(statusCode)) {
-        messageBody = ERROR_CODES.get(statusCode);
-      }
+    ProjectManagementErrorHandler(JsonFactory jsonFactory) {
+      super(jsonFactory);
     }
-    throw createFirebaseProjectManagementException(
-        requestIdentifier, requestIdentifierDescription, messageBody, e);
-  }
 
-  static FirebaseProjectManagementException createFirebaseProjectManagementException(
-      String requestIdentifier,
-      String requestIdentifierDescription,
-      String messageBody,
-      @Nullable Exception cause) {
-    return new FirebaseProjectManagementException(
-        String.format(
-            "%s \"%s\": %s", requestIdentifierDescription, requestIdentifier, messageBody),
-        cause);
+    @Override
+    protected FirebaseProjectManagementException createException(FirebaseException base) {
+      return new FirebaseProjectManagementException(base);
+    }
   }
 }
diff --git a/src/test/java/com/google/firebase/FirebaseAppTest.java b/src/test/java/com/google/firebase/FirebaseAppTest.java
index eee9efdb8..d481e3c0e 100644
--- a/src/test/java/com/google/firebase/FirebaseAppTest.java
+++ b/src/test/java/com/google/firebase/FirebaseAppTest.java
@@ -35,13 +35,11 @@
 import com.google.auth.oauth2.OAuth2Credentials.CredentialsChangedListener;
 import com.google.common.base.Defaults;
 import com.google.common.base.Strings;
-import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.firebase.FirebaseApp.TokenRefresher;
-import com.google.firebase.FirebaseOptions.Builder;
 import com.google.firebase.database.FirebaseDatabase;
 import com.google.firebase.testing.FirebaseAppRule;
 import com.google.firebase.testing.ServiceAccount;
@@ -74,7 +72,7 @@
 public class FirebaseAppTest {
 
   private static final FirebaseOptions OPTIONS =
-      new FirebaseOptions.Builder()
+      FirebaseOptions.builder()
           .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
           .build();
 
@@ -110,7 +108,7 @@ public void testGetInstancePersistedNotInitialized() {
 
   @Test
   public void testGetProjectIdFromOptions() {
-    FirebaseOptions options = new FirebaseOptions.Builder(OPTIONS)
+    FirebaseOptions options = OPTIONS.toBuilder()
         .setProjectId("explicit-project-id")
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options, "myApp");
@@ -131,7 +129,7 @@ public void testGetProjectIdFromEnvironment() {
     for (String variable : variables) {
       String gcloudProject = System.getenv(variable);
       TestUtils.setEnvironmentVariables(ImmutableMap.of(variable, "project-id-1"));
-      FirebaseOptions options = new FirebaseOptions.Builder()
+      FirebaseOptions options = FirebaseOptions.builder()
           .setCredentials(new MockGoogleCredentials())
           .build();
       try {
@@ -155,7 +153,7 @@ public void testProjectIdEnvironmentVariablePrecedence() {
 
     TestUtils.setEnvironmentVariables(ImmutableMap.of(
         "GCLOUD_PROJECT", "project-id-1", "GOOGLE_CLOUD_PROJECT", "project-id-2"));
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials())
         .build();
     try {
@@ -239,7 +237,7 @@ public void testGetNullApp() {
   @Test
   public void testToString() throws IOException {
     FirebaseOptions options =
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .build();
     FirebaseApp app = FirebaseApp.initializeApp(options, "app");
@@ -461,14 +459,13 @@ public void testTokenRefresherStateMachine() {
   @Test
   public void testAppWithAuthVariableOverrides() {
     Map<String, Object> authVariableOverrides = ImmutableMap.<String, Object>of("uid", "uid1");
-    FirebaseOptions options =
-        new FirebaseOptions.Builder(getMockCredentialOptions())
-            .setDatabaseAuthVariableOverride(authVariableOverrides)
-            .build();
+    FirebaseOptions options = getMockCredentialOptions().toBuilder()
+        .setDatabaseAuthVariableOverride(authVariableOverrides)
+        .build();
     FirebaseApp app = FirebaseApp.initializeApp(options, "testGetAppWithUid");
     assertEquals("uid1", app.getOptions().getDatabaseAuthVariableOverride().get("uid"));
     String token = TestOnlyImplFirebaseTrampolines.getToken(app, false);
-    Assert.assertTrue(!token.isEmpty());
+    Assert.assertFalse(token.isEmpty());
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -579,16 +576,6 @@ public void testFirebaseConfigStringIgnoresInvalidKey() {
     assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
   }
 
-  @Test(expected = IllegalArgumentException.class)
-  public void testFirebaseExceptionNullDetail() {
-    new FirebaseException(null);
-  }
-
-  @Test(expected = IllegalArgumentException.class)
-  public void testFirebaseExceptionEmptyDetail() {
-    new FirebaseException("");
-  }
-
   @Test
   public void testFirebaseAppCreationWithEmptySupplier() {
     FirebaseApp.initializeApp(FirebaseOptions.builder()
@@ -609,7 +596,7 @@ private static void setFirebaseConfigEnvironmentVariable(String configJSON) {
   }
 
   private static FirebaseOptions getMockCredentialOptions() {
-    return new Builder().setCredentials(new MockGoogleCredentials()).build();
+    return FirebaseOptions.builder().setCredentials(new MockGoogleCredentials()).build();
   }
 
   private static void invokePublicInstanceMethodWithDefaultValues(Object instance, Method method)
diff --git a/src/test/java/com/google/firebase/FirebaseExceptionTest.java b/src/test/java/com/google/firebase/FirebaseExceptionTest.java
new file mode 100644
index 000000000..efe4e39fa
--- /dev/null
+++ b/src/test/java/com/google/firebase/FirebaseExceptionTest.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.http.HttpStatusCodes;
+import com.google.api.client.testing.http.MockLowLevelHttpRequest;
+import com.google.api.client.testing.http.MockLowLevelHttpResponse;
+import com.google.firebase.testing.TestUtils;
+import java.io.IOException;
+import org.junit.Test;
+
+@SuppressWarnings("ThrowableNotThrown")
+public class FirebaseExceptionTest {
+
+  @Test(expected = NullPointerException.class)
+  public void testFirebaseExceptionWithoutErrorCode() {
+    new FirebaseException(
+        null,
+        "Test error",
+        null,
+        null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testFirebaseExceptionWithNullMessage() {
+    new FirebaseException(
+        ErrorCode.INTERNAL,
+        null,
+        null,
+        null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testFirebaseExceptionWithEmptyMessage() {
+    new FirebaseException(
+        ErrorCode.INTERNAL,
+        "",
+        null,
+        null);
+  }
+
+  @Test
+  public void testFirebaseExceptionWithoutResponseAndCause() {
+    FirebaseException exception = new FirebaseException(
+        ErrorCode.INTERNAL,
+        "Test error",
+        null,
+        null);
+
+    assertEquals(ErrorCode.INTERNAL, exception.getErrorCode());
+    assertEquals("Test error", exception.getMessage());
+    assertNull(exception.getHttpResponse());
+    assertNull(exception.getCause());
+  }
+
+  @Test
+  public void testFirebaseExceptionWithResponse() throws IOException {
+    HttpResponseException httpError = createHttpResponseException();
+    OutgoingHttpRequest request = new OutgoingHttpRequest(
+        "GET", "https://firebase.google.com");
+    IncomingHttpResponse response = new IncomingHttpResponse(httpError, request);
+
+    FirebaseException exception = new FirebaseException(
+        ErrorCode.INTERNAL,
+        "Test error",
+        null,
+        response);
+
+    assertEquals(ErrorCode.INTERNAL, exception.getErrorCode());
+    assertEquals("Test error", exception.getMessage());
+    assertSame(response, exception.getHttpResponse());
+    assertNull(exception.getCause());
+  }
+
+  @Test
+  public void testFirebaseExceptionWithCause() {
+    Exception cause = new Exception("root cause");
+
+    FirebaseException exception = new FirebaseException(
+        ErrorCode.INTERNAL,
+        "Test error",
+        cause);
+
+    assertEquals(ErrorCode.INTERNAL, exception.getErrorCode());
+    assertEquals("Test error", exception.getMessage());
+    assertNull(exception.getHttpResponse());
+    assertSame(cause, exception.getCause());
+  }
+
+  private HttpResponseException createHttpResponseException() throws IOException {
+    MockLowLevelHttpResponse lowLevelResponse = new MockLowLevelHttpResponse()
+        .setStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR)
+        .setContent("{}");
+    MockLowLevelHttpRequest lowLevelRequest = new MockLowLevelHttpRequest()
+        .setResponse(lowLevelResponse);
+    HttpRequest request = TestUtils.createRequest(lowLevelRequest);
+    try {
+      request.execute();
+      throw new IOException("HttpResponseException not thrown");
+    } catch (HttpResponseException e) {
+      return e;
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/FirebaseOptionsTest.java b/src/test/java/com/google/firebase/FirebaseOptionsTest.java
index a3dac26fd..c74215beb 100644
--- a/src/test/java/com/google/firebase/FirebaseOptionsTest.java
+++ b/src/test/java/com/google/firebase/FirebaseOptionsTest.java
@@ -17,14 +17,13 @@
 package com.google.firebase;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNotSame;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 
-import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.api.client.http.javanet.NetHttpTransport;
 import com.google.api.client.json.gson.GsonFactory;
 import com.google.auth.oauth2.AccessToken;
@@ -49,7 +48,7 @@ public class FirebaseOptionsTest {
   private static final String FIREBASE_PROJECT_ID = "explicit-project-id";
 
   private static final FirebaseOptions ALL_VALUES_OPTIONS =
-      new FirebaseOptions.Builder()
+      FirebaseOptions.builder()
           .setDatabaseUrl(FIREBASE_DB_URL)
           .setStorageBucket(FIREBASE_STORAGE_BUCKET)
           .setProjectId(FIREBASE_PROJECT_ID)
@@ -76,11 +75,9 @@ protected ThreadFactory getThreadFactory() {
   public void createOptionsWithAllValuesSet() throws IOException {
     GsonFactory jsonFactory = new GsonFactory();
     NetHttpTransport httpTransport = new NetHttpTransport();
-    FirestoreOptions firestoreOptions = FirestoreOptions.newBuilder()
-        .setTimestampsInSnapshotsEnabled(true)
-        .build();
+    FirestoreOptions firestoreOptions = FirestoreOptions.newBuilder().build();
     FirebaseOptions firebaseOptions =
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setDatabaseUrl(FIREBASE_DB_URL)
             .setStorageBucket(FIREBASE_STORAGE_BUCKET)
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
@@ -106,14 +103,14 @@ public void createOptionsWithAllValuesSet() throws IOException {
     assertNotNull(credentials);
     assertTrue(credentials instanceof ServiceAccountCredentials);
     assertEquals(
-        GoogleCredential.fromStream(ServiceAccount.EDITOR.asStream()).getServiceAccountId(),
+        ServiceAccount.EDITOR.getEmail(),
         ((ServiceAccountCredentials) credentials).getClientEmail());
   }
 
   @Test
   public void createOptionsWithOnlyMandatoryValuesSet() throws IOException {
     FirebaseOptions firebaseOptions =
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .build();
     assertNotNull(firebaseOptions.getJsonFactory());
@@ -128,7 +125,7 @@ public void createOptionsWithOnlyMandatoryValuesSet() throws IOException {
     assertNotNull(credentials);
     assertTrue(credentials instanceof ServiceAccountCredentials);
     assertEquals(
-        GoogleCredential.fromStream(ServiceAccount.EDITOR.asStream()).getServiceAccountId(),
+        ServiceAccount.EDITOR.getEmail(),
         ((ServiceAccountCredentials) credentials).getClientEmail());
     assertNull(firebaseOptions.getFirestoreOptions());
   }
@@ -136,7 +133,7 @@ public void createOptionsWithOnlyMandatoryValuesSet() throws IOException {
   @Test
   public void createOptionsWithCustomFirebaseCredential() {
     FirebaseOptions firebaseOptions =
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(new GoogleCredentials() {
               @Override
               public AccessToken refreshAccessToken() {
@@ -156,17 +153,17 @@ public AccessToken refreshAccessToken() {
 
   @Test(expected = NullPointerException.class)
   public void createOptionsWithCredentialMissing() {
-    new FirebaseOptions.Builder().build().getCredentials();
+    FirebaseOptions.builder().build().getCredentials();
   }
 
   @Test(expected = NullPointerException.class)
   public void createOptionsWithNullCredentials() {
-    new FirebaseOptions.Builder().setCredentials((GoogleCredentials) null).build();
+    FirebaseOptions.builder().setCredentials((GoogleCredentials) null).build();
   }
 
   @Test(expected = IllegalArgumentException.class)
   public void createOptionsWithStorageBucketUrl() throws IOException {
-    new FirebaseOptions.Builder()
+    FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setStorageBucket("gs://mock-storage-bucket")
         .build();
@@ -174,7 +171,7 @@ public void createOptionsWithStorageBucketUrl() throws IOException {
 
   @Test(expected = NullPointerException.class)
   public void createOptionsWithNullThreadManager() {
-    new FirebaseOptions.Builder()
+    FirebaseOptions.builder()
         .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
         .setThreadManager(null)
         .build();
@@ -182,7 +179,7 @@ public void createOptionsWithNullThreadManager() {
 
   @Test
   public void checkToBuilderCreatesNewEquivalentInstance() {
-    FirebaseOptions allValuesOptionsCopy = new FirebaseOptions.Builder(ALL_VALUES_OPTIONS).build();
+    FirebaseOptions allValuesOptionsCopy = ALL_VALUES_OPTIONS.toBuilder().build();
     assertNotSame(ALL_VALUES_OPTIONS, allValuesOptionsCopy);
     assertEquals(ALL_VALUES_OPTIONS.getCredentials(), allValuesOptionsCopy.getCredentials());
     assertEquals(ALL_VALUES_OPTIONS.getDatabaseUrl(), allValuesOptionsCopy.getDatabaseUrl());
@@ -198,7 +195,7 @@ public void checkToBuilderCreatesNewEquivalentInstance() {
 
   @Test(expected = IllegalArgumentException.class)
   public void createOptionsWithInvalidConnectTimeout() {
-    new FirebaseOptions.Builder()
+    FirebaseOptions.builder()
         .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
         .setConnectTimeout(-1)
         .build();
@@ -206,7 +203,7 @@ public void createOptionsWithInvalidConnectTimeout() {
 
   @Test(expected = IllegalArgumentException.class)
   public void createOptionsWithInvalidReadTimeout() {
-    new FirebaseOptions.Builder()
+    FirebaseOptions.builder()
         .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
         .setReadTimeout(-1)
         .build();
@@ -216,14 +213,14 @@ public void createOptionsWithInvalidReadTimeout() {
   public void testNotEquals() throws IOException {
     GoogleCredentials credentials = GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream());
     FirebaseOptions options1 =
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(credentials)
             .build();
     FirebaseOptions options2 =
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(credentials)
             .setDatabaseUrl("https://test.firebaseio.com")
             .build();
-    assertFalse(options1.equals(options2));
+    assertNotEquals(options1, options2);
   }
 }
diff --git a/src/test/java/com/google/firebase/IncomingHttpResponseTest.java b/src/test/java/com/google/firebase/IncomingHttpResponseTest.java
new file mode 100644
index 000000000..4da63d12b
--- /dev/null
+++ b/src/test/java/com/google/firebase/IncomingHttpResponseTest.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpMethods;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpResponse;
+import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.http.HttpStatusCodes;
+import com.google.api.client.testing.http.MockLowLevelHttpRequest;
+import com.google.api.client.testing.http.MockLowLevelHttpResponse;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.testing.TestUtils;
+import java.io.IOException;
+import java.util.Map;
+import org.junit.Test;
+
+public class IncomingHttpResponseTest {
+
+  private static final String TEST_URL = "https://firebase.google.com/response";
+  private static final OutgoingHttpRequest REQUEST = new OutgoingHttpRequest("GET", TEST_URL);
+  private static final Map<String, Object> RESPONSE_HEADERS =
+      ImmutableMap.<String, Object>of("x-firebase-client", ImmutableList.of("test-version"));
+  private static final String RESPONSE_BODY = "test response";
+
+  @Test(expected = NullPointerException.class)
+  public void testNullHttpResponse() {
+    new IncomingHttpResponse(null, "content");
+  }
+
+  @Test
+  public void testNullHttpResponseException() throws IOException {
+    try {
+      new IncomingHttpResponse(null, REQUEST);
+      fail("No exception thrown for null HttpResponseException");
+    } catch (NullPointerException ignore) {
+      // expected
+    }
+
+    HttpRequest request = createHttpRequest();
+    try {
+      new IncomingHttpResponse(null, request);
+      fail("No exception thrown for null HttpResponseException");
+    } catch (NullPointerException ignore) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testIncomingHttpResponse() throws IOException {
+    HttpResponseException httpError = createHttpResponseException();
+
+    IncomingHttpResponse response = new IncomingHttpResponse(httpError, REQUEST);
+
+    assertEquals(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, response.getStatusCode());
+    assertEquals(RESPONSE_BODY, response.getContent());
+    assertEquals(RESPONSE_HEADERS, response.getHeaders());
+    assertFalse(response.getHeaders().isEmpty());
+    assertSame(REQUEST, response.getRequest());
+  }
+
+  @Test
+  public void testIncomingHttpResponseWithRequest() throws IOException {
+    HttpResponseException httpError = createHttpResponseException();
+    HttpRequest httpRequest = createHttpRequest();
+
+    IncomingHttpResponse response = new IncomingHttpResponse(httpError, httpRequest);
+
+    assertEquals(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, response.getStatusCode());
+    assertEquals(RESPONSE_BODY, response.getContent());
+    assertEquals(RESPONSE_HEADERS, response.getHeaders());
+    OutgoingHttpRequest request = response.getRequest();
+    assertEquals(HttpMethods.POST, request.getMethod());
+    assertEquals(TEST_URL, request.getUrl());
+  }
+
+  @Test
+  public void testIncomingHttpResponseWithResponse() throws IOException {
+    HttpResponse httpResponse = createHttpResponse();
+
+    IncomingHttpResponse response = new IncomingHttpResponse(httpResponse, RESPONSE_BODY);
+
+    assertEquals(HttpStatusCodes.STATUS_CODE_OK, response.getStatusCode());
+    assertEquals(RESPONSE_BODY, response.getContent());
+    assertTrue(response.getHeaders().isEmpty());
+    OutgoingHttpRequest request = response.getRequest();
+    assertEquals(HttpMethods.POST, request.getMethod());
+    assertEquals(TEST_URL, request.getUrl());
+  }
+
+  private HttpResponseException createHttpResponseException() throws IOException {
+    MockLowLevelHttpResponse lowLevelResponse = new MockLowLevelHttpResponse()
+        .setStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR)
+        .addHeader("X-Firebase-Client", "test-version")
+        .setContent(RESPONSE_BODY);
+    MockLowLevelHttpRequest lowLevelRequest = new MockLowLevelHttpRequest()
+        .setResponse(lowLevelResponse);
+    HttpRequest request = TestUtils.createRequest(lowLevelRequest, new GenericUrl(TEST_URL));
+    try {
+      request.execute();
+      throw new IOException("HttpResponseException not thrown");
+    } catch (HttpResponseException e) {
+      return e;
+    }
+  }
+
+  private HttpRequest createHttpRequest() throws IOException {
+    MockLowLevelHttpResponse lowLevelResponse = new MockLowLevelHttpResponse()
+        .setContent("{}");
+    MockLowLevelHttpRequest lowLevelRequest = new MockLowLevelHttpRequest()
+        .setResponse(lowLevelResponse);
+    return TestUtils.createRequest(lowLevelRequest, new GenericUrl(TEST_URL));
+  }
+
+  private HttpResponse createHttpResponse() throws IOException {
+    HttpRequest request = createHttpRequest();
+    return request.execute();
+  }
+}
diff --git a/src/test/java/com/google/firebase/OutgoingHttpRequestTest.java b/src/test/java/com/google/firebase/OutgoingHttpRequestTest.java
new file mode 100644
index 000000000..792d621f5
--- /dev/null
+++ b/src/test/java/com/google/firebase/OutgoingHttpRequestTest.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpMethods;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.json.JsonHttpContent;
+import com.google.api.client.testing.http.MockHttpTransport;
+import com.google.common.collect.ImmutableMap;
+import java.io.IOException;
+import org.junit.Test;
+
+public class OutgoingHttpRequestTest {
+
+  private static final String TEST_URL = "https://firebase.google.com/request";
+
+  @Test(expected = NullPointerException.class)
+  public void testNullHttpRequest() {
+    new OutgoingHttpRequest(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testNullMethod() {
+    new OutgoingHttpRequest(null, TEST_URL);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testEmptyMethod() {
+    new OutgoingHttpRequest("", TEST_URL);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testNullUrl() {
+    new OutgoingHttpRequest(HttpMethods.GET, null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testEmptyUrl() {
+    new OutgoingHttpRequest(HttpMethods.GET, "");
+  }
+
+  @Test
+  public void testOutgoingHttpRequest() {
+    OutgoingHttpRequest request = new OutgoingHttpRequest(HttpMethods.GET, TEST_URL);
+
+    assertEquals(HttpMethods.GET, request.getMethod());
+    assertEquals(TEST_URL, request.getUrl());
+    assertNull(request.getContent());
+    assertTrue(request.getHeaders().isEmpty());
+  }
+
+  @Test
+  public void testOutgoingHttpRequestWithContent() throws IOException {
+    JsonHttpContent streamingContent = new JsonHttpContent(
+        Utils.getDefaultJsonFactory(),
+        ImmutableMap.of("key", "value"));
+    HttpRequest httpRequest = new MockHttpTransport().createRequestFactory()
+        .buildPostRequest(new GenericUrl(TEST_URL), streamingContent);
+    httpRequest.getHeaders().set("X-Firebase-Client", "test-version");
+
+    OutgoingHttpRequest request = new OutgoingHttpRequest(httpRequest);
+
+    assertEquals(HttpMethods.POST, request.getMethod());
+    assertEquals(TEST_URL, request.getUrl());
+    assertSame(streamingContent, request.getContent());
+    assertEquals("test-version", request.getHeaders().get("x-firebase-client"));
+  }
+}
diff --git a/src/test/java/com/google/firebase/ThreadManagerTest.java b/src/test/java/com/google/firebase/ThreadManagerTest.java
index d8689a4da..22401de30 100644
--- a/src/test/java/com/google/firebase/ThreadManagerTest.java
+++ b/src/test/java/com/google/firebase/ThreadManagerTest.java
@@ -187,8 +187,7 @@ public void testAppLifecycleWithServiceCall() {
   }
 
   @Test
-  public void testAppLifecycleWithMultipleServiceCalls()
-      throws ExecutionException, InterruptedException {
+  public void testAppLifecycleWithMultipleServiceCalls() {
     MockThreadManager threadManager = new MockThreadManager(executor);
 
     // Initializing an app should initialize the executor.
@@ -235,7 +234,7 @@ public void testAppLifecycleWithMultipleServiceCalls()
   }
 
   private FirebaseOptions buildOptions(ThreadManager threadManager) {
-    return new FirebaseOptions.Builder()
+    return FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials())
         .setProjectId("mock-project-id")
         .setThreadManager(threadManager)
@@ -278,7 +277,7 @@ private static class Event {
     private final FirebaseApp app;
     private ExecutorService executor;
 
-    public Event(int type, @Nullable FirebaseApp app, @Nullable ExecutorService executor) {
+    Event(int type, @Nullable FirebaseApp app, @Nullable ExecutorService executor) {
       this.type = type;
       this.app = app;
       this.executor = executor;
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index 803591d81..35fa21d4d 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -43,6 +43,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.io.BaseEncoding;
 import com.google.common.util.concurrent.MoreExecutors;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.ImplFirebaseTrampolines;
@@ -50,7 +51,6 @@
 import com.google.firebase.auth.UserTestUtils.RandomUser;
 import com.google.firebase.auth.UserTestUtils.TemporaryUser;
 import com.google.firebase.auth.hash.Scrypt;
-import com.google.firebase.auth.internal.AuthHttpClient;
 import com.google.firebase.internal.Nullable;
 import com.google.firebase.testing.IntegrationTestUtils;
 import java.io.IOException;
@@ -96,8 +96,14 @@ public void testGetNonExistingUser() throws Exception {
       fail("No error thrown for non existing uid");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR,
-          ((FirebaseAuthException) e.getCause()).getErrorCode());
+      FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+      assertEquals(
+          "No user record found for the provided user ID: non.existing",
+          authException.getMessage());
+      assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+      assertNull(authException.getCause());
+      assertNotNull(authException.getHttpResponse());
+      assertEquals(AuthErrorCode.USER_NOT_FOUND, authException.getAuthErrorCode());
     }
   }
 
@@ -108,8 +114,14 @@ public void testGetNonExistingUserByEmail() throws Exception {
       fail("No error thrown for non existing email");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR,
-          ((FirebaseAuthException) e.getCause()).getErrorCode());
+      FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+      assertEquals(
+          "No user record found for the provided email: non.existing@definitely.non.existing",
+          authException.getMessage());
+      assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+      assertNull(authException.getCause());
+      assertNotNull(authException.getHttpResponse());
+      assertEquals(AuthErrorCode.USER_NOT_FOUND, authException.getAuthErrorCode());
     }
   }
 
@@ -120,8 +132,14 @@ public void testUpdateNonExistingUser() throws Exception {
       fail("No error thrown for non existing uid");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR,
-          ((FirebaseAuthException) e.getCause()).getErrorCode());
+      FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+      assertEquals(
+          "No user record found for the given identifier (USER_NOT_FOUND).",
+          authException.getMessage());
+      assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+      assertNotNull(authException.getCause());
+      assertNotNull(authException.getHttpResponse());
+      assertEquals(AuthErrorCode.USER_NOT_FOUND, authException.getAuthErrorCode());
     }
   }
 
@@ -132,8 +150,14 @@ public void testDeleteNonExistingUser() throws Exception {
       fail("No error thrown for non existing uid");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR,
-          ((FirebaseAuthException) e.getCause()).getErrorCode());
+      FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+      assertEquals(
+          "No user record found for the given identifier (USER_NOT_FOUND).",
+          authException.getMessage());
+      assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+      assertNotNull(authException.getCause());
+      assertNotNull(authException.getHttpResponse());
+      assertEquals(AuthErrorCode.USER_NOT_FOUND, authException.getAuthErrorCode());
     }
   }
 
@@ -313,43 +337,39 @@ public void testUserLifecycle() throws Exception {
   @Test
   public void testLastRefreshTime() throws Exception {
     RandomUser user = UserTestUtils.generateRandomUserInfo();
-    UserRecord newUserRecord = auth.createUser(new UserRecord.CreateRequest()
-                                                   .setUid(user.getUid())
-                                                   .setEmail(user.getEmail())
-                                                   .setEmailVerified(false)
-                                                   .setPassword("password"));
+    UserRecord newUserRecord = temporaryUser.create(new UserRecord.CreateRequest()
+        .setUid(user.getUid())
+        .setEmail(user.getEmail())
+        .setEmailVerified(false)
+        .setPassword("password"));
 
-    try {
-      // New users should not have a lastRefreshTimestamp set.
-      assertEquals(0, newUserRecord.getUserMetadata().getLastRefreshTimestamp());
-
-      // Login to cause the lastRefreshTimestamp to be set.
-      signInWithPassword(newUserRecord.getEmail(), "password");
-
-      // Attempt to retrieve the user 3 times (with a small delay between each
-      // attempt). Occassionally, this call retrieves the user data without the
-      // lastLoginTime/lastRefreshTime set; possibly because it's hitting a
-      // different server than the login request uses.
-      UserRecord userRecord = null;
-      for (int i = 0; i < 3; i++) {
-        userRecord = auth.getUser(newUserRecord.getUid());
-
-        if (userRecord.getUserMetadata().getLastRefreshTimestamp() != 0) {
-          break;
-        }
+    // New users should not have a lastRefreshTimestamp set.
+    assertEquals(0, newUserRecord.getUserMetadata().getLastRefreshTimestamp());
 
-        TimeUnit.SECONDS.sleep((long)Math.pow(2, i));
+    // Login to cause the lastRefreshTimestamp to be set.
+    signInWithPassword(newUserRecord.getEmail(), "password");
+
+    // Attempt to retrieve the user 3 times (with a small delay between each
+    // attempt). Occasionally, this call retrieves the user data without the
+    // lastLoginTime/lastRefreshTime set; possibly because it's hitting a
+    // different server than the login request uses.
+    UserRecord userRecord = null;
+    for (int i = 0; i < 3; i++) {
+      userRecord = auth.getUser(newUserRecord.getUid());
+
+      if (userRecord.getUserMetadata().getLastRefreshTimestamp() != 0) {
+        break;
       }
 
-      // Ensure the lastRefreshTimestamp is approximately "now" (with a tollerance of 10 minutes).
-      long now = System.currentTimeMillis();
-      long tollerance = TimeUnit.MINUTES.toMillis(10);
-      long lastRefreshTimestamp = userRecord.getUserMetadata().getLastRefreshTimestamp();
-      assertTrue(now - tollerance <= lastRefreshTimestamp);
-      assertTrue(lastRefreshTimestamp <= now + tollerance);
-    } finally {
-      auth.deleteUser(newUserRecord.getUid());
+      TimeUnit.SECONDS.sleep((long)Math.pow(2, i));
     }
+
+    // Ensure the lastRefreshTimestamp is approximately "now" (with a tolerance of 10 minutes).
+    long now = System.currentTimeMillis();
+    long tolerance = TimeUnit.MINUTES.toMillis(10);
+    long lastRefreshTimestamp = userRecord.getUserMetadata().getLastRefreshTimestamp();
+    assertTrue(now - tolerance <= lastRefreshTimestamp);
+    assertTrue(lastRefreshTimestamp <= now + tolerance);
   }
 
   @Test
@@ -473,7 +493,7 @@ public void testCustomTokenWithIAM() throws Exception {
     if (token == null) {
       token = credentials.refreshAccessToken();
     }
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.create(token))
         .setServiceAccountId(((ServiceAccountSigner) credentials).getAccount())
         .setProjectId(IntegrationTestUtils.getProjectId())
@@ -507,8 +527,8 @@ public void testVerifyIdToken() throws Exception {
       fail("expecting exception");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(RevocationCheckDecorator.ID_TOKEN_REVOKED_ERROR,
-                   ((FirebaseAuthException) e.getCause()).getErrorCode());
+      assertEquals(AuthErrorCode.REVOKED_ID_TOKEN,
+          ((FirebaseAuthException) e.getCause()).getAuthErrorCode());
     }
     idToken = signInWithCustomToken(customToken);
     decoded = auth.verifyIdTokenAsync(idToken, true).get();
@@ -541,8 +561,8 @@ public void testVerifySessionCookie() throws Exception {
       fail("expecting exception");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(RevocationCheckDecorator.SESSION_COOKIE_REVOKED_ERROR,
-          ((FirebaseAuthException) e.getCause()).getErrorCode());
+      assertEquals(AuthErrorCode.REVOKED_SESSION_COOKIE,
+          ((FirebaseAuthException) e.getCause()).getAuthErrorCode());
     }
 
     idToken = signInWithCustomToken(customToken);
@@ -1009,7 +1029,14 @@ private void checkRecreateUser(String uid) throws Exception {
       fail("No error thrown for creating user with existing ID");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals("uid-already-exists", ((FirebaseAuthException) e.getCause()).getErrorCode());
+      FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+      assertEquals(ErrorCode.ALREADY_EXISTS, authException.getErrorCode());
+      assertEquals(
+          "The user with the provided uid already exists (DUPLICATE_LOCAL_ID).",
+          authException.getMessage());
+      assertNotNull(authException.getCause());
+      assertNotNull(authException.getHttpResponse());
+      assertEquals(AuthErrorCode.UID_ALREADY_EXISTS, authException.getAuthErrorCode());
     }
   }
 
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
index bfc8d1790..e34fede1f 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
@@ -25,10 +25,15 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
+import com.google.api.client.testing.http.MockHttpTransport;
+import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.api.core.ApiFuture;
 import com.google.common.base.Defaults;
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
+
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
@@ -53,6 +58,11 @@ public class FirebaseAuthTest {
       .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
       .build();
 
+  private static final FirebaseAuthException testException = new FirebaseAuthException(
+      ErrorCode.INVALID_ARGUMENT, "Test error message", null, null, null);
+  private static final long VALID_SINCE = 1494364393;
+  private static final String TEST_USER = "testUser";
+
   @After
   public void cleanup() {
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
@@ -145,14 +155,14 @@ public void testProjectIdNotRequiredAtInitialization() {
     assertNotNull(FirebaseAuth.getInstance(app));
   }
 
-  @Test(expected = IllegalArgumentException.class)
+  @Test(expected = NullPointerException.class)
   public void testAuthExceptionNullErrorCode() {
-    new FirebaseAuthException(null, "test");
+    new FirebaseAuthException(null, "test", null, null, null);
   }
 
   @Test(expected = IllegalArgumentException.class)
-  public void testAuthExceptionEmptyErrorCode() {
-    new FirebaseAuthException("", "test");
+  public void testAuthExceptionNullMessage() {
+    new FirebaseAuthException(ErrorCode.INTERNAL, null, null, null, null);
   }
 
   @Test
@@ -219,19 +229,48 @@ public void testVerifyIdToken() throws Exception {
     assertEquals("idtoken", tokenVerifier.getLastTokenString());
   }
 
+  @Test
+  public void testVerifyIdTokenWithRevocationCheck() throws Exception {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
+        getFirebaseToken(VALID_SINCE + 1000));
+    FirebaseAuth auth = getAuthForIdTokenVerificationWithRevocationCheck(tokenVerifier);
+
+    FirebaseToken firebaseToken = auth.verifyIdToken("idtoken", true);
+
+    assertEquals("testUser", firebaseToken.getUid());
+    assertEquals("idtoken", tokenVerifier.getLastTokenString());
+  }
+
+  @Test
+  public void testVerifyIdTokenWithRevocationCheckFailure() {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
+        getFirebaseToken(VALID_SINCE - 1000));
+    FirebaseAuth auth = getAuthForIdTokenVerificationWithRevocationCheck(tokenVerifier);
+
+    try {
+      auth.verifyIdToken("idtoken", true);
+      fail("No error thrown for revoked ID token");
+    } catch (FirebaseAuthException e) {
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals("Firebase id token is revoked.", e.getMessage());
+      assertNull(e.getCause());
+      assertNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.REVOKED_ID_TOKEN, e.getAuthErrorCode());
+    }
+
+    assertEquals("idtoken", tokenVerifier.getLastTokenString());
+  }
+
   @Test
   public void testVerifyIdTokenFailure() {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(
-        new FirebaseAuthException("TEST_CODE", "Test error message"));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(testException);
     FirebaseAuth auth = getAuthForIdTokenVerification(tokenVerifier);
 
     try {
       auth.verifyIdToken("idtoken");
       fail("No error thrown for invalid token");
     } catch (FirebaseAuthException authException) {
-      assertEquals("TEST_CODE", authException.getErrorCode());
-      assertEquals("Test error message", authException.getMessage());
-      assertEquals("idtoken", tokenVerifier.getLastTokenString());
+      assertSame(testException, authException);
     }
   }
 
@@ -248,8 +287,7 @@ public void testVerifyIdTokenAsync() throws Exception {
 
   @Test
   public void testVerifyIdTokenAsyncFailure() throws InterruptedException {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(
-        new FirebaseAuthException("TEST_CODE", "Test error message"));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(testException);
     FirebaseAuth auth = getAuthForIdTokenVerification(tokenVerifier);
 
     try {
@@ -257,16 +295,13 @@ public void testVerifyIdTokenAsyncFailure() throws InterruptedException {
       fail("No error thrown for invalid token");
     } catch (ExecutionException e) {
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals("TEST_CODE", authException.getErrorCode());
-      assertEquals("Test error message", authException.getMessage());
-      assertEquals("idtoken", tokenVerifier.getLastTokenString());
+      assertSame(testException, authException);
     }
   }
 
   @Test
   public void testVerifyIdTokenWithCheckRevokedAsyncFailure() throws InterruptedException {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(
-        new FirebaseAuthException("TEST_CODE", "Test error message"));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(testException);
     FirebaseAuth auth = getAuthForIdTokenVerification(tokenVerifier);
 
     try {
@@ -274,9 +309,7 @@ public void testVerifyIdTokenWithCheckRevokedAsyncFailure() throws InterruptedEx
       fail("No error thrown for invalid token");
     } catch (ExecutionException e) {
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals("TEST_CODE", authException.getErrorCode());
-      assertEquals("Test error message", authException.getMessage());
-      assertEquals("idtoken", tokenVerifier.getLastTokenString());
+      assertSame(testException, authException);
     }
   }
 
@@ -346,18 +379,47 @@ public void testVerifySessionCookie() throws Exception {
 
   @Test
   public void testVerifySessionCookieFailure() {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(
-        new FirebaseAuthException("TEST_CODE", "Test error message"));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(testException);
     FirebaseAuth auth = getAuthForSessionCookieVerification(tokenVerifier);
 
     try {
       auth.verifySessionCookie("idtoken");
       fail("No error thrown for invalid token");
     } catch (FirebaseAuthException authException) {
-      assertEquals("TEST_CODE", authException.getErrorCode());
-      assertEquals("Test error message", authException.getMessage());
-      assertEquals("idtoken", tokenVerifier.getLastTokenString());
+      assertSame(testException, authException);
+    }
+  }
+
+  @Test
+  public void testVerifySessionCookieWithRevocationCheck() throws Exception {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
+        getFirebaseToken(VALID_SINCE + 1000));
+    FirebaseAuth auth = getAuthForSessionCookieVerificationWithRevocationCheck(tokenVerifier);
+
+    FirebaseToken firebaseToken = auth.verifySessionCookie("cookie", true);
+
+    assertEquals("testUser", firebaseToken.getUid());
+    assertEquals("cookie", tokenVerifier.getLastTokenString());
+  }
+
+  @Test
+  public void testVerifySessionCookieWithRevocationCheckFailure() {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
+        getFirebaseToken(VALID_SINCE - 1000));
+    FirebaseAuth auth = getAuthForSessionCookieVerificationWithRevocationCheck(tokenVerifier);
+
+    try {
+      auth.verifySessionCookie("cookie", true);
+      fail("No error thrown for revoked session cookie");
+    } catch (FirebaseAuthException e) {
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals("Firebase session cookie is revoked.", e.getMessage());
+      assertNull(e.getCause());
+      assertNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.REVOKED_SESSION_COOKIE, e.getAuthErrorCode());
     }
+
+    assertEquals("cookie", tokenVerifier.getLastTokenString());
   }
 
   @Test
@@ -373,8 +435,7 @@ public void testVerifySessionCookieAsync() throws Exception {
 
   @Test
   public void testVerifySessionCookieAsyncFailure() throws InterruptedException {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(
-        new FirebaseAuthException("TEST_CODE", "Test error message"));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(testException);
     FirebaseAuth auth = getAuthForSessionCookieVerification(tokenVerifier);
 
     try {
@@ -382,16 +443,13 @@ public void testVerifySessionCookieAsyncFailure() throws InterruptedException {
       fail("No error thrown for invalid token");
     } catch (ExecutionException e) {
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals("TEST_CODE", authException.getErrorCode());
-      assertEquals("Test error message", authException.getMessage());
-      assertEquals("idtoken", tokenVerifier.getLastTokenString());
+      assertSame(testException, authException);
     }
   }
 
   @Test
   public void testVerifySessionCookieWithCheckRevokedAsyncFailure() throws InterruptedException {
-    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(
-        new FirebaseAuthException("TEST_CODE", "Test error message"));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(testException);
     FirebaseAuth auth = getAuthForSessionCookieVerification(tokenVerifier);
 
     try {
@@ -399,12 +457,24 @@ public void testVerifySessionCookieWithCheckRevokedAsyncFailure() throws Interru
       fail("No error thrown for invalid token");
     } catch (ExecutionException e) {
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals("TEST_CODE", authException.getErrorCode());
-      assertEquals("Test error message", authException.getMessage());
-      assertEquals("idtoken", tokenVerifier.getLastTokenString());
+      assertSame(testException, authException);
     }
   }
 
+  private FirebaseToken getFirebaseToken(String subject) {
+    return new FirebaseToken(ImmutableMap.<String, Object>of("sub", subject));
+  }
+
+  private FirebaseToken getFirebaseToken(long issuedAt) {
+    return new FirebaseToken(ImmutableMap.<String, Object>of("sub", TEST_USER, "iat", issuedAt));
+  }
+
+  FirebaseAuth getAuthForIdTokenVerificationWithRevocationCheck(
+      FirebaseTokenVerifier tokenVerifier) {
+    FirebaseApp app = getFirebaseAppForUserRetrieval();
+    return getAuthForIdTokenVerification(app, Suppliers.ofInstance(tokenVerifier));
+  }
+
   private FirebaseAuth getAuthForIdTokenVerification(FirebaseTokenVerifier tokenVerifier) {
     return getAuthForIdTokenVerification(Suppliers.ofInstance(tokenVerifier));
   }
@@ -412,7 +482,13 @@ private FirebaseAuth getAuthForIdTokenVerification(FirebaseTokenVerifier tokenVe
   private FirebaseAuth getAuthForIdTokenVerification(
       Supplier<? extends FirebaseTokenVerifier> tokenVerifierSupplier) {
     FirebaseApp app = FirebaseApp.initializeApp(firebaseOptions);
-    FirebaseUserManager userManager = FirebaseUserManager.builder().setFirebaseApp(app).build();
+    return getAuthForIdTokenVerification(app, tokenVerifierSupplier);
+  }
+
+  private FirebaseAuth getAuthForIdTokenVerification(
+      FirebaseApp app,
+      Supplier<? extends FirebaseTokenVerifier> tokenVerifierSupplier) {
+    FirebaseUserManager userManager = FirebaseUserManager.createUserManager(app, null);
     return FirebaseAuth.builder()
         .setFirebaseApp(app)
         .setIdTokenVerifier(tokenVerifierSupplier)
@@ -420,6 +496,12 @@ private FirebaseAuth getAuthForIdTokenVerification(
         .build();
   }
 
+  FirebaseAuth getAuthForSessionCookieVerificationWithRevocationCheck(
+      FirebaseTokenVerifier tokenVerifier) {
+    FirebaseApp app = getFirebaseAppForUserRetrieval();
+    return getAuthForSessionCookieVerification(app, Suppliers.ofInstance(tokenVerifier));
+  }
+
   private FirebaseAuth getAuthForSessionCookieVerification(FirebaseTokenVerifier tokenVerifier) {
     return getAuthForSessionCookieVerification(Suppliers.ofInstance(tokenVerifier));
   }
@@ -427,7 +509,13 @@ private FirebaseAuth getAuthForSessionCookieVerification(FirebaseTokenVerifier t
   private FirebaseAuth getAuthForSessionCookieVerification(
       Supplier<? extends FirebaseTokenVerifier> tokenVerifierSupplier) {
     FirebaseApp app = FirebaseApp.initializeApp(firebaseOptions);
-    FirebaseUserManager userManager = FirebaseUserManager.builder().setFirebaseApp(app).build();
+    return getAuthForSessionCookieVerification(app, tokenVerifierSupplier);
+  }
+
+  private FirebaseAuth getAuthForSessionCookieVerification(
+      FirebaseApp app,
+      Supplier<? extends FirebaseTokenVerifier> tokenVerifierSupplier) {
+    FirebaseUserManager userManager = FirebaseUserManager.createUserManager(app, null);
     return FirebaseAuth.builder()
         .setFirebaseApp(app)
         .setCookieVerifier(tokenVerifierSupplier)
@@ -435,13 +523,22 @@ private FirebaseAuth getAuthForSessionCookieVerification(
         .build();
   }
 
+  private FirebaseApp getFirebaseAppForUserRetrieval() {
+    String getUserResponse = TestUtils.loadResource("getUser.json");
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(new MockLowLevelHttpResponse().setContent(getUserResponse))
+        .build();
+    return FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(new MockGoogleCredentials("test-token"))
+        .setHttpTransport(transport)
+        .setProjectId("test-project-id")
+        .build());
+  }
+
   public static TestResponseInterceptor setUserManager(
       AbstractFirebaseAuth.Builder<?> builder, FirebaseApp app, String tenantId) {
     TestResponseInterceptor interceptor = new TestResponseInterceptor();
-    FirebaseUserManager userManager = FirebaseUserManager.builder()
-        .setFirebaseApp(app)
-        .setTenantId(tenantId)
-        .build();
+    FirebaseUserManager userManager = FirebaseUserManager.createUserManager(app, tenantId);
     userManager.setInterceptor(interceptor);
     builder.setUserManager(Suppliers.ofInstance(userManager));
     return interceptor;
diff --git a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
index 379da0a57..833e2ed95 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
@@ -17,6 +17,7 @@
 package com.google.firebase.auth;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
 import com.google.api.client.auth.openidconnect.IdTokenVerifier;
@@ -30,15 +31,15 @@
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.testing.ServiceAccount;
 import java.io.IOException;
+import java.security.GeneralSecurityException;
 import java.util.concurrent.TimeUnit;
 
 import org.junit.Assert;
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.ExpectedException;
 
 public class FirebaseTokenVerifierImplTest {
 
@@ -55,9 +56,6 @@ public class FirebaseTokenVerifierImplTest {
 
   private static final String TEST_TOKEN_ISSUER = "https://test.token.issuer";
 
-  @Rule
-  public ExpectedException thrown = ExpectedException.none();
-
   private FirebaseTokenVerifier tokenVerifier;
   private TestTokenFactory tokenFactory;
 
@@ -80,108 +78,188 @@ public void testVerifyToken() throws Exception {
   }
 
   @Test
-  public void testVerifyTokenWithoutKeyId() throws Exception {
+  public void testVerifyTokenWithoutKeyId() {
     String token = createTokenWithoutKeyId();
 
-    thrown.expectMessage("Firebase test token has no \"kid\" claim.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has no \"kid\" claim. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void testVerifyTokenFirebaseCustomToken() throws Exception {
+  public void testVerifyTokenFirebaseCustomToken() {
     String token = createCustomToken();
 
-    thrown.expectMessage("verifyTestToken() expects a test token, but was given a custom token.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "verifyTestToken() expects a test token, but was given a custom token. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void testVerifyTokenIncorrectAlgorithm() throws Exception {
+  public void testVerifyTokenIncorrectAlgorithm() {
     String token = createTokenWithIncorrectAlgorithm();
 
-    thrown.expectMessage("Firebase test token has incorrect algorithm.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has incorrect algorithm. "
+          + "Expected \"RS256\" but got \"HSA\". "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void testVerifyTokenIncorrectAudience() throws Exception {
+  public void testVerifyTokenIncorrectAudience() {
     String token = createTokenWithIncorrectAudience();
 
-    thrown.expectMessage("Firebase test token has incorrect \"aud\" (audience) claim.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has incorrect \"aud\" (audience) claim. "
+          + "Expected \"proj-test-101\" but got \"invalid-audience\". "
+          + "Make sure the test token comes from the same Firebase project as the service account "
+          + "used to authenticate this SDK. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void testVerifyTokenIncorrectIssuer() throws Exception {
+  public void testVerifyTokenIncorrectIssuer() {
     String token = createTokenWithIncorrectIssuer();
 
-    thrown.expectMessage("Firebase test token has incorrect \"iss\" (issuer) claim.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has incorrect \"iss\" (issuer) claim. "
+          + "Expected \"https://test.token.issuer\" but got "
+          + "\"https://incorrect.issuer.prefix/proj-test-101\". Make sure the test token comes "
+          + "from the same Firebase project as the service account used to authenticate this SDK. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void testVerifyTokenMissingSubject() throws Exception {
+  public void testVerifyTokenMissingSubject() {
     String token = createTokenWithSubject(null);
 
-    thrown.expectMessage("Firebase test token has no \"sub\" (subject) claim.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has no \"sub\" (subject) claim. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void testVerifyTokenEmptySubject() throws Exception {
+  public void testVerifyTokenEmptySubject() {
     String token = createTokenWithSubject("");
 
-    thrown.expectMessage("Firebase test token has an empty string \"sub\" (subject) claim.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has an empty string \"sub\" (subject) claim. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void testVerifyTokenLongSubject() throws Exception {
+  public void testVerifyTokenLongSubject() {
     String token = createTokenWithSubject(Strings.repeat("a", 129));
 
-    thrown.expectMessage(
-        "Firebase test token has \"sub\" (subject) claim longer than 128 characters.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has \"sub\" (subject) claim longer "
+          + "than 128 characters. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void testVerifyTokenIssuedAtInFuture() throws Exception {
+  public void testVerifyTokenIssuedAtInFuture() {
     long tenMinutesIntoTheFuture = (TestTokenFactory.CLOCK.currentTimeMillis() / 1000)
         + TimeUnit.MINUTES.toSeconds(10);
     String token = createTokenWithTimestamps(
         tenMinutesIntoTheFuture,
         tenMinutesIntoTheFuture + TimeUnit.HOURS.toSeconds(1));
 
-    thrown.expectMessage("Firebase test token has expired or is not yet valid.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token is not yet valid. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void testVerifyTokenExpired() throws Exception {
+  public void testVerifyTokenExpired() {
     long twoHoursInPast = (TestTokenFactory.CLOCK.currentTimeMillis() / 1000)
         - TimeUnit.HOURS.toSeconds(2);
     String token = createTokenWithTimestamps(
         twoHoursInPast,
         twoHoursInPast + TimeUnit.HOURS.toSeconds(1));
 
-    thrown.expectMessage("Firebase test token has expired or is not yet valid.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has expired. "
+          + "Get a fresh test token and try again. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkException(e, message, AuthErrorCode.EXPIRED_ID_TOKEN);
+    }
   }
 
   @Test
-  public void testVerifyTokenIncorrectCert() throws Exception {
+  public void testVerifyTokenSignatureMismatch() {
     String token = tokenFactory.createToken();
     GooglePublicKeysManager publicKeysManager = newPublicKeysManager(
         ServiceAccount.NONE.getCert());
     FirebaseTokenVerifier tokenVerifier = newTestTokenVerifier(publicKeysManager);
 
-    thrown.expectMessage("Failed to verify the signature of Firebase test token. "
-        + "See https://test.doc.url for details on how to retrieve a test token.");
-    tokenVerifier.verifyToken(token);
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Failed to verify the signature of Firebase test token. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void verifyTokenCertificateError() {
+  public void testMalformedCert() {
+    String token = tokenFactory.createToken();
+    GooglePublicKeysManager publicKeysManager = newPublicKeysManager("malformed.cert");
+    FirebaseTokenVerifier tokenVerifier = newTestTokenVerifier(publicKeysManager);
+
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Error while fetching public key certificates: Could not parse certificate";
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertTrue(e.getMessage().startsWith(message));
+      assertTrue(e.getCause() instanceof GeneralSecurityException);
+      assertNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.CERTIFICATE_FETCH_FAILED, e.getAuthErrorCode());
+    }
+  }
+
+  @Test
+  public void testCertificateFetchError() {
     MockHttpTransport failingTransport = new MockHttpTransport() {
       @Override
       public LowLevelHttpRequest buildRequest(String method, String url) throws IOException {
@@ -195,26 +273,57 @@ public LowLevelHttpRequest buildRequest(String method, String url) throws IOExce
     try {
       idTokenVerifier.verifyToken(token);
       Assert.fail("No exception thrown");
-    } catch (FirebaseAuthException expected) {
-      assertTrue(expected.getCause() instanceof IOException);
-      assertEquals("Expected error", expected.getCause().getMessage());
+    } catch (FirebaseAuthException e) {
+      String message = "Error while fetching public key certificates: Expected error";
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals(message, e.getMessage());
+      assertTrue(e.getCause() instanceof IOException);
+      assertNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.CERTIFICATE_FETCH_FAILED, e.getAuthErrorCode());
     }
   }
 
   @Test
-  public void testLegacyCustomToken() throws Exception {
-    thrown.expectMessage(
-        "verifyTestToken() expects a test token, but was given a legacy custom token.");
-    tokenVerifier.verifyToken(LEGACY_CUSTOM_TOKEN);
+  public void testMalformedSignature() {
+    String token = tokenFactory.createToken();
+    String[] segments = token.split("\\.");
+    token = String.format("%s.%s.%s", segments[0], segments[1], "MalformedSignature");
+
+    try {
+      tokenVerifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      String message = "Failed to verify the signature of Firebase test token. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
   }
 
   @Test
-  public void testMalformedToken() throws Exception {
-    thrown.expectMessage(
-        "Failed to parse Firebase test token. Make sure you passed a string that represents a "
-            + "complete and valid JWT. See https://test.doc.url for details on how to retrieve "
-            + "a test token.");
-    tokenVerifier.verifyToken("not.a.jwt");
+  public void testLegacyCustomToken() {
+    try {
+      tokenVerifier.verifyToken(LEGACY_CUSTOM_TOKEN);
+    } catch (FirebaseAuthException e) {
+      String message = "verifyTestToken() expects a test token, but was given a "
+          + "legacy custom token. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
+  }
+
+  @Test
+  public void testMalformedToken() {
+    try {
+      tokenVerifier.verifyToken("not.a.jwt");
+    } catch (FirebaseAuthException e) {
+      String message = "Failed to parse Firebase test token. "
+          + "Make sure you passed a string that represents a complete and valid JWT. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals(message, e.getMessage());
+      assertTrue(e.getCause() instanceof IllegalArgumentException);
+      assertNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.INVALID_ID_TOKEN, e.getAuthErrorCode());
+    }
   }
 
   @Test
@@ -238,7 +347,7 @@ public void testVerifyTokenDifferentTenantIds() {
         .build()
         .verifyToken(createTokenWithTenantId("TENANT_2"));
     } catch (FirebaseAuthException e) {
-      assertEquals(FirebaseTokenVerifierImpl.TENANT_ID_MISMATCH_ERROR, e.getErrorCode());
+      assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
       assertEquals(
           "The tenant ID ('TENANT_2') of the token did not match the expected value ('TENANT_1')",
           e.getMessage());
@@ -253,7 +362,7 @@ public void testVerifyTokenMissingTenantId() {
         .build()
         .verifyToken(tokenFactory.createToken());
     } catch (FirebaseAuthException e) {
-      assertEquals(FirebaseTokenVerifierImpl.TENANT_ID_MISMATCH_ERROR, e.getErrorCode());
+      assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
       assertEquals(
           "The tenant ID ('') of the token did not match the expected value ('TENANT_ID')",
           e.getMessage());
@@ -267,7 +376,7 @@ public void testVerifyTokenUnexpectedTenantId() {
         .build()
         .verifyToken(createTokenWithTenantId("TENANT_ID"));
     } catch (FirebaseAuthException e) {
-      assertEquals(FirebaseTokenVerifierImpl.TENANT_ID_MISMATCH_ERROR, e.getErrorCode());
+      assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
       assertEquals(
           "The tenant ID ('TENANT_ID') of the token did not match the expected value ('')",
           e.getMessage());
@@ -323,13 +432,8 @@ private GooglePublicKeysManager newPublicKeysManager(HttpTransport transport) {
   }
 
   private FirebaseTokenVerifier newTestTokenVerifier(GooglePublicKeysManager publicKeysManager) {
-    return FirebaseTokenVerifierImpl.builder()
-        .setShortName("test token")
-        .setMethod("verifyTestToken()")
-        .setDocUrl("https://test.doc.url")
-        .setJsonFactory(TestTokenFactory.JSON_FACTORY)
+    return fullyPopulatedBuilder()
         .setPublicKeysManager(publicKeysManager)
-        .setIdTokenVerifier(newIdTokenVerifier())
         .build();
   }
 
@@ -340,6 +444,8 @@ private FirebaseTokenVerifierImpl.Builder fullyPopulatedBuilder() {
         .setDocUrl("https://test.doc.url")
         .setJsonFactory(TestTokenFactory.JSON_FACTORY)
         .setPublicKeysManager(newPublicKeysManager(ServiceAccount.EDITOR.getCert()))
+        .setInvalidTokenErrorCode(AuthErrorCode.INVALID_ID_TOKEN)
+        .setExpiredTokenErrorCode(AuthErrorCode.EXPIRED_ID_TOKEN)
         .setIdTokenVerifier(newIdTokenVerifier());
   }
 
@@ -396,6 +502,18 @@ private String createTokenWithTimestamps(long issuedAtSeconds, long expirationSe
     return tokenFactory.createToken(payload);
   }
 
+  private void checkInvalidTokenException(FirebaseAuthException e, String message) {
+    checkException(e, message, AuthErrorCode.INVALID_ID_TOKEN);
+  }
+
+  private void checkException(FirebaseAuthException e, String message, AuthErrorCode errorCode) {
+    assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+    assertEquals(message, e.getMessage());
+    assertNull(e.getCause());
+    assertNull(e.getHttpResponse());
+    assertEquals(errorCode, e.getAuthErrorCode());
+  }
+
   private String createTokenWithTenantId(String tenantId) {
     Payload payload = tokenFactory.createTokenPayload();
     payload.set("firebase", ImmutableMap.of("tenant", tenantId));
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index 7012ef6bf..772f9ba8d 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -40,18 +40,17 @@
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.FirebaseUserManager.EmailLinkType;
-import com.google.firebase.auth.internal.AuthHttpClient;
 import com.google.firebase.auth.multitenancy.TenantAwareFirebaseAuth;
 import com.google.firebase.auth.multitenancy.TenantManager;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.math.BigDecimal;
@@ -60,7 +59,6 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
-
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import org.junit.After;
@@ -92,6 +90,10 @@ public class FirebaseUserManagerTest {
 
   private static final String TENANTS_BASE_URL = PROJECT_BASE_URL + "/tenants";
 
+  private static final String SAML_RESPONSE = TestUtils.loadResource("saml.json");
+
+  private static final String OIDC_RESPONSE = TestUtils.loadResource("oidc.json");
+
   @After
   public void tearDown() {
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
@@ -99,7 +101,7 @@ public void tearDown() {
 
   @Test
   public void testProjectIdRequired() {
-    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp.initializeApp(FirebaseOptions.builder()
             .setCredentials(credentials)
             .build());
     FirebaseAuth auth = FirebaseAuth.getInstance();
@@ -133,7 +135,12 @@ public void testGetUserWithNotFoundError() throws Exception {
     } catch (ExecutionException e) {
       assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR, authException.getErrorCode());
+      assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+      assertEquals(
+          "No user record found for the provided user ID: testuser", authException.getMessage());
+      assertNull(authException.getCause());
+      assertNotNull(authException.getHttpResponse());
+      assertEquals(AuthErrorCode.USER_NOT_FOUND, authException.getAuthErrorCode());
     }
   }
 
@@ -156,7 +163,13 @@ public void testGetUserByEmailWithNotFoundError() throws Exception {
     } catch (ExecutionException e) {
       assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR, authException.getErrorCode());
+      assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+      assertEquals(
+          "No user record found for the provided email: testuser@example.com",
+          authException.getMessage());
+      assertNull(authException.getCause());
+      assertNotNull(authException.getHttpResponse());
+      assertEquals(AuthErrorCode.USER_NOT_FOUND, authException.getAuthErrorCode());
     }
   }
 
@@ -179,13 +192,19 @@ public void testGetUserByPhoneNumberWithNotFoundError() throws Exception {
     } catch (ExecutionException e) {
       assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR, authException.getErrorCode());
+      assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+      assertEquals(
+          "No user record found for the provided phone number: +1234567890",
+          authException.getMessage());
+      assertNull(authException.getCause());
+      assertNotNull(authException.getHttpResponse());
+      assertEquals(AuthErrorCode.USER_NOT_FOUND, authException.getAuthErrorCode());
     }
   }
 
   @Test
   public void testGetUsersExceeds100() throws Exception {
-    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp.initializeApp(FirebaseOptions.builder()
             .setCredentials(credentials)
             .build());
     List<UserIdentifier> identifiers = new ArrayList<>();
@@ -203,7 +222,7 @@ public void testGetUsersExceeds100() throws Exception {
 
   @Test
   public void testGetUsersNull() throws Exception {
-    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp.initializeApp(FirebaseOptions.builder()
             .setCredentials(credentials)
             .build());
     try {
@@ -262,7 +281,7 @@ public void testGetUsersMultipleIdentifierTypes() throws Exception {
         ).replace("'", "\""));
 
     UidIdentifier doesntExist = new UidIdentifier("this-uid-doesnt-exist");
-    List<UserIdentifier> ids = ImmutableList.<UserIdentifier>of(
+    List<UserIdentifier> ids = ImmutableList.of(
         new UidIdentifier("uid1"),
         new EmailIdentifier("user2@example.com"),
         new PhoneIdentifier("+15555550003"),
@@ -284,7 +303,7 @@ private Collection<String> userRecordsToUids(Collection<UserRecord> userRecords)
   }
 
   @Test
-  public void testInvalidUidIdentifier() throws Exception {
+  public void testInvalidUidIdentifier() {
     try {
       new UidIdentifier("too long " + Strings.repeat(".", 128));
       fail("No error thrown for invalid uid");
@@ -294,7 +313,7 @@ public void testInvalidUidIdentifier() throws Exception {
   }
 
   @Test
-  public void testInvalidEmailIdentifier() throws Exception {
+  public void testInvalidEmailIdentifier() {
     try {
       new EmailIdentifier("invalid email addr");
       fail("No error thrown for invalid email");
@@ -304,7 +323,7 @@ public void testInvalidEmailIdentifier() throws Exception {
   }
 
   @Test
-  public void testInvalidPhoneIdentifier() throws Exception {
+  public void testInvalidPhoneIdentifier() {
     try {
       new PhoneIdentifier("invalid phone number");
       fail("No error thrown for invalid phone number");
@@ -314,7 +333,7 @@ public void testInvalidPhoneIdentifier() throws Exception {
   }
 
   @Test
-  public void testInvalidProviderIdentifier() throws Exception {
+  public void testInvalidProviderIdentifier() {
     try {
       new ProviderIdentifier("", "valid-uid");
       fail("No error thrown for invalid provider id");
@@ -437,8 +456,8 @@ public void testDeleteUser() throws Exception {
   }
 
   @Test
-  public void testDeleteUsersExceeds1000() throws Exception {
-    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+  public void testDeleteUsersExceeds1000() {
+    FirebaseApp.initializeApp(FirebaseOptions.builder()
             .setCredentials(credentials)
             .build());
     List<String> ids = new ArrayList<>();
@@ -454,8 +473,8 @@ public void testDeleteUsersExceeds1000() throws Exception {
   }
 
   @Test
-  public void testDeleteUsersInvalidId() throws Exception {
-    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+  public void testDeleteUsersInvalidId() {
+    FirebaseApp.initializeApp(FirebaseOptions.builder()
             .setCredentials(credentials)
             .build());
     try {
@@ -773,9 +792,15 @@ public void call(FirebaseAuth auth) throws Exception {
 
     MockLowLevelHttpResponse response = new MockLowLevelHttpResponse();
     FirebaseAuth auth = getRetryDisabledAuth(response);
+    Map<Integer, ErrorCode> codes = ImmutableMap.of(
+        302, ErrorCode.UNKNOWN,
+        400, ErrorCode.INVALID_ARGUMENT,
+        401, ErrorCode.UNAUTHENTICATED,
+        404, ErrorCode.NOT_FOUND,
+        500, ErrorCode.INTERNAL);
 
     // Test for common HTTP error codes
-    for (int code : ImmutableList.of(302, 400, 401, 404, 500)) {
+    for (int code : codes.keySet()) {
       for (UserManagerOp operation : operations) {
         // Need to reset these every iteration
         response.setContent("{}");
@@ -786,15 +811,17 @@ public void call(FirebaseAuth auth) throws Exception {
         } catch (ExecutionException e) {
           assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
           FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-          String msg = String.format("Unexpected HTTP response with status: %d; body: {}", code);
+          assertEquals(codes.get(code), authException.getErrorCode());
+          String msg = String.format("Unexpected HTTP response with status: %d\n{}", code);
           assertEquals(msg, authException.getMessage());
-          assertThat(authException.getCause(), instanceOf(HttpResponseException.class));
-          assertEquals(AuthHttpClient.INTERNAL_ERROR, authException.getErrorCode());
+          assertTrue(authException.getCause() instanceof HttpResponseException);
+          assertNotNull(authException.getHttpResponse());
+          assertNull(authException.getAuthErrorCode());
         }
       }
     }
 
-    // Test error payload parsing
+    // Test error payload with code
     for (UserManagerOp operation : operations) {
       response.setContent("{\"error\": {\"message\": \"USER_NOT_FOUND\"}}");
       response.setStatusCode(500);
@@ -804,9 +831,33 @@ public void call(FirebaseAuth auth) throws Exception {
       }  catch (ExecutionException e) {
         assertThat(e.getCause().toString(), e.getCause(), instanceOf(FirebaseAuthException.class));
         FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-        assertEquals("Firebase Auth service responded with an error", authException.getMessage());
-        assertThat(authException.getCause(), instanceOf(HttpResponseException.class));
-        assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR, authException.getErrorCode());
+        assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+        assertEquals(
+            "No user record found for the given identifier (USER_NOT_FOUND).",
+            authException.getMessage());
+        assertTrue(authException.getCause() instanceof HttpResponseException);
+        assertNotNull(authException.getHttpResponse());
+        assertEquals(AuthErrorCode.USER_NOT_FOUND, authException.getAuthErrorCode());
+      }
+    }
+
+    // Test error payload with code and details
+    for (UserManagerOp operation : operations) {
+      response.setContent("{\"error\": {\"message\": \"USER_NOT_FOUND: Extra details\"}}");
+      response.setStatusCode(500);
+      try {
+        operation.call(auth);
+        fail("No error thrown for HTTP error");
+      }  catch (ExecutionException e) {
+        assertTrue(e.getCause().toString(), e.getCause() instanceof FirebaseAuthException);
+        FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+        assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+        assertEquals(
+            "No user record found for the given identifier (USER_NOT_FOUND): Extra details",
+            authException.getMessage());
+        assertTrue(authException.getCause() instanceof HttpResponseException);
+        assertNotNull(authException.getHttpResponse());
+        assertEquals(AuthErrorCode.USER_NOT_FOUND, authException.getAuthErrorCode());
       }
     }
   }
@@ -820,8 +871,12 @@ public void testGetUserMalformedJsonError() throws Exception {
     }  catch (ExecutionException e) {
       assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertThat(authException.getCause(), instanceOf(IOException.class));
-      assertEquals(AuthHttpClient.INTERNAL_ERROR, authException.getErrorCode());
+      assertEquals(ErrorCode.UNKNOWN, authException.getErrorCode());
+      assertTrue(
+          authException.getMessage().startsWith("Error while parsing HTTP response: "));
+      assertTrue(authException.getCause() instanceof IOException);
+      assertNotNull(authException.getHttpResponse());
+      assertNull(authException.getAuthErrorCode());
     }
   }
 
@@ -837,10 +892,12 @@ public void testGetUserUnexpectedHttpError() throws Exception {
     }  catch (ExecutionException e) {
       assertThat(e.getCause(), instanceOf(FirebaseAuthException.class));
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertThat(authException.getCause(), instanceOf(HttpResponseException.class));
-      assertEquals("Unexpected HTTP response with status: 500; body: {\"not\" json}",
+      assertEquals(ErrorCode.INTERNAL, authException.getErrorCode());
+      assertEquals("Unexpected HTTP response with status: 500\n{\"not\" json}",
           authException.getMessage());
-      assertEquals(AuthHttpClient.INTERNAL_ERROR, authException.getErrorCode());
+      assertTrue(authException.getCause() instanceof HttpResponseException);
+      assertNotNull(authException.getHttpResponse());
+      assertNull(authException.getAuthErrorCode());
     }
   }
 
@@ -848,7 +905,7 @@ public void testGetUserUnexpectedHttpError() throws Exception {
   public void testTimeout() throws Exception {
     MockHttpTransport transport = new MultiRequestMockHttpTransport(ImmutableList.of(
         new MockLowLevelHttpResponse().setContent(TestUtils.loadResource("getUser.json"))));
-    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(credentials)
         .setProjectId("test-project-id")
         .setHttpTransport(transport)
@@ -1375,8 +1432,33 @@ public void testHttpErrorWithCode() {
       userManager.getEmailActionLink(EmailLinkType.PASSWORD_RESET, "test@example.com", null);
       fail("No exception thrown for HTTP error");
     } catch (FirebaseAuthException e) {
-      assertEquals("unauthorized-continue-uri", e.getErrorCode());
-      assertThat(e.getCause(), instanceOf(HttpResponseException.class));
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals(
+          "The domain of the continue URL is not whitelisted (UNAUTHORIZED_DOMAIN).",
+          e.getMessage());
+      assertEquals(AuthErrorCode.UNAUTHORIZED_CONTINUE_URL, e.getAuthErrorCode());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+    }
+  }
+
+  @Test
+  public void testHttpErrorWithUnknownCode() {
+    String content = "{\"error\": {\"message\": \"SOMETHING_NEW\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent(content)
+        .setStatusCode(500);
+    FirebaseAuth auth = getRetryDisabledAuth(response);
+    FirebaseUserManager userManager = auth.getUserManager();
+    try {
+      userManager.getEmailActionLink(EmailLinkType.PASSWORD_RESET, "test@example.com", null);
+      fail("No exception thrown for HTTP error");
+    } catch (FirebaseAuthException e) {
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals("Unexpected HTTP response with status: 500\n" + content, e.getMessage());
+      assertNull(e.getAuthErrorCode());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
     }
   }
 
@@ -1391,15 +1473,17 @@ public void testUnexpectedHttpError() {
       userManager.getEmailActionLink(EmailLinkType.PASSWORD_RESET, "test@example.com", null);
       fail("No exception thrown for HTTP error");
     } catch (FirebaseAuthException e) {
-      assertEquals("internal-error", e.getErrorCode());
-      assertThat(e.getCause(), instanceOf(HttpResponseException.class));
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals("Unexpected HTTP response with status: 500\n{}", e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertNull(e.getAuthErrorCode());
     }
   }
 
   @Test
   public void testCreateOidcProvider() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("oidc.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(OIDC_RESPONSE);
     OidcProviderConfig.CreateRequest createRequest =
         new OidcProviderConfig.CreateRequest()
             .setProviderId("oidc.provider-id")
@@ -1424,8 +1508,7 @@ public void testCreateOidcProvider() throws Exception {
 
   @Test
   public void testCreateOidcProviderAsync() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("oidc.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(OIDC_RESPONSE);
     OidcProviderConfig.CreateRequest createRequest =
         new OidcProviderConfig.CreateRequest()
             .setProviderId("oidc.provider-id")
@@ -1451,8 +1534,7 @@ public void testCreateOidcProviderAsync() throws Exception {
 
   @Test
   public void testCreateOidcProviderMinimal() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("oidc.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(OIDC_RESPONSE);
     // Only the 'enabled' and 'displayName' fields can be omitted from an OIDC provider config
     // creation request.
     OidcProviderConfig.CreateRequest createRequest =
@@ -1474,24 +1556,32 @@ public void testCreateOidcProviderMinimal() throws Exception {
   }
 
   @Test
-  public void testCreateOidcProviderError() throws Exception {
-    TestResponseInterceptor interceptor =
-        initializeAppForUserManagementWithStatusCode(404,
-            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+  public void testCreateOidcProviderError() {
+    String message = "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent(message)
+        .setStatusCode(500);
+    FirebaseAuth auth = getRetryDisabledAuth(response);
     OidcProviderConfig.CreateRequest createRequest =
         new OidcProviderConfig.CreateRequest().setProviderId("oidc.provider-id");
+
     try {
-      FirebaseAuth.getInstance().createOidcProviderConfig(createRequest);
+      auth.createOidcProviderConfig(createRequest);
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals(
+          "Unexpected HTTP response with status: 500\n" + message,
+          e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertNull(e.getAuthErrorCode());
     }
-    checkUrl(interceptor, "POST", PROJECT_BASE_URL + "/oauthIdpConfigs");
   }
 
   @Test
   public void testCreateOidcProviderMissingId() throws Exception {
-    initializeAppForUserManagement(TestUtils.loadResource("oidc.json"));
+    initializeAppForUserManagement(OIDC_RESPONSE);
     OidcProviderConfig.CreateRequest createRequest =
         new OidcProviderConfig.CreateRequest()
             .setDisplayName("DISPLAY_NAME")
@@ -1509,8 +1599,7 @@ public void testCreateOidcProviderMissingId() throws Exception {
   @Test
   public void testTenantAwareCreateOidcProvider() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
-        "TENANT_ID",
-        TestUtils.loadResource("oidc.json"));
+        "TENANT_ID", OIDC_RESPONSE);
     OidcProviderConfig.CreateRequest createRequest =
         new OidcProviderConfig.CreateRequest()
             .setProviderId("oidc.provider-id")
@@ -1529,8 +1618,7 @@ public void testTenantAwareCreateOidcProvider() throws Exception {
 
   @Test
   public void testUpdateOidcProvider() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("oidc.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(OIDC_RESPONSE);
     OidcProviderConfig.UpdateRequest request =
         new OidcProviderConfig.UpdateRequest("oidc.provider-id")
             .setDisplayName("DISPLAY_NAME")
@@ -1554,8 +1642,7 @@ public void testUpdateOidcProvider() throws Exception {
 
   @Test
   public void testUpdateOidcProviderAsync() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("oidc.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(OIDC_RESPONSE);
     OidcProviderConfig.UpdateRequest request =
         new OidcProviderConfig.UpdateRequest("oidc.provider-id")
             .setDisplayName("DISPLAY_NAME")
@@ -1580,8 +1667,7 @@ public void testUpdateOidcProviderAsync() throws Exception {
 
   @Test
   public void testUpdateOidcProviderMinimal() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("oidc.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(OIDC_RESPONSE);
     OidcProviderConfig.UpdateRequest request =
         new OidcProviderConfig.UpdateRequest("oidc.provider-id").setDisplayName("DISPLAY_NAME");
 
@@ -1599,7 +1685,7 @@ public void testUpdateOidcProviderMinimal() throws Exception {
 
   @Test
   public void testUpdateOidcProviderConfigNoValues() throws Exception {
-    initializeAppForUserManagement(TestUtils.loadResource("oidc.json"));
+    initializeAppForUserManagement(OIDC_RESPONSE);
     try {
       FirebaseAuth.getInstance().updateOidcProviderConfig(
           new OidcProviderConfig.UpdateRequest("oidc.provider-id"));
@@ -1611,25 +1697,32 @@ public void testUpdateOidcProviderConfigNoValues() throws Exception {
 
   @Test
   public void testUpdateOidcProviderConfigError() {
-    TestResponseInterceptor interceptor =
-        initializeAppForUserManagementWithStatusCode(404,
-            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+    String message = "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent(message)
+        .setStatusCode(500);
+    FirebaseAuth auth = getRetryDisabledAuth(response);
     OidcProviderConfig.UpdateRequest request =
         new OidcProviderConfig.UpdateRequest("oidc.provider-id").setDisplayName("DISPLAY_NAME");
+
     try {
-      FirebaseAuth.getInstance().updateOidcProviderConfig(request);
+      auth.updateOidcProviderConfig(request);
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals(
+          "Unexpected HTTP response with status: 500\n" + message,
+          e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertNull(e.getAuthErrorCode());
     }
-    checkUrl(interceptor, "PATCH", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
   }
 
   @Test
   public void testTenantAwareUpdateOidcProvider() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
-        "TENANT_ID",
-        TestUtils.loadResource("oidc.json"));
+        "TENANT_ID", OIDC_RESPONSE);
     TenantAwareFirebaseAuth tenantAwareAuth =
         FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
     OidcProviderConfig.UpdateRequest request =
@@ -1656,8 +1749,7 @@ public void testTenantAwareUpdateOidcProvider() throws Exception {
 
   @Test
   public void testGetOidcProviderConfig() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("oidc.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(OIDC_RESPONSE);
 
     OidcProviderConfig config =
         FirebaseAuth.getInstance().getOidcProviderConfig("oidc.provider-id");
@@ -1669,8 +1761,7 @@ public void testGetOidcProviderConfig() throws Exception {
 
   @Test
   public void testGetOidcProviderConfigAsync() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("oidc.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(OIDC_RESPONSE);
 
     OidcProviderConfig config =
         FirebaseAuth.getInstance().getOidcProviderConfigAsync("oidc.provider-id").get();
@@ -1682,7 +1773,7 @@ public void testGetOidcProviderConfigAsync() throws Exception {
 
   @Test
   public void testGetOidcProviderConfigMissingId() throws Exception {
-    initializeAppForUserManagement(TestUtils.loadResource("oidc.json"));
+    initializeAppForUserManagement(OIDC_RESPONSE);
 
     try {
       FirebaseAuth.getInstance().getOidcProviderConfig(null);
@@ -1694,7 +1785,7 @@ public void testGetOidcProviderConfigMissingId() throws Exception {
 
   @Test
   public void testGetOidcProviderConfigInvalidId() throws Exception {
-    initializeAppForUserManagement(TestUtils.loadResource("oidc.json"));
+    initializeAppForUserManagement(OIDC_RESPONSE);
 
     try {
       FirebaseAuth.getInstance().getOidcProviderConfig("saml.invalid-oidc-provider-id");
@@ -1705,7 +1796,7 @@ public void testGetOidcProviderConfigInvalidId() throws Exception {
   }
 
   @Test
-  public void testGetOidcProviderConfigWithNotFoundError() throws Exception {
+  public void testGetOidcProviderConfigWithNotFoundError() {
     TestResponseInterceptor interceptor =
         initializeAppForUserManagementWithStatusCode(404,
             "{\"error\": {\"message\": \"CONFIGURATION_NOT_FOUND\"}}");
@@ -1713,7 +1804,14 @@ public void testGetOidcProviderConfigWithNotFoundError() throws Exception {
       FirebaseAuth.getInstance().getOidcProviderConfig("oidc.provider-id");
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.NOT_FOUND, e.getErrorCode());
+      assertEquals(
+          "No IdP configuration found corresponding to the provided identifier "
+              + "(CONFIGURATION_NOT_FOUND).",
+          e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.CONFIGURATION_NOT_FOUND, e.getAuthErrorCode());
     }
     checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.provider-id");
   }
@@ -1721,8 +1819,7 @@ public void testGetOidcProviderConfigWithNotFoundError() throws Exception {
   @Test
   public void testGetTenantAwareOidcProviderConfig() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
-        "TENANT_ID",
-        TestUtils.loadResource("oidc.json"));
+        "TENANT_ID", OIDC_RESPONSE);
     TenantAwareFirebaseAuth tenantAwareAuth =
         FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
 
@@ -1772,18 +1869,25 @@ public void testListOidcProviderConfigsAsync() throws Exception {
   }
 
   @Test
-  public void testListOidcProviderConfigsError() throws Exception {
-    TestResponseInterceptor interceptor =
-        initializeAppForUserManagementWithStatusCode(404,
-            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+  public void testListOidcProviderConfigsError() {
+    String message = "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent(message)
+        .setStatusCode(500);
+    FirebaseAuth auth = getRetryDisabledAuth(response);
 
     try {
-      FirebaseAuth.getInstance().listOidcProviderConfigs(null, 99);
+      auth.listOidcProviderConfigs(null, 99);
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals(
+          "Unexpected HTTP response with status: 500\n" + message,
+          e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertNull(e.getAuthErrorCode());
     }
-    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/oauthIdpConfigs");
   }
 
   @Test
@@ -1890,7 +1994,14 @@ public void testDeleteOidcProviderConfigWithNotFoundError() {
       FirebaseAuth.getInstance().deleteOidcProviderConfig("oidc.UNKNOWN");
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.NOT_FOUND, e.getErrorCode());
+      assertEquals(
+          "No IdP configuration found corresponding to the provided identifier "
+              + "(CONFIGURATION_NOT_FOUND).",
+          e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.CONFIGURATION_NOT_FOUND, e.getAuthErrorCode());
     }
     checkUrl(interceptor, "DELETE", PROJECT_BASE_URL + "/oauthIdpConfigs/oidc.UNKNOWN");
   }
@@ -1912,8 +2023,7 @@ public void testTenantAwareDeleteOidcProviderConfig() throws Exception {
 
   @Test
   public void testCreateSamlProvider() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("saml.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(SAML_RESPONSE);
     SamlProviderConfig.CreateRequest createRequest =
         new SamlProviderConfig.CreateRequest()
           .setProviderId("saml.provider-id")
@@ -1958,8 +2068,7 @@ public void testCreateSamlProvider() throws Exception {
 
   @Test
   public void testCreateSamlProviderAsync() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("saml.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(SAML_RESPONSE);
     SamlProviderConfig.CreateRequest createRequest =
         new SamlProviderConfig.CreateRequest()
           .setProviderId("saml.provider-id")
@@ -2005,8 +2114,7 @@ public void testCreateSamlProviderAsync() throws Exception {
 
   @Test
   public void testCreateSamlProviderMinimal() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("saml.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(SAML_RESPONSE);
     // Only the 'enabled', 'displayName', and 'signRequest' fields can be omitted from a SAML
     // provider config creation request.
     SamlProviderConfig.CreateRequest createRequest =
@@ -2046,23 +2154,31 @@ public void testCreateSamlProviderMinimal() throws Exception {
 
   @Test
   public void testCreateSamlProviderError() {
-    TestResponseInterceptor interceptor =
-        initializeAppForUserManagementWithStatusCode(404,
-            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+    String message = "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent(message)
+        .setStatusCode(500);
+    FirebaseAuth auth = getRetryDisabledAuth(response);
     SamlProviderConfig.CreateRequest createRequest =
         new SamlProviderConfig.CreateRequest().setProviderId("saml.provider-id");
+
     try {
-      FirebaseAuth.getInstance().createSamlProviderConfig(createRequest);
+      auth.createSamlProviderConfig(createRequest);
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals(
+          "Unexpected HTTP response with status: 500\n" + message,
+          e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertNull(e.getAuthErrorCode());
     }
-    checkUrl(interceptor, "POST", PROJECT_BASE_URL + "/inboundSamlConfigs");
   }
 
   @Test
   public void testCreateSamlProviderMissingId() throws Exception {
-    initializeAppForUserManagement(TestUtils.loadResource("saml.json"));
+    initializeAppForUserManagement(SAML_RESPONSE);
     SamlProviderConfig.CreateRequest createRequest =
         new SamlProviderConfig.CreateRequest()
           .setDisplayName("DISPLAY_NAME")
@@ -2084,8 +2200,7 @@ public void testCreateSamlProviderMissingId() throws Exception {
   @Test
   public void testTenantAwareCreateSamlProvider() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
-        "TENANT_ID",
-        TestUtils.loadResource("saml.json"));
+        "TENANT_ID", SAML_RESPONSE);
     SamlProviderConfig.CreateRequest createRequest =
         new SamlProviderConfig.CreateRequest()
           .setProviderId("saml.provider-id")
@@ -2108,8 +2223,7 @@ public void testTenantAwareCreateSamlProvider() throws Exception {
 
   @Test
   public void testUpdateSamlProvider() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("saml.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(SAML_RESPONSE);
     SamlProviderConfig.UpdateRequest updateRequest =
         new SamlProviderConfig.UpdateRequest("saml.provider-id")
           .setDisplayName("DISPLAY_NAME")
@@ -2156,8 +2270,7 @@ public void testUpdateSamlProvider() throws Exception {
 
   @Test
   public void testUpdateSamlProviderAsync() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("saml.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(SAML_RESPONSE);
     SamlProviderConfig.UpdateRequest updateRequest =
         new SamlProviderConfig.UpdateRequest("saml.provider-id")
           .setDisplayName("DISPLAY_NAME")
@@ -2205,8 +2318,7 @@ public void testUpdateSamlProviderAsync() throws Exception {
 
   @Test
   public void testUpdateSamlProviderMinimal() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("saml.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(SAML_RESPONSE);
     SamlProviderConfig.UpdateRequest request =
         new SamlProviderConfig.UpdateRequest("saml.provider-id").setDisplayName("DISPLAY_NAME");
 
@@ -2224,7 +2336,7 @@ public void testUpdateSamlProviderMinimal() throws Exception {
 
   @Test
   public void testUpdateSamlProviderConfigNoValues() throws Exception {
-    initializeAppForUserManagement(TestUtils.loadResource("saml.json"));
+    initializeAppForUserManagement(SAML_RESPONSE);
     try {
       FirebaseAuth.getInstance().updateSamlProviderConfig(
           new SamlProviderConfig.UpdateRequest("saml.provider-id"));
@@ -2235,26 +2347,33 @@ public void testUpdateSamlProviderConfigNoValues() throws Exception {
   }
 
   @Test
-  public void testUpdateSamlProviderConfigError() throws Exception {
-    TestResponseInterceptor interceptor =
-        initializeAppForUserManagementWithStatusCode(404,
-            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+  public void testUpdateSamlProviderConfigError() {
+    String message = "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent(message)
+        .setStatusCode(500);
+    FirebaseAuth auth = getRetryDisabledAuth(response);
     SamlProviderConfig.UpdateRequest request =
         new SamlProviderConfig.UpdateRequest("saml.provider-id").setDisplayName("DISPLAY_NAME");
+
     try {
-      FirebaseAuth.getInstance().updateSamlProviderConfig(request);
+      auth.updateSamlProviderConfig(request);
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals(
+          "Unexpected HTTP response with status: 500\n" + message,
+          e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertNull(e.getAuthErrorCode());
     }
-    checkUrl(interceptor, "PATCH", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
   }
 
   @Test
   public void testTenantAwareUpdateSamlProvider() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
-        "TENANT_ID",
-        TestUtils.loadResource("saml.json"));
+        "TENANT_ID", SAML_RESPONSE);
     TenantAwareFirebaseAuth tenantAwareAuth =
         FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
     SamlProviderConfig.UpdateRequest updateRequest =
@@ -2286,8 +2405,7 @@ public void testTenantAwareUpdateSamlProvider() throws Exception {
 
   @Test
   public void testGetSamlProviderConfig() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("saml.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(SAML_RESPONSE);
 
     SamlProviderConfig config =
         FirebaseAuth.getInstance().getSamlProviderConfig("saml.provider-id");
@@ -2299,8 +2417,7 @@ public void testGetSamlProviderConfig() throws Exception {
 
   @Test
   public void testGetSamlProviderConfigAsync() throws Exception {
-    TestResponseInterceptor interceptor = initializeAppForUserManagement(
-        TestUtils.loadResource("saml.json"));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(SAML_RESPONSE);
 
     SamlProviderConfig config =
         FirebaseAuth.getInstance().getSamlProviderConfigAsync("saml.provider-id").get();
@@ -2324,7 +2441,7 @@ public void testGetSamlProviderConfigMissingId() throws Exception {
 
   @Test
   public void testGetSamlProviderConfigInvalidId() throws Exception {
-    initializeAppForUserManagement(TestUtils.loadResource("saml.json"));
+    initializeAppForUserManagement(SAML_RESPONSE);
 
     try {
       FirebaseAuth.getInstance().getSamlProviderConfig("oidc.invalid-saml-provider-id");
@@ -2343,7 +2460,14 @@ public void testGetSamlProviderConfigWithNotFoundError() {
       FirebaseAuth.getInstance().getSamlProviderConfig("saml.provider-id");
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.NOT_FOUND, e.getErrorCode());
+      assertEquals(
+          "No IdP configuration found corresponding to the provided identifier "
+              + "(CONFIGURATION_NOT_FOUND).",
+          e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.CONFIGURATION_NOT_FOUND, e.getAuthErrorCode());
     }
     checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.provider-id");
   }
@@ -2351,8 +2475,7 @@ public void testGetSamlProviderConfigWithNotFoundError() {
   @Test
   public void testGetTenantAwareSamlProviderConfig() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForTenantAwareUserManagement(
-        "TENANT_ID",
-        TestUtils.loadResource("saml.json"));
+        "TENANT_ID", SAML_RESPONSE);
     TenantAwareFirebaseAuth tenantAwareAuth =
         FirebaseAuth.getInstance().getTenantManager().getAuthForTenant("TENANT_ID");
 
@@ -2403,18 +2526,25 @@ public void testListSamlProviderConfigsAsync() throws Exception {
   }
 
   @Test
-  public void testListSamlProviderConfigsError() throws Exception {
-    TestResponseInterceptor interceptor =
-        initializeAppForUserManagementWithStatusCode(404,
-            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+  public void testListSamlProviderConfigsError() {
+    String message = "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent(message)
+        .setStatusCode(500);
+    FirebaseAuth auth = getRetryDisabledAuth(response);
 
     try {
-      FirebaseAuth.getInstance().listSamlProviderConfigs(null, 99);
+      auth.listSamlProviderConfigs(null, 99);
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals(
+          "Unexpected HTTP response with status: 500\n" + message,
+          e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertNull(e.getAuthErrorCode());
     }
-    checkUrl(interceptor, "GET", PROJECT_BASE_URL + "/inboundSamlConfigs");
   }
 
   @Test
@@ -2521,7 +2651,14 @@ public void testDeleteSamlProviderConfigWithNotFoundError() {
       FirebaseAuth.getInstance().deleteSamlProviderConfig("saml.UNKNOWN");
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.NOT_FOUND, e.getErrorCode());
+      assertEquals(
+          "No IdP configuration found corresponding to the provided identifier "
+              + "(CONFIGURATION_NOT_FOUND).",
+          e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.CONFIGURATION_NOT_FOUND, e.getAuthErrorCode());
     }
     checkUrl(interceptor, "DELETE", PROJECT_BASE_URL + "/inboundSamlConfigs/saml.UNKNOWN");
   }
@@ -2543,7 +2680,7 @@ public void testTenantAwareDeleteSamlProviderConfig() throws Exception {
 
   private static TestResponseInterceptor initializeAppForUserManagementWithStatusCode(
       int statusCode, String response) {
-    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(credentials)
         .setHttpTransport(
           new MockHttpTransport.Builder().setLowLevelHttpResponse(
@@ -2579,7 +2716,7 @@ private static void initializeAppWithResponses(String... responses) {
       mocks.add(new MockLowLevelHttpResponse().setContent(response));
     }
     MockHttpTransport transport = new MultiRequestMockHttpTransport(mocks);
-    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(credentials)
         .setHttpTransport(transport)
         .setProjectId("test-project-id")
@@ -2597,9 +2734,8 @@ private static FirebaseAuth getRetryDisabledAuth(MockLowLevelHttpResponse respon
     final MockHttpTransport transport = new MockHttpTransport.Builder()
         .setLowLevelHttpResponse(response)
         .build();
-    final FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    final FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(credentials)
-        .setProjectId("test-project-id")
         .setHttpTransport(transport)
         .build());
     return FirebaseAuth.builder()
@@ -2608,9 +2744,10 @@ private static FirebaseAuth getRetryDisabledAuth(MockLowLevelHttpResponse respon
           @Override
           public FirebaseUserManager get() {
             return FirebaseUserManager.builder()
-              .setFirebaseApp(app)
-              .setHttpRequestFactory(transport.createRequestFactory())
-              .build();
+                .setProjectId("test-project-id")
+                .setHttpRequestFactory(transport.createRequestFactory())
+                .setJsonFactory(Utils.getDefaultJsonFactory())
+                .build();
           }
           })
         .build();
@@ -2680,13 +2817,7 @@ private static void checkRequestHeaders(TestResponseInterceptor interceptor) {
 
   private static void checkUrl(TestResponseInterceptor interceptor, String method, String url) {
     HttpRequest request = interceptor.getResponse().getRequest();
-    if (method.equals("PATCH")) {
-      assertEquals("PATCH",
-          request.getHeaders().getFirstHeaderStringValue("X-HTTP-Method-Override"));
-      assertEquals("POST", request.getRequestMethod());
-    } else {
-      assertEquals(method, request.getRequestMethod());
-    }
+    assertEquals(method, request.getRequestMethod());
     assertEquals(url, request.getUrl().toString().split("\\?")[0]);
   }
 
diff --git a/src/test/java/com/google/firebase/auth/ProviderConfigTestUtils.java b/src/test/java/com/google/firebase/auth/ProviderConfigTestUtils.java
index c01ac6501..e027882c0 100644
--- a/src/test/java/com/google/firebase/auth/ProviderConfigTestUtils.java
+++ b/src/test/java/com/google/firebase/auth/ProviderConfigTestUtils.java
@@ -21,7 +21,7 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.firebase.auth.internal.AuthHttpClient;
+import com.google.firebase.ErrorCode;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.ExecutionException;
@@ -36,8 +36,9 @@ public static void assertOidcProviderConfigDoesNotExist(
       fail("No error thrown for getting a deleted OIDC provider config.");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR,
-          ((FirebaseAuthException) e.getCause()).getErrorCode());
+      FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+      assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+      assertEquals(AuthErrorCode.CONFIGURATION_NOT_FOUND, authException.getAuthErrorCode());
     }
   }
 
@@ -48,8 +49,9 @@ public static void assertSamlProviderConfigDoesNotExist(
       fail("No error thrown for getting a deleted SAML provider config.");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(AuthHttpClient.CONFIGURATION_NOT_FOUND_ERROR,
-          ((FirebaseAuthException) e.getCause()).getErrorCode());
+      FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+      assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+      assertEquals(AuthErrorCode.CONFIGURATION_NOT_FOUND, authException.getAuthErrorCode());
     }
   }
 
diff --git a/src/test/java/com/google/firebase/auth/UserTestUtils.java b/src/test/java/com/google/firebase/auth/UserTestUtils.java
index aa86e6e19..8d6f7fc32 100644
--- a/src/test/java/com/google/firebase/auth/UserTestUtils.java
+++ b/src/test/java/com/google/firebase/auth/UserTestUtils.java
@@ -20,7 +20,7 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.firebase.auth.internal.AuthHttpClient;
+import com.google.firebase.ErrorCode;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Random;
@@ -37,7 +37,7 @@ public static void assertUserDoesNotExist(AbstractFirebaseAuth firebaseAuth, Str
       fail("No error thrown for getting a user which was expected to be absent.");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(AuthHttpClient.USER_NOT_FOUND_ERROR,
+      assertEquals(ErrorCode.NOT_FOUND,
           ((FirebaseAuthException) e.getCause()).getErrorCode());
     }
   }
diff --git a/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java b/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
index bc98add3c..32f9fd543 100644
--- a/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
+++ b/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
@@ -18,10 +18,14 @@
 
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpStatusCodes;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.auth.ServiceAccountSigner;
@@ -29,21 +33,22 @@
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.io.BaseEncoding;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
+import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.auth.MockGoogleCredentials;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestResponseInterceptor;
-import java.io.IOException;
 import org.junit.After;
 import org.junit.Test;
 
 public class CryptoSignersTest {
 
   @Test
-  public void testServiceAccountCryptoSigner() throws IOException {
+  public void testServiceAccountCryptoSigner() throws Exception {
     ServiceAccountCredentials credentials = ServiceAccountCredentials.fromStream(
         ServiceAccount.EDITOR.asStream());
     byte[] expected = credentials.sign("foo".getBytes());
@@ -63,7 +68,7 @@ public void testInvalidServiceAccountCryptoSigner() {
   }
 
   @Test
-  public void testIAMCryptoSigner() throws IOException {
+  public void testIAMCryptoSigner() throws Exception {
     String signature = BaseEncoding.base64().encode("signed-bytes".getBytes());
     String response = Utils.getDefaultJsonFactory().toString(
         ImmutableMap.of("signature", signature));
@@ -84,6 +89,29 @@ public void testIAMCryptoSigner() throws IOException {
     assertEquals(url, interceptor.getResponse().getRequest().getUrl().toString());
   }
 
+  @Test
+  public void testIAMCryptoSignerHttpError() {
+    String error = "{\"error\": {\"status\":\"INTERNAL\", \"message\": \"Test error\"}}";
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(new MockLowLevelHttpResponse()
+            .setStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR)
+            .setContent(error))
+        .build();
+    CryptoSigners.IAMCryptoSigner signer = new CryptoSigners.IAMCryptoSigner(
+        transport.createRequestFactory(),
+        Utils.getDefaultJsonFactory(),
+        "test-service-account@iam.gserviceaccount.com");
+    try {
+      signer.sign("foo".getBytes());
+    } catch (FirebaseAuthException e) {
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals("Test error", e.getMessage());
+      assertNotNull(e.getCause());
+      assertNotNull(e.getHttpResponse());
+      assertNull(e.getAuthErrorCode());
+    }
+  }
+
   @Test
   public void testInvalidIAMCryptoSigner() {
     try {
@@ -119,7 +147,7 @@ public void testInvalidIAMCryptoSigner() {
   }
 
   @Test
-  public void testMetadataService() throws IOException {
+  public void testMetadataService() throws Exception {
     String signature = BaseEncoding.base64().encode("signed-bytes".getBytes());
     String response = Utils.getDefaultJsonFactory().toString(
         ImmutableMap.of("signature", signature));
@@ -127,7 +155,7 @@ public void testMetadataService() throws IOException {
         ImmutableList.of(
             new MockLowLevelHttpResponse().setContent("metadata-server@iam.gserviceaccount.com"),
             new MockLowLevelHttpResponse().setContent(response)));
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("test-token"))
         .setHttpTransport(transport)
         .build();
@@ -142,11 +170,13 @@ public void testMetadataService() throws IOException {
     assertArrayEquals("signed-bytes".getBytes(), data);
     final String url = "https://iam.googleapis.com/v1/projects/-/serviceAccounts/"
         + "metadata-server@iam.gserviceaccount.com:signBlob";
-    assertEquals(url, interceptor.getResponse().getRequest().getUrl().toString());
+    HttpRequest request = interceptor.getResponse().getRequest();
+    assertEquals(url, request.getUrl().toString());
+    assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
   }
 
   @Test
-  public void testExplicitServiceAccountEmail() throws IOException {
+  public void testExplicitServiceAccountEmail() throws Exception {
     String signature = BaseEncoding.base64().encode("signed-bytes".getBytes());
     String response = Utils.getDefaultJsonFactory().toString(
         ImmutableMap.of("signature", signature));
@@ -155,7 +185,7 @@ public void testExplicitServiceAccountEmail() throws IOException {
     MockHttpTransport transport = new MultiRequestMockHttpTransport(
         ImmutableList.of(
             new MockLowLevelHttpResponse().setContent(response)));
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setServiceAccountId("explicit-service-account@iam.gserviceaccount.com")
         .setCredentials(new MockGoogleCredentialsWithSigner("test-token"))
         .setHttpTransport(transport)
@@ -170,13 +200,15 @@ public void testExplicitServiceAccountEmail() throws IOException {
     assertArrayEquals("signed-bytes".getBytes(), data);
     final String url = "https://iam.googleapis.com/v1/projects/-/serviceAccounts/"
         + "explicit-service-account@iam.gserviceaccount.com:signBlob";
-    assertEquals(url, interceptor.getResponse().getRequest().getUrl().toString());
+    HttpRequest request = interceptor.getResponse().getRequest();
+    assertEquals(url, request.getUrl().toString());
+    assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
   }
 
   @Test
-  public void testCredentialsWithSigner() throws IOException {
+  public void testCredentialsWithSigner() throws Exception {
     // Should fall back to signing-enabled credential
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentialsWithSigner("test-token"))
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options, "customApp");
diff --git a/src/test/java/com/google/firebase/auth/internal/FirebaseTokenFactoryTest.java b/src/test/java/com/google/firebase/auth/internal/FirebaseTokenFactoryTest.java
index 1c85ceeee..875c781e9 100644
--- a/src/test/java/com/google/firebase/auth/internal/FirebaseTokenFactoryTest.java
+++ b/src/test/java/com/google/firebase/auth/internal/FirebaseTokenFactoryTest.java
@@ -29,8 +29,9 @@
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.testing.TestUtils;
-import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
@@ -158,12 +159,12 @@ private static class TestCryptoSigner implements CryptoSigner {
     }
 
     @Override
-    public byte[] sign(byte[] payload) throws IOException {
+    public byte[] sign(byte[] payload) throws FirebaseAuthException {
       try {
         return SecurityUtils.sign(SecurityUtils.getSha256WithRsaSignatureAlgorithm(),
             privateKey, payload);
       } catch (GeneralSecurityException e) {
-        throw new IOException(e);
+        throw new FirebaseAuthException(ErrorCode.UNKNOWN, "Failed to sign token", e, null, null);
       }
     }
 
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
index 36660dc28..4bc84cb4d 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
@@ -18,6 +18,8 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -26,6 +28,7 @@
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpHeaders;
 import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpResponseException;
 import com.google.api.client.json.GenericJson;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.testing.http.MockHttpTransport;
@@ -33,13 +36,14 @@
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Iterables;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
+import com.google.firebase.auth.AuthErrorCode;
 import com.google.firebase.auth.FirebaseAuth;
 import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.auth.MockGoogleCredentials;
-import com.google.firebase.auth.internal.AuthHttpClient;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.TestResponseInterceptor;
@@ -90,7 +94,12 @@ public void testGetTenantWithNotFoundError() {
       FirebaseAuth.getInstance().getTenantManager().getTenant("UNKNOWN");
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.TENANT_NOT_FOUND_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.NOT_FOUND, e.getErrorCode());
+      assertEquals(
+          "No tenant found for the given identifier (TENANT_NOT_FOUND).", e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.TENANT_NOT_FOUND, e.getAuthErrorCode());
     }
     checkUrl(interceptor, "GET", TENANTS_BASE_URL + "/UNKNOWN");
   }
@@ -183,16 +192,21 @@ public void testCreateTenantMinimal() throws Exception {
 
   @Test
   public void testCreateTenantError() {
-    TestResponseInterceptor interceptor =
-        initializeAppForTenantManagementWithStatusCode(404,
-            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+    String message = "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}";
+    TenantManager tenantManager = createRetryDisabledTenantManager(new MockLowLevelHttpResponse()
+        .setStatusCode(500)
+        .setContent(message));
+
     try {
-      FirebaseAuth.getInstance().getTenantManager().createTenant(new Tenant.CreateRequest());
+      tenantManager.createTenant(new Tenant.CreateRequest());
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals("Unexpected HTTP response with status: 500\n" + message, e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertNull(e.getAuthErrorCode());
     }
-    checkUrl(interceptor, "POST", TENANTS_BASE_URL);
   }
 
   @Test
@@ -252,18 +266,23 @@ public void testUpdateTenantNoValues() throws Exception {
 
   @Test
   public void testUpdateTenantError() {
-    TestResponseInterceptor interceptor =
-        initializeAppForTenantManagementWithStatusCode(404,
-            "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}");
+    String message = "{\"error\": {\"message\": \"INTERNAL_ERROR\"}}";
+    TenantManager tenantManager = createRetryDisabledTenantManager(new MockLowLevelHttpResponse()
+        .setStatusCode(500)
+        .setContent(message));
     Tenant.UpdateRequest request =
         new Tenant.UpdateRequest("TENANT_1").setDisplayName("DISPLAY_NAME");
+
     try {
-      FirebaseAuth.getInstance().getTenantManager().updateTenant(request);
+      tenantManager.updateTenant(request);
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.INTERNAL_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals("Unexpected HTTP response with status: 500\n" + message, e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+      assertNull(e.getAuthErrorCode());
     }
-    checkUrl(interceptor, "PATCH", TENANTS_BASE_URL + "/TENANT_1");
   }
 
   @Test
@@ -285,7 +304,10 @@ public void testDeleteTenantWithNotFoundError() {
       FirebaseAuth.getInstance().getTenantManager().deleteTenant("UNKNOWN");
       fail("No error thrown for invalid response");
     } catch (FirebaseAuthException e) {
-      assertEquals(AuthHttpClient.TENANT_NOT_FOUND_ERROR, e.getErrorCode());
+      assertEquals(ErrorCode.NOT_FOUND, e.getErrorCode());
+      assertEquals("No tenant found for the given identifier (TENANT_NOT_FOUND).", e.getMessage());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
     }
     checkUrl(interceptor, "DELETE", TENANTS_BASE_URL + "/UNKNOWN");
   }
@@ -308,18 +330,22 @@ private static void checkRequestHeaders(TestResponseInterceptor interceptor) {
 
   private static void checkUrl(TestResponseInterceptor interceptor, String method, String url) {
     HttpRequest request = interceptor.getResponse().getRequest();
-    if (method.equals("PATCH")) {
-      assertEquals("PATCH",
-          request.getHeaders().getFirstHeaderStringValue("X-HTTP-Method-Override"));
-      assertEquals("POST", request.getRequestMethod());
-    } else {
-      assertEquals(method, request.getRequestMethod());
-    }
+    assertEquals(method, request.getRequestMethod());
     assertEquals(url, request.getUrl().toString().split("\\?")[0]);
   }
 
   private static TestResponseInterceptor initializeAppForTenantManagement(String... responses) {
-    initializeAppWithResponses(responses);
+    List<MockLowLevelHttpResponse> mocks = new ArrayList<>();
+    for (String response : responses) {
+      mocks.add(new MockLowLevelHttpResponse().setContent(response));
+    }
+    MockHttpTransport transport = new MultiRequestMockHttpTransport(mocks);
+    FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(credentials)
+        .setHttpTransport(transport)
+        .setProjectId("test-project-id")
+        .build());
+
     TestResponseInterceptor interceptor = new TestResponseInterceptor();
     FirebaseAuth.getInstance().getTenantManager().setInterceptor(interceptor);
     return interceptor;
@@ -327,7 +353,7 @@ private static TestResponseInterceptor initializeAppForTenantManagement(String..
 
   private static TestResponseInterceptor initializeAppForTenantManagementWithStatusCode(
       int statusCode, String response) {
-    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(credentials)
         .setHttpTransport(
             new MockHttpTransport.Builder()
@@ -341,17 +367,16 @@ private static TestResponseInterceptor initializeAppForTenantManagementWithStatu
     return interceptor;
   }
 
-  private static void initializeAppWithResponses(String... responses) {
-    List<MockLowLevelHttpResponse> mocks = new ArrayList<>();
-    for (String response : responses) {
-      mocks.add(new MockLowLevelHttpResponse().setContent(response));
-    }
-    MockHttpTransport transport = new MultiRequestMockHttpTransport(mocks);
-    FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+  private static TenantManager createRetryDisabledTenantManager(MockLowLevelHttpResponse response) {
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(response)
+        .build();
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(credentials)
-        .setHttpTransport(transport)
-        .setProjectId("test-project-id")
         .build());
+    FirebaseTenantClient tenantClient = new FirebaseTenantClient(
+        "test-project-id", Utils.getDefaultJsonFactory(), transport.createRequestFactory());
+    return new TenantManager(app, tenantClient);
   }
 
   private static GenericJson parseRequestContent(TestResponseInterceptor interceptor)
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
index 61a841902..fd8e4af83 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
@@ -39,6 +39,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.firebase.FirebaseApp;
+import com.google.firebase.auth.AuthErrorCode;
 import com.google.firebase.auth.ExportedUserRecord;
 import com.google.firebase.auth.FirebaseAuth;
 import com.google.firebase.auth.FirebaseAuthException;
@@ -257,8 +258,8 @@ public void testVerifyTokenWithWrongTenantAwareClient() throws Exception {
       fail("No error thrown for verifying a token with the wrong tenant-aware client");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals("tenant-id-mismatch",
-          ((FirebaseAuthException) e.getCause()).getErrorCode());
+      assertEquals(AuthErrorCode.TENANT_ID_MISMATCH,
+          ((FirebaseAuthException) e.getCause()).getAuthErrorCode());
     }
   }
 
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
index df7bcf00d..db0099791 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
@@ -28,6 +28,7 @@
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.common.base.Suppliers;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
@@ -58,7 +59,7 @@ public class TenantAwareFirebaseAuthTest {
       .build();
 
   private static final FirebaseAuthException AUTH_EXCEPTION = new FirebaseAuthException(
-      "code", "reason");
+      ErrorCode.INVALID_ARGUMENT, "Test error message", null, null, null);
 
   private static final String CREATE_COOKIE_RESPONSE = TestUtils.loadResource(
       "createSessionCookie.json");
@@ -99,7 +100,7 @@ public void testCreateSessionCookieAsyncError() throws Exception {
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
       FirebaseAuthException cause = (FirebaseAuthException) e.getCause();
-      assertEquals("code", cause.getErrorCode());
+      assertEquals(ErrorCode.INVALID_ARGUMENT, cause.getErrorCode());
     }
 
     assertNull(interceptor.getResponse());
@@ -133,7 +134,7 @@ public void testCreateSessionCookieError() {
       auth.createSessionCookie("testToken", COOKIE_OPTIONS);
       fail("No error thrown for invalid ID token");
     } catch (FirebaseAuthException e) {
-      assertEquals("code", e.getErrorCode());
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
     }
 
     assertNull(interceptor.getResponse());
@@ -163,7 +164,7 @@ public void testVerifySessionCookieFailure() {
       auth.verifySessionCookie("cookie");
       fail("No error thrown for invalid token");
     } catch (FirebaseAuthException authException) {
-      assertEquals("code", authException.getErrorCode());
+      assertEquals(ErrorCode.INVALID_ARGUMENT, authException.getErrorCode());
       assertEquals("cookie", tokenVerifier.getLastTokenString());
     }
   }
@@ -193,7 +194,7 @@ public void testVerifySessionCookieAsyncFailure() throws InterruptedException {
       fail("No error thrown for invalid token");
     } catch (ExecutionException e) {
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals("code", authException.getErrorCode());
+      assertEquals(ErrorCode.INVALID_ARGUMENT, authException.getErrorCode());
       assertEquals("cookie", tokenVerifier.getLastTokenString());
     }
   }
@@ -224,7 +225,7 @@ public void testVerifySessionCookieWithCheckRevokedFailure() {
       auth.verifySessionCookie("cookie", true);
       fail("No error thrown for invalid token");
     } catch (FirebaseAuthException e) {
-      assertEquals("code", e.getErrorCode());
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
       assertEquals("cookie", tokenVerifier.getLastTokenString());
     }
   }
@@ -241,7 +242,7 @@ public void testVerifySessionCookieWithCheckRevokedAsyncFailure() throws Interru
       fail("No error thrown for invalid token");
     } catch (ExecutionException e) {
       FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
-      assertEquals("code", authException.getErrorCode());
+      assertEquals(ErrorCode.INVALID_ARGUMENT, authException.getErrorCode());
       assertEquals("cookie", tokenVerifier.getLastTokenString());
     }
   }
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantManagerIT.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantManagerIT.java
index 086e25aa2..44d75e830 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantManagerIT.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantManagerIT.java
@@ -27,9 +27,10 @@
 import com.google.api.core.ApiFutureCallback;
 import com.google.api.core.ApiFutures;
 import com.google.common.util.concurrent.MoreExecutors;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.auth.AuthErrorCode;
 import com.google.firebase.auth.FirebaseAuth;
 import com.google.firebase.auth.FirebaseAuthException;
-import com.google.firebase.auth.internal.AuthHttpClient;
 import com.google.firebase.testing.IntegrationTestUtils;
 import java.util.ArrayList;
 import java.util.List;
@@ -81,8 +82,9 @@ public void testTenantLifecycle() throws Exception {
       fail("No error thrown for getting a deleted tenant");
     } catch (ExecutionException e) {
       assertTrue(e.getCause() instanceof FirebaseAuthException);
-      assertEquals(AuthHttpClient.TENANT_NOT_FOUND_ERROR,
-          ((FirebaseAuthException) e.getCause()).getErrorCode());
+      FirebaseAuthException authException = (FirebaseAuthException) e.getCause();
+      assertEquals(ErrorCode.NOT_FOUND, authException.getErrorCode());
+      assertEquals(AuthErrorCode.TENANT_NOT_FOUND, authException.getAuthErrorCode());
     }
   }
 
diff --git a/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java b/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
index 03627f202..08ee49ff0 100644
--- a/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
+++ b/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
@@ -12,7 +12,6 @@
 import com.google.cloud.firestore.FirestoreOptions;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
-import com.google.firebase.FirebaseOptions.Builder;
 import com.google.firebase.ImplFirebaseTrampolines;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
@@ -23,11 +22,10 @@
 
 public class FirestoreClientTest {
 
-  public static final FirestoreOptions FIRESTORE_OPTIONS = FirestoreOptions.newBuilder()
+  private static final FirestoreOptions FIRESTORE_OPTIONS = FirestoreOptions.newBuilder()
       // Setting credentials is not required (they get overridden by Admin SDK), but without
       // this Firestore logs an ugly warning during tests.
       .setCredentials(new MockGoogleCredentials("test-token"))
-      .setTimestampsInSnapshotsEnabled(true)
       .build();
 
   @After
@@ -37,7 +35,7 @@ public void tearDown() {
 
   @Test
   public void testExplicitProjectId() throws IOException {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setProjectId("explicit-project-id")
         .setFirestoreOptions(FIRESTORE_OPTIONS)
@@ -51,7 +49,7 @@ public void testExplicitProjectId() throws IOException {
 
   @Test
   public void testServiceAccountProjectId() throws IOException {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setFirestoreOptions(FIRESTORE_OPTIONS)
         .build());
@@ -64,7 +62,7 @@ public void testServiceAccountProjectId() throws IOException {
 
   @Test
   public void testFirestoreOptions() throws IOException {
-    FirebaseApp app = FirebaseApp.initializeApp(new Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setProjectId("explicit-project-id")
         .setFirestoreOptions(FIRESTORE_OPTIONS)
@@ -80,11 +78,10 @@ public void testFirestoreOptions() throws IOException {
 
   @Test
   public void testFirestoreOptionsOverride() throws IOException {
-    FirebaseApp app = FirebaseApp.initializeApp(new Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setProjectId("explicit-project-id")
         .setFirestoreOptions(FirestoreOptions.newBuilder()
-            .setTimestampsInSnapshotsEnabled(true)
             .setProjectId("other-project-id")
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .build())
@@ -104,7 +101,7 @@ public void testFirestoreOptionsOverride() throws IOException {
 
   @Test
   public void testAppDelete() throws IOException {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setProjectId("mock-project-id")
         .setFirestoreOptions(FIRESTORE_OPTIONS)
diff --git a/src/test/java/com/google/firebase/cloud/StorageClientTest.java b/src/test/java/com/google/firebase/cloud/StorageClientTest.java
index 41535f3d9..190fad6cc 100644
--- a/src/test/java/com/google/firebase/cloud/StorageClientTest.java
+++ b/src/test/java/com/google/firebase/cloud/StorageClientTest.java
@@ -41,7 +41,7 @@ public void tearDown() {
 
   @Test
   public void testInvalidConfiguration() throws IOException {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .build());
     try {
@@ -54,7 +54,7 @@ public void testInvalidConfiguration() throws IOException {
 
   @Test
   public void testInvalidBucketName() throws IOException {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setStorageBucket("mock-bucket-name")
         .build());
@@ -75,7 +75,7 @@ public void testInvalidBucketName() throws IOException {
 
   @Test
   public void testAppDelete() throws IOException {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setStorageBucket("mock-bucket-name")
         .build());
@@ -93,7 +93,7 @@ public void testAppDelete() throws IOException {
 
   @Test
   public void testNonExistingBucket() throws IOException {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setStorageBucket("mock-bucket-name")
         .build());
@@ -115,7 +115,7 @@ public void testNonExistingBucket() throws IOException {
 
   @Test
   public void testBucket() throws IOException {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setStorageBucket("mock-bucket-name")
         .build());
diff --git a/src/test/java/com/google/firebase/database/DataSnapshotTest.java b/src/test/java/com/google/firebase/database/DataSnapshotTest.java
index 0764bdbf4..083d8ce09 100644
--- a/src/test/java/com/google/firebase/database/DataSnapshotTest.java
+++ b/src/test/java/com/google/firebase/database/DataSnapshotTest.java
@@ -51,7 +51,7 @@ public class DataSnapshotTest {
   @BeforeClass
   public static void setUpClass() throws IOException {
     testApp = FirebaseApp.initializeApp(
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .setDatabaseUrl("https://admin-java-sdk.firebaseio.com")
             .build());
diff --git a/src/test/java/com/google/firebase/database/DatabaseReferenceTest.java b/src/test/java/com/google/firebase/database/DatabaseReferenceTest.java
index 5e7fc5374..207173f74 100644
--- a/src/test/java/com/google/firebase/database/DatabaseReferenceTest.java
+++ b/src/test/java/com/google/firebase/database/DatabaseReferenceTest.java
@@ -64,7 +64,7 @@ public class DatabaseReferenceTest {
   @BeforeClass
   public static void setUpClass() throws IOException {
     testApp = FirebaseApp.initializeApp(
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .setDatabaseUrl(DB_URL)
             .build());
diff --git a/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java b/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java
index ba7816173..2bdc6185e 100644
--- a/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java
+++ b/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java
@@ -41,12 +41,12 @@
 public class FirebaseDatabaseTest {
 
   private static final FirebaseOptions firebaseOptions =
-      new FirebaseOptions.Builder()
+      FirebaseOptions.builder()
           .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
           .setDatabaseUrl("https://firebase-db-test.firebaseio.com")
           .build();
   private static final FirebaseOptions firebaseOptionsWithoutDatabaseUrl =
-      new FirebaseOptions.Builder()
+      FirebaseOptions.builder()
           .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
           .build();
 
diff --git a/src/test/java/com/google/firebase/database/TestHelpers.java b/src/test/java/com/google/firebase/database/TestHelpers.java
index cfd15034d..00d9a3797 100644
--- a/src/test/java/com/google/firebase/database/TestHelpers.java
+++ b/src/test/java/com/google/firebase/database/TestHelpers.java
@@ -16,7 +16,6 @@
 
 package com.google.firebase.database;
 
-import static com.cedarsoftware.util.DeepEquals.deepEquals;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -43,6 +42,7 @@
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.UUID;
 import java.util.concurrent.Executors;
@@ -241,7 +241,7 @@ public static void setHijackHash(DatabaseReference ref, boolean hijackHash) {
    * a true and more effective super set.
    */
   public static void assertDeepEquals(Object a, Object b) {
-    if (!deepEquals(a, b)) {
+    if (!Objects.deepEquals(a, b)) {
       fail("Values different.\nExpected: " + a + "\nActual: " + b);
     }
   }
diff --git a/src/test/java/com/google/firebase/database/ValueExpectationHelper.java b/src/test/java/com/google/firebase/database/ValueExpectationHelper.java
index f7f15a03d..9732bf73b 100644
--- a/src/test/java/com/google/firebase/database/ValueExpectationHelper.java
+++ b/src/test/java/com/google/firebase/database/ValueExpectationHelper.java
@@ -18,10 +18,10 @@
 
 import static org.junit.Assert.fail;
 
-import com.cedarsoftware.util.DeepEquals;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Objects;
 import java.util.concurrent.Semaphore;
 
 public class ValueExpectationHelper {
@@ -39,7 +39,7 @@ public void add(final Query query, final Object expected) {
               public void onDataChange(DataSnapshot snapshot) {
                 Object result = snapshot.getValue();
                 // Hack to handle race condition in initial data
-                if (DeepEquals.deepEquals(expected, result)) {
+                if (Objects.deepEquals(expected, result)) {
                   // We may pass through intermediate states, but we should end up with
                   // the correct
                   // state
diff --git a/src/test/java/com/google/firebase/database/collection/RBTreeSortedMapTest.java b/src/test/java/com/google/firebase/database/collection/RBTreeSortedMapTest.java
index 2fbc8ba90..f29ef208a 100644
--- a/src/test/java/com/google/firebase/database/collection/RBTreeSortedMapTest.java
+++ b/src/test/java/com/google/firebase/database/collection/RBTreeSortedMapTest.java
@@ -262,7 +262,7 @@ public void successorKeyIsCorrect() {
         lastKey = entry.getKey();
       }
       if (lastKey != null) {
-        assertEquals(null, map.getSuccessorKey(lastKey));
+        assertNull(map.getSuccessorKey(lastKey));
       }
     }
   }
@@ -295,13 +295,13 @@ public int compare(Integer o1, Integer o2) {
       arraycopy = arraycopy.insert(key, value);
       copyWithDifferentComparator = copyWithDifferentComparator.insert(key, value);
     }
-    Assert.assertTrue(map.equals(copy));
-    Assert.assertTrue(map.equals(arraycopy));
-    Assert.assertTrue(arraycopy.equals(map));
-
-    Assert.assertFalse(map.equals(copyWithDifferentComparator));
-    Assert.assertFalse(map.equals(copy.remove(copy.getMaxKey())));
-    Assert.assertFalse(map.equals(copy.insert(copy.getMaxKey() + 1, 1)));
-    Assert.assertFalse(map.equals(arraycopy.remove(arraycopy.getMaxKey())));
+    Assert.assertEquals(map, copy);
+    Assert.assertEquals(map, arraycopy);
+    Assert.assertEquals(arraycopy, map);
+
+    Assert.assertNotEquals(map, copyWithDifferentComparator);
+    Assert.assertNotEquals(map, copy.remove(copy.getMaxKey()));
+    Assert.assertNotEquals(map, copy.insert(copy.getMaxKey() + 1, 1));
+    Assert.assertNotEquals(map, arraycopy.remove(arraycopy.getMaxKey()));
   }
 }
diff --git a/src/test/java/com/google/firebase/database/core/JvmAuthTokenProviderTest.java b/src/test/java/com/google/firebase/database/core/JvmAuthTokenProviderTest.java
index 7b8fe5229..9bc55950b 100644
--- a/src/test/java/com/google/firebase/database/core/JvmAuthTokenProviderTest.java
+++ b/src/test/java/com/google/firebase/database/core/JvmAuthTokenProviderTest.java
@@ -20,7 +20,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.cedarsoftware.util.DeepEquals;
 import com.google.auth.oauth2.AccessToken;
 import com.google.auth.oauth2.OAuth2Credentials;
 import com.google.common.collect.ImmutableMap;
@@ -38,6 +37,7 @@
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@@ -67,7 +67,7 @@ public void testGetToken() throws IOException, InterruptedException {
     credentials.refresh();
     assertEquals(1, refreshDetector.count);
 
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(credentials)
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);
@@ -87,7 +87,7 @@ public void testGetTokenNoRefresh() throws IOException, InterruptedException {
     credentials.refresh();
     assertEquals(1, refreshDetector.count);
 
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(credentials)
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);
@@ -103,7 +103,7 @@ public void testGetTokenNoRefresh() throws IOException, InterruptedException {
   public void testGetTokenWithAuthOverrides() throws InterruptedException, IOException {
     MockGoogleCredentials credentials = new MockGoogleCredentials("mock-token");
     Map<String, Object> auth = ImmutableMap.<String, Object>of("uid", "test");
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(credentials)
         .setDatabaseAuthVariableOverride(auth)
         .build();
@@ -119,11 +119,11 @@ public void testGetTokenWithAuthOverrides() throws InterruptedException, IOExcep
   public void testGetTokenError() throws InterruptedException {
     MockGoogleCredentials credentials = new MockGoogleCredentials("mock-token") {
       @Override
-      public AccessToken refreshAccessToken() throws IOException {
+      public AccessToken refreshAccessToken() {
         throw new RuntimeException("Test error");
       }
     };
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(credentials)
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);
@@ -139,13 +139,13 @@ public void testAddTokenChangeListener() throws IOException {
     final AtomicInteger counter = new AtomicInteger(0);
     MockGoogleCredentials credentials = new MockGoogleCredentials() {
       @Override
-      public AccessToken refreshAccessToken() throws IOException {
+      public AccessToken refreshAccessToken() {
         Date expiry = new Date(System.currentTimeMillis() + TimeUnit.HOURS.toMillis(1));
         return new AccessToken("token-" + counter.getAndIncrement(), expiry);
       }
     };
 
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(credentials)
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);
@@ -172,7 +172,7 @@ public void onTokenChange(String token) {
   @Test
   public void testTokenChangeListenerThread() throws InterruptedException, IOException {
     MockGoogleCredentials credentials = new MockGoogleCredentials();
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(credentials)
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);
@@ -210,12 +210,12 @@ public void testTokenAutoRefresh() throws InterruptedException {
     final Semaphore semaphore = new Semaphore(0);
     credentials.addChangeListener(new OAuth2Credentials.CredentialsChangedListener() {
       @Override
-      public void onChanged(OAuth2Credentials credentials) throws IOException {
+      public void onChanged(OAuth2Credentials credentials) {
         semaphore.release();
       }
     });
 
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(credentials)
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);
@@ -234,8 +234,8 @@ private void assertToken(String token, String expectedToken, Map<String, Object>
 
     assertEquals(expectedToken, map.get("token"));
 
-    Map<String, Object> auth = (Map)map.get("auth");
-    DeepEquals.deepEquals(expectedAuth, auth);
+    Map auth = (Map) map.get("auth");
+    assertTrue(Objects.deepEquals(expectedAuth, auth));
   }
 
   private static class TestGetTokenListener
@@ -271,7 +271,7 @@ private static class TokenRefreshDetector
     private int count = 0;
 
     @Override
-    public void onChanged(OAuth2Credentials credentials) throws IOException {
+    public void onChanged(OAuth2Credentials credentials) {
       count++;
     }
   }
diff --git a/src/test/java/com/google/firebase/database/core/JvmPlatformTest.java b/src/test/java/com/google/firebase/database/core/JvmPlatformTest.java
index c6912916f..044b583b3 100644
--- a/src/test/java/com/google/firebase/database/core/JvmPlatformTest.java
+++ b/src/test/java/com/google/firebase/database/core/JvmPlatformTest.java
@@ -56,7 +56,7 @@ protected ThreadFactory getThreadFactory() {
         return Executors.defaultThreadFactory();
       }
     };
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
         .setThreadManager(threadManager)
         .build();
@@ -80,7 +80,7 @@ protected ThreadFactory getThreadFactory() {
 
   @Test
   public void userAgentHasCorrectParts() {
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options, "userAgentApp");
diff --git a/src/test/java/com/google/firebase/database/core/RepoTest.java b/src/test/java/com/google/firebase/database/core/RepoTest.java
index ec9696e55..9c2281d4c 100644
--- a/src/test/java/com/google/firebase/database/core/RepoTest.java
+++ b/src/test/java/com/google/firebase/database/core/RepoTest.java
@@ -61,7 +61,7 @@ public class RepoTest {
   @BeforeClass
   public static void setUpClass() throws IOException {
     FirebaseApp testApp = FirebaseApp.initializeApp(
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .setDatabaseUrl("https://admin-java-sdk.firebaseio.com")
             .build());
diff --git a/src/test/java/com/google/firebase/database/core/SyncPointTest.java b/src/test/java/com/google/firebase/database/core/SyncPointTest.java
index 91be0cce7..158a803e4 100644
--- a/src/test/java/com/google/firebase/database/core/SyncPointTest.java
+++ b/src/test/java/com/google/firebase/database/core/SyncPointTest.java
@@ -68,7 +68,7 @@ public class SyncPointTest {
   @BeforeClass
   public static void setUpClass() throws IOException {
     testApp = FirebaseApp.initializeApp(
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .setDatabaseUrl("https://admin-java-sdk.firebaseio.com")
             .build());
diff --git a/src/test/java/com/google/firebase/database/core/persistence/DefaultPersistenceManagerTest.java b/src/test/java/com/google/firebase/database/core/persistence/DefaultPersistenceManagerTest.java
index 99450944c..342700a3d 100644
--- a/src/test/java/com/google/firebase/database/core/persistence/DefaultPersistenceManagerTest.java
+++ b/src/test/java/com/google/firebase/database/core/persistence/DefaultPersistenceManagerTest.java
@@ -56,7 +56,7 @@ public class DefaultPersistenceManagerTest {
   @BeforeClass
   public static void setUpClass() throws IOException {
     testApp = FirebaseApp.initializeApp(
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .setDatabaseUrl("https://admin-java-sdk.firebaseio.com")
             .build());
diff --git a/src/test/java/com/google/firebase/database/core/persistence/RandomPersistenceTest.java b/src/test/java/com/google/firebase/database/core/persistence/RandomPersistenceTest.java
index 58358a8ff..d55db51c3 100644
--- a/src/test/java/com/google/firebase/database/core/persistence/RandomPersistenceTest.java
+++ b/src/test/java/com/google/firebase/database/core/persistence/RandomPersistenceTest.java
@@ -73,7 +73,7 @@ public class RandomPersistenceTest {
   @BeforeClass
   public static void setUpClass() throws IOException {
     testApp = FirebaseApp.initializeApp(
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .setDatabaseUrl("https://admin-java-sdk.firebaseio.com")
             .build());
diff --git a/src/test/java/com/google/firebase/database/integration/DataTestIT.java b/src/test/java/com/google/firebase/database/integration/DataTestIT.java
index 2b2124a14..d832f995d 100644
--- a/src/test/java/com/google/firebase/database/integration/DataTestIT.java
+++ b/src/test/java/com/google/firebase/database/integration/DataTestIT.java
@@ -24,7 +24,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.cedarsoftware.util.DeepEquals;
 import com.google.common.collect.ImmutableList;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.database.ChildEventListener;
@@ -56,6 +55,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Random;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Semaphore;
@@ -1645,7 +1645,7 @@ public void testUpdateAfterSetLeafNodeWorks() throws InterruptedException {
     ref.addValueEventListener(new ValueEventListener() {
       @Override
       public void onDataChange(DataSnapshot snapshot) {
-        if (DeepEquals.deepEquals(snapshot.getValue(), expected)) {
+        if (Objects.deepEquals(snapshot.getValue(), expected)) {
           semaphore.release();
         }
       }
diff --git a/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseAuthTestIT.java b/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseAuthTestIT.java
index d210039cc..58e313450 100644
--- a/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseAuthTestIT.java
+++ b/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseAuthTestIT.java
@@ -78,7 +78,7 @@ public void testAuthWithValidCertificateCredential() throws InterruptedException
   @Test
   public void testAuthWithInvalidCertificateCredential() throws InterruptedException, IOException {
     FirebaseOptions options =
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setDatabaseUrl(IntegrationTestUtils.getDatabaseUrl())
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.NONE.asStream()))
             .build();
@@ -94,10 +94,9 @@ public void testDatabaseAuthVariablesAuthorization() throws InterruptedException
         "uid", "test",
         "custom", "secret"
     );
-    FirebaseOptions options =
-        new FirebaseOptions.Builder(masterApp.getOptions())
-            .setDatabaseAuthVariableOverride(authVariableOverrides)
-            .build();
+    FirebaseOptions options = masterApp.getOptions().toBuilder()
+        .setDatabaseAuthVariableOverride(authVariableOverrides)
+        .build();
     FirebaseApp testUidApp = FirebaseApp.initializeApp(options, "testGetAppWithUid");
     FirebaseDatabase masterDb = FirebaseDatabase.getInstance(masterApp);
     FirebaseDatabase testAuthOverridesDb = FirebaseDatabase.getInstance(testUidApp);
@@ -114,10 +113,9 @@ public void testDatabaseAuthVariablesAuthorization() throws InterruptedException
   
   @Test
   public void testDatabaseAuthVariablesNoAuthorization() throws InterruptedException {
-    FirebaseOptions options =
-        new FirebaseOptions.Builder(masterApp.getOptions())
-            .setDatabaseAuthVariableOverride(null)
-            .build();
+    FirebaseOptions options = masterApp.getOptions().toBuilder()
+        .setDatabaseAuthVariableOverride(null)
+        .build();
     FirebaseApp testUidApp =
         FirebaseApp.initializeApp(options, "testServiceAccountDatabaseWithNoAuth");
 
diff --git a/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseTestIT.java b/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseTestIT.java
index f6451d9c5..84ec321a5 100644
--- a/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseTestIT.java
+++ b/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseTestIT.java
@@ -255,7 +255,7 @@ public void onCancelled(DatabaseError error) {
   
   private static FirebaseApp appWithDbUrl(String dbUrl, String name) {
     try {
-      FirebaseOptions options = new FirebaseOptions.Builder()
+      FirebaseOptions options = FirebaseOptions.builder()
           .setDatabaseUrl(dbUrl)
           .setCredentials(GoogleCredentials.fromStream(
               IntegrationTestUtils.getServiceAccountCertificate()))
@@ -268,7 +268,7 @@ private static FirebaseApp appWithDbUrl(String dbUrl, String name) {
   
   private static FirebaseApp appWithoutDbUrl(String name) {
     try {
-      FirebaseOptions options = new FirebaseOptions.Builder()
+      FirebaseOptions options = FirebaseOptions.builder()
           .setCredentials(GoogleCredentials.fromStream(
               IntegrationTestUtils.getServiceAccountCertificate()))
           .build();
diff --git a/src/test/java/com/google/firebase/database/integration/RulesTestIT.java b/src/test/java/com/google/firebase/database/integration/RulesTestIT.java
index 1745ce220..b46c1287f 100644
--- a/src/test/java/com/google/firebase/database/integration/RulesTestIT.java
+++ b/src/test/java/com/google/firebase/database/integration/RulesTestIT.java
@@ -103,7 +103,7 @@ public class RulesTestIT {
   public static void setUpClass() throws IOException {
     // Init app with non-admin privileges
     Map<String, Object> auth = MapBuilder.of("uid", "my-service-worker");
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(
             IntegrationTestUtils.getServiceAccountCertificate()))
         .setDatabaseUrl(IntegrationTestUtils.getDatabaseUrl())
diff --git a/src/test/java/com/google/firebase/database/integration/ShutdownExample.java b/src/test/java/com/google/firebase/database/integration/ShutdownExample.java
index 020e0416e..ded28fe0f 100644
--- a/src/test/java/com/google/firebase/database/integration/ShutdownExample.java
+++ b/src/test/java/com/google/firebase/database/integration/ShutdownExample.java
@@ -32,7 +32,7 @@ public static void main(String[] args) {
 
     FirebaseApp app =
         FirebaseApp.initializeApp(
-            new FirebaseOptions.Builder()
+            FirebaseOptions.builder()
                 .setDatabaseUrl("https://admin-java-sdk.firebaseio.com")
                 .build());
 
diff --git a/src/test/java/com/google/firebase/database/utilities/ValidationTest.java b/src/test/java/com/google/firebase/database/utilities/ValidationTest.java
index b9e32a851..3293f5d6d 100644
--- a/src/test/java/com/google/firebase/database/utilities/ValidationTest.java
+++ b/src/test/java/com/google/firebase/database/utilities/ValidationTest.java
@@ -18,9 +18,11 @@
 
 import static org.junit.Assert.fail;
 
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.firebase.database.DatabaseException;
 import com.google.firebase.database.core.Path;
+import java.util.List;
 import java.util.Map;
 import org.junit.Test;
 
@@ -144,32 +146,32 @@ public void testNonWritablePath() {
 
   @Test
   public void testUpdate() {
-    Map[] updates = new Map[]{
-        ImmutableMap.of("foo", "value"),
-        ImmutableMap.of("foo", ""),
-        ImmutableMap.of("foo", 10D),
-        ImmutableMap.of(".foo", "foo"),
-        ImmutableMap.of("foo", "value", "bar", "value"),
-    };
+    List<Map<String, Object>> updates = ImmutableList.<Map<String, Object>>of(
+        ImmutableMap.<String, Object>of("foo", "value"),
+        ImmutableMap.<String, Object>of("foo", ""),
+        ImmutableMap.<String, Object>of("foo", 10D),
+        ImmutableMap.<String, Object>of(".foo", "foo"),
+        ImmutableMap.<String, Object>of("foo", "value", "bar", "value")
+    );
     Path path = new Path("path");
-    for (Map map : updates) {
+    for (Map<String, Object> map : updates) {
       Validation.parseAndValidateUpdate(path, map);
     }
   }
 
   @Test
   public void testInvalidUpdate() {
-    Map[] invalidUpdates = new Map[]{
-        ImmutableMap.of(".sv", "foo"),
-        ImmutableMap.of(".value", "foo"),
-        ImmutableMap.of(".priority", ImmutableMap.of("a", "b")),
-        ImmutableMap.of("foo", "value", "foo/bar", "value"),
-        ImmutableMap.of("foo", Double.POSITIVE_INFINITY),
-        ImmutableMap.of("foo", Double.NEGATIVE_INFINITY),
-        ImmutableMap.of("foo", Double.NaN),
-    };
+    List<Map<String, Object>> invalidUpdates = ImmutableList.<Map<String, Object>>of(
+        ImmutableMap.<String, Object>of(".sv", "foo"),
+        ImmutableMap.<String, Object>of(".value", "foo"),
+        ImmutableMap.<String, Object>of(".priority", ImmutableMap.of("a", "b")),
+        ImmutableMap.<String, Object>of("foo", "value", "foo/bar", "value"),
+        ImmutableMap.<String, Object>of("foo", Double.POSITIVE_INFINITY),
+        ImmutableMap.<String, Object>of("foo", Double.NEGATIVE_INFINITY),
+        ImmutableMap.<String, Object>of("foo", Double.NaN)
+    );
     Path path = new Path("path");
-    for (Map map : invalidUpdates) {
+    for (Map<String, Object> map : invalidUpdates) {
       try {
         Validation.parseAndValidateUpdate(path, map);
         fail("No error thrown for invalid update: " + map);
diff --git a/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java b/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java
index 366bb7e29..f15861a62 100644
--- a/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java
+++ b/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java
@@ -23,18 +23,25 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
+import com.google.api.client.http.HttpMethods;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.http.HttpTransport;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
+import com.google.firebase.IncomingHttpResponse;
+import com.google.firebase.OutgoingHttpRequest;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
 import com.google.firebase.testing.GenericFunction;
 import com.google.firebase.testing.TestResponseInterceptor;
+import com.google.firebase.testing.TestUtils;
+import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ExecutionException;
@@ -43,6 +50,25 @@
 
 public class FirebaseInstanceIdTest {
 
+  private static final Map<Integer, String> ERROR_MESSAGES = ImmutableMap.of(
+      404, "Instance ID \"test-iid\": Failed to find the instance ID.",
+      409, "Instance ID \"test-iid\": Already deleted.",
+      429, "Instance ID \"test-iid\": Request throttled out by the backend server.",
+      500, "Instance ID \"test-iid\": Internal server error.",
+      501, "Unexpected HTTP response with status: 501\ntest error"
+  );
+
+  private static final Map<Integer, ErrorCode> ERROR_CODES = ImmutableMap.of(
+      404, ErrorCode.NOT_FOUND,
+      409, ErrorCode.CONFLICT,
+      429, ErrorCode.RESOURCE_EXHAUSTED,
+      500, ErrorCode.INTERNAL,
+      501, ErrorCode.UNKNOWN
+  );
+
+  private static final String TEST_URL =
+      "https://console.firebase.google.com/v1/project/test-project/instanceId/test-iid";
+
   @After
   public void tearDown() {
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
@@ -50,7 +76,7 @@ public void tearDown() {
 
   @Test
   public void testNoProjectId() {
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("test-token"))
         .build();
     FirebaseApp.initializeApp(options);
@@ -64,7 +90,7 @@ public void testNoProjectId() {
 
   @Test
   public void testInvalidInstanceId() {
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("test-token"))
         .setProjectId("test-project")
         .build();
@@ -96,7 +122,7 @@ public void testDeleteInstanceId() throws Exception {
     MockHttpTransport transport = new MockHttpTransport.Builder()
         .setLowLevelHttpResponse(response)
         .build();
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("test-token"))
         .setProjectId("test-project")
         .setHttpTransport(transport)
@@ -123,7 +149,6 @@ public Void call(Object... args) throws Exception {
         }
     );
 
-    String url = "https://console.firebase.google.com/v1/project/test-project/instanceId/test-iid";
     for (GenericFunction<Void> fn : functions) {
       TestResponseInterceptor interceptor = new TestResponseInterceptor();
       instanceId.setInterceptor(interceptor);
@@ -131,54 +156,113 @@ public Void call(Object... args) throws Exception {
 
       assertNotNull(interceptor.getResponse());
       HttpRequest request = interceptor.getResponse().getRequest();
-      assertEquals("DELETE", request.getRequestMethod());
-      assertEquals(url, request.getUrl().toString());
+      assertEquals(HttpMethods.DELETE, request.getRequestMethod());
+      assertEquals(TEST_URL, request.getUrl().toString());
       assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
     }
   }
 
   @Test
   public void testDeleteInstanceIdError() throws Exception {
-    Map<Integer, String> errors = ImmutableMap.of(
-        404, "Instance ID \"test-iid\": Failed to find the instance ID.",
-        429, "Instance ID \"test-iid\": Request throttled out by the backend server.",
-        500, "Instance ID \"test-iid\": Internal server error.",
-        501, "Error while invoking instance ID service."
-    );
+    final MockLowLevelHttpResponse response = new MockLowLevelHttpResponse();
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(response)
+        .build();
+    FirebaseOptions options = FirebaseOptions.builder()
+        .setCredentials(new MockGoogleCredentials("test-token"))
+        .setProjectId("test-project")
+        .setHttpTransport(transport)
+        .build();
+    FirebaseApp app = FirebaseApp.initializeApp(options);
 
-    String url = "https://console.firebase.google.com/v1/project/test-project/instanceId/test-iid";
-    for (Map.Entry<Integer, String> entry : errors.entrySet()) {
-      MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
-          .setStatusCode(entry.getKey())
-          .setContent("test error");
-      MockHttpTransport transport = new MockHttpTransport.Builder()
-          .setLowLevelHttpResponse(response)
-          .build();
-      FirebaseOptions options = new FirebaseOptions.Builder()
-          .setCredentials(new MockGoogleCredentials("test-token"))
-          .setProjectId("test-project")
-          .setHttpTransport(transport)
-          .build();
-      final FirebaseApp app = FirebaseApp.initializeApp(options);
-
-      FirebaseInstanceId instanceId = FirebaseInstanceId.getInstance();
-      TestResponseInterceptor interceptor = new TestResponseInterceptor();
-      instanceId.setInterceptor(interceptor);
-      try {
-        instanceId.deleteInstanceIdAsync("test-iid").get();
-        fail("No error thrown for HTTP error");
-      } catch (ExecutionException e) {
-        assertTrue(e.getCause() instanceof FirebaseInstanceIdException);
-        assertEquals(entry.getValue(), e.getCause().getMessage());
-        assertTrue(e.getCause().getCause() instanceof HttpResponseException);
-      }
+    // Disable retries by passing a regular HttpRequestFactory.
+    FirebaseInstanceId instanceId = new FirebaseInstanceId(app, transport.createRequestFactory());
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    instanceId.setInterceptor(interceptor);
 
-      assertNotNull(interceptor.getResponse());
-      HttpRequest request = interceptor.getResponse().getRequest();
-      assertEquals("DELETE", request.getRequestMethod());
-      assertEquals(url, request.getUrl().toString());
-      assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
+    try {
+      for (int statusCode : ERROR_CODES.keySet()) {
+        response.setStatusCode(statusCode).setContent("test error");
+
+        try {
+          instanceId.deleteInstanceIdAsync("test-iid").get();
+          fail("No error thrown for HTTP error");
+        } catch (ExecutionException e) {
+          assertTrue(e.getCause() instanceof FirebaseInstanceIdException);
+          checkFirebaseInstanceIdException((FirebaseInstanceIdException) e.getCause(), statusCode);
+        }
+
+        assertNotNull(interceptor.getResponse());
+        HttpRequest request = interceptor.getResponse().getRequest();
+        assertEquals(HttpMethods.DELETE, request.getRequestMethod());
+        assertEquals(TEST_URL, request.getUrl().toString());
+      }
+    } finally {
       app.delete();
     }
   }
+
+  @Test
+  public void testDeleteInstanceIdTransportError() throws Exception {
+    HttpTransport transport = TestUtils.createFaultyHttpTransport();
+    FirebaseOptions options = FirebaseOptions.builder()
+        .setCredentials(new MockGoogleCredentials("test-token"))
+        .setProjectId("test-project")
+        .setHttpTransport(transport)
+        .build();
+    FirebaseApp app = FirebaseApp.initializeApp(options);
+    // Disable retries by passing a regular HttpRequestFactory.
+    FirebaseInstanceId instanceId = new FirebaseInstanceId(app, transport.createRequestFactory());
+
+    try {
+      instanceId.deleteInstanceIdAsync("test-iid").get();
+      fail("No error thrown for HTTP error");
+    } catch (ExecutionException e) {
+      assertTrue(e.getCause() instanceof FirebaseInstanceIdException);
+      FirebaseInstanceIdException error = (FirebaseInstanceIdException) e.getCause();
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals(
+          "Unknown error while making a remote service call: transport error",
+          error.getMessage());
+      assertTrue(error.getCause() instanceof IOException);
+      assertNull(error.getHttpResponse());
+    }
+  }
+
+  @Test
+  public void testDeleteInstanceIdInvalidJsonIgnored() throws Exception {
+    final MockLowLevelHttpResponse response = new MockLowLevelHttpResponse();
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(response)
+        .build();
+    FirebaseOptions options = FirebaseOptions.builder()
+        .setCredentials(new MockGoogleCredentials("test-token"))
+        .setProjectId("test-project")
+        .setHttpTransport(transport)
+        .build();
+    FirebaseApp app = FirebaseApp.initializeApp(options);
+
+    // Disable retries by passing a regular HttpRequestFactory.
+    FirebaseInstanceId instanceId = new FirebaseInstanceId(app, transport.createRequestFactory());
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    instanceId.setInterceptor(interceptor);
+    response.setContent("not json");
+
+    instanceId.deleteInstanceIdAsync("test-iid").get();
+
+    assertNotNull(interceptor.getResponse());
+  }
+
+  private void checkFirebaseInstanceIdException(FirebaseInstanceIdException error, int statusCode) {
+    assertEquals(ERROR_CODES.get(statusCode), error.getErrorCode());
+    assertEquals(ERROR_MESSAGES.get(statusCode), error.getMessage());
+    assertTrue(error.getCause() instanceof HttpResponseException);
+
+    IncomingHttpResponse httpResponse = error.getHttpResponse();
+    assertNotNull(httpResponse);
+    assertEquals(statusCode, httpResponse.getStatusCode());
+    OutgoingHttpRequest request = httpResponse.getRequest();
+    assertEquals(HttpMethods.DELETE, request.getMethod());
+    assertEquals(TEST_URL, request.getUrl());
+  }
 }
diff --git a/src/test/java/com/google/firebase/internal/AbstractPlatformErrorHandlerTest.java b/src/test/java/com/google/firebase/internal/AbstractPlatformErrorHandlerTest.java
new file mode 100644
index 000000000..7e927f51b
--- /dev/null
+++ b/src/test/java/com/google/firebase/internal/AbstractPlatformErrorHandlerTest.java
@@ -0,0 +1,298 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.http.HttpMethods;
+import com.google.api.client.http.HttpStatusCodes;
+import com.google.api.client.http.LowLevelHttpRequest;
+import com.google.api.client.testing.http.MockHttpTransport;
+import com.google.api.client.testing.http.MockLowLevelHttpResponse;
+import com.google.api.client.util.GenericData;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.IncomingHttpResponse;
+import java.io.IOException;
+import java.net.NoRouteToHostException;
+import java.net.SocketTimeoutException;
+import java.net.UnknownHostException;
+import org.junit.Test;
+
+public class AbstractPlatformErrorHandlerTest {
+
+  private static final HttpRequestInfo TEST_REQUEST = HttpRequestInfo.buildGetRequest(
+      "https://firebase.google.com");
+
+  @Test
+  public void testPlatformError() {
+    String payload = "{\"error\": {\"status\": \"UNAVAILABLE\", \"message\": \"Test error\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR)
+        .setContent(payload);
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(response);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.UNAVAILABLE, e.getErrorCode());
+      assertEquals("Test error", e.getMessage());
+      assertHttpResponse(e, HttpStatusCodes.STATUS_CODE_SERVER_ERROR, payload);
+      assertNotNull(e.getCause());
+    }
+  }
+
+  @Test
+  public void testNonJsonError() {
+    String payload = "not json";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR)
+        .setContent(payload);
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(response);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals("Unexpected HTTP response with status: 500\nnot json", e.getMessage());
+      assertHttpResponse(e, HttpStatusCodes.STATUS_CODE_SERVER_ERROR, payload);
+      assertNotNull(e.getCause());
+    }
+  }
+
+  @Test
+  public void testPlatformErrorWithoutCode() {
+    String payload = "{\"error\": {\"message\": \"Test error\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR)
+        .setContent(payload);
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(response);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals("Test error", e.getMessage());
+      assertHttpResponse(e, HttpStatusCodes.STATUS_CODE_SERVER_ERROR, payload);
+      assertNotNull(e.getCause());
+    }
+  }
+
+  @Test
+  public void testPlatformErrorWithoutMessage() {
+    String payload = "{\"error\": {\"status\": \"INVALID_ARGUMENT\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR)
+        .setContent(payload);
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(response);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals("Unexpected HTTP response with status: 500\n" + payload, e.getMessage());
+      assertHttpResponse(e, HttpStatusCodes.STATUS_CODE_SERVER_ERROR, payload);
+      assertNotNull(e.getCause());
+    }
+  }
+
+  @Test
+  public void testPlatformErrorWithoutCodeOrMessage() {
+    String payload = "{}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR)
+        .setContent(payload);
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(response);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals("Unexpected HTTP response with status: 500\n" + payload, e.getMessage());
+      assertHttpResponse(e, HttpStatusCodes.STATUS_CODE_SERVER_ERROR, payload);
+      assertNotNull(e.getCause());
+    }
+  }
+
+  @Test
+  public void testGenericIOException() {
+    IOException exception = new IOException("Test");
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(exception);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals(
+          "Unknown error while making a remote service call: Test", e.getMessage());
+      assertNull(e.getHttpResponse());
+      assertSame(exception, e.getCause());
+    }
+  }
+
+  @Test
+  public void testTimeoutError() {
+    IOException exception = new IOException("Test", new SocketTimeoutException());
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(exception);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.DEADLINE_EXCEEDED, e.getErrorCode());
+      assertEquals(
+          "Timed out while making an API call: Test", e.getMessage());
+      assertNull(e.getHttpResponse());
+      assertSame(exception, e.getCause());
+    }
+  }
+
+  @Test
+  public void testNoRouteToHostError() {
+    IOException exception = new IOException("Test", new NoRouteToHostException());
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(exception);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.UNAVAILABLE, e.getErrorCode());
+      assertEquals(
+          "Failed to establish a connection: Test", e.getMessage());
+      assertNull(e.getHttpResponse());
+      assertSame(exception, e.getCause());
+    }
+  }
+
+  @Test
+  public void testUnknownHostError() {
+    IOException exception = new IOException("Test", new UnknownHostException());
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(exception);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.UNAVAILABLE, e.getErrorCode());
+      assertEquals(
+          "Failed to establish a connection: Test", e.getMessage());
+      assertNull(e.getHttpResponse());
+      assertSame(exception, e.getCause());
+    }
+  }
+
+  @Test
+  public void testParseError() {
+    String payload = "not json";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent(payload);
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(response);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertTrue(e.getMessage().startsWith("Error while parsing HTTP response: "));
+      assertHttpResponse(e, HttpStatusCodes.STATUS_CODE_OK, payload);
+      assertNotNull(e.getCause());
+    }
+  }
+
+  @Test
+  public void testUnknownHttpError() {
+    String payload = "{\"error\": {\"message\": \"Test error\"}}";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setStatusCode(512)
+        .setContent(payload);
+    ErrorHandlingHttpClient<MockFirebaseException> client = createHttpClient(response);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (MockFirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals("Test error", e.getMessage());
+      assertHttpResponse(e, 512, payload);
+      assertNotNull(e.getCause());
+    }
+  }
+
+  private ErrorHandlingHttpClient<MockFirebaseException> createHttpClient(
+      MockLowLevelHttpResponse response) {
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(response)
+        .build();
+    return new ErrorHandlingHttpClient<>(
+        transport.createRequestFactory(),
+        Utils.getDefaultJsonFactory(),
+        new TestPlatformErrorHandler());
+  }
+
+  private ErrorHandlingHttpClient<MockFirebaseException> createHttpClient(
+      final IOException exception) {
+    MockHttpTransport transport = new MockHttpTransport(){
+      @Override
+      public LowLevelHttpRequest buildRequest(String method, String url) throws IOException {
+        throw exception;
+      }
+    };
+    return new ErrorHandlingHttpClient<>(
+        transport.createRequestFactory(),
+        Utils.getDefaultJsonFactory(),
+        new TestPlatformErrorHandler());
+  }
+
+  private void assertHttpResponse(FirebaseException e, int statusCode, String content) {
+    IncomingHttpResponse httpResponse = e.getHttpResponse();
+    assertNotNull(httpResponse);
+    assertEquals(statusCode, httpResponse.getStatusCode());
+    assertEquals(content, httpResponse.getContent());
+    assertEquals(HttpMethods.GET, httpResponse.getRequest().getMethod());
+  }
+
+  private static class TestPlatformErrorHandler extends
+      AbstractPlatformErrorHandler<MockFirebaseException> {
+
+    TestPlatformErrorHandler() {
+      super(Utils.getDefaultJsonFactory());
+    }
+
+    @Override
+    protected MockFirebaseException createException(FirebaseException base) {
+      return new MockFirebaseException(base);
+    }
+  }
+
+  private static class MockFirebaseException extends FirebaseException {
+    MockFirebaseException(FirebaseException base) {
+      super(base.getErrorCode(), base.getMessage(), base.getCause(), base.getHttpResponse());
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/internal/CallableOperationTest.java b/src/test/java/com/google/firebase/internal/CallableOperationTest.java
index 2ead9a9c7..d38c96776 100644
--- a/src/test/java/com/google/firebase/internal/CallableOperationTest.java
+++ b/src/test/java/com/google/firebase/internal/CallableOperationTest.java
@@ -24,7 +24,6 @@
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
-import com.google.firebase.FirebaseOptions.Builder;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
 import com.google.firebase.internal.FirebaseThreadManagers.GlobalThreadManager;
@@ -38,7 +37,7 @@
 public class CallableOperationTest {
 
   private static final String TEST_FIREBASE_THREAD = "test-firebase-thread";
-  private static final FirebaseOptions OPTIONS = new Builder()
+  private static final FirebaseOptions OPTIONS = FirebaseOptions.builder()
       .setCredentials(new MockGoogleCredentials())
       .setThreadManager(new MockThreadManager())
       .build();
diff --git a/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java b/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java
new file mode 100644
index 000000000..591914002
--- /dev/null
+++ b/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java
@@ -0,0 +1,358 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.fail;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.http.ByteArrayContent;
+import com.google.api.client.http.HttpContent;
+import com.google.api.client.http.HttpMethods;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.http.HttpStatusCodes;
+import com.google.api.client.http.LowLevelHttpRequest;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.testing.http.MockHttpTransport;
+import com.google.api.client.testing.http.MockLowLevelHttpResponse;
+import com.google.api.client.testing.util.MockSleeper;
+import com.google.api.client.util.GenericData;
+import com.google.auth.oauth2.AccessToken;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.FirebaseOptions;
+import com.google.firebase.IncomingHttpResponse;
+import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.testing.TestResponseInterceptor;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import org.junit.Test;
+
+public class ErrorHandlingHttpClientTest {
+
+  private static final JsonFactory DEFAULT_JSON_FACTORY = Utils.getDefaultJsonFactory();
+
+  private static final HttpRequestInfo TEST_REQUEST = HttpRequestInfo.buildGetRequest(
+      "https://firebase.google.com");
+
+  @Test(expected = NullPointerException.class)
+  public void testNullRequestFactory() {
+    new ErrorHandlingHttpClient<>(
+        null,
+        DEFAULT_JSON_FACTORY,
+        new TestHttpErrorHandler());
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testNullJsonFactory() {
+    new ErrorHandlingHttpClient<>(
+        Utils.getDefaultTransport().createRequestFactory(),
+        null,
+        new TestHttpErrorHandler());
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testNullErrorHandler() {
+    new ErrorHandlingHttpClient<>(
+        Utils.getDefaultTransport().createRequestFactory(),
+        DEFAULT_JSON_FACTORY,
+        null);
+  }
+
+  @Test
+  public void testSuccessfulRequest() throws FirebaseException {
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent("{\"foo\": \"bar\"}");
+    ErrorHandlingHttpClient<FirebaseException> client = createHttpClient(response);
+
+    GenericData body = client.sendAndParse(TEST_REQUEST, GenericData.class);
+
+    assertEquals(1, body.size());
+    assertEquals("bar", body.get("foo"));
+  }
+
+  @Test
+  public void testSuccessfulRequestWithoutContent() throws FirebaseException {
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setZeroContent();
+    ErrorHandlingHttpClient<FirebaseException> client = createHttpClient(response);
+
+    IncomingHttpResponse responseInfo = client.send(TEST_REQUEST);
+
+    assertEquals(HttpStatusCodes.STATUS_CODE_OK, responseInfo.getStatusCode());
+    assertNull(responseInfo.getContent());
+  }
+
+  @Test
+  public void testSuccessfulRequestWithHeadersAndBody() throws FirebaseException, IOException {
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent("{\"foo\": \"bar\"}");
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    ErrorHandlingHttpClient<FirebaseException> client = createHttpClient(response)
+        .setInterceptor(interceptor);
+
+    HttpRequestInfo request = HttpRequestInfo.buildJsonPostRequest(
+        "https://firebase.google.com", ImmutableMap.of("key", "value"));
+
+    request.addHeader("h1", "v1")
+        .addAllHeaders(ImmutableMap.of("h2", "v2", "h3", "v3"));
+    GenericData body = client.sendAndParse(request, GenericData.class);
+
+    assertEquals(1, body.size());
+    assertEquals("bar", body.get("foo"));
+    HttpRequest last = interceptor.getLastRequest();
+    assertEquals(HttpMethods.POST, last.getRequestMethod());
+    assertEquals("v1", last.getHeaders().get("h1"));
+    assertEquals("v2", last.getHeaders().get("h2"));
+    assertEquals("v3", last.getHeaders().get("h3"));
+
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    last.getContent().writeTo(out);
+    assertEquals("{\"key\":\"value\"}", out.toString());
+  }
+
+  @Test
+  public void testSuccessfulRequestWithNonJsonBody() throws FirebaseException, IOException {
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent("{\"foo\": \"bar\"}");
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    ErrorHandlingHttpClient<FirebaseException> client = createHttpClient(response)
+        .setInterceptor(interceptor);
+    HttpContent content = new ByteArrayContent("text/plain", "Test".getBytes());
+
+    HttpRequestInfo request = HttpRequestInfo.buildRequest(
+        HttpMethods.POST, "https://firebase.google.com", content);
+
+    GenericData body = client.sendAndParse(request, GenericData.class);
+
+    assertEquals(1, body.size());
+    assertEquals("bar", body.get("foo"));
+    HttpRequest last = interceptor.getLastRequest();
+    assertEquals(HttpMethods.POST, last.getRequestMethod());
+    assertEquals("text/plain", last.getContent().getType());
+
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    last.getContent().writeTo(out);
+    assertEquals("Test", out.toString());
+  }
+
+  @Test
+  public void testUnsupportedMethod() throws FirebaseException, IOException {
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(new MockLowLevelHttpResponse().setContent("{}"))
+        .setSupportedMethods(ImmutableSet.of(HttpMethods.GET, HttpMethods.POST))
+        .build();
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    ErrorHandlingHttpClient<FirebaseException> client = new ErrorHandlingHttpClient<>(
+        transport.createRequestFactory(), DEFAULT_JSON_FACTORY, new TestHttpErrorHandler());
+    client.setInterceptor(interceptor);
+    HttpRequestInfo patchRequest = HttpRequestInfo.buildJsonRequest(
+        HttpMethods.PATCH, "https://firebase.google.com", ImmutableMap.of("key", "value"));
+
+    client.sendAndParse(patchRequest, GenericData.class);
+
+    HttpRequest last = interceptor.getLastRequest();
+    assertEquals(HttpMethods.POST, last.getRequestMethod());
+    assertEquals(HttpMethods.PATCH, last.getHeaders().get("X-HTTP-Method-Override"));
+
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    last.getContent().writeTo(out);
+    assertEquals("{\"key\":\"value\"}", out.toString());
+  }
+
+  @Test
+  public void testNetworkError() {
+    final IOException exception = new IOException("Test");
+    MockHttpTransport transport = new MockHttpTransport(){
+      @Override
+      public LowLevelHttpRequest buildRequest(String method, String url) throws IOException {
+        throw exception;
+      }
+    };
+    ErrorHandlingHttpClient<FirebaseException> client = new ErrorHandlingHttpClient<>(
+        transport.createRequestFactory(),
+        DEFAULT_JSON_FACTORY,
+        new TestHttpErrorHandler());
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals("IO error: Test", e.getMessage());
+      assertNull(e.getHttpResponse());
+      assertSame(exception, e.getCause());
+    }
+  }
+
+  @Test
+  public void testErrorResponse() {
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setStatusCode(HttpStatusCodes.STATUS_CODE_SERVER_ERROR)
+        .addHeader("Custom-Header", "value")
+        .setContent("{}");
+    ErrorHandlingHttpClient<FirebaseException> client = createHttpClient(response);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals("Example error message: {}", e.getMessage());
+      assertHttpResponse(e, HttpStatusCodes.STATUS_CODE_SERVER_ERROR, "{}");
+      IncomingHttpResponse httpResponse = e.getHttpResponse();
+      assertEquals(1, httpResponse.getHeaders().size());
+      assertEquals(ImmutableList.of("value"), httpResponse.getHeaders().get("custom-header"));
+      assertNotNull(e.getCause());
+    }
+  }
+
+  @Test
+  public void testParseError() {
+    String payload = "not json";
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent(payload);
+    ErrorHandlingHttpClient<FirebaseException> client = createHttpClient(response);
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals("Parse error", e.getMessage());
+      assertHttpResponse(e, HttpStatusCodes.STATUS_CODE_OK, payload);
+      assertNotNull(e.getCause());
+    }
+  }
+
+  @Test
+  public void testRetryOnError() {
+    CountingLowLevelHttpRequest request = CountingLowLevelHttpRequest.fromStatus(503);
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpRequest(request)
+        .build();
+
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(new MockGoogleCredentials("token"))
+        .setHttpTransport(transport)
+        .build());
+    RetryConfig retryConfig = RetryConfig.builder()
+        .setMaxRetries(4)
+        .setRetryStatusCodes(ImmutableList.of(503))
+        .setSleeper(new MockSleeper())
+        .build();
+    HttpRequestFactory requestFactory = ApiClientUtils.newAuthorizedRequestFactory(
+        app, retryConfig);
+    ErrorHandlingHttpClient<FirebaseException> client = new ErrorHandlingHttpClient<>(
+        requestFactory, Utils.getDefaultJsonFactory(), new TestHttpErrorHandler());
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals("Example error message: null", e.getMessage());
+      assertHttpResponse(e, HttpStatusCodes.STATUS_CODE_SERVICE_UNAVAILABLE, null);
+      assertNotNull(e.getCause());
+
+      assertEquals(5, request.getCount());
+    } finally {
+      app.delete();
+    }
+  }
+
+  @Test
+  public void testRequestInitializationError() {
+    CountingLowLevelHttpRequest request = CountingLowLevelHttpRequest.fromStatus(503);
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpRequest(request)
+        .build();
+
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(new MockGoogleCredentials() {
+          @Override
+          public AccessToken refreshAccessToken() throws IOException {
+            throw new IOException("Failed to fetch credentials");
+          }
+        })
+        .setHttpTransport(transport)
+        .build());
+    HttpRequestFactory requestFactory = ApiClientUtils.newAuthorizedRequestFactory(app);
+    ErrorHandlingHttpClient<FirebaseException> client = new ErrorHandlingHttpClient<>(
+        requestFactory, Utils.getDefaultJsonFactory(), new TestHttpErrorHandler());
+
+    try {
+      client.sendAndParse(TEST_REQUEST, GenericData.class);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals("IO error: Failed to fetch credentials", e.getMessage());
+      assertNull(e.getHttpResponse());
+      assertNotNull(e.getCause());
+    } finally {
+      app.delete();
+    }
+  }
+
+  private ErrorHandlingHttpClient<FirebaseException> createHttpClient(
+      MockLowLevelHttpResponse response) {
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(response)
+        .build();
+    return new ErrorHandlingHttpClient<>(
+        transport.createRequestFactory(),
+        DEFAULT_JSON_FACTORY,
+        new TestHttpErrorHandler());
+  }
+
+  private void assertHttpResponse(FirebaseException e, int statusCode, String content) {
+    IncomingHttpResponse httpResponse = e.getHttpResponse();
+    assertNotNull(httpResponse);
+    assertEquals(statusCode, httpResponse.getStatusCode());
+    assertEquals(content, httpResponse.getContent());
+    assertEquals("GET", httpResponse.getRequest().getMethod());
+  }
+
+  private static class TestHttpErrorHandler implements HttpErrorHandler<FirebaseException> {
+    @Override
+    public FirebaseException handleIOException(IOException e) {
+      return new FirebaseException(
+          ErrorCode.UNKNOWN, "IO error: " + e.getMessage(), e);
+    }
+
+    @Override
+    public FirebaseException handleHttpResponseException(
+        HttpResponseException e, IncomingHttpResponse response) {
+      return new FirebaseException(
+          ErrorCode.INTERNAL, "Example error message: " + e.getContent(), e, response);
+    }
+
+    @Override
+    public FirebaseException handleParseException(IOException e, IncomingHttpResponse response) {
+      return new FirebaseException(ErrorCode.UNKNOWN, "Parse error", e, response);
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/internal/FirebaseAppStoreTest.java b/src/test/java/com/google/firebase/internal/FirebaseAppStoreTest.java
index 4b3699d82..b6b502fdc 100644
--- a/src/test/java/com/google/firebase/internal/FirebaseAppStoreTest.java
+++ b/src/test/java/com/google/firebase/internal/FirebaseAppStoreTest.java
@@ -16,8 +16,6 @@
 
 package com.google.firebase.internal;
 
-import static org.junit.Assert.assertTrue;
-
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
@@ -34,7 +32,7 @@ public class FirebaseAppStoreTest {
   private static final String FIREBASE_DB_URL = "https://mock-project.firebaseio.com";
 
   private static final FirebaseOptions ALL_VALUES_OPTIONS =
-      new FirebaseOptions.Builder()
+      FirebaseOptions.builder()
           .setDatabaseUrl(FIREBASE_DB_URL)
           .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
           .build();
@@ -55,7 +53,7 @@ public void incompatibleAppInitializedDoesntThrow() throws IOException {
     FirebaseApp.initializeApp(ALL_VALUES_OPTIONS, name);
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
     FirebaseOptions options =
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .build();
     FirebaseApp.initializeApp(options, name);
@@ -66,18 +64,9 @@ public void incompatibleDefaultAppInitializedDoesntThrow() throws IOException {
     FirebaseApp.initializeApp(ALL_VALUES_OPTIONS);
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
     FirebaseOptions options =
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .build();
     FirebaseApp.initializeApp(options);
   }
-
-  @Test
-  public void persistenceDisabled() {
-    String name = "myApp";
-    FirebaseApp.initializeApp(ALL_VALUES_OPTIONS, name);
-    TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
-    FirebaseAppStore appStore = FirebaseAppStore.getInstance();
-    assertTrue(!appStore.getAllPersistedAppNames().contains(name));
-  }
 }
diff --git a/src/test/java/com/google/firebase/internal/FirebaseRequestInitializerTest.java b/src/test/java/com/google/firebase/internal/FirebaseRequestInitializerTest.java
index 1f610f5e3..fde2f918b 100644
--- a/src/test/java/com/google/firebase/internal/FirebaseRequestInitializerTest.java
+++ b/src/test/java/com/google/firebase/internal/FirebaseRequestInitializerTest.java
@@ -46,7 +46,7 @@ public void tearDown() {
 
   @Test
   public void testDefaultSettings() throws Exception {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("token"))
         .build());
     HttpRequest request = TestUtils.createRequest();
@@ -65,7 +65,7 @@ public void testDefaultSettings() throws Exception {
 
   @Test
   public void testExplicitTimeouts() throws Exception {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("token"))
         .setConnectTimeout(CONNECT_TIMEOUT_MILLIS)
         .setReadTimeout(READ_TIMEOUT_MILLIS)
@@ -85,7 +85,7 @@ public void testExplicitTimeouts() throws Exception {
 
   @Test
   public void testRetryConfig() throws Exception {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("token"))
         .build());
     RetryConfig retryConfig = RetryConfig.builder()
@@ -106,7 +106,7 @@ public void testRetryConfig() throws Exception {
 
   @Test
   public void testRetryConfigWithIOExceptionHandling() throws Exception {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("token"))
         .build());
     RetryConfig retryConfig = RetryConfig.builder()
@@ -128,7 +128,7 @@ public void testRetryConfigWithIOExceptionHandling() throws Exception {
 
   @Test
   public void testCredentialsRetryHandler() throws Exception {
-    FirebaseApp app = FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("token"))
         .build());
     RetryConfig retryConfig = RetryConfig.builder()
diff --git a/src/test/java/com/google/firebase/internal/FirebaseThreadManagersTest.java b/src/test/java/com/google/firebase/internal/FirebaseThreadManagersTest.java
index 2b117f29f..286cdf09f 100644
--- a/src/test/java/com/google/firebase/internal/FirebaseThreadManagersTest.java
+++ b/src/test/java/com/google/firebase/internal/FirebaseThreadManagersTest.java
@@ -49,7 +49,7 @@ public void tearDown() {
   @Test
   public void testGlobalThreadManager() {
     MockThreadManager threadManager = new MockThreadManager();
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials())
         .setThreadManager(threadManager)
         .build();
@@ -74,7 +74,7 @@ public void testGlobalThreadManager() {
   @Test
   public void testGlobalThreadManagerWithMultipleApps() {
     MockThreadManager threadManager = new MockThreadManager();
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials())
         .build();
     FirebaseApp defaultApp = FirebaseApp.initializeApp(options);
@@ -99,7 +99,7 @@ public void testGlobalThreadManagerWithMultipleApps() {
   @Test
   public void testGlobalThreadManagerReInit() {
     MockThreadManager threadManager = new MockThreadManager();
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials())
         .setThreadManager(threadManager)
         .build();
@@ -125,7 +125,7 @@ public void testGlobalThreadManagerReInit() {
 
   @Test
   public void testDefaultThreadManager() throws Exception {
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials())
         .build();
     FirebaseApp defaultApp = FirebaseApp.initializeApp(options);
diff --git a/src/test/java/com/google/firebase/internal/TestApiClientUtils.java b/src/test/java/com/google/firebase/internal/TestApiClientUtils.java
index 9f4bc2d09..510e08cd5 100644
--- a/src/test/java/com/google/firebase/internal/TestApiClientUtils.java
+++ b/src/test/java/com/google/firebase/internal/TestApiClientUtils.java
@@ -18,17 +18,14 @@
 
 import static com.google.firebase.internal.ApiClientUtils.DEFAULT_RETRY_CONFIG;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpUnsuccessfulResponseHandler;
 import com.google.api.client.testing.util.MockSleeper;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.internal.RetryInitializer.RetryHandlerDecorator;
-import java.io.IOException;
 
 public class TestApiClientUtils {
 
@@ -39,8 +36,6 @@ public class TestApiClientUtils {
       .setSleeper(new MockSleeper())
       .build();
 
-  private static final GenericUrl TEST_URL = new GenericUrl("https://firebase.google.com");
-
   /**
    * Creates a new {@code HttpRequestFactory} which provides authorization (OAuth2), timeouts and
    * automatic retries. Bypasses exponential backoff between consecutive retries for faster
@@ -65,20 +60,12 @@ public static HttpRequestFactory retryDisabledRequestFactory(FirebaseApp app) {
   }
 
   /**
-   * Checks whther the given HttpRequestFactory has been configured for authorization and
+   * Checks whether the given HttpRequest has been configured for authorization and
    * automatic retries.
    *
-   * @param requestFactory The HttpRequestFactory to check.
+   * @param request The HttpRequest to check.
    */
-  public static void assertAuthAndRetrySupport(HttpRequestFactory requestFactory) {
-    assertTrue(requestFactory.getInitializer() instanceof FirebaseRequestInitializer);
-    HttpRequest request;
-    try {
-      request = requestFactory.buildGetRequest(TEST_URL);
-    } catch (IOException e) {
-      throw new RuntimeException("Failed to initialize request", e);
-    }
-
+  public static void assertAuthAndRetrySupport(HttpRequest request) {
     // Verify authorization
     assertTrue(request.getHeaders().getAuthorization().startsWith("Bearer "));
 
@@ -89,7 +76,7 @@ public static void assertAuthAndRetrySupport(HttpRequestFactory requestFactory)
         .getRetryConfig();
     assertEquals(DEFAULT_RETRY_CONFIG.getMaxRetries(), retryConfig.getMaxRetries());
     assertEquals(DEFAULT_RETRY_CONFIG.getMaxIntervalMillis(), retryConfig.getMaxIntervalMillis());
-    assertFalse(retryConfig.isRetryOnIOExceptions());
+    assertEquals(DEFAULT_RETRY_CONFIG.isRetryOnIOExceptions(), retryConfig.isRetryOnIOExceptions());
     assertEquals(DEFAULT_RETRY_CONFIG.getRetryStatusCodes(), retryConfig.getRetryStatusCodes());
   }
 }
diff --git a/src/test/java/com/google/firebase/messaging/BatchResponseTest.java b/src/test/java/com/google/firebase/messaging/BatchResponseTest.java
index 9c174f569..441822220 100644
--- a/src/test/java/com/google/firebase/messaging/BatchResponseTest.java
+++ b/src/test/java/com/google/firebase/messaging/BatchResponseTest.java
@@ -21,6 +21,7 @@
 import static org.junit.Assert.fail;
 
 import com.google.common.collect.ImmutableList;
+import com.google.firebase.ErrorCode;
 import java.util.ArrayList;
 import java.util.List;
 import org.junit.Test;
@@ -43,8 +44,8 @@ public void testSomeResponse() {
     ImmutableList<SendResponse> responses = ImmutableList.of(
         SendResponse.fromMessageId("message1"),
         SendResponse.fromMessageId("message2"),
-        SendResponse.fromException(new FirebaseMessagingException("error-code",
-            "error-message", null))
+        SendResponse.fromException(
+            new FirebaseMessagingException(ErrorCode.INTERNAL, "error-message"))
     );
 
     BatchResponse batchResponse = new BatchResponseImpl(responses);
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
index 0b84e008e..9f8780e89 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
@@ -27,6 +27,7 @@
 import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpHeaders;
+import com.google.api.client.http.HttpMethods;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestInitializer;
 import com.google.api.client.http.HttpResponseException;
@@ -37,8 +38,10 @@
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
+import com.google.firebase.OutgoingHttpRequest;
 import com.google.firebase.auth.MockGoogleCredentials;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.messaging.WebpushNotification.Action;
@@ -62,6 +65,11 @@ public class FirebaseMessagingClientImplTest {
 
   private static final List<Integer> HTTP_ERRORS = ImmutableList.of(401, 404, 500);
 
+  private static final Map<Integer, ErrorCode> HTTP_2_ERROR = ImmutableMap.of(
+      401, ErrorCode.UNAUTHENTICATED,
+      404, ErrorCode.NOT_FOUND,
+      500, ErrorCode.INTERNAL);
+
   private static final String MOCK_RESPONSE = "{\"name\": \"mock-name\"}";
 
   private static final String MOCK_BATCH_SUCCESS_RESPONSE = TestUtils.loadResource(
@@ -128,8 +136,8 @@ public void testSendHttpError() {
         client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "unknown-error",
-            "Unexpected HTTP response with status: " + code + "; body: {}");
+        checkExceptionFromHttpResponse(error, HTTP_2_ERROR.get(code), null,
+            "Unexpected HTTP response with status: " + code + "\n{}");
       }
       checkRequestHeader(interceptor.getLastRequest());
     }
@@ -143,9 +151,12 @@ public void testSendTransportError() {
       client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
       fail("No error thrown for HTTP error");
     } catch (FirebaseMessagingException error) {
-      assertEquals("internal-error", error.getErrorCode());
-      assertEquals("Error while calling FCM backend service", error.getMessage());
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals("Unknown error while making a remote service call: transport error",
+          error.getMessage());
       assertTrue(error.getCause() instanceof IOException);
+      assertNull(error.getHttpResponse());
+      assertNull(error.getMessagingErrorCode());
     }
   }
 
@@ -160,8 +171,11 @@ public void testSendSuccessResponseWithUnexpectedPayload() {
         client.send(entry.getKey(), DRY_RUN_DISABLED);
         fail("No error thrown for malformed response");
       } catch (FirebaseMessagingException error) {
-        assertEquals("internal-error", error.getErrorCode());
-        assertEquals("Error while calling FCM backend service", error.getMessage());
+        assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+        assertTrue(error.getMessage().startsWith("Error while parsing HTTP response: "));
+        assertNotNull(error.getCause());
+        assertNotNull(error.getHttpResponse());
+        assertNull(error.getMessagingErrorCode());
       }
       checkRequestHeader(interceptor.getLastRequest());
     }
@@ -176,8 +190,8 @@ public void testSendErrorWithZeroContentResponse() {
         client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "unknown-error",
-            "Unexpected HTTP response with status: " + code + "; body: null");
+        checkExceptionFromHttpResponse(error, HTTP_2_ERROR.get(code), null,
+            "Unexpected HTTP response with status: " + code + "\nnull");
       }
       checkRequestHeader(interceptor.getLastRequest());
     }
@@ -192,8 +206,8 @@ public void testSendErrorWithMalformedResponse() {
         client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "unknown-error",
-            "Unexpected HTTP response with status: " + code + "; body: not json");
+        checkExceptionFromHttpResponse(error, HTTP_2_ERROR.get(code), null,
+            "Unexpected HTTP response with status: " + code + "\nnot json");
       }
       checkRequestHeader(interceptor.getLastRequest());
     }
@@ -209,7 +223,7 @@ public void testSendErrorWithDetails() {
         client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "invalid-argument");
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null);
       }
       checkRequestHeader(interceptor.getLastRequest());
     }
@@ -225,7 +239,7 @@ public void testSendErrorWithCanonicalCode() {
         client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "registration-token-not-registered");
+        checkExceptionFromHttpResponse(error, ErrorCode.NOT_FOUND, null);
       }
       checkRequestHeader(interceptor.getLastRequest());
     }
@@ -243,7 +257,8 @@ public void testSendErrorWithFcmError() {
         client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "registration-token-not-registered");
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
+            MessagingErrorCode.UNREGISTERED);
       }
       checkRequestHeader(interceptor.getLastRequest());
     }
@@ -261,7 +276,44 @@ public void testSendErrorWithThirdPartyError() {
         client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "third-party-auth-error");
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
+            MessagingErrorCode.THIRD_PARTY_AUTH_ERROR);
+      }
+      checkRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testSendErrorWithUnknownFcmErrorCode() {
+    for (int code : HTTP_ERRORS) {
+      response.setStatusCode(code).setContent(
+          "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\", "
+              + "\"details\":[{\"@type\": \"type.googleapis.com/google.firebase.fcm"
+              + ".v1.FcmError\", \"errorCode\": \"UNKNOWN_FCM_ERROR\"}]}}");
+
+      try {
+        client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseMessagingException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null);
+      }
+      checkRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testSendErrorWithDetailsAndNoCode() {
+    for (int code : HTTP_ERRORS) {
+      response.setStatusCode(code).setContent(
+          "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\", "
+              + "\"details\":[{\"@type\": \"type.googleapis.com/google.firebase.fcm"
+              + ".v1.FcmError\"}]}}");
+
+      try {
+        client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseMessagingException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null);
       }
       checkRequestHeader(interceptor.getLastRequest());
     }
@@ -338,8 +390,8 @@ public void testSendAllHttpError() {
         client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "unknown-error",
-            "Unexpected HTTP response with status: " + code + "; body: {}");
+        checkExceptionFromHttpResponse(error, HTTP_2_ERROR.get(code), null,
+            "Unexpected HTTP response with status: " + code + "\n{}");
       }
       checkBatchRequestHeader(interceptor.getLastRequest());
     }
@@ -353,9 +405,12 @@ public void testSendAllTransportError() {
       client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
       fail("No error thrown for HTTP error");
     } catch (FirebaseMessagingException error) {
-      assertEquals("internal-error", error.getErrorCode());
-      assertEquals("Error while calling FCM backend service", error.getMessage());
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals(
+          "Unknown error while making a remote service call: transport error", error.getMessage());
       assertTrue(error.getCause() instanceof IOException);
+      assertNull(error.getHttpResponse());
+      assertNull(error.getMessagingErrorCode());
     }
   }
 
@@ -368,8 +423,8 @@ public void testSendAllErrorWithEmptyResponse() {
         client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "unknown-error",
-            "Unexpected HTTP response with status: " + code + "; body: null");
+        checkExceptionFromHttpResponse(error, HTTP_2_ERROR.get(code), null,
+            "Unexpected HTTP response with status: " + code + "\nnull");
       }
       checkBatchRequestHeader(interceptor.getLastRequest());
     }
@@ -385,7 +440,7 @@ public void testSendAllErrorWithDetails() {
         client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "invalid-argument");
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null);
       }
       checkBatchRequestHeader(interceptor.getLastRequest());
     }
@@ -401,7 +456,7 @@ public void testSendAllErrorWithCanonicalCode() {
         client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "registration-token-not-registered");
+        checkExceptionFromHttpResponse(error, ErrorCode.NOT_FOUND, null);
       }
       checkBatchRequestHeader(interceptor.getLastRequest());
     }
@@ -419,7 +474,8 @@ public void testSendAllErrorWithFcmError() {
         client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "registration-token-not-registered");
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
+            MessagingErrorCode.UNREGISTERED);
       }
       checkBatchRequestHeader(interceptor.getLastRequest());
     }
@@ -437,8 +493,9 @@ public void testSendAllErrorWithoutMessage() {
         client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, "registration-token-not-registered",
-            "Unexpected HTTP response with status: " + code + "; body: " + responseBody);
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
+            MessagingErrorCode.UNREGISTERED,
+            "Unexpected HTTP response with status: " + code + "\n" + responseBody);
       }
       checkBatchRequestHeader(interceptor.getLastRequest());
     }
@@ -466,7 +523,7 @@ public void testBuilderNullChildRequestFactory() {
 
   @Test
   public void testFromApp() throws IOException {
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("test-token"))
         .setProjectId("test-project")
         .build();
@@ -476,7 +533,6 @@ public void testFromApp() throws IOException {
       FirebaseMessagingClientImpl client = FirebaseMessagingClientImpl.fromApp(app);
 
       assertEquals(TEST_FCM_URL, client.getFcmSendUrl());
-      assertEquals("fire-admin-java/" + SdkUtils.getVersion(), client.getClientVersion());
       assertSame(options.getJsonFactory(), client.getJsonFactory());
 
       HttpRequest request = client.getRequestFactory().buildGetRequest(
@@ -569,7 +625,10 @@ private void assertBatchResponse(
 
       FirebaseMessagingException exception = sendResponse.getException();
       assertNotNull(exception);
-      assertEquals("invalid-argument", exception.getErrorCode());
+      assertEquals(ErrorCode.INVALID_ARGUMENT, exception.getErrorCode());
+      assertNull(exception.getCause());
+      assertNull(exception.getHttpResponse());
+      assertEquals(MessagingErrorCode.INVALID_ARGUMENT, exception.getMessagingErrorCode());
     }
 
     checkBatchRequestHeader(interceptor.getLastRequest());
@@ -610,15 +669,26 @@ private FirebaseMessagingClientImpl.Builder fullyPopulatedBuilder() {
   }
 
   private void checkExceptionFromHttpResponse(
-      FirebaseMessagingException error, String expectedCode) {
-    checkExceptionFromHttpResponse(error, expectedCode, "test error");
+      FirebaseMessagingException error,
+      ErrorCode expectedCode,
+      MessagingErrorCode expectedMessagingCode) {
+    checkExceptionFromHttpResponse(error, expectedCode, expectedMessagingCode, "test error");
   }
 
   private void checkExceptionFromHttpResponse(
-      FirebaseMessagingException error, String expectedCode, String expectedMessage) {
+      FirebaseMessagingException error,
+      ErrorCode expectedCode,
+      MessagingErrorCode expectedMessagingCode,
+      String expectedMessage) {
     assertEquals(expectedCode, error.getErrorCode());
     assertEquals(expectedMessage, error.getMessage());
     assertTrue(error.getCause() instanceof HttpResponseException);
+    assertEquals(expectedMessagingCode, error.getMessagingErrorCode());
+
+    assertNotNull(error.getHttpResponse());
+    OutgoingHttpRequest request = error.getHttpResponse().getRequest();
+    assertEquals(HttpMethods.POST, request.getMethod());
+    assertTrue(request.getUrl().startsWith("https://fcm.googleapis.com"));
   }
 
   private static Map<Message, Map<String, Object>> buildTestMessages() {
@@ -633,7 +703,10 @@ private static Map<Message, Map<String, Object>> buildTestMessages() {
     // Notification message
     builder.put(
         Message.builder()
-            .setNotification(new Notification("test title", "test body"))
+            .setNotification(Notification.builder()
+                .setTitle("test title")
+                .setBody("test body")
+                .build())
             .setTopic("test-topic")
             .build(),
         ImmutableMap.<String, Object>of(
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
index 4d9af55d0..9ae7bba24 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
@@ -22,10 +22,13 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
+import com.google.api.client.http.HttpResponseException;
 import com.google.common.collect.ImmutableList;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.testing.IntegrationTestUtils;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.concurrent.ExecutionException;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
@@ -72,22 +75,52 @@ public void testSend() throws Exception {
     assertTrue(id != null && id.matches("^projects/.*/messages/.*$"));
   }
 
+  @Test
+  public void testSendError() throws InterruptedException {
+    FirebaseMessaging messaging = FirebaseMessaging.getInstance();
+    Message message = Message.builder()
+        .setNotification(Notification.builder()
+            .setTitle("Title")
+            .setBody("Body")
+            .build())
+        .setToken("not-a-token")
+        .build();
+    try {
+      messaging.sendAsync(message, true).get();
+    } catch (ExecutionException e) {
+      FirebaseMessagingException cause = (FirebaseMessagingException) e.getCause();
+      assertEquals(ErrorCode.INVALID_ARGUMENT, cause.getErrorCode());
+      assertEquals(MessagingErrorCode.INVALID_ARGUMENT, cause.getMessagingErrorCode());
+      assertNotNull(cause.getHttpResponse());
+      assertTrue(cause.getCause() instanceof HttpResponseException);
+    }
+  }
+
   @Test
   public void testSendAll() throws Exception {
     List<Message> messages = new ArrayList<>();
     messages.add(
         Message.builder()
-          .setNotification(new Notification("Title", "Body"))
+          .setNotification(Notification.builder()
+              .setTitle("Title")
+              .setBody("Body")
+              .build())
           .setTopic("foo-bar")
           .build());
     messages.add(
         Message.builder()
-          .setNotification(new Notification("Title", "Body"))
+          .setNotification(Notification.builder()
+              .setTitle("Title")
+              .setBody("Body")
+              .build())
           .setTopic("foo-bar")
           .build());
     messages.add(
         Message.builder()
-          .setNotification(new Notification("Title", "Body"))
+          .setNotification(Notification.builder()
+              .setTitle("Title")
+              .setBody("Body")
+              .build())
           .setToken("not-a-token")
           .build());
 
@@ -110,7 +143,7 @@ public void testSendAll() throws Exception {
     assertNull(responses.get(2).getMessageId());
     FirebaseMessagingException exception = responses.get(2).getException();
     assertNotNull(exception);
-    assertEquals("invalid-argument", exception.getErrorCode());
+    assertEquals(ErrorCode.INVALID_ARGUMENT, exception.getErrorCode());
   }
 
   @Test
@@ -139,7 +172,10 @@ public void testSendFiveHundred() throws Exception {
   @Test
   public void testSendMulticast() throws Exception {
     MulticastMessage multicastMessage = MulticastMessage.builder()
-        .setNotification(new Notification("Title", "Body"))
+        .setNotification(Notification.builder()
+            .setTitle("Title")
+            .setBody("Body")
+            .build())
         .addToken("not-a-token")
         .addToken("also-not-a-token")
         .build();
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
index 496823175..8e8e79e07 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
@@ -27,6 +27,7 @@
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableList;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
@@ -50,7 +51,7 @@ public class FirebaseMessagingTest {
       .addToken("test-fcm-token2")
       .build();
   private static final FirebaseMessagingException TEST_EXCEPTION =
-      new FirebaseMessagingException("TEST_CODE", "Test error message", new Exception());
+      new FirebaseMessagingException(ErrorCode.INTERNAL, "Test error message");
 
   private static final ImmutableList.Builder<String> TOO_MANY_IDS = ImmutableList.builder();
 
diff --git a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
index c7e1cc24a..7724e4f6e 100644
--- a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
@@ -17,12 +17,13 @@
 package com.google.firebase.messaging;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import com.google.api.client.googleapis.util.Utils;
-import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpMethods;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpResponseException;
 import com.google.api.client.http.HttpResponseInterceptor;
@@ -31,8 +32,12 @@
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
+import com.google.firebase.IncomingHttpResponse;
+import com.google.firebase.OutgoingHttpRequest;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
 import com.google.firebase.testing.TestResponseInterceptor;
@@ -55,6 +60,11 @@ public class InstanceIdClientImplTest {
 
   private static final List<Integer> HTTP_ERRORS = ImmutableList.of(401, 404, 500);
 
+  private static final Map<Integer, ErrorCode> HTTP_2_ERROR = ImmutableMap.of(
+      401, ErrorCode.UNAUTHENTICATED,
+      404, ErrorCode.NOT_FOUND,
+      500, ErrorCode.INTERNAL);
+
   @After
   public void tearDown() {
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
@@ -98,14 +108,16 @@ public void testSubscribeError() {
     TestResponseInterceptor interceptor = new TestResponseInterceptor();
     InstanceIdClient client = initInstanceIdClient(response, interceptor);
 
+    String content = "{\"error\": \"ErrorCode\"}";
     for (int statusCode : HTTP_ERRORS) {
-      response.setStatusCode(statusCode).setContent("{\"error\": \"test error\"}");
+      response.setStatusCode(statusCode).setContent(content);
 
       try {
         client.subscribeToTopic("test-topic", ImmutableList.of("id1", "id2"));
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, statusCode, "test error");
+        String expectedMessage = "Error while calling the IID service: ErrorCode";
+        checkExceptionFromHttpResponse(error, statusCode, expectedMessage);
       }
 
       checkTopicManagementRequestHeader(interceptor.getLastRequest(), TEST_IID_SUBSCRIBE_URL);
@@ -124,7 +136,7 @@ public void testSubscribeEmptyPayloadError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseMessagingException error) {
       checkExceptionFromHttpResponse(error, 500,
-          "Unexpected HTTP response with status: 500; body: {}");
+          "Unexpected HTTP response with status: 500\n{}");
     }
 
     checkTopicManagementRequestHeader(interceptor.getLastRequest(), TEST_IID_SUBSCRIBE_URL);
@@ -142,7 +154,7 @@ public void testSubscribeMalformedError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseMessagingException error) {
       checkExceptionFromHttpResponse(error, 500,
-          "Unexpected HTTP response with status: 500; body: not json");
+          "Unexpected HTTP response with status: 500\nnot json");
     }
 
     checkTopicManagementRequestHeader(interceptor.getLastRequest(), TEST_IID_SUBSCRIBE_URL);
@@ -160,7 +172,7 @@ public void testSubscribeZeroContentError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseMessagingException error) {
       checkExceptionFromHttpResponse(error, 500,
-          "Unexpected HTTP response with status: 500; body: null");
+          "Unexpected HTTP response with status: 500\nnull");
     }
 
     checkTopicManagementRequestHeader(interceptor.getLastRequest(), TEST_IID_SUBSCRIBE_URL);
@@ -174,8 +186,26 @@ public void testSubscribeTransportError() {
       client.subscribeToTopic("test-topic", ImmutableList.of("id1", "id2"));
       fail("No error thrown for HTTP error");
     } catch (FirebaseMessagingException error) {
-      assertEquals("internal-error", error.getErrorCode());
-      assertEquals("Error while calling IID backend service", error.getMessage());
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals(
+          "Unknown error while making a remote service call: transport error", error.getMessage());
+      assertTrue(error.getCause() instanceof IOException);
+    }
+  }
+
+  @Test
+  public void testSubscribeParseError() {
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent("not json");
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    InstanceIdClient client = initInstanceIdClient(response, interceptor);
+
+    try {
+      client.subscribeToTopic("test-topic", ImmutableList.of("id1", "id2"));
+      fail("No error thrown for HTTP error");
+    } catch (FirebaseMessagingException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertTrue(error.getMessage().startsWith("Error while parsing HTTP response: "));
       assertTrue(error.getCause() instanceof IOException);
     }
   }
@@ -218,14 +248,16 @@ public void testUnsubscribeError() {
     TestResponseInterceptor interceptor = new TestResponseInterceptor();
     InstanceIdClient client = initInstanceIdClient(response, interceptor);
 
+    String content = "{\"error\": \"ErrorCode\"}";
     for (int statusCode : HTTP_ERRORS) {
-      response.setStatusCode(statusCode).setContent("{\"error\": \"test error\"}");
+      response.setStatusCode(statusCode).setContent(content);
 
       try {
         client.unsubscribeFromTopic("test-topic", ImmutableList.of("id1", "id2"));
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, statusCode, "test error");
+        String expectedMessage = "Error while calling the IID service: ErrorCode";
+        checkExceptionFromHttpResponse(error, statusCode, expectedMessage);
       }
 
       checkTopicManagementRequestHeader(interceptor.getLastRequest(), TEST_IID_UNSUBSCRIBE_URL);
@@ -244,7 +276,7 @@ public void testUnsubscribeEmptyPayloadError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseMessagingException error) {
       checkExceptionFromHttpResponse(error, 500,
-          "Unexpected HTTP response with status: 500; body: {}");
+          "Unexpected HTTP response with status: 500\n{}");
     }
 
     checkTopicManagementRequestHeader(interceptor.getLastRequest(), TEST_IID_UNSUBSCRIBE_URL);
@@ -262,7 +294,7 @@ public void testUnsubscribeMalformedError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseMessagingException error) {
       checkExceptionFromHttpResponse(error, 500,
-          "Unexpected HTTP response with status: 500; body: not json");
+          "Unexpected HTTP response with status: 500\nnot json");
     }
 
     checkTopicManagementRequestHeader(interceptor.getLastRequest(), TEST_IID_UNSUBSCRIBE_URL);
@@ -280,7 +312,7 @@ public void testUnsubscribeZeroContentError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseMessagingException error) {
       checkExceptionFromHttpResponse(error, 500,
-          "Unexpected HTTP response with status: 500; body: null");
+          "Unexpected HTTP response with status: 500\nnull");
     }
 
     checkTopicManagementRequestHeader(interceptor.getLastRequest(), TEST_IID_UNSUBSCRIBE_URL);
@@ -294,8 +326,26 @@ public void testUnsubscribeTransportError() {
       client.unsubscribeFromTopic("test-topic", ImmutableList.of("id1", "id2"));
       fail("No error thrown for HTTP error");
     } catch (FirebaseMessagingException error) {
-      assertEquals("internal-error", error.getErrorCode());
-      assertEquals("Error while calling IID backend service", error.getMessage());
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals(
+          "Unknown error while making a remote service call: transport error", error.getMessage());
+      assertTrue(error.getCause() instanceof IOException);
+    }
+  }
+
+  @Test
+  public void testUnsubscribeParseError() {
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent("not json");
+    TestResponseInterceptor interceptor = new TestResponseInterceptor();
+    InstanceIdClient client = initInstanceIdClient(response, interceptor);
+
+    try {
+      client.unsubscribeFromTopic("test-topic", ImmutableList.of("id1", "id2"));
+      fail("No error thrown for HTTP error");
+    } catch (FirebaseMessagingException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertTrue(error.getMessage().startsWith("Error while parsing HTTP response: "));
       assertTrue(error.getCause() instanceof IOException);
     }
   }
@@ -311,9 +361,15 @@ public void testJsonFactoryIsNull() {
   }
 
   @Test
-  public void testFromApp() throws IOException {
-    FirebaseOptions options = new FirebaseOptions.Builder()
+  public void testFromApp() {
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setStatusCode(400).setZeroContent();
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(response)
+        .build();
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("test-token"))
+        .setHttpTransport(transport)
         .setProjectId("test-project")
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);
@@ -321,10 +377,14 @@ public void testFromApp() throws IOException {
     try {
       InstanceIdClientImpl client = InstanceIdClientImpl.fromApp(app);
 
-      assertSame(options.getJsonFactory(), client.getJsonFactory());
-      HttpRequest request = client.getRequestFactory().buildGetRequest(
-          new GenericUrl("https://example.com"));
-      assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
+      client.subscribeToTopic("test-topic", ImmutableList.of("id1", "id2"));
+      fail("No error thrown for error response");
+    } catch (FirebaseMessagingException e) {
+      assertNotNull(e.getHttpResponse());
+
+      List<String> auth = ImmutableList.of("Bearer test-token");
+      OutgoingHttpRequest request = e.getHttpResponse().getRequest();
+      assertEquals(auth, request.getHeaders().get("authorization"));
     } finally {
       app.delete();
     }
@@ -388,11 +448,20 @@ private void checkTopicManagementRequestHeader(
     assertEquals(expectedUrl, request.getUrl().toString());
   }
 
-  private void checkExceptionFromHttpResponse(FirebaseMessagingException error,
-      int expectedCode, String expectedMessage) {
-    assertEquals(getTopicManagementErrorCode(expectedCode), error.getErrorCode());
+  private void checkExceptionFromHttpResponse(
+      FirebaseMessagingException error, int statusCode, String expectedMessage) {
+    assertEquals(HTTP_2_ERROR.get(statusCode), error.getErrorCode());
     assertEquals(expectedMessage, error.getMessage());
     assertTrue(error.getCause() instanceof HttpResponseException);
+    assertNull(error.getMessagingErrorCode());
+
+    IncomingHttpResponse httpResponse = error.getHttpResponse();
+    assertNotNull(httpResponse);
+    assertEquals(statusCode, httpResponse.getStatusCode());
+
+    OutgoingHttpRequest request = httpResponse.getRequest();
+    assertEquals(HttpMethods.POST, request.getMethod());
+    assertTrue(request.getUrl().startsWith("https://iid.googleapis.com"));
   }
 
   private InstanceIdClient initClientWithFaultyTransport() {
@@ -400,12 +469,4 @@ private InstanceIdClient initClientWithFaultyTransport() {
         TestUtils.createFaultyHttpTransport().createRequestFactory(),
         Utils.getDefaultJsonFactory());
   }
-
-  private String getTopicManagementErrorCode(int statusCode) {
-    String code = InstanceIdClientImpl.IID_ERROR_CODES.get(statusCode);
-    if (code == null) {
-      code = "unknown-error";
-    }
-    return code;
-  }
 }
diff --git a/src/test/java/com/google/firebase/messaging/MessageTest.java b/src/test/java/com/google/firebase/messaging/MessageTest.java
index c97fb6b67..90b867d5f 100644
--- a/src/test/java/com/google/firebase/messaging/MessageTest.java
+++ b/src/test/java/com/google/firebase/messaging/MessageTest.java
@@ -29,11 +29,8 @@
 import java.io.IOException;
 import java.math.BigDecimal;
 import java.math.BigInteger;
-import java.text.SimpleDateFormat;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 import org.junit.Test;
@@ -94,7 +91,10 @@ public void testPrefixedTopicName() throws IOException {
   @Test
   public void testNotificationMessageDeprecatedConstructor() throws IOException {
     Message message = Message.builder()
-        .setNotification(new Notification("title", "body"))
+        .setNotification(Notification.builder()
+            .setTitle("title")
+            .setBody("body")
+            .build())
         .setTopic("test-topic")
         .build();
     Map<String, String> data = ImmutableMap.of("title", "title", "body", "body");
@@ -752,7 +752,11 @@ public void testIncorrectAnalyticsLabelFormat() {
   @Test
   public void testImageInNotificationDeprecatedConstructor() throws IOException {
     Message message = Message.builder()
-        .setNotification(new Notification("title", "body", TEST_IMAGE_URL))
+        .setNotification(Notification.builder()
+            .setTitle("title")
+            .setBody("body")
+            .setImage(TEST_IMAGE_URL)
+            .build())
         .setTopic("test-topic")
         .build();
     Map<String, String> data = ImmutableMap.of(
@@ -778,7 +782,11 @@ public void testImageInNotification() throws IOException {
   @Test
   public void testImageInAndroidNotification() throws IOException {
     Message message = Message.builder()
-        .setNotification(new Notification("title", "body", TEST_IMAGE_URL))
+        .setNotification(Notification.builder()
+            .setTitle("title")
+            .setBody("body")
+            .setImage(TEST_IMAGE_URL)
+            .build())
         .setAndroidConfig(AndroidConfig.builder()
             .setNotification(AndroidNotification.builder()
                 .setTitle("android-title")
@@ -808,7 +816,11 @@ public void testImageInAndroidNotification() throws IOException {
   public void testImageInApnsNotification() throws IOException {
     Message message = Message.builder()
         .setTopic("test-topic")
-        .setNotification(new Notification("title", "body", TEST_IMAGE_URL))
+        .setNotification(Notification.builder()
+            .setTitle("title")
+            .setBody("body")
+            .setImage(TEST_IMAGE_URL)
+            .build())
         .setApnsConfig(
             ApnsConfig.builder().setAps(Aps.builder().build())
                 .setFcmOptions(ApnsFcmOptions.builder().setImage(TEST_IMAGE_URL_APNS).build())
@@ -835,7 +847,7 @@ public void testImageInApnsNotification() throws IOException {
   }
 
   @Test
-  public void testInvalidColorInAndroidNotificationLightSettings() throws IOException {
+  public void testInvalidColorInAndroidNotificationLightSettings() {
     try {
       LightSettings.Builder lightSettingsBuilder = LightSettings.builder()
                       .setColorFromString("#01020K")
@@ -853,7 +865,10 @@ public void testInvalidColorInAndroidNotificationLightSettings() throws IOExcept
   public void testExtendedAndroidNotificationParameters() throws IOException {
     long[] vibrateTimings = {1000L, 1001L};
     Message message = Message.builder()
-        .setNotification(new Notification("title", "body"))
+        .setNotification(Notification.builder()
+            .setTitle("title")
+            .setBody("body")
+            .build())
         .setAndroidConfig(AndroidConfig.builder()
             .setNotification(AndroidNotification.builder()
                 .setTitle("android-title")
diff --git a/src/test/java/com/google/firebase/messaging/MulticastMessageTest.java b/src/test/java/com/google/firebase/messaging/MulticastMessageTest.java
index 1ea57d8d5..f26d0816f 100644
--- a/src/test/java/com/google/firebase/messaging/MulticastMessageTest.java
+++ b/src/test/java/com/google/firebase/messaging/MulticastMessageTest.java
@@ -38,7 +38,10 @@ public class MulticastMessageTest {
   private static final WebpushConfig WEBPUSH = WebpushConfig.builder()
       .putData("key", "value")
       .build();
-  private static final Notification NOTIFICATION = new Notification("title", "body");
+  private static final Notification NOTIFICATION = Notification.builder()
+      .setTitle("title")
+      .setBody("body")
+      .build();
   private static final FcmOptions FCM_OPTIONS = FcmOptions.withAnalyticsLabel("analytics_label");
 
   @Test
diff --git a/src/test/java/com/google/firebase/messaging/SendResponseTest.java b/src/test/java/com/google/firebase/messaging/SendResponseTest.java
index e9667cc77..d90f1e6b6 100644
--- a/src/test/java/com/google/firebase/messaging/SendResponseTest.java
+++ b/src/test/java/com/google/firebase/messaging/SendResponseTest.java
@@ -22,6 +22,7 @@
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 
+import com.google.firebase.ErrorCode;
 import org.junit.Test;
 
 public class SendResponseTest {
@@ -37,8 +38,8 @@ public void testSuccessfulResponse() {
 
   @Test
   public void testFailureResponse() {
-    FirebaseMessagingException exception = new FirebaseMessagingException("error-code",
-        "error-message", null);
+    FirebaseMessagingException exception = new FirebaseMessagingException(
+        ErrorCode.INTERNAL, "error-message");
     SendResponse response = SendResponse.fromException(exception);
 
     assertNull(response.getMessageId());
diff --git a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
index 87afe609c..8d227ef52 100644
--- a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
+++ b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
@@ -18,12 +18,11 @@
 
 import static com.google.firebase.projectmanagement.FirebaseProjectManagementServiceImpl.FIREBASE_PROJECT_MANAGEMENT_URL;
 import static com.google.firebase.projectmanagement.FirebaseProjectManagementServiceImpl.MAXIMUM_LIST_APPS_PAGE_SIZE;
-import static com.google.firebase.projectmanagement.HttpHelper.PATCH_OVERRIDE_KEY;
-import static com.google.firebase.projectmanagement.HttpHelper.PATCH_OVERRIDE_VALUE;
 import static com.google.firebase.projectmanagement.ShaCertificateType.SHA_1;
 import static com.google.firebase.projectmanagement.ShaCertificateType.SHA_256;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -40,12 +39,15 @@
 import com.google.common.base.Charsets;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.internal.TestApiClientUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
+import com.google.firebase.testing.TestUtils;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.util.ArrayList;
@@ -69,6 +71,7 @@ public class FirebaseProjectManagementServiceImplTest {
   private static final String IOS_APP_ID = "test-ios-app-id";
   private static final String IOS_APP_RESOURCE_NAME = "ios/11111";
   private static final String ANDROID_APP_RESOURCE_NAME = "android/11111";
+  private static final String CLIENT_VERSION = "Java/Admin/" + SdkUtils.getVersion();
   private static final IosAppMetadata IOS_APP_METADATA =
       new IosAppMetadata(IOS_APP_RESOURCE_NAME, IOS_APP_ID, DISPLAY_NAME, PROJECT_ID, BUNDLE_ID);
   private static final AndroidAppMetadata ANDROID_APP_METADATA =
@@ -272,7 +275,65 @@ public void getIosAppHttpError() {
       serviceImpl.getIosApp(IOS_APP_ID);
       fail("No exception thrown for HTTP error");
     } catch (FirebaseProjectManagementException e) {
-      assertEquals("App ID \"test-ios-app-id\": Internal server error.", e.getMessage());
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals(
+          "App ID \"test-ios-app-id\": Unexpected HTTP response with status: 500\n{}",
+          e.getMessage());
+      assertNotNull(e.getCause());
+      assertNotNull(e.getHttpResponse());
+    }
+  }
+
+  @Test
+  public void getIosAppHttpErrorWithCode() {
+    firstRpcResponse.setStatusCode(500);
+    firstRpcResponse.setContent(
+        "{\"error\": {\"status\":\"NOT_FOUND\", \"message\":\"Test error\"}}");
+    serviceImpl = initServiceImpl(firstRpcResponse, interceptor);
+
+    try {
+      serviceImpl.getIosApp(IOS_APP_ID);
+      fail("No exception thrown for HTTP error");
+    } catch (FirebaseProjectManagementException e) {
+      assertEquals(ErrorCode.NOT_FOUND, e.getErrorCode());
+      assertEquals("App ID \"test-ios-app-id\": Test error", e.getMessage());
+      assertNotNull(e.getCause());
+      assertNotNull(e.getHttpResponse());
+    }
+  }
+
+  @Test
+  public void getIosAppParseError() {
+    firstRpcResponse.setContent("not json");
+    serviceImpl = initServiceImpl(firstRpcResponse, interceptor);
+
+    try {
+      serviceImpl.getIosApp(IOS_APP_ID);
+      fail("No exception thrown for HTTP error");
+    } catch (FirebaseProjectManagementException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertTrue(e.getMessage().startsWith(
+          "App ID \"test-ios-app-id\": Error while parsing HTTP response"));
+      assertNotNull(e.getCause());
+      assertNotNull(e.getHttpResponse());
+    }
+  }
+
+  @Test
+  public void getIosAppTransportError() {
+    FirebaseProjectManagementServiceImpl serviceImpl = initServiceImplWithFaultyTransport();
+
+    try {
+      serviceImpl.getIosApp(IOS_APP_ID);
+      fail("No exception thrown for HTTP error");
+    } catch (FirebaseProjectManagementException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals(
+          "App ID \"test-ios-app-id\": Unknown error while making a remote service call: "
+              + "transport error",
+          e.getMessage());
+      assertNotNull(e.getCause());
+      assertNull(e.getHttpResponse());
     }
   }
 
@@ -467,11 +528,10 @@ public void setIosDisplayName() throws Exception {
         "%s/v1beta1/projects/-/iosApps/%s?update_mask=display_name",
         FIREBASE_PROJECT_MANAGEMENT_URL,
         IOS_APP_ID);
-    checkRequestHeader(expectedUrl, HttpMethod.POST);
+    checkRequestHeader(expectedUrl, HttpMethod.PATCH);
     ImmutableMap<String, String> payload =
         ImmutableMap.<String, String>builder().put("display_name", DISPLAY_NAME).build();
     checkRequestPayload(payload);
-    checkPatchRequest();
   }
 
   @Test
@@ -485,11 +545,10 @@ public void setIosDisplayNameAsync() throws Exception {
         "%s/v1beta1/projects/-/iosApps/%s?update_mask=display_name",
         FIREBASE_PROJECT_MANAGEMENT_URL,
         IOS_APP_ID);
-    checkRequestHeader(expectedUrl, HttpMethod.POST);
+    checkRequestHeader(expectedUrl, HttpMethod.PATCH);
     ImmutableMap<String, String> payload =
         ImmutableMap.<String, String>builder().put("display_name", DISPLAY_NAME).build();
     checkRequestPayload(payload);
-    checkPatchRequest();
   }
 
   @Test
@@ -554,7 +613,65 @@ public void getAndroidAppHttpError() {
       serviceImpl.getAndroidApp(ANDROID_APP_ID);
       fail("No exception thrown for HTTP error");
     } catch (FirebaseProjectManagementException e) {
-      assertEquals("App ID \"test-android-app-id\": Internal server error.", e.getMessage());
+      assertEquals(ErrorCode.INTERNAL, e.getErrorCode());
+      assertEquals(
+          "App ID \"test-android-app-id\": Unexpected HTTP response with status: 500\n{}",
+          e.getMessage());
+      assertNotNull(e.getCause());
+      assertNotNull(e.getHttpResponse());
+    }
+  }
+
+  @Test
+  public void getAndroidAppHttpErrorWithCode() {
+    firstRpcResponse.setStatusCode(500);
+    firstRpcResponse.setContent(
+        "{\"error\": {\"status\":\"NOT_FOUND\", \"message\":\"Test error\"}}");
+    serviceImpl = initServiceImpl(firstRpcResponse, interceptor);
+
+    try {
+      serviceImpl.getAndroidApp(ANDROID_APP_ID);
+      fail("No exception thrown for HTTP error");
+    } catch (FirebaseProjectManagementException e) {
+      assertEquals(ErrorCode.NOT_FOUND, e.getErrorCode());
+      assertEquals("App ID \"test-android-app-id\": Test error", e.getMessage());
+      assertNotNull(e.getCause());
+      assertNotNull(e.getHttpResponse());
+    }
+  }
+
+  @Test
+  public void getAndroidAppParseError() {
+    firstRpcResponse.setContent("not json");
+    serviceImpl = initServiceImpl(firstRpcResponse, interceptor);
+
+    try {
+      serviceImpl.getAndroidApp(ANDROID_APP_ID);
+      fail("No exception thrown for HTTP error");
+    } catch (FirebaseProjectManagementException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertTrue(e.getMessage().startsWith(
+          "App ID \"test-android-app-id\": Error while parsing HTTP response"));
+      assertNotNull(e.getCause());
+      assertNotNull(e.getHttpResponse());
+    }
+  }
+
+  @Test
+  public void getAndroidAppTransportError() {
+    FirebaseProjectManagementServiceImpl serviceImpl = initServiceImplWithFaultyTransport();
+
+    try {
+      serviceImpl.getAndroidApp(ANDROID_APP_ID);
+      fail("No exception thrown for HTTP error");
+    } catch (FirebaseProjectManagementException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals(
+          "App ID \"test-android-app-id\": Unknown error while making a remote service call: "
+              + "transport error",
+          e.getMessage());
+      assertNotNull(e.getCause());
+      assertNull(e.getHttpResponse());
     }
   }
 
@@ -751,11 +868,10 @@ public void setAndroidDisplayName() throws Exception {
         "%s/v1beta1/projects/-/androidApps/%s?update_mask=display_name",
         FIREBASE_PROJECT_MANAGEMENT_URL,
         ANDROID_APP_ID);
-    checkRequestHeader(expectedUrl, HttpMethod.POST);
+    checkRequestHeader(expectedUrl, HttpMethod.PATCH);
     ImmutableMap<String, String> payload =
         ImmutableMap.<String, String>builder().put("display_name", DISPLAY_NAME).build();
     checkRequestPayload(payload);
-    checkPatchRequest();
   }
 
   @Test
@@ -769,11 +885,10 @@ public void setAndroidDisplayNameAsync() throws Exception {
         "%s/v1beta1/projects/-/androidApps/%s?update_mask=display_name",
         FIREBASE_PROJECT_MANAGEMENT_URL,
         ANDROID_APP_ID);
-    checkRequestHeader(expectedUrl, HttpMethod.POST);
+    checkRequestHeader(expectedUrl, HttpMethod.PATCH);
     ImmutableMap<String, String> payload =
         ImmutableMap.<String, String>builder().put("display_name", DISPLAY_NAME).build();
     checkRequestPayload(payload);
-    checkPatchRequest();
   }
 
   @Test
@@ -918,17 +1033,25 @@ public void deleteShaCertificateAsync() throws Exception {
   }
 
   @Test
-  public void testAuthAndRetriesSupport() {
-    FirebaseOptions options = new FirebaseOptions.Builder()
+  public void testAuthAndRetriesSupport() throws Exception {
+    List<MockLowLevelHttpResponse> mockResponses = ImmutableList.of(
+        new MockLowLevelHttpResponse().setContent("{}"));
+    MockHttpTransport transport = new MultiRequestMockHttpTransport(mockResponses);
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("test-token"))
         .setProjectId(PROJECT_ID)
+        .setHttpTransport(transport)
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);
 
     FirebaseProjectManagementServiceImpl serviceImpl =
         new FirebaseProjectManagementServiceImpl(app);
+    serviceImpl.setInterceptor(interceptor);
+
+    serviceImpl.deleteShaCertificate(SHA1_RESOURCE_NAME);
 
-    TestApiClientUtils.assertAuthAndRetrySupport(serviceImpl.getRequestFactory());
+    assertEquals(1, interceptor.getNumberOfResponses());
+    TestApiClientUtils.assertAuthAndRetrySupport(interceptor.getResponse(0).getRequest());
   }
 
   @Test
@@ -937,7 +1060,7 @@ public void testHttpRetries() throws Exception {
         firstRpcResponse.setStatusCode(503).setContent("{}"),
         new MockLowLevelHttpResponse().setContent("{}"));
     MockHttpTransport transport = new MultiRequestMockHttpTransport(mockResponses);
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("test-token"))
         .setProjectId(PROJECT_ID)
         .setHttpTransport(transport)
@@ -965,7 +1088,7 @@ private static FirebaseProjectManagementServiceImpl initServiceImpl(
       List<MockLowLevelHttpResponse> mockResponses,
       MultiRequestTestResponseInterceptor interceptor) {
     MockHttpTransport transport = new MultiRequestMockHttpTransport(mockResponses);
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("test-token"))
         .setProjectId(PROJECT_ID)
         .setHttpTransport(transport)
@@ -978,6 +1101,16 @@ private static FirebaseProjectManagementServiceImpl initServiceImpl(
     return serviceImpl;
   }
 
+  private static FirebaseProjectManagementServiceImpl initServiceImplWithFaultyTransport() {
+    FirebaseOptions options = FirebaseOptions.builder()
+        .setCredentials(new MockGoogleCredentials("test-token"))
+        .setProjectId(PROJECT_ID)
+        .setHttpTransport(TestUtils.createFaultyHttpTransport())
+        .build();
+    FirebaseApp app = FirebaseApp.initializeApp(options);
+    return new FirebaseProjectManagementServiceImpl(app);
+  }
+
   private void checkRequestHeader(String expectedUrl, HttpMethod httpMethod) {
     assertEquals(
         "The number of HttpResponses is not equal to 1.", 1, interceptor.getNumberOfResponses());
@@ -990,6 +1123,7 @@ private void checkRequestHeader(int index, String expectedUrl, HttpMethod httpMe
     assertEquals(httpMethod.name(), request.getRequestMethod());
     assertEquals(expectedUrl, request.getUrl().toString());
     assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
+    assertEquals(CLIENT_VERSION, request.getHeaders().get("X-Client-Version"));
   }
 
   private void checkRequestPayload(Map<String, String> expected) throws IOException {
@@ -1007,21 +1141,11 @@ private void checkRequestPayload(int index, Map<String, String> expected) throws
     assertEquals(expected, parsed);
   }
 
-  private void checkPatchRequest() {
-    assertEquals(
-        "The number of HttpResponses is not equal to 1.", 1, interceptor.getNumberOfResponses());
-    checkPatchRequest(0);
-  }
-
-  private void checkPatchRequest(int index) {
-    assertTrue(interceptor.getResponse(index).getRequest().getHeaders()
-        .getHeaderStringValues(PATCH_OVERRIDE_KEY).contains(PATCH_OVERRIDE_VALUE));
-  }
-
   private enum HttpMethod {
     GET,
     POST,
-    DELETE
+    DELETE,
+    PATCH,
   }
 
   /**
diff --git a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementTest.java b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementTest.java
index 7569b0bc2..30fcc3344 100644
--- a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementTest.java
+++ b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementTest.java
@@ -26,6 +26,7 @@
 import com.google.api.core.ApiFutures;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
@@ -52,7 +53,7 @@ public class FirebaseProjectManagementTest {
   private static final String TEST_PROJECT_ID = "hello-world";
   private static final String TEST_APP_BUNDLE_ID = "com.hello.world";
   private static final FirebaseProjectManagementException FIREBASE_PROJECT_MANAGEMENT_EXCEPTION =
-      new FirebaseProjectManagementException("Error!", null);
+      new FirebaseProjectManagementException(ErrorCode.UNKNOWN, "Error!", null);
 
   @Rule
   public final MockitoRule mockitoRule = MockitoJUnit.rule();
@@ -67,7 +68,7 @@ public class FirebaseProjectManagementTest {
 
   @BeforeClass
   public static void setUpClass() {
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("test-token"))
         .setProjectId(TEST_PROJECT_ID)
         .build();
diff --git a/src/test/java/com/google/firebase/projectmanagement/IosAppTest.java b/src/test/java/com/google/firebase/projectmanagement/IosAppTest.java
index 269d3dae0..02d50279b 100644
--- a/src/test/java/com/google/firebase/projectmanagement/IosAppTest.java
+++ b/src/test/java/com/google/firebase/projectmanagement/IosAppTest.java
@@ -26,6 +26,7 @@
 
 import com.google.api.core.ApiFuture;
 import com.google.api.core.ApiFutures;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import java.util.concurrent.ExecutionException;
 import org.junit.After;
@@ -53,7 +54,7 @@ public class IosAppTest {
           + "<key>SOME_OTHER_KEY</key><string>some-other-value</string>"
           + "</dict></plist>";
   private static final FirebaseProjectManagementException FIREBASE_PROJECT_MANAGEMENT_EXCEPTION =
-      new FirebaseProjectManagementException("Error!", null);
+      new FirebaseProjectManagementException(ErrorCode.UNKNOWN, "Error!", null);
 
   private static final IosAppMetadata TEST_IOS_APP_METADATA = new IosAppMetadata(
       TEST_APP_NAME,
diff --git a/src/test/java/com/google/firebase/snippets/FirebaseAppSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseAppSnippets.java
index ed1ad464e..bf3d4ca6b 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseAppSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseAppSnippets.java
@@ -33,7 +33,7 @@ public void initializeWithServiceAccount() throws IOException {
     // [START initialize_sdk_with_service_account]
     FileInputStream serviceAccount = new FileInputStream("path/to/serviceAccountKey.json");
 
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(serviceAccount))
         .setDatabaseUrl("https://<DATABASE_NAME>.firebaseio.com/")
         .build();
@@ -44,7 +44,7 @@ public void initializeWithServiceAccount() throws IOException {
 
   public void initializeWithDefaultCredentials() throws IOException {
     // [START initialize_sdk_with_application_default]
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.getApplicationDefault())
         .setDatabaseUrl("https://<DATABASE_NAME>.firebaseio.com/")
         .build();
@@ -57,7 +57,7 @@ public void initializeWithRefreshToken() throws IOException {
     // [START initialize_sdk_with_refresh_token]
     FileInputStream refreshToken = new FileInputStream("path/to/refreshToken.json");
 
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(refreshToken))
         .setDatabaseUrl("https://<DATABASE_NAME>.firebaseio.com/")
         .build();
@@ -73,7 +73,7 @@ public void initializeWithDefaultConfig() {
   }
 
   public void initializeDefaultApp() throws IOException {
-    FirebaseOptions defaultOptions = new FirebaseOptions.Builder()
+    FirebaseOptions defaultOptions = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.getApplicationDefault())
         .build();
 
@@ -94,10 +94,10 @@ public void initializeDefaultApp() throws IOException {
   }
 
   public void initializeCustomApp() throws Exception {
-    FirebaseOptions defaultOptions = new FirebaseOptions.Builder()
+    FirebaseOptions defaultOptions = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.getApplicationDefault())
         .build();
-    FirebaseOptions otherAppConfig = new FirebaseOptions.Builder()
+    FirebaseOptions otherAppConfig = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.getApplicationDefault())
         .build();
 
@@ -123,7 +123,7 @@ public void initializeCustomApp() throws Exception {
 
   public void initializeWithServiceAccountId() throws IOException {
     // [START initialize_sdk_with_service_account_id]
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.getApplicationDefault())
         .setServiceAccountId("my-client-id@my-project-id.iam.gserviceaccount.com")
         .build();
diff --git a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
index b6103b4ef..e86496a21 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
@@ -18,6 +18,7 @@
 
 import com.google.common.io.BaseEncoding;
 import com.google.firebase.auth.ActionCodeSettings;
+import com.google.firebase.auth.AuthErrorCode;
 import com.google.firebase.auth.ErrorInfo;
 import com.google.firebase.auth.ExportedUserRecord;
 import com.google.firebase.auth.FirebaseAuth;
@@ -262,7 +263,7 @@ public static void verifyIdTokenCheckRevoked(String idToken) {
       // Token is valid and not revoked.
       String uid = decodedToken.getUid();
     } catch (FirebaseAuthException e) {
-      if (e.getErrorCode().equals("id-token-revoked")) {
+      if (e.getAuthErrorCode() == AuthErrorCode.REVOKED_ID_TOKEN) {
         // Token has been revoked. Inform the user to re-authenticate or signOut() the user.
       } else {
         // Token is invalid.
diff --git a/src/test/java/com/google/firebase/snippets/FirebaseDatabaseSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseDatabaseSnippets.java
index baf4d3b69..079946649 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseDatabaseSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseDatabaseSnippets.java
@@ -677,7 +677,7 @@ public void initializeApp() throws IOException {
     FileInputStream serviceAccount = new FileInputStream("path/to/serviceAccount.json");
 
     // Initialize the app with a service account, granting admin privileges
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(serviceAccount))
         .setDatabaseUrl("https://<databaseName>.firebaseio.com")
         .build();
diff --git a/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java
index d6e4417e1..f1432e160 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java
@@ -88,9 +88,10 @@ public void sendToCondition() throws FirebaseMessagingException {
 
     // See documentation on defining a message payload.
     Message message = Message.builder()
-        .setNotification(new Notification(
-            "$GOOG up 1.43% on the day",
-            "$GOOG gained 11.80 points to close at 835.67, up 1.43% on the day."))
+        .setNotification(Notification.builder()
+            .setTitle("$GOOG up 1.43% on the day")
+            .setBody("$GOOG gained 11.80 points to close at 835.67, up 1.43% on the day.")
+            .build())
         .setCondition(condition)
         .build();
 
@@ -125,12 +126,18 @@ public void sendAll() throws FirebaseMessagingException {
     // Create a list containing up to 500 messages.
     List<Message> messages = Arrays.asList(
         Message.builder()
-            .setNotification(new Notification("Price drop", "5% off all electronics"))
+            .setNotification(Notification.builder()
+                .setTitle("Price drop")
+                .setBody("5% off all electronics")
+                .build())
             .setToken(registrationToken)
             .build(),
         // ...
         Message.builder()
-            .setNotification(new Notification("Price drop", "2% off all books"))
+            .setNotification(Notification.builder()
+                .setTitle("Price drop")
+                .setBody("2% off all books")
+                .build())
             .setTopic("readers-club")
             .build()
     );
@@ -251,9 +258,10 @@ public Message webpushMessage() {
   public Message allPlatformsMessage() {
     // [START multi_platforms_message]
     Message message = Message.builder()
-        .setNotification(new Notification(
-            "$GOOG up 1.43% on the day",
-            "$GOOG gained 11.80 points to close at 835.67, up 1.43% on the day."))
+        .setNotification(Notification.builder()
+            .setTitle("$GOOG up 1.43% on the day")
+            .setBody("$GOOG gained 11.80 points to close at 835.67, up 1.43% on the day.")
+            .build())
         .setAndroidConfig(AndroidConfig.builder()
             .setTtl(3600 * 1000)
             .setNotification(AndroidNotification.builder()
diff --git a/src/test/java/com/google/firebase/snippets/FirebaseStorageSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseStorageSnippets.java
index 380dcff1b..706cc1b16 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseStorageSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseStorageSnippets.java
@@ -33,7 +33,7 @@ public void initializeAppForStorage() throws IOException {
     // [START init_admin_sdk_for_storage]
     FileInputStream serviceAccount = new FileInputStream("path/to/serviceAccountKey.json");
 
-    FirebaseOptions options = new FirebaseOptions.Builder()
+    FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(serviceAccount))
         .setStorageBucket("<BUCKET_NAME>.appspot.com")
         .build();
diff --git a/src/test/java/com/google/firebase/testing/FirebaseAppRule.java b/src/test/java/com/google/firebase/testing/FirebaseAppRule.java
index 28123293f..1049a1f2f 100644
--- a/src/test/java/com/google/firebase/testing/FirebaseAppRule.java
+++ b/src/test/java/com/google/firebase/testing/FirebaseAppRule.java
@@ -17,7 +17,6 @@
 package com.google.firebase.testing;
 
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
-import com.google.firebase.internal.FirebaseAppStore;
 import org.junit.rules.TestRule;
 import org.junit.runner.Description;
 import org.junit.runners.model.Statement;
@@ -42,6 +41,5 @@ public void evaluate() throws Throwable {
 
   private void resetState() {
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
-    FirebaseAppStore.clearInstanceForTest();
   }
 }
diff --git a/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java b/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
index d3abaa096..c9890354e 100644
--- a/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
+++ b/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
@@ -110,7 +110,6 @@ public static synchronized FirebaseApp ensureDefaultApp() {
               .setStorageBucket(getStorageBucket())
               .setCredentials(TestUtils.getCertCredential(getServiceAccountCertificate()))
               .setFirestoreOptions(FirestoreOptions.newBuilder()
-                  .setTimestampsInSnapshotsEnabled(true)
                   .setCredentials(TestUtils.getCertCredential(getServiceAccountCertificate()))
                   .build())
               .build();
@@ -121,7 +120,7 @@ public static synchronized FirebaseApp ensureDefaultApp() {
 
   public static FirebaseApp initApp(String name) {
     FirebaseOptions options =
-        new FirebaseOptions.Builder()
+        FirebaseOptions.builder()
             .setDatabaseUrl(getDatabaseUrl())
             .setCredentials(TestUtils.getCertCredential(getServiceAccountCertificate()))
             .build();
diff --git a/src/test/java/com/google/firebase/testing/TestUtils.java b/src/test/java/com/google/firebase/testing/TestUtils.java
index a63aa8d10..e44ca2be8 100644
--- a/src/test/java/com/google/firebase/testing/TestUtils.java
+++ b/src/test/java/com/google/firebase/testing/TestUtils.java
@@ -162,11 +162,19 @@ public static HttpRequest createRequest() throws IOException {
   }
 
   public static HttpRequest createRequest(MockLowLevelHttpRequest request) throws IOException {
+    return createRequest(request, TEST_URL);
+  }
+
+  /**
+   * Creates a test HTTP POST request for the given target URL.
+   */
+  public static HttpRequest createRequest(
+      MockLowLevelHttpRequest request, GenericUrl url) throws IOException {
     HttpTransport transport = new MockHttpTransport.Builder()
         .setLowLevelHttpRequest(request)
         .build();
     HttpRequestFactory requestFactory = transport.createRequestFactory();
-    return requestFactory.buildPostRequest(TEST_URL, new EmptyContent());
+    return requestFactory.buildPostRequest(url, new EmptyContent());
   }
 
   public static HttpTransport createFaultyHttpTransport() {

From 47d43475d04ea6777c7c04dd15c1ddf379e21cd8 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Wed, 19 Aug 2020 10:47:28 -0700
Subject: [PATCH 029/354] [chore] Release 7.0.0 (#473)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a72301d5b..0f40ea078 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>6.16.0</version>
+    <version>7.0.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 062223d527c9f30aaca033a3b1dfe174f97f07b2 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Mon, 31 Aug 2020 10:51:26 -0700
Subject: [PATCH 030/354] fix(auth): Support verifying tenant ID tokens in
 FirebaseAuth (#475)

* fix(auth): Support verifying tenant ID tokens in FirebaseAuth

* fix: Fixing the error message for null tenant ID
---
 .../auth/FirebaseTokenVerifierImpl.java       |  8 ++--
 .../com/google/firebase/FirebaseAppTest.java  | 26 ++++++-------
 .../auth/FirebaseTokenVerifierImplTest.java   | 38 +++++++++++++++++--
 .../TenantAwareFirebaseAuthIT.java            |  5 +++
 4 files changed, 56 insertions(+), 21 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java b/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
index 273ec1532..bbe741f5b 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
@@ -71,7 +71,7 @@ private FirebaseTokenVerifierImpl(Builder builder) {
     this.docUrl = builder.docUrl;
     this.invalidTokenErrorCode = checkNotNull(builder.invalidTokenErrorCode);
     this.expiredTokenErrorCode = checkNotNull(builder.expiredTokenErrorCode);
-    this.tenantId = Strings.nullToEmpty(builder.tenantId);
+    this.tenantId = builder.tenantId;
   }
 
   /**
@@ -323,11 +323,11 @@ private boolean containsLegacyUidField(IdToken.Payload payload) {
   }
 
   private void checkTenantId(final FirebaseToken firebaseToken) throws FirebaseAuthException {
-    String tokenTenantId = Strings.nullToEmpty(firebaseToken.getTenantId());
-    if (!this.tenantId.equals(tokenTenantId)) {
+    String tokenTenantId = firebaseToken.getTenantId();
+    if (this.tenantId != null && !this.tenantId.equals(tokenTenantId)) {
       String message = String.format(
           "The tenant ID ('%s') of the token did not match the expected value ('%s')",
-          tokenTenantId,
+          Strings.nullToEmpty(tokenTenantId),
           tenantId);
       throw newException(message, AuthErrorCode.TENANT_ID_MISMATCH);
     }
diff --git a/src/test/java/com/google/firebase/FirebaseAppTest.java b/src/test/java/com/google/firebase/FirebaseAppTest.java
index d481e3c0e..26ca93432 100644
--- a/src/test/java/com/google/firebase/FirebaseAppTest.java
+++ b/src/test/java/com/google/firebase/FirebaseAppTest.java
@@ -66,7 +66,7 @@
 import org.junit.Test;
 import org.mockito.Mockito;
 
-/** 
+/**
  * Unit tests for {@link com.google.firebase.FirebaseApp}.
  */
 public class FirebaseAppTest {
@@ -472,8 +472,8 @@ public void testAppWithAuthVariableOverrides() {
   public void testEmptyFirebaseConfigFile() {
     setFirebaseConfigEnvironmentVariable("firebase_config_empty.json");
     FirebaseApp.initializeApp();
-  }  
-  
+  }
+
   @Test
   public void testEmptyFirebaseConfigString() {
     setFirebaseConfigEnvironmentVariable("");
@@ -481,7 +481,7 @@ public void testEmptyFirebaseConfigString() {
     assertNull(firebaseApp.getOptions().getProjectId());
     assertNull(firebaseApp.getOptions().getStorageBucket());
     assertNull(firebaseApp.getOptions().getDatabaseUrl());
-    assertTrue(firebaseApp.getOptions().getDatabaseAuthVariableOverride().isEmpty()); 
+    assertTrue(firebaseApp.getOptions().getDatabaseAuthVariableOverride().isEmpty());
   }
 
   @Test
@@ -542,20 +542,20 @@ public void testEnvironmentVariableIgnored() {
 
   @Test
   public void testValidFirebaseConfigString() {
-    setFirebaseConfigEnvironmentVariable("{" 
-        + "\"databaseAuthVariableOverride\": {" 
-        +   "\"uid\":" 
-        +   "\"testuser\"" 
-        + "}," 
-        + "\"databaseUrl\": \"https://hipster-chat.firebaseio.mock\"," 
-        + "\"projectId\": \"hipster-chat-mock\"," 
-        + "\"storageBucket\": \"hipster-chat.appspot.mock\"" 
+    setFirebaseConfigEnvironmentVariable("{"
+        + "\"databaseAuthVariableOverride\": {"
+        +   "\"uid\":"
+        +   "\"testuser\""
+        + "},"
+        + "\"databaseUrl\": \"https://hipster-chat.firebaseio.mock\","
+        + "\"projectId\": \"hipster-chat-mock\","
+        + "\"storageBucket\": \"hipster-chat.appspot.mock\""
         + "}");
     FirebaseApp firebaseApp = FirebaseApp.initializeApp();
     assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
     assertEquals("hipster-chat.appspot.mock", firebaseApp.getOptions().getStorageBucket());
     assertEquals("https://hipster-chat.firebaseio.mock", firebaseApp.getOptions().getDatabaseUrl());
-    assertEquals("testuser", 
+    assertEquals("testuser",
         firebaseApp.getOptions().getDatabaseAuthVariableOverride().get("uid"));
   }
 
diff --git a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
index 833e2ed95..189cb223e 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
@@ -328,6 +328,17 @@ public void testMalformedToken() {
 
   @Test
   public void testVerifyTokenWithTenantId() throws FirebaseAuthException {
+    FirebaseTokenVerifierImpl verifier = fullyPopulatedBuilder().build();
+
+    FirebaseToken firebaseToken = verifier.verifyToken(createTokenWithTenantId("TENANT_1"));
+
+    assertEquals(TEST_TOKEN_ISSUER, firebaseToken.getIssuer());
+    assertEquals(TestTokenFactory.UID, firebaseToken.getUid());
+    assertEquals("TENANT_1", firebaseToken.getTenantId());
+  }
+
+  @Test
+  public void testVerifyTokenWithMatchingTenantId() throws FirebaseAuthException {
     FirebaseTokenVerifierImpl verifier = fullyPopulatedBuilder()
         .setTenantId("TENANT_1")
         .build();
@@ -341,11 +352,13 @@ public void testVerifyTokenWithTenantId() throws FirebaseAuthException {
 
   @Test
   public void testVerifyTokenDifferentTenantIds() {
-    try {
-      fullyPopulatedBuilder()
+    FirebaseTokenVerifierImpl verifier = fullyPopulatedBuilder()
         .setTenantId("TENANT_1")
-        .build()
-        .verifyToken(createTokenWithTenantId("TENANT_2"));
+        .build();
+    String token = createTokenWithTenantId("TENANT_2");
+
+    try {
+      verifier.verifyToken(token);
     } catch (FirebaseAuthException e) {
       assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
       assertEquals(
@@ -354,6 +367,23 @@ public void testVerifyTokenDifferentTenantIds() {
     }
   }
 
+  @Test
+  public void testVerifyTokenNoTenantId() {
+    FirebaseTokenVerifierImpl verifier = fullyPopulatedBuilder()
+        .setTenantId("TENANT_1")
+        .build();
+    String token = tokenFactory.createToken();
+
+    try {
+      verifier.verifyToken(token);
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
+      assertEquals(
+          "The tenant ID ('') of the token did not match the expected value ('TENANT_1')",
+          e.getMessage());
+    }
+  }
+
   @Test
   public void testVerifyTokenMissingTenantId() {
     try {
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
index fd8e4af83..1ebac213f 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
@@ -261,6 +261,11 @@ public void testVerifyTokenWithWrongTenantAwareClient() throws Exception {
       assertEquals(AuthErrorCode.TENANT_ID_MISMATCH,
           ((FirebaseAuthException) e.getCause()).getAuthErrorCode());
     }
+
+    // Verifies with FirebaseAuth
+    FirebaseToken decoded = FirebaseAuth.getInstance().verifyIdToken(idToken);
+    assertEquals("user", decoded.getUid());
+    assertEquals(tenantId, decoded.getTenantId());
   }
 
   @Test

From 0b356e1fdf6da40f01315f54dad0322a0d732803 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Thu, 10 Sep 2020 14:27:15 -0700
Subject: [PATCH 031/354] fix: Cleaning up FirebaseApp state management (#476)

---
 .../java/com/google/firebase/FirebaseApp.java |  8 ++-
 .../firebase/ImplFirebaseTrampolines.java     |  1 -
 .../firebase/auth/AbstractFirebaseAuth.java   | 48 ----------------
 .../google/firebase/auth/FirebaseAuth.java    |  8 ---
 .../multitenancy/TenantAwareFirebaseAuth.java |  5 --
 .../google/firebase/cloud/StorageClient.java  |  8 ---
 .../firebase/database/FirebaseDatabase.java   |  6 +-
 .../firebase/iid/FirebaseInstanceId.java      |  7 ---
 .../firebase/internal/FirebaseService.java    |  6 +-
 .../firebase/messaging/FirebaseMessaging.java |  7 ---
 .../FirebaseProjectManagement.java            |  5 --
 .../FirebaseProjectManagementServiceImpl.java |  8 ---
 .../com/google/firebase/FirebaseAppTest.java  | 34 +++++++++++
 .../firebase/auth/FirebaseAuthTest.java       | 57 +++++++++----------
 .../firebase/iid/FirebaseInstanceIdTest.java  | 35 ++++++++----
 15 files changed, 100 insertions(+), 143 deletions(-)

diff --git a/src/main/java/com/google/firebase/FirebaseApp.java b/src/main/java/com/google/firebase/FirebaseApp.java
index 38482541c..06188cd55 100644
--- a/src/main/java/com/google/firebase/FirebaseApp.java
+++ b/src/main/java/com/google/firebase/FirebaseApp.java
@@ -277,6 +277,8 @@ public FirebaseOptions getOptions() {
    */
   @Nullable
   String getProjectId() {
+    checkNotDeleted();
+
     // Try to get project ID from user-specified options.
     String projectId = options.getProjectId();
 
@@ -314,8 +316,10 @@ public String toString() {
   }
 
   /**
-   * Deletes the {@link FirebaseApp} and all its data. All calls to this {@link FirebaseApp}
-   * instance will throw once it has been called.
+   * Deletes this {@link FirebaseApp} object, and releases any local state and managed resources
+   * associated with it. All calls to this {@link FirebaseApp} instance will throw once this method
+   * has been called. This also releases any managed resources allocated by other services
+   * attached to this object instance (e.g. {@code FirebaseAuth}).
    *
    * <p>A no-op if delete was called before.
    */
diff --git a/src/main/java/com/google/firebase/ImplFirebaseTrampolines.java b/src/main/java/com/google/firebase/ImplFirebaseTrampolines.java
index 7a50e0b07..3a7f6499a 100644
--- a/src/main/java/com/google/firebase/ImplFirebaseTrampolines.java
+++ b/src/main/java/com/google/firebase/ImplFirebaseTrampolines.java
@@ -26,7 +26,6 @@
 import com.google.firebase.internal.NonNull;
 
 import java.util.concurrent.Callable;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.ThreadFactory;
 
diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
index 8004548a5..fc9c8df0b 100644
--- a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Preconditions.checkState;
 
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.util.Clock;
@@ -164,7 +163,6 @@ public ApiFuture<String> createCustomTokenAsync(
 
   private CallableOperation<String, FirebaseAuthException> createCustomTokenOp(
       final String uid, final Map<String, Object> developerClaims) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
     final FirebaseTokenFactory tokenFactory = this.tokenFactory.get();
     return new CallableOperation<String, FirebaseAuthException>() {
@@ -208,7 +206,6 @@ public ApiFuture<String> createSessionCookieAsync(
 
   private CallableOperation<String, FirebaseAuthException> createSessionCookieOp(
       final String idToken, final SessionCookieOptions options) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(idToken), "idToken must not be null or empty");
     checkNotNull(options, "options must not be null");
     final FirebaseUserManager userManager = getUserManager();
@@ -299,7 +296,6 @@ public ApiFuture<FirebaseToken> verifyIdTokenAsync(@NonNull String idToken) {
 
   private CallableOperation<FirebaseToken, FirebaseAuthException> verifyIdTokenOp(
       final String idToken, final boolean checkRevoked) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(idToken), "ID token must not be null or empty");
     final FirebaseTokenVerifier verifier = getIdTokenVerifier(checkRevoked);
     return new CallableOperation<FirebaseToken, FirebaseAuthException>() {
@@ -380,7 +376,6 @@ public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie, boolean
 
   private CallableOperation<FirebaseToken, FirebaseAuthException> verifySessionCookieOp(
       final String cookie, final boolean checkRevoked) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(cookie), "Session cookie must not be null or empty");
     final FirebaseTokenVerifier sessionCookieVerifier = getSessionCookieVerifier(checkRevoked);
     return new CallableOperation<FirebaseToken, FirebaseAuthException>() {
@@ -434,7 +429,6 @@ public ApiFuture<Void> revokeRefreshTokensAsync(@NonNull String uid) {
   }
 
   private CallableOperation<Void, FirebaseAuthException> revokeRefreshTokensOp(final String uid) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<Void, FirebaseAuthException>() {
@@ -475,7 +469,6 @@ public ApiFuture<UserRecord> getUserAsync(@NonNull String uid) {
   }
 
   private CallableOperation<UserRecord, FirebaseAuthException> getUserOp(final String uid) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<UserRecord, FirebaseAuthException>() {
@@ -513,7 +506,6 @@ public ApiFuture<UserRecord> getUserByEmailAsync(@NonNull String email) {
 
   private CallableOperation<UserRecord, FirebaseAuthException> getUserByEmailOp(
       final String email) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(email), "email must not be null or empty");
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<UserRecord, FirebaseAuthException>() {
@@ -551,7 +543,6 @@ public ApiFuture<UserRecord> getUserByPhoneNumberAsync(@NonNull String phoneNumb
 
   private CallableOperation<UserRecord, FirebaseAuthException> getUserByPhoneNumberOp(
       final String phoneNumber) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(phoneNumber), "phone number must not be null or empty");
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<UserRecord, FirebaseAuthException>() {
@@ -620,7 +611,6 @@ public ApiFuture<ListUsersPage> listUsersAsync(@Nullable String pageToken, int m
 
   private CallableOperation<ListUsersPage, FirebaseAuthException> listUsersOp(
       @Nullable final String pageToken, final int maxResults) {
-    checkNotDestroyed();
     final FirebaseUserManager userManager = getUserManager();
     final DefaultUserSource source = new DefaultUserSource(userManager, jsonFactory);
     final ListUsersPage.Factory factory = new ListUsersPage.Factory(source, maxResults, pageToken);
@@ -661,7 +651,6 @@ public ApiFuture<UserRecord> createUserAsync(@NonNull UserRecord.CreateRequest r
 
   private CallableOperation<UserRecord, FirebaseAuthException> createUserOp(
       final UserRecord.CreateRequest request) {
-    checkNotDestroyed();
     checkNotNull(request, "create request must not be null");
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<UserRecord, FirebaseAuthException>() {
@@ -701,7 +690,6 @@ public ApiFuture<UserRecord> updateUserAsync(@NonNull UserRecord.UpdateRequest r
 
   private CallableOperation<UserRecord, FirebaseAuthException> updateUserOp(
       final UserRecord.UpdateRequest request) {
-    checkNotDestroyed();
     checkNotNull(request, "update request must not be null");
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<UserRecord, FirebaseAuthException>() {
@@ -754,7 +742,6 @@ public ApiFuture<Void> setCustomUserClaimsAsync(
 
   private CallableOperation<Void, FirebaseAuthException> setCustomUserClaimsOp(
       final String uid, final Map<String, Object> claims) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<Void, FirebaseAuthException>() {
@@ -793,7 +780,6 @@ public ApiFuture<Void> deleteUserAsync(String uid) {
   }
 
   private CallableOperation<Void, FirebaseAuthException> deleteUserOp(final String uid) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<Void, FirebaseAuthException>() {
@@ -876,7 +862,6 @@ public ApiFuture<UserImportResult> importUsersAsync(
 
   private CallableOperation<UserImportResult, FirebaseAuthException> importUsersOp(
       final List<ImportUserRecord> users, final UserImportOptions options) {
-    checkNotDestroyed();
     final UserImportRequest request = new UserImportRequest(users, options, jsonFactory);
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<UserImportResult, FirebaseAuthException>() {
@@ -931,7 +916,6 @@ public ApiFuture<GetUsersResult> getUsersAsync(@NonNull Collection<UserIdentifie
 
   private CallableOperation<GetUsersResult, FirebaseAuthException> getUsersOp(
       @NonNull final Collection<UserIdentifier> identifiers) {
-    checkNotDestroyed();
     checkNotNull(identifiers, "identifiers must not be null");
     checkArgument(identifiers.size() <= FirebaseUserManager.MAX_GET_ACCOUNTS_BATCH_SIZE,
         "identifiers parameter must have <= " + FirebaseUserManager.MAX_GET_ACCOUNTS_BATCH_SIZE
@@ -1004,7 +988,6 @@ public ApiFuture<DeleteUsersResult> deleteUsersAsync(List<String> uids) {
 
   private CallableOperation<DeleteUsersResult, FirebaseAuthException> deleteUsersOp(
       final List<String> uids) {
-    checkNotDestroyed();
     checkNotNull(uids, "uids must not be null");
     for (String uid : uids) {
       UserRecord.checkUid(uid);
@@ -1178,7 +1161,6 @@ public ApiFuture<String> generateSignInWithEmailLinkAsync(
 
   private CallableOperation<String, FirebaseAuthException> generateEmailActionLinkOp(
       final EmailLinkType type, final String email, final ActionCodeSettings settings) {
-    checkNotDestroyed();
     checkArgument(!Strings.isNullOrEmpty(email), "email must not be null or empty");
     if (type == EmailLinkType.EMAIL_SIGNIN) {
       checkNotNull(settings, "ActionCodeSettings must not be null when generating sign-in links");
@@ -1227,7 +1209,6 @@ public ApiFuture<OidcProviderConfig> createOidcProviderConfigAsync(
 
   private CallableOperation<OidcProviderConfig, FirebaseAuthException>
       createOidcProviderConfigOp(final OidcProviderConfig.CreateRequest request) {
-    checkNotDestroyed();
     checkNotNull(request, "Create request must not be null.");
     OidcProviderConfig.checkOidcProviderId(request.getProviderId());
     final FirebaseUserManager userManager = getUserManager();
@@ -1271,7 +1252,6 @@ public ApiFuture<OidcProviderConfig> updateOidcProviderConfigAsync(
 
   private CallableOperation<OidcProviderConfig, FirebaseAuthException> updateOidcProviderConfigOp(
       final OidcProviderConfig.UpdateRequest request) {
-    checkNotDestroyed();
     checkNotNull(request, "Update request must not be null.");
     checkArgument(!request.getProperties().isEmpty(),
         "Update request must have at least one property set.");
@@ -1316,7 +1296,6 @@ public ApiFuture<OidcProviderConfig> getOidcProviderConfigAsync(@NonNull String
 
   private CallableOperation<OidcProviderConfig, FirebaseAuthException>
       getOidcProviderConfigOp(final String providerId) {
-    checkNotDestroyed();
     OidcProviderConfig.checkOidcProviderId(providerId);
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<OidcProviderConfig, FirebaseAuthException>() {
@@ -1400,7 +1379,6 @@ public ApiFuture<ListProviderConfigsPage<OidcProviderConfig>> listOidcProviderCo
 
   private CallableOperation<ListProviderConfigsPage<OidcProviderConfig>, FirebaseAuthException>
       listOidcProviderConfigsOp(@Nullable final String pageToken, final int maxResults) {
-    checkNotDestroyed();
     final FirebaseUserManager userManager = getUserManager();
     final DefaultOidcProviderConfigSource source = new DefaultOidcProviderConfigSource(userManager);
     final ListProviderConfigsPage.Factory<OidcProviderConfig> factory =
@@ -1443,7 +1421,6 @@ public ApiFuture<Void> deleteOidcProviderConfigAsync(String providerId) {
 
   private CallableOperation<Void, FirebaseAuthException> deleteOidcProviderConfigOp(
       final String providerId) {
-    checkNotDestroyed();
     OidcProviderConfig.checkOidcProviderId(providerId);
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<Void, FirebaseAuthException>() {
@@ -1490,7 +1467,6 @@ public ApiFuture<SamlProviderConfig> createSamlProviderConfigAsync(
 
   private CallableOperation<SamlProviderConfig, FirebaseAuthException>
       createSamlProviderConfigOp(final SamlProviderConfig.CreateRequest request) {
-    checkNotDestroyed();
     checkNotNull(request, "Create request must not be null.");
     SamlProviderConfig.checkSamlProviderId(request.getProviderId());
     final FirebaseUserManager userManager = getUserManager();
@@ -1534,7 +1510,6 @@ public ApiFuture<SamlProviderConfig> updateSamlProviderConfigAsync(
 
   private CallableOperation<SamlProviderConfig, FirebaseAuthException> updateSamlProviderConfigOp(
       final SamlProviderConfig.UpdateRequest request) {
-    checkNotDestroyed();
     checkNotNull(request, "Update request must not be null.");
     checkArgument(!request.getProperties().isEmpty(),
         "Update request must have at least one property set.");
@@ -1579,7 +1554,6 @@ public ApiFuture<SamlProviderConfig> getSamlProviderConfigAsync(@NonNull String
 
   private CallableOperation<SamlProviderConfig, FirebaseAuthException>
       getSamlProviderConfigOp(final String providerId) {
-    checkNotDestroyed();
     SamlProviderConfig.checkSamlProviderId(providerId);
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<SamlProviderConfig, FirebaseAuthException>() {
@@ -1663,7 +1637,6 @@ public ApiFuture<ListProviderConfigsPage<SamlProviderConfig>> listSamlProviderCo
 
   private CallableOperation<ListProviderConfigsPage<SamlProviderConfig>, FirebaseAuthException>
       listSamlProviderConfigsOp(@Nullable final String pageToken, final int maxResults) {
-    checkNotDestroyed();
     final FirebaseUserManager userManager = getUserManager();
     final DefaultSamlProviderConfigSource source = new DefaultSamlProviderConfigSource(userManager);
     final ListProviderConfigsPage.Factory<SamlProviderConfig> factory =
@@ -1706,7 +1679,6 @@ public ApiFuture<Void> deleteSamlProviderConfigAsync(String providerId) {
 
   private CallableOperation<Void, FirebaseAuthException> deleteSamlProviderConfigOp(
       final String providerId) {
-    checkNotDestroyed();
     SamlProviderConfig.checkSamlProviderId(providerId);
     final FirebaseUserManager userManager = getUserManager();
     return new CallableOperation<Void, FirebaseAuthException>() {
@@ -1729,32 +1701,12 @@ <T> Supplier<T> threadSafeMemoize(final Supplier<T> supplier) {
           public T get() {
             checkNotNull(supplier);
             synchronized (lock) {
-              checkNotDestroyed();
               return supplier.get();
             }
           }
         });
   }
 
-  private void checkNotDestroyed() {
-    synchronized (lock) {
-      checkState(
-          !destroyed.get(),
-          "FirebaseAuth instance is no longer alive. This happens when "
-              + "the parent FirebaseApp instance has been deleted.");
-    }
-  }
-
-  final void destroy() {
-    synchronized (lock) {
-      doDestroy();
-      destroyed.set(true);
-    }
-  }
-
-  /** Performs any additional required clean up. */
-  protected abstract void doDestroy();
-
   protected abstract static class Builder<T extends  Builder<T>> {
 
     private FirebaseApp firebaseApp;
diff --git a/src/main/java/com/google/firebase/auth/FirebaseAuth.java b/src/main/java/com/google/firebase/auth/FirebaseAuth.java
index 417ea6436..27e79960d 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseAuth.java
@@ -69,9 +69,6 @@ public static synchronized FirebaseAuth getInstance(FirebaseApp app) {
     return service.getInstance();
   }
 
-  @Override
-  protected void doDestroy() { }
-
   private static FirebaseAuth fromApp(final FirebaseApp app) {
     return populateBuilderFromApp(builder(), app, null)
         .setTenantManager(new Supplier<TenantManager>() {
@@ -88,11 +85,6 @@ private static class FirebaseAuthService extends FirebaseService<FirebaseAuth> {
     FirebaseAuthService(FirebaseApp app) {
       super(SERVICE_ID, FirebaseAuth.fromApp(app));
     }
-
-    @Override
-    public void destroy() {
-      instance.destroy();
-    }
   }
 
   static Builder builder() {
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java b/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java
index 95ef169da..bc374c036 100644
--- a/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuth.java
@@ -69,11 +69,6 @@ public ApiFuture<String> apply(FirebaseToken input) {
     }, MoreExecutors.directExecutor());
   }
 
-  @Override
-  protected void doDestroy() {
-    // Nothing extra needs to be destroyed.
-  }
-
   static TenantAwareFirebaseAuth fromApp(FirebaseApp app, String tenantId) {
     return populateBuilderFromApp(builder(), app, tenantId)
         .setTenantId(tenantId)
diff --git a/src/main/java/com/google/firebase/cloud/StorageClient.java b/src/main/java/com/google/firebase/cloud/StorageClient.java
index d6a1567f4..955abd7e2 100644
--- a/src/main/java/com/google/firebase/cloud/StorageClient.java
+++ b/src/main/java/com/google/firebase/cloud/StorageClient.java
@@ -106,13 +106,5 @@ private static class StorageClientService extends FirebaseService<StorageClient>
     StorageClientService(StorageClient client) {
       super(SERVICE_ID, client);
     }
-
-    @Override
-    public void destroy() {
-      // NOTE: We don't explicitly tear down anything here, but public methods of StorageClient
-      // will now fail because calls to getOptions() and getToken() will hit FirebaseApp,
-      // which will throw once the app is deleted.
-    }
   }
-
 }
diff --git a/src/main/java/com/google/firebase/database/FirebaseDatabase.java b/src/main/java/com/google/firebase/database/FirebaseDatabase.java
index 0a79932db..306ce9274 100644
--- a/src/main/java/com/google/firebase/database/FirebaseDatabase.java
+++ b/src/main/java/com/google/firebase/database/FirebaseDatabase.java
@@ -173,7 +173,7 @@ static FirebaseDatabase createForTests(
     return db;
   }
 
-  /** 
+  /**
    * @return The version for this build of the Firebase Database client
    */
   public static String getSdkVersion() {
@@ -358,6 +358,10 @@ DatabaseConfig getConfig() {
     return this.config;
   }
 
+  /**
+   * Tears down the WebSocket connections and background threads started by this {@code
+   * FirebaseDatabase} instance thus disconnecting from the remote database.
+   */
   void destroy() {
     synchronized (lock) {
       if (destroyed.get()) {
diff --git a/src/main/java/com/google/firebase/iid/FirebaseInstanceId.java b/src/main/java/com/google/firebase/iid/FirebaseInstanceId.java
index 822654402..47026e6f1 100644
--- a/src/main/java/com/google/firebase/iid/FirebaseInstanceId.java
+++ b/src/main/java/com/google/firebase/iid/FirebaseInstanceId.java
@@ -200,12 +200,5 @@ private static class FirebaseInstanceIdService extends FirebaseService<FirebaseI
     FirebaseInstanceIdService(FirebaseApp app) {
       super(SERVICE_ID, new FirebaseInstanceId(app));
     }
-
-    @Override
-    public void destroy() {
-      // NOTE: We don't explicitly tear down anything here, but public methods of StorageClient
-      // will now fail because calls to getOptions() and getToken() will hit FirebaseApp,
-      // which will throw once the app is deleted.
-    }
   }
 }
diff --git a/src/main/java/com/google/firebase/internal/FirebaseService.java b/src/main/java/com/google/firebase/internal/FirebaseService.java
index d3e87551f..2b802aee8 100644
--- a/src/main/java/com/google/firebase/internal/FirebaseService.java
+++ b/src/main/java/com/google/firebase/internal/FirebaseService.java
@@ -28,7 +28,7 @@
  *
  * @param <T> Type of the service
  */
-public abstract class FirebaseService<T> {
+public class FirebaseService<T> {
 
   private final String id;
   protected final T instance;
@@ -62,5 +62,7 @@ public final T getInstance() {
    * Tear down this FirebaseService instance and the service object wrapped in it, cleaning up
    * any allocated resources in the process.
    */
-  public abstract void destroy();
+  public void destroy() {
+    // Child classes can override this method to implement any service-specific cleanup logic.
+  }
 }
diff --git a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
index e1b4f794c..a08e8cfaf 100644
--- a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
+++ b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
@@ -403,13 +403,6 @@ private static class FirebaseMessagingService extends FirebaseService<FirebaseMe
     FirebaseMessagingService(FirebaseApp app) {
       super(SERVICE_ID, FirebaseMessaging.fromApp(app));
     }
-
-    @Override
-    public void destroy() {
-      // NOTE: We don't explicitly tear down anything here, but public methods of FirebaseMessaging
-      // will now fail because calls to getOptions() and getToken() will hit FirebaseApp,
-      // which will throw once the app is deleted.
-    }
   }
 
   private static FirebaseMessaging fromApp(final FirebaseApp app) {
diff --git a/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagement.java b/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagement.java
index fe5472ef1..9e294e099 100644
--- a/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagement.java
+++ b/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagement.java
@@ -286,10 +286,5 @@ private FirebaseProjectManagementService(FirebaseApp app) {
       serviceInstance.setAndroidAppService(serviceImpl);
       serviceInstance.setIosAppService(serviceImpl);
     }
-
-    @Override
-    public void destroy() {
-      serviceImpl.destroy();
-    }
   }
 }
diff --git a/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java b/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java
index 0f9eb3b55..2bf927008 100644
--- a/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java
+++ b/src/main/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImpl.java
@@ -87,14 +87,6 @@ void setInterceptor(HttpResponseInterceptor interceptor) {
     httpHelper.setInterceptor(interceptor);
   }
 
-  void destroy() {
-    // NOTE: We don't explicitly tear down anything here. Any instance of IosApp, AndroidApp, or
-    // FirebaseProjectManagement that depends on this instance will no longer be able to make RPC
-    // calls. All polling or waiting iOS or Android App creations will be interrupted, even though
-    // the initial creation RPC (if made successfully) is still processed normally (asynchronously)
-    // by the server.
-  }
-
   /* getAndroidApp */
 
   @Override
diff --git a/src/test/java/com/google/firebase/FirebaseAppTest.java b/src/test/java/com/google/firebase/FirebaseAppTest.java
index 26ca93432..56e025d22 100644
--- a/src/test/java/com/google/firebase/FirebaseAppTest.java
+++ b/src/test/java/com/google/firebase/FirebaseAppTest.java
@@ -41,6 +41,7 @@
 import com.google.common.collect.ImmutableSet;
 import com.google.firebase.FirebaseApp.TokenRefresher;
 import com.google.firebase.database.FirebaseDatabase;
+import com.google.firebase.internal.FirebaseService;
 import com.google.firebase.testing.FirebaseAppRule;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestUtils;
@@ -213,6 +214,33 @@ public void testDeleteApp() {
     }
   }
 
+  @Test
+  public void testUseAfterDelete() {
+    FirebaseApp firebaseApp = FirebaseApp.initializeApp(OPTIONS);
+    firebaseApp.delete();
+
+    try {
+      firebaseApp.getOptions();
+      fail();
+    } catch (IllegalStateException expected) {
+      // ignore
+    }
+
+    try {
+      firebaseApp.getProjectId();
+      fail();
+    } catch (IllegalStateException expected) {
+      // ignore
+    }
+
+    try {
+      ImplFirebaseTrampolines.addService(firebaseApp, new MockFirebaseService());
+      fail();
+    } catch (IllegalStateException expected) {
+      // ignore
+    }
+  }
+
   @Test
   public void testGetApps() {
     FirebaseApp app1 = FirebaseApp.initializeApp(OPTIONS, "app1");
@@ -684,4 +712,10 @@ public AccessToken refreshAccessToken() {
       return new AccessToken(UUID.randomUUID().toString(), expiry);
     }
   }
+
+  private static class MockFirebaseService extends FirebaseService<Object> {
+    MockFirebaseService() {
+      super("MockFirebaseService", new Object());
+    }
+  }
 }
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
index e34fede1f..bd7aa0ff8 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
@@ -28,7 +28,6 @@
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.api.core.ApiFuture;
-import com.google.common.base.Defaults;
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableMap;
@@ -40,11 +39,6 @@
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.lang.reflect.Modifier;
-import java.util.ArrayList;
-import java.util.List;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
@@ -105,26 +99,33 @@ public void testInvokeAfterAppDelete() throws Exception {
     assertNotNull(auth);
     app.delete();
 
-    for (Method method : auth.getClass().getDeclaredMethods()) {
-      int modifiers = method.getModifiers();
-      if (!Modifier.isPublic(modifiers) || Modifier.isStatic(modifiers)) {
-        continue;
-      }
-
-      List<Object> parameters = new ArrayList<>(method.getParameterTypes().length);
-      for (Class<?> parameterType : method.getParameterTypes()) {
-        parameters.add(Defaults.defaultValue(parameterType));
-      }
-      try {
-        method.invoke(auth, parameters.toArray());
-        fail("No error thrown when invoking auth after deleting app; method: " + method.getName());
-      } catch (InvocationTargetException expected) {
-        String message = "FirebaseAuth instance is no longer alive. This happens when "
-            + "the parent FirebaseApp instance has been deleted.";
-        Throwable cause = expected.getCause();
-        assertTrue(cause instanceof IllegalStateException);
-        assertEquals(message, cause.getMessage());
-      }
+    String message = "FirebaseApp 'testInvokeAfterAppDelete' was deleted";
+    try {
+      FirebaseAuth.getInstance(app);
+      fail("No error thrown when invoking auth after deleting app");
+    } catch (IllegalStateException ex) {
+      assertEquals(message, ex.getMessage());
+    }
+
+    try {
+      auth.createCustomToken("uid");
+      fail("No error thrown when invoking auth after deleting app");
+    } catch (IllegalStateException ex) {
+      assertEquals(message, ex.getMessage());
+    }
+
+    try {
+      auth.verifyIdToken("idToken");
+      fail("No error thrown when invoking auth after deleting app");
+    } catch (IllegalStateException ex) {
+      assertEquals(message, ex.getMessage());
+    }
+
+    try {
+      auth.getUser("uid");
+      fail("No error thrown when invoking auth after deleting app");
+    } catch (IllegalStateException ex) {
+      assertEquals(message, ex.getMessage());
     }
   }
 
@@ -461,10 +462,6 @@ public void testVerifySessionCookieWithCheckRevokedAsyncFailure() throws Interru
     }
   }
 
-  private FirebaseToken getFirebaseToken(String subject) {
-    return new FirebaseToken(ImmutableMap.<String, Object>of("sub", subject));
-  }
-
   private FirebaseToken getFirebaseToken(long issuedAt) {
     return new FirebaseToken(ImmutableMap.<String, Object>of("sub", TEST_USER, "iat", issuedAt));
   }
diff --git a/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java b/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java
index f15861a62..27864d992 100644
--- a/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java
+++ b/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java
@@ -50,6 +50,11 @@
 
 public class FirebaseInstanceIdTest {
 
+  private static final FirebaseOptions APP_OPTIONS = FirebaseOptions.builder()
+      .setCredentials(new MockGoogleCredentials("test-token"))
+      .setProjectId("test-project")
+      .build();
+
   private static final Map<Integer, String> ERROR_MESSAGES = ImmutableMap.of(
       404, "Instance ID \"test-iid\": Failed to find the instance ID.",
       409, "Instance ID \"test-iid\": Already deleted.",
@@ -88,13 +93,25 @@ public void testNoProjectId() {
     }
   }
 
+  @Test
+  public void testInvokeAfterAppDelete() {
+    FirebaseApp app = FirebaseApp.initializeApp(APP_OPTIONS, "testInvokeAfterAppDelete");
+    FirebaseInstanceId instanceId = FirebaseInstanceId.getInstance(app);
+    assertNotNull(instanceId);
+    app.delete();
+
+    try {
+      FirebaseInstanceId.getInstance(app);
+      fail("No error thrown when invoking instanceId after deleting app");
+    } catch (IllegalStateException ex) {
+      String message = "FirebaseApp 'testInvokeAfterAppDelete' was deleted";
+      assertEquals(message, ex.getMessage());
+    }
+  }
+
   @Test
   public void testInvalidInstanceId() {
-    FirebaseOptions options = FirebaseOptions.builder()
-        .setCredentials(new MockGoogleCredentials("test-token"))
-        .setProjectId("test-project")
-        .build();
-    FirebaseApp.initializeApp(options);
+    FirebaseApp.initializeApp(APP_OPTIONS);
 
     FirebaseInstanceId instanceId = FirebaseInstanceId.getInstance();
     TestResponseInterceptor interceptor = new TestResponseInterceptor();
@@ -122,9 +139,7 @@ public void testDeleteInstanceId() throws Exception {
     MockHttpTransport transport = new MockHttpTransport.Builder()
         .setLowLevelHttpResponse(response)
         .build();
-    FirebaseOptions options = FirebaseOptions.builder()
-        .setCredentials(new MockGoogleCredentials("test-token"))
-        .setProjectId("test-project")
+    FirebaseOptions options = APP_OPTIONS.toBuilder()
         .setHttpTransport(transport)
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);
@@ -168,9 +183,7 @@ public void testDeleteInstanceIdError() throws Exception {
     MockHttpTransport transport = new MockHttpTransport.Builder()
         .setLowLevelHttpResponse(response)
         .build();
-    FirebaseOptions options = FirebaseOptions.builder()
-        .setCredentials(new MockGoogleCredentials("test-token"))
-        .setProjectId("test-project")
+    FirebaseOptions options = APP_OPTIONS.toBuilder()
         .setHttpTransport(transport)
         .build();
     FirebaseApp app = FirebaseApp.initializeApp(options);

From fba507bd4cff639865653da717e7b1a5dafea8fd Mon Sep 17 00:00:00 2001
From: kentengjin <jinkenteng@gmail.com>
Date: Wed, 30 Sep 2020 11:41:22 -0700
Subject: [PATCH 032/354] fix(auth): Migrate IAM SignBlob to IAMCredentials
 SignBlob (#480)

* Migrate IAM SignBlob to IAMCredentials SignBlob

Point all SignBlob calls to IAMCredentials

* Fix FirebaseToken tests

Change proto field to fix the test
---
 .../google/firebase/auth/internal/CryptoSigners.java | 10 +++++-----
 .../firebase/auth/FirebaseCustomTokenTest.java       |  4 ++--
 .../firebase/auth/internal/CryptoSignersTest.java    | 12 ++++++------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java b/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java
index 7bc54afdf..f167b09a0 100644
--- a/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java
+++ b/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java
@@ -65,13 +65,13 @@ public String getAccount() {
 
   /**
    * @ {@link CryptoSigner} implementation that uses the
-   * <a href="https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/signBlob">
-   * Google IAM service</a> to sign data.
+   * <a href=https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob">
+   * Google IAMCredentials service</a> to sign data.
    */
   static class IAMCryptoSigner implements CryptoSigner {
 
     private static final String IAM_SIGN_BLOB_URL =
-        "https://iam.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";
+        "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:signBlob";
 
     private final String serviceAccount;
     private final ErrorHandlingHttpClient<FirebaseAuthException> httpClient;
@@ -95,11 +95,11 @@ void setInterceptor(HttpResponseInterceptor interceptor) {
     @Override
     public byte[] sign(byte[] payload) throws FirebaseAuthException {
       String encodedPayload = BaseEncoding.base64().encode(payload);
-      Map<String, String> content = ImmutableMap.of("bytesToSign", encodedPayload);
+      Map<String, String> content = ImmutableMap.of("payload", encodedPayload);
       String encodedUrl = String.format(IAM_SIGN_BLOB_URL, serviceAccount);
       HttpRequestInfo requestInfo = HttpRequestInfo.buildJsonPostRequest(encodedUrl, content);
       GenericJson parsed = httpClient.sendAndParse(requestInfo, GenericJson.class);
-      return BaseEncoding.base64().decode((String) parsed.get("signature"));
+      return BaseEncoding.base64().decode((String) parsed.get("signedBlob"));
     }
 
     @Override
diff --git a/src/test/java/com/google/firebase/auth/FirebaseCustomTokenTest.java b/src/test/java/com/google/firebase/auth/FirebaseCustomTokenTest.java
index b277dce14..5e37161cd 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseCustomTokenTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseCustomTokenTest.java
@@ -92,7 +92,7 @@ public void testCreateCustomTokenWithDeveloperClaims() throws Exception {
   public void testCreateCustomTokenWithoutServiceAccountCredentials() throws Exception {
     MockLowLevelHttpResponse response = new MockLowLevelHttpResponse();
     String content = Utils.getDefaultJsonFactory().toString(
-        ImmutableMap.of("signature", BaseEncoding.base64().encode("test-signature".getBytes())));
+        ImmutableMap.of("signedBlob", BaseEncoding.base64().encode("test-signature".getBytes())));
     response.setContent(content);
     MockHttpTransport transport = new MultiRequestMockHttpTransport(ImmutableList.of(response));
 
@@ -117,7 +117,7 @@ public void testCreateCustomTokenWithoutServiceAccountCredentials() throws Excep
   @Test
   public void testCreateCustomTokenWithDiscoveredServiceAccount() throws Exception {
     String content = Utils.getDefaultJsonFactory().toString(
-        ImmutableMap.of("signature", BaseEncoding.base64().encode("test-signature".getBytes())));
+        ImmutableMap.of("signedBlob", BaseEncoding.base64().encode("test-signature".getBytes())));
     List<MockLowLevelHttpResponse> responses = ImmutableList.of(
         // Service account discovery response
         new MockLowLevelHttpResponse().setContent("test@service.account"),
diff --git a/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java b/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
index 32f9fd543..fee4d8fb8 100644
--- a/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
+++ b/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
@@ -71,7 +71,7 @@ public void testInvalidServiceAccountCryptoSigner() {
   public void testIAMCryptoSigner() throws Exception {
     String signature = BaseEncoding.base64().encode("signed-bytes".getBytes());
     String response = Utils.getDefaultJsonFactory().toString(
-        ImmutableMap.of("signature", signature));
+        ImmutableMap.of("signedBlob", signature));
     MockHttpTransport transport = new MockHttpTransport.Builder()
         .setLowLevelHttpResponse(new MockLowLevelHttpResponse().setContent(response))
         .build();
@@ -84,7 +84,7 @@ public void testIAMCryptoSigner() throws Exception {
 
     byte[] data = signer.sign("foo".getBytes());
     assertArrayEquals("signed-bytes".getBytes(), data);
-    final String url = "https://iam.googleapis.com/v1/projects/-/serviceAccounts/"
+    final String url = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/"
         + "test-service-account@iam.gserviceaccount.com:signBlob";
     assertEquals(url, interceptor.getResponse().getRequest().getUrl().toString());
   }
@@ -150,7 +150,7 @@ public void testInvalidIAMCryptoSigner() {
   public void testMetadataService() throws Exception {
     String signature = BaseEncoding.base64().encode("signed-bytes".getBytes());
     String response = Utils.getDefaultJsonFactory().toString(
-        ImmutableMap.of("signature", signature));
+        ImmutableMap.of("signedBlob", signature));
     MockHttpTransport transport = new MultiRequestMockHttpTransport(
         ImmutableList.of(
             new MockLowLevelHttpResponse().setContent("metadata-server@iam.gserviceaccount.com"),
@@ -168,7 +168,7 @@ public void testMetadataService() throws Exception {
 
     byte[] data = signer.sign("foo".getBytes());
     assertArrayEquals("signed-bytes".getBytes(), data);
-    final String url = "https://iam.googleapis.com/v1/projects/-/serviceAccounts/"
+    final String url = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/"
         + "metadata-server@iam.gserviceaccount.com:signBlob";
     HttpRequest request = interceptor.getResponse().getRequest();
     assertEquals(url, request.getUrl().toString());
@@ -179,7 +179,7 @@ public void testMetadataService() throws Exception {
   public void testExplicitServiceAccountEmail() throws Exception {
     String signature = BaseEncoding.base64().encode("signed-bytes".getBytes());
     String response = Utils.getDefaultJsonFactory().toString(
-        ImmutableMap.of("signature", signature));
+        ImmutableMap.of("signedBlob", signature));
 
     // Explicit service account should get precedence
     MockHttpTransport transport = new MultiRequestMockHttpTransport(
@@ -198,7 +198,7 @@ public void testExplicitServiceAccountEmail() throws Exception {
 
     byte[] data = signer.sign("foo".getBytes());
     assertArrayEquals("signed-bytes".getBytes(), data);
-    final String url = "https://iam.googleapis.com/v1/projects/-/serviceAccounts/"
+    final String url = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/"
         + "explicit-service-account@iam.gserviceaccount.com:signBlob";
     HttpRequest request = interceptor.getResponse().getRequest();
     assertEquals(url, request.getUrl().toString());

From 408b85f7d0072e8fb3b462aa2317843d683e7ad7 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 7 Oct 2020 15:50:03 -0400
Subject: [PATCH 033/354] [chore] Release 7.0.1 (#484)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0f40ea078..0bde2d2f4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>7.0.0</version>
+    <version>7.0.1</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From ba56dcde18fb6cade53269edcca75f5ac101df4b Mon Sep 17 00:00:00 2001
From: Rodrigo Lazo <rlazo@users.noreply.github.com>
Date: Thu, 15 Oct 2020 14:35:23 -0400
Subject: [PATCH 034/354] Fix comment about max number of events (#488)

Multicast message can send up to 500 messages, not 100

https://github.com/firebase/firebase-admin-java/blob/408b85f7d0072e8fb3b462aa2317843d683e7ad7/src/main/java/com/google/firebase/messaging/MulticastMessage.java#L46
---
 .../com/google/firebase/snippets/FirebaseMessagingSnippets.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java
index f1432e160..4a4a25472 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java
@@ -151,7 +151,7 @@ public void sendAll() throws FirebaseMessagingException {
 
   public void sendMulticast() throws FirebaseMessagingException {
     // [START send_multicast]
-    // Create a list containing up to 100 registration tokens.
+    // Create a list containing up to 500 registration tokens.
     // These registration tokens come from the client FCM SDKs.
     List<String> registrationTokens = Arrays.asList(
         "YOUR_REGISTRATION_TOKEN_1",

From 5f3b696db4bf4550203a47834dfa19a8a33d750b Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Mon, 14 Dec 2020 14:40:18 -0500
Subject: [PATCH 035/354] feat(rc): Add Remote Config Management API  (#502)

- Add Remote Config Management API
---
 .../firebase/remoteconfig/Condition.java      |  174 +++
 .../remoteconfig/FirebaseRemoteConfig.java    |  415 ++++++
 .../FirebaseRemoteConfigClient.java           |   43 +
 .../FirebaseRemoteConfigClientImpl.java       |  269 ++++
 .../FirebaseRemoteConfigException.java        |   63 +
 .../remoteconfig/ListVersionsOptions.java     |  198 +++
 .../remoteconfig/ListVersionsPage.java        |  268 ++++
 .../firebase/remoteconfig/Parameter.java      |  167 +++
 .../firebase/remoteconfig/ParameterGroup.java |  138 ++
 .../firebase/remoteconfig/ParameterValue.java |  127 ++
 .../firebase/remoteconfig/PublishOptions.java |   33 +
 .../remoteconfig/RemoteConfigErrorCode.java   |   60 +
 .../remoteconfig/RemoteConfigUtil.java        |   93 ++
 .../firebase/remoteconfig/TagColor.java       |   45 +
 .../firebase/remoteconfig/Template.java       |  281 ++++
 .../google/firebase/remoteconfig/User.java    |   98 ++
 .../google/firebase/remoteconfig/Version.java |  225 +++
 .../RemoteConfigServiceErrorResponse.java     |   72 +
 .../internal/TemplateResponse.java            |  424 ++++++
 .../remoteconfig/internal/package-info.java   |   20 +
 .../firebase/remoteconfig/ConditionTest.java  |   93 ++
 .../FirebaseRemoteConfigClientImplTest.java   | 1234 +++++++++++++++++
 .../remoteconfig/FirebaseRemoteConfigIT.java  |  199 +++
 .../FirebaseRemoteConfigTest.java             |  600 ++++++++
 .../remoteconfig/ListVersionsPageTest.java    |  338 +++++
 .../remoteconfig/MockRemoteConfigClient.java  |   89 ++
 .../remoteconfig/ParameterGroupTest.java      |   87 ++
 .../firebase/remoteconfig/ParameterTest.java  |   91 ++
 .../remoteconfig/ParameterValueTest.java      |   54 +
 .../firebase/remoteconfig/TemplateTest.java   |  346 +++++
 .../firebase/remoteconfig/UserTest.java       |   62 +
 .../firebase/remoteconfig/VersionTest.java    |  105 ++
 src/test/resources/getRemoteConfig.json       |   56 +
 .../resources/listRemoteConfigVersions.json   |   50 +
 34 files changed, 6617 insertions(+)
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/Condition.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfig.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClient.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImpl.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigException.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ListVersionsOptions.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ListVersionsPage.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/Parameter.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ParameterGroup.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ParameterValue.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/PublishOptions.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/RemoteConfigErrorCode.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/RemoteConfigUtil.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/TagColor.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/Template.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/User.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/Version.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/internal/RemoteConfigServiceErrorResponse.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/internal/TemplateResponse.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/internal/package-info.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/ConditionTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/ListVersionsPageTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/MockRemoteConfigClient.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/ParameterGroupTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/ParameterTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/ParameterValueTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/TemplateTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/UserTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/VersionTest.java
 create mode 100644 src/test/resources/getRemoteConfig.json
 create mode 100644 src/test/resources/listRemoteConfigVersions.json

diff --git a/src/main/java/com/google/firebase/remoteconfig/Condition.java b/src/main/java/com/google/firebase/remoteconfig/Condition.java
new file mode 100644
index 000000000..6ccde59d9
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/Condition.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.base.Strings;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ConditionResponse;
+
+import java.util.Objects;
+
+/**
+ * Represents a Remote Config condition that can be included in a {@link Template}.
+ * A condition targets a specific group of users. A list of these conditions make up
+ * part of a Remote Config template.
+ */
+public final class Condition {
+
+  private String name;
+  private String expression;
+  private TagColor tagColor;
+
+  /**
+   * Creates a new {@link Condition}.
+   *
+   * @param name A non-null, non-empty, and unique name of this condition.
+   * @param expression A non-null and non-empty expression of this condition.
+   */
+  public Condition(@NonNull String name, @NonNull String expression) {
+    this(name, expression, null);
+  }
+
+  /**
+   * Creates a new {@link Condition}.
+   *
+   * @param name A non-null, non-empty, and unique name of this condition.
+   * @param expression A non-null and non-empty expression of this condition.
+   * @param tagColor A color associated with this condition for display purposes in the
+   *                 Firebase Console. Not specifying this value results in the console picking an
+   *                 arbitrary color to associate with the condition.
+   */
+  public Condition(@NonNull String name, @NonNull String expression, @Nullable TagColor tagColor) {
+    checkArgument(!Strings.isNullOrEmpty(name), "condition name must not be null or empty");
+    checkArgument(!Strings.isNullOrEmpty(expression),
+            "condition expression must not be null or empty");
+    this.name = name;
+    this.expression = expression;
+    this.tagColor = tagColor;
+  }
+
+  Condition(@NonNull ConditionResponse conditionResponse) {
+    checkNotNull(conditionResponse);
+    this.name = conditionResponse.getName();
+    this.expression = conditionResponse.getExpression();
+    if (!Strings.isNullOrEmpty(conditionResponse.getTagColor())) {
+      this.tagColor = TagColor.valueOf(conditionResponse.getTagColor());
+    }
+  }
+
+  /**
+   * Gets the name of the condition.
+   *
+   * @return The name of the condition.
+   */
+  @NonNull
+  public String getName() {
+    return name;
+  }
+
+  /**
+   * Gets the expression of the condition.
+   *
+   * @return The expression of the condition.
+   */
+  @NonNull
+  public String getExpression() {
+    return expression;
+  }
+
+  /**
+   * Gets the tag color of the condition used for display purposes in the Firebase Console.
+   *
+   * @return The tag color of the condition.
+   */
+  @NonNull
+  public TagColor getTagColor() {
+    return tagColor;
+  }
+
+  /**
+   * Sets the name of the condition.
+   *
+   * @param name A non-empty and unique name of this condition.
+   * @return This {@link Condition}.
+   */
+  public Condition setName(@NonNull String name) {
+    checkArgument(!Strings.isNullOrEmpty(name), "condition name must not be null or empty");
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * Sets the expression of the condition.
+   *
+   * <p>See <a href="https://firebase.google.com/docs/remote-config/condition-reference">
+   * condition expressions</a> for the expected syntax of this field.
+   *
+   * @param expression The logic of this condition.
+   * @return This {@link Condition}.
+   */
+  public Condition setExpression(@NonNull String expression) {
+    checkArgument(!Strings.isNullOrEmpty(expression),
+            "condition expression must not be null or empty");
+    this.expression = expression;
+    return this;
+  }
+
+  /**
+   * Sets the tag color of the condition.
+   *
+   * <p>The color associated with this condition for display purposes in the Firebase Console.
+   * Not specifying this value results in the console picking an arbitrary color to associate
+   * with the condition.
+   *
+   * @param tagColor The tag color of this condition.
+   * @return This {@link Condition}.
+   */
+  public Condition setTagColor(@Nullable TagColor tagColor) {
+    this.tagColor = tagColor;
+    return this;
+  }
+
+  ConditionResponse toConditionResponse() {
+    return new ConditionResponse()
+            .setName(this.name)
+            .setExpression(this.expression)
+            .setTagColor(this.tagColor == null ? null : this.tagColor.getColor());
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    Condition condition = (Condition) o;
+    return Objects.equals(name, condition.name)
+            && Objects.equals(expression, condition.expression) && tagColor == condition.tagColor;
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(name, expression, tagColor);
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfig.java b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfig.java
new file mode 100644
index 000000000..41a0afbe4
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfig.java
@@ -0,0 +1,415 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.core.ApiFuture;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.ImplFirebaseTrampolines;
+import com.google.firebase.internal.CallableOperation;
+import com.google.firebase.internal.FirebaseService;
+import com.google.firebase.internal.NonNull;
+
+/**
+ * This class is the entry point for all server-side Firebase Remote Config actions.
+ *
+ * <p>You can get an instance of {@link FirebaseRemoteConfig} via {@link #getInstance(FirebaseApp)},
+ * and then use it to manage Remote Config templates.
+ */
+public final class FirebaseRemoteConfig {
+
+  private static final String SERVICE_ID = FirebaseRemoteConfig.class.getName();
+  private final FirebaseApp app;
+  private final FirebaseRemoteConfigClient remoteConfigClient;
+
+  @VisibleForTesting
+  FirebaseRemoteConfig(FirebaseApp app, FirebaseRemoteConfigClient client) {
+    this.app = checkNotNull(app);
+    this.remoteConfigClient = checkNotNull(client);
+  }
+
+  private FirebaseRemoteConfig(FirebaseApp app) {
+    this(app, FirebaseRemoteConfigClientImpl.fromApp(app));
+  }
+
+  /**
+   * Gets the {@link FirebaseRemoteConfig} instance for the default {@link FirebaseApp}.
+   *
+   * @return The {@link FirebaseRemoteConfig} instance for the default {@link FirebaseApp}.
+   */
+  public static FirebaseRemoteConfig getInstance() {
+    return getInstance(FirebaseApp.getInstance());
+  }
+
+  /**
+   * Gets the {@link FirebaseRemoteConfig} instance for the specified {@link FirebaseApp}.
+   *
+   * @return The {@link FirebaseRemoteConfig} instance for the specified {@link FirebaseApp}.
+   */
+  public static synchronized FirebaseRemoteConfig getInstance(FirebaseApp app) {
+    FirebaseRemoteConfigService service = ImplFirebaseTrampolines.getService(app, SERVICE_ID,
+            FirebaseRemoteConfigService.class);
+    if (service == null) {
+      service = ImplFirebaseTrampolines.addService(app, new FirebaseRemoteConfigService(app));
+    }
+    return service.getInstance();
+  }
+
+  /**
+   * Gets the current active version of the Remote Config template.
+   *
+   * @return A {@link Template}.
+   * @throws FirebaseRemoteConfigException If an error occurs while getting the template.
+   */
+  public Template getTemplate() throws FirebaseRemoteConfigException {
+    return getTemplateOp().call();
+  }
+
+  /**
+   * Similar to {@link #getTemplate()} but performs the operation asynchronously.
+   *
+   * @return An {@code ApiFuture} that completes with a {@link Template} when
+   *      the template is available.
+   */
+  public ApiFuture<Template> getTemplateAsync() {
+    return getTemplateOp().callAsync(app);
+  }
+
+  private CallableOperation<Template, FirebaseRemoteConfigException> getTemplateOp() {
+    final FirebaseRemoteConfigClient remoteConfigClient = getRemoteConfigClient();
+    return new CallableOperation<Template, FirebaseRemoteConfigException>() {
+      @Override
+      protected Template execute() throws FirebaseRemoteConfigException {
+        return remoteConfigClient.getTemplate();
+      }
+    };
+  }
+
+  /**
+   * Gets the requested version of the of the Remote Config template.
+   *
+   * @param versionNumber The version number of the Remote Config template to get.
+   * @return A {@link Template}.
+   * @throws FirebaseRemoteConfigException If an error occurs while getting the template.
+   */
+  public Template getTemplateAtVersion(
+          @NonNull String versionNumber) throws FirebaseRemoteConfigException {
+    return getTemplateAtVersionOp(versionNumber).call();
+  }
+
+  /**
+   * Gets the requested version of the of the Remote Config template.
+   *
+   * @param versionNumber The version number of the Remote Config template to get.
+   * @return A {@link Template}.
+   * @throws FirebaseRemoteConfigException If an error occurs while getting the template.
+   */
+  public Template getTemplateAtVersion(long versionNumber) throws FirebaseRemoteConfigException {
+    String versionNumberString = String.valueOf(versionNumber);
+    return getTemplateAtVersionOp(versionNumberString).call();
+  }
+
+  /**
+   * Similar to {@link #getTemplateAtVersion(String versionNumber)} but performs the operation
+   * asynchronously.
+   *
+   * @param versionNumber The version number of the Remote Config template to get.
+   * @return An {@code ApiFuture} that completes with a {@link Template} when
+   *     the requested template is available.
+   */
+  public ApiFuture<Template> getTemplateAtVersionAsync(@NonNull String versionNumber) {
+    return getTemplateAtVersionOp(versionNumber).callAsync(app);
+  }
+
+  /**
+   * Similar to {@link #getTemplateAtVersion(long versionNumber)} but performs the operation
+   * asynchronously.
+   *
+   * @param versionNumber The version number of the Remote Config template to get.
+   * @return An {@code ApiFuture} that completes with a {@link Template} when
+   *     the requested template is available.
+   */
+  public ApiFuture<Template> getTemplateAtVersionAsync(long versionNumber) {
+    String versionNumberString = String.valueOf(versionNumber);
+    return getTemplateAtVersionOp(versionNumberString).callAsync(app);
+  }
+
+  private CallableOperation<Template, FirebaseRemoteConfigException> getTemplateAtVersionOp(
+          final String versionNumber) {
+    final FirebaseRemoteConfigClient remoteConfigClient = getRemoteConfigClient();
+    return new CallableOperation<Template, FirebaseRemoteConfigException>() {
+      @Override
+      protected Template execute() throws FirebaseRemoteConfigException {
+        return remoteConfigClient.getTemplateAtVersion(versionNumber);
+      }
+    };
+  }
+
+  /**
+   * Publishes a Remote Config template.
+   *
+   * @param template The Remote Config template to be published.
+   * @return The published {@link Template}.
+   * @throws FirebaseRemoteConfigException If an error occurs while publishing the template.
+   */
+  public Template publishTemplate(@NonNull Template template) throws FirebaseRemoteConfigException {
+    return publishTemplateOp(template).call();
+  }
+
+  /**
+   * Similar to {@link #publishTemplate(Template template)} but performs the operation
+   * asynchronously.
+   *
+   * @param template The Remote Config template to be published.
+   * @return An {@code ApiFuture} that completes with a {@link Template} when
+   *     the provided template is published.
+   */
+  public ApiFuture<Template> publishTemplateAsync(@NonNull Template template) {
+    return publishTemplateOp(template).callAsync(app);
+  }
+
+  /**
+   * Validates a Remote Config template.
+   *
+   * @param template The Remote Config template to be validated.
+   * @return The validated {@link Template}.
+   * @throws FirebaseRemoteConfigException If an error occurs while validating the template.
+   */
+  public Template validateTemplate(
+          @NonNull Template template) throws FirebaseRemoteConfigException {
+    return publishTemplateOp(template, new PublishOptions().setValidateOnly(true)).call();
+  }
+
+  /**
+   * Similar to {@link #validateTemplate(Template template)} but performs the operation
+   * asynchronously.
+   *
+   * @param template The Remote Config template to be validated.
+   * @return An {@code ApiFuture} that completes with a {@link Template} when
+   *     the provided template is validated.
+   */
+  public ApiFuture<Template> validateTemplateAsync(@NonNull Template template) {
+    return publishTemplateOp(template, new PublishOptions().setValidateOnly(true)).callAsync(app);
+  }
+
+  /**
+   * Force publishes a Remote Config template.
+   *
+   * <p>This method forces the Remote Config template to be updated without evaluating the ETag
+   * values. This approach is not recommended because it risks causing the loss of updates to your
+   * Remote Config template if multiple clients are updating the Remote Config template.
+   * See <a href="https://firebase.google.com/docs/remote-config/use-config-rest#etag_usage_and_forced_updates">
+   * ETag usage and forced updates</a>.
+   *
+   * @param template The Remote Config template to be forcefully published.
+   * @return The published {@link Template}.
+   * @throws FirebaseRemoteConfigException If an error occurs while publishing the template.
+   */
+  public Template forcePublishTemplate(
+          @NonNull Template template) throws FirebaseRemoteConfigException {
+    return publishTemplateOp(template, new PublishOptions().setForcePublish(true)).call();
+  }
+
+  /**
+   * Similar to {@link #forcePublishTemplate(Template template)} but performs the operation
+   * asynchronously.
+   *
+   * @param template The Remote Config template to be forcefully published.
+   * @return An {@code ApiFuture} that completes with a {@link Template} when
+   *     the provided template is published.
+   */
+  public ApiFuture<Template> forcePublishTemplateAsync(@NonNull Template template) {
+    return publishTemplateOp(template, new PublishOptions().setForcePublish(true)).callAsync(app);
+  }
+
+  private CallableOperation<Template, FirebaseRemoteConfigException> publishTemplateOp(
+          final Template template) {
+    return publishTemplateOp(template, new PublishOptions());
+  }
+
+  private CallableOperation<Template, FirebaseRemoteConfigException> publishTemplateOp(
+          final Template template, final PublishOptions options) {
+    final FirebaseRemoteConfigClient remoteConfigClient = getRemoteConfigClient();
+    return new CallableOperation<Template, FirebaseRemoteConfigException>() {
+      @Override
+      protected Template execute() throws FirebaseRemoteConfigException {
+        return remoteConfigClient
+                .publishTemplate(template, options.isValidateOnly(), options.isForcePublish());
+      }
+    };
+  }
+
+  /**
+   * Rolls back a project's published Remote Config template to the specified version.
+   *
+   * <p>A rollback is equivalent to getting a previously published Remote Config
+   * template and re-publishing it using a force update.
+   *
+   * @param versionNumber The version number of the Remote Config template to roll back to.
+   *                      The specified version number must be lower than the current version
+   *                      number, and not have been deleted due to staleness. Only the last 300
+   *                      versions are stored. All versions that correspond to non-active Remote
+   *                      Config templates (that is, all except the template that is being fetched
+   *                      by clients) are also deleted if they are more than 90 days old.
+   * @return The rolled back {@link Template}.
+   * @throws FirebaseRemoteConfigException If an error occurs while rolling back the template.
+   */
+  public Template rollback(long versionNumber) throws FirebaseRemoteConfigException {
+    String versionNumberString = String.valueOf(versionNumber);
+    return rollbackOp(versionNumberString).call();
+  }
+
+  /**
+   * Rolls back a project's published Remote Config template to the specified version.
+   *
+   * <p>A rollback is equivalent to getting a previously published Remote Config
+   * template and re-publishing it using a force update.
+   *
+   * @param versionNumber The version number of the Remote Config template to roll back to.
+   *                      The specified version number must be lower than the current version
+   *                      number, and not have been deleted due to staleness. Only the last 300
+   *                      versions are stored. All versions that correspond to non-active Remote
+   *                      Config templates (that is, all except the template that is being fetched
+   *                      by clients) are also deleted if they are more than 90 days old.
+   * @return The rolled back {@link Template}.
+   * @throws FirebaseRemoteConfigException If an error occurs while rolling back the template.
+   */
+  public Template rollback(@NonNull String versionNumber) throws FirebaseRemoteConfigException {
+    return rollbackOp(versionNumber).call();
+  }
+
+  /**
+   * Similar to {@link #rollback(long versionNumber)} but performs the operation
+   * asynchronously.
+   *
+   * @param versionNumber The version number of the Remote Config template to roll back to.
+   * @return An {@code ApiFuture} that completes with a {@link Template} once
+   *     the rollback operation is successful.
+   */
+  public ApiFuture<Template> rollbackAsync(long versionNumber) {
+    String versionNumberString = String.valueOf(versionNumber);
+    return rollbackOp(versionNumberString).callAsync(app);
+  }
+
+  /**
+   * Similar to {@link #rollback(String versionNumber)} but performs the operation
+   * asynchronously.
+   *
+   * @param versionNumber The version number of the Remote Config template to roll back to.
+   * @return An {@code ApiFuture} that completes with a {@link Template} once
+   *     the rollback operation is successful.
+   */
+  public ApiFuture<Template> rollbackAsync(@NonNull String versionNumber) {
+    String versionNumberString = String.valueOf(versionNumber);
+    return rollbackOp(versionNumberString).callAsync(app);
+  }
+
+  private CallableOperation<Template, FirebaseRemoteConfigException> rollbackOp(
+          final String versionNumber) {
+    final FirebaseRemoteConfigClient remoteConfigClient = getRemoteConfigClient();
+    return new CallableOperation<Template, FirebaseRemoteConfigException>() {
+      @Override
+      protected Template execute() throws FirebaseRemoteConfigException {
+        return remoteConfigClient.rollback(versionNumber);
+      }
+    };
+  }
+
+  /**
+   * Gets a list of Remote Config template versions that have been published, sorted in reverse
+   * chronological order. Only the last 300 versions are stored.
+   *
+   * @return A {@link ListVersionsPage} instance.
+   * @throws FirebaseRemoteConfigException If an error occurs while retrieving versions list.
+   */
+  public ListVersionsPage listVersions() throws FirebaseRemoteConfigException {
+    return listVersionsOp().call();
+  }
+
+  /**
+   * Gets a list of Remote Config template versions that have been published, sorted in reverse
+   * chronological order. Only the last 300 versions are stored.
+   *
+   * @param options List version options.
+   * @return A {@link ListVersionsPage} instance.
+   * @throws FirebaseRemoteConfigException If an error occurs while retrieving versions list.
+   */
+  public ListVersionsPage listVersions(
+          @NonNull ListVersionsOptions options) throws FirebaseRemoteConfigException {
+    return listVersionsOp(options).call();
+  }
+
+  /**
+   * Similar to {@link #listVersions()} but performs the operation
+   * asynchronously.
+   *
+   * @return A {@link ListVersionsPage} instance.
+   */
+  public ApiFuture<ListVersionsPage> listVersionsAsync() {
+    return listVersionsOp().callAsync(app);
+  }
+
+  /**
+   * Similar to {@link #listVersions(ListVersionsOptions options)} but performs the operation
+   * asynchronously.
+   *
+   * @param options List version options.
+   * @return A {@link ListVersionsPage} instance.
+   */
+  public ApiFuture<ListVersionsPage> listVersionsAsync(@NonNull ListVersionsOptions options) {
+    return listVersionsOp(options).callAsync(app);
+  }
+
+  private CallableOperation<ListVersionsPage, FirebaseRemoteConfigException> listVersionsOp() {
+    return listVersionsOp(null);
+  }
+
+  private CallableOperation<ListVersionsPage, FirebaseRemoteConfigException> listVersionsOp(
+          final ListVersionsOptions options) {
+    final FirebaseRemoteConfigClient remoteConfigClient = getRemoteConfigClient();
+    final ListVersionsPage.DefaultVersionSource source =
+            new ListVersionsPage.DefaultVersionSource(remoteConfigClient);
+    final ListVersionsPage.Factory factory = new ListVersionsPage.Factory(source, options);
+    return new CallableOperation<ListVersionsPage, FirebaseRemoteConfigException>() {
+      @Override
+      protected ListVersionsPage execute() throws FirebaseRemoteConfigException {
+        return factory.create();
+      }
+    };
+  }
+
+  @VisibleForTesting
+  FirebaseRemoteConfigClient getRemoteConfigClient() {
+    return remoteConfigClient;
+  }
+
+  private static class FirebaseRemoteConfigService extends FirebaseService<FirebaseRemoteConfig> {
+
+    FirebaseRemoteConfigService(FirebaseApp app) {
+      super(SERVICE_ID, new FirebaseRemoteConfig(app));
+    }
+
+    @Override
+    public void destroy() {
+      // NOTE: We don't explicitly tear down anything here, but public methods of
+      // FirebaseRemoteConfig will now fail because calls to getOptions() and getToken()
+      // will hit FirebaseApp, which will throw once the app is deleted.
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClient.java b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClient.java
new file mode 100644
index 000000000..9fdb596d6
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClient.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ListVersionsResponse;
+
+/**
+ * An interface for managing Firebase Remote Config templates.
+ */
+interface FirebaseRemoteConfigClient {
+
+  /**
+   * Gets the current active version of the Remote Config template.
+   *
+   * @return A {@link Template}.
+   * @throws FirebaseRemoteConfigException If an error occurs while getting the template.
+   */
+  Template getTemplate() throws FirebaseRemoteConfigException;
+
+  Template getTemplateAtVersion(String versionNumber) throws FirebaseRemoteConfigException;
+
+  Template publishTemplate(Template template, boolean validateOnly,
+                                  boolean forcePublish) throws FirebaseRemoteConfigException;
+
+  Template rollback(String versionNumber) throws FirebaseRemoteConfigException;
+
+  ListVersionsResponse listVersions(
+          ListVersionsOptions options) throws FirebaseRemoteConfigException;
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImpl.java b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImpl.java
new file mode 100644
index 000000000..7425673fb
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImpl.java
@@ -0,0 +1,269 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Preconditions.checkState;
+
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.HttpResponseInterceptor;
+import com.google.api.client.http.json.JsonHttpContent;
+import com.google.api.client.json.JsonFactory;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.ImplFirebaseTrampolines;
+import com.google.firebase.IncomingHttpResponse;
+import com.google.firebase.internal.AbstractPlatformErrorHandler;
+import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.ErrorHandlingHttpClient;
+import com.google.firebase.internal.HttpRequestInfo;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.SdkUtils;
+import com.google.firebase.remoteconfig.internal.RemoteConfigServiceErrorResponse;
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * A helper class for interacting with Firebase Remote Config service.
+ */
+final class FirebaseRemoteConfigClientImpl implements FirebaseRemoteConfigClient {
+
+  private static final String REMOTE_CONFIG_URL = "https://firebaseremoteconfig.googleapis.com/v1/projects/%s/remoteConfig";
+
+  private static final Map<String, String> COMMON_HEADERS =
+          ImmutableMap.of(
+                  "X-Firebase-Client", "fire-admin-java/" + SdkUtils.getVersion(),
+                  // There is a known issue in which the ETag is not properly returned in cases
+                  // where the request does not specify a compression type. Currently, it is
+                  // required to include the header `Accept-Encoding: gzip` or equivalent in all
+                  // requests. https://firebase.google.com/docs/remote-config/use-config-rest#etag_usage_and_forced_updates
+                  "Accept-Encoding", "gzip"
+          );
+
+  private final String remoteConfigUrl;
+  private final HttpRequestFactory requestFactory;
+  private final JsonFactory jsonFactory;
+  private final ErrorHandlingHttpClient<FirebaseRemoteConfigException> httpClient;
+
+  private FirebaseRemoteConfigClientImpl(Builder builder) {
+    checkArgument(!Strings.isNullOrEmpty(builder.projectId));
+    this.remoteConfigUrl = String.format(REMOTE_CONFIG_URL, builder.projectId);
+    this.requestFactory = checkNotNull(builder.requestFactory);
+    this.jsonFactory = checkNotNull(builder.jsonFactory);
+    HttpResponseInterceptor responseInterceptor = builder.responseInterceptor;
+    RemoteConfigErrorHandler errorHandler = new RemoteConfigErrorHandler(this.jsonFactory);
+    this.httpClient = new ErrorHandlingHttpClient<>(requestFactory, jsonFactory, errorHandler)
+            .setInterceptor(responseInterceptor);
+  }
+
+  @VisibleForTesting
+  String getRemoteConfigUrl() {
+    return remoteConfigUrl;
+  }
+
+  @VisibleForTesting
+  HttpRequestFactory getRequestFactory() {
+    return requestFactory;
+  }
+
+  @VisibleForTesting
+  JsonFactory getJsonFactory() {
+    return jsonFactory;
+  }
+
+  @Override
+  public Template getTemplate() throws FirebaseRemoteConfigException {
+    HttpRequestInfo request = HttpRequestInfo.buildGetRequest(remoteConfigUrl)
+            .addAllHeaders(COMMON_HEADERS);
+    IncomingHttpResponse response = httpClient.send(request);
+    TemplateResponse templateResponse = httpClient.parse(response, TemplateResponse.class);
+    Template template = new Template(templateResponse);
+    return template.setETag(getETag(response));
+  }
+
+  @Override
+  public Template getTemplateAtVersion(
+          @NonNull String versionNumber) throws FirebaseRemoteConfigException {
+    checkArgument(RemoteConfigUtil.isValidVersionNumber(versionNumber),
+            "Version number must be a non-empty string in int64 format.");
+    HttpRequestInfo request = HttpRequestInfo.buildGetRequest(remoteConfigUrl)
+            .addAllHeaders(COMMON_HEADERS)
+            .addParameter("versionNumber", versionNumber);
+    IncomingHttpResponse response = httpClient.send(request);
+    TemplateResponse templateResponse = httpClient.parse(response, TemplateResponse.class);
+    Template template = new Template(templateResponse);
+    return template.setETag(getETag(response));
+  }
+
+  @Override
+  public Template publishTemplate(@NonNull Template template, boolean validateOnly,
+                                  boolean forcePublish) throws FirebaseRemoteConfigException {
+    checkArgument(template != null, "Template must not be null.");
+    HttpRequestInfo request = HttpRequestInfo.buildRequest("PUT", remoteConfigUrl,
+            new JsonHttpContent(jsonFactory, template.toTemplateResponse(false)))
+            .addAllHeaders(COMMON_HEADERS)
+            .addHeader("If-Match", forcePublish ? "*" : template.getETag());
+    if (validateOnly) {
+      request.addParameter("validateOnly", true);
+    }
+    IncomingHttpResponse response = httpClient.send(request);
+    TemplateResponse templateResponse = httpClient.parse(response, TemplateResponse.class);
+    Template publishedTemplate = new Template(templateResponse);
+    if (validateOnly) {
+      // validating a template returns an etag with the suffix -0 means that the provided template
+      // was successfully validated. We set the etag back to the original etag of the template
+      // to allow subsequent operations.
+      return publishedTemplate.setETag(template.getETag());
+    }
+    return publishedTemplate.setETag(getETag(response));
+  }
+
+  @Override
+  public Template rollback(@NonNull String versionNumber) throws FirebaseRemoteConfigException {
+    checkArgument(RemoteConfigUtil.isValidVersionNumber(versionNumber),
+            "Version number must be a non-empty string in int64 format.");
+    Map<String, String> content = ImmutableMap.of("versionNumber", versionNumber);
+    HttpRequestInfo request = HttpRequestInfo
+            .buildJsonPostRequest(remoteConfigUrl + ":rollback", content)
+            .addAllHeaders(COMMON_HEADERS);
+    IncomingHttpResponse response = httpClient.send(request);
+    TemplateResponse templateResponse = httpClient.parse(response, TemplateResponse.class);
+    Template template = new Template(templateResponse);
+    return template.setETag(getETag(response));
+  }
+
+  @Override
+  public TemplateResponse.ListVersionsResponse listVersions(
+          ListVersionsOptions options) throws FirebaseRemoteConfigException {
+    HttpRequestInfo request = HttpRequestInfo.buildGetRequest(remoteConfigUrl + ":listVersions")
+            .addAllHeaders(COMMON_HEADERS);
+    if (options != null) {
+      request.addAllParameters(options.wrapForTransport());
+    }
+    return httpClient.sendAndParse(request, TemplateResponse.ListVersionsResponse.class);
+  }
+
+  private String getETag(IncomingHttpResponse response) {
+    List<String> etagList = (List<String>) response.getHeaders().get("etag");
+    checkState(etagList != null && !etagList.isEmpty(),
+            "ETag header is not available in the server response.");
+
+    String etag = etagList.get(0);
+    checkState(!Strings.isNullOrEmpty(etag),
+            "ETag header is not available in the server response.");
+
+    return etag;
+  }
+
+  static FirebaseRemoteConfigClientImpl fromApp(FirebaseApp app) {
+    String projectId = ImplFirebaseTrampolines.getProjectId(app);
+    checkArgument(!Strings.isNullOrEmpty(projectId),
+            "Project ID is required to access Remote Config service. Use a service "
+                    + "account credential or set the project ID explicitly via FirebaseOptions. "
+                    + "Alternatively you can also set the project ID via the GOOGLE_CLOUD_PROJECT "
+                    + "environment variable.");
+    return FirebaseRemoteConfigClientImpl.builder()
+            .setProjectId(projectId)
+            .setRequestFactory(ApiClientUtils.newAuthorizedRequestFactory(app))
+            .setJsonFactory(app.getOptions().getJsonFactory())
+            .build();
+  }
+
+  static Builder builder() {
+    return new Builder();
+  }
+
+  static final class Builder {
+
+    private String projectId;
+    private HttpRequestFactory requestFactory;
+    private JsonFactory jsonFactory;
+    private HttpResponseInterceptor responseInterceptor;
+
+    private Builder() { }
+
+    Builder setProjectId(String projectId) {
+      this.projectId = projectId;
+      return this;
+    }
+
+    Builder setRequestFactory(HttpRequestFactory requestFactory) {
+      this.requestFactory = requestFactory;
+      return this;
+    }
+
+    Builder setJsonFactory(JsonFactory jsonFactory) {
+      this.jsonFactory = jsonFactory;
+      return this;
+    }
+
+    Builder setResponseInterceptor(
+            HttpResponseInterceptor responseInterceptor) {
+      this.responseInterceptor = responseInterceptor;
+      return this;
+    }
+
+    FirebaseRemoteConfigClientImpl build() {
+      return new FirebaseRemoteConfigClientImpl(this);
+    }
+  }
+
+  private static class RemoteConfigErrorHandler
+          extends AbstractPlatformErrorHandler<FirebaseRemoteConfigException> {
+
+    private RemoteConfigErrorHandler(JsonFactory jsonFactory) {
+      super(jsonFactory);
+    }
+
+    @Override
+    protected FirebaseRemoteConfigException createException(FirebaseException base) {
+      String response = getResponse(base);
+      RemoteConfigServiceErrorResponse parsed = safeParse(response);
+      return FirebaseRemoteConfigException.withRemoteConfigErrorCode(
+              base, parsed.getRemoteConfigErrorCode());
+    }
+
+    private String getResponse(FirebaseException base) {
+      if (base.getHttpResponse() == null) {
+        return null;
+      }
+
+      return base.getHttpResponse().getContent();
+    }
+
+    private RemoteConfigServiceErrorResponse safeParse(String response) {
+      if (!Strings.isNullOrEmpty(response)) {
+        try {
+          return jsonFactory.createJsonParser(response)
+                  .parseAndClose(RemoteConfigServiceErrorResponse.class);
+        } catch (IOException ignore) {
+          // Ignore any error that may occur while parsing the error response. The server
+          // may have responded with a non-json payload.
+        }
+      }
+
+      return new RemoteConfigServiceErrorResponse();
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigException.java b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigException.java
new file mode 100644
index 000000000..061593105
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigException.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.IncomingHttpResponse;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+
+/**
+ * Generic exception related to Firebase Remote Config. Check the error code and message for more
+ * details.
+ */
+public final class FirebaseRemoteConfigException extends FirebaseException {
+
+  private final RemoteConfigErrorCode errorCode;
+
+  @VisibleForTesting
+  FirebaseRemoteConfigException(@NonNull ErrorCode code, @NonNull String message) {
+    this(code, message, null, null, null);
+  }
+
+  public FirebaseRemoteConfigException(
+          @NonNull ErrorCode errorCode,
+          @NonNull String message,
+          @Nullable Throwable cause,
+          @Nullable IncomingHttpResponse response,
+          @Nullable RemoteConfigErrorCode remoteConfigErrorCode) {
+    super(errorCode, message, cause, response);
+    this.errorCode = remoteConfigErrorCode;
+  }
+
+  static FirebaseRemoteConfigException withRemoteConfigErrorCode(
+          FirebaseException base, @Nullable RemoteConfigErrorCode errorCode) {
+    return new FirebaseRemoteConfigException(
+            base.getErrorCode(),
+            base.getMessage(),
+            base.getCause(),
+            base.getHttpResponse(),
+            errorCode);
+  }
+
+  @Nullable
+  public RemoteConfigErrorCode getRemoteConfigErrorCode() {
+    return errorCode;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/ListVersionsOptions.java b/src/main/java/com/google/firebase/remoteconfig/ListVersionsOptions.java
new file mode 100644
index 000000000..be7a62ea5
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ListVersionsOptions.java
@@ -0,0 +1,198 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.TimeZone;
+
+/**
+ * A class representing options for Remote Config list versions operation.
+ */
+public final class ListVersionsOptions {
+
+  private final Integer pageSize;
+  private final String pageToken;
+  private final String endVersionNumber;
+  private final String startTime;
+  private final String endTime;
+
+  private ListVersionsOptions(Builder builder) {
+    if (builder.pageSize != null) {
+      checkArgument(builder.pageSize > 0 && builder.pageSize < 301,
+              "pageSize must be a number between 1 and 300 (inclusive).");
+    }
+    if (builder.endVersionNumber != null) {
+      checkArgument(RemoteConfigUtil.isValidVersionNumber(builder.endVersionNumber)
+                      && (Integer.parseInt(builder.endVersionNumber) > 0),
+              "endVersionNumber must be a non-empty string in int64 format and must be"
+                      + " greater than 0.");
+    }
+    this.pageSize = builder.pageSize;
+    this.pageToken = builder.pageToken;
+    this.endVersionNumber = builder.endVersionNumber;
+    this.startTime = builder.startTime;
+    this.endTime = builder.endTime;
+  }
+
+  Map<String, Object> wrapForTransport() {
+    Map<String, Object> optionsMap = new HashMap<>();
+    if (this.pageSize != null) {
+      optionsMap.put("pageSize", this.pageSize);
+    }
+    if (this.pageToken != null) {
+      optionsMap.put("pageToken", this.pageToken);
+    }
+    if (this.endVersionNumber != null) {
+      optionsMap.put("endVersionNumber", this.endVersionNumber);
+    }
+    if (this.startTime != null) {
+      optionsMap.put("startTime", this.startTime);
+    }
+    if (this.endTime != null) {
+      optionsMap.put("endTime", this.endTime);
+    }
+    return optionsMap;
+  }
+
+  String getPageToken() {
+    return pageToken;
+  }
+
+  /**
+   * Creates a new {@link ListVersionsOptions.Builder}.
+   *
+   * @return A {@link ListVersionsOptions.Builder} instance.
+   */
+  public static Builder builder() {
+    return new Builder();
+  }
+
+  /**
+   * Creates a new {@code Builder} from the options object.
+   *
+   * <p>The new builder is not backed by this object's values; that is, changes made to the new
+   * builder don't change the values of the origin object.
+   */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  public static class Builder {
+    private Integer pageSize;
+    private String pageToken;
+    private String endVersionNumber;
+    private String startTime;
+    private String endTime;
+
+    private Builder() {}
+
+    private Builder(ListVersionsOptions options) {
+      this.pageSize = options.pageSize;
+      this.pageToken = options.pageToken;
+      this.endVersionNumber = options.endVersionNumber;
+      this.startTime = options.startTime;
+      this.endTime = options.endTime;
+    }
+
+    /**
+     * Sets the page size.
+     *
+     * @param pageSize The maximum number of items to return per page.
+     * @return This builder.
+     */
+    public Builder setPageSize(int pageSize) {
+      this.pageSize = pageSize;
+      return this;
+    }
+
+    /**
+     * Sets the page token.
+     *
+     * @param pageToken The {@code nextPageToken} value returned from a previous List request,
+     *                  if any.
+     * @return This builder.
+     */
+    public Builder setPageToken(String pageToken) {
+      this.pageToken = pageToken;
+      return this;
+    }
+
+    /**
+     * Sets the newest version number to include in the results.
+     *
+     * @param endVersionNumber Specify the newest version number to include in the results.
+     *                         If specified, must be greater than zero. Defaults to the newest
+     *                         version.
+     * @return This builder.
+     */
+    public Builder setEndVersionNumber(String endVersionNumber) {
+      this.endVersionNumber = endVersionNumber;
+      return this;
+    }
+
+    /**
+     * Sets the newest version number to include in the results.
+     *
+     * @param endVersionNumber Specify the newest version number to include in the results.
+     *                         If specified, must be greater than zero. Defaults to the newest
+     *                         version.
+     * @return This builder.
+     */
+    public Builder setEndVersionNumber(long endVersionNumber) {
+      this.endVersionNumber = String.valueOf(endVersionNumber);;
+      return this;
+    }
+
+    /**
+     * Sets the earliest update time to include in the results.
+     *
+     * @param startTimeMillis Specify the earliest update time to include in the results.
+     *                        Any entries updated before this time are omitted.
+     * @return This builder.
+     */
+    public Builder setStartTimeMillis(long startTimeMillis) {
+      this.startTime = RemoteConfigUtil.convertToUtcZuluFormat(startTimeMillis);
+      return this;
+    }
+
+    /**
+     * Sets the latest update time to include in the results.
+     *
+     * @param endTimeMillis Specify the latest update time to include in the results.
+     *                      Any entries updated on or after this time are omitted.
+     * @return This builder.
+     */
+    public Builder setEndTimeMillis(long endTimeMillis) {
+      this.endTime = RemoteConfigUtil.convertToUtcZuluFormat(endTimeMillis);
+      return this;
+    }
+
+    /**
+     * Builds a new {@link ListVersionsOptions} instance from the fields set on this builder.
+     *
+     * @return A non-null {@link ListVersionsOptions}.
+     */
+    public ListVersionsOptions build() {
+      return new ListVersionsOptions(this);
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/ListVersionsPage.java b/src/main/java/com/google/firebase/remoteconfig/ListVersionsPage.java
new file mode 100644
index 000000000..f6aa92fde
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ListVersionsPage.java
@@ -0,0 +1,268 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.gax.paging.Page;
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.NoSuchElementException;
+
+/**
+ * Represents a page of {@link Version} instances. Provides methods for iterating
+ * over the versions in the current page, and calling up subsequent pages of versions. Instances of
+ * this class are thread-safe and immutable.
+ */
+public final class ListVersionsPage implements Page<Version> {
+
+  static final String END_OF_LIST = "";
+
+  private final VersionsResultBatch currentBatch;
+  private final VersionSource source;
+  private final ListVersionsOptions listVersionsOptions;
+
+  private ListVersionsPage(
+          @NonNull VersionsResultBatch currentBatch, @NonNull VersionSource source,
+          @NonNull ListVersionsOptions listVersionsOptions) {
+    this.currentBatch = checkNotNull(currentBatch);
+    this.source = checkNotNull(source);
+    this.listVersionsOptions = listVersionsOptions;
+  }
+
+  /**
+   * Checks if there is another page of versions available to retrieve.
+   *
+   * @return true if another page is available, or false otherwise.
+   */
+  @Override
+  public boolean hasNextPage() {
+    return !END_OF_LIST.equals(currentBatch.getNextPageToken());
+  }
+
+  /**
+   * Returns the next page of versions.
+   *
+   * @return A new {@link ListVersionsPage} instance, or null if there are no more pages.
+   */
+  @NonNull
+  @Override
+  public ListVersionsPage getNextPage() {
+    if (hasNextPage()) {
+      ListVersionsOptions options;
+      if (listVersionsOptions != null) {
+        options = listVersionsOptions.toBuilder().setPageToken(currentBatch.getNextPageToken())
+                .build();
+      } else {
+        options = ListVersionsOptions.builder().setPageToken(currentBatch.getNextPageToken())
+                .build();
+      }
+      Factory factory = new Factory(source, options);
+      try {
+        return factory.create();
+      } catch (FirebaseRemoteConfigException e) {
+        throw new RuntimeException(e);
+      }
+    }
+    return null;
+  }
+
+  /**
+   * Returns the string token that identifies the next page. Never returns null. Returns an empty
+   * string if there are no more pages available to be retrieved.
+   *
+   * @return A non-null string token (possibly empty, representing no more pages)
+   */
+  @NonNull
+  @Override
+  public String getNextPageToken() {
+    return currentBatch.getNextPageToken();
+  }
+
+  /**
+   * Returns an {@code Iterable} over the versions in this page.
+   *
+   * @return a {@code Iterable<Version>} instance.
+   */
+  @NonNull
+  @Override
+  public Iterable<Version> getValues() {
+    return currentBatch.getVersions();
+  }
+
+  /**
+   * Returns an {@code Iterable} that facilitates transparently iterating over all the versions in
+   * the current Firebase project, starting from this page. The {@code Iterator} instances produced
+   * by the returned {@code Iterable} never buffers more than one page of versions at a time. It is
+   * safe to abandon the iterators (i.e. break the loops) at any time.
+   *
+   * @return a new {@code Iterable<Version>} instance.
+   */
+  @NonNull
+  @Override
+  public Iterable<Version> iterateAll() {
+    return new VersionIterable(this);
+  }
+
+  private static class VersionIterable implements Iterable<Version> {
+
+    private final ListVersionsPage startingPage;
+
+    VersionIterable(@NonNull ListVersionsPage startingPage) {
+      this.startingPage = checkNotNull(startingPage, "starting page must not be null");
+    }
+
+    @Override
+    @NonNull
+    public Iterator<Version> iterator() {
+      return new VersionIterable.VersionIterator(startingPage);
+    }
+
+    /**
+     * An {@code Iterator} that cycles through versions, one at a time. It buffers the
+     * last retrieved batch of versions in memory.
+     */
+    private static class VersionIterator implements Iterator<Version> {
+
+      private ListVersionsPage currentPage;
+      private List<Version> batch;
+      private int index = 0;
+
+      private VersionIterator(ListVersionsPage startingPage) {
+        setCurrentPage(startingPage);
+      }
+
+      @Override
+      public boolean hasNext() {
+        if (index == batch.size()) {
+          if (currentPage.hasNextPage()) {
+            setCurrentPage(currentPage.getNextPage());
+          } else {
+            return false;
+          }
+        }
+
+        return index < batch.size();
+      }
+
+      @Override
+      public Version next() {
+        if (!hasNext()) {
+          throw new NoSuchElementException();
+        }
+        return batch.get(index++);
+      }
+
+      @Override
+      public void remove() {
+        throw new UnsupportedOperationException("remove operation not supported");
+      }
+
+      private void setCurrentPage(ListVersionsPage page) {
+        this.currentPage = checkNotNull(page);
+        this.batch = ImmutableList.copyOf(page.getValues());
+        this.index = 0;
+      }
+    }
+  }
+
+  static final class VersionsResultBatch {
+
+    private final List<Version> versions;
+    private final String nextPageToken;
+
+    VersionsResultBatch(@NonNull List<Version> versions, @NonNull String nextPageToken) {
+      this.versions = checkNotNull(versions);
+      this.nextPageToken = checkNotNull(nextPageToken); // Can be empty
+    }
+
+    @NonNull
+    List<Version> getVersions() {
+      return versions;
+    }
+
+    @NonNull
+    String getNextPageToken() {
+      return nextPageToken;
+    }
+  }
+
+  /**
+   * Represents a source of Remote Config version data that can be queried to load a batch
+   * of versions.
+   */
+  interface VersionSource {
+    @NonNull
+    VersionsResultBatch fetch(
+            ListVersionsOptions listVersionsOptions) throws FirebaseRemoteConfigException;
+  }
+
+  static class DefaultVersionSource implements VersionSource {
+
+    private final FirebaseRemoteConfigClient remoteConfigClient;
+
+    DefaultVersionSource(FirebaseRemoteConfigClient remoteConfigClient) {
+      this.remoteConfigClient = checkNotNull(remoteConfigClient,
+              "remote config client must not be null");
+    }
+
+    @Override
+    public VersionsResultBatch fetch(
+            ListVersionsOptions listVersionsOptions) throws FirebaseRemoteConfigException {
+      TemplateResponse.ListVersionsResponse response = remoteConfigClient
+              .listVersions(listVersionsOptions);
+      ImmutableList.Builder<Version> builder = ImmutableList.builder();
+      if (response.hasVersions()) {
+        for (TemplateResponse.VersionResponse versionResponse : response.getVersions()) {
+          builder.add(new Version(versionResponse));
+        }
+      }
+      String nextPageToken = response.getNextPageToken() != null
+              ? response.getNextPageToken() : END_OF_LIST;
+      return new VersionsResultBatch(builder.build(), nextPageToken);
+    }
+  }
+
+  /**
+   * A simple factory class for {@link ListVersionsPage} instances. Performs argument validation
+   * before attempting to load any version data (which is expensive, and hence may be performed
+   * asynchronously on a separate thread).
+   */
+  static class Factory {
+
+    private final VersionSource source;
+    private final ListVersionsOptions listVersionsOptions;
+
+    Factory(@NonNull VersionSource source) {
+      this(source, null);
+    }
+
+    Factory(@NonNull VersionSource source, @NonNull ListVersionsOptions listVersionsOptions) {
+      this.source = checkNotNull(source, "source must not be null");
+      this.listVersionsOptions = listVersionsOptions;
+    }
+
+    ListVersionsPage create() throws FirebaseRemoteConfigException {
+      VersionsResultBatch batch = source.fetch(listVersionsOptions);
+      return new ListVersionsPage(batch, source, listVersionsOptions);
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/Parameter.java b/src/main/java/com/google/firebase/remoteconfig/Parameter.java
new file mode 100644
index 000000000..d61816b43
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/Parameter.java
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ParameterResponse;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ParameterValueResponse;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Represents a Remote Config parameter that can be included in a {@link Template}.
+ * At minimum, a default value or a conditional value must be present for the
+ * parameter to have any effect.
+ */
+public final class Parameter {
+
+  private ParameterValue defaultValue;
+  private String description;
+  private Map<String, ParameterValue> conditionalValues;
+
+  /**
+   * Creates a new {@link Parameter}.
+   */
+  public Parameter() {
+    conditionalValues = new HashMap<>();
+  }
+
+  Parameter(@NonNull ParameterResponse parameterResponse) {
+    checkNotNull(parameterResponse);
+    this.conditionalValues = new HashMap<>();
+    if (parameterResponse.getConditionalValues() != null) {
+      for (Map.Entry<String, ParameterValueResponse> entry
+              : parameterResponse.getConditionalValues().entrySet()) {
+        this.conditionalValues.put(entry.getKey(),
+                ParameterValue.fromParameterValueResponse(entry.getValue()));
+      }
+    }
+    ParameterValueResponse responseDefaultValue = parameterResponse.getDefaultValue();
+    this.defaultValue = (responseDefaultValue == null) ? null
+            : ParameterValue.fromParameterValueResponse(responseDefaultValue);
+    this.description = parameterResponse.getDescription();
+  }
+
+  /**
+   * Gets the default value of the parameter.
+   *
+   * @return A {@link ParameterValue} instance or null.
+   */
+  @Nullable
+  public ParameterValue getDefaultValue() {
+    return defaultValue;
+  }
+
+  /**
+   * Gets the description of the parameter.
+   *
+   * @return The description of the parameter or null.
+   */
+  @Nullable
+  public String getDescription() {
+    return description;
+  }
+
+  /**
+   * Gets the conditional values of the parameter.
+   * The condition name of the highest priority (the one listed first in the
+   * {@link Template}'s conditions list) determines the value of this parameter.
+   *
+   * @return A non-null map of conditional values.
+   */
+  @NonNull
+  public Map<String, ParameterValue> getConditionalValues() {
+    return conditionalValues;
+  }
+
+  /**
+   * Sets the default value of the parameter.
+   * This is the value to set the parameter to, when none of the named conditions
+   * evaluate to true.
+   *
+   * @param value An {@link ParameterValue} instance.
+   * @return This {@link Parameter}.
+   */
+  public Parameter setDefaultValue(@Nullable ParameterValue value) {
+    defaultValue = value;
+    return this;
+  }
+
+  /**
+   * Sets the description of the parameter.
+   * Should not be over 100 characters and may contain any Unicode characters.
+   *
+   * @param description The description of the parameter.
+   * @return This {@link Parameter}.
+   */
+  public Parameter setDescription(@Nullable String description) {
+    this.description = description;
+    return this;
+  }
+
+  /**
+   * Sets the conditional values of the parameter.
+   * The condition name of the highest priority (the one listed first in the
+   * {@link Template}'s conditions list) determines the value of this parameter.
+   *
+   * @param conditionalValues A non-null map of conditional values.
+   * @return This {@link Parameter}.
+   */
+  public Parameter setConditionalValues(
+          @NonNull Map<String, ParameterValue> conditionalValues) {
+    checkNotNull(conditionalValues, "conditional values must not be null.");
+    this.conditionalValues = conditionalValues;
+    return this;
+  }
+
+  ParameterResponse toParameterResponse() {
+    Map<String, ParameterValueResponse> conditionalResponseValues = new HashMap<>();
+    for (Map.Entry<String, ParameterValue> entry : conditionalValues.entrySet()) {
+      conditionalResponseValues.put(entry.getKey(), entry.getValue().toParameterValueResponse());
+    }
+    ParameterValueResponse defaultValueResponse = (defaultValue == null) ? null
+            : defaultValue.toParameterValueResponse();
+    return new ParameterResponse()
+            .setDefaultValue(defaultValueResponse)
+            .setDescription(description)
+            .setConditionalValues(conditionalResponseValues);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    Parameter parameter = (Parameter) o;
+    return Objects.equals(defaultValue, parameter.defaultValue)
+            && Objects.equals(description, parameter.description)
+            && Objects.equals(conditionalValues, parameter.conditionalValues);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(defaultValue, description, conditionalValues);
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/ParameterGroup.java b/src/main/java/com/google/firebase/remoteconfig/ParameterGroup.java
new file mode 100644
index 000000000..724665909
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ParameterGroup.java
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ParameterGroupResponse;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ParameterResponse;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Represents a Remote Config parameter group that can be included in a {@link Template}.
+ * Grouping parameters is only for management purposes and does not affect client-side
+ * fetching of parameter values.
+ */
+public final class ParameterGroup {
+
+  private String description;
+  private Map<String, Parameter> parameters;
+
+  /**
+   * Creates a new {@link ParameterGroup}.
+   */
+  public ParameterGroup() {
+    parameters = new HashMap<>();
+  }
+
+  ParameterGroup(@NonNull ParameterGroupResponse parameterGroupResponse) {
+    checkNotNull(parameterGroupResponse);
+    this.parameters = new HashMap<>();
+    if (parameterGroupResponse.getParameters() != null) {
+      for (Map.Entry<String, TemplateResponse.ParameterResponse> entry
+              : parameterGroupResponse.getParameters().entrySet()) {
+        this.parameters.put(entry.getKey(), new Parameter(entry.getValue()));
+      }
+    }
+    this.description = parameterGroupResponse.getDescription();
+  }
+
+  /**
+   * Gets the description of the parameter group.
+   *
+   * @return The description of the parameter or null.
+   */
+  @Nullable
+  public String getDescription() {
+    return description;
+  }
+
+  /**
+   * Gets the map of parameters that belong to this group.
+   *
+   * @return A non-null map of parameter keys to their optional default values and optional
+   *     conditional values.
+   */
+  @NonNull
+  public Map<String, Parameter> getParameters() {
+    return parameters;
+  }
+
+  /**
+   * Sets the description of the parameter group.
+   * Should not be over 256 characters and may contain any Unicode characters.
+   *
+   * @param description The description of the parameter group.
+   * @return This {@link ParameterGroup}.
+   */
+  public ParameterGroup setDescription(@Nullable String description) {
+    this.description = description;
+    return this;
+  }
+
+  /**
+   * Sets the map of parameters that belong to this group.
+   *
+   * <p>A parameter only appears once per Remote Config template.
+   * An ungrouped parameter appears at the top level, whereas a
+   * parameter organized within a group appears within its group's map of parameters.
+   *
+   * @param parameters A non-null map of parameter keys to their optional default values and
+   *                   optional conditional values.
+   * @return This {@link ParameterGroup} instance.
+   */
+  public ParameterGroup setParameters(
+          @NonNull Map<String, Parameter> parameters) {
+    checkNotNull(parameters, "parameters must not be null.");
+    this.parameters = parameters;
+    return this;
+  }
+
+  ParameterGroupResponse toParameterGroupResponse() {
+    Map<String, ParameterResponse> parameterResponses = new HashMap<>();
+    for (Map.Entry<String, Parameter> entry : this.parameters.entrySet()) {
+      parameterResponses.put(entry.getKey(), entry.getValue().toParameterResponse());
+    }
+    return new ParameterGroupResponse()
+            .setDescription(this.description)
+            .setParameters(parameterResponses);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    ParameterGroup that = (ParameterGroup) o;
+    return Objects.equals(description, that.description)
+            && Objects.equals(parameters, that.parameters);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(description, parameters);
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/ParameterValue.java b/src/main/java/com/google/firebase/remoteconfig/ParameterValue.java
new file mode 100644
index 000000000..90bf0e5df
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ParameterValue.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ParameterValueResponse;
+
+import java.util.Objects;
+
+/**
+ * Represents a Remote Config parameter value that can be used in a {@link Template}.
+ */
+public abstract class ParameterValue {
+
+  /**
+   * Creates a new {@link ParameterValue.Explicit} instance with the given value.
+   *
+   * @param value The value of the {@link ParameterValue.Explicit}.
+   * @return A {@link ParameterValue.Explicit} instance.
+   */
+  public static Explicit of(String value) {
+    return new Explicit(value);
+  }
+
+  /**
+   * Creates a new {@link ParameterValue.InAppDefault} instance.
+   *
+   * @return A {@link ParameterValue.InAppDefault} instance.
+   */
+  public static InAppDefault inAppDefault() {
+    return new InAppDefault();
+  }
+
+  abstract ParameterValueResponse toParameterValueResponse();
+
+  static ParameterValue fromParameterValueResponse(
+          @NonNull ParameterValueResponse parameterValueResponse) {
+    checkNotNull(parameterValueResponse);
+    if (parameterValueResponse.isUseInAppDefault()) {
+      return ParameterValue.inAppDefault();
+    }
+    return ParameterValue.of(parameterValueResponse.getValue());
+  }
+
+  /**
+   * Represents an explicit Remote Config parameter value with a value that the
+   * parameter is set to.
+   */
+  public static final class Explicit extends ParameterValue {
+
+    private final String value;
+
+    private Explicit(String value) {
+      this.value = value;
+    }
+
+    /**
+     * Gets the value of {@link ParameterValue.Explicit}.
+     *
+     * @return The value.
+     */
+    public String getValue() {
+      return this.value;
+    }
+
+    @Override
+    ParameterValueResponse toParameterValueResponse() {
+      return new ParameterValueResponse()
+              .setValue(this.value);
+    }
+
+    @Override
+    public boolean equals(Object o) {
+      if (this == o) {
+        return true;
+      }
+      if (o == null || getClass() != o.getClass()) {
+        return false;
+      }
+      Explicit explicit = (Explicit) o;
+      return Objects.equals(value, explicit.value);
+    }
+
+    @Override
+    public int hashCode() {
+      return Objects.hash(value);
+    }
+  }
+
+  /**
+   * Represents an in app default parameter value.
+   */
+  public static final class InAppDefault extends ParameterValue {
+
+    @Override
+    ParameterValueResponse toParameterValueResponse() {
+      return new ParameterValueResponse().setUseInAppDefault(true);
+    }
+
+    @Override
+    public boolean equals(Object o) {
+      if (this == o) {
+        return true;
+      }
+      if (o == null || getClass() != o.getClass()) {
+        return false;
+      }
+      return true;
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/PublishOptions.java b/src/main/java/com/google/firebase/remoteconfig/PublishOptions.java
new file mode 100644
index 000000000..78c25b841
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/PublishOptions.java
@@ -0,0 +1,33 @@
+package com.google.firebase.remoteconfig;
+
+/**
+ * An internal class for publish template options.
+ */
+final class PublishOptions {
+
+  private boolean validateOnly;
+  private boolean forcePublish;
+
+  PublishOptions() {
+    validateOnly = false;
+    forcePublish = false;
+  }
+
+  public PublishOptions setForcePublish(boolean forcePublish) {
+    this.forcePublish = forcePublish;
+    return this;
+  }
+
+  public PublishOptions setValidateOnly(boolean validateOnly) {
+    this.validateOnly = validateOnly;
+    return this;
+  }
+
+  public boolean isForcePublish() {
+    return forcePublish;
+  }
+
+  public boolean isValidateOnly() {
+    return validateOnly;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/RemoteConfigErrorCode.java b/src/main/java/com/google/firebase/remoteconfig/RemoteConfigErrorCode.java
new file mode 100644
index 000000000..6d794503f
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/RemoteConfigErrorCode.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+/**
+ * Error codes that can be raised by the Remote Config APIs.
+ */
+public enum RemoteConfigErrorCode {
+
+  /**
+   * One or more arguments specified in the request were invalid.
+   */
+  INVALID_ARGUMENT,
+
+  /**
+   * Internal server error.
+   */
+  INTERNAL,
+
+  /**
+   * Request cannot be executed in the current system state, such as deleting a non-empty
+   * directory.
+   */
+  FAILED_PRECONDITION,
+
+  /**
+   * User is not authenticated.
+   */
+  UNAUTHENTICATED,
+
+  /**
+   * The resource that a client tried to create already exists.
+   */
+  ALREADY_EXISTS,
+
+  /**
+   * Failed to validate Remote Config data.
+   */
+  VALIDATION_ERROR,
+
+  /**
+   * The current version specified in an update request
+   * did not match the actual version in the database.
+   */
+  VERSION_MISMATCH,
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/RemoteConfigUtil.java b/src/main/java/com/google/firebase/remoteconfig/RemoteConfigUtil.java
new file mode 100644
index 000000000..4011af8ff
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/RemoteConfigUtil.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.common.base.Strings;
+
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.TimeZone;
+
+final class RemoteConfigUtil {
+
+  // SimpleDateFormat cannot handle fractional seconds in timestamps
+  // (example: "2014-10-02T15:01:23.045123456Z"). Therefore, we strip fractional seconds
+  // from the date string (example: "2014-10-02T15:01:23") when parsing Zulu timestamp strings.
+  // The backend API expects timestamps in Zulu format with fractional seconds. To generate correct
+  // timestamps in payloads we use ".SSS000000'Z'" suffix.
+  // Hence, two Zulu date patterns are used below.
+  private static final String ZULU_DATE_PATTERN = "yyyy-MM-dd'T'HH:mm:ss.SSS000000'Z'";
+  private static final String ZULU_DATE_NO_FRAC_SECS_PATTERN = "yyyy-MM-dd'T'HH:mm:ss";
+  private static final String UTC_DATE_PATTERN = "EEE, dd MMM yyyy HH:mm:ss z";
+  private static final TimeZone UTC_TIME_ZONE = TimeZone.getTimeZone("UTC");
+
+  static boolean isValidVersionNumber(String versionNumber) {
+    return !Strings.isNullOrEmpty(versionNumber) && versionNumber.matches("^\\d+$");
+  }
+
+  static long convertToMilliseconds(String dateString) throws ParseException {
+    try {
+      return convertFromUtcZuluFormat(dateString);
+    } catch (ParseException e) {
+      return convertFromUtcDateFormat(dateString);
+    }
+  }
+
+  static String convertToUtcZuluFormat(long millis) {
+    // sample output date string: 2020-11-12T22:12:02.000000000Z
+    checkArgument(millis >= 0, "Milliseconds duration must not be negative");
+    SimpleDateFormat dateFormat = new SimpleDateFormat(ZULU_DATE_PATTERN);
+    dateFormat.setTimeZone(UTC_TIME_ZONE);
+    return dateFormat.format(new Date(millis));
+  }
+
+  static String convertToUtcDateFormat(long millis) {
+    // sample output date string: Tue, 08 Dec 2020 15:49:51 GMT
+    checkArgument(millis >= 0, "Milliseconds duration must not be negative");
+    SimpleDateFormat dateFormat = new SimpleDateFormat(UTC_DATE_PATTERN);
+    dateFormat.setTimeZone(UTC_TIME_ZONE);
+    return dateFormat.format(new Date(millis));
+  }
+
+  static long convertFromUtcZuluFormat(String dateString) throws ParseException {
+    checkArgument(!Strings.isNullOrEmpty(dateString), "Date string must not be null or empty");
+    // Input timestamp is in RFC3339 UTC "Zulu" format, accurate to
+    // nanoseconds (up to 9 fractional seconds digits).
+    // SimpleDateFormat cannot handle fractional seconds, therefore we strip fractional seconds
+    // from the input date string before parsing.
+    // example: input -> "2014-10-02T15:01:23.045123456Z"
+    // formatted -> "2014-10-02T15:01:23"
+    int indexOfPeriod = dateString.indexOf(".");
+    if (indexOfPeriod != -1) {
+      dateString = dateString.substring(0, indexOfPeriod);
+    }
+    SimpleDateFormat dateFormat = new SimpleDateFormat(ZULU_DATE_NO_FRAC_SECS_PATTERN);
+    dateFormat.setTimeZone(UTC_TIME_ZONE);
+    return dateFormat.parse(dateString).getTime();
+  }
+
+  static long convertFromUtcDateFormat(String dateString) throws ParseException {
+    // sample input date string: Tue, 08 Dec 2020 15:49:51 GMT
+    checkArgument(!Strings.isNullOrEmpty(dateString), "Date string must not be null or empty");
+    SimpleDateFormat dateFormat = new SimpleDateFormat(UTC_DATE_PATTERN);
+    dateFormat.setTimeZone(UTC_TIME_ZONE);
+    return dateFormat.parse(dateString).getTime();
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/TagColor.java b/src/main/java/com/google/firebase/remoteconfig/TagColor.java
new file mode 100644
index 000000000..ed7b8cdf4
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/TagColor.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+/**
+ * Colors that are associated with conditions for display purposes in the Firebase Console.
+ */
+public enum TagColor {
+  BLUE("BLUE"),
+  BROWN("BROWN"),
+  CYAN("CYAN"),
+  DEEP_ORANGE("DEEP_ORANGE"),
+  GREEN("GREEN"),
+  INDIGO("INDIGO"),
+  LIME("LIME"),
+  ORANGE("ORANGE"),
+  PINK("PINK"),
+  PURPLE("PURPLE"),
+  TEAL("TEAL"),
+  UNSPECIFIED("CONDITION_DISPLAY_COLOR_UNSPECIFIED");
+
+  private final String color;
+
+  TagColor(String color) {
+    this.color = color;
+  }
+
+  public String getColor() {
+    return color;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/Template.java b/src/main/java/com/google/firebase/remoteconfig/Template.java
new file mode 100644
index 000000000..24bd68a5b
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/Template.java
@@ -0,0 +1,281 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.json.JsonFactory;
+import com.google.common.base.Strings;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Represents a Remote Config template.
+ */
+public final class Template {
+
+  private String etag;
+  private Map<String, Parameter> parameters;
+  private List<Condition> conditions;
+  private Map<String, ParameterGroup> parameterGroups;
+  private Version version;
+
+  /**
+   * Creates a new {@link Template}.
+   *
+   * @param etag The ETag of this template.
+   */
+  public Template(String etag) {
+    this.parameters = new HashMap<>();
+    this.conditions = new ArrayList<>();
+    this.parameterGroups = new HashMap<>();
+    this.etag = etag;
+  }
+
+  Template() {
+    this((String) null);
+  }
+
+  Template(@NonNull TemplateResponse templateResponse) {
+    checkNotNull(templateResponse);
+    this.parameters = new HashMap<>();
+    this.conditions = new ArrayList<>();
+    this.parameterGroups = new HashMap<>();
+    if (templateResponse.getParameters() != null) {
+      for (Map.Entry<String, TemplateResponse.ParameterResponse> entry
+              : templateResponse.getParameters().entrySet()) {
+        this.parameters.put(entry.getKey(), new Parameter(entry.getValue()));
+      }
+    }
+    if (templateResponse.getConditions() != null) {
+      for (TemplateResponse.ConditionResponse conditionResponse
+              : templateResponse.getConditions()) {
+        this.conditions.add(new Condition(conditionResponse));
+      }
+    }
+    if (templateResponse.getParameterGroups() != null) {
+      for (Map.Entry<String, TemplateResponse.ParameterGroupResponse> entry
+              : templateResponse.getParameterGroups().entrySet()) {
+        this.parameterGroups.put(entry.getKey(), new ParameterGroup(entry.getValue()));
+      }
+    }
+    if (templateResponse.getVersion() != null) {
+      this.version = new Version(templateResponse.getVersion());
+    }
+    this.etag = templateResponse.getEtag();
+  }
+
+  /**
+   * Creates and returns a new Remote Config template from a JSON string.
+   * Input JSON string must contain an {@code etag} property to create a valid template.
+   *
+   * @param json A non-null JSON string to populate a Remote Config template.
+   * @return A new {@link Template} instance.
+   * @throws FirebaseRemoteConfigException If the input JSON string is not parsable.
+   */
+  public static Template fromJSON(@NonNull String json) throws FirebaseRemoteConfigException {
+    checkArgument(!Strings.isNullOrEmpty(json), "JSON String must not be null or empty.");
+    // using the default json factory as no rpc calls are made here
+    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+    try {
+      TemplateResponse templateResponse = jsonFactory.createJsonParser(json)
+              .parseAndClose(TemplateResponse.class);
+      return new Template(templateResponse);
+    } catch (IOException e) {
+      throw new FirebaseRemoteConfigException(ErrorCode.INVALID_ARGUMENT,
+              "Unable to parse JSON string.");
+    }
+  }
+
+  /**
+   * Gets the ETag of the template.
+   *
+   * @return The ETag of the template.
+   */
+  public String getETag() {
+    return this.etag;
+  }
+
+  /**
+   * Gets the map of parameters of the template.
+   *
+   * @return A non-null map of parameter keys to their optional default values and optional
+   *     conditional values.
+   */
+  @NonNull
+  public Map<String, Parameter> getParameters() {
+    return this.parameters;
+  }
+
+  /**
+   * Gets the list of conditions of the template.
+   *
+   * @return A non-null list of conditions.
+   */
+  @NonNull
+  public List<Condition> getConditions() {
+    return conditions;
+  }
+
+  /**
+   * Gets the map of parameter groups of the template.
+   *
+   * @return A non-null map of parameter group names to their parameter group instances.
+   */
+  @NonNull
+  public Map<String, ParameterGroup> getParameterGroups() {
+    return parameterGroups;
+  }
+
+  /**
+   * Gets the version information of the template.
+   *
+   * @return The version information of the template.
+   */
+  public Version getVersion() {
+    return version;
+  }
+
+  /**
+   * Sets the map of parameters of the template.
+   *
+   * @param parameters A non-null map of parameter keys to their optional default values and
+   *                   optional conditional values.
+   * @return This {@link Template} instance.
+   */
+  public Template setParameters(
+          @NonNull Map<String, Parameter> parameters) {
+    checkNotNull(parameters, "parameters must not be null.");
+    this.parameters = parameters;
+    return this;
+  }
+
+  /**
+   * Sets the list of conditions of the template.
+   *
+   * @param conditions A non-null list of conditions in descending order by priority.
+   * @return This {@link Template} instance.
+   */
+  public Template setConditions(
+          @NonNull List<Condition> conditions) {
+    checkNotNull(conditions, "conditions must not be null.");
+    this.conditions = conditions;
+    return this;
+  }
+
+  /**
+   * Sets the map of parameter groups of the template.
+   *
+   * @param parameterGroups A non-null map of parameter group names to their
+   *                        parameter group instances.
+   * @return This {@link Template} instance.
+   */
+  public Template setParameterGroups(
+          @NonNull Map<String, ParameterGroup> parameterGroups) {
+    checkNotNull(parameterGroups, "parameter groups must not be null.");
+    this.parameterGroups = parameterGroups;
+    return this;
+  }
+
+  /**
+   * Sets the version information of the template.
+   * Only the version's description field can be specified here.
+   *
+   * @param version A {@link Version} instance.
+   * @return This {@link Template} instance.
+   */
+  public Template setVersion(Version version) {
+    this.version = version;
+    return this;
+  }
+
+  /**
+   * Gets the JSON-serializable representation of this template.
+   *
+   * @return A JSON-serializable representation of this {@link Template} instance.
+   */
+  public String toJSON() {
+    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+    try {
+      return jsonFactory.toString(this.toTemplateResponse(true));
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  Template setETag(String etag) {
+    this.etag = etag;
+    return this;
+  }
+
+  TemplateResponse toTemplateResponse(boolean includeAll) {
+    Map<String, TemplateResponse.ParameterResponse> parameterResponses = new HashMap<>();
+    for (Map.Entry<String, Parameter> entry : this.parameters.entrySet()) {
+      parameterResponses.put(entry.getKey(), entry.getValue().toParameterResponse());
+    }
+    List<TemplateResponse.ConditionResponse> conditionResponses = new ArrayList<>();
+    for (Condition condition : this.conditions) {
+      conditionResponses.add(condition.toConditionResponse());
+    }
+    Map<String, TemplateResponse.ParameterGroupResponse> parameterGroupResponse = new HashMap<>();
+    for (Map.Entry<String, ParameterGroup> entry : this.parameterGroups.entrySet()) {
+      parameterGroupResponse.put(entry.getKey(), entry.getValue().toParameterGroupResponse());
+    }
+    TemplateResponse.VersionResponse versionResponse = (this.version == null) ? null
+            : this.version.toVersionResponse(includeAll);
+    TemplateResponse templateResponse = new TemplateResponse()
+            .setParameters(parameterResponses)
+            .setConditions(conditionResponses)
+            .setParameterGroups(parameterGroupResponse)
+            .setVersion(versionResponse);
+    if (includeAll) {
+      return templateResponse.setEtag(this.etag);
+    }
+    return templateResponse;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    Template template = (Template) o;
+    return Objects.equals(etag, template.etag)
+            && Objects.equals(parameters, template.parameters)
+            && Objects.equals(conditions, template.conditions)
+            && Objects.equals(parameterGroups, template.parameterGroups)
+            && Objects.equals(version, template.version);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(etag, parameters, conditions, parameterGroups, version);
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/User.java b/src/main/java/com/google/firebase/remoteconfig/User.java
new file mode 100644
index 000000000..264fe8b63
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/User.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.UserResponse;
+
+import java.util.Objects;
+
+/**
+ * Represents a Remote Config user. Output only.
+ */
+public class User {
+
+  private final String email;
+  private final String name;
+  private final String imageUrl;
+
+  User(@NonNull UserResponse userResponse) {
+    checkNotNull(userResponse);
+    this.email = userResponse.getEmail();
+    this.name = userResponse.getName();
+    this.imageUrl = userResponse.getImageUrl();
+  }
+
+  /**
+   * Gets the email of the user.
+   *
+   * @return The email of the user or null.
+   */
+  @Nullable
+  public String getEmail() {
+    return email;
+  }
+
+  /**
+   * Gets the name of the user.
+   *
+   * @return The name of the user or null.
+   */
+  @Nullable
+  public String getName() {
+    return name;
+  }
+
+  /**
+   * Gets the image URL of the user.
+   *
+   * @return The image URL of the user or null.
+   */
+  @Nullable
+  public String getImageUrl() {
+    return imageUrl;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    User user = (User) o;
+    return Objects.equals(email, user.email)
+            && Objects.equals(name, user.name)
+            && Objects.equals(imageUrl, user.imageUrl);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(email, name, imageUrl);
+  }
+
+  UserResponse toUserResponse() {
+    return new UserResponse()
+            .setEmail(this.email)
+            .setImageUrl(this.imageUrl)
+            .setName(this.name);
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/Version.java b/src/main/java/com/google/firebase/remoteconfig/Version.java
new file mode 100644
index 000000000..5aa6c942d
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/Version.java
@@ -0,0 +1,225 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.base.Strings;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.VersionResponse;
+
+import java.text.ParseException;
+import java.util.Objects;
+
+/**
+ * Represents a Remote Config template version.
+ * Output only, except for the version description. Contains metadata about a particular
+ * version of the Remote Config template. All fields are set at the time the specified Remote
+ * Config template is published. A version's description field may be specified when
+ * publishing a template.
+ */
+public final class Version {
+
+  private final String versionNumber;
+  private final long updateTime;
+  private final String updateOrigin;
+  private final String updateType;
+  private final User updateUser;
+  private final String rollbackSource;
+  private final boolean legacy;
+  private String description;
+
+  private Version() {
+    this.versionNumber = null;
+    this.updateTime = 0L;
+    this.updateOrigin = null;
+    this.updateType = null;
+    this.updateUser = null;
+    this.rollbackSource = null;
+    this.legacy = false;
+  }
+
+  Version(@NonNull VersionResponse versionResponse) {
+    checkNotNull(versionResponse);
+    this.versionNumber = versionResponse.getVersionNumber();
+
+    if (!Strings.isNullOrEmpty(versionResponse.getUpdateTime())) {
+      try {
+        this.updateTime = RemoteConfigUtil.convertToMilliseconds(versionResponse.getUpdateTime());
+      } catch (ParseException e) {
+        throw new IllegalStateException("Unable to parse update time.", e);
+      }
+    } else {
+      this.updateTime = 0L;
+    }
+
+    this.updateOrigin = versionResponse.getUpdateOrigin();
+    this.updateType = versionResponse.getUpdateType();
+    TemplateResponse.UserResponse userResponse = versionResponse.getUpdateUser();
+    this.updateUser = (userResponse != null) ? new User(userResponse) : null;
+    this.description = versionResponse.getDescription();
+    this.rollbackSource = versionResponse.getRollbackSource();
+    this.legacy = versionResponse.isLegacy();
+  }
+
+  /**
+   * Creates a new {@link Version} with a description.
+   */
+  public static Version withDescription(String description) {
+    return new Version().setDescription(description);
+  }
+
+  /**
+   * Gets the version number of the template.
+   *
+   * @return The version number or null.
+   */
+  @Nullable
+  public String getVersionNumber() {
+    return versionNumber;
+  }
+
+  /**
+   * Gets the update time of the version. The timestamp of when this version of the Remote Config
+   * template was written to the Remote Config backend.
+   *
+   * @return The update time of the version or null.
+   */
+  @Nullable
+  public long getUpdateTime() {
+    return updateTime;
+  }
+
+  /**
+   * Gets the origin of the template update action.
+   *
+   * @return The origin of the template update action or null.
+   */
+  @Nullable
+  public String getUpdateOrigin() {
+    return updateOrigin;
+  }
+
+  /**
+   * Gets the type of the template update action.
+   *
+   * @return The type of the template update action or null.
+   */
+  @Nullable
+  public String getUpdateType() {
+    return updateType;
+  }
+
+  /**
+   * Gets the update user of the template.
+   * An aggregation of all metadata fields about the account that performed the update.
+   *
+   * @return The update user of the template or null.
+   */
+  @Nullable
+  public User getUpdateUser() {
+    return updateUser;
+  }
+
+  /**
+   * Gets the user-provided description of the corresponding Remote Config template.
+   *
+   * @return The description of the template or null.
+   */
+  @Nullable
+  public String getDescription() {
+    return description;
+  }
+
+  /**
+   * Gets the rollback source of the template.
+   *
+   * <p>The version number of the Remote Config template that has become the current version
+   * due to a rollback. Only present if this version is the result of a rollback.
+   *
+   * @return The rollback source of the template or null.
+   */
+  @Nullable
+  public String getRollbackSource() {
+    return rollbackSource;
+  }
+
+  /**
+   * Indicates whether this Remote Config template was published before version history was
+   * supported.
+   *
+   * @return true if the template was published before version history was supported,
+   *     and false otherwise.
+   */
+  public boolean isLegacy() {
+    return legacy;
+  }
+
+  /**
+   * Sets the user-provided description of the template.
+   *
+   * @param description The description of the template.
+   * @return This {@link Version}.
+   */
+  public Version setDescription(String description) {
+    this.description = description;
+    return this;
+  }
+
+  VersionResponse toVersionResponse(boolean includeAll) {
+    VersionResponse versionResponse = new VersionResponse().setDescription(this.description);
+    if (includeAll) {
+      versionResponse.setUpdateTime(this.updateTime > 0L
+              ? RemoteConfigUtil.convertToUtcDateFormat(this.updateTime) : null)
+              .setLegacy(this.legacy)
+              .setRollbackSource(this.rollbackSource)
+              .setUpdateOrigin(this.updateOrigin)
+              .setUpdateType(this.updateType)
+              .setUpdateUser((this.updateUser == null) ? null : this.updateUser.toUserResponse())
+              .setVersionNumber(this.versionNumber);
+    }
+    return versionResponse;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    Version version = (Version) o;
+    return updateTime == version.updateTime
+            && legacy == version.legacy
+            && Objects.equals(versionNumber, version.versionNumber)
+            && Objects.equals(updateOrigin, version.updateOrigin)
+            && Objects.equals(updateType, version.updateType)
+            && Objects.equals(updateUser, version.updateUser)
+            && Objects.equals(description, version.description)
+            && Objects.equals(rollbackSource, version.rollbackSource);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects
+            .hash(versionNumber, updateTime, updateOrigin, updateType, updateUser, description,
+                    rollbackSource, legacy);
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/internal/RemoteConfigServiceErrorResponse.java b/src/main/java/com/google/firebase/remoteconfig/internal/RemoteConfigServiceErrorResponse.java
new file mode 100644
index 000000000..050add953
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/internal/RemoteConfigServiceErrorResponse.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig.internal;
+
+import com.google.api.client.json.GenericJson;
+import com.google.api.client.util.Key;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.remoteconfig.RemoteConfigErrorCode;
+
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * The DTO for parsing error responses from the Remote Config service.
+ * These error messages take the form,
+ * `"error": {"code": 123, "message": "[CODE]: Message Details", "status": "ERROR_STATUS"}`
+ */
+public final class RemoteConfigServiceErrorResponse extends GenericJson {
+
+  private static final Map<String, RemoteConfigErrorCode> RC_ERROR_CODES =
+          ImmutableMap.<String, RemoteConfigErrorCode>builder()
+                  .put("INTERNAL", RemoteConfigErrorCode.INTERNAL)
+                  .put("INVALID_ARGUMENT", RemoteConfigErrorCode.INVALID_ARGUMENT)
+                  .put("FAILED_PRECONDITION", RemoteConfigErrorCode.FAILED_PRECONDITION)
+                  .put("UNAUTHENTICATED", RemoteConfigErrorCode.UNAUTHENTICATED)
+                  .put("ALREADY_EXISTS", RemoteConfigErrorCode.ALREADY_EXISTS)
+                  .put("VALIDATION_ERROR", RemoteConfigErrorCode.VALIDATION_ERROR)
+                  .put("VERSION_MISMATCH", RemoteConfigErrorCode.VERSION_MISMATCH)
+                  .build();
+
+  private static final Pattern RC_ERROR_CODE_PATTERN = Pattern.compile("^\\[(\\w+)\\]:.*$");
+
+  @Key("error")
+  private Map<String, Object> error;
+
+  @Nullable
+  public RemoteConfigErrorCode getRemoteConfigErrorCode() {
+    if (error == null) {
+      return null;
+    }
+
+    String message = (String) error.get("message");
+    if (Strings.isNullOrEmpty(message)) {
+      return null;
+    }
+
+    Matcher errorMatcher = RC_ERROR_CODE_PATTERN.matcher(message);
+    if (errorMatcher.find()) {
+      String errorCode = errorMatcher.group(1);
+      return RC_ERROR_CODES.get(errorCode);
+    }
+
+    return null;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/internal/TemplateResponse.java b/src/main/java/com/google/firebase/remoteconfig/internal/TemplateResponse.java
new file mode 100644
index 000000000..09e71ef84
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/internal/TemplateResponse.java
@@ -0,0 +1,424 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig.internal;
+
+import com.google.api.client.util.Key;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * The Data Transfer Object for parsing Remote Config template responses from the
+ * Remote Config service.
+ **/
+public final class TemplateResponse {
+
+  @Key("parameters")
+  private Map<String, ParameterResponse> parameters;
+
+  @Key("conditions")
+  private List<ConditionResponse> conditions;
+
+  @Key("parameterGroups")
+  private Map<String, ParameterGroupResponse> parameterGroups;
+
+  @Key("version")
+  private VersionResponse version;
+
+  // For local JSON serialization and deserialization purposes only.
+  // ETag in response type is never set by the HTTP response.
+  @Key("etag")
+  private String etag;
+
+  public Map<String, ParameterResponse> getParameters() {
+    return parameters;
+  }
+
+  public List<ConditionResponse> getConditions() {
+    return conditions;
+  }
+
+  public Map<String, ParameterGroupResponse> getParameterGroups() {
+    return parameterGroups;
+  }
+
+  public VersionResponse getVersion() {
+    return version;
+  }
+
+  public String getEtag() {
+    return etag;
+  }
+
+  public TemplateResponse setParameters(
+          Map<String, ParameterResponse> parameters) {
+    this.parameters = parameters;
+    return this;
+  }
+
+  public TemplateResponse setConditions(
+          List<ConditionResponse> conditions) {
+    this.conditions = conditions;
+    return this;
+  }
+
+  public TemplateResponse setParameterGroups(
+          Map<String, ParameterGroupResponse> parameterGroups) {
+    this.parameterGroups = parameterGroups;
+    return this;
+  }
+
+  public TemplateResponse setVersion(VersionResponse version) {
+    this.version = version;
+    return this;
+  }
+
+  public TemplateResponse setEtag(String etag) {
+    this.etag = etag;
+    return this;
+  }
+
+  /**
+   * The Data Transfer Object for parsing Remote Config parameter responses from the
+   * Remote Config service.
+   **/
+  public static final class ParameterResponse {
+
+    @Key("defaultValue")
+    private ParameterValueResponse defaultValue;
+
+    @Key("description")
+    private String description;
+
+    @Key("conditionalValues")
+    private Map<String, ParameterValueResponse> conditionalValues;
+
+    public ParameterValueResponse getDefaultValue() {
+      return defaultValue;
+    }
+
+    public String getDescription() {
+      return description;
+    }
+
+    public Map<String, ParameterValueResponse> getConditionalValues() {
+      return conditionalValues;
+    }
+
+    public ParameterResponse setDefaultValue(
+            ParameterValueResponse defaultValue) {
+      this.defaultValue = defaultValue;
+      return this;
+    }
+
+    public ParameterResponse setDescription(String description) {
+      this.description = description;
+      return this;
+    }
+
+    public ParameterResponse setConditionalValues(
+            Map<String, ParameterValueResponse> conditionalValues) {
+      this.conditionalValues = conditionalValues;
+      return this;
+    }
+  }
+
+  /**
+   * The Data Transfer Object for parsing Remote Config parameter value responses from the
+   * Remote Config service.
+   **/
+  public static final class ParameterValueResponse {
+
+    @Key("value")
+    private String value;
+
+    @Key("useInAppDefault")
+    private Boolean useInAppDefault;
+
+    public String getValue() {
+      return value;
+    }
+
+    public boolean isUseInAppDefault() {
+      return Boolean.TRUE.equals(this.useInAppDefault);
+    }
+
+    public ParameterValueResponse setValue(String value) {
+      this.value = value;
+      return this;
+    }
+
+    public ParameterValueResponse setUseInAppDefault(boolean useInAppDefault) {
+      this.useInAppDefault = useInAppDefault;
+      return this;
+    }
+  }
+
+  /**
+   * The Data Transfer Object for parsing Remote Config condition responses from the
+   * Remote Config service.
+   **/
+  public static final class ConditionResponse {
+
+    @Key("name")
+    private String name;
+
+    @Key("expression")
+    private String expression;
+
+    @Key("tagColor")
+    private String tagColor;
+
+    public String getName() {
+      return name;
+    }
+
+    public String getExpression() {
+      return expression;
+    }
+
+    public String getTagColor() {
+      return tagColor;
+    }
+
+    public ConditionResponse setName(String name) {
+      this.name = name;
+      return this;
+    }
+
+    public ConditionResponse setExpression(String expression) {
+      this.expression = expression;
+      return this;
+    }
+
+    public ConditionResponse setTagColor(String tagColor) {
+      this.tagColor = tagColor;
+      return this;
+    }
+  }
+
+  /**
+   * The Data Transfer Object for parsing Remote Config parameter groups responses from the
+   * Remote Config service.
+   **/
+  public static final class ParameterGroupResponse {
+
+    @Key("description")
+    private String description;
+
+    @Key("parameters")
+    private Map<String, ParameterResponse> parameters;
+
+    public Map<String, ParameterResponse> getParameters() {
+      return parameters;
+    }
+
+    public String getDescription() {
+      return description;
+    }
+
+    public ParameterGroupResponse setParameters(
+            Map<String, ParameterResponse> parameters) {
+      this.parameters = parameters;
+      return this;
+    }
+
+    public ParameterGroupResponse setDescription(String description) {
+      this.description = description;
+      return this;
+    }
+  }
+
+  /**
+   * The Data Transfer Object for parsing Remote Config version responses from the
+   * Remote Config service.
+   **/
+  public static final class VersionResponse {
+    @Key("versionNumber")
+    private String versionNumber;
+
+    @Key("updateTime")
+    private String updateTime;
+
+    @Key("updateOrigin")
+    private String updateOrigin;
+
+    @Key("updateType")
+    private String updateType;
+
+    @Key("updateUser")
+    private UserResponse updateUser;
+
+    @Key("description")
+    private String description;
+
+    @Key("rollbackSource")
+    private String rollbackSource;
+
+    @Key("legacy")
+    private Boolean legacy;
+
+    public String getVersionNumber() {
+      return versionNumber;
+    }
+
+    public String getUpdateTime() {
+      return updateTime;
+    }
+
+    public String getUpdateOrigin() {
+      return updateOrigin;
+    }
+
+    public String getUpdateType() {
+      return updateType;
+    }
+
+    public UserResponse getUpdateUser() {
+      return updateUser;
+    }
+
+    public String getDescription() {
+      return description;
+    }
+
+    public String getRollbackSource() {
+      return rollbackSource;
+    }
+
+    public boolean isLegacy() {
+      return Boolean.TRUE.equals(this.legacy);
+    }
+
+    public VersionResponse setDescription(String description) {
+      this.description = description;
+      return this;
+    }
+
+    public VersionResponse setVersionNumber(String versionNumber) {
+      this.versionNumber = versionNumber;
+      return this;
+    }
+
+    public VersionResponse setUpdateTime(String updateTime) {
+      this.updateTime = updateTime;
+      return this;
+    }
+
+    public VersionResponse setUpdateOrigin(String updateOrigin) {
+      this.updateOrigin = updateOrigin;
+      return this;
+    }
+
+    public VersionResponse setUpdateType(String updateType) {
+      this.updateType = updateType;
+      return this;
+    }
+
+    public VersionResponse setUpdateUser(UserResponse updateUser) {
+      this.updateUser = updateUser;
+      return this;
+    }
+
+    public VersionResponse setRollbackSource(String rollbackSource) {
+      this.rollbackSource = rollbackSource;
+      return this;
+    }
+
+    public VersionResponse setLegacy(Boolean legacy) {
+      this.legacy = legacy;
+      return this;
+    }
+  }
+
+  /**
+   * The Data Transfer Object for parsing Remote Config user responses from the
+   * Remote Config service.
+   **/
+  public static final class UserResponse {
+    @Key("email")
+    private String email;
+
+    @Key("name")
+    private String name;
+
+    @Key("imageUrl")
+    private String imageUrl;
+
+    public String getEmail() {
+      return email;
+    }
+
+    public String getName() {
+      return name;
+    }
+
+    public String getImageUrl() {
+      return imageUrl;
+    }
+
+    public UserResponse setEmail(String email) {
+      this.email = email;
+      return this;
+    }
+
+    public UserResponse setName(String name) {
+      this.name = name;
+      return this;
+    }
+
+    public UserResponse setImageUrl(String imageUrl) {
+      this.imageUrl = imageUrl;
+      return this;
+    }
+  }
+
+  /**
+   * The Data Transfer Object for parsing Remote Config versions list responses from the
+   * Remote Config service.
+   **/
+  public static final class ListVersionsResponse {
+    @Key("versions")
+    private List<VersionResponse> versions;
+
+    @Key("nextPageToken")
+    private String nextPageToken;
+
+    public List<VersionResponse> getVersions() {
+      return versions;
+    }
+
+    public boolean hasVersions() {
+      return versions != null && !versions.isEmpty();
+    }
+
+    public String getNextPageToken() {
+      return nextPageToken;
+    }
+
+    public ListVersionsResponse setNextPageToken(String nextPageToken) {
+      this.nextPageToken = nextPageToken;
+      return this;
+    }
+
+    public ListVersionsResponse setVersions(
+            List<VersionResponse> versions) {
+      this.versions = versions;
+      return this;
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/internal/package-info.java b/src/main/java/com/google/firebase/remoteconfig/internal/package-info.java
new file mode 100644
index 000000000..50a2768e9
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/internal/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @hide
+ */
+package com.google.firebase.remoteconfig.internal;
diff --git a/src/test/java/com/google/firebase/remoteconfig/ConditionTest.java b/src/test/java/com/google/firebase/remoteconfig/ConditionTest.java
new file mode 100644
index 000000000..aba01ead2
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/ConditionTest.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNull;
+
+import org.junit.Test;
+
+public class ConditionTest {
+
+  @Test
+  public void testConstructor() {
+    Condition condition = new Condition("ios_en_1", "expression1");
+
+    assertEquals("ios_en_1", condition.getName());
+    assertEquals("expression1", condition.getExpression());
+    assertNull(condition.getTagColor());
+  }
+
+  @Test
+  public void testConstructorWithColor() {
+    Condition condition = new Condition("ios_en_2", "expression2", TagColor.BLUE);
+
+    assertEquals("ios_en_2", condition.getName());
+    assertEquals("expression2", condition.getExpression());
+    assertEquals(TagColor.BLUE, condition.getTagColor());
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testIllegalConstructor() {
+    new Condition(null, null);
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testConstructorWithNullConditionResponse() {
+    new Condition(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testSetNullName() {
+    Condition condition = new Condition("ios", "exp");
+    condition.setName(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testSetEmptyName() {
+    Condition condition = new Condition("ios", "exp");
+    condition.setName("");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testSetNullExpression() {
+    Condition condition = new Condition("ios", "exp");
+    condition.setExpression(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testSetEmptyExpression() {
+    Condition condition = new Condition("ios", "exp");
+    condition.setExpression("");
+  }
+
+  @Test
+  public void testEquality() {
+    final Condition conditionOne = new Condition("ios", "device.os == 'ios'", TagColor.GREEN);
+    final Condition conditionTwo = new Condition("ios", "device.os == 'ios'", TagColor.GREEN);
+    final Condition conditionThree = new Condition("android", "device.os == 'android'");
+    final Condition conditionFour = new Condition("android", "device.os == 'android'");
+    final Condition conditionFive = new Condition("ios", "device.os == 'ios'", TagColor.BLUE);
+
+    assertEquals(conditionOne, conditionTwo);
+    assertEquals(conditionThree, conditionFour);
+    assertNotEquals(conditionOne, conditionThree);
+    assertNotEquals(conditionTwo, conditionFour);
+    assertNotEquals(conditionOne, conditionFive);
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
new file mode 100644
index 000000000..9be41852d
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
@@ -0,0 +1,1234 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.api.client.googleapis.util.Utils;
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpHeaders;
+import com.google.api.client.http.HttpMethods;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.http.HttpResponseInterceptor;
+import com.google.api.client.http.HttpTransport;
+import com.google.api.client.json.JsonParser;
+import com.google.api.client.testing.http.MockHttpTransport;
+import com.google.api.client.testing.http.MockLowLevelHttpResponse;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseOptions;
+import com.google.firebase.OutgoingHttpRequest;
+import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.SdkUtils;
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+import com.google.firebase.testing.TestResponseInterceptor;
+import com.google.firebase.testing.TestUtils;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.URLDecoder;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Test;
+
+public class FirebaseRemoteConfigClientImplTest {
+
+  private static final String TEST_REMOTE_CONFIG_URL =
+          "https://firebaseremoteconfig.googleapis.com/v1/projects/test-project/remoteConfig";
+
+  private static final List<Integer> HTTP_STATUS_CODES = ImmutableList.of(401, 404, 500);
+
+  private static final Map<Integer, ErrorCode> HTTP_STATUS_TO_ERROR_CODE = ImmutableMap.of(
+          401, ErrorCode.UNAUTHENTICATED,
+          404, ErrorCode.NOT_FOUND,
+          500, ErrorCode.INTERNAL);
+
+  private static final String MOCK_TEMPLATE_RESPONSE = TestUtils
+          .loadResource("getRemoteConfig.json");
+
+  private static final String MOCK_LIST_VERSIONS_RESPONSE = TestUtils
+          .loadResource("listRemoteConfigVersions.json");
+
+  private static final String TEST_ETAG = "etag-123456789012-1";
+
+  private static final Map<String, Parameter> EXPECTED_PARAMETERS = ImmutableMap.of(
+          "welcome_message_text", new Parameter()
+                  .setDefaultValue(ParameterValue.of("welcome to app"))
+                  .setConditionalValues(ImmutableMap.<String, ParameterValue>of(
+                          "ios_en", ParameterValue.of("welcome to app en")
+                  ))
+                  .setDescription("text for welcome message!"),
+          "header_text", new Parameter()
+                  .setDefaultValue(ParameterValue.inAppDefault())
+  );
+
+  private static final Map<String, ParameterGroup> EXPECTED_PARAMETER_GROUPS = ImmutableMap.of(
+          "new menu", new ParameterGroup()
+                  .setDescription("New Menu")
+                  .setParameters(ImmutableMap.of(
+                          "pumpkin_spice_season", new Parameter()
+                                  .setDefaultValue(ParameterValue.of("true"))
+                                  .setDescription("Whether it's currently pumpkin spice season.")
+                          )
+                  )
+  );
+
+  private static final List<Condition> EXPECTED_CONDITIONS = ImmutableList.of(
+          new Condition("ios_en", "device.os == 'ios' && device.country in ['us', 'uk']")
+                  .setTagColor(TagColor.INDIGO),
+          new Condition("android_en",
+                  "device.os == 'android' && device.country in ['us', 'uk']")
+  );
+
+  private static final Version EXPECTED_VERSION = new Version(new TemplateResponse.VersionResponse()
+          .setVersionNumber("17")
+          .setUpdateOrigin("ADMIN_SDK_NODE")
+          .setUpdateType("INCREMENTAL_UPDATE")
+          .setUpdateUser(new TemplateResponse.UserResponse()
+                  .setEmail("firebase-user@account.com")
+                  .setName("dev-admin")
+                  .setImageUrl("http://image.jpg"))
+          .setUpdateTime("2020-11-15T06:57:26.342763941Z")
+          .setDescription("promo config")
+  );
+
+  private static final Template EXPECTED_TEMPLATE = new Template()
+          .setETag(TEST_ETAG)
+          .setParameters(EXPECTED_PARAMETERS)
+          .setConditions(EXPECTED_CONDITIONS)
+          .setParameterGroups(EXPECTED_PARAMETER_GROUPS)
+          .setVersion(EXPECTED_VERSION);
+
+  private MockLowLevelHttpResponse response;
+  private TestResponseInterceptor interceptor;
+  private FirebaseRemoteConfigClient client;
+
+  @Before
+  public void setUp() {
+    response = new MockLowLevelHttpResponse();
+    interceptor = new TestResponseInterceptor();
+    client = initRemoteConfigClient(response, interceptor);
+  }
+
+  // Get template tests
+
+  @Test
+  public void testGetTemplate() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    Template receivedTemplate = client.getTemplate();
+
+    assertEquals(TEST_ETAG, receivedTemplate.getETag());
+    assertEquals(EXPECTED_TEMPLATE, receivedTemplate);
+    assertEquals(1605423446000L, receivedTemplate.getVersion().getUpdateTime());
+    checkGetRequestHeader(interceptor.getLastRequest());
+  }
+
+  @Test
+  public void testGetTemplateWithTimestampUpToNanosecondPrecision() throws Exception {
+    List<String> timestamps = ImmutableList.of(
+            "2020-11-15T06:57:26.342Z",
+            "2020-11-15T06:57:26.342763Z",
+            "2020-11-15T06:57:26.342763941Z"
+    );
+    for (String timestamp : timestamps) {
+      response.addHeader("etag", TEST_ETAG);
+      String templateResponse = "{\"version\": {"
+              + "    \"versionNumber\": \"17\","
+              + "    \"updateTime\": \"" + timestamp + "\""
+              + "  }}";
+      response.setContent(templateResponse);
+
+      Template receivedTemplate = client.getTemplate();
+
+      assertEquals(TEST_ETAG, receivedTemplate.getETag());
+      assertEquals("17", receivedTemplate.getVersion().getVersionNumber());
+      assertEquals(1605423446000L, receivedTemplate.getVersion().getUpdateTime());
+      checkGetRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testGetTemplateWithEmptyTemplateResponse() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent("{}");
+
+    Template template = client.getTemplate();
+
+    assertEquals(TEST_ETAG, template.getETag());
+    assertEquals(0, template.getParameters().size());
+    assertEquals(0, template.getConditions().size());
+    assertEquals(0, template.getParameterGroups().size());
+    assertNull(template.getVersion());
+    checkGetRequestHeader(interceptor.getLastRequest());
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testGetTemplateWithNoEtag() throws FirebaseRemoteConfigException {
+    // ETag does not exist
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    client.getTemplate();
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testGetTemplateWithEmptyEtag() throws FirebaseRemoteConfigException {
+    // Empty ETag
+    response.addHeader("etag", "");
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    client.getTemplate();
+  }
+
+  @Test
+  public void testGetTemplateHttpError() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("{}");
+
+      try {
+        client.getTemplate();
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\n{}", HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testGetTemplateTransportError() {
+    client = initClientWithFaultyTransport();
+
+    try {
+      client.getTemplate();
+      fail("No error thrown for HTTP error");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals("Unknown error while making a remote service call: transport error",
+              error.getMessage());
+      assertTrue(error.getCause() instanceof IOException);
+      assertNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+  }
+
+  @Test
+  public void testGetTemplateSuccessResponseWithUnexpectedPayload() {
+    response.setContent("not valid json");
+
+    try {
+      client.getTemplate();
+      fail("No error thrown for malformed response");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertTrue(error.getMessage().startsWith("Error while parsing HTTP response: "));
+      assertNotNull(error.getCause());
+      assertNotNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+    checkGetRequestHeader(interceptor.getLastRequest());
+  }
+
+  @Test
+  public void testGetTemplateErrorWithZeroContentResponse() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setZeroContent();
+
+      try {
+        client.getTemplate();
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\nnull", HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testGetTemplateErrorWithMalformedResponse() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("not json");
+
+      try {
+        client.getTemplate();
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\nnot json", HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testGetTemplateErrorWithDetails() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
+
+      try {
+        client.getTemplate();
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null, "test error",
+                HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testGetTemplateErrorWithRcError() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
+                      + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+
+      try {
+        client.getTemplate();
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
+                RemoteConfigErrorCode.INVALID_ARGUMENT, "[INVALID_ARGUMENT]: test error",
+                HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  // Test getTemplateAtVersion
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testGetTemplateAtVersionWithNullString() throws Exception {
+    client.getTemplateAtVersion(null);
+  }
+
+  @Test
+  public void testGetTemplateAtVersionWithInvalidString() throws Exception {
+    List<String> invalidVersionStrings = ImmutableList
+            .of("", " ", "abc", "t123", "123t", "t123t", "12t3", "#$*&^", "-123", "+123", "123.4");
+
+    for (String version : invalidVersionStrings) {
+      try {
+        client.getTemplateAtVersion(version);
+        fail("No error thrown for invalid version number");
+      } catch (IllegalArgumentException expected) {
+        String message = "Version number must be a non-empty string in int64 format.";
+        assertEquals(message, expected.getMessage());
+      }
+    }
+  }
+
+  @Test
+  public void testGetTemplateAtVersionWithValidString() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    Template receivedTemplate = client.getTemplateAtVersion("24");
+
+    assertEquals(TEST_ETAG, receivedTemplate.getETag());
+    assertEquals(EXPECTED_TEMPLATE, receivedTemplate);
+    assertEquals(1605423446000L, receivedTemplate.getVersion().getUpdateTime());
+    checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
+  }
+
+  @Test
+  public void testGetTemplateAtVersionWithEmptyTemplateResponse() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent("{}");
+
+    Template template = client.getTemplateAtVersion("24");
+
+    assertEquals(TEST_ETAG, template.getETag());
+    assertEquals(0, template.getParameters().size());
+    assertEquals(0, template.getConditions().size());
+    assertEquals(0, template.getParameterGroups().size());
+    assertNull(template.getVersion());
+    checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testGetTemplateAtVersionWithNoEtag() throws FirebaseRemoteConfigException {
+    // ETag does not exist
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    client.getTemplateAtVersion("24");
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testGetTemplateAtVersionWithEmptyEtag() throws FirebaseRemoteConfigException {
+    // Empty ETag
+    response.addHeader("etag", "");
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    client.getTemplateAtVersion("24");
+  }
+
+  @Test
+  public void testGetTemplateAtVersionHttpError() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("{}");
+
+      try {
+        client.getTemplateAtVersion("24");
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\n{}", HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
+    }
+  }
+
+  @Test
+  public void testGetTemplateAtVersionTransportError() {
+    client = initClientWithFaultyTransport();
+
+    try {
+      client.getTemplateAtVersion("24");
+      fail("No error thrown for HTTP error");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals("Unknown error while making a remote service call: transport error",
+              error.getMessage());
+      assertTrue(error.getCause() instanceof IOException);
+      assertNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+  }
+
+  @Test
+  public void testGetTemplateAtVersionSuccessResponseWithUnexpectedPayload() {
+    response.setContent("not valid json");
+
+    try {
+      client.getTemplateAtVersion("24");
+      fail("No error thrown for malformed response");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertTrue(error.getMessage().startsWith("Error while parsing HTTP response: "));
+      assertNotNull(error.getCause());
+      assertNotNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+    checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
+  }
+
+  @Test
+  public void testGetTemplateAtVersionErrorWithZeroContentResponse() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setZeroContent();
+
+      try {
+        client.getTemplateAtVersion("24");
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\nnull", HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
+    }
+  }
+
+  @Test
+  public void testGetTemplateAtVersionErrorWithMalformedResponse() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("not json");
+
+      try {
+        client.getTemplateAtVersion("24");
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\nnot json", HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
+    }
+  }
+
+  @Test
+  public void testGetTemplateAtVersionErrorWithDetails() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
+
+      try {
+        client.getTemplateAtVersion("24");
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null, "test error",
+                HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
+    }
+  }
+
+  @Test
+  public void testGetTemplateAtVersionErrorWithRcError() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
+                      + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+
+      try {
+        client.getTemplateAtVersion("24");
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
+                RemoteConfigErrorCode.INVALID_ARGUMENT, "[INVALID_ARGUMENT]: test error",
+                HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
+    }
+  }
+
+  // Test publishTemplate
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testPublishTemplateWithNullTemplate() throws Exception {
+    client.publishTemplate(null, false, false);
+  }
+
+  @Test
+  public void testPublishTemplateWithValidTemplate() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    Template publishedTemplate = client.publishTemplate(EXPECTED_TEMPLATE, false, false);
+
+    assertEquals(TEST_ETAG, publishedTemplate.getETag());
+    assertEquals(EXPECTED_TEMPLATE, publishedTemplate);
+    assertEquals(1605423446000L, publishedTemplate.getVersion().getUpdateTime());
+    checkPutRequestHeader(interceptor.getLastRequest());
+  }
+
+  @Test
+  public void testPublishTemplateWithValidTemplateAndForceTrue() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    Template publishedTemplate = client.publishTemplate(EXPECTED_TEMPLATE, false, true);
+
+    assertEquals(TEST_ETAG, publishedTemplate.getETag());
+    assertEquals(EXPECTED_TEMPLATE, publishedTemplate);
+    assertEquals(1605423446000L, publishedTemplate.getVersion().getUpdateTime());
+    checkPutRequestHeader(interceptor.getLastRequest(), "", "*");
+  }
+
+  @Test
+  public void testPublishTemplateWithValidTemplateAndValidateOnlyTrue() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+    Template expectedTemplate = new Template()
+            .setETag("etag-123456789012-45")
+            .setParameters(EXPECTED_PARAMETERS)
+            .setConditions(EXPECTED_CONDITIONS)
+            .setParameterGroups(EXPECTED_PARAMETER_GROUPS)
+            .setVersion(EXPECTED_VERSION);
+
+    Template validatedTemplate = client.publishTemplate(expectedTemplate, true, false);
+
+    // check if the etag matches the input template's etag and not the etag from the server response
+    assertNotEquals(TEST_ETAG, validatedTemplate.getETag());
+    assertEquals("etag-123456789012-45", validatedTemplate.getETag());
+    assertEquals(expectedTemplate, validatedTemplate);
+    checkPutRequestHeader(interceptor.getLastRequest(), "?validateOnly=true",
+            "etag-123456789012-45");
+  }
+
+  @Test
+  public void testPublishTemplateWithEmptyTemplateResponse() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent("{}");
+
+    Template template = client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
+
+    assertEquals(TEST_ETAG, template.getETag());
+    assertEquals(0, template.getParameters().size());
+    assertEquals(0, template.getConditions().size());
+    assertEquals(0, template.getParameterGroups().size());
+    assertNull(template.getVersion());
+    checkPutRequestHeader(interceptor.getLastRequest());
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testPublishTemplateWithNoEtag() throws FirebaseRemoteConfigException {
+    // ETag does not exist
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    client.publishTemplate(new Template(), false, false);
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testPublishTemplateWithEmptyEtag() throws FirebaseRemoteConfigException {
+    // Empty ETag
+    response.addHeader("etag", "");
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    client.publishTemplate(new Template(), false, false);
+  }
+
+  @Test
+  public void testPublishTemplateHttpError() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("{}");
+
+      try {
+        client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\n{}", HttpMethods.PUT);
+      }
+      checkPutRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testPublishTemplateTransportError() {
+    client = initClientWithFaultyTransport();
+
+    try {
+      client.publishTemplate(new Template(), false, false);
+      fail("No error thrown for HTTP error");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals("Unknown error while making a remote service call: transport error",
+              error.getMessage());
+      assertTrue(error.getCause() instanceof IOException);
+      assertNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+  }
+
+  @Test
+  public void testPublishTemplateSuccessResponseWithUnexpectedPayload() {
+    response.setContent("not valid json");
+
+    try {
+      client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
+      fail("No error thrown for malformed response");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertTrue(error.getMessage().startsWith("Error while parsing HTTP response: "));
+      assertNotNull(error.getCause());
+      assertNotNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+    checkPutRequestHeader(interceptor.getLastRequest());
+  }
+
+  @Test
+  public void testPublishTemplateErrorWithZeroContentResponse() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setZeroContent();
+
+      try {
+        client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\nnull", HttpMethods.PUT);
+      }
+      checkPutRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testPublishTemplateErrorWithMalformedResponse() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("not json");
+
+      try {
+        client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\nnot json", HttpMethods.PUT);
+      }
+      checkPutRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testPublishTemplateErrorWithDetails() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
+
+      try {
+        client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null, "test error",
+                HttpMethods.PUT);
+      }
+      checkPutRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testPublishTemplateErrorWithRcError() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
+                      + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+
+      try {
+        client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
+                RemoteConfigErrorCode.INVALID_ARGUMENT, "[INVALID_ARGUMENT]: test error",
+                HttpMethods.PUT);
+      }
+      checkPutRequestHeader(interceptor.getLastRequest());
+    }
+  }
+
+  // Test rollback
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testRollbackWithNullString() throws Exception {
+    client.rollback(null);
+  }
+
+  @Test
+  public void testRollbackWithInvalidString() throws Exception {
+    List<String> invalidVersionStrings = ImmutableList
+            .of("", " ", "abc", "t123", "123t", "t123t", "12t3", "#$*&^", "-123", "+123", "123.4");
+
+    for (String version : invalidVersionStrings) {
+      try {
+        client.rollback(version);
+        fail("No error thrown for invalid version number");
+      } catch (IllegalArgumentException expected) {
+        String message = "Version number must be a non-empty string in int64 format.";
+        assertEquals(message, expected.getMessage());
+      }
+    }
+  }
+
+  @Test
+  public void testRollbackWithValidString() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    Template rolledBackTemplate = client.rollback("24");
+
+    assertEquals(TEST_ETAG, rolledBackTemplate.getETag());
+    assertEquals(EXPECTED_TEMPLATE, rolledBackTemplate);
+    assertEquals(1605423446000L, rolledBackTemplate.getVersion().getUpdateTime());
+    checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
+    checkRequestContent(interceptor.getLastRequest(),
+            ImmutableMap.<String, Object>of("versionNumber", "24"));
+  }
+
+  @Test
+  public void testRollbackWithEmptyTemplateResponse() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent("{}");
+
+    Template template = client.rollback("24");
+
+    assertEquals(TEST_ETAG, template.getETag());
+    assertEquals(0, template.getParameters().size());
+    assertEquals(0, template.getConditions().size());
+    assertEquals(0, template.getParameterGroups().size());
+    assertNull(template.getVersion());
+    checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
+    checkRequestContent(interceptor.getLastRequest(),
+            ImmutableMap.<String, Object>of("versionNumber", "24"));
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testRollbackWithNoEtag() throws FirebaseRemoteConfigException {
+    // ETag does not exist
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    client.rollback("24");
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testRollbackWithEmptyEtag() throws FirebaseRemoteConfigException {
+    // Empty ETag
+    response.addHeader("etag", "");
+    response.setContent(MOCK_TEMPLATE_RESPONSE);
+
+    client.rollback("24");
+  }
+
+  @Test
+  public void testRollbackHttpError() throws IOException {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("{}");
+
+      try {
+        client.rollback("24");
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\n{}", HttpMethods.POST);
+      }
+      checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
+      checkRequestContent(interceptor.getLastRequest(),
+              ImmutableMap.<String, Object>of("versionNumber", "24"));
+    }
+  }
+
+  @Test
+  public void testRollbackTransportError() {
+    client = initClientWithFaultyTransport();
+
+    try {
+      client.rollback("24");
+      fail("No error thrown for HTTP error");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals("Unknown error while making a remote service call: transport error",
+              error.getMessage());
+      assertTrue(error.getCause() instanceof IOException);
+      assertNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+  }
+
+  @Test
+  public void testRollbackSuccessResponseWithUnexpectedPayload() throws IOException {
+    response.setContent("not valid json");
+
+    try {
+      client.rollback("24");
+      fail("No error thrown for malformed response");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertTrue(error.getMessage().startsWith("Error while parsing HTTP response: "));
+      assertNotNull(error.getCause());
+      assertNotNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+    checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
+    checkRequestContent(interceptor.getLastRequest(),
+            ImmutableMap.<String, Object>of("versionNumber", "24"));
+  }
+
+  @Test
+  public void testRollbackErrorWithZeroContentResponse() throws IOException {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setZeroContent();
+
+      try {
+        client.rollback("24");
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\nnull", HttpMethods.POST);
+      }
+      checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
+      checkRequestContent(interceptor.getLastRequest(),
+              ImmutableMap.<String, Object>of("versionNumber", "24"));
+    }
+  }
+
+  @Test
+  public void testRollbackErrorWithMalformedResponse() throws IOException {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("not json");
+
+      try {
+        client.rollback("24");
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\nnot json", HttpMethods.POST);
+      }
+      checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
+      checkRequestContent(interceptor.getLastRequest(),
+              ImmutableMap.<String, Object>of("versionNumber", "24"));
+    }
+  }
+
+  @Test
+  public void testRollbackErrorWithDetails() throws IOException {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
+
+      try {
+        client.rollback("24");
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null, "test error",
+                HttpMethods.POST);
+      }
+      checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
+      checkRequestContent(interceptor.getLastRequest(),
+              ImmutableMap.<String, Object>of("versionNumber", "24"));
+    }
+  }
+
+  @Test
+  public void testRollbackErrorWithRcError() throws IOException {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
+                      + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+
+      try {
+        client.rollback("24");
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
+                RemoteConfigErrorCode.INVALID_ARGUMENT, "[INVALID_ARGUMENT]: test error",
+                HttpMethods.POST);
+      }
+      checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
+      checkRequestContent(interceptor.getLastRequest(),
+              ImmutableMap.<String, Object>of("versionNumber", "24"));
+    }
+  }
+
+  // Test listVersions
+
+  @Test
+  public void testListVersionsWithNullOptions() throws Exception {
+    response.setContent(MOCK_LIST_VERSIONS_RESPONSE);
+
+    TemplateResponse.ListVersionsResponse versionsList = client.listVersions(null);
+
+    assertTrue(versionsList.hasVersions());
+    assertEquals("28", versionsList.getNextPageToken());
+    assertEquals(4, versionsList.getVersions().size());
+    checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
+  }
+
+  @Test
+  public void testListVersionsWithOptions() throws Exception {
+    response.setContent(MOCK_LIST_VERSIONS_RESPONSE);
+
+    TemplateResponse.ListVersionsResponse versionsList = client.listVersions(
+            ListVersionsOptions.builder()
+                    .setPageSize(10)
+                    .setPageToken("token")
+                    .setStartTimeMillis(1605219122000L)
+                    .setEndTimeMillis(1606245035000L)
+                    .setEndVersionNumber("29").build());
+
+    assertTrue(versionsList.hasVersions());
+
+    HttpRequest request = interceptor.getLastRequest();
+    String urlWithoutParameters = request.getUrl().toString()
+            .substring(0, request.getUrl().toString().lastIndexOf('?'));
+    final Map<String, String> expectedQuery = ImmutableMap.of(
+            "endVersionNumber", "29",
+            "pageSize", "10",
+            "pageToken", "token",
+            "startTime", "2020-11-12T22:12:02.000000000Z",
+            "endTime", "2020-11-24T19:10:35.000000000Z"
+    );
+    Map<String, String> actualQuery = new HashMap<>();
+    String query = request.getUrl().toURI().getQuery();
+    String[] pairs = query.split("&");
+    for (String pair : pairs) {
+      int idx = pair.indexOf("=");
+      actualQuery.put(URLDecoder.decode(pair.substring(0, idx), "UTF-8"),
+              URLDecoder.decode(pair.substring(idx + 1), "UTF-8"));
+    }
+
+    assertEquals("GET", request.getRequestMethod());
+    assertEquals(TEST_REMOTE_CONFIG_URL + ":listVersions", urlWithoutParameters);
+    HttpHeaders headers = request.getHeaders();
+    assertEquals("fire-admin-java/" + SdkUtils.getVersion(), headers.get("X-Firebase-Client"));
+    assertEquals("gzip", headers.getAcceptEncoding());
+    assertEquals(expectedQuery, actualQuery);
+  }
+
+  @Test
+  public void testListVersionsWithEmptyResponse() throws Exception {
+    response.setContent("{}");
+
+    TemplateResponse.ListVersionsResponse versionsList = client.listVersions(null);
+
+    assertFalse(versionsList.hasVersions());
+    assertNull(versionsList.getNextPageToken());
+    assertNull(versionsList.getVersions());
+    checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
+  }
+
+  @Test
+  public void testListVersionsHttpError() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("{}");
+
+      try {
+        client.listVersions(null);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\n{}", HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
+    }
+  }
+
+  @Test
+  public void testListVersionsTransportError() {
+    client = initClientWithFaultyTransport();
+
+    try {
+      client.listVersions(null);
+      fail("No error thrown for HTTP error");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals("Unknown error while making a remote service call: transport error",
+              error.getMessage());
+      assertTrue(error.getCause() instanceof IOException);
+      assertNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+  }
+
+  @Test
+  public void testListVersionsSuccessResponseWithUnexpectedPayload() {
+    response.setContent("not valid json");
+
+    try {
+      client.listVersions(null);
+      fail("No error thrown for malformed response");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertTrue(error.getMessage().startsWith("Error while parsing HTTP response: "));
+      assertNotNull(error.getCause());
+      assertNotNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+    checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
+  }
+
+  @Test
+  public void testListVersionsErrorWithZeroContentResponse() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setZeroContent();
+
+      try {
+        client.listVersions(null);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\nnull", HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
+    }
+  }
+
+  @Test
+  public void testListVersionsErrorWithMalformedResponse() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("not json");
+
+      try {
+        client.listVersions(null);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
+                "Unexpected HTTP response with status: " + code + "\nnot json", HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
+    }
+  }
+
+  @Test
+  public void testListVersionsErrorWithDetails() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
+
+      try {
+        client.listVersions(null);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null, "test error",
+                HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
+    }
+  }
+
+  @Test
+  public void testListVersionsErrorWithRcError() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
+                      + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+
+      try {
+        client.listVersions(null);
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
+                RemoteConfigErrorCode.INVALID_ARGUMENT, "[INVALID_ARGUMENT]: test error",
+                HttpMethods.GET);
+      }
+      checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
+    }
+  }
+
+  // App related tests
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testBuilderNullProjectId() {
+    fullyPopulatedBuilder().setProjectId(null).build();
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testBuilderEmptyProjectId() {
+    fullyPopulatedBuilder().setProjectId("").build();
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testBuilderNullRequestFactory() {
+    fullyPopulatedBuilder().setRequestFactory(null).build();
+  }
+
+  @Test
+  public void testFromApp() throws IOException {
+    FirebaseOptions options = FirebaseOptions.builder()
+            .setCredentials(new MockGoogleCredentials("test-token"))
+            .setProjectId("test-project")
+            .build();
+    FirebaseApp app = FirebaseApp.initializeApp(options);
+
+    try {
+      FirebaseRemoteConfigClientImpl client = FirebaseRemoteConfigClientImpl.fromApp(app);
+
+      assertEquals(TEST_REMOTE_CONFIG_URL, client.getRemoteConfigUrl());
+      assertSame(options.getJsonFactory(), client.getJsonFactory());
+
+      HttpRequest request = client.getRequestFactory().buildGetRequest(
+              new GenericUrl("https://example.com"));
+      assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
+    } finally {
+      app.delete();
+    }
+  }
+
+  private FirebaseRemoteConfigClientImpl initRemoteConfigClient(
+          MockLowLevelHttpResponse mockResponse, HttpResponseInterceptor interceptor) {
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+            .setLowLevelHttpResponse(mockResponse)
+            .build();
+
+    return FirebaseRemoteConfigClientImpl.builder()
+            .setProjectId("test-project")
+            .setJsonFactory(Utils.getDefaultJsonFactory())
+            .setRequestFactory(transport.createRequestFactory())
+            .setResponseInterceptor(interceptor)
+            .build();
+  }
+
+  private FirebaseRemoteConfigClientImpl initClientWithFaultyTransport() {
+    HttpTransport transport = TestUtils.createFaultyHttpTransport();
+    return FirebaseRemoteConfigClientImpl.builder()
+            .setProjectId("test-project")
+            .setJsonFactory(Utils.getDefaultJsonFactory())
+            .setRequestFactory(transport.createRequestFactory())
+            .build();
+  }
+
+  private FirebaseRemoteConfigClientImpl.Builder fullyPopulatedBuilder() {
+    return FirebaseRemoteConfigClientImpl.builder()
+            .setProjectId("test-project")
+            .setJsonFactory(Utils.getDefaultJsonFactory())
+            .setRequestFactory(Utils.getDefaultTransport().createRequestFactory());
+  }
+
+  private void checkGetRequestHeader(HttpRequest request) {
+    checkGetRequestHeader(request, "");
+  }
+
+  private void checkGetRequestHeader(HttpRequest request, String urlSuffix) {
+    assertEquals("GET", request.getRequestMethod());
+    assertEquals(TEST_REMOTE_CONFIG_URL + urlSuffix, request.getUrl().toString());
+    HttpHeaders headers = request.getHeaders();
+    assertEquals("fire-admin-java/" + SdkUtils.getVersion(), headers.get("X-Firebase-Client"));
+    assertEquals("gzip", headers.getAcceptEncoding());
+  }
+
+  private void checkPutRequestHeader(HttpRequest request) {
+    checkPutRequestHeader(request, "", TEST_ETAG);
+  }
+
+  private void checkPutRequestHeader(HttpRequest request, String urlSuffix, String ifMatch) {
+    assertEquals("PUT", request.getRequestMethod());
+    assertEquals(TEST_REMOTE_CONFIG_URL + urlSuffix, request.getUrl().toString());
+    HttpHeaders headers = request.getHeaders();
+    assertEquals("fire-admin-java/" + SdkUtils.getVersion(), headers.get("X-Firebase-Client"));
+    assertEquals("gzip", headers.getAcceptEncoding());
+    assertEquals(ifMatch, headers.getIfMatch());
+  }
+
+  private void checkPostRequestHeader(HttpRequest request, String urlSuffix) {
+    assertEquals("POST", request.getRequestMethod());
+    assertEquals(TEST_REMOTE_CONFIG_URL + urlSuffix, request.getUrl().toString());
+    HttpHeaders headers = request.getHeaders();
+    assertEquals("fire-admin-java/" + SdkUtils.getVersion(), headers.get("X-Firebase-Client"));
+    assertEquals("gzip", headers.getAcceptEncoding());
+  }
+
+  private void checkRequestContent(
+          HttpRequest request, Map<String, Object> expected) throws IOException {
+    ByteArrayOutputStream out = new ByteArrayOutputStream();
+    request.getContent().writeTo(out);
+    JsonParser parser = Utils.getDefaultJsonFactory().createJsonParser(out.toString());
+    Map<String, Object> parsed = new HashMap<>();
+    parser.parseAndClose(parsed);
+    assertEquals(expected, parsed);
+  }
+
+  private void checkExceptionFromHttpResponse(
+          FirebaseRemoteConfigException error,
+          ErrorCode expectedCode,
+          RemoteConfigErrorCode expectedRemoteConfigCode,
+          String expectedMessage,
+          String httpMethod) {
+    assertEquals(expectedCode, error.getErrorCode());
+    assertEquals(expectedMessage, error.getMessage());
+    assertTrue(error.getCause() instanceof HttpResponseException);
+    assertEquals(expectedRemoteConfigCode, error.getRemoteConfigErrorCode());
+
+    assertNotNull(error.getHttpResponse());
+    OutgoingHttpRequest request = error.getHttpResponse().getRequest();
+    assertEquals(httpMethod, request.getMethod());
+    assertTrue(request.getUrl().startsWith("https://firebaseremoteconfig.googleapis.com"));
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
new file mode 100644
index 000000000..3a13d8d86
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNull;
+
+import com.google.api.core.ApiFuture;
+import com.google.api.core.ApiFutureCallback;
+import com.google.api.core.ApiFutures;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.util.concurrent.MoreExecutors;
+import com.google.firebase.testing.IntegrationTestUtils;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicReference;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class FirebaseRemoteConfigIT {
+
+  private static FirebaseRemoteConfig remoteConfig;
+
+  private static final long timestamp = System.currentTimeMillis();
+
+  private static final Map<String, Parameter> PARAMETERS = ImmutableMap.of(
+          "welcome_message_text", new Parameter()
+                  .setDefaultValue(ParameterValue
+                          .of(String.format("welcome to app %s", timestamp)))
+                  .setConditionalValues(ImmutableMap.<String, ParameterValue>of(
+                          "ios_en",
+                          ParameterValue.of(String.format("welcome to app en %s", timestamp))
+                  ))
+                  .setDescription("text for welcome message!"),
+          "header_text", new Parameter()
+                  .setDefaultValue(ParameterValue.inAppDefault()));
+
+  private static final Map<String, ParameterGroup> PARAMETER_GROUPS = ImmutableMap.of(
+          "new menu", new ParameterGroup()
+                  .setDescription(String.format("New Menu %s", timestamp))
+                  .setParameters(ImmutableMap.of(
+                          "pumpkin_spice_season", new Parameter()
+                                  .setDefaultValue(ParameterValue.of("true"))
+                                  .setDescription("Whether it's currently pumpkin spice season."))
+                  ));
+
+  private static final List<Condition> CONDITIONS = ImmutableList.of(
+          new Condition("ios_en", "device.os == 'ios' && device.country in ['us', 'uk']")
+                  .setTagColor(TagColor.INDIGO),
+          new Condition("android_en",
+                  "device.os == 'android' && device.country in ['us', 'uk']"));
+
+  private static final Version VERSION = Version
+          .withDescription(String.format("promo config %s", timestamp));
+
+  @BeforeClass
+  public static void setUpClass() {
+    remoteConfig = FirebaseRemoteConfig.getInstance(IntegrationTestUtils.ensureDefaultApp());
+  }
+
+  @Test
+  public void testTemplateOperations() throws FirebaseRemoteConfigException {
+    // get template to fetch the active template with correct etag
+    final Template oldTemplate = remoteConfig.getTemplate();
+    final Template inputTemplate = Template.fromJSON(oldTemplate.toJSON());
+    final String versionNumber = oldTemplate.getVersion().getVersionNumber();
+
+    // modify template
+    inputTemplate.setParameters(PARAMETERS)
+            .setParameterGroups(PARAMETER_GROUPS)
+            .setConditions(CONDITIONS)
+            .setVersion(VERSION);
+
+    // validate template
+    Template validatedTemplate = remoteConfig.validateTemplate(inputTemplate);
+    assertEquals(inputTemplate.getETag(), validatedTemplate.getETag());
+    assertEquals(PARAMETERS, validatedTemplate.getParameters());
+    assertEquals(PARAMETER_GROUPS, validatedTemplate.getParameterGroups());
+    assertEquals(CONDITIONS, validatedTemplate.getConditions());
+    assertEquals(VERSION, validatedTemplate.getVersion());
+
+    // publish template
+    Template publishedTemplate = remoteConfig.publishTemplate(inputTemplate);
+    assertNotEquals(inputTemplate.getETag(), publishedTemplate.getETag());
+    assertEquals(PARAMETERS, publishedTemplate.getParameters());
+    assertEquals(PARAMETER_GROUPS, publishedTemplate.getParameterGroups());
+    assertEquals(CONDITIONS, publishedTemplate.getConditions());
+    assertNotEquals(VERSION, publishedTemplate.getVersion());
+
+    // get template
+    Template currentTemplate = remoteConfig.getTemplate();
+    assertEquals(publishedTemplate, currentTemplate);
+
+    // get template at version
+    Template atVersionTemplate = remoteConfig.getTemplateAtVersion(versionNumber);
+    assertEquals(oldTemplate, atVersionTemplate);
+    assertEquals(versionNumber, atVersionTemplate.getVersion().getVersionNumber());
+
+    // rollback template
+    Template rolledBackTemplate = remoteConfig.rollback(versionNumber);
+    assertEquals(String.format("Rollback to version %s", versionNumber),
+            rolledBackTemplate.getVersion().getDescription());
+
+    // get template to verify rollback
+    Template activeTemplate = remoteConfig.getTemplate();
+    assertEquals(rolledBackTemplate, activeTemplate);
+  }
+
+  @Test
+  public void testListVersions() throws Exception {
+    final List<String> versions = new ArrayList<>();
+    Template template = remoteConfig.getTemplate();
+    for (int i = 0; i < 3; i++) {
+      template = remoteConfig.publishTemplate(template);
+      versions.add(template.getVersion().getVersionNumber());
+    }
+
+    // Test list by batches
+    final AtomicInteger collected = new AtomicInteger(0);
+    ListVersionsPage page = remoteConfig.listVersions();
+    while (page != null) {
+      for (Version version : page.getValues()) {
+        if (versions.contains(version.getVersionNumber())) {
+          collected.incrementAndGet();
+        }
+      }
+      page = page.getNextPage();
+    }
+    assertEquals(versions.size(), collected.get());
+
+    // Test iterate all
+    collected.set(0);
+    page = remoteConfig.listVersions();
+    for (Version version : page.iterateAll()) {
+      if (versions.contains(version.getVersionNumber())) {
+        collected.incrementAndGet();
+      }
+    }
+    assertEquals(versions.size(), collected.get());
+
+    // Test with list options
+    collected.set(0);
+    ListVersionsOptions listOptions = ListVersionsOptions.builder().setPageSize(2).build();
+    page = remoteConfig.listVersions(listOptions);
+    for (Version version : page.getValues()) {
+      if (versions.contains(version.getVersionNumber())) {
+        collected.incrementAndGet();
+      }
+    }
+    assertEquals(2, collected.get());
+
+    // Test iterate async
+    collected.set(0);
+    final Semaphore semaphore = new Semaphore(0);
+    final AtomicReference<Throwable> error = new AtomicReference<>();
+    ApiFuture<ListVersionsPage> pageFuture = remoteConfig.listVersionsAsync();
+    ApiFutures.addCallback(pageFuture, new ApiFutureCallback<ListVersionsPage>() {
+      @Override
+      public void onFailure(Throwable t) {
+        error.set(t);
+        semaphore.release();
+      }
+
+      @Override
+      public void onSuccess(ListVersionsPage result) {
+        for (Version version : result.iterateAll()) {
+          if (versions.contains(version.getVersionNumber())) {
+            collected.incrementAndGet();
+          }
+        }
+        semaphore.release();
+      }
+    }, MoreExecutors.directExecutor());
+    semaphore.acquire();
+    assertEquals(versions.size(), collected.get());
+    assertNull(error.get());
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigTest.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigTest.java
new file mode 100644
index 000000000..d3e7fbff2
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigTest.java
@@ -0,0 +1,600 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.firebase.ErrorCode;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseOptions;
+import com.google.firebase.TestOnlyImplFirebaseTrampolines;
+import com.google.firebase.auth.MockGoogleCredentials;
+
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+
+import java.util.concurrent.ExecutionException;
+
+import org.junit.After;
+import org.junit.Test;
+
+public class FirebaseRemoteConfigTest {
+
+  private static final FirebaseOptions TEST_OPTIONS = FirebaseOptions.builder()
+          .setCredentials(new MockGoogleCredentials("test-token"))
+          .setProjectId("test-project")
+          .build();
+  private static final FirebaseRemoteConfigException TEST_EXCEPTION =
+          new FirebaseRemoteConfigException(ErrorCode.INTERNAL, "Test error message");
+
+  @After
+  public void tearDown() {
+    TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
+  }
+
+  @Test
+  public void testGetInstance() {
+    FirebaseApp.initializeApp(TEST_OPTIONS);
+
+    FirebaseRemoteConfig remoteConfig = FirebaseRemoteConfig.getInstance();
+
+    assertSame(remoteConfig, FirebaseRemoteConfig.getInstance());
+  }
+
+  @Test
+  public void testGetInstanceByApp() {
+    FirebaseApp app = FirebaseApp.initializeApp(TEST_OPTIONS, "custom-app");
+
+    FirebaseRemoteConfig remoteConfig = FirebaseRemoteConfig.getInstance(app);
+
+    assertSame(remoteConfig, FirebaseRemoteConfig.getInstance(app));
+  }
+
+  @Test
+  public void testDefaultRemoteConfigClient() {
+    FirebaseApp app = FirebaseApp.initializeApp(TEST_OPTIONS, "custom-app");
+    FirebaseRemoteConfig remoteConfig = FirebaseRemoteConfig.getInstance(app);
+
+    FirebaseRemoteConfigClient client = remoteConfig.getRemoteConfigClient();
+
+    assertTrue(client instanceof FirebaseRemoteConfigClientImpl);
+    assertSame(client, remoteConfig.getRemoteConfigClient());
+    String expectedUrl = "https://firebaseremoteconfig.googleapis.com/v1/projects/test-project/remoteConfig";
+    assertEquals(expectedUrl, ((FirebaseRemoteConfigClientImpl) client).getRemoteConfigUrl());
+  }
+
+  @Test
+  public void testAppDelete() {
+    FirebaseApp app = FirebaseApp.initializeApp(TEST_OPTIONS, "custom-app");
+    FirebaseRemoteConfig remoteConfig = FirebaseRemoteConfig.getInstance(app);
+    assertNotNull(remoteConfig);
+
+    app.delete();
+
+    try {
+      FirebaseRemoteConfig.getInstance(app);
+      fail("No error thrown when getting remote config instance after deleting app");
+    } catch (IllegalStateException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testRemoteConfigClientWithoutProjectId() {
+    FirebaseOptions options = FirebaseOptions.builder()
+            .setCredentials(new MockGoogleCredentials("test-token"))
+            .build();
+    FirebaseApp.initializeApp(options);
+
+    try {
+      FirebaseRemoteConfig.getInstance();
+      fail("No error thrown for missing project ID");
+    } catch (IllegalArgumentException expected) {
+      String message = "Project ID is required to access Remote Config service. Use a service "
+              + "account credential or set the project ID explicitly via FirebaseOptions. "
+              + "Alternatively you can also set the project ID via the GOOGLE_CLOUD_PROJECT "
+              + "environment variable.";
+      assertEquals(message, expected.getMessage());
+    }
+  }
+
+  private static final String TEST_ETAG = "etag-123456789012-1";
+
+  // Get template tests
+
+  @Test
+  public void testGetTemplate() throws FirebaseRemoteConfigException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
+            new Template().setETag(TEST_ETAG));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template template = remoteConfig.getTemplate();
+
+    assertEquals(TEST_ETAG, template.getETag());
+  }
+
+  @Test
+  public void testGetTemplateFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.getTemplate();
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testGetTemplateAsync() throws Exception {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
+            new Template().setETag(TEST_ETAG));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template template = remoteConfig.getTemplateAsync().get();
+
+    assertEquals(TEST_ETAG, template.getETag());
+  }
+
+  @Test
+  public void testGetTemplateAsyncFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.getTemplateAsync().get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
+
+  // Get template with version number tests
+
+  @Test
+  public void testGetTemplateAtVersionWithStringValue() throws FirebaseRemoteConfigException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
+            new Template().setETag(TEST_ETAG));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template template = remoteConfig.getTemplateAtVersion("64");
+
+    assertEquals(TEST_ETAG, template.getETag());
+  }
+
+  @Test
+  public void testGetTemplateAtVersionWithStringValueFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.getTemplateAtVersion("55");
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testGetTemplateAtVersionAsyncWithStringValue() throws Exception {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
+            new Template().setETag(TEST_ETAG));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template template = remoteConfig.getTemplateAtVersionAsync("55").get();
+
+    assertEquals(TEST_ETAG, template.getETag());
+  }
+
+  @Test
+  public void testGetTemplateAtVersionAsyncWithStringValueFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.getTemplateAtVersionAsync("55").get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
+
+  @Test
+  public void testGetTemplateAtVersionWithLongValue() throws FirebaseRemoteConfigException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
+            new Template().setETag(TEST_ETAG));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template template = remoteConfig.getTemplateAtVersion(64L);
+
+    assertEquals(TEST_ETAG, template.getETag());
+  }
+
+  @Test
+  public void testGetTemplateAtVersionWithLongValueFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.getTemplateAtVersion(55L);
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testGetTemplateAtVersionAsyncWithLongValue() throws Exception {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
+            new Template().setETag(TEST_ETAG));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template template = remoteConfig.getTemplateAtVersionAsync(55L).get();
+
+    assertEquals(TEST_ETAG, template.getETag());
+  }
+
+  @Test
+  public void testGetTemplateAtVersionAsyncWithLongValueFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.getTemplateAtVersionAsync(55L).get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
+
+  // Validate template tests
+
+  @Test
+  public void testValidateTemplate() throws FirebaseRemoteConfigException {
+    Template template = new Template().setETag(TEST_ETAG);
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(template);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template validatedTemplate = remoteConfig.validateTemplate(template);
+
+    assertEquals(TEST_ETAG, validatedTemplate.getETag());
+  }
+
+  @Test
+  public void testValidateTemplateFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.validateTemplate(new Template());
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testValidateTemplateAsync() throws Exception {
+    Template template = new Template().setETag(TEST_ETAG);
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(template);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template validatedTemplate = remoteConfig.validateTemplateAsync(template).get();
+
+    assertEquals(TEST_ETAG, validatedTemplate.getETag());
+  }
+
+  @Test
+  public void testValidateTemplateAsyncFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.validateTemplateAsync(new Template()).get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
+
+  // Publish template tests
+
+  @Test
+  public void testPublishTemplate() throws FirebaseRemoteConfigException {
+    Template template = new Template().setETag(TEST_ETAG);
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(template);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template publishedTemplate = remoteConfig.publishTemplate(template);
+
+    assertEquals(TEST_ETAG, publishedTemplate.getETag());
+  }
+
+  @Test
+  public void testPublishTemplateFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.publishTemplate(new Template());
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testPublishTemplateAsync() throws Exception {
+    Template template = new Template().setETag(TEST_ETAG);
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(template);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template publishedTemplate = remoteConfig.publishTemplateAsync(template).get();
+
+    assertEquals(TEST_ETAG, publishedTemplate.getETag());
+  }
+
+  @Test
+  public void testPublishTemplateAsyncFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.publishTemplateAsync(new Template()).get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
+
+  // Force publish template tests
+
+  @Test
+  public void testForcePublishTemplate() throws FirebaseRemoteConfigException {
+    Template template = new Template().setETag(TEST_ETAG);
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(template);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template forcePublishedTemplate = remoteConfig.forcePublishTemplate(template);
+
+    assertEquals(TEST_ETAG, forcePublishedTemplate.getETag());
+  }
+
+  @Test
+  public void testForcePublishTemplateFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.forcePublishTemplate(new Template());
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testForcePublishTemplateAsync() throws Exception {
+    Template template = new Template().setETag(TEST_ETAG);
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(template);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template forcePublishedTemplate = remoteConfig.forcePublishTemplateAsync(template).get();
+
+    assertEquals(TEST_ETAG, forcePublishedTemplate.getETag());
+  }
+
+  @Test
+  public void testForcePublishTemplateAsyncFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.forcePublishTemplateAsync(new Template()).get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
+
+  // Rollback template tests
+
+  @Test
+  public void testRollbackWithStringValue() throws FirebaseRemoteConfigException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
+            new Template().setETag(TEST_ETAG));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template template = remoteConfig.rollback("64");
+
+    assertEquals(TEST_ETAG, template.getETag());
+  }
+
+  @Test
+  public void testRollbackWithStringValueFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.rollback("55");
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testRollbackAsyncWithStringValue() throws Exception {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
+            new Template().setETag(TEST_ETAG));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template template = remoteConfig.rollbackAsync("55").get();
+
+    assertEquals(TEST_ETAG, template.getETag());
+  }
+
+  @Test
+  public void testRollbackAsyncWithStringValueFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.rollbackAsync("55").get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
+
+  @Test
+  public void testRollbackWithLongValue() throws FirebaseRemoteConfigException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
+            new Template().setETag(TEST_ETAG));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template template = remoteConfig.rollback(64L);
+
+    assertEquals(TEST_ETAG, template.getETag());
+  }
+
+  @Test
+  public void testRollbackWithLongValueFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.rollback(55L);
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testRollbackAsyncWithLongValue() throws Exception {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
+            new Template().setETag(TEST_ETAG));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    Template template = remoteConfig.rollbackAsync(55L).get();
+
+    assertEquals(TEST_ETAG, template.getETag());
+  }
+
+  @Test
+  public void testRollbackAsyncWithLongValueFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.rollbackAsync(55L).get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
+
+  // List versions tests
+
+  @Test
+  public void testListVersionsWithNoOptions() throws FirebaseRemoteConfigException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromListVersionsResponse(
+            new TemplateResponse.ListVersionsResponse().setNextPageToken("token"));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    ListVersionsPage listVersionsPage = remoteConfig.listVersions();
+
+    assertEquals("token", listVersionsPage.getNextPageToken());
+  }
+
+  @Test
+  public void testListVersionsWithNoOptionsFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.listVersions();
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testListVersionsAsyncWithNoOptions() throws Exception {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromListVersionsResponse(
+            new TemplateResponse.ListVersionsResponse().setNextPageToken("token"));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    ListVersionsPage listVersionsPage = remoteConfig.listVersionsAsync().get();
+
+    assertEquals("token", listVersionsPage.getNextPageToken());
+  }
+
+  @Test
+  public void testListVersionsAsyncWithNoOptionsFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.listVersionsAsync().get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
+
+  @Test
+  public void testListVersionsWithOptions() throws FirebaseRemoteConfigException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromListVersionsResponse(
+            new TemplateResponse.ListVersionsResponse().setNextPageToken("token"));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    ListVersionsPage listVersionsPage = remoteConfig.listVersions(
+            ListVersionsOptions.builder().build());
+
+    assertEquals("token", listVersionsPage.getNextPageToken());
+  }
+
+  @Test
+  public void testListVersionsWithOptionsFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.listVersions(ListVersionsOptions.builder().build());
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testListVersionsAsyncWithOptions() throws Exception {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromListVersionsResponse(
+            new TemplateResponse.ListVersionsResponse().setNextPageToken("token"));
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    ListVersionsPage listVersionsPage = remoteConfig.listVersionsAsync(
+            ListVersionsOptions.builder().build()).get();
+
+    assertEquals("token", listVersionsPage.getNextPageToken());
+  }
+
+  @Test
+  public void testListVersionsAsyncWithOptionsFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.listVersionsAsync(ListVersionsOptions.builder().build()).get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
+
+  private FirebaseRemoteConfig getRemoteConfig(FirebaseRemoteConfigClient client) {
+    FirebaseApp app = FirebaseApp.initializeApp(TEST_OPTIONS);
+    return new FirebaseRemoteConfig(app, client);
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/ListVersionsPageTest.java b/src/test/java/com/google/firebase/remoteconfig/ListVersionsPageTest.java
new file mode 100644
index 000000000..a04c7ab4f
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/ListVersionsPageTest.java
@@ -0,0 +1,338 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.NoSuchElementException;
+
+import org.junit.Test;
+
+public class ListVersionsPageTest {
+
+  @Test
+  public void testSinglePage() throws FirebaseRemoteConfigException {
+    TestVersionSource source = new TestVersionSource(3);
+    ListVersionsPage page = new ListVersionsPage.Factory(source).create();
+    assertFalse(page.hasNextPage());
+    assertEquals(ListVersionsPage.END_OF_LIST, page.getNextPageToken());
+    assertNull(page.getNextPage());
+
+    ImmutableList<Version> versions = ImmutableList.copyOf(page.getValues());
+    assertEquals(3, versions.size());
+    for (int i = 0; i < 3; i++) {
+      assertEquals("1" + i, versions.get(i).getVersionNumber());
+    }
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+  }
+
+  @Test
+  public void testMultiplePages() throws FirebaseRemoteConfigException {
+    ListVersionsPage.VersionsResultBatch result = new ListVersionsPage.VersionsResultBatch(
+            ImmutableList.of(
+                    newVersion("10"),
+                    newVersion("11"),
+                    newVersion("12")), "token");
+    TestVersionSource source = new TestVersionSource(result);
+    ListVersionsPage page1 = new ListVersionsPage.Factory(source).create();
+
+    assertTrue(page1.hasNextPage());
+    assertEquals("token", page1.getNextPageToken());
+    ImmutableList<Version> versions = ImmutableList.copyOf(page1.getValues());
+    assertEquals(3, versions.size());
+    for (int i = 0; i < 3; i++) {
+      assertEquals("1" + i, versions.get(i).getVersionNumber());
+    }
+
+    result = new ListVersionsPage.VersionsResultBatch(
+            ImmutableList.of(
+                    newVersion("13"),
+                    newVersion("14"),
+                    newVersion("15")), ListVersionsPage.END_OF_LIST);
+    source.result = result;
+    ListVersionsPage page2 = page1.getNextPage();
+
+    assertNotNull(page2);
+    assertFalse(page2.hasNextPage());
+    assertEquals(ListVersionsPage.END_OF_LIST, page2.getNextPageToken());
+    versions = ImmutableList.copyOf(page2.getValues());
+    assertEquals(3, versions.size());
+    for (int i = 3; i < 6; i++) {
+      assertEquals("1" + i, versions.get(i - 3).getVersionNumber());
+    }
+
+    assertEquals(2, source.calls.size());
+    assertNull(source.calls.get(0));
+    assertEquals("token", source.calls.get(1).getPageToken());
+
+    // Should iterate all versions from both pages
+    int iterations = 0;
+    for (Version ignored : page1.iterateAll()) {
+      iterations++;
+    }
+    assertEquals(6, iterations);
+    assertEquals(3, source.calls.size());
+    assertEquals("token", source.calls.get(2).getPageToken());
+
+    // Should only iterate versions in the last page
+    iterations = 0;
+    for (Version ignored : page2.iterateAll()) {
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(3, source.calls.size());
+  }
+
+  @Test
+  public void testListVersionsIterable() throws FirebaseRemoteConfigException {
+    TestVersionSource source = new TestVersionSource(3);
+    ListVersionsPage page = new ListVersionsPage.Factory(source).create();
+    Iterable<Version> versions = page.iterateAll();
+
+    int iterations = 0;
+    for (Version version : versions) {
+      assertEquals("1" + iterations, version.getVersionNumber());
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+
+    // Should result in a new iterator
+    iterations = 0;
+    for (Version version : versions) {
+      assertEquals("1" + iterations, version.getVersionNumber());
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+  }
+
+  @Test
+  public void testListVersionsIterator() throws FirebaseRemoteConfigException {
+    TestVersionSource source = new TestVersionSource(3);
+    ListVersionsPage page = new ListVersionsPage.Factory(source).create();
+    Iterable<Version> versions = page.iterateAll();
+    Iterator<Version> iterator = versions.iterator();
+    int iterations = 0;
+    while (iterator.hasNext()) {
+      assertEquals("1" + iterations, iterator.next().getVersionNumber());
+      iterations++;
+    }
+    assertEquals(3, iterations);
+    assertEquals(1, source.calls.size());
+    assertNull(source.calls.get(0));
+
+    while (iterator.hasNext()) {
+      fail("Should not be able to to iterate any more");
+    }
+    try {
+      iterator.next();
+      fail("Should not be able to iterate any more");
+    } catch (NoSuchElementException expected) {
+      // expected
+    }
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testListVersionsPagedIterable() throws FirebaseRemoteConfigException {
+    ListVersionsPage.VersionsResultBatch result = new ListVersionsPage.VersionsResultBatch(
+            ImmutableList.of(
+                    newVersion("10"),
+                    newVersion("11"),
+                    newVersion("12")), "token");
+    TestVersionSource source = new TestVersionSource(result);
+    ListVersionsPage page = new ListVersionsPage.Factory(source).create();
+    int iterations = 0;
+    for (Version version : page.iterateAll()) {
+      assertEquals("1" + iterations, version.getVersionNumber());
+      iterations++;
+      if (iterations == 3) {
+        assertEquals(1, source.calls.size());
+        assertNull(source.calls.get(0));
+        result = new ListVersionsPage.VersionsResultBatch(
+                ImmutableList.of(
+                        newVersion("13"),
+                        newVersion("14"),
+                        newVersion("15")), ListVersionsPage.END_OF_LIST);
+        source.result = result;
+      }
+    }
+
+    assertEquals(6, iterations);
+    assertEquals(2, source.calls.size());
+    assertEquals("token", source.calls.get(1).getPageToken());
+  }
+
+  @Test
+  public void testListVersionsPagedIterator() throws FirebaseRemoteConfigException {
+    ListVersionsPage.VersionsResultBatch result = new ListVersionsPage.VersionsResultBatch(
+            ImmutableList.of(
+                    newVersion("10"),
+                    newVersion("11"),
+                    newVersion("12")), "token");
+    TestVersionSource source = new TestVersionSource(result);
+    ListVersionsPage page = new ListVersionsPage.Factory(source).create();
+    Iterator<Version> versions = page.iterateAll().iterator();
+    int iterations = 0;
+    while (versions.hasNext()) {
+      assertEquals("1" + iterations, versions.next().getVersionNumber());
+      iterations++;
+      if (iterations == 3) {
+        assertEquals(1, source.calls.size());
+        assertNull(source.calls.get(0));
+        result = new ListVersionsPage.VersionsResultBatch(
+                ImmutableList.of(
+                        newVersion("13"),
+                        newVersion("14"),
+                        newVersion("15")), ListVersionsPage.END_OF_LIST);
+        source.result = result;
+      }
+    }
+
+    assertEquals(6, iterations);
+    assertEquals(2, source.calls.size());
+    assertEquals("token", source.calls.get(1).getPageToken());
+    assertFalse(versions.hasNext());
+    try {
+      versions.next();
+    } catch (NoSuchElementException e) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testPageWithNoVersions() throws FirebaseRemoteConfigException {
+    ListVersionsPage.VersionsResultBatch result = new ListVersionsPage.VersionsResultBatch(
+            ImmutableList.<Version>of(),
+            ListVersionsPage.END_OF_LIST);
+    TestVersionSource source = new TestVersionSource(result);
+    ListVersionsPage page = new ListVersionsPage.Factory(source).create();
+
+    assertFalse(page.hasNextPage());
+    assertEquals(ListVersionsPage.END_OF_LIST, page.getNextPageToken());
+    assertNull(page.getNextPage());
+    assertEquals(0, ImmutableList.copyOf(page.getValues()).size());
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testIterableWithNoVersions() throws FirebaseRemoteConfigException {
+    ListVersionsPage.VersionsResultBatch result = new ListVersionsPage.VersionsResultBatch(
+            ImmutableList.<Version>of(),
+            ListVersionsPage.END_OF_LIST);
+    TestVersionSource source = new TestVersionSource(result);
+    ListVersionsPage page = new ListVersionsPage.Factory(source).create();
+    for (Version version : page.iterateAll()) {
+      fail("Should not be able to iterate, but got: " + version);
+    }
+
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testIteratorWithNoVersions() throws FirebaseRemoteConfigException {
+    ListVersionsPage.VersionsResultBatch result = new ListVersionsPage.VersionsResultBatch(
+            ImmutableList.<Version>of(),
+            ListVersionsPage.END_OF_LIST);
+    TestVersionSource source = new TestVersionSource(result);
+
+    ListVersionsPage page = new ListVersionsPage.Factory(source).create();
+    Iterator<Version> iterator = page.iterateAll().iterator();
+
+    assertFalse(iterator.hasNext());
+    assertEquals(1, source.calls.size());
+  }
+
+  @Test
+  public void testRemove() throws FirebaseRemoteConfigException, IOException {
+    ListVersionsPage.VersionsResultBatch result = new ListVersionsPage.VersionsResultBatch(
+            ImmutableList.of(newVersion("10")),
+            ListVersionsPage.END_OF_LIST);
+    TestVersionSource source = new TestVersionSource(result);
+
+    ListVersionsPage page = new ListVersionsPage.Factory(source).create();
+    Iterator<Version> iterator = page.iterateAll().iterator();
+    while (iterator.hasNext()) {
+      assertNotNull(iterator.next());
+      try {
+        iterator.remove();
+      } catch (UnsupportedOperationException expected) {
+        // expected
+      }
+    }
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testNullSource() {
+    new ListVersionsPage.Factory(null);
+  }
+
+  private static Version newVersion(String versionNumber) {
+    TemplateResponse.VersionResponse versionResponse = new TemplateResponse.VersionResponse()
+            .setVersionNumber(versionNumber)
+            .setUpdateTime("2020-11-15T06:57:26.342763941Z")
+            .setUpdateOrigin("ADMIN_SDK")
+            .setUpdateType("INCREMENTAL_UPDATE")
+            .setUpdateUser(new TemplateResponse.UserResponse()
+                    .setEmail("firebase-user@account.com")
+                    .setName("dev-admin"))
+            .setDescription("test version: " + versionNumber);
+    return new Version(versionResponse);
+  }
+
+  private static class TestVersionSource implements ListVersionsPage.VersionSource {
+
+    private ListVersionsPage.VersionsResultBatch result;
+    private List<ListVersionsOptions> calls = new ArrayList<>();
+
+    TestVersionSource(int versionCount) {
+      ImmutableList.Builder<Version> versions = ImmutableList.builder();
+      for (int i = 0; i < versionCount; i++) {
+        versions.add(newVersion("1" + i));
+      }
+      this.result = new ListVersionsPage.VersionsResultBatch(versions.build(),
+              ListVersionsPage.END_OF_LIST);
+    }
+
+    TestVersionSource(ListVersionsPage.VersionsResultBatch result) {
+      this.result = result;
+    }
+
+    @Override
+    public ListVersionsPage.VersionsResultBatch fetch(
+            ListVersionsOptions listVersionsOptions) {
+      calls.add(listVersionsOptions);
+      return result;
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/MockRemoteConfigClient.java b/src/test/java/com/google/firebase/remoteconfig/MockRemoteConfigClient.java
new file mode 100644
index 000000000..9ca58508d
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/MockRemoteConfigClient.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ListVersionsResponse;
+
+public class MockRemoteConfigClient implements FirebaseRemoteConfigClient{
+
+  private final Template resultTemplate;
+  private final FirebaseRemoteConfigException exception;
+  private final ListVersionsResponse listVersionsResponse;
+
+  private MockRemoteConfigClient(Template resultTemplate,
+                                 ListVersionsResponse listVersionsResponse,
+                                 FirebaseRemoteConfigException exception) {
+    this.resultTemplate = resultTemplate;
+    this.listVersionsResponse = listVersionsResponse;
+    this.exception = exception;
+  }
+
+  static MockRemoteConfigClient fromTemplate(Template resultTemplate) {
+    return new MockRemoteConfigClient(resultTemplate, null, null);
+  }
+
+  static MockRemoteConfigClient fromListVersionsResponse(
+          ListVersionsResponse listVersionsResponse) {
+    return new MockRemoteConfigClient(null, listVersionsResponse, null);
+  }
+
+  static MockRemoteConfigClient fromException(FirebaseRemoteConfigException exception) {
+    return new MockRemoteConfigClient(null, null, exception);
+  }
+
+  @Override
+  public Template getTemplate() throws FirebaseRemoteConfigException {
+    if (exception != null) {
+      throw exception;
+    }
+    return resultTemplate;
+  }
+
+  @Override
+  public Template getTemplateAtVersion(String versionNumber) throws FirebaseRemoteConfigException {
+    if (exception != null) {
+      throw exception;
+    }
+    return resultTemplate;
+  }
+
+  @Override
+  public Template publishTemplate(Template template, boolean validateOnly,
+                                  boolean forcePublish) throws FirebaseRemoteConfigException {
+    if (exception != null) {
+      throw exception;
+    }
+    return resultTemplate;
+  }
+
+  @Override
+  public Template rollback(String versionNumber) throws FirebaseRemoteConfigException {
+    if (exception != null) {
+      throw exception;
+    }
+    return resultTemplate;
+  }
+
+  @Override
+  public ListVersionsResponse listVersions(
+          ListVersionsOptions options) throws FirebaseRemoteConfigException {
+    if (exception != null) {
+      throw exception;
+    }
+    return listVersionsResponse;
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/ParameterGroupTest.java b/src/test/java/com/google/firebase/remoteconfig/ParameterGroupTest.java
new file mode 100644
index 000000000..8a7344168
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/ParameterGroupTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import com.google.common.collect.ImmutableMap;
+
+import java.util.Map;
+
+import org.junit.Test;
+
+public class ParameterGroupTest {
+
+  @Test
+  public void testConstructor() {
+    final ParameterGroup parameterGroup = new ParameterGroup();
+
+    assertNotNull(parameterGroup.getParameters());
+    assertTrue(parameterGroup.getParameters().isEmpty());
+    assertNull(parameterGroup.getDescription());
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testConstructorWithNullParameterGroupResponse() {
+    new ParameterGroup(null);
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testSetNullParameters() {
+    ParameterGroup parameterGroup = new ParameterGroup();
+    parameterGroup.setParameters(null);
+  }
+
+  @Test
+  public void testEquality() {
+    final ParameterGroup parameterGroupOne = new ParameterGroup();
+    final ParameterGroup parameterGroupTwo = new ParameterGroup();
+
+    assertEquals(parameterGroupOne, parameterGroupTwo);
+
+    final ParameterGroup parameterGroupThree = new ParameterGroup()
+            .setDescription("description");
+    final ParameterGroup parameterGroupFour = new ParameterGroup()
+            .setDescription("description");
+
+    assertEquals(parameterGroupThree, parameterGroupFour);
+
+    final Map<String, Parameter> parameters = ImmutableMap.of(
+            "header_text", new Parameter().setDefaultValue(ParameterValue.of("Welcome")),
+            "promo", new Parameter()
+                    .setDefaultValue(ParameterValue.inAppDefault())
+                    .setConditionalValues(ImmutableMap.<String, ParameterValue>of(
+                            "ios", ParameterValue.of("ios header text")
+                    ))
+    );
+    final ParameterGroup parameterGroupFive = new ParameterGroup()
+            .setDescription("description")
+            .setParameters(parameters);
+    final ParameterGroup parameterGroupSix = new ParameterGroup()
+            .setDescription("description")
+            .setParameters(parameters);
+
+    assertEquals(parameterGroupFive, parameterGroupSix);
+    assertNotEquals(parameterGroupOne, parameterGroupThree);
+    assertNotEquals(parameterGroupOne, parameterGroupFive);
+    assertNotEquals(parameterGroupThree, parameterGroupFive);
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/ParameterTest.java b/src/test/java/com/google/firebase/remoteconfig/ParameterTest.java
new file mode 100644
index 000000000..952ea8b82
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/ParameterTest.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import com.google.common.collect.ImmutableMap;
+
+import java.util.Map;
+
+import org.junit.Test;
+
+public class ParameterTest {
+
+  @Test
+  public void testConstructor() {
+    final Parameter parameter = new Parameter();
+
+    assertNotNull(parameter.getConditionalValues());
+    assertTrue(parameter.getConditionalValues().isEmpty());
+    assertNull(parameter.getDefaultValue());
+    assertNull(parameter.getDescription());
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testConstructorWithNullParameterResponse() {
+    new Parameter(null);
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testSetNullConditionalValues() {
+    Parameter parameter = new Parameter();
+    parameter.setConditionalValues(null);
+  }
+
+  @Test
+  public void testEquality() {
+    final Parameter parameterOne = new Parameter()
+            .setDefaultValue(ParameterValue.of("hello"));
+    final Parameter parameterTwo = new Parameter()
+            .setDefaultValue(ParameterValue.of("hello"));
+
+    assertEquals(parameterOne, parameterTwo);
+
+    final Parameter parameterThree = new Parameter()
+            .setDefaultValue(ParameterValue.inAppDefault())
+            .setDescription("greeting text");
+    final Parameter parameterFour = new Parameter()
+            .setDefaultValue(ParameterValue.inAppDefault())
+            .setDescription("greeting text");
+
+    assertEquals(parameterThree, parameterFour);
+
+    final Map<String, ParameterValue> conditionalValues = ImmutableMap.of(
+            "ios", ParameterValue.of("hello ios"),
+            "android", ParameterValue.of("hello android"),
+            "promo", ParameterValue.inAppDefault()
+    );
+    final Parameter parameterFive = new Parameter()
+            .setDefaultValue(ParameterValue.inAppDefault())
+            .setDescription("greeting text")
+            .setConditionalValues(conditionalValues);
+    final Parameter parameterSix = new Parameter()
+            .setDefaultValue(ParameterValue.inAppDefault())
+            .setDescription("greeting text")
+            .setConditionalValues(conditionalValues);
+
+    assertEquals(parameterFive, parameterSix);
+    assertNotEquals(parameterOne, parameterThree);
+    assertNotEquals(parameterOne, parameterFive);
+    assertNotEquals(parameterThree, parameterFive);
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/ParameterValueTest.java b/src/test/java/com/google/firebase/remoteconfig/ParameterValueTest.java
new file mode 100644
index 000000000..842fd808f
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/ParameterValueTest.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+
+import org.junit.Test;
+
+public class ParameterValueTest {
+
+  @Test
+  public void testCreateExplicitValue() {
+    final ParameterValue.Explicit parameterValue = ParameterValue.of("title text");
+
+    assertEquals("title text", parameterValue.getValue());
+  }
+
+  @Test
+  public void testCreateInAppDefault() {
+    final ParameterValue.InAppDefault parameterValue = ParameterValue.inAppDefault();
+
+    assertEquals(ParameterValue.InAppDefault.class, parameterValue.getClass());
+  }
+
+  @Test
+  public void testEquality() {
+    ParameterValue.Explicit parameterValueOne = ParameterValue.of("value");
+    ParameterValue.Explicit parameterValueTwo = ParameterValue.of("value");
+    ParameterValue.Explicit parameterValueThree = ParameterValue.of("title");
+
+    assertEquals(parameterValueOne, parameterValueTwo);
+    assertNotEquals(parameterValueOne, parameterValueThree);
+
+    ParameterValue.InAppDefault parameterValueFour = ParameterValue.inAppDefault();
+    ParameterValue.InAppDefault parameterValueFive = ParameterValue.inAppDefault();
+
+    assertEquals(parameterValueFour, parameterValueFive);
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/TemplateTest.java b/src/test/java/com/google/firebase/remoteconfig/TemplateTest.java
new file mode 100644
index 000000000..ad4d48f87
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/TemplateTest.java
@@ -0,0 +1,346 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+
+import java.util.List;
+import java.util.Map;
+
+import org.junit.Test;
+
+public class TemplateTest {
+
+  private static final List<Condition> CONDITIONS = ImmutableList.<Condition>of(
+          new Condition("ios_en", "exp ios")
+                  .setTagColor(TagColor.INDIGO),
+          new Condition("android_en", "exp android")
+  );
+
+  private static final Map<String, ParameterValue> CONDITIONAL_VALUES = ImmutableMap.of(
+          "ios", ParameterValue.of("hello ios"),
+          "android", ParameterValue.of("hello android"),
+          "promo", ParameterValue.inAppDefault()
+  );
+
+  private static final Map<String, Parameter> PARAMETERS = ImmutableMap.of(
+          "greeting_header", new Parameter()
+                  .setDefaultValue(ParameterValue.inAppDefault())
+                  .setDescription("greeting header text")
+                  .setConditionalValues(CONDITIONAL_VALUES),
+          "greeting_text", new Parameter()
+                  .setDefaultValue(ParameterValue.inAppDefault())
+                  .setDescription("greeting text")
+                  .setConditionalValues(CONDITIONAL_VALUES)
+  );
+
+  private static final Map<String, ParameterGroup> PARAMETER_GROUPS = ImmutableMap.of(
+          "greetings_group", new ParameterGroup()
+                  .setDescription("description")
+                  .setParameters(PARAMETERS)
+  );
+
+  private static final Template EMPTY_TEMPLATE = new Template();
+
+  private static final Template TEMPLATE_WITH_CONDITIONS_PARAMETERS = new Template()
+          .setConditions(CONDITIONS)
+          .setParameters(PARAMETERS);
+
+  private static final Template TEMPLATE_WITH_CONDITIONS_PARAMETERS_GROUPS = new Template()
+          .setConditions(CONDITIONS)
+          .setParameters(PARAMETERS)
+          .setParameterGroups(PARAMETER_GROUPS);
+
+  private static final Template TEMPLATE_WITH_ETAG = new Template()
+          .setETag("etag-123456789097-20");
+
+  private static final Template TEMPLATE_WITH_VERSION = new Template()
+          .setVersion(Version.withDescription("promo version"));
+
+  @Test
+  public void testConstructor() {
+    Template template = new Template();
+
+    assertNotNull(template.getParameters());
+    assertNotNull(template.getConditions());
+    assertNotNull(template.getParameterGroups());
+    assertTrue(template.getParameters().isEmpty());
+    assertTrue(template.getConditions().isEmpty());
+    assertTrue(template.getParameterGroups().isEmpty());
+    assertNull(template.getETag());
+  }
+
+  @Test
+  public void testConstructorWithETag() {
+    Template template = new Template("etag-01-324324");
+
+    assertNotNull(template.getParameters());
+    assertNotNull(template.getConditions());
+    assertNotNull(template.getParameterGroups());
+    assertTrue(template.getParameters().isEmpty());
+    assertTrue(template.getConditions().isEmpty());
+    assertTrue(template.getParameterGroups().isEmpty());
+    assertEquals("etag-01-324324", template.getETag());
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testConstructorWithNullTemplateResponse() {
+    new Template((TemplateResponse) null);
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testSetNullParameters() {
+    Template template = new Template();
+    template.setParameters(null);
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testSetNullConditions() {
+    Template template = new Template();
+    template.setConditions(null);
+  }
+
+  @Test(expected = NullPointerException.class)
+  public void testSetNullParameterGroups() {
+    Template template = new Template();
+    template.setParameterGroups(null);
+  }
+
+  @Test
+  public void testEquality() {
+    final Template templateOne = new Template();
+
+    assertEquals(EMPTY_TEMPLATE, templateOne);
+
+    final Template templateTwo = new Template()
+            .setConditions(CONDITIONS)
+            .setParameters(PARAMETERS);
+
+    assertEquals(TEMPLATE_WITH_CONDITIONS_PARAMETERS, templateTwo);
+
+    final Template templateThree = new Template()
+            .setConditions(CONDITIONS)
+            .setParameters(PARAMETERS)
+            .setParameterGroups(PARAMETER_GROUPS);
+
+    assertEquals(TEMPLATE_WITH_CONDITIONS_PARAMETERS_GROUPS, templateThree);
+
+    final Template templateFour = new Template("etag-123456789097-20");
+
+    assertEquals(TEMPLATE_WITH_ETAG, templateFour);
+
+    final Template templateFive = new Template()
+            .setVersion(Version.withDescription("promo version"));
+
+    assertEquals(TEMPLATE_WITH_VERSION, templateFive);
+    assertNotEquals(templateOne, templateTwo);
+    assertNotEquals(templateOne, templateThree);
+    assertNotEquals(templateOne, templateFour);
+    assertNotEquals(templateOne, templateFive);
+    assertNotEquals(templateTwo, templateThree);
+    assertNotEquals(templateTwo, templateFour);
+    assertNotEquals(templateTwo, templateFive);
+    assertNotEquals(templateThree, templateFour);
+    assertNotEquals(templateThree, templateFive);
+    assertNotEquals(templateFour, templateFive);
+  }
+
+  @Test(expected = FirebaseRemoteConfigException.class)
+  public void testFromJSONWithInvalidString() throws FirebaseRemoteConfigException {
+    Template.fromJSON("abc");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testFromJSONWithEmptyString() throws FirebaseRemoteConfigException {
+    Template.fromJSON("");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testFromJSONWithNullString() throws FirebaseRemoteConfigException {
+    Template.fromJSON(null);
+  }
+
+  @Test
+  public void testFromJSONWithEmptyTemplateString() throws FirebaseRemoteConfigException {
+    Template template = Template.fromJSON("{}");
+
+    assertNotNull(template.getParameters());
+    assertNotNull(template.getConditions());
+    assertNotNull(template.getParameterGroups());
+    assertTrue(template.getParameters().isEmpty());
+    assertTrue(template.getConditions().isEmpty());
+    assertTrue(template.getParameterGroups().isEmpty());
+    assertNull(template.getETag());
+  }
+
+  @Test
+  public void testFromJSONWithNonEmptyTemplateString() throws FirebaseRemoteConfigException {
+    Template template = Template.fromJSON("{"
+            + "  \"etag\": \"etag-001234\","
+            + "  \"conditions\": ["
+            + "    {"
+            + "      \"name\": \"ios_en\","
+            + "      \"expression\": \"device.os == 'ios' && device.country in ['us', 'uk']\","
+            + "      \"tagColor\": \"INDIGO\""
+            + "    },"
+            + "    {"
+            + "      \"name\": \"android_en\","
+            + "      \"expression\": \"device.os == 'android' && device.country in ['us', 'uk']\""
+            + "    }"
+            + "  ]"
+            + "}");
+
+    assertNotNull(template.getParameters());
+    assertNotNull(template.getConditions());
+    assertNotNull(template.getParameterGroups());
+    assertTrue(template.getParameters().isEmpty());
+    assertEquals(2, template.getConditions().size());
+    assertEquals("ios_en", template.getConditions().get(0).getName());
+    assertEquals("device.os == 'ios' && device.country in ['us', 'uk']",
+            template.getConditions().get(0).getExpression());
+    assertEquals(TagColor.INDIGO, template.getConditions().get(0).getTagColor());
+    assertEquals("android_en", template.getConditions().get(1).getName());
+    assertEquals("device.os == 'android' && device.country in ['us', 'uk']",
+            template.getConditions().get(1).getExpression());
+    assertNull(template.getConditions().get(1).getTagColor());
+    assertTrue(template.getParameterGroups().isEmpty());
+    assertEquals("etag-001234", template.getETag());
+  }
+
+  @Test
+  public void testFromJSONWithVersion() throws FirebaseRemoteConfigException {
+    final Version expectedVersion = new Version(new TemplateResponse.VersionResponse()
+            .setDescription("template version")
+            .setUpdateTime("2020-12-08T15:49:51.887878Z")
+            .setUpdateUser(new TemplateResponse.UserResponse().setEmail("user@user.com"))
+            .setLegacy(false)
+            .setUpdateType("INCREMENTAL_UPDATE")
+            .setRollbackSource("26")
+            .setVersionNumber("34")
+            .setUpdateOrigin("ADMIN_SDK_NODE")
+    );
+    String jsonString = "{\"parameters\":{},\"conditions\":[],\"parameterGroups\":{},"
+            + "\"version\":{\"versionNumber\":\"34\","
+            + "\"updateTime\":\"Tue, 08 Dec 2020 15:49:51 UTC\","
+            + "\"updateOrigin\":\"ADMIN_SDK_NODE\",\"updateType\":\"INCREMENTAL_UPDATE\","
+            + "\"updateUser\":{\"email\":\"user@user.com\"},\"rollbackSource\":\"26\","
+            + "\"legacy\":false,\"description\":\"template version\"}}";
+    Template template = Template.fromJSON(jsonString);
+
+    assertNotNull(template.getParameters());
+    assertNotNull(template.getConditions());
+    assertNotNull(template.getParameterGroups());
+    assertTrue(template.getParameters().isEmpty());
+    assertTrue(template.getConditions().isEmpty());
+    assertTrue(template.getParameterGroups().isEmpty());
+    assertNull(template.getETag());
+    // check version
+    assertEquals(expectedVersion, template.getVersion());
+    // update time should be correctly converted to milliseconds
+    assertEquals(1607442591000L, template.getVersion().getUpdateTime());
+  }
+
+  @Test
+  public void testToJSONWithEmptyTemplate() {
+    String jsonString = new Template().toJSON();
+
+    assertEquals("{\"conditions\":[],"
+            + "\"parameterGroups\":{},\"parameters\":{}}", jsonString);
+  }
+
+  @Test
+  public void testToJSONWithParameterValues() {
+    Template t = new Template();
+    t.getParameters()
+            .put("with_value", new Parameter().setDefaultValue(ParameterValue.of("hello")));
+    t.getParameters()
+            .put("with_inApp", new Parameter().setDefaultValue(ParameterValue.inAppDefault()));
+    String jsonString = t.toJSON();
+
+    assertEquals("{\"conditions\":[],\"parameterGroups\":{},"
+            + "\"parameters\":{\"with_value\":{\"conditionalValues\":{},"
+            + "\"defaultValue\":{\"value\":\"hello\"}},\"with_inApp\":{\"conditionalValues\":{},"
+            + "\"defaultValue\":{\"useInAppDefault\":true}}}}", jsonString);
+  }
+
+  @Test
+  public void testToJSONWithEtag() {
+    String jsonString = new Template("etag-12345").toJSON();
+
+    assertEquals("{\"conditions\":[],\"etag\":\"etag-12345\",\"parameterGroups\":{},"
+            + "\"parameters\":{}}", jsonString);
+  }
+
+  @Test
+  public void testToJSONWithEtagAndConditions() {
+    String jsonString = new Template("etag-0010201")
+            .setConditions(CONDITIONS).toJSON();
+
+    assertEquals("{\"conditions\":[{\"expression\":\"exp ios\",\"name\":\"ios_en\","
+            + "\"tagColor\":\"INDIGO\"},{\"expression\":\"exp android\","
+            + "\"name\":\"android_en\"}],\"etag\":\"etag-0010201\",\"parameterGroups\":{},"
+            + "\"parameters\":{}}", jsonString);
+  }
+
+  @Test
+  public void testToJSONWithVersion() {
+    Version version = new Version(new TemplateResponse.VersionResponse()
+            .setDescription("template version")
+            .setUpdateTime("2020-12-08T15:49:51.887878Z")
+            .setUpdateUser(new TemplateResponse.UserResponse().setEmail("user@user.com"))
+            .setLegacy(false)
+            .setUpdateType("INCREMENTAL_UPDATE")
+            .setRollbackSource("26")
+            .setVersionNumber("34")
+            .setUpdateOrigin("ADMIN_SDK_NODE")
+    );
+    String jsonString = new Template().setVersion(version).toJSON();
+
+    assertEquals("{\"conditions\":[],\"parameterGroups\":{},\"parameters\":{},"
+            + "\"version\":{\"description\":\"template version\",\"legacy\":false,"
+            + "\"rollbackSource\":\"26\",\"updateOrigin\":\"ADMIN_SDK_NODE\","
+            + "\"updateTime\":\"Tue, 08 Dec 2020 15:49:51 UTC\","
+            + "\"updateType\":\"INCREMENTAL_UPDATE\",\"updateUser\":{"
+            + "\"email\":\"user@user.com\"},\"versionNumber\":\"34\"}}", jsonString);
+  }
+
+  @Test
+  public void testToJSONAndFromJSON() throws FirebaseRemoteConfigException {
+    Template originalTemplate = new Template();
+    Template otherTemplate = Template.fromJSON(originalTemplate.toJSON());
+
+    assertEquals(originalTemplate, otherTemplate);
+
+    Version expectedVersion = Version.withDescription("promo version");
+    Template expectedTemplate = new Template("etag-0010201")
+            .setParameters(PARAMETERS)
+            .setConditions(CONDITIONS)
+            .setParameterGroups(PARAMETER_GROUPS)
+            .setVersion(expectedVersion);
+    Template actualTemplate = Template.fromJSON(expectedTemplate.toJSON());
+
+    assertEquals(expectedTemplate, actualTemplate);
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/UserTest.java b/src/test/java/com/google/firebase/remoteconfig/UserTest.java
new file mode 100644
index 000000000..866b30eed
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/UserTest.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+import org.junit.Test;
+
+public class UserTest {
+
+  @Test(expected = NullPointerException.class)
+  public void testConstructorWithNullVersionResponse() {
+    new User(null);
+  }
+
+  @Test
+  public void testEquality() {
+    final User userOne = new User(new TemplateResponse.UserResponse());
+    final User userTwo = new User(new TemplateResponse.UserResponse());
+
+    assertEquals(userOne, userTwo);
+
+    final User userThree = new User(new TemplateResponse.UserResponse()
+            .setName("admin-user")
+            .setEmail("admin@email.com")
+            .setImageUrl("http://admin.jpg"));
+    final User userFour = new User(new TemplateResponse.UserResponse()
+            .setName("admin-user")
+            .setEmail("admin@email.com")
+            .setImageUrl("http://admin.jpg"));
+
+    assertEquals(userThree, userFour);
+
+    final User userFive = new User(new TemplateResponse.UserResponse()
+            .setName("admin-user")
+            .setEmail("admin@email.com"));
+    final User userSix = new User(new TemplateResponse.UserResponse()
+            .setName("admin-user")
+            .setEmail("admin@email.com"));
+
+    assertEquals(userFive, userSix);
+    assertNotEquals(userOne, userThree);
+    assertNotEquals(userOne, userFive);
+    assertNotEquals(userThree, userFive);
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/VersionTest.java b/src/test/java/com/google/firebase/remoteconfig/VersionTest.java
new file mode 100644
index 000000000..515629660
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/VersionTest.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNull;
+
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.VersionResponse;
+import org.junit.Test;
+
+public class VersionTest {
+
+  @Test(expected = NullPointerException.class)
+  public void testConstructorWithNullVersionResponse() {
+    new Version(null);
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testConstructorWithInvalidUpdateTime() {
+    new Version(new VersionResponse()
+            .setUpdateTime("sunday,26th"));
+  }
+
+  @Test
+  public void testConstructorWithValidZuluUpdateTime() {
+    Version version = new Version(new VersionResponse()
+            .setUpdateTime("2020-12-08T15:49:51.887878Z"));
+    assertEquals(1607442591000L, version.getUpdateTime());
+  }
+
+  @Test
+  public void testConstructorWithValidUTCUpdateTime() {
+    Version version = new Version(new VersionResponse()
+            .setUpdateTime("Tue, 08 Dec 2020 15:49:51 GMT"));
+    assertEquals(1607442591000L, version.getUpdateTime());
+  }
+
+  @Test
+  public void testWithDescription() {
+    final Version version = Version.withDescription("version description text");
+
+    assertEquals("version description text", version.getDescription());
+    assertNull(version.getVersionNumber());
+    assertEquals(0, version.getUpdateTime());
+    assertNull(version.getUpdateOrigin());
+    assertNull(version.getUpdateType());
+    assertNull(version.getUpdateUser());
+    assertNull(version.getRollbackSource());
+    assertFalse(version.isLegacy());
+  }
+
+  @Test
+  public void testEquality() {
+    final Version versionOne = new Version(new VersionResponse());
+    final Version versionTwo = new Version(new VersionResponse());
+
+    assertEquals(versionOne, versionTwo);
+
+    final Version versionThree = Version.withDescription("abcd");
+    final Version versionFour = Version.withDescription("abcd");
+    final Version versionFive = new Version(new VersionResponse()).setDescription("abcd");
+
+    assertEquals(versionThree, versionFour);
+    assertEquals(versionThree, versionFive);
+
+    final Version versionSix = Version.withDescription("efgh");
+
+    assertNotEquals(versionThree, versionSix);
+    assertNotEquals(versionOne, versionSix);
+
+    final VersionResponse versionResponse = new VersionResponse()
+            .setVersionNumber("23")
+            .setUpdateTime("2014-10-02T15:01:23.045123456Z")
+            .setUpdateOrigin("ADMIN_SDK")
+            .setUpdateUser(new TemplateResponse.UserResponse()
+                    .setEmail("user@email.com")
+                    .setName("user-1234")
+                    .setImageUrl("http://user.jpg"))
+            .setUpdateType("INCREMENTAL_UPDATE");
+    final Version versionSeven = new Version(versionResponse);
+    final Version versionEight = new Version(versionResponse);
+
+    assertEquals(versionSeven, versionEight);
+    assertNotEquals(versionOne, versionSeven);
+    assertNotEquals(versionThree, versionSeven);
+    assertNotEquals(versionSix, versionSeven);
+  }
+}
diff --git a/src/test/resources/getRemoteConfig.json b/src/test/resources/getRemoteConfig.json
new file mode 100644
index 000000000..a4969f0d1
--- /dev/null
+++ b/src/test/resources/getRemoteConfig.json
@@ -0,0 +1,56 @@
+{
+  "conditions": [
+    {
+      "name": "ios_en",
+      "expression": "device.os == 'ios' && device.country in ['us', 'uk']",
+      "tagColor": "INDIGO"
+    },
+    {
+      "name": "android_en",
+      "expression": "device.os == 'android' && device.country in ['us', 'uk']"
+    }
+  ],
+  "parameters": {
+    "welcome_message_text": {
+      "defaultValue": {
+        "value": "welcome to app"
+      },
+      "conditionalValues": {
+        "ios_en": {
+          "value": "welcome to app en"
+        }
+      },
+      "description": "text for welcome message!"
+    },
+    "header_text": {
+      "defaultValue": {
+        "useInAppDefault": true
+      }
+    }
+  },
+  "parameterGroups": {
+    "new menu": {
+      "description": "New Menu",
+      "parameters": {
+        "pumpkin_spice_season": {
+          "defaultValue": {
+            "value": "true"
+          },
+          "description": "Whether it's currently pumpkin spice season."
+        }
+      }
+    }
+  },
+  "version": {
+    "versionNumber": "17",
+    "updateOrigin": "ADMIN_SDK_NODE",
+    "updateType": "INCREMENTAL_UPDATE",
+    "updateUser": {
+      "email": "firebase-user@account.com",
+      "name": "dev-admin",
+      "imageUrl": "http://image.jpg"
+    },
+    "updateTime": "2020-11-15T06:57:26.342763941Z",
+    "description": "promo config"
+  }
+}
diff --git a/src/test/resources/listRemoteConfigVersions.json b/src/test/resources/listRemoteConfigVersions.json
new file mode 100644
index 000000000..2823db3ef
--- /dev/null
+++ b/src/test/resources/listRemoteConfigVersions.json
@@ -0,0 +1,50 @@
+{
+  "versions": [
+    {
+      "versionNumber": "32",
+      "updateTime": "2020-11-24T19:10:35.506793Z",
+      "updateUser": {
+        "email": "admin@email.com",
+        "imageUrl": "https://photo.jpg"
+      },
+      "description": "Rollback to version 29",
+      "updateOrigin": "REST_API",
+      "updateType": "ROLLBACK",
+      "rollbackSource": "29"
+    },
+    {
+      "versionNumber": "31",
+      "updateTime": "2020-11-24T19:09:40.249437Z",
+      "updateUser": {
+        "email": "admin@email.com",
+        "imageUrl": "https://photo.jpg"
+      },
+      "description": "new template",
+      "updateOrigin": "REST_API",
+      "updateType": "INCREMENTAL_UPDATE"
+    },
+    {
+      "versionNumber": "30",
+      "updateTime": "2020-11-24T19:08:30.613942Z",
+      "updateUser": {
+        "email": "admin@email.com",
+        "imageUrl": "https://photo.jpg"
+      },
+      "description": "new template",
+      "updateOrigin": "REST_API",
+      "updateType": "INCREMENTAL_UPDATE"
+    },
+    {
+      "versionNumber": "29",
+      "updateTime": "2020-11-12T22:12:02.180181Z",
+      "updateUser": {
+        "email": "admin@email.com",
+        "imageUrl": "https://photo.jpg"
+      },
+      "description": "new template",
+      "updateOrigin": "REST_API",
+      "updateType": "INCREMENTAL_UPDATE"
+    }
+  ],
+  "nextPageToken": "28"
+}

From 9862c552928be34c8907189cfb00929452d67d21 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Mon, 14 Dec 2020 16:06:53 -0500
Subject: [PATCH 036/354] [chore] Release 7.1.0 (#503)

- Release 7.0.1
- Includes Remote Config API #446
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0bde2d2f4..c90439f51 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>7.0.1</version>
+    <version>7.1.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From b8321ac36b6d8b03c8f932a2ba8405639f2a73f7 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Thu, 17 Dec 2020 15:30:26 -0800
Subject: [PATCH 037/354] Adding delayed response message for holidays (#504)

---
 ISSUE_TEMPLATE.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md
index 5de83b2cc..b7dc143fa 100644
--- a/ISSUE_TEMPLATE.md
+++ b/ISSUE_TEMPLATE.md
@@ -1,3 +1,5 @@
+**Thank you for submitting your issue. We are operating at reduced capacity from Dec 18 2020 to Jan 4 2021. Please expect delayed responses. For more urgent requests please reach us via our support channels https://firebase.google.com/support**
+
 ### [READ] Step 1: Are you in the right place?
 
   * For issues or feature requests related to __the code in this repository__

From 67926ab17cbcee4383e0c72679c9e7441f222627 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Tue, 5 Jan 2021 14:25:07 -0500
Subject: [PATCH 038/354] Remove delayed response message for holidays (#505)

- Remove delayed response message for holidays
---
 ISSUE_TEMPLATE.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md
index b7dc143fa..5de83b2cc 100644
--- a/ISSUE_TEMPLATE.md
+++ b/ISSUE_TEMPLATE.md
@@ -1,5 +1,3 @@
-**Thank you for submitting your issue. We are operating at reduced capacity from Dec 18 2020 to Jan 4 2021. Please expect delayed responses. For more urgent requests please reach us via our support channels https://firebase.google.com/support**
-
 ### [READ] Step 1: Are you in the right place?
 
   * For issues or feature requests related to __the code in this repository__

From b5f8c2aa20fa0f21942070c27df94ac1e532861b Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 7 Jan 2021 18:32:17 -0500
Subject: [PATCH 039/354] chore(rc): Refactor RC integration tests (#507)

* chore(rc): Refactor RC integration tests

* Avoid template cloning
---
 .../remoteconfig/FirebaseRemoteConfigIT.java  | 166 +++++++++++++-----
 1 file changed, 120 insertions(+), 46 deletions(-)

diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
index 3a13d8d86..bb90c6cb9 100644
--- a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
@@ -42,89 +42,131 @@ public class FirebaseRemoteConfigIT {
 
   private static FirebaseRemoteConfig remoteConfig;
 
-  private static final long timestamp = System.currentTimeMillis();
-
-  private static final Map<String, Parameter> PARAMETERS = ImmutableMap.of(
-          "welcome_message_text", new Parameter()
-                  .setDefaultValue(ParameterValue
-                          .of(String.format("welcome to app %s", timestamp)))
-                  .setConditionalValues(ImmutableMap.<String, ParameterValue>of(
-                          "ios_en",
-                          ParameterValue.of(String.format("welcome to app en %s", timestamp))
-                  ))
-                  .setDescription("text for welcome message!"),
-          "header_text", new Parameter()
-                  .setDefaultValue(ParameterValue.inAppDefault()));
-
-  private static final Map<String, ParameterGroup> PARAMETER_GROUPS = ImmutableMap.of(
-          "new menu", new ParameterGroup()
-                  .setDescription(String.format("New Menu %s", timestamp))
-                  .setParameters(ImmutableMap.of(
-                          "pumpkin_spice_season", new Parameter()
-                                  .setDefaultValue(ParameterValue.of("true"))
-                                  .setDescription("Whether it's currently pumpkin spice season."))
-                  ));
-
   private static final List<Condition> CONDITIONS = ImmutableList.of(
           new Condition("ios_en", "device.os == 'ios' && device.country in ['us', 'uk']")
                   .setTagColor(TagColor.INDIGO),
           new Condition("android_en",
                   "device.os == 'android' && device.country in ['us', 'uk']"));
 
-  private static final Version VERSION = Version
-          .withDescription(String.format("promo config %s", timestamp));
-
   @BeforeClass
   public static void setUpClass() {
     remoteConfig = FirebaseRemoteConfig.getInstance(IntegrationTestUtils.ensureDefaultApp());
   }
 
   @Test
-  public void testTemplateOperations() throws FirebaseRemoteConfigException {
-    // get template to fetch the active template with correct etag
-    final Template oldTemplate = remoteConfig.getTemplate();
-    final Template inputTemplate = Template.fromJSON(oldTemplate.toJSON());
-    final String versionNumber = oldTemplate.getVersion().getVersionNumber();
-
-    // modify template
-    inputTemplate.setParameters(PARAMETERS)
-            .setParameterGroups(PARAMETER_GROUPS)
+  public void testValidateTemplate() throws FirebaseRemoteConfigException {
+    final Template inputTemplate = remoteConfig.getTemplate();
+    final Map<String, Parameter> expectedParameters = getParameters();
+    final Map<String, ParameterGroup> expectedParameterGroups = getParameterGroups();
+    final Version expectedVersion = getVersion();
+    inputTemplate.setParameters(expectedParameters)
+            .setParameterGroups(expectedParameterGroups)
             .setConditions(CONDITIONS)
-            .setVersion(VERSION);
+            .setVersion(expectedVersion);
 
-    // validate template
     Template validatedTemplate = remoteConfig.validateTemplate(inputTemplate);
-    assertEquals(inputTemplate.getETag(), validatedTemplate.getETag());
-    assertEquals(PARAMETERS, validatedTemplate.getParameters());
-    assertEquals(PARAMETER_GROUPS, validatedTemplate.getParameterGroups());
-    assertEquals(CONDITIONS, validatedTemplate.getConditions());
-    assertEquals(VERSION, validatedTemplate.getVersion());
+
+    assertEquals(inputTemplate, validatedTemplate);
+  }
+
+  @Test
+  public void testPublishTemplate() throws FirebaseRemoteConfigException {
+    // get template to fetch the active template with correct etag
+    final Template inputTemplate = remoteConfig.getTemplate();
+    final Map<String, Parameter> parameters = getParameters();
+    final Map<String, ParameterGroup> parameterGroups = getParameterGroups();
+    final Version version = getVersion();
+    // modify template
+    inputTemplate.setParameters(parameters)
+            .setParameterGroups(parameterGroups)
+            .setConditions(CONDITIONS)
+            .setVersion(version);
 
     // publish template
     Template publishedTemplate = remoteConfig.publishTemplate(inputTemplate);
+
     assertNotEquals(inputTemplate.getETag(), publishedTemplate.getETag());
-    assertEquals(PARAMETERS, publishedTemplate.getParameters());
-    assertEquals(PARAMETER_GROUPS, publishedTemplate.getParameterGroups());
+    assertEquals(parameters, publishedTemplate.getParameters());
+    assertEquals(parameterGroups, publishedTemplate.getParameterGroups());
     assertEquals(CONDITIONS, publishedTemplate.getConditions());
-    assertNotEquals(VERSION, publishedTemplate.getVersion());
+    assertEquals(version.getDescription(), publishedTemplate.getVersion().getDescription());
+    assertNotEquals(version, publishedTemplate.getVersion());
+  }
+
+  @Test
+  public void testGetTemplate() throws FirebaseRemoteConfigException {
+    // get template to fetch the active template with correct etag
+    // modify and publish a known template to test get template operation.
+    final Template inputTemplate = remoteConfig.getTemplate();
+    final Map<String, Parameter> parameters = getParameters();
+    final Map<String, ParameterGroup> parameterGroups = getParameterGroups();
+    final Version version = getVersion();
+    inputTemplate.setParameters(parameters)
+            .setParameterGroups(parameterGroups)
+            .setConditions(CONDITIONS)
+            .setVersion(version);
+    // publish a known template
+    Template publishedTemplate = remoteConfig.publishTemplate(inputTemplate);
 
     // get template
     Template currentTemplate = remoteConfig.getTemplate();
+
     assertEquals(publishedTemplate, currentTemplate);
+  }
+
+  @Test
+  public void testGetTemplateAtVersion() throws FirebaseRemoteConfigException {
+    // get template to fetch the active template with correct etag
+    // store the template version number
+    // publish a new template to test get template at version operation.
+    final Template previousTemplate = remoteConfig.getTemplate();
+    final String versionNumber = previousTemplate.getVersion().getVersionNumber();
+    final Template inputTemplate = new Template(previousTemplate.getETag());
+    final Map<String, Parameter> parameters = getParameters();
+    final Map<String, ParameterGroup> parameterGroups = getParameterGroups();
+    final Version version = getVersion();
+    inputTemplate.setParameters(parameters)
+            .setParameterGroups(parameterGroups)
+            .setConditions(CONDITIONS)
+            .setVersion(version);
+    // publish a new template
+    Template publishedTemplate = remoteConfig.publishTemplate(inputTemplate);
 
     // get template at version
     Template atVersionTemplate = remoteConfig.getTemplateAtVersion(versionNumber);
-    assertEquals(oldTemplate, atVersionTemplate);
+
+    assertEquals(previousTemplate, atVersionTemplate);
     assertEquals(versionNumber, atVersionTemplate.getVersion().getVersionNumber());
+    assertNotEquals(publishedTemplate, atVersionTemplate);
+  }
+
+  @Test
+  public void testRollbackTemplate() throws FirebaseRemoteConfigException {
+    // get template to fetch the active template with correct etag.
+    // store the template version number to rollback.
+    final Template inputTemplate = remoteConfig.getTemplate();
+    final String versionNumber = inputTemplate.getVersion().getVersionNumber();
+    final Map<String, Parameter> parameters = getParameters();
+    final Map<String, ParameterGroup> parameterGroups = getParameterGroups();
+    final Version version = getVersion();
+    inputTemplate.setParameters(parameters)
+            .setParameterGroups(parameterGroups)
+            .setConditions(CONDITIONS)
+            .setVersion(version);
+    // publish a new template before rolling back to versionNumber
+    Template publishedTemplate = remoteConfig.publishTemplate(inputTemplate);
 
     // rollback template
     Template rolledBackTemplate = remoteConfig.rollback(versionNumber);
+
     assertEquals(String.format("Rollback to version %s", versionNumber),
             rolledBackTemplate.getVersion().getDescription());
 
     // get template to verify rollback
     Template activeTemplate = remoteConfig.getTemplate();
+
     assertEquals(rolledBackTemplate, activeTemplate);
+    assertNotEquals(publishedTemplate, activeTemplate);
   }
 
   @Test
@@ -196,4 +238,36 @@ public void onSuccess(ListVersionsPage result) {
     assertEquals(versions.size(), collected.get());
     assertNull(error.get());
   }
+
+  private Map<String, Parameter> getParameters() {
+    final long timestamp = System.currentTimeMillis();
+    return ImmutableMap.of(
+            "welcome_message_text", new Parameter()
+                    .setDefaultValue(ParameterValue
+                            .of(String.format("welcome to app %s", timestamp)))
+                    .setConditionalValues(ImmutableMap.<String, ParameterValue>of(
+                            "ios_en",
+                            ParameterValue.of(String.format("welcome to app en %s", timestamp))
+                    ))
+                    .setDescription("text for welcome message!"),
+            "header_text", new Parameter()
+                    .setDefaultValue(ParameterValue.inAppDefault()));
+  }
+
+  private Map<String, ParameterGroup> getParameterGroups() {
+    final long timestamp = System.currentTimeMillis();
+    return ImmutableMap.of(
+            "new menu", new ParameterGroup()
+                    .setDescription(String.format("New Menu %s", timestamp))
+                    .setParameters(ImmutableMap.of(
+                            "pumpkin_spice_season", new Parameter()
+                                    .setDefaultValue(ParameterValue.of("true"))
+                                    .setDescription("Whether it's currently pumpkin spice season."))
+                    ));
+  }
+
+  private Version getVersion() {
+    final long timestamp = System.currentTimeMillis();
+    return Version.withDescription(String.format("promo config %s", timestamp));
+  }
 }

From d05cb36f278f66d707184f243cbd7048f7712964 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Thu, 7 Jan 2021 16:42:26 -0800
Subject: [PATCH 040/354] fix(fcm): Gracefully handling non-json error
 responses (#508)

---
 .../firebase/messaging/FirebaseMessagingClientImpl.java   | 2 +-
 .../messaging/FirebaseMessagingClientImplTest.java        | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java b/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java
index 43b9b340b..1271bf98b 100644
--- a/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java
+++ b/src/main/java/com/google/firebase/messaging/FirebaseMessagingClientImpl.java
@@ -307,7 +307,7 @@ private MessagingServiceErrorResponse safeParse(String response) {
         try {
           return jsonFactory.createJsonParser(response)
               .parseAndClose(MessagingServiceErrorResponse.class);
-        } catch (IOException ignore) {
+        } catch (Exception ignore) {
           // Ignore any error that may occur while parsing the error response. The server
           // may have responded with a non-json payload.
         }
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
index 9f8780e89..a64c68d4b 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
@@ -82,7 +82,7 @@ public class FirebaseMessagingClientImplTest {
       .setTopic("test-topic")
       .build();
   private static final List<Message> MESSAGE_LIST = ImmutableList.of(EMPTY_MESSAGE, EMPTY_MESSAGE);
-  
+
   private static final boolean DRY_RUN_ENABLED = true;
   private static final boolean DRY_RUN_DISABLED = false;
 
@@ -100,7 +100,7 @@ public void setUp() {
   @Test
   public void testSend() throws Exception {
     Map<Message, Map<String, Object>> testMessages = buildTestMessages();
-    
+
     for (Map.Entry<Message, Map<String, Object>> entry : testMessages.entrySet()) {
       response.setContent(MOCK_RESPONSE);
       String resp = client.send(entry.getKey(), DRY_RUN_DISABLED);
@@ -200,14 +200,14 @@ public void testSendErrorWithZeroContentResponse() {
   @Test
   public void testSendErrorWithMalformedResponse() {
     for (int code : HTTP_ERRORS) {
-      response.setStatusCode(code).setContent("not json");
+      response.setStatusCode(code).setContent("[not json]");
 
       try {
         client.send(EMPTY_MESSAGE, DRY_RUN_DISABLED);
         fail("No error thrown for HTTP error");
       } catch (FirebaseMessagingException error) {
         checkExceptionFromHttpResponse(error, HTTP_2_ERROR.get(code), null,
-            "Unexpected HTTP response with status: " + code + "\nnot json");
+            "Unexpected HTTP response with status: " + code + "\n[not json]");
       }
       checkRequestHeader(interceptor.getLastRequest());
     }

From 771a8eef94c89f34b426e65edf9ea91a2c2e0492 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Feb 2021 15:06:25 -0800
Subject: [PATCH 041/354] Bump netty.version from 4.1.50.Final to 4.1.59.Final
 (#512)

Bumps `netty.version` from 4.1.50.Final to 4.1.59.Final.

Updates `netty-codec-http` from 4.1.50.Final to 4.1.59.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.50.Final...netty-4.1.59.Final)

Updates `netty-handler` from 4.1.50.Final to 4.1.59.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.50.Final...netty-4.1.59.Final)

Updates `netty-transport` from 4.1.50.Final to 4.1.59.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.50.Final...netty-4.1.59.Final)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c90439f51..d58c6ac31 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.50.Final</netty.version>
+        <netty.version>4.1.59.Final</netty.version>
     </properties>
 
     <scm>

From af6f3d976b7fa18a3a03e7a0eb0ec0ed96e06e34 Mon Sep 17 00:00:00 2001
From: chong-shao <31256040+chong-shao@users.noreply.github.com>
Date: Fri, 19 Feb 2021 10:20:32 -0800
Subject: [PATCH 042/354] Update doc string for dryRun in FCM send methods.
 (#509)

* Update doc string for dryRun in FCM send methods to mention that it cannot be used to validate APNS tokens.
---
 .../firebase/messaging/FirebaseMessaging.java      | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
index a08e8cfaf..95366eaa7 100644
--- a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
+++ b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
@@ -90,7 +90,9 @@ public String send(@NonNull Message message) throws FirebaseMessagingException {
    * Sends the given {@link Message} via Firebase Cloud Messaging.
    *
    * <p>If the {@code dryRun} option is set to true, the message will not be actually sent. Instead
-   * FCM performs all the necessary validations, and emulates the send operation.
+   * FCM performs all the necessary validations and emulates the send operation. The {@code dryRun}
+   * option is useful for determining whether an FCM registration has been deleted. However, it 
+   * cannot be used to validate APNs tokens.
    *
    * @param message A non-null {@link Message} to be sent.
    * @param dryRun a boolean indicating whether to perform a dry run (validation only) of the send.
@@ -161,8 +163,10 @@ public BatchResponse sendAll(
    * send the entire list as a single RPC call. Compared to the {@link #send(Message)} method, this
    * is a significantly more efficient way to send multiple messages.
    *
-   * <p>If the {@code dryRun} option is set to true, the messages will not be actually sent. Instead
-   * FCM performs all the necessary validations, and emulates the send operation.
+   * <p>If the {@code dryRun} option is set to true, the message will not be actually sent. Instead
+   * FCM performs all the necessary validations, and emulates the send operation. The {@code dryRun}
+   * option is useful for determining whether an FCM registration has been deleted. But it cannot be
+   * used to validate APNs tokens.
    *
    * <p>The responses list obtained by calling {@link BatchResponse#getResponses()} on the return
    * value corresponds to the order of input messages.
@@ -227,7 +231,9 @@ public BatchResponse sendMulticast(
    * Sends the given multicast message to all the FCM registration tokens specified in it.
    *
    * <p>If the {@code dryRun} option is set to true, the message will not be actually sent. Instead
-   * FCM performs all the necessary validations, and emulates the send operation.
+   * FCM performs all the necessary validations, and emulates the send operation. The {@code dryRun}
+   * option is useful for determining whether an FCM registration has been deleted. But it cannot be
+   * used to validate APNs tokens.
    *
    * <p>This method uses the {@link #sendAll(List)} API under the hood to send the given
    * message to all the target recipients. The responses list obtained by calling

From d8b1583002d60568106bf4a7ba2d5bcbbb6c0463 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Wed, 10 Mar 2021 10:59:42 -0800
Subject: [PATCH 043/354] [chore] Release 7.1.1 (#518)

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index d58c6ac31..2d7deaa2f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>7.1.0</version>
+    <version>7.1.1</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>
@@ -352,7 +352,7 @@
                             <goal>integration-test</goal>
                             <goal>verify</goal>
                         </goals>
-                    </execution>                    
+                    </execution>
                 </executions>
             </plugin>
 

From 1e26ef3b7ed1d0593591fa1da454a84cd89c72ac Mon Sep 17 00:00:00 2001
From: ssbushi <66321939+ssbushi@users.noreply.github.com>
Date: Fri, 16 Apr 2021 13:36:01 +0000
Subject: [PATCH 044/354] feat(auth): Add auth emulator support (#523)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Add Firebase Auth emulator support - UserManager & TenantClient(#510)

* Adds Firebase Auth emulator support for FirebaseUserManager and FirebaseTenantClient classes.
* Adds tests and minor fixes

* Remove new dependency from tests

* Test integrations on CI

* Add unit tests for Auth emulator support

* Lint fixes

* Add more test

* Fix and clean tests

* Address review comments

* Minor fixes

* More review comment changes

* Final fixes

* Fix typo

Co-authored-by: Agustí Becerra Milà <contact@agustibm.com>
---
 .../firebase/auth/AbstractFirebaseAuth.java   |   5 +-
 .../auth/FirebaseTokenVerifierImpl.java       |  15 +-
 .../firebase/auth/FirebaseUserManager.java    |  14 +-
 .../firebase/auth/internal/CryptoSigners.java |  24 ++
 .../google/firebase/auth/internal/Utils.java  |  34 ++
 .../multitenancy/FirebaseTenantClient.java    |  13 +-
 ...EmulatorFirebaseTokenVerifierImplTest.java | 321 ++++++++++++++++++
 .../firebase/auth/FirebaseAuthTest.java       |  43 +++
 .../firebase/auth/FirebaseTokenUtilsTest.java |  53 ++-
 .../auth/FirebaseTokenVerifierImplTest.java   | 168 +++------
 .../FirebaseTokenVerifierImplTestUtils.java   |  89 +++++
 .../auth/FirebaseUserManagerTest.java         |  35 +-
 .../firebase/auth/TestTokenFactory.java       |  92 +++++
 .../auth/internal/CryptoSignersTest.java      |   8 +
 .../FirebaseTenantClientTest.java             |  25 +-
 15 files changed, 806 insertions(+), 133 deletions(-)
 create mode 100644 src/main/java/com/google/firebase/auth/internal/Utils.java
 create mode 100644 src/test/java/com/google/firebase/auth/EmulatorFirebaseTokenVerifierImplTest.java
 create mode 100644 src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTestUtils.java

diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
index fc9c8df0b..0967aca76 100644
--- a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.firebase.auth.internal.Utils.isEmulatorMode;
 
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.util.Clock;
@@ -309,7 +310,7 @@ protected FirebaseToken execute() throws FirebaseAuthException {
   @VisibleForTesting
   FirebaseTokenVerifier getIdTokenVerifier(boolean checkRevoked) {
     FirebaseTokenVerifier verifier = idTokenVerifier.get();
-    if (checkRevoked) {
+    if (checkRevoked || isEmulatorMode()) {
       FirebaseUserManager userManager = getUserManager();
       verifier = RevocationCheckDecorator.decorateIdTokenVerifier(verifier, userManager);
     }
@@ -389,7 +390,7 @@ public FirebaseToken execute() throws FirebaseAuthException {
   @VisibleForTesting
   FirebaseTokenVerifier getSessionCookieVerifier(boolean checkRevoked) {
     FirebaseTokenVerifier verifier = cookieVerifier.get();
-    if (checkRevoked) {
+    if (checkRevoked || isEmulatorMode()) {
       FirebaseUserManager userManager = getUserManager();
       verifier = RevocationCheckDecorator.decorateSessionCookieVerifier(verifier, userManager);
     }
diff --git a/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java b/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
index bbe741f5b..9a3e1ae15 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java
@@ -29,6 +29,7 @@
 import com.google.common.base.Joiner;
 import com.google.common.base.Strings;
 import com.google.firebase.ErrorCode;
+import com.google.firebase.auth.internal.Utils;
 import com.google.firebase.internal.Nullable;
 import java.io.IOException;
 import java.math.BigDecimal;
@@ -94,9 +95,12 @@ private FirebaseTokenVerifierImpl(Builder builder) {
    */
   @Override
   public FirebaseToken verifyToken(String token) throws FirebaseAuthException {
+    boolean isEmulatorMode = Utils.isEmulatorMode();
     IdToken idToken = parse(token);
-    checkContents(idToken);
-    checkSignature(idToken);
+    checkContents(idToken, isEmulatorMode);
+    if (!isEmulatorMode) {
+      checkSignature(idToken);
+    }
     FirebaseToken firebaseToken = new FirebaseToken(idToken.getPayload());
     checkTenantId(firebaseToken);
     return firebaseToken;
@@ -160,7 +164,8 @@ private void checkSignature(IdToken token) throws FirebaseAuthException {
     }
   }
 
-  private void checkContents(final IdToken idToken) throws FirebaseAuthException {
+  private void checkContents(final IdToken idToken, boolean isEmulatorMode)
+      throws FirebaseAuthException {
     final Header header = idToken.getHeader();
     final Payload payload = idToken.getPayload();
 
@@ -168,9 +173,9 @@ private void checkContents(final IdToken idToken) throws FirebaseAuthException {
     String errorMessage = null;
     AuthErrorCode errorCode = invalidTokenErrorCode;
 
-    if (header.getKeyId() == null) {
+    if (!isEmulatorMode && header.getKeyId() == null) {
       errorMessage = getErrorForTokenWithoutKid(header, payload);
-    } else if (!RS256.equals(header.getAlgorithm())) {
+    } else if (!isEmulatorMode && !RS256.equals(header.getAlgorithm())) {
       errorMessage = String.format(
           "Firebase %s has incorrect algorithm. Expected \"%s\" but got \"%s\".",
           shortName,
diff --git a/src/main/java/com/google/firebase/auth/FirebaseUserManager.java b/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
index 554d0179a..103360cc7 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
@@ -41,6 +41,7 @@
 import com.google.firebase.auth.internal.ListOidcProviderConfigsResponse;
 import com.google.firebase.auth.internal.ListSamlProviderConfigsResponse;
 import com.google.firebase.auth.internal.UploadAccountResponse;
+import com.google.firebase.auth.internal.Utils;
 import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.HttpRequestInfo;
 import com.google.firebase.internal.NonNull;
@@ -72,6 +73,8 @@ final class FirebaseUserManager {
 
   private static final String ID_TOOLKIT_URL =
       "https://identitytoolkit.googleapis.com/%s/projects/%s";
+  private static final String ID_TOOLKIT_URL_EMULATOR =
+          "http://%s/identitytoolkit.googleapis.com/%s/projects/%s";
 
   private final String userMgtBaseUrl;
   private final String idpConfigMgtBaseUrl;
@@ -85,8 +88,8 @@ private FirebaseUserManager(Builder builder) {
             + "set the project ID explicitly via FirebaseOptions. Alternatively you can also "
             + "set the project ID via the GOOGLE_CLOUD_PROJECT environment variable.");
     this.jsonFactory = checkNotNull(builder.jsonFactory, "JsonFactory must not be null");
-    final String idToolkitUrlV1 = String.format(ID_TOOLKIT_URL, "v1", projectId);
-    final String idToolkitUrlV2 = String.format(ID_TOOLKIT_URL, "v2", projectId);
+    final String idToolkitUrlV1 = getIdToolkitUrl(projectId, "v1");
+    final String idToolkitUrlV2 = getIdToolkitUrl(projectId, "v2");
     final String tenantId = builder.tenantId;
     if (tenantId == null) {
       this.userMgtBaseUrl = idToolkitUrlV1;
@@ -100,6 +103,13 @@ private FirebaseUserManager(Builder builder) {
     this.httpClient = new AuthHttpClient(jsonFactory, builder.requestFactory);
   }
 
+  private String getIdToolkitUrl(String projectId, String version) {
+    if (Utils.isEmulatorMode()) {
+      return String.format(ID_TOOLKIT_URL_EMULATOR, Utils.getEmulatorHost(), version, projectId);
+    }
+    return String.format(ID_TOOLKIT_URL, version, projectId);
+  }
+
   @VisibleForTesting
   void setInterceptor(HttpResponseInterceptor interceptor) {
     httpClient.setInterceptor(interceptor);
diff --git a/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java b/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java
index f167b09a0..543f955c3 100644
--- a/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java
+++ b/src/main/java/com/google/firebase/auth/internal/CryptoSigners.java
@@ -22,6 +22,7 @@
 import com.google.firebase.FirebaseException;
 import com.google.firebase.ImplFirebaseTrampolines;
 import com.google.firebase.auth.FirebaseAuthException;
+import com.google.firebase.auth.internal.Utils;
 import com.google.firebase.internal.AbstractPlatformErrorHandler;
 import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.ErrorHandlingHttpClient;
@@ -108,6 +109,25 @@ public String getAccount() {
     }
   }
 
+  /**
+   * A {@link CryptoSigner} implementation that doesn't sign data. For use with the Auth Emulator
+   * only
+   */
+  public static class EmulatorCryptoSigner implements CryptoSigner {
+
+    private static final String ACCOUNT = "firebase-auth-emulator@example.com";
+
+    @Override
+    public byte[] sign(byte[] payload) {
+      return "".getBytes();
+    }
+
+    @Override
+    public String getAccount() {
+      return ACCOUNT;
+    }
+  }
+
   private static class IAMErrorHandler
       extends AbstractPlatformErrorHandler<FirebaseAuthException> {
 
@@ -126,6 +146,10 @@ protected FirebaseAuthException createException(FirebaseException base) {
    * documented at go/firebase-admin-sign.
    */
   public static CryptoSigner getCryptoSigner(FirebaseApp firebaseApp) throws IOException {
+    if (Utils.isEmulatorMode()) {
+      return new EmulatorCryptoSigner();
+    }
+
     GoogleCredentials credentials = ImplFirebaseTrampolines.getCredentials(firebaseApp);
 
     // If the SDK was initialized with a service account, use it to sign bytes.
diff --git a/src/main/java/com/google/firebase/auth/internal/Utils.java b/src/main/java/com/google/firebase/auth/internal/Utils.java
new file mode 100644
index 000000000..487892df3
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/internal/Utils.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright  2021 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
+
+public class Utils {
+  @VisibleForTesting
+  public static final String AUTH_EMULATOR_HOST = "FIREBASE_AUTH_EMULATOR_HOST";
+
+  public static boolean isEmulatorMode() {
+    return !Strings.isNullOrEmpty(getEmulatorHost());
+  }
+
+  public static String getEmulatorHost() {
+    return System.getenv(AUTH_EMULATOR_HOST);
+  }
+
+}
diff --git a/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java b/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java
index 5b776a49a..56ef04eb7 100644
--- a/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java
+++ b/src/main/java/com/google/firebase/auth/multitenancy/FirebaseTenantClient.java
@@ -31,6 +31,7 @@
 import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.auth.internal.AuthHttpClient;
 import com.google.firebase.auth.internal.ListTenantsResponse;
+import com.google.firebase.auth.internal.Utils;
 import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.HttpRequestInfo;
 import java.util.Map;
@@ -42,6 +43,9 @@ final class FirebaseTenantClient {
   private static final String ID_TOOLKIT_URL =
       "https://identitytoolkit.googleapis.com/%s/projects/%s";
 
+  private static final String ID_TOOLKIT_URL_EMULATOR =
+          "http://%s/identitytoolkit.googleapis.com/%s/projects/%s";
+
   private final String tenantMgtBaseUrl;
   private final AuthHttpClient httpClient;
 
@@ -58,10 +62,17 @@ final class FirebaseTenantClient {
         "Project ID is required to access the auth service. Use a service account credential or "
             + "set the project ID explicitly via FirebaseOptions. Alternatively you can also "
             + "set the project ID via the GOOGLE_CLOUD_PROJECT environment variable.");
-    this.tenantMgtBaseUrl = String.format(ID_TOOLKIT_URL, "v2", projectId);
+    this.tenantMgtBaseUrl = getTenantMgtBaseUrl(projectId);
     this.httpClient = new AuthHttpClient(jsonFactory, requestFactory);
   }
 
+  private String getTenantMgtBaseUrl(String projectId) {
+    if (Utils.isEmulatorMode()) {
+      return String.format(ID_TOOLKIT_URL_EMULATOR, Utils.getEmulatorHost(), "v2", projectId);
+    }
+    return String.format(ID_TOOLKIT_URL, "v2", projectId);
+  }
+
   void setInterceptor(HttpResponseInterceptor interceptor) {
     httpClient.setInterceptor(interceptor);
   }
diff --git a/src/test/java/com/google/firebase/auth/EmulatorFirebaseTokenVerifierImplTest.java b/src/test/java/com/google/firebase/auth/EmulatorFirebaseTokenVerifierImplTest.java
new file mode 100644
index 000000000..0cc12c6f9
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/EmulatorFirebaseTokenVerifierImplTest.java
@@ -0,0 +1,321 @@
+/*
+ * Copyright  2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.TEST_TOKEN_ISSUER;
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.checkInvalidTokenException;
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.fullyPopulatedBuilder;
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.newPublicKeysManager;
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.newTestTokenVerifier;
+import static com.google.firebase.auth.internal.Utils.AUTH_EMULATOR_HOST;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.testing.ServiceAccount;
+import com.google.firebase.testing.TestUtils;
+import java.util.concurrent.TimeUnit;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+public class EmulatorFirebaseTokenVerifierImplTest {
+  private FirebaseTokenVerifier tokenVerifier;
+  private TestTokenFactory tokenFactory;
+
+  @Before
+  public void setUp() throws Exception {
+    // Set the Auth Emulator host prior to initialization
+    TestUtils.setEnvironmentVariables(ImmutableMap.of(AUTH_EMULATOR_HOST, "localhost:9099"));
+    ServiceAccount serviceAccount = ServiceAccount.EDITOR;
+    GooglePublicKeysManager publicKeysManager = newPublicKeysManager(serviceAccount.getCert());
+    this.tokenVerifier = newTestTokenVerifier(publicKeysManager);
+    this.tokenFactory = new TestTokenFactory(serviceAccount.getPrivateKey(), TEST_TOKEN_ISSUER);
+  }
+
+  @After
+  public void tearDown() {
+    TestUtils.unsetEnvironmentVariables(ImmutableSet.of(AUTH_EMULATOR_HOST));
+  }
+
+  @Test
+  public void testVerifyToken() throws Exception {
+    String token = tokenFactory.createUnsignedTokenForEmulator();
+
+    FirebaseToken firebaseToken = tokenVerifier.verifyToken(token);
+
+    assertEquals(TEST_TOKEN_ISSUER, firebaseToken.getIssuer());
+    assertEquals(TestTokenFactory.UID, firebaseToken.getUid());
+  }
+
+  @Test
+  public void testVerifyTokenWithoutKeyId() throws Exception {
+    String token = createTokenWithoutKeyId();
+
+    // Should not throw, even if missing kid
+    tokenVerifier.verifyToken(token);
+  }
+
+  @Test
+  public void testVerifyTokenIncorrectAlgorithm() throws Exception {
+    String token = createTokenWithIncorrectAlgorithm();
+
+    // Should not throw, even if missing algorithm
+    tokenVerifier.verifyToken(token);
+  }
+
+  @Test
+  public void testVerifyTokenWithoutAlgorithm() throws Exception {
+    String token = createTokenWithoutAlgorithm();
+
+    // Should not throw, even if algorithm is none
+    tokenVerifier.verifyToken(token);
+  }
+
+  @Test
+  public void testVerifyTokenIncorrectAudience() {
+    String token = createTokenWithIncorrectAudience();
+
+    try {
+      tokenVerifier.verifyToken(token);
+      fail("No error thrown for incorrect audience");
+    } catch (FirebaseAuthException e) {
+      String message = String.format("Firebase test token has incorrect \"aud\" (audience) claim. "
+              + "Expected \"%s\" but got \"invalid-audience\". "
+              + "Make sure the test token comes from the same Firebase project as the service "
+              + "account used to authenticate this SDK. "
+              + "See https://test.doc.url for details on how to retrieve a test token.",
+          TestTokenFactory.PROJECT_ID);
+      checkInvalidTokenException(e, message);
+    }
+  }
+
+  @Test
+  public void testVerifyTokenIncorrectIssuer() {
+    String token = createTokenWithIncorrectIssuer();
+
+    try {
+      tokenVerifier.verifyToken(token);
+      fail("No error thrown for incorrect issuer");
+    } catch (FirebaseAuthException e) {
+      String message = String.format("Firebase test token has incorrect \"iss\" (issuer) claim. "
+              + "Expected \"%s\" but got "
+              + "\"https://incorrect.issuer.prefix/%s\". Make sure the test token comes "
+              + "from the same Firebase project as the service account used to authenticate this "
+              + "SDK. See https://test.doc.url for details on how to retrieve a test token.",
+          TEST_TOKEN_ISSUER, TestTokenFactory.PROJECT_ID);
+      checkInvalidTokenException(e, message);
+    }
+  }
+
+  @Test
+  public void testVerifyTokenMissingSubject() {
+    String token = createTokenWithSubject(null);
+
+    try {
+      tokenVerifier.verifyToken(token);
+      fail("No error thrown for missing subject");
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has no \"sub\" (subject) claim. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
+  }
+
+  @Test
+  public void testVerifyTokenEmptySubject() {
+    String token = createTokenWithSubject("");
+
+    try {
+      tokenVerifier.verifyToken(token);
+      fail("No error thrown for empty subject");
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has an empty string \"sub\" (subject) claim. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
+  }
+
+  @Test
+  public void testVerifyTokenLongSubject() {
+    String token = createTokenWithSubject(Strings.repeat("a", 129));
+
+    try {
+      tokenVerifier.verifyToken(token);
+      fail("No error thrown for long subject");
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has \"sub\" (subject) claim longer "
+          + "than 128 characters. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
+  }
+
+  @Test
+  public void testVerifyTokenIssuedAtInFuture() {
+    long tenMinutesIntoTheFuture = (TestTokenFactory.CLOCK.currentTimeMillis() / 1000)
+        + TimeUnit.MINUTES.toSeconds(10);
+    String token = createTokenWithTimestamps(
+        tenMinutesIntoTheFuture,
+        tenMinutesIntoTheFuture + TimeUnit.HOURS.toSeconds(1));
+
+    try {
+      tokenVerifier.verifyToken(token);
+      fail("No error thrown for token issued in future");
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token is not yet valid. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
+  }
+
+  @Test
+  public void testVerifyTokenExpired() {
+    long twoHoursInPast = (TestTokenFactory.CLOCK.currentTimeMillis() / 1000)
+        - TimeUnit.HOURS.toSeconds(2);
+    String token = createTokenWithTimestamps(
+        twoHoursInPast,
+        twoHoursInPast + TimeUnit.HOURS.toSeconds(1));
+
+    try {
+      tokenVerifier.verifyToken(token);
+      fail("No error thrown for expired token");
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has expired. "
+          + "Get a fresh test token and try again. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      FirebaseTokenVerifierImplTestUtils.checkException(e, message, AuthErrorCode.EXPIRED_ID_TOKEN);
+    }
+  }
+
+  @Test
+  public void testWithMalformedSignature() throws FirebaseAuthException {
+    String token = tokenFactory.createUnsignedTokenForEmulator();
+    String[] segments = token.split("\\.");
+    token = String.format("%s.%s.%s", segments[0], segments[1], "MalformedSignature");
+
+    // No need to assert. verifyToken should not throw
+    tokenVerifier.verifyToken(token);
+  }
+
+  @Test
+  public void testMalformedToken() {
+    try {
+      tokenVerifier.verifyToken("not.a.jwt");
+      fail("No error thrown for malformed token");
+    } catch (FirebaseAuthException e) {
+      String message = "Failed to parse Firebase test token. "
+          + "Make sure you passed a string that represents a complete and valid JWT. "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals(message, e.getMessage());
+      assertTrue(e.getCause() instanceof IllegalArgumentException);
+      assertNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.INVALID_ID_TOKEN, e.getAuthErrorCode());
+    }
+  }
+
+  @Test
+  public void testVerifyTokenWithTenantId() throws FirebaseAuthException {
+    FirebaseToken firebaseToken = tokenVerifier
+        .verifyToken(createTokenWithTenantId("TENANT_1"));
+
+    assertEquals(TEST_TOKEN_ISSUER, firebaseToken.getIssuer());
+    assertEquals(TestTokenFactory.UID, firebaseToken.getUid());
+    assertEquals("TENANT_1", firebaseToken.getTenantId());
+  }
+
+  @Test
+  public void testVerifyTokenWithMatchingTenantId() throws FirebaseAuthException {
+    FirebaseToken firebaseToken = fullyPopulatedBuilder()
+        .setTenantId("TENANT_1")
+        .build().verifyToken(createTokenWithTenantId("TENANT_1"));
+
+    assertEquals(TEST_TOKEN_ISSUER, firebaseToken.getIssuer());
+    assertEquals(TestTokenFactory.UID, firebaseToken.getUid());
+    assertEquals("TENANT_1", firebaseToken.getTenantId());
+  }
+
+  @Test
+  public void testVerifyTokenDifferentTenantIds() {
+    try {
+      fullyPopulatedBuilder()
+          .setTenantId("TENANT_1")
+          .build().verifyToken(createTokenWithTenantId("TENANT_2"));
+      fail("No error thrown for mismatched tenant IDs");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
+      assertEquals(
+          "The tenant ID ('TENANT_2') of the token did not match the expected value ('TENANT_1')",
+          e.getMessage());
+    }
+  }
+
+  @Test
+  public void testVerifyTokenNoTenantId() {
+    try {
+      fullyPopulatedBuilder()
+          .setTenantId("TENANT_1")
+          .build()
+          .verifyToken(tokenFactory.createUnsignedTokenForEmulator());
+      fail("No error thrown for missing tenant ID in token");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
+      assertEquals(
+          "The tenant ID ('') of the token did not match the expected value ('TENANT_1')",
+          e.getMessage());
+    }
+  }
+
+  private String createTokenWithIncorrectAudience() {
+    return tokenFactory.createTokenWithIncorrectAudience(true);
+  }
+
+  private String createTokenWithoutKeyId() {
+    return tokenFactory.createTokenWithoutKeyId(true);
+  }
+
+  private String createTokenWithIncorrectAlgorithm() {
+    return tokenFactory.createTokenWithIncorrectAlgorithm(true);
+  }
+
+  private String createTokenWithoutAlgorithm() {
+    return tokenFactory.createTokenWithoutAlgorithm(true);
+  }
+
+  private String createTokenWithIncorrectIssuer() {
+    return tokenFactory.createTokenWithIncorrectIssuer(true);
+  }
+
+  private String createTokenWithSubject(String sub) {
+    return tokenFactory.createTokenWithSubject(sub, true);
+  }
+
+  private String createTokenWithTenantId(String tenantId) {
+    return tokenFactory.createTokenWithTenantId(tenantId, true);
+  }
+
+  private String createTokenWithTimestamps(long issuedAtSeconds, long expirationSeconds) {
+    return tokenFactory.createTokenWithTimestamps(issuedAtSeconds, expirationSeconds, true);
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
index bd7aa0ff8..d385e7e4e 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
@@ -31,6 +31,7 @@
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import com.google.firebase.ErrorCode;
 
 import com.google.firebase.FirebaseApp;
@@ -56,9 +57,12 @@ public class FirebaseAuthTest {
       ErrorCode.INVALID_ARGUMENT, "Test error message", null, null, null);
   private static final long VALID_SINCE = 1494364393;
   private static final String TEST_USER = "testUser";
+  private static final String AUTH_EMULATOR = "localhost:9099";
 
   @After
   public void cleanup() {
+    // Cleanup for tests on Auth Emulator
+    TestUtils.unsetEnvironmentVariables(ImmutableSet.of("FIREBASE_AUTH_EMULATOR_HOST"));
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
   }
 
@@ -262,6 +266,45 @@ public void testVerifyIdTokenWithRevocationCheckFailure() {
     assertEquals("idtoken", tokenVerifier.getLastTokenString());
   }
 
+  @Test
+  public void testVerifyIdTokenWithEmulator() throws Exception {
+    // Enable emulator mode
+    TestUtils.setEnvironmentVariables(
+        ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
+        getFirebaseToken(VALID_SINCE + 1000));
+    FirebaseAuth auth = getAuthForIdTokenVerificationWithRevocationCheck(tokenVerifier);
+
+    FirebaseToken firebaseToken = auth.verifyIdToken("idtoken", false);
+
+    assertEquals("testUser", firebaseToken.getUid());
+    assertEquals("idtoken", tokenVerifier.getLastTokenString());
+  }
+
+  @Test
+  public void testVerifyIdTokenFailureWithEmulator() {
+    // Enable emulator mode
+    TestUtils.setEnvironmentVariables(
+        ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
+        getFirebaseToken(VALID_SINCE - 1000));
+    FirebaseAuth auth = getAuthForIdTokenVerificationWithRevocationCheck(tokenVerifier);
+
+    try {
+      // Should throw if token is revoked, even if checkRevoked is false.
+      auth.verifyIdToken("idtoken", false);
+      fail("No error thrown for revoked ID token");
+    } catch (FirebaseAuthException e) {
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals("Firebase id token is revoked.", e.getMessage());
+      assertNull(e.getCause());
+      assertNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.REVOKED_ID_TOKEN, e.getAuthErrorCode());
+    }
+
+    assertEquals("idtoken", tokenVerifier.getLastTokenString());
+  }
+
   @Test
   public void testVerifyIdTokenFailure() {
     MockTokenVerifier tokenVerifier = MockTokenVerifier.fromException(testException);
diff --git a/src/test/java/com/google/firebase/auth/FirebaseTokenUtilsTest.java b/src/test/java/com/google/firebase/auth/FirebaseTokenUtilsTest.java
index f452091fc..ccc1ad6a9 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseTokenUtilsTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseTokenUtilsTest.java
@@ -27,10 +27,13 @@
 import com.google.api.client.testing.http.FixedClock;
 import com.google.api.client.util.Clock;
 import com.google.auth.oauth2.GoogleCredentials;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
+import com.google.firebase.testing.TestUtils;
 import org.junit.After;
 import org.junit.Rule;
 import org.junit.Test;
@@ -41,12 +44,14 @@ public class FirebaseTokenUtilsTest {
   private static final Clock CLOCK = new FixedClock(2002000L * 1000);
   private static final String TEST_PROJECT_ID = "test-project-id";
   private static final GoogleCredentials MOCK_CREDENTIALS = GoogleCredentials.create(null);
+  private static final String AUTH_EMULATOR = "localhost:9099";
 
   @Rule
   public ExpectedException thrown = ExpectedException.none();
 
   @After
   public void tearDown() {
+    TestUtils.unsetEnvironmentVariables(ImmutableSet.of("FIREBASE_AUTH_EMULATOR_HOST"));
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
   }
 
@@ -57,8 +62,8 @@ public void testCreateIdTokenVerifier() {
         .setProjectId(TEST_PROJECT_ID)
         .build());
 
-    FirebaseTokenVerifierImpl idTokenVerifier = FirebaseTokenUtils.createIdTokenVerifier(
-        app, CLOCK);
+    FirebaseTokenVerifierImpl idTokenVerifier =
+        FirebaseTokenUtils.createIdTokenVerifier(app, CLOCK);
 
     assertEquals("verifyIdToken()", idTokenVerifier.getMethod());
     assertEquals("ID token", idTokenVerifier.getShortName());
@@ -72,6 +77,26 @@ public void testCreateIdTokenVerifier() {
         "https://securetoken.google.com/test-project-id");
   }
 
+  @Test
+  public void testCreateIdTokenVerifierForEmulator() {
+    TestUtils.setEnvironmentVariables(
+        ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .setProjectId(TEST_PROJECT_ID)
+        .build());
+
+    FirebaseTokenVerifierImpl emulatorVerifier =
+        FirebaseTokenUtils.createIdTokenVerifier(app, CLOCK);
+
+    assertEquals("ID token", emulatorVerifier.getShortName());
+    assertEquals("an ID token", emulatorVerifier.getArticledShortName());
+    assertEquals("https://firebase.google.com/docs/auth/admin/verify-id-tokens",
+        emulatorVerifier.getDocUrl());
+    verifyJwtVerifier(emulatorVerifier.getIdTokenVerifier(),
+        "https://securetoken.google.com/test-project-id");
+  }
+
   @Test
   public void testCreateIdTokenVerifierWithoutProjectId() {
     FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
@@ -89,8 +114,8 @@ public void testSessionCookieVerifier() {
         .setProjectId(TEST_PROJECT_ID)
         .build());
 
-    FirebaseTokenVerifierImpl cookieVerifier = FirebaseTokenUtils.createSessionCookieVerifier(
-        app, CLOCK);
+    FirebaseTokenVerifierImpl cookieVerifier =
+        FirebaseTokenUtils.createSessionCookieVerifier(app, CLOCK);
 
     assertEquals("verifySessionCookie()", cookieVerifier.getMethod());
     assertEquals("session cookie", cookieVerifier.getShortName());
@@ -103,6 +128,26 @@ public void testSessionCookieVerifier() {
         "https://session.firebase.google.com/test-project-id");
   }
 
+  @Test
+  public void testSessionCookieVerifierForEmulator() {
+    TestUtils.setEnvironmentVariables(
+        ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .setProjectId(TEST_PROJECT_ID)
+        .build());
+
+    FirebaseTokenVerifierImpl emulatorCookieVerifier =
+        FirebaseTokenUtils.createSessionCookieVerifier(app, CLOCK);
+
+    assertEquals("session cookie", emulatorCookieVerifier.getShortName());
+    assertEquals("a session cookie", emulatorCookieVerifier.getArticledShortName());
+    assertEquals("https://firebase.google.com/docs/auth/admin/manage-cookies",
+        emulatorCookieVerifier.getDocUrl());
+    verifyJwtVerifier(emulatorCookieVerifier.getIdTokenVerifier(),
+        "https://session.firebase.google.com/test-project-id");
+  }
+
   @Test
   public void testCreateSessionCookieVerifierWithoutProjectId() {
     FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
diff --git a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
index 189cb223e..d02d2b5da 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java
@@ -16,28 +16,28 @@
 
 package com.google.firebase.auth;
 
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.TEST_TOKEN_ISSUER;
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.checkException;
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.checkInvalidTokenException;
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.fullyPopulatedBuilder;
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.newPublicKeysManager;
+import static com.google.firebase.auth.FirebaseTokenVerifierImplTestUtils.newTestTokenVerifier;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
-import com.google.api.client.auth.openidconnect.IdTokenVerifier;
 import com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager;
-import com.google.api.client.http.HttpTransport;
 import com.google.api.client.http.LowLevelHttpRequest;
 import com.google.api.client.json.webtoken.JsonWebSignature;
 import com.google.api.client.json.webtoken.JsonWebToken.Payload;
 import com.google.api.client.testing.http.MockHttpTransport;
-import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableMap;
 import com.google.firebase.ErrorCode;
 import com.google.firebase.testing.ServiceAccount;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.util.concurrent.TimeUnit;
-
-import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -54,8 +54,6 @@ public class FirebaseTokenVerifierImplTest {
           + "-P1wie318In0sInYiOjAsImlhdCI6MTQ4MDk4Mj"
           + "U2NH0.ZWEpoHgIPCAz8Q-cNFBS8jiqClTJ3j27yuRkQo-QxyI";
 
-  private static final String TEST_TOKEN_ISSUER = "https://test.token.issuer";
-
   private FirebaseTokenVerifier tokenVerifier;
   private TestTokenFactory tokenFactory;
 
@@ -83,6 +81,7 @@ public void testVerifyTokenWithoutKeyId() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for missing kid");
     } catch (FirebaseAuthException e) {
       String message = "Firebase test token has no \"kid\" claim. "
           + "See https://test.doc.url for details on how to retrieve a test token.";
@@ -96,6 +95,7 @@ public void testVerifyTokenFirebaseCustomToken() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for passing custom token");
     } catch (FirebaseAuthException e) {
       String message = "verifyTestToken() expects a test token, but was given a custom token. "
           + "See https://test.doc.url for details on how to retrieve a test token.";
@@ -109,6 +109,7 @@ public void testVerifyTokenIncorrectAlgorithm() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for incorrect alg");
     } catch (FirebaseAuthException e) {
       String message = "Firebase test token has incorrect algorithm. "
           + "Expected \"RS256\" but got \"HSA\". "
@@ -117,12 +118,28 @@ public void testVerifyTokenIncorrectAlgorithm() {
     }
   }
 
+  @Test
+  public void testVerifyTokenWithoutAlgorithm() {
+    String token = createTokenWithoutAlgorithm();
+
+    try {
+      tokenVerifier.verifyToken(token);
+      fail("No error thrown for alg: 'none'");
+    } catch (FirebaseAuthException e) {
+      String message = "Firebase test token has incorrect algorithm. "
+          + "Expected \"RS256\" but got \"none\". "
+          + "See https://test.doc.url for details on how to retrieve a test token.";
+      checkInvalidTokenException(e, message);
+    }
+  }
+
   @Test
   public void testVerifyTokenIncorrectAudience() {
     String token = createTokenWithIncorrectAudience();
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for incorrect audience");
     } catch (FirebaseAuthException e) {
       String message = "Firebase test token has incorrect \"aud\" (audience) claim. "
           + "Expected \"proj-test-101\" but got \"invalid-audience\". "
@@ -139,6 +156,7 @@ public void testVerifyTokenIncorrectIssuer() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for incorrect issuer");
     } catch (FirebaseAuthException e) {
       String message = "Firebase test token has incorrect \"iss\" (issuer) claim. "
           + "Expected \"https://test.token.issuer\" but got "
@@ -155,6 +173,7 @@ public void testVerifyTokenMissingSubject() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for missing subject");
     } catch (FirebaseAuthException e) {
       String message = "Firebase test token has no \"sub\" (subject) claim. "
           + "See https://test.doc.url for details on how to retrieve a test token.";
@@ -168,6 +187,7 @@ public void testVerifyTokenEmptySubject() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for empty subject");
     } catch (FirebaseAuthException e) {
       String message = "Firebase test token has an empty string \"sub\" (subject) claim. "
           + "See https://test.doc.url for details on how to retrieve a test token.";
@@ -181,6 +201,7 @@ public void testVerifyTokenLongSubject() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for very long subject");
     } catch (FirebaseAuthException e) {
       String message = "Firebase test token has \"sub\" (subject) claim longer "
           + "than 128 characters. "
@@ -199,6 +220,7 @@ public void testVerifyTokenIssuedAtInFuture() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for token issued in the future");
     } catch (FirebaseAuthException e) {
       String message = "Firebase test token is not yet valid. "
           + "See https://test.doc.url for details on how to retrieve a test token.";
@@ -216,6 +238,7 @@ public void testVerifyTokenExpired() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for expired token");
     } catch (FirebaseAuthException e) {
       String message = "Firebase test token has expired. "
           + "Get a fresh test token and try again. "
@@ -233,6 +256,7 @@ public void testVerifyTokenSignatureMismatch() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for mismatched signature");
     } catch (FirebaseAuthException e) {
       String message = "Failed to verify the signature of Firebase test token. "
           + "See https://test.doc.url for details on how to retrieve a test token.";
@@ -248,6 +272,7 @@ public void testMalformedCert() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for malformed cert");
     } catch (FirebaseAuthException e) {
       String message = "Error while fetching public key certificates: Could not parse certificate";
       assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
@@ -272,7 +297,7 @@ public LowLevelHttpRequest buildRequest(String method, String url) throws IOExce
 
     try {
       idTokenVerifier.verifyToken(token);
-      Assert.fail("No exception thrown");
+      fail("No error thrown for failing to fetch certificate");
     } catch (FirebaseAuthException e) {
       String message = "Error while fetching public key certificates: Expected error";
       assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
@@ -291,6 +316,7 @@ public void testMalformedSignature() {
 
     try {
       tokenVerifier.verifyToken(token);
+      fail("No error thrown for malformed signature");
     } catch (FirebaseAuthException e) {
       String message = "Failed to verify the signature of Firebase test token. "
           + "See https://test.doc.url for details on how to retrieve a test token.";
@@ -302,6 +328,7 @@ public void testMalformedSignature() {
   public void testLegacyCustomToken() {
     try {
       tokenVerifier.verifyToken(LEGACY_CUSTOM_TOKEN);
+      fail("No error thrown for passing legacy token");
     } catch (FirebaseAuthException e) {
       String message = "verifyTestToken() expects a test token, but was given a "
           + "legacy custom token. "
@@ -314,6 +341,7 @@ public void testLegacyCustomToken() {
   public void testMalformedToken() {
     try {
       tokenVerifier.verifyToken("not.a.jwt");
+      fail("No error thrown for malformed token");
     } catch (FirebaseAuthException e) {
       String message = "Failed to parse Firebase test token. "
           + "Make sure you passed a string that represents a complete and valid JWT. "
@@ -359,6 +387,7 @@ public void testVerifyTokenDifferentTenantIds() {
 
     try {
       verifier.verifyToken(token);
+      fail("No error thrown for mismatched tenant IDs");
     } catch (FirebaseAuthException e) {
       assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
       assertEquals(
@@ -376,6 +405,7 @@ public void testVerifyTokenNoTenantId() {
 
     try {
       verifier.verifyToken(token);
+      fail("No error thrown for missing tenant ID");
     } catch (FirebaseAuthException e) {
       assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
       assertEquals(
@@ -384,35 +414,6 @@ public void testVerifyTokenNoTenantId() {
     }
   }
 
-  @Test
-  public void testVerifyTokenMissingTenantId() {
-    try {
-      fullyPopulatedBuilder()
-        .setTenantId("TENANT_ID")
-        .build()
-        .verifyToken(tokenFactory.createToken());
-    } catch (FirebaseAuthException e) {
-      assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
-      assertEquals(
-          "The tenant ID ('') of the token did not match the expected value ('TENANT_ID')",
-          e.getMessage());
-    }
-  }
-
-  @Test
-  public void testVerifyTokenUnexpectedTenantId() {
-    try {
-      fullyPopulatedBuilder()
-        .build()
-        .verifyToken(createTokenWithTenantId("TENANT_ID"));
-    } catch (FirebaseAuthException e) {
-      assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
-      assertEquals(
-          "The tenant ID ('TENANT_ID') of the token did not match the expected value ('')",
-          e.getMessage());
-    }
-  }
-
   @Test(expected = NullPointerException.class)
   public void testBuilderNoPublicKeysManager() {
     fullyPopulatedBuilder().setPublicKeysManager(null).build();
@@ -443,60 +444,12 @@ public void testBuilderNoDocUrl() {
     fullyPopulatedBuilder().setDocUrl(null).build();
   }
 
-  private GooglePublicKeysManager newPublicKeysManager(String certificate) {
-    String serviceAccountCertificates =
-        String.format("{\"%s\" : \"%s\"}", TestTokenFactory.PRIVATE_KEY_ID, certificate);
-    HttpTransport transport = new MockHttpTransport.Builder()
-        .setLowLevelHttpResponse(
-            new MockLowLevelHttpResponse().setContent(serviceAccountCertificates))
-        .build();
-    return newPublicKeysManager(transport);
-  }
-
-  private GooglePublicKeysManager newPublicKeysManager(HttpTransport transport) {
-    return new GooglePublicKeysManager.Builder(
-        transport, FirebaseTokenUtils.UNQUOTED_CTRL_CHAR_JSON_FACTORY)
-        .setClock(TestTokenFactory.CLOCK)
-        .setPublicCertsEncodedUrl("https://test.cert.url")
-        .build();
-  }
-
-  private FirebaseTokenVerifier newTestTokenVerifier(GooglePublicKeysManager publicKeysManager) {
-    return fullyPopulatedBuilder()
-        .setPublicKeysManager(publicKeysManager)
-        .build();
-  }
-
-  private FirebaseTokenVerifierImpl.Builder fullyPopulatedBuilder() {
-    return FirebaseTokenVerifierImpl.builder()
-        .setShortName("test token")
-        .setMethod("verifyTestToken()")
-        .setDocUrl("https://test.doc.url")
-        .setJsonFactory(TestTokenFactory.JSON_FACTORY)
-        .setPublicKeysManager(newPublicKeysManager(ServiceAccount.EDITOR.getCert()))
-        .setInvalidTokenErrorCode(AuthErrorCode.INVALID_ID_TOKEN)
-        .setExpiredTokenErrorCode(AuthErrorCode.EXPIRED_ID_TOKEN)
-        .setIdTokenVerifier(newIdTokenVerifier());
-  }
-
-  private IdTokenVerifier newIdTokenVerifier() {
-    return new IdTokenVerifier.Builder()
-          .setClock(TestTokenFactory.CLOCK)
-          .setAudience(ImmutableList.of(TestTokenFactory.PROJECT_ID))
-          .setIssuer(TEST_TOKEN_ISSUER)
-          .build();
-  }
-
   private String createTokenWithoutKeyId() {
-    JsonWebSignature.Header header = tokenFactory.createHeader();
-    header.setKeyId(null);
-    return tokenFactory.createToken(header);
+    return tokenFactory.createTokenWithoutKeyId(false);
   }
 
   private String createTokenWithSubject(String sub) {
-    Payload payload = tokenFactory.createTokenPayload();
-    payload.setSubject(sub);
-    return tokenFactory.createToken(payload);
+    return tokenFactory.createTokenWithSubject(sub, false);
   }
 
   private String createCustomToken() {
@@ -508,45 +461,26 @@ private String createCustomToken() {
   }
 
   private String createTokenWithIncorrectAlgorithm() {
-    JsonWebSignature.Header header = tokenFactory.createHeader();
-    header.setAlgorithm("HSA");
-    return tokenFactory.createToken(header);
+    return tokenFactory.createTokenWithIncorrectAlgorithm(false);
+  }
+
+  private String createTokenWithoutAlgorithm() {
+    return tokenFactory.createTokenWithoutAlgorithm(false);
   }
 
   private String createTokenWithIncorrectAudience() {
-    Payload payload = tokenFactory.createTokenPayload();
-    payload.setAudience("invalid-audience");
-    return tokenFactory.createToken(payload);
+    return tokenFactory.createTokenWithIncorrectAudience(false);
   }
 
   private String createTokenWithIncorrectIssuer() {
-    Payload payload = tokenFactory.createTokenPayload();
-    payload.setIssuer("https://incorrect.issuer.prefix/" + TestTokenFactory.PROJECT_ID);
-    return tokenFactory.createToken(payload);
+    return tokenFactory.createTokenWithIncorrectIssuer(false);
   }
 
   private String createTokenWithTimestamps(long issuedAtSeconds, long expirationSeconds) {
-    Payload payload = tokenFactory.createTokenPayload();
-    payload.setIssuedAtTimeSeconds(issuedAtSeconds);
-    payload.setExpirationTimeSeconds(expirationSeconds);
-    return tokenFactory.createToken(payload);
-  }
-
-  private void checkInvalidTokenException(FirebaseAuthException e, String message) {
-    checkException(e, message, AuthErrorCode.INVALID_ID_TOKEN);
-  }
-
-  private void checkException(FirebaseAuthException e, String message, AuthErrorCode errorCode) {
-    assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
-    assertEquals(message, e.getMessage());
-    assertNull(e.getCause());
-    assertNull(e.getHttpResponse());
-    assertEquals(errorCode, e.getAuthErrorCode());
+    return tokenFactory.createTokenWithTimestamps(issuedAtSeconds, expirationSeconds, false);
   }
 
   private String createTokenWithTenantId(String tenantId) {
-    Payload payload = tokenFactory.createTokenPayload();
-    payload.set("firebase", ImmutableMap.of("tenant", tenantId));
-    return tokenFactory.createToken(payload);
+    return tokenFactory.createTokenWithTenantId(tenantId, false);
   }
 }
diff --git a/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTestUtils.java b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTestUtils.java
new file mode 100644
index 000000000..5f2331552
--- /dev/null
+++ b/src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTestUtils.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
+import com.google.api.client.auth.openidconnect.IdTokenVerifier;
+import com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager;
+import com.google.api.client.http.HttpTransport;
+import com.google.api.client.testing.http.MockHttpTransport;
+import com.google.api.client.testing.http.MockLowLevelHttpResponse;
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.testing.ServiceAccount;
+
+class FirebaseTokenVerifierImplTestUtils {
+  public static final String TEST_TOKEN_ISSUER = "https://test.token.issuer";
+
+  static void checkInvalidTokenException(FirebaseAuthException e, String message) {
+    checkException(e, message, AuthErrorCode.INVALID_ID_TOKEN);
+  }
+
+  static void checkException(FirebaseAuthException e, String message, AuthErrorCode errorCode) {
+    assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+    assertEquals(message, e.getMessage());
+    assertNull(e.getCause());
+    assertNull(e.getHttpResponse());
+    assertEquals(errorCode, e.getAuthErrorCode());
+  }
+
+  static GooglePublicKeysManager newPublicKeysManager(String certificate) {
+    String serviceAccountCertificates =
+        String.format("{\"%s\" : \"%s\"}", TestTokenFactory.PRIVATE_KEY_ID, certificate);
+    HttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(
+            new MockLowLevelHttpResponse().setContent(serviceAccountCertificates))
+        .build();
+    return newPublicKeysManager(transport);
+  }
+
+  static GooglePublicKeysManager newPublicKeysManager(HttpTransport transport) {
+    return new GooglePublicKeysManager.Builder(
+        transport, FirebaseTokenUtils.UNQUOTED_CTRL_CHAR_JSON_FACTORY)
+        .setClock(TestTokenFactory.CLOCK)
+        .setPublicCertsEncodedUrl("https://test.cert.url")
+        .build();
+  }
+
+  static FirebaseTokenVerifier newTestTokenVerifier(GooglePublicKeysManager publicKeysManager) {
+    return fullyPopulatedBuilder()
+        .setPublicKeysManager(publicKeysManager)
+        .build();
+  }
+
+  static FirebaseTokenVerifierImpl.Builder fullyPopulatedBuilder() {
+    return FirebaseTokenVerifierImpl.builder()
+        .setShortName("test token")
+        .setMethod("verifyTestToken()")
+        .setDocUrl("https://test.doc.url")
+        .setJsonFactory(TestTokenFactory.JSON_FACTORY)
+        .setPublicKeysManager(newPublicKeysManager(ServiceAccount.EDITOR.getCert()))
+        .setInvalidTokenErrorCode(AuthErrorCode.INVALID_ID_TOKEN)
+        .setExpiredTokenErrorCode(AuthErrorCode.EXPIRED_ID_TOKEN)
+        .setIdTokenVerifier(newIdTokenVerifier());
+  }
+
+  static IdTokenVerifier newIdTokenVerifier() {
+    return new IdTokenVerifier.Builder()
+        .setClock(TestTokenFactory.CLOCK)
+        .setAudience(ImmutableList.of(TestTokenFactory.PROJECT_ID))
+        .setIssuer(TEST_TOKEN_ISSUER)
+        .build();
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index 772f9ba8d..dead8aba1 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -39,6 +39,7 @@
 import com.google.common.base.Supplier;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
@@ -90,12 +91,17 @@ public class FirebaseUserManagerTest {
 
   private static final String TENANTS_BASE_URL = PROJECT_BASE_URL + "/tenants";
 
+  private static final String AUTH_EMULATOR = "localhost:8000";
+  private static final String PROJECT_BASE_URL_EMULATOR =
+          "http://" + AUTH_EMULATOR + "/identitytoolkit.googleapis.com/v2/projects/test-project-id";
+
   private static final String SAML_RESPONSE = TestUtils.loadResource("saml.json");
 
   private static final String OIDC_RESPONSE = TestUtils.loadResource("oidc.json");
 
   @After
   public void tearDown() {
+    TestUtils.unsetEnvironmentVariables(ImmutableSet.of("FIREBASE_AUTH_EMULATOR_HOST"));
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
   }
 
@@ -1517,7 +1523,7 @@ public void testCreateOidcProviderAsync() throws Exception {
             .setClientId("CLIENT_ID")
             .setIssuer("https://oidc.com/issuer");
 
-    OidcProviderConfig config = 
+    OidcProviderConfig config =
         FirebaseAuth.getInstance().createOidcProviderConfigAsync(createRequest).get();
 
     checkOidcProviderConfig(config, "oidc.provider-id");
@@ -2678,6 +2684,33 @@ public void testTenantAwareDeleteSamlProviderConfig() throws Exception {
     checkUrl(interceptor, "DELETE", expectedUrl);
   }
 
+  @Test
+  public void testCreateOidcProviderFromEmulatorAuth() throws Exception {
+    TestUtils.setEnvironmentVariables(
+            ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(OIDC_RESPONSE);
+    OidcProviderConfig.CreateRequest createRequest =
+            new OidcProviderConfig.CreateRequest()
+                    .setProviderId("oidc.provider-id")
+                    .setDisplayName("DISPLAY_NAME")
+                    .setEnabled(true)
+                    .setClientId("CLIENT_ID")
+                    .setIssuer("https://oidc.com/issuer");
+
+    OidcProviderConfig config = FirebaseAuth.getInstance().createOidcProviderConfig(createRequest);
+
+    checkOidcProviderConfig(config, "oidc.provider-id");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "POST", PROJECT_BASE_URL_EMULATOR + "/oauthIdpConfigs");
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals("DISPLAY_NAME", parsed.get("displayName"));
+    assertTrue((boolean) parsed.get("enabled"));
+    assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+    GenericUrl url = interceptor.getResponse().getRequest().getUrl();
+    assertEquals("oidc.provider-id", url.getFirst("oauthIdpConfigId"));
+  }
+
   private static TestResponseInterceptor initializeAppForUserManagementWithStatusCode(
       int statusCode, String response) {
     FirebaseApp.initializeApp(FirebaseOptions.builder()
diff --git a/src/test/java/com/google/firebase/auth/TestTokenFactory.java b/src/test/java/com/google/firebase/auth/TestTokenFactory.java
index 1f774ee7c..0510dbb66 100644
--- a/src/test/java/com/google/firebase/auth/TestTokenFactory.java
+++ b/src/test/java/com/google/firebase/auth/TestTokenFactory.java
@@ -20,8 +20,11 @@
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.webtoken.JsonWebSignature;
 import com.google.api.client.json.webtoken.JsonWebToken;
+import com.google.api.client.json.webtoken.JsonWebToken.Payload;
 import com.google.api.client.testing.http.FixedClock;
+import com.google.api.client.util.Base64;
 import com.google.api.client.util.Clock;
+import com.google.common.collect.ImmutableMap;
 import com.google.common.io.BaseEncoding;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
@@ -69,6 +72,30 @@ public String createToken(JsonWebSignature.Header header, JsonWebToken.Payload p
     }
   }
 
+  public String createUnsignedTokenForEmulator() {
+    return createUnsignedTokenForEmulator(createHeaderForEmulator(), createTokenPayload());
+  }
+
+  public String createUnsignedTokenForEmulator(JsonWebSignature.Header header) {
+    return createUnsignedTokenForEmulator(header, createTokenPayload());
+  }
+
+  public String createUnsignedTokenForEmulator(JsonWebToken.Payload payload) {
+    return createUnsignedTokenForEmulator(createHeaderForEmulator(), payload);
+  }
+
+  public String createUnsignedTokenForEmulator(
+      JsonWebSignature.Header header, JsonWebSignature.Payload payload) {
+    try {
+      String encodedHeader = Base64.encodeBase64URLSafeString(JSON_FACTORY.toByteArray(header));
+      String encodedPayload = Base64.encodeBase64URLSafeString(JSON_FACTORY.toByteArray(payload));
+      // Unsigned token with no signature component
+      return String.format("%s.%s.", encodedHeader, encodedPayload);
+    } catch (IOException e) {
+      throw new RuntimeException("Failed to create test token", e);
+    }
+  }
+
   public JsonWebSignature.Header createHeader() {
     JsonWebSignature.Header header = new JsonWebSignature.Header();
     header.setAlgorithm("RS256");
@@ -86,4 +113,69 @@ public JsonWebToken.Payload createTokenPayload() {
     payload.setSubject(UID);
     return payload;
   }
+
+  public JsonWebSignature.Header createHeaderForEmulator() {
+    JsonWebSignature.Header header = new JsonWebSignature.Header();
+    header.setAlgorithm("none");
+    header.setType("JWT");
+    return header;
+  }
+
+  public String createTokenWithoutKeyId(boolean isEmulatorMode) {
+    JsonWebSignature.Header header = createHeader();
+    header.setKeyId(null);
+    return isEmulatorMode ? createUnsignedTokenForEmulator(header)
+        : createToken(header);
+  }
+
+  public String createTokenWithSubject(String sub, boolean isEmulatorMode) {
+    Payload payload = createTokenPayload();
+    payload.setSubject(sub);
+    return isEmulatorMode ? createUnsignedTokenForEmulator(payload)
+        : createToken(payload);
+  }
+
+  public String createTokenWithIncorrectAlgorithm(boolean isEmulatorMode) {
+    JsonWebSignature.Header header = createHeader();
+    header.setAlgorithm("HSA");
+    return isEmulatorMode ? createUnsignedTokenForEmulator(header)
+        : createToken(header);
+  }
+
+  public String createTokenWithoutAlgorithm(boolean isEmulatorMode) {
+    JsonWebSignature.Header header = createHeader();
+    header.setAlgorithm("none");
+    return isEmulatorMode ? createUnsignedTokenForEmulator(header)
+        : createToken(header);
+  }
+
+  public String createTokenWithIncorrectAudience(boolean isEmulatorMode) {
+    Payload payload = createTokenPayload();
+    payload.setAudience("invalid-audience");
+    return isEmulatorMode ? createUnsignedTokenForEmulator(payload)
+        : createToken(payload);
+  }
+
+  public String createTokenWithIncorrectIssuer(boolean isEmulatorMode) {
+    Payload payload = createTokenPayload();
+    payload.setIssuer("https://incorrect.issuer.prefix/" + TestTokenFactory.PROJECT_ID);
+    return isEmulatorMode ? createUnsignedTokenForEmulator(payload)
+        : createToken(payload);
+  }
+
+  public String createTokenWithTimestamps(long issuedAtSeconds, long expirationSeconds,
+      boolean isEmulatorMode) {
+    Payload payload = createTokenPayload();
+    payload.setIssuedAtTimeSeconds(issuedAtSeconds);
+    payload.setExpirationTimeSeconds(expirationSeconds);
+    return isEmulatorMode ? createUnsignedTokenForEmulator(payload)
+        : createToken(payload);
+  }
+
+  public String createTokenWithTenantId(String tenantId, boolean isEmulatorMode) {
+    Payload payload = createTokenPayload();
+    payload.set("firebase", ImmutableMap.of("tenant", tenantId));
+    return isEmulatorMode ? createUnsignedTokenForEmulator(payload)
+        : createToken(payload);
+  }
 }
diff --git a/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java b/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
index fee4d8fb8..73477ad42 100644
--- a/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
+++ b/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
@@ -219,6 +219,14 @@ public void testCredentialsWithSigner() throws Exception {
     assertArrayEquals("local-signed-bytes".getBytes(), data);
   }
 
+  @Test
+  public void testEmulatorCryptoSigner() throws Exception {
+    CryptoSigner signer = new CryptoSigners.EmulatorCryptoSigner();
+    byte[] data = signer.sign("foo".getBytes());
+    // No signed bytes returned
+    assertEquals(data.length, 0);
+  }
+
   @After
   public void tearDown() {
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
index 4bc84cb4d..c76046543 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
@@ -35,6 +35,8 @@
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
@@ -52,6 +54,7 @@
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
+
 import org.junit.After;
 import org.junit.Test;
 
@@ -68,8 +71,14 @@ public class FirebaseTenantClientTest {
 
   private static final String TENANTS_BASE_URL = PROJECT_BASE_URL + "/tenants";
 
+  private static final String AUTH_EMULATOR = "localhost:8000";
+  private static final String PROJECT_BASE_URL_EMULATOR =
+          "http://" + AUTH_EMULATOR + "/identitytoolkit.googleapis.com/v2/projects/test-project-id";
+  private static final String TENANTS_BASE_URL_EMULATOR = PROJECT_BASE_URL_EMULATOR + "/tenants";
+
   @After
-  public void tearDown() {
+  public void tearDown() throws ReflectiveOperationException {
+    TestUtils.unsetEnvironmentVariables(ImmutableSet.of("FIREBASE_AUTH_EMULATOR_HOST"));
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
   }
 
@@ -312,6 +321,20 @@ public void testDeleteTenantWithNotFoundError() {
     checkUrl(interceptor, "DELETE", TENANTS_BASE_URL + "/UNKNOWN");
   }
 
+  @Test
+  public void testGetTenantFromAuthEmulator() throws Exception {
+    TestUtils.setEnvironmentVariables(
+            ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    TestResponseInterceptor interceptor = initializeAppForTenantManagement(
+            TestUtils.loadResource("tenant.json"));
+
+    Tenant tenant = FirebaseAuth.getInstance().getTenantManager().getTenant("TENANT_1");
+
+    checkTenant(tenant, "TENANT_1");
+    checkRequestHeaders(interceptor);
+    checkUrl(interceptor, "GET", TENANTS_BASE_URL_EMULATOR + "/TENANT_1");
+  }
+
   private static void checkTenant(Tenant tenant, String tenantId) {
     assertEquals(tenantId, tenant.getTenantId());
     assertEquals("DISPLAY_NAME", tenant.getDisplayName());

From 42bb217bfbe3d7c7d753b35c5ad5af8f951cfd1e Mon Sep 17 00:00:00 2001
From: Leo <39062083+lsirac@users.noreply.github.com>
Date: Fri, 16 Apr 2021 11:54:32 -0700
Subject: [PATCH 045/354] feat: enables OIDC auth code flow (#522)

* feat: enables OIDC auth code flow

* fix: remove GenericJson from public API surface

* fix: remove duplication

* fix: camel case for test cases

* fix: remove import
---
 .../firebase/auth/OidcProviderConfig.java     | 114 ++++++++++++++++++
 .../google/firebase/auth/FirebaseAuthIT.java  |  21 +++-
 .../auth/FirebaseUserManagerTest.java         |  39 +++++-
 .../firebase/auth/OidcProviderConfigTest.java |  81 ++++++++++++-
 .../TenantAwareFirebaseAuthIT.java            |  21 +++-
 src/test/resources/listOidc.json              |  14 ++-
 src/test/resources/oidc.json                  |   7 +-
 7 files changed, 280 insertions(+), 17 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/OidcProviderConfig.java b/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
index 26931788e..0a4f7c0b8 100644
--- a/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
+++ b/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
@@ -18,8 +18,11 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 
+import com.google.api.client.json.GenericJson;
 import com.google.api.client.util.Key;
 import com.google.common.base.Strings;
+import java.util.HashMap;
+import java.util.Map;
 
 /**
  * Contains metadata associated with an OIDC Auth provider.
@@ -31,17 +34,35 @@ public final class OidcProviderConfig extends ProviderConfig {
   @Key("clientId")
   private String clientId;
 
+  @Key("clientSecret")
+  private String clientSecret;
+
   @Key("issuer")
   private String issuer;
 
+  @Key("responseType")
+  private GenericJson responseType;
+
   public String getClientId() {
     return clientId;
   }
 
+  public String getClientSecret() {
+    return clientSecret;
+  }
+
   public String getIssuer() {
     return issuer;
   }
 
+  public boolean isCodeResponseType() {
+    return (responseType.containsKey("code") && (boolean) responseType.get("code"));
+  }
+
+  public boolean isIdTokenResponseType() {
+    return (responseType.containsKey("idToken") && (boolean) responseType.get("idToken"));
+  }
+
   /**
    * Returns a new {@link UpdateRequest}, which can be used to update the attributes of this
    * provider config.
@@ -58,6 +79,13 @@ static void checkOidcProviderId(String providerId) {
         "Invalid OIDC provider ID (must be prefixed with 'oidc.'): " + providerId);
   }
 
+  static Map<String, Boolean> ensureResponseType(Map<String,Object> properties) {
+    if (properties.get("responseType") == null) {
+      properties.put("responseType", new HashMap<String, Boolean>());
+    }
+    return (Map<String, Boolean>) properties.get("responseType");
+  }
+
   /**
    * A specification class for creating a new OIDC Auth provider.
    *
@@ -99,6 +127,19 @@ public CreateRequest setClientId(String clientId) {
       return this;
     }
 
+    /**
+     * Sets the client secret for the new provider. This is required for the code flow.
+     *
+     * @param clientSecret A non-null, non-empty client secret string.
+     * @throws IllegalArgumentException If the client secret is null or empty.
+     */
+    public CreateRequest setClientSecret(String clientSecret) {
+      checkArgument(!Strings.isNullOrEmpty(clientSecret),
+          "Client Secret must not be null or empty.");
+      properties.put("clientSecret", clientSecret);
+      return this;
+    }
+
     /**
      * Sets the issuer for the new provider.
      *
@@ -113,6 +154,36 @@ public CreateRequest setIssuer(String issuer) {
       return this;
     }
 
+    /**
+     * Sets whether to enable the code response flow for the new provider. By default, this is not
+     * enabled if no response type is specified.
+     *
+     * <p>A client secret must be set for this response type.
+     *
+     * <p>Having both the code and ID token response flows is currently not supported.
+     *
+     * @param enabled A boolean signifying whether the code response type is supported.
+     */
+    public CreateRequest setCodeResponseType(boolean enabled) {
+      Map<String, Boolean> map = ensureResponseType(properties);
+      map.put("code", enabled);
+      return this;
+    }
+
+    /**
+     * Sets whether to enable the ID token response flow for the new provider. By default, this is
+     * enabled if no response type is specified.
+     *
+     * <p>Having both the code and ID token response flows is currently not supported.
+     *
+     * @param enabled A boolean signifying whether the ID token response type is supported.
+     */
+    public CreateRequest setIdTokenResponseType(boolean enabled) {
+      Map<String, Boolean> map = ensureResponseType(properties);
+      map.put("idToken", enabled);
+      return this;
+    }
+
     CreateRequest getThis() {
       return this;
     }
@@ -156,6 +227,19 @@ public UpdateRequest setClientId(String clientId) {
       return this;
     }
 
+    /**
+     * Sets the client secret for the new provider. This is required for the code flow.
+     *
+     * @param clientSecret A non-null, non-empty client secret string.
+     * @throws IllegalArgumentException If the client secret is null or empty.
+     */
+    public UpdateRequest setClientSecret(String clientSecret) {
+      checkArgument(!Strings.isNullOrEmpty(clientSecret),
+          "Client Secret must not be null or empty.");
+      properties.put("clientSecret", clientSecret);
+      return this;
+    }
+
     /**
      * Sets the issuer for the existing provider.
      *
@@ -170,6 +254,36 @@ public UpdateRequest setIssuer(String issuer) {
       return this;
     }
 
+    /**
+     * Sets whether to enable the code response flow for the new provider. By default, this is not
+     * enabled if no response type is specified.
+     *
+     * <p>A client secret must be set for this response type.
+     *
+     * <p>Having both the code and ID token response flows is currently not supported.
+     *
+     * @param enabled A boolean signifying whether the code response type is supported.
+     */
+    public UpdateRequest setCodeResponseType(boolean enabled) {
+      Map<String, Boolean> map = ensureResponseType(properties);
+      map.put("code", enabled);
+      return this;
+    }
+
+    /**
+     * Sets whether to enable the ID token response flow for the new provider. By default, this is
+     * enabled if no response type is specified.
+     *
+     * <p>Having both the code and ID token response flows is currently not supported.
+     *
+     * @param enabled A boolean signifying whether the ID token response type is supported.
+     */
+    public UpdateRequest setIdTokenResponseType(boolean enabled) {
+      Map<String, Boolean> map = ensureResponseType(properties);
+      map.put("idToken", enabled);
+      return this;
+    }
+
     UpdateRequest getThis() {
       return this;
     }
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index 35fa21d4d..f474f0436 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -703,12 +703,19 @@ public void testOidcProviderConfigLifecycle() throws Exception {
             .setDisplayName("DisplayName")
             .setEnabled(true)
             .setClientId("ClientId")
-            .setIssuer("https://oidc.com/issuer"));
+            .setClientSecret("ClientSecret")
+            .setIssuer("https://oidc.com/issuer")
+            .setCodeResponseType(true)
+            .setIdTokenResponseType(false));
+
     assertEquals(providerId, config.getProviderId());
     assertEquals("DisplayName", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("ClientId", config.getClientId());
+    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
 
     // Get provider config
     config = auth.getOidcProviderConfigAsync(providerId).get();
@@ -716,7 +723,10 @@ public void testOidcProviderConfigLifecycle() throws Exception {
     assertEquals("DisplayName", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("ClientId", config.getClientId());
+    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
 
     // Update provider config
     OidcProviderConfig.UpdateRequest updateRequest =
@@ -724,13 +734,20 @@ public void testOidcProviderConfigLifecycle() throws Exception {
             .setDisplayName("NewDisplayName")
             .setEnabled(false)
             .setClientId("NewClientId")
-            .setIssuer("https://oidc.com/new-issuer");
+            .setClientSecret("NewClientSecret")
+            .setIssuer("https://oidc.com/new-issuer")
+            .setCodeResponseType(false)
+            .setIdTokenResponseType(true);
+
     config = auth.updateOidcProviderConfigAsync(updateRequest).get();
     assertEquals(providerId, config.getProviderId());
     assertEquals("NewDisplayName", config.getDisplayName());
     assertFalse(config.isEnabled());
     assertEquals("NewClientId", config.getClientId());
+    assertEquals("NewClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/new-issuer", config.getIssuer());
+    assertTrue(config.isIdTokenResponseType());
+    assertFalse(config.isCodeResponseType());
 
     // Delete provider config
     temporaryProviderConfig.deleteOidcProviderConfig(providerId);
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index dead8aba1..397b91fa8 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -1496,7 +1496,10 @@ public void testCreateOidcProvider() throws Exception {
             .setDisplayName("DISPLAY_NAME")
             .setEnabled(true)
             .setClientId("CLIENT_ID")
-            .setIssuer("https://oidc.com/issuer");
+            .setClientSecret("CLIENT_SECRET")
+            .setIssuer("https://oidc.com/issuer")
+            .setCodeResponseType(true)
+            .setIdTokenResponseType(true);
 
     OidcProviderConfig config = FirebaseAuth.getInstance().createOidcProviderConfig(createRequest);
 
@@ -1507,7 +1510,13 @@ public void testCreateOidcProvider() throws Exception {
     assertEquals("DISPLAY_NAME", parsed.get("displayName"));
     assertTrue((boolean) parsed.get("enabled"));
     assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("CLIENT_SECRET", parsed.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+
+    Map<String, Boolean> responseType = (Map<String, Boolean>) parsed.get("responseType");
+    assertTrue(responseType.get("code"));
+    assertTrue(responseType.get("idToken"));
+
     GenericUrl url = interceptor.getResponse().getRequest().getUrl();
     assertEquals("oidc.provider-id", url.getFirst("oauthIdpConfigId"));
   }
@@ -1521,7 +1530,10 @@ public void testCreateOidcProviderAsync() throws Exception {
             .setDisplayName("DISPLAY_NAME")
             .setEnabled(true)
             .setClientId("CLIENT_ID")
-            .setIssuer("https://oidc.com/issuer");
+            .setClientSecret("CLIENT_SECRET")
+            .setIssuer("https://oidc.com/issuer")
+            .setCodeResponseType(true)
+            .setIdTokenResponseType(true);
 
     OidcProviderConfig config =
         FirebaseAuth.getInstance().createOidcProviderConfigAsync(createRequest).get();
@@ -1533,7 +1545,13 @@ public void testCreateOidcProviderAsync() throws Exception {
     assertEquals("DISPLAY_NAME", parsed.get("displayName"));
     assertTrue((boolean) parsed.get("enabled"));
     assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("CLIENT_SECRET", parsed.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+
+    Map<String, Boolean> responseType = (Map<String, Boolean>) parsed.get("responseType");
+    assertTrue(responseType.get("code"));
+    assertTrue(responseType.get("idToken"));
+
     GenericUrl url = interceptor.getResponse().getRequest().getUrl();
     assertEquals("oidc.provider-id", url.getFirst("oauthIdpConfigId"));
   }
@@ -1736,7 +1754,10 @@ public void testTenantAwareUpdateOidcProvider() throws Exception {
             .setDisplayName("DISPLAY_NAME")
             .setEnabled(true)
             .setClientId("CLIENT_ID")
-            .setIssuer("https://oidc.com/issuer");
+            .setClientSecret("CLIENT_SECRET")
+            .setIssuer("https://oidc.com/issuer")
+            .setCodeResponseType(true)
+            .setIdTokenResponseType(true);
 
     OidcProviderConfig config = tenantAwareAuth.updateOidcProviderConfig(request);
 
@@ -1745,12 +1766,18 @@ public void testTenantAwareUpdateOidcProvider() throws Exception {
     String expectedUrl = TENANTS_BASE_URL + "/TENANT_ID/oauthIdpConfigs/oidc.provider-id";
     checkUrl(interceptor, "PATCH", expectedUrl);
     GenericUrl url = interceptor.getResponse().getRequest().getUrl();
-    assertEquals("clientId,displayName,enabled,issuer", url.getFirst("updateMask"));
+    assertEquals("clientId,clientSecret,displayName,enabled,issuer,responseType.code,"
+        + "responseType.idToken", url.getFirst("updateMask"));
     GenericJson parsed = parseRequestContent(interceptor);
     assertEquals("DISPLAY_NAME", parsed.get("displayName"));
     assertTrue((boolean) parsed.get("enabled"));
     assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("CLIENT_SECRET", parsed.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+
+    Map<String, Boolean> responseType = (Map<String, Boolean>) parsed.get("responseType");
+    assertTrue(responseType.get("code"));
+    assertTrue(responseType.get("idToken"));
   }
 
   @Test
@@ -2825,7 +2852,10 @@ private static void checkOidcProviderConfig(OidcProviderConfig config, String pr
     assertEquals("DISPLAY_NAME", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("CLIENT_ID", config.getClientId());
+    assertEquals("CLIENT_SECRET", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
   }
 
   private static void checkSamlProviderConfig(SamlProviderConfig config, String providerId) {
@@ -2857,5 +2887,4 @@ private static void checkUrl(TestResponseInterceptor interceptor, String method,
   private interface UserManagerOp {
     void call(FirebaseAuth auth) throws Exception;
   }
-
 }
diff --git a/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java b/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
index 1fb4ca37b..b8a5d5078 100644
--- a/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
+++ b/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
@@ -18,11 +18,13 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import java.io.IOException;
+import java.util.HashMap;
 import java.util.Map;
 import org.junit.Test;
 
@@ -36,7 +38,12 @@ public class OidcProviderConfigTest {
         + "  'displayName': 'DISPLAY_NAME',"
         + "  'enabled':      true,"
         + "  'clientId':    'CLIENT_ID',"
-        + "  'issuer':      'https://oidc.com/issuer'"
+        + "  'clientSecret':'CLIENT_SECRET',"
+        + "  'issuer':      'https://oidc.com/issuer',"
+        + "  'responseType': {"
+        + "    'code':  true,"
+        + "    'idToken': false"
+        + "   }"
         + "}").replace("'", "\"");
 
   @Test
@@ -47,7 +54,35 @@ public void testJsonDeserialization() throws IOException {
     assertEquals("DISPLAY_NAME", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("CLIENT_ID", config.getClientId());
+    assertEquals("CLIENT_SECRET", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
+  }
+
+  @Test
+  public void testEnsureResponseType() {
+    Map<String, Object> properties = new HashMap<>();
+
+    Map<String, Boolean> responseType = OidcProviderConfig.ensureResponseType(properties);
+
+    assertNotNull(responseType);
+    assertEquals(responseType, properties.get("responseType"));
+  }
+
+  @Test
+  public void testEnsureResponseTypeAlreadyPresent() {
+    Map<String, Object> properties = new HashMap<>();
+    Map<String, Boolean> responseType = new HashMap<>();
+    responseType.put("code", true);
+    properties.put("responseType", responseType);
+
+    Map<String, Boolean> returnedResponseType = OidcProviderConfig.ensureResponseType(properties);
+
+    assertEquals(responseType, returnedResponseType);
+    assertTrue(returnedResponseType.get("code"));
+    assertEquals(returnedResponseType.size(), 1);
+    assertEquals(responseType, properties.get("responseType"));
   }
 
   @Test
@@ -58,15 +93,23 @@ public void testCreateRequest() throws IOException {
       .setDisplayName("DISPLAY_NAME")
       .setEnabled(false)
       .setClientId("CLIENT_ID")
-      .setIssuer("https://oidc.com/issuer");
+      .setClientSecret("CLIENT_SECRET")
+      .setIssuer("https://oidc.com/issuer")
+      .setCodeResponseType(true)
+      .setIdTokenResponseType(false);
 
     assertEquals("oidc.provider-id", createRequest.getProviderId());
     Map<String,Object> properties = createRequest.getProperties();
-    assertEquals(properties.size(), 4);
+    assertEquals(properties.size(), 6);
     assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
     assertFalse((boolean) properties.get("enabled"));
     assertEquals("CLIENT_ID", (String) properties.get("clientId"));
+    assertEquals("CLIENT_SECRET", properties.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", (String) properties.get("issuer"));
+
+    Map<String, Boolean> responseType = (Map<String, Boolean>) properties.get("responseType");
+    assertTrue(responseType.get("code"));
+    assertFalse(responseType.get("idToken"));
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -99,6 +142,16 @@ public void testCreateRequestInvalidIssuerUrl() {
     new OidcProviderConfig.CreateRequest().setIssuer("not a valid url");
   }
 
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingClientSecret() {
+    new OidcProviderConfig.CreateRequest().setClientSecret(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestEmptyClientSecret() {
+    new OidcProviderConfig.CreateRequest().setClientSecret("");
+  }
+
   @Test
   public void testUpdateRequestFromOidcProviderConfig() throws IOException {
     OidcProviderConfig config = jsonFactory.fromString(OIDC_JSON_STRING, OidcProviderConfig.class);
@@ -117,15 +170,23 @@ public void testUpdateRequest() throws IOException {
       .setDisplayName("DISPLAY_NAME")
       .setEnabled(false)
       .setClientId("CLIENT_ID")
-      .setIssuer("https://oidc.com/issuer");
+      .setClientSecret("CLIENT_SECRET")
+      .setIssuer("https://oidc.com/issuer")
+      .setCodeResponseType(true)
+      .setIdTokenResponseType(false);
 
     assertEquals("oidc.provider-id", updateRequest.getProviderId());
     Map<String,Object> properties = updateRequest.getProperties();
-    assertEquals(properties.size(), 4);
+    assertEquals(properties.size(), 6);
     assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
     assertFalse((boolean) properties.get("enabled"));
     assertEquals("CLIENT_ID", (String) properties.get("clientId"));
+    assertEquals("CLIENT_SECRET", (String) properties.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", (String) properties.get("issuer"));
+
+    Map<String, Boolean> responseType = (Map<String, Boolean>) properties.get("responseType");
+    assertTrue(responseType.get("code"));
+    assertFalse(responseType.get("idToken"));
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -157,4 +218,14 @@ public void testUpdateRequestMissingIssuer() {
   public void testUpdateRequestInvalidIssuerUrl() {
     new OidcProviderConfig.UpdateRequest("oidc.provider-id").setIssuer("not a valid url");
   }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingClientSecret() {
+    new OidcProviderConfig.UpdateRequest("oidc.provider-id").setClientSecret(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestEmptyClientSecret() {
+    new OidcProviderConfig.UpdateRequest("oidc.provider-id").setClientSecret("");
+  }
 }
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
index 1ebac213f..3c4578e20 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
@@ -279,18 +279,28 @@ public void testOidcProviderConfigLifecycle() throws Exception {
               .setDisplayName("DisplayName")
               .setEnabled(true)
               .setClientId("ClientId")
-              .setIssuer("https://oidc.com/issuer"));
+              .setClientSecret("ClientSecret")
+              .setIssuer("https://oidc.com/issuer")
+              .setCodeResponseType(true)
+              .setIdTokenResponseType(false));
+
     assertEquals(providerId, config.getProviderId());
     assertEquals("DisplayName", config.getDisplayName());
     assertEquals("ClientId", config.getClientId());
+    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
 
     // Get provider config
     config = tenantAwareAuth.getOidcProviderConfigAsync(providerId).get();
     assertEquals(providerId, config.getProviderId());
     assertEquals("DisplayName", config.getDisplayName());
     assertEquals("ClientId", config.getClientId());
+    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
 
     // Update provider config
     OidcProviderConfig.UpdateRequest updateRequest =
@@ -298,13 +308,20 @@ public void testOidcProviderConfigLifecycle() throws Exception {
             .setDisplayName("NewDisplayName")
             .setEnabled(false)
             .setClientId("NewClientId")
-            .setIssuer("https://oidc.com/new-issuer");
+            .setClientSecret("NewClientSecret")
+            .setIssuer("https://oidc.com/new-issuer")
+            .setCodeResponseType(false)
+            .setIdTokenResponseType(true);
+
     config = tenantAwareAuth.updateOidcProviderConfigAsync(updateRequest).get();
     assertEquals(providerId, config.getProviderId());
     assertEquals("NewDisplayName", config.getDisplayName());
     assertFalse(config.isEnabled());
     assertEquals("NewClientId", config.getClientId());
+    assertEquals("NewClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/new-issuer", config.getIssuer());
+    assertFalse(config.isCodeResponseType());
+    assertTrue(config.isIdTokenResponseType());
 
     // Delete provider config
     temporaryProviderConfig.deleteOidcProviderConfig(providerId);
diff --git a/src/test/resources/listOidc.json b/src/test/resources/listOidc.json
index 0c13ea48b..82a2f7669 100644
--- a/src/test/resources/listOidc.json
+++ b/src/test/resources/listOidc.json
@@ -4,12 +4,22 @@
     "displayName" : "DISPLAY_NAME",
     "enabled" : true,
     "clientId" : "CLIENT_ID",
-    "issuer" : "https://oidc.com/issuer"
+    "clientSecret" : "CLIENT_SECRET",
+    "issuer" : "https://oidc.com/issuer",
+    "responseType" : {
+      "code": true,
+      "idToken": false
+    }
   }, {
     "name": "projects/projectId/oauthIdpConfigs/oidc.provider-id2",
     "displayName" : "DISPLAY_NAME",
     "enabled" : true,
     "clientId" : "CLIENT_ID",
-    "issuer" : "https://oidc.com/issuer"
+    "clientSecret" : "CLIENT_SECRET",
+    "issuer" : "https://oidc.com/issuer",
+    "responseType" : {
+      "code": true,
+      "idToken": false
+    }
   } ]
 }
diff --git a/src/test/resources/oidc.json b/src/test/resources/oidc.json
index e2f1845de..0aed0df50 100644
--- a/src/test/resources/oidc.json
+++ b/src/test/resources/oidc.json
@@ -3,5 +3,10 @@
   "displayName" : "DISPLAY_NAME",
   "enabled" : true,
   "clientId" : "CLIENT_ID",
-  "issuer" : "https://oidc.com/issuer"
+  "clientSecret" : "CLIENT_SECRET",
+  "issuer" : "https://oidc.com/issuer",
+  "responseType" : {
+    "code": true,
+    "idToken": false
+  }
 }

From baa94fc3dae79ff57aee2e42b7c616ac612a1fdc Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Tue, 20 Apr 2021 15:21:17 -0400
Subject: [PATCH 046/354] chore: Add nightly build workflow (#524)

---
 .github/workflows/nightly.yml                 | 83 +++++++++++++++++++
 .../remoteconfig/FirebaseRemoteConfigIT.java  |  5 ++
 2 files changed, 88 insertions(+)
 create mode 100644 .github/workflows/nightly.yml

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
new file mode 100644
index 000000000..e89d1db39
--- /dev/null
+++ b/.github/workflows/nightly.yml
@@ -0,0 +1,83 @@
+# Copyright 2021 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Nightly Builds
+
+on:
+  # Runs every day at 06:10 AM (PT) and 08:10 PM (PT) / 04:10 AM (UTC) and 02:10 PM (UTC)
+  # or on 'firebase_nightly_build' repository dispatch event.
+  schedule:
+    - cron: "10 4,14 * * *"
+  repository_dispatch:
+    types: [firebase_nightly_build]
+
+jobs:
+  nightly:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout source for staging
+      uses: actions/checkout@v2
+      with:
+        ref: ${{ github.event.client_payload.ref || github.ref }}
+
+    - name: Set up JDK 1.7
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.7
+
+    - name: Compile, test and package
+      run: ./.github/scripts/package_artifacts.sh
+      env:
+        FIREBASE_SERVICE_ACCT_KEY: ${{ secrets.FIREBASE_SERVICE_ACCT_KEY }}
+        FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }}
+
+    # Attach the packaged artifacts to the workflow output. These can be manually
+    # downloaded for later inspection if necessary.
+    - name: Archive artifacts
+      uses: actions/upload-artifact@v1
+      with:
+        name: dist
+        path: dist
+
+    - name: Send email on failure
+      if: failure()
+      uses: firebase/firebase-admin-node/.github/actions/send-email
+      with:
+        api-key: ${{ secrets.OSS_BOT_MAILGUN_KEY }}
+        domain: ${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}
+        from: 'GitHub <admin-github@${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}>'
+        to: ${{ secrets.FIREBASE_ADMIN_GITHUB_EMAIL }}
+        subject: 'Nightly build ${{github.run_id}} of ${{github.repository}} failed!'
+        html: >
+          <b>Nightly workflow ${{github.run_id}} failed on: ${{github.repository}}</b>
+          <br /><br />Navigate to the 
+          <a href="https://github.com/firebase/firebase-admin-java/actions/runs/${{github.run_id}}">failed workflow</a>.
+      continue-on-error: true
+
+    - name: Send email on cancelled
+      if: cancelled()
+      uses: firebase/firebase-admin-node/.github/actions/send-email
+      with:
+        api-key: ${{ secrets.OSS_BOT_MAILGUN_KEY }}
+        domain: ${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}
+        from: 'GitHub <admin-github@${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}>'
+        to: ${{ secrets.FIREBASE_ADMIN_GITHUB_EMAIL }}
+        subject: 'Nightly build ${{github.run_id}} of ${{github.repository}} cancelled!'
+        html: >
+          <b>Nightly workflow ${{github.run_id}} cancelled on: ${{github.repository}}</b>
+          <br /><br />Navigate to the 
+          <a href="https://github.com/firebase/firebase-admin-java/actions/runs/${{github.run_id}}">cancelled workflow</a>.
+      continue-on-error: true
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
index bb90c6cb9..54b7438c1 100644
--- a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
@@ -53,6 +53,11 @@ public static void setUpClass() {
     remoteConfig = FirebaseRemoteConfig.getInstance(IntegrationTestUtils.ensureDefaultApp());
   }
 
+  @Test
+  public void testToTriggerNightlyEmailNotifications() {
+    assertEquals("a", "b");
+  }
+
   @Test
   public void testValidateTemplate() throws FirebaseRemoteConfigException {
     final Template inputTemplate = remoteConfig.getTemplate();

From 1a6a00d3c5f5601447d4b55bb5052d0033d2cd14 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Tue, 20 Apr 2021 15:45:19 -0400
Subject: [PATCH 047/354] Fix send-email action version in nightly workflow
 (#527)

- Added the missing version info: `@master` for send-email action.
---
 .github/workflows/nightly.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index e89d1db39..c9259a628 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -54,7 +54,7 @@ jobs:
 
     - name: Send email on failure
       if: failure()
-      uses: firebase/firebase-admin-node/.github/actions/send-email
+      uses: firebase/firebase-admin-node/.github/actions/send-email@master
       with:
         api-key: ${{ secrets.OSS_BOT_MAILGUN_KEY }}
         domain: ${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}
@@ -69,7 +69,7 @@ jobs:
 
     - name: Send email on cancelled
       if: cancelled()
-      uses: firebase/firebase-admin-node/.github/actions/send-email
+      uses: firebase/firebase-admin-node/.github/actions/send-email@master
       with:
         api-key: ${{ secrets.OSS_BOT_MAILGUN_KEY }}
         domain: ${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}

From 589f08b68d8fafc63c5a9fc5d0351d805d952d8d Mon Sep 17 00:00:00 2001
From: nrsim <55852299+nrsim@users.noreply.github.com>
Date: Tue, 20 Apr 2021 17:28:32 -0400
Subject: [PATCH 048/354] feat(auth): Add API to look up users by federated ID.
 (#340)

* Add API to look up users by federated ID.

* Apply first round of feedback.

* Review feedback

* review feedback

* review feedback

Co-authored-by: Rich Gowman <richard.gowman@gmail.com>
---
 .../firebase/auth/AbstractFirebaseAuth.java   | 58 ++++++++++++++
 .../firebase/auth/FirebaseUserManager.java    |  9 +++
 .../google/firebase/auth/FirebaseAuthIT.java  | 77 +++++++++++++++++++
 .../auth/FirebaseUserManagerTest.java         | 56 +++++++++++++-
 .../snippets/FirebaseAuthSnippets.java        | 10 +++
 src/test/resources/getUser.json               |  3 +
 src/test/resources/listUsers.json             |  6 ++
 7 files changed, 218 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
index 0967aca76..5dab1d831 100644
--- a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -554,6 +554,64 @@ protected UserRecord execute() throws FirebaseAuthException {
     };
   }
 
+  /**
+   * Gets the user data for the user corresponding to a given provider id.
+   *
+   * @param providerId Identifier for the given federated provider, for example,
+   *     "google.com" for the Google provider.
+   * @param uid The user identifier with the given provider.
+   * @return A {@link UserRecord} instance.
+   * @throws IllegalArgumentException If the uid is null or empty, or if
+   *     the providerId is null, empty, or does not belong to a federated provider.
+   * @throws FirebaseAuthException If an error occurs while retrieving user data.
+   */
+  public UserRecord getUserByProviderUid(
+      @NonNull String providerId, @NonNull String uid) throws FirebaseAuthException {
+    return getUserByProviderUidOp(providerId, uid).call();
+  }
+
+  /**
+   * Gets the user data for the user corresponding to a given provider id.
+   *
+   * @param providerId Identifer for the given federated provider, for example,
+   *     "google.com" for the Google provider.
+   * @param uid The user identifier with the given provider.
+   * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
+   *     instance. If an error occurs while retrieving user data or if the provider ID and uid
+   *     do not correspond to a user, the future throws a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the uid is null or empty, or if
+   *     the provider ID is null, empty, or does not belong to a federated provider.
+   */
+  public ApiFuture<UserRecord> getUserByProviderUidAsync(
+      @NonNull String providerId, @NonNull String uid) {
+    return getUserByProviderUidOp(providerId, uid).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<UserRecord, FirebaseAuthException> getUserByProviderUidOp(
+      final String providerId, final String uid) {
+    checkArgument(!Strings.isNullOrEmpty(providerId), "providerId must not be null or empty");
+    checkArgument(!Strings.isNullOrEmpty(uid), "uid must not be null or empty");
+
+    // Although we don't really advertise it, we want to also handle
+    // non-federated idps with this call. So if we detect one of them, we'll
+    // reroute this request appropriately.
+    if (providerId == "phone") {
+      return this.getUserByPhoneNumberOp(uid);
+    } else if (providerId == "email") {
+      return this.getUserByEmailOp(uid);
+    }
+
+    checkArgument(!providerId.equals("password")
+        && !providerId.equals("anonymous"), "providerId must belong to a federated provider");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<UserRecord, FirebaseAuthException>() {
+      @Override
+      protected UserRecord execute() throws FirebaseAuthException {
+        return userManager.getUserByProviderUid(providerId, uid);
+      }
+    };
+  }
+
   /**
    * Gets a page of users starting from the specified {@code pageToken}. Page size is limited to
    * 1000 users.
diff --git a/src/main/java/com/google/firebase/auth/FirebaseUserManager.java b/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
index 103360cc7..195527841 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseUserManager.java
@@ -155,6 +155,15 @@ Set<UserRecord> getAccountInfo(@NonNull Collection<UserIdentifier> identifiers)
     return results;
   }
 
+  UserRecord getUserByProviderUid(
+      String providerId, String uid) throws FirebaseAuthException {
+    final Map<String, Object> payload = ImmutableMap.<String, Object>of(
+        "federatedUserId", ImmutableList.of(
+            ImmutableMap.<String, Object>builder()
+            .put("rawId", uid).put("providerId", providerId).build()));
+    return lookupUserAccount(payload, uid);
+  }
+
   String createUser(UserRecord.CreateRequest request) throws FirebaseAuthException {
     GenericJson response = post("/accounts", request.getProperties(), GenericJson.class);
     return (String) response.get("localId");
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index f474f0436..f54cf1bb5 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -265,6 +265,35 @@ public void testCreateUserWithParams() throws Exception {
     checkRecreateUser(randomUser.getUid());
   }
 
+  @Test
+  public void testLookupUserByPhone() throws Exception {
+    UserRecord user1 = createTemporaryUser();
+    UserRecord user2 = importTemporaryUser();
+
+    UserRecord lookedUpRecord = auth.getUserByPhoneNumberAsync(
+        user1.getPhoneNumber()).get();
+    assertEquals(user1.getUid(), lookedUpRecord.getUid());
+
+    lookedUpRecord = auth.getUserByPhoneNumberAsync(user2.getPhoneNumber()).get();
+    assertEquals(user2.getUid(), lookedUpRecord.getUid());
+  }
+
+  @Test
+  public void testLookupUserByProviderUid() throws Exception {
+    UserRecord user = importTemporaryUser();
+
+    UserRecord lookedUpRecord = auth.getUserByProviderUidAsync(
+        "google.com", user.getUid() + "_google.com").get();
+    assertEquals(user.getUid(), lookedUpRecord.getUid());
+    assertEquals(2, lookedUpRecord.getProviderData().length);
+    List<String> providers = new ArrayList<>();
+    for (UserInfo provider : lookedUpRecord.getProviderData()) {
+      providers.add(provider.getProviderId());
+    }
+    assertTrue(providers.contains("phone"));
+    assertTrue(providers.contains("google.com"));
+  }
+
   @Test
   public void testUserLifecycle() throws Exception {
     // Create user
@@ -946,6 +975,54 @@ public void onSuccess(ListProviderConfigsPage<SamlProviderConfig> result) {
     assertNull(error.get());
   }
 
+  /**
+   * Create a temporary user. This user will automatically be cleaned up after testing completes.
+   */
+  private UserRecord createTemporaryUser() throws Exception {
+    RandomUser randomUser = UserTestUtils.generateRandomUserInfo();
+
+    UserRecord.CreateRequest user = new UserRecord.CreateRequest()
+        .setUid(randomUser.getUid())
+        .setDisplayName("Random User")
+        .setEmail(randomUser.getEmail())
+        .setEmailVerified(true)
+        .setPhoneNumber(randomUser.getPhoneNumber())
+        .setPhotoUrl("https://example.com/photo.png")
+        .setPassword("password");
+
+    return temporaryUser.create(user);
+  }
+
+  /**
+   * Import a temporary user. This user will automatically be cleaned up after testing completes.
+   */
+  private UserRecord importTemporaryUser() throws Exception {
+    RandomUser randomUser = UserTestUtils.generateRandomUserInfo();
+
+    ImportUserRecord.Builder builder = ImportUserRecord.builder()
+        .setUid(randomUser.getUid())
+        .setDisabled(false)
+        .setEmail(randomUser.getEmail())
+        .setEmailVerified(true)
+        .setPhoneNumber(randomUser.getPhoneNumber())
+        .setUserMetadata(
+            new UserMetadata(/* creationTimestamp= */ 20L, /* lastSignInTimestamp= */ 20L,
+                /* lastRefreshTimestamp= */ 20L))
+        .addUserProvider(
+            UserProvider.builder()
+            .setProviderId("google.com")
+            .setUid(randomUser.getUid() + "_google.com")
+            .build());
+
+    ImportUserRecord user = builder.build();
+    UserImportResult result = auth.importUsersAsync(ImmutableList.of(user)).get();
+    assertEquals(result.getSuccessCount(), 1);
+    assertEquals(result.getFailureCount(), 0);
+    temporaryUser.registerUid(randomUser.getUid());
+
+    return auth.getUserAsync(randomUser.getUid()).get();
+  }
+
   private Map<String, String> parseLinkParameters(String link) throws Exception {
     Map<String, String> result = new HashMap<>();
     int queryBegin = link.indexOf('?');
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index 397b91fa8..17e8471a0 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -355,6 +355,56 @@ public void testInvalidProviderIdentifier() {
     }
   }
 
+  @Test
+  public void testGetUserByProviderUidWithInvalidProviderId() throws Exception {
+    initializeAppForUserManagement();
+    try {
+      FirebaseAuth.getInstance().getUserByProviderUidAsync("", "uid").get();
+      fail("No error thrown for invalid request");
+    } catch (IllegalArgumentException expected) {
+    }
+  }
+
+  @Test
+  public void testGetUserByProviderUidWithInvalidProviderUid() throws Exception {
+    initializeAppForUserManagement();
+    try {
+      FirebaseAuth.getInstance().getUserByProviderUidAsync("id", "").get();
+      fail("No error thrown for invalid request");
+    } catch (IllegalArgumentException expected) {
+    }
+  }
+
+  @Test
+  public void testGetUserByProviderUidWithValidInput() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("getUser.json"));
+    UserRecord userRecord = FirebaseAuth.getInstance()
+        .getUserByProviderUidAsync("google.com", "google_uid").get();
+    checkUserRecord(userRecord);
+    checkRequestHeaders(interceptor);
+  }
+
+  @Test
+  public void testGetUserByProviderUidWithPhone() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("getUser.json"));
+    UserRecord userRecord = FirebaseAuth.getInstance()
+        .getUserByProviderUidAsync("phone", "+1234567890").get();
+    checkUserRecord(userRecord);
+    checkRequestHeaders(interceptor);
+  }
+
+  @Test
+  public void testGetUserByProviderUidWithEmail() throws Exception {
+    TestResponseInterceptor interceptor = initializeAppForUserManagement(
+        TestUtils.loadResource("getUser.json"));
+    UserRecord userRecord = FirebaseAuth.getInstance()
+        .getUserByProviderUidAsync("email", "testuser@example.com").get();
+    checkUserRecord(userRecord);
+    checkRequestHeaders(interceptor);
+  }
+
   @Test
   public void testListUsers() throws Exception {
     final TestResponseInterceptor interceptor = initializeAppForUserManagement(
@@ -2821,7 +2871,7 @@ private static void checkUserRecord(UserRecord userRecord) {
     assertEquals("http://www.example.com/testuser/photo.png", userRecord.getPhotoUrl());
     assertEquals(1234567890, userRecord.getUserMetadata().getCreationTimestamp());
     assertEquals(0, userRecord.getUserMetadata().getLastSignInTimestamp());
-    assertEquals(2, userRecord.getProviderData().length);
+    assertEquals(3, userRecord.getProviderData().length);
     assertFalse(userRecord.isDisabled());
     assertTrue(userRecord.isEmailVerified());
     assertEquals(1494364393000L, userRecord.getTokensValidAfterTimestamp());
@@ -2841,6 +2891,10 @@ private static void checkUserRecord(UserRecord userRecord) {
     assertEquals("+1234567890", provider.getPhoneNumber());
     assertEquals("phone", provider.getProviderId());
 
+    provider = userRecord.getProviderData()[2];
+    assertEquals("google_uid", provider.getUid());
+    assertEquals("google.com", provider.getProviderId());
+
     Map<String, Object> claims = userRecord.getCustomClaims();
     assertEquals(2, claims.size());
     assertTrue((boolean) claims.get("admin"));
diff --git a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
index e86496a21..e96170cf9 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
@@ -94,6 +94,16 @@ public static void getUserByPhoneNumber(
     // [END get_user_by_phone]
   }
 
+  public static void getUserByProviderUId(
+      String providerId, String uid) throws FirebaseAuthException {
+    // [START get_user_by_provider_uid]
+    UserRecord userRecord = FirebaseAuth.getInstance().getUserByProviderUid(
+        providerId, uid);
+    // See the UserRecord reference doc for the contents of userRecord.
+    System.out.println("Successfully fetched user data: " + userRecord.getUid());
+    // [END get_user_by_provider_uid]
+  }
+
   public static void createUser() throws FirebaseAuthException {
     // [START create_user]
     CreateRequest request = new CreateRequest()
diff --git a/src/test/resources/getUser.json b/src/test/resources/getUser.json
index 3d57f1082..8d9ff32ef 100644
--- a/src/test/resources/getUser.json
+++ b/src/test/resources/getUser.json
@@ -17,6 +17,9 @@
       "providerId" : "phone",
       "phoneNumber" : "+1234567890",
       "rawId" : "+1234567890"
+    }, {
+      "providerId" : "google.com",
+      "rawId" : "google_uid"
     } ],
     "photoUrl" : "http://www.example.com/testuser/photo.png",
     "passwordHash" : "passwordhash",
diff --git a/src/test/resources/listUsers.json b/src/test/resources/listUsers.json
index 47e169709..c2f99c142 100644
--- a/src/test/resources/listUsers.json
+++ b/src/test/resources/listUsers.json
@@ -16,6 +16,9 @@
       "providerId" : "phone",
       "phoneNumber" : "+1234567890",
       "rawId" : "+1234567890"
+    }, {
+      "providerId" : "google.com",
+      "rawId" : "google_uid"
     } ],
     "photoUrl" : "http://www.example.com/testuser/photo.png",
     "passwordHash" : "passwordHash",
@@ -43,6 +46,9 @@
       "providerId" : "phone",
       "phoneNumber" : "+1234567890",
       "rawId" : "+1234567890"
+    }, {
+      "providerId" : "google.com",
+      "rawId" : "google_uid"
     } ],
     "photoUrl" : "http://www.example.com/testuser/photo.png",
     "passwordHash" : "passwordHash",

From 40c25e879ac2f62f62cac3c5dcf625daf6002260 Mon Sep 17 00:00:00 2001
From: nrsim <55852299+nrsim@users.noreply.github.com>
Date: Tue, 20 Apr 2021 17:29:14 -0400
Subject: [PATCH 049/354] feat(auth): Link federatedid (#345)

* Add API to link/unlink provider info to/from user record.

* Make changes in respond to first round of feedback.

* review feedback

* Update API to reflect changes made during api review

* review feedback

* review feedback

Co-authored-by: Rich Gowman <richard.gowman@gmail.com>
Co-authored-by: Rich Gowman <rgowman@google.com>
---
 .../com/google/firebase/auth/UserRecord.java  | 84 ++++++++++++++++++-
 .../google/firebase/auth/FirebaseAuthIT.java  | 60 +++++++++++++
 .../auth/FirebaseUserManagerTest.java         | 71 +++++++++++++++-
 3 files changed, 213 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/UserRecord.java b/src/main/java/com/google/firebase/auth/UserRecord.java
index 0af08f65b..dea8fc94c 100644
--- a/src/main/java/com/google/firebase/auth/UserRecord.java
+++ b/src/main/java/com/google/firebase/auth/UserRecord.java
@@ -475,6 +475,29 @@ public UpdateRequest setPhoneNumber(@Nullable String phone) {
       if (phone != null) {
         checkPhoneNumber(phone);
       }
+
+      if (phone == null && properties.containsKey("deleteProvider")) {
+        Object deleteProvider = properties.get("deleteProvider");
+        if (deleteProvider != null) {
+          // Due to java's type erasure, we can't fully check the type. :(
+          @SuppressWarnings("unchecked")
+          Iterable<String> deleteProviderIterable = (Iterable<String>)deleteProvider;
+
+          // If we've been told to unlink the phone provider both via setting phoneNumber to null
+          // *and* by setting providersToUnlink to include 'phone', then we'll reject that. Though
+          // it might also be reasonable to relax this restriction and just unlink it.
+          for (String dp : deleteProviderIterable) {
+            if (dp == "phone") {
+              throw new IllegalArgumentException(
+                  "Both UpdateRequest.setPhoneNumber(null) and "
+                  + "UpdateRequest.setProvidersToUnlink(['phone']) were set. To unlink from a "
+                  + "phone provider, only specify UpdateRequest.setPhoneNumber(null).");
+
+            }
+          }
+        }
+      }
+
       properties.put("phoneNumber", phone);
       return this;
     }
@@ -548,6 +571,52 @@ public UpdateRequest setCustomClaims(Map<String,Object> customClaims) {
       return this;
     }
 
+    /**
+     * Links this user to the specified provider.
+     *
+     * <p>Linking a provider to an existing user account does not invalidate the
+     * refresh token of that account. In other words, the existing account
+     * would continue to be able to access resources, despite not having used
+     * the newly linked provider to log in. If you wish to force the user to
+     * authenticate with this new provider, you need to (a) revoke their
+     * refresh token (see
+     * https://firebase.google.com/docs/auth/admin/manage-sessions#revoke_refresh_tokens),
+     * and (b) ensure no other authentication methods are present on this
+     * account.
+     *
+     * @param providerToLink provider info to be linked to this user\'s account.
+     */
+    public UpdateRequest setProviderToLink(@NonNull UserProvider providerToLink) {
+      properties.put("linkProviderUserInfo", checkNotNull(providerToLink));
+      return this;
+    }
+
+    /**
+     * Unlinks this user from the specified providers.
+     *
+     * @param providerIds list of identifiers for the identity providers.
+     */
+    public UpdateRequest setProvidersToUnlink(Iterable<String> providerIds) {
+      checkNotNull(providerIds);
+      for (String id : providerIds) {
+        checkArgument(!Strings.isNullOrEmpty(id), "providerIds must not be null or empty");
+
+        if (id == "phone" && properties.containsKey("phoneNumber")
+            && properties.get("phoneNumber") == null) {
+          // If we've been told to unlink the phone provider both via setting phoneNumber to null
+          // *and* by setting providersToUnlink to include 'phone', then we'll reject that. Though
+          // it might also be reasonable to relax this restriction and just unlink it.
+          throw new IllegalArgumentException(
+              "Both UpdateRequest.setPhoneNumber(null) and "
+              + "UpdateRequest.setProvidersToUnlink(['phone']) were set. To unlink from a phone "
+              + "provider, only specify UpdateRequest.setPhoneNumber(null).");
+        }
+      }
+
+      properties.put("deleteProvider", providerIds);
+      return this;
+    }
+
     UpdateRequest setValidSince(long epochSeconds) {
       checkValidSince(epochSeconds);
       properties.put("validSince", epochSeconds);
@@ -569,7 +638,20 @@ Map<String, Object> getProperties(JsonFactory jsonFactory) {
       }
 
       if (copy.containsKey("phoneNumber") && copy.get("phoneNumber") == null) {
-        copy.put("deleteProvider", ImmutableList.of("phone"));
+        Object deleteProvider = copy.get("deleteProvider");
+        if (deleteProvider != null) {
+          // Due to java's type erasure, we can't fully check the type. :(
+          @SuppressWarnings("unchecked")
+          Iterable<String> deleteProviderIterable = (Iterable<String>)deleteProvider;
+
+          copy.put("deleteProvider", new ImmutableList.Builder<String>()
+              .addAll(deleteProviderIterable)
+              .add("phone")
+              .build());
+        } else {
+          copy.put("deleteProvider", ImmutableList.of("phone"));
+        }
+
         copy.remove("phoneNumber");
       }
 
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index f54cf1bb5..0d65d515f 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -18,6 +18,7 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
@@ -336,6 +337,65 @@ public void testUserLifecycle() throws Exception {
     assertEquals(2, userRecord.getProviderData().length);
     assertTrue(userRecord.getCustomClaims().isEmpty());
 
+    // Link user to IDP providers
+    request = userRecord.updateRequest()
+        .setProviderToLink(
+            UserProvider
+                .builder()
+                .setUid("testuid")
+                .setProviderId("google.com")
+                .setEmail("test@example.com")
+                .setDisplayName("Test User")
+                .setPhotoUrl("https://test.com/user.png")
+                .build());
+    userRecord = auth.updateUserAsync(request).get();
+    assertEquals(uid, userRecord.getUid());
+    assertEquals("Updated Name", userRecord.getDisplayName());
+    assertEquals(randomUser.getEmail(), userRecord.getEmail());
+    assertEquals(randomUser.getPhoneNumber(), userRecord.getPhoneNumber());
+    assertEquals("https://example.com/photo.png", userRecord.getPhotoUrl());
+    assertTrue(userRecord.isEmailVerified());
+    assertFalse(userRecord.isDisabled());
+    assertEquals(3, userRecord.getProviderData().length);
+    List<String> providers = new ArrayList<>();
+    for (UserInfo provider : userRecord.getProviderData()) {
+      providers.add(provider.getProviderId());
+    }
+    assertTrue(providers.contains("google.com"));
+    assertTrue(userRecord.getCustomClaims().isEmpty());
+
+    // Unlink phone provider
+    request = userRecord.updateRequest().setProvidersToUnlink(ImmutableList.of("phone"));
+    userRecord = auth.updateUserAsync(request).get();
+    assertNull(userRecord.getPhoneNumber());
+    assertEquals(2, userRecord.getProviderData().length);
+    providers.clear();
+    for (UserInfo provider : userRecord.getProviderData()) {
+      providers.add(provider.getProviderId());
+    }
+    assertFalse(providers.contains("phone"));
+    assertEquals(uid, userRecord.getUid());
+    assertEquals("Updated Name", userRecord.getDisplayName());
+    assertEquals(randomUser.getEmail(), userRecord.getEmail());
+    assertEquals("https://example.com/photo.png", userRecord.getPhotoUrl());
+    assertTrue(userRecord.isEmailVerified());
+    assertFalse(userRecord.isDisabled());
+    assertTrue(userRecord.getCustomClaims().isEmpty());
+
+    // Unlink IDP provider
+    request = userRecord.updateRequest().setProvidersToUnlink(ImmutableList.of("google.com"));
+    userRecord = auth.updateUserAsync(request).get();
+    assertEquals(1, userRecord.getProviderData().length);
+    assertNotEquals("google.com", userRecord.getProviderData()[0].getProviderId());
+    assertEquals(uid, userRecord.getUid());
+    assertEquals("Updated Name", userRecord.getDisplayName());
+    assertEquals(randomUser.getEmail(), userRecord.getEmail());
+    assertNull(userRecord.getPhoneNumber());
+    assertEquals("https://example.com/photo.png", userRecord.getPhotoUrl());
+    assertTrue(userRecord.isEmailVerified());
+    assertFalse(userRecord.isDisabled());
+    assertTrue(userRecord.getCustomClaims().isEmpty());
+
     // Get user by email
     userRecord = auth.getUserByEmailAsync(userRecord.getEmail()).get();
     assertEquals(uid, userRecord.getUid());
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index 17e8471a0..4014e053d 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -85,6 +85,13 @@ public class FirebaseUserManagerTest {
 
   private static final Map<String, Object> ACTION_CODE_SETTINGS_MAP =
           ACTION_CODE_SETTINGS.getProperties();
+  private static final UserProvider USER_PROVIDER = UserProvider.builder()
+        .setUid("testuid")
+        .setProviderId("facebook.com")
+        .setEmail("test@example.com")
+        .setDisplayName("Test User")
+        .setPhotoUrl("https://test.com/user.png")
+        .build();
 
   private static final String PROJECT_BASE_URL =
       "https://identitytoolkit.googleapis.com/v2/projects/test-project-id";
@@ -1147,8 +1154,10 @@ public void testUserUpdater() throws IOException {
         .setEmailVerified(true)
         .setPassword("secret")
         .setCustomClaims(claims)
+        .setProviderToLink(USER_PROVIDER)
+        .setProvidersToUnlink(ImmutableList.of("google.com"))
         .getProperties(JSON_FACTORY);
-    assertEquals(8, map.size());
+    assertEquals(10, map.size());
     assertEquals(update.getUid(), map.get("localId"));
     assertEquals("Display Name", map.get("displayName"));
     assertEquals("http://test.com/example.png", map.get("photoUrl"));
@@ -1157,6 +1166,8 @@ public void testUserUpdater() throws IOException {
     assertTrue((Boolean) map.get("emailVerified"));
     assertEquals("secret", map.get("password"));
     assertEquals(JSON_FACTORY.toString(claims), map.get("customAttributes"));
+    assertEquals(USER_PROVIDER, map.get("linkProviderUserInfo"));
+    assertEquals(ImmutableList.of("google.com"), map.get("deleteProvider"));
   }
 
   @Test
@@ -1194,6 +1205,64 @@ public void testEmptyCustomClaims() {
     assertEquals("{}", map.get("customAttributes"));
   }
 
+  @Test
+  public void testLinkProvider() {
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
+    Map<String, Object> map = update
+        .setProviderToLink(USER_PROVIDER)
+        .getProperties(Utils.getDefaultJsonFactory());
+    assertEquals(2, map.size());
+    assertEquals(update.getUid(), map.get("localId"));
+    assertEquals(USER_PROVIDER, map.get("linkProviderUserInfo"));
+  }
+
+  @Test
+  public void testDeleteProvider() {
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
+    Map<String, Object> map = update
+        .setProvidersToUnlink(ImmutableList.of("google.com"))
+        .getProperties(Utils.getDefaultJsonFactory());
+    assertEquals(2, map.size());
+    assertEquals(update.getUid(), map.get("localId"));
+    assertEquals(ImmutableList.of("google.com"), map.get("deleteProvider"));
+  }
+
+  @Test
+  public void testDeleteProviderAndPhone() {
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
+    Map<String, Object> map = update
+        .setProvidersToUnlink(ImmutableList.of("google.com"))
+        .setPhoneNumber(null)
+        .getProperties(Utils.getDefaultJsonFactory());
+    assertEquals(2, map.size());
+    assertEquals(update.getUid(), map.get("localId"));
+    assertEquals(ImmutableList.of("google.com", "phone"), map.get("deleteProvider"));
+  }
+
+  @Test
+  public void testDoubleDeletePhoneProvider() throws Exception {
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("uid")
+        .setPhoneNumber(null);
+
+    try {
+      update.setProvidersToUnlink(ImmutableList.of("phone"));
+      fail("No error thrown for double delete phone provider");
+    } catch (IllegalArgumentException expected) {
+    }
+  }
+
+  @Test
+  public void testDoubleDeletePhoneProviderReverseOrder() throws Exception {
+    UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("uid")
+        .setProvidersToUnlink(ImmutableList.of("phone"));
+
+    try {
+      update.setPhoneNumber(null);
+      fail("No error thrown for double delete phone provider");
+    } catch (IllegalArgumentException expected) {
+    }
+  }
+
   @Test
   public void testDeleteDisplayName() {
     Map<String, Object> map = new UserRecord.UpdateRequest("test")

From 75b8cf81d0819b94bd72a80676cea2e58fece7bf Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 21 Apr 2021 16:24:36 -0400
Subject: [PATCH 050/354] Remove the failing integration tests (#528)

* Remove the failing integration test

- Remove the failing integration test added in #524 to test the nightly email notifications

* Comment out SHA1 tests until a fix is ready
---
 .../FirebaseProjectManagementIT.java          | 48 ++++++++++---------
 .../remoteconfig/FirebaseRemoteConfigIT.java  |  5 --
 2 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementIT.java b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementIT.java
index 976a0d53d..76da98797 100644
--- a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementIT.java
+++ b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementIT.java
@@ -34,7 +34,8 @@ public class FirebaseProjectManagementIT {
       "Created By Firebase AdminSDK Java Integration Testing";
   private static final String TEST_APP_BUNDLE_ID = "com.firebase.adminsdk-java-integration-test";
   private static final String TEST_APP_PACKAGE_NAME = "com.firebase.adminsdk_java_integration_test";
-  private static final String TEST_SHA1_CERTIFICATE = "1111111111111111111111111111111111111111";
+  // Commenting out SHA1 tests until we have a fix for b/185268518
+  // private static final String TEST_SHA1_CERTIFICATE = "1111111111111111111111111111111111111111";
   private static final String TEST_SHA256_CERTIFICATE =
       "AAAACCCCAAAACCCCAAAACCCCAAAACCCCAAAACCCCAAAACCCCAAAACCCCAAAACCCC";
   private static final Random random = new Random();
@@ -120,28 +121,29 @@ public void testAndroidCertificates() throws Exception {
     FirebaseProjectManagement projectManagement = FirebaseProjectManagement.getInstance();
     AndroidApp androidApp = projectManagement.getAndroidApp(testAndroidAppId);
 
-    // Use the Synchronous version of the API.
-    {
-      // Add SHA-1 certificate.
-      androidApp.createShaCertificate(ShaCertificate.create(TEST_SHA1_CERTIFICATE));
-      List<ShaCertificate> certificates = androidApp.getShaCertificates();
-      ShaCertificate expectedCertificate = null;
-      for (ShaCertificate certificate : certificates) {
-        if (certificate.getShaHash().equals(TEST_SHA1_CERTIFICATE.toLowerCase())) {
-          expectedCertificate  = certificate;
-        }
-      }
-      assertNotNull(expectedCertificate);
-      assertEquals(expectedCertificate.getCertType(), ShaCertificateType.SHA_1);
-
-      // Delete SHA-1 certificate.
-      androidApp.deleteShaCertificate(expectedCertificate);
-      for (ShaCertificate certificate : androidApp.getShaCertificates()) {
-        if (certificate.getShaHash().equals(TEST_SHA1_CERTIFICATE)) {
-          fail("Test SHA-1 certificate is not deleted.");
-        }
-      }
-    }
+    // Commenting out SHA1 tests until we have a fix for b/185268518
+    // // Use the Synchronous version of the API.
+    // {
+    //   // Add SHA-1 certificate.
+    //   androidApp.createShaCertificate(ShaCertificate.create(TEST_SHA1_CERTIFICATE));
+    //   List<ShaCertificate> certificates = androidApp.getShaCertificates();
+    //   ShaCertificate expectedCertificate = null;
+    //   for (ShaCertificate certificate : certificates) {
+    //     if (certificate.getShaHash().equals(TEST_SHA1_CERTIFICATE.toLowerCase())) {
+    //       expectedCertificate  = certificate;
+    //     }
+    //   }
+    //   assertNotNull(expectedCertificate);
+    //   assertEquals(expectedCertificate.getCertType(), ShaCertificateType.SHA_1);
+    //
+    //   // Delete SHA-1 certificate.
+    //   androidApp.deleteShaCertificate(expectedCertificate);
+    //   for (ShaCertificate certificate : androidApp.getShaCertificates()) {
+    //     if (certificate.getShaHash().equals(TEST_SHA1_CERTIFICATE)) {
+    //       fail("Test SHA-1 certificate is not deleted.");
+    //     }
+    //   }
+    // }
 
     // Use the asynchronous version of the API.
     {
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
index 54b7438c1..bb90c6cb9 100644
--- a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
@@ -53,11 +53,6 @@ public static void setUpClass() {
     remoteConfig = FirebaseRemoteConfig.getInstance(IntegrationTestUtils.ensureDefaultApp());
   }
 
-  @Test
-  public void testToTriggerNightlyEmailNotifications() {
-    assertEquals("a", "b");
-  }
-
   @Test
   public void testValidateTemplate() throws FirebaseRemoteConfigException {
     final Template inputTemplate = remoteConfig.getTemplate();

From 3e5c57d92d658c850f0d2506e22bc4b109ba27f9 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Wed, 21 Apr 2021 14:27:05 -0700
Subject: [PATCH 051/354] Revert "feat: enables OIDC auth code flow (#522)"
 (#529)

This reverts commit 42bb217bfbe3d7c7d753b35c5ad5af8f951cfd1e.
---
 .../firebase/auth/OidcProviderConfig.java     | 114 ------------------
 .../google/firebase/auth/FirebaseAuthIT.java  |  21 +---
 .../auth/FirebaseUserManagerTest.java         |  39 +-----
 .../firebase/auth/OidcProviderConfigTest.java |  81 +------------
 .../TenantAwareFirebaseAuthIT.java            |  21 +---
 src/test/resources/listOidc.json              |  14 +--
 src/test/resources/oidc.json                  |   7 +-
 7 files changed, 17 insertions(+), 280 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/OidcProviderConfig.java b/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
index 0a4f7c0b8..26931788e 100644
--- a/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
+++ b/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
@@ -18,11 +18,8 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 
-import com.google.api.client.json.GenericJson;
 import com.google.api.client.util.Key;
 import com.google.common.base.Strings;
-import java.util.HashMap;
-import java.util.Map;
 
 /**
  * Contains metadata associated with an OIDC Auth provider.
@@ -34,35 +31,17 @@ public final class OidcProviderConfig extends ProviderConfig {
   @Key("clientId")
   private String clientId;
 
-  @Key("clientSecret")
-  private String clientSecret;
-
   @Key("issuer")
   private String issuer;
 
-  @Key("responseType")
-  private GenericJson responseType;
-
   public String getClientId() {
     return clientId;
   }
 
-  public String getClientSecret() {
-    return clientSecret;
-  }
-
   public String getIssuer() {
     return issuer;
   }
 
-  public boolean isCodeResponseType() {
-    return (responseType.containsKey("code") && (boolean) responseType.get("code"));
-  }
-
-  public boolean isIdTokenResponseType() {
-    return (responseType.containsKey("idToken") && (boolean) responseType.get("idToken"));
-  }
-
   /**
    * Returns a new {@link UpdateRequest}, which can be used to update the attributes of this
    * provider config.
@@ -79,13 +58,6 @@ static void checkOidcProviderId(String providerId) {
         "Invalid OIDC provider ID (must be prefixed with 'oidc.'): " + providerId);
   }
 
-  static Map<String, Boolean> ensureResponseType(Map<String,Object> properties) {
-    if (properties.get("responseType") == null) {
-      properties.put("responseType", new HashMap<String, Boolean>());
-    }
-    return (Map<String, Boolean>) properties.get("responseType");
-  }
-
   /**
    * A specification class for creating a new OIDC Auth provider.
    *
@@ -127,19 +99,6 @@ public CreateRequest setClientId(String clientId) {
       return this;
     }
 
-    /**
-     * Sets the client secret for the new provider. This is required for the code flow.
-     *
-     * @param clientSecret A non-null, non-empty client secret string.
-     * @throws IllegalArgumentException If the client secret is null or empty.
-     */
-    public CreateRequest setClientSecret(String clientSecret) {
-      checkArgument(!Strings.isNullOrEmpty(clientSecret),
-          "Client Secret must not be null or empty.");
-      properties.put("clientSecret", clientSecret);
-      return this;
-    }
-
     /**
      * Sets the issuer for the new provider.
      *
@@ -154,36 +113,6 @@ public CreateRequest setIssuer(String issuer) {
       return this;
     }
 
-    /**
-     * Sets whether to enable the code response flow for the new provider. By default, this is not
-     * enabled if no response type is specified.
-     *
-     * <p>A client secret must be set for this response type.
-     *
-     * <p>Having both the code and ID token response flows is currently not supported.
-     *
-     * @param enabled A boolean signifying whether the code response type is supported.
-     */
-    public CreateRequest setCodeResponseType(boolean enabled) {
-      Map<String, Boolean> map = ensureResponseType(properties);
-      map.put("code", enabled);
-      return this;
-    }
-
-    /**
-     * Sets whether to enable the ID token response flow for the new provider. By default, this is
-     * enabled if no response type is specified.
-     *
-     * <p>Having both the code and ID token response flows is currently not supported.
-     *
-     * @param enabled A boolean signifying whether the ID token response type is supported.
-     */
-    public CreateRequest setIdTokenResponseType(boolean enabled) {
-      Map<String, Boolean> map = ensureResponseType(properties);
-      map.put("idToken", enabled);
-      return this;
-    }
-
     CreateRequest getThis() {
       return this;
     }
@@ -227,19 +156,6 @@ public UpdateRequest setClientId(String clientId) {
       return this;
     }
 
-    /**
-     * Sets the client secret for the new provider. This is required for the code flow.
-     *
-     * @param clientSecret A non-null, non-empty client secret string.
-     * @throws IllegalArgumentException If the client secret is null or empty.
-     */
-    public UpdateRequest setClientSecret(String clientSecret) {
-      checkArgument(!Strings.isNullOrEmpty(clientSecret),
-          "Client Secret must not be null or empty.");
-      properties.put("clientSecret", clientSecret);
-      return this;
-    }
-
     /**
      * Sets the issuer for the existing provider.
      *
@@ -254,36 +170,6 @@ public UpdateRequest setIssuer(String issuer) {
       return this;
     }
 
-    /**
-     * Sets whether to enable the code response flow for the new provider. By default, this is not
-     * enabled if no response type is specified.
-     *
-     * <p>A client secret must be set for this response type.
-     *
-     * <p>Having both the code and ID token response flows is currently not supported.
-     *
-     * @param enabled A boolean signifying whether the code response type is supported.
-     */
-    public UpdateRequest setCodeResponseType(boolean enabled) {
-      Map<String, Boolean> map = ensureResponseType(properties);
-      map.put("code", enabled);
-      return this;
-    }
-
-    /**
-     * Sets whether to enable the ID token response flow for the new provider. By default, this is
-     * enabled if no response type is specified.
-     *
-     * <p>Having both the code and ID token response flows is currently not supported.
-     *
-     * @param enabled A boolean signifying whether the ID token response type is supported.
-     */
-    public UpdateRequest setIdTokenResponseType(boolean enabled) {
-      Map<String, Boolean> map = ensureResponseType(properties);
-      map.put("idToken", enabled);
-      return this;
-    }
-
     UpdateRequest getThis() {
       return this;
     }
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index 0d65d515f..7d02d3536 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -792,19 +792,12 @@ public void testOidcProviderConfigLifecycle() throws Exception {
             .setDisplayName("DisplayName")
             .setEnabled(true)
             .setClientId("ClientId")
-            .setClientSecret("ClientSecret")
-            .setIssuer("https://oidc.com/issuer")
-            .setCodeResponseType(true)
-            .setIdTokenResponseType(false));
-
+            .setIssuer("https://oidc.com/issuer"));
     assertEquals(providerId, config.getProviderId());
     assertEquals("DisplayName", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("ClientId", config.getClientId());
-    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
-    assertTrue(config.isCodeResponseType());
-    assertFalse(config.isIdTokenResponseType());
 
     // Get provider config
     config = auth.getOidcProviderConfigAsync(providerId).get();
@@ -812,10 +805,7 @@ public void testOidcProviderConfigLifecycle() throws Exception {
     assertEquals("DisplayName", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("ClientId", config.getClientId());
-    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
-    assertTrue(config.isCodeResponseType());
-    assertFalse(config.isIdTokenResponseType());
 
     // Update provider config
     OidcProviderConfig.UpdateRequest updateRequest =
@@ -823,20 +813,13 @@ public void testOidcProviderConfigLifecycle() throws Exception {
             .setDisplayName("NewDisplayName")
             .setEnabled(false)
             .setClientId("NewClientId")
-            .setClientSecret("NewClientSecret")
-            .setIssuer("https://oidc.com/new-issuer")
-            .setCodeResponseType(false)
-            .setIdTokenResponseType(true);
-
+            .setIssuer("https://oidc.com/new-issuer");
     config = auth.updateOidcProviderConfigAsync(updateRequest).get();
     assertEquals(providerId, config.getProviderId());
     assertEquals("NewDisplayName", config.getDisplayName());
     assertFalse(config.isEnabled());
     assertEquals("NewClientId", config.getClientId());
-    assertEquals("NewClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/new-issuer", config.getIssuer());
-    assertTrue(config.isIdTokenResponseType());
-    assertFalse(config.isCodeResponseType());
 
     // Delete provider config
     temporaryProviderConfig.deleteOidcProviderConfig(providerId);
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index 4014e053d..bbe8b2e3a 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -1615,10 +1615,7 @@ public void testCreateOidcProvider() throws Exception {
             .setDisplayName("DISPLAY_NAME")
             .setEnabled(true)
             .setClientId("CLIENT_ID")
-            .setClientSecret("CLIENT_SECRET")
-            .setIssuer("https://oidc.com/issuer")
-            .setCodeResponseType(true)
-            .setIdTokenResponseType(true);
+            .setIssuer("https://oidc.com/issuer");
 
     OidcProviderConfig config = FirebaseAuth.getInstance().createOidcProviderConfig(createRequest);
 
@@ -1629,13 +1626,7 @@ public void testCreateOidcProvider() throws Exception {
     assertEquals("DISPLAY_NAME", parsed.get("displayName"));
     assertTrue((boolean) parsed.get("enabled"));
     assertEquals("CLIENT_ID", parsed.get("clientId"));
-    assertEquals("CLIENT_SECRET", parsed.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
-
-    Map<String, Boolean> responseType = (Map<String, Boolean>) parsed.get("responseType");
-    assertTrue(responseType.get("code"));
-    assertTrue(responseType.get("idToken"));
-
     GenericUrl url = interceptor.getResponse().getRequest().getUrl();
     assertEquals("oidc.provider-id", url.getFirst("oauthIdpConfigId"));
   }
@@ -1649,10 +1640,7 @@ public void testCreateOidcProviderAsync() throws Exception {
             .setDisplayName("DISPLAY_NAME")
             .setEnabled(true)
             .setClientId("CLIENT_ID")
-            .setClientSecret("CLIENT_SECRET")
-            .setIssuer("https://oidc.com/issuer")
-            .setCodeResponseType(true)
-            .setIdTokenResponseType(true);
+            .setIssuer("https://oidc.com/issuer");
 
     OidcProviderConfig config =
         FirebaseAuth.getInstance().createOidcProviderConfigAsync(createRequest).get();
@@ -1664,13 +1652,7 @@ public void testCreateOidcProviderAsync() throws Exception {
     assertEquals("DISPLAY_NAME", parsed.get("displayName"));
     assertTrue((boolean) parsed.get("enabled"));
     assertEquals("CLIENT_ID", parsed.get("clientId"));
-    assertEquals("CLIENT_SECRET", parsed.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
-
-    Map<String, Boolean> responseType = (Map<String, Boolean>) parsed.get("responseType");
-    assertTrue(responseType.get("code"));
-    assertTrue(responseType.get("idToken"));
-
     GenericUrl url = interceptor.getResponse().getRequest().getUrl();
     assertEquals("oidc.provider-id", url.getFirst("oauthIdpConfigId"));
   }
@@ -1873,10 +1855,7 @@ public void testTenantAwareUpdateOidcProvider() throws Exception {
             .setDisplayName("DISPLAY_NAME")
             .setEnabled(true)
             .setClientId("CLIENT_ID")
-            .setClientSecret("CLIENT_SECRET")
-            .setIssuer("https://oidc.com/issuer")
-            .setCodeResponseType(true)
-            .setIdTokenResponseType(true);
+            .setIssuer("https://oidc.com/issuer");
 
     OidcProviderConfig config = tenantAwareAuth.updateOidcProviderConfig(request);
 
@@ -1885,18 +1864,12 @@ public void testTenantAwareUpdateOidcProvider() throws Exception {
     String expectedUrl = TENANTS_BASE_URL + "/TENANT_ID/oauthIdpConfigs/oidc.provider-id";
     checkUrl(interceptor, "PATCH", expectedUrl);
     GenericUrl url = interceptor.getResponse().getRequest().getUrl();
-    assertEquals("clientId,clientSecret,displayName,enabled,issuer,responseType.code,"
-        + "responseType.idToken", url.getFirst("updateMask"));
+    assertEquals("clientId,displayName,enabled,issuer", url.getFirst("updateMask"));
     GenericJson parsed = parseRequestContent(interceptor);
     assertEquals("DISPLAY_NAME", parsed.get("displayName"));
     assertTrue((boolean) parsed.get("enabled"));
     assertEquals("CLIENT_ID", parsed.get("clientId"));
-    assertEquals("CLIENT_SECRET", parsed.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
-
-    Map<String, Boolean> responseType = (Map<String, Boolean>) parsed.get("responseType");
-    assertTrue(responseType.get("code"));
-    assertTrue(responseType.get("idToken"));
   }
 
   @Test
@@ -2975,10 +2948,7 @@ private static void checkOidcProviderConfig(OidcProviderConfig config, String pr
     assertEquals("DISPLAY_NAME", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("CLIENT_ID", config.getClientId());
-    assertEquals("CLIENT_SECRET", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
-    assertTrue(config.isCodeResponseType());
-    assertFalse(config.isIdTokenResponseType());
   }
 
   private static void checkSamlProviderConfig(SamlProviderConfig config, String providerId) {
@@ -3010,4 +2980,5 @@ private static void checkUrl(TestResponseInterceptor interceptor, String method,
   private interface UserManagerOp {
     void call(FirebaseAuth auth) throws Exception;
   }
+
 }
diff --git a/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java b/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
index b8a5d5078..1fb4ca37b 100644
--- a/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
+++ b/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
@@ -18,13 +18,11 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import java.io.IOException;
-import java.util.HashMap;
 import java.util.Map;
 import org.junit.Test;
 
@@ -38,12 +36,7 @@ public class OidcProviderConfigTest {
         + "  'displayName': 'DISPLAY_NAME',"
         + "  'enabled':      true,"
         + "  'clientId':    'CLIENT_ID',"
-        + "  'clientSecret':'CLIENT_SECRET',"
-        + "  'issuer':      'https://oidc.com/issuer',"
-        + "  'responseType': {"
-        + "    'code':  true,"
-        + "    'idToken': false"
-        + "   }"
+        + "  'issuer':      'https://oidc.com/issuer'"
         + "}").replace("'", "\"");
 
   @Test
@@ -54,35 +47,7 @@ public void testJsonDeserialization() throws IOException {
     assertEquals("DISPLAY_NAME", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("CLIENT_ID", config.getClientId());
-    assertEquals("CLIENT_SECRET", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
-    assertTrue(config.isCodeResponseType());
-    assertFalse(config.isIdTokenResponseType());
-  }
-
-  @Test
-  public void testEnsureResponseType() {
-    Map<String, Object> properties = new HashMap<>();
-
-    Map<String, Boolean> responseType = OidcProviderConfig.ensureResponseType(properties);
-
-    assertNotNull(responseType);
-    assertEquals(responseType, properties.get("responseType"));
-  }
-
-  @Test
-  public void testEnsureResponseTypeAlreadyPresent() {
-    Map<String, Object> properties = new HashMap<>();
-    Map<String, Boolean> responseType = new HashMap<>();
-    responseType.put("code", true);
-    properties.put("responseType", responseType);
-
-    Map<String, Boolean> returnedResponseType = OidcProviderConfig.ensureResponseType(properties);
-
-    assertEquals(responseType, returnedResponseType);
-    assertTrue(returnedResponseType.get("code"));
-    assertEquals(returnedResponseType.size(), 1);
-    assertEquals(responseType, properties.get("responseType"));
   }
 
   @Test
@@ -93,23 +58,15 @@ public void testCreateRequest() throws IOException {
       .setDisplayName("DISPLAY_NAME")
       .setEnabled(false)
       .setClientId("CLIENT_ID")
-      .setClientSecret("CLIENT_SECRET")
-      .setIssuer("https://oidc.com/issuer")
-      .setCodeResponseType(true)
-      .setIdTokenResponseType(false);
+      .setIssuer("https://oidc.com/issuer");
 
     assertEquals("oidc.provider-id", createRequest.getProviderId());
     Map<String,Object> properties = createRequest.getProperties();
-    assertEquals(properties.size(), 6);
+    assertEquals(properties.size(), 4);
     assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
     assertFalse((boolean) properties.get("enabled"));
     assertEquals("CLIENT_ID", (String) properties.get("clientId"));
-    assertEquals("CLIENT_SECRET", properties.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", (String) properties.get("issuer"));
-
-    Map<String, Boolean> responseType = (Map<String, Boolean>) properties.get("responseType");
-    assertTrue(responseType.get("code"));
-    assertFalse(responseType.get("idToken"));
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -142,16 +99,6 @@ public void testCreateRequestInvalidIssuerUrl() {
     new OidcProviderConfig.CreateRequest().setIssuer("not a valid url");
   }
 
-  @Test(expected = IllegalArgumentException.class)
-  public void testCreateRequestMissingClientSecret() {
-    new OidcProviderConfig.CreateRequest().setClientSecret(null);
-  }
-
-  @Test(expected = IllegalArgumentException.class)
-  public void testCreateRequestEmptyClientSecret() {
-    new OidcProviderConfig.CreateRequest().setClientSecret("");
-  }
-
   @Test
   public void testUpdateRequestFromOidcProviderConfig() throws IOException {
     OidcProviderConfig config = jsonFactory.fromString(OIDC_JSON_STRING, OidcProviderConfig.class);
@@ -170,23 +117,15 @@ public void testUpdateRequest() throws IOException {
       .setDisplayName("DISPLAY_NAME")
       .setEnabled(false)
       .setClientId("CLIENT_ID")
-      .setClientSecret("CLIENT_SECRET")
-      .setIssuer("https://oidc.com/issuer")
-      .setCodeResponseType(true)
-      .setIdTokenResponseType(false);
+      .setIssuer("https://oidc.com/issuer");
 
     assertEquals("oidc.provider-id", updateRequest.getProviderId());
     Map<String,Object> properties = updateRequest.getProperties();
-    assertEquals(properties.size(), 6);
+    assertEquals(properties.size(), 4);
     assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
     assertFalse((boolean) properties.get("enabled"));
     assertEquals("CLIENT_ID", (String) properties.get("clientId"));
-    assertEquals("CLIENT_SECRET", (String) properties.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", (String) properties.get("issuer"));
-
-    Map<String, Boolean> responseType = (Map<String, Boolean>) properties.get("responseType");
-    assertTrue(responseType.get("code"));
-    assertFalse(responseType.get("idToken"));
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -218,14 +157,4 @@ public void testUpdateRequestMissingIssuer() {
   public void testUpdateRequestInvalidIssuerUrl() {
     new OidcProviderConfig.UpdateRequest("oidc.provider-id").setIssuer("not a valid url");
   }
-
-  @Test(expected = IllegalArgumentException.class)
-  public void testUpdateRequestMissingClientSecret() {
-    new OidcProviderConfig.UpdateRequest("oidc.provider-id").setClientSecret(null);
-  }
-
-  @Test(expected = IllegalArgumentException.class)
-  public void testUpdateRequestEmptyClientSecret() {
-    new OidcProviderConfig.UpdateRequest("oidc.provider-id").setClientSecret("");
-  }
 }
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
index 3c4578e20..1ebac213f 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
@@ -279,28 +279,18 @@ public void testOidcProviderConfigLifecycle() throws Exception {
               .setDisplayName("DisplayName")
               .setEnabled(true)
               .setClientId("ClientId")
-              .setClientSecret("ClientSecret")
-              .setIssuer("https://oidc.com/issuer")
-              .setCodeResponseType(true)
-              .setIdTokenResponseType(false));
-
+              .setIssuer("https://oidc.com/issuer"));
     assertEquals(providerId, config.getProviderId());
     assertEquals("DisplayName", config.getDisplayName());
     assertEquals("ClientId", config.getClientId());
-    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
-    assertTrue(config.isCodeResponseType());
-    assertFalse(config.isIdTokenResponseType());
 
     // Get provider config
     config = tenantAwareAuth.getOidcProviderConfigAsync(providerId).get();
     assertEquals(providerId, config.getProviderId());
     assertEquals("DisplayName", config.getDisplayName());
     assertEquals("ClientId", config.getClientId());
-    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
-    assertTrue(config.isCodeResponseType());
-    assertFalse(config.isIdTokenResponseType());
 
     // Update provider config
     OidcProviderConfig.UpdateRequest updateRequest =
@@ -308,20 +298,13 @@ public void testOidcProviderConfigLifecycle() throws Exception {
             .setDisplayName("NewDisplayName")
             .setEnabled(false)
             .setClientId("NewClientId")
-            .setClientSecret("NewClientSecret")
-            .setIssuer("https://oidc.com/new-issuer")
-            .setCodeResponseType(false)
-            .setIdTokenResponseType(true);
-
+            .setIssuer("https://oidc.com/new-issuer");
     config = tenantAwareAuth.updateOidcProviderConfigAsync(updateRequest).get();
     assertEquals(providerId, config.getProviderId());
     assertEquals("NewDisplayName", config.getDisplayName());
     assertFalse(config.isEnabled());
     assertEquals("NewClientId", config.getClientId());
-    assertEquals("NewClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/new-issuer", config.getIssuer());
-    assertFalse(config.isCodeResponseType());
-    assertTrue(config.isIdTokenResponseType());
 
     // Delete provider config
     temporaryProviderConfig.deleteOidcProviderConfig(providerId);
diff --git a/src/test/resources/listOidc.json b/src/test/resources/listOidc.json
index 82a2f7669..0c13ea48b 100644
--- a/src/test/resources/listOidc.json
+++ b/src/test/resources/listOidc.json
@@ -4,22 +4,12 @@
     "displayName" : "DISPLAY_NAME",
     "enabled" : true,
     "clientId" : "CLIENT_ID",
-    "clientSecret" : "CLIENT_SECRET",
-    "issuer" : "https://oidc.com/issuer",
-    "responseType" : {
-      "code": true,
-      "idToken": false
-    }
+    "issuer" : "https://oidc.com/issuer"
   }, {
     "name": "projects/projectId/oauthIdpConfigs/oidc.provider-id2",
     "displayName" : "DISPLAY_NAME",
     "enabled" : true,
     "clientId" : "CLIENT_ID",
-    "clientSecret" : "CLIENT_SECRET",
-    "issuer" : "https://oidc.com/issuer",
-    "responseType" : {
-      "code": true,
-      "idToken": false
-    }
+    "issuer" : "https://oidc.com/issuer"
   } ]
 }
diff --git a/src/test/resources/oidc.json b/src/test/resources/oidc.json
index 0aed0df50..e2f1845de 100644
--- a/src/test/resources/oidc.json
+++ b/src/test/resources/oidc.json
@@ -3,10 +3,5 @@
   "displayName" : "DISPLAY_NAME",
   "enabled" : true,
   "clientId" : "CLIENT_ID",
-  "clientSecret" : "CLIENT_SECRET",
-  "issuer" : "https://oidc.com/issuer",
-  "responseType" : {
-    "code": true,
-    "idToken": false
-  }
+  "issuer" : "https://oidc.com/issuer"
 }

From 1c82a9d26ad162984beea5a43cd61e481b98499e Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 28 Apr 2021 14:07:55 -0400
Subject: [PATCH 052/354] [chore] Release 7.2.0 (#530)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2d7deaa2f..82a0cca40 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>7.1.1</version>
+    <version>7.2.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From dadefb5b6c053f9ced6fcce532e9a6e2bf4cfe01 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Wed, 28 Apr 2021 13:17:42 -0700
Subject: [PATCH 053/354] chore: Setup a Dependabot for dependency updates
 (#534)

Hopefully this prevent dependencies falling behind. Related to #533
---
 .github/dependabot.yml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..04ceb6e86
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "weekly"

From a4aa710385a77cf6d61f7aafca4fd1e53d26434d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Apr 2021 13:23:28 -0700
Subject: [PATCH 054/354] chore(deps): bump maven-compiler-plugin from 3.6.1 to
 3.8.1 (#535)

Bumps [maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.6.1 to 3.8.1.
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](https://github.com/apache/maven-compiler-plugin/compare/maven-compiler-plugin-3.6.1...maven-compiler-plugin-3.8.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 82a0cca40..79d296354 100644
--- a/pom.xml
+++ b/pom.xml
@@ -279,7 +279,7 @@
             <!-- Compile Phase -->
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.6.1</version>
+                <version>3.8.1</version>
                 <configuration>
                     <source>1.7</source>
                     <target>1.7</target>

From 2569f8a7de392414cc08e0d16fa8e04d4dbc3eac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Apr 2021 13:24:54 -0700
Subject: [PATCH 055/354] chore(deps): bump slf4j-api from 1.7.25 to 1.7.30
 (#536)

Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.25 to 1.7.30.
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](https://github.com/qos-ch/slf4j/compare/v_1.7.25...v_1.7.30)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 79d296354..aeee85f25 100644
--- a/pom.xml
+++ b/pom.xml
@@ -446,7 +446,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.25</version>
+            <version>1.7.30</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From fa51bb3149e715a75baa1e1550813cb7e60c7349 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Apr 2021 13:27:45 -0700
Subject: [PATCH 056/354] chore(deps-dev): bump junit from 4.12 to 4.13.2
 (#538)

Bumps [junit](https://github.com/junit-team/junit4) from 4.12 to 4.13.2.
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.12.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.12...r4.13.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index aeee85f25..210e5db1b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -480,7 +480,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
+            <version>4.13.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From 3940859b77180a4c67fc2fedd6e709e6a870ac33 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Apr 2021 15:29:55 -0700
Subject: [PATCH 057/354] chore(deps): bump google-api-client-bom from 1.30.10
 to 1.31.4 (#537)

* chore(deps): bump google-api-client-bom from 1.30.10 to 1.31.4

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 1.30.10 to 1.31.4.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/master/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.30.10...v1.31.4)

Signed-off-by: dependabot[bot] <support@github.com>

* fix: Forcing the Jackson2 parser for; Removing direct invocation of API client Utils

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Hiranya Jayathilaka <hiranya911@gmail.com>
---
 pom.xml                                       |  2 +-
 .../java/com/google/firebase/FirebaseApp.java |  4 ++--
 .../com/google/firebase/FirebaseOptions.java  | 12 +++++------
 .../firebase/internal/ApiClientUtils.java     | 14 +++++++++++++
 .../firebase/remoteconfig/Template.java       |  6 +++---
 .../firebase/OutgoingHttpRequestTest.java     |  5 +++--
 .../google/firebase/auth/FirebaseAuthIT.java  |  6 +++---
 .../auth/FirebaseCustomTokenTest.java         |  7 +++----
 .../auth/FirebaseUserManagerTest.java         | 12 +++++------
 .../firebase/auth/ImportUserRecordTest.java   |  5 +++--
 .../auth/ListProviderConfigsPageTest.java     |  5 +++--
 .../firebase/auth/ListUsersPageTest.java      |  8 ++++----
 .../firebase/auth/OidcProviderConfigTest.java |  5 +++--
 .../firebase/auth/SamlProviderConfigTest.java |  5 +++--
 .../firebase/auth/TestTokenFactory.java       |  5 +++--
 .../firebase/auth/UserProviderTest.java       |  5 +++--
 .../google/firebase/auth/UserRecordTest.java  |  4 ++--
 .../auth/internal/CryptoSignersTest.java      | 18 ++++++++---------
 .../ListOidcProviderConfigsResponseTest.java  |  4 ++--
 .../ListSamlProviderConfigsResponseTest.java  |  4 ++--
 .../internal/ListTenantsResponseTest.java     |  4 ++--
 .../FirebaseTenantClientTest.java             |  8 +++++---
 .../multitenancy/ListTenantsPageTest.java     |  5 +++--
 .../TenantAwareFirebaseAuthIT.java            |  6 +++---
 .../TenantAwareFirebaseAuthTest.java          |  6 +++---
 .../auth/multitenancy/TenantTest.java         |  7 ++++---
 .../AbstractPlatformErrorHandlerTest.java     |  6 +++---
 .../internal/ErrorHandlingHttpClientTest.java | 11 +++++-----
 .../FirebaseMessagingClientImplTest.java      | 11 +++++-----
 .../messaging/InstanceIdClientImplTest.java   |  9 +++++----
 .../firebase/messaging/MessageTest.java       |  7 ++++---
 ...ebaseProjectManagementServiceImplTest.java |  4 ++--
 .../FirebaseRemoteConfigClientImplTest.java   |  9 +++++----
 .../testing/IntegrationTestUtils.java         | 20 ++++++++++---------
 34 files changed, 139 insertions(+), 110 deletions(-)

diff --git a/pom.xml b/pom.xml
index 210e5db1b..f5946da6f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -400,7 +400,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.30.10</version>
+                <version>1.31.4</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
diff --git a/src/main/java/com/google/firebase/FirebaseApp.java b/src/main/java/com/google/firebase/FirebaseApp.java
index 06188cd55..d525d0673 100644
--- a/src/main/java/com/google/firebase/FirebaseApp.java
+++ b/src/main/java/com/google/firebase/FirebaseApp.java
@@ -21,7 +21,6 @@
 import static com.google.common.base.Preconditions.checkState;
 import static com.google.firebase.FirebaseOptions.APPLICATION_DEFAULT_CREDENTIALS;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.JsonParser;
 import com.google.api.core.ApiFuture;
@@ -35,6 +34,7 @@
 import com.google.common.base.MoreObjects;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.FirebaseScheduledExecutor;
 import com.google.firebase.internal.FirebaseService;
 import com.google.firebase.internal.ListenableFuture2ApiFuture;
@@ -569,7 +569,7 @@ private static FirebaseOptions getOptionsFromEnvironment() throws IOException {
           .setCredentials(APPLICATION_DEFAULT_CREDENTIALS)
           .build();
     }
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+    JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
     FirebaseOptions.Builder builder = FirebaseOptions.builder();
     JsonParser parser;
     if (defaultConfig.startsWith("{")) {
diff --git a/src/main/java/com/google/firebase/FirebaseOptions.java b/src/main/java/com/google/firebase/FirebaseOptions.java
index 6ee074d6f..f13f022db 100644
--- a/src/main/java/com/google/firebase/FirebaseOptions.java
+++ b/src/main/java/com/google/firebase/FirebaseOptions.java
@@ -19,7 +19,6 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.HttpTransport;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.util.Key;
@@ -29,6 +28,7 @@
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableList;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.FirebaseThreadManagers;
 import com.google.firebase.internal.NonNull;
 import com.google.firebase.internal.Nullable;
@@ -234,18 +234,18 @@ public Builder toBuilder() {
   }
 
   /**
-   * Builder for constructing {@link FirebaseOptions}. 
+   * Builder for constructing {@link FirebaseOptions}.
    */
   public static final class Builder {
     @Key("databaseAuthVariableOverride")
     private Map<String, Object> databaseAuthVariableOverride = new HashMap<>();
-    
+
     @Key("databaseUrl")
     private String databaseUrl;
 
     @Key("projectId")
     private String projectId;
-    
+
     @Key("storageBucket")
     private String storageBucket;
 
@@ -253,8 +253,8 @@ public static final class Builder {
     private String serviceAccountId;
     private Supplier<GoogleCredentials> credentialsSupplier;
     private FirestoreOptions firestoreOptions;
-    private HttpTransport httpTransport = Utils.getDefaultTransport();
-    private JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+    private HttpTransport httpTransport = ApiClientUtils.getDefaultTransport();
+    private JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
     private ThreadManager threadManager = FirebaseThreadManagers.DEFAULT_THREAD_MANAGER;
     private int connectTimeout;
     private int readTimeout;
diff --git a/src/main/java/com/google/firebase/internal/ApiClientUtils.java b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
index f2724196b..723fc6d52 100644
--- a/src/main/java/com/google/firebase/internal/ApiClientUtils.java
+++ b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
@@ -16,9 +16,12 @@
 
 package com.google.firebase.internal;
 
+import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpResponse;
 import com.google.api.client.http.HttpTransport;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.json.jackson2.JacksonFactory;
 import com.google.common.collect.ImmutableList;
 import com.google.firebase.FirebaseApp;
 
@@ -76,4 +79,15 @@ public static void disconnectQuietly(HttpResponse response) {
       }
     }
   }
+
+  public static JsonFactory getDefaultJsonFactory() {
+    // Force using the Jackson2 parser for this project for now. Eventually we should switch
+    // to Gson, but there are some issues that's preventing this migration at the moment.
+    // See https://github.com/googleapis/google-api-java-client/issues/1779 for details.
+    return JacksonFactory.getDefaultInstance();
+  }
+
+  public static HttpTransport getDefaultTransport() {
+    return Utils.getDefaultTransport();
+  }
 }
diff --git a/src/main/java/com/google/firebase/remoteconfig/Template.java b/src/main/java/com/google/firebase/remoteconfig/Template.java
index 24bd68a5b..d94cfc89e 100644
--- a/src/main/java/com/google/firebase/remoteconfig/Template.java
+++ b/src/main/java/com/google/firebase/remoteconfig/Template.java
@@ -19,10 +19,10 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.common.base.Strings;
 import com.google.firebase.ErrorCode;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.NonNull;
 import com.google.firebase.remoteconfig.internal.TemplateResponse;
 
@@ -100,7 +100,7 @@ public Template(String etag) {
   public static Template fromJSON(@NonNull String json) throws FirebaseRemoteConfigException {
     checkArgument(!Strings.isNullOrEmpty(json), "JSON String must not be null or empty.");
     // using the default json factory as no rpc calls are made here
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+    JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
     try {
       TemplateResponse templateResponse = jsonFactory.createJsonParser(json)
               .parseAndClose(TemplateResponse.class);
@@ -219,7 +219,7 @@ public Template setVersion(Version version) {
    * @return A JSON-serializable representation of this {@link Template} instance.
    */
   public String toJSON() {
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+    JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
     try {
       return jsonFactory.toString(this.toTemplateResponse(true));
     } catch (IOException e) {
diff --git a/src/test/java/com/google/firebase/OutgoingHttpRequestTest.java b/src/test/java/com/google/firebase/OutgoingHttpRequestTest.java
index 792d621f5..ffd17f057 100644
--- a/src/test/java/com/google/firebase/OutgoingHttpRequestTest.java
+++ b/src/test/java/com/google/firebase/OutgoingHttpRequestTest.java
@@ -21,13 +21,14 @@
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpMethods;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.json.JsonHttpContent;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.IOException;
 import org.junit.Test;
 
@@ -73,7 +74,7 @@ public void testOutgoingHttpRequest() {
   @Test
   public void testOutgoingHttpRequestWithContent() throws IOException {
     JsonHttpContent streamingContent = new JsonHttpContent(
-        Utils.getDefaultJsonFactory(),
+        ApiClientUtils.getDefaultJsonFactory(),
         ImmutableMap.of("key", "value"));
     HttpRequest httpRequest = new MockHttpTransport().createRequestFactory()
         .buildPostRequest(new GenericUrl(TEST_URL), streamingContent);
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index 7d02d3536..f8e454af6 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -24,7 +24,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpResponse;
@@ -52,6 +51,7 @@
 import com.google.firebase.auth.UserTestUtils.RandomUser;
 import com.google.firebase.auth.UserTestUtils.TemporaryUser;
 import com.google.firebase.auth.hash.Scrypt;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.Nullable;
 import com.google.firebase.testing.IntegrationTestUtils;
 import java.io.IOException;
@@ -79,8 +79,8 @@ public class FirebaseAuthIT {
       "https://www.googleapis.com/identitytoolkit/v3/relyingparty/resetPassword";
   private static final String EMAIL_LINK_SIGN_IN_URL =
       "https://www.googleapis.com/identitytoolkit/v3/relyingparty/emailLinkSignin";
-  private static final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-  private static final HttpTransport transport = Utils.getDefaultTransport();
+  private static final JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
+  private static final HttpTransport transport = ApiClientUtils.getDefaultTransport();
   private static final String ACTION_LINK_CONTINUE_URL = "http://localhost/?a=1&b=2#c=3";
 
   private static final FirebaseAuth auth = FirebaseAuth.getInstance(
diff --git a/src/test/java/com/google/firebase/auth/FirebaseCustomTokenTest.java b/src/test/java/com/google/firebase/auth/FirebaseCustomTokenTest.java
index 5e37161cd..b51fe0c7b 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseCustomTokenTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseCustomTokenTest.java
@@ -21,7 +21,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.HttpTransport;
 import com.google.api.client.http.LowLevelHttpRequest;
 import com.google.api.client.json.gson.GsonFactory;
@@ -36,9 +35,9 @@
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.internal.FirebaseCustomAuthToken;
 import com.google.firebase.database.MapBuilder;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.ServiceAccount;
-import com.google.firebase.testing.TestUtils;
 import java.io.IOException;
 import java.util.List;
 import org.junit.After;
@@ -91,7 +90,7 @@ public void testCreateCustomTokenWithDeveloperClaims() throws Exception {
   @Test
   public void testCreateCustomTokenWithoutServiceAccountCredentials() throws Exception {
     MockLowLevelHttpResponse response = new MockLowLevelHttpResponse();
-    String content = Utils.getDefaultJsonFactory().toString(
+    String content = ApiClientUtils.getDefaultJsonFactory().toString(
         ImmutableMap.of("signedBlob", BaseEncoding.base64().encode("test-signature".getBytes())));
     response.setContent(content);
     MockHttpTransport transport = new MultiRequestMockHttpTransport(ImmutableList.of(response));
@@ -116,7 +115,7 @@ public void testCreateCustomTokenWithoutServiceAccountCredentials() throws Excep
 
   @Test
   public void testCreateCustomTokenWithDiscoveredServiceAccount() throws Exception {
-    String content = Utils.getDefaultJsonFactory().toString(
+    String content = ApiClientUtils.getDefaultJsonFactory().toString(
         ImmutableMap.of("signedBlob", BaseEncoding.base64().encode("test-signature".getBytes())));
     List<MockLowLevelHttpResponse> responses = ImmutableList.of(
         // Service account discovery response
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index bbe8b2e3a..7a25175b0 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -25,7 +25,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpHeaders;
 import com.google.api.client.http.HttpRequest;
@@ -48,6 +47,7 @@
 import com.google.firebase.auth.FirebaseUserManager.EmailLinkType;
 import com.google.firebase.auth.multitenancy.TenantAwareFirebaseAuth;
 import com.google.firebase.auth.multitenancy.TenantManager;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.TestResponseInterceptor;
@@ -67,7 +67,7 @@
 
 public class FirebaseUserManagerTest {
 
-  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+  private static final JsonFactory JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
 
   private static final String TEST_TOKEN = "token";
 
@@ -1210,7 +1210,7 @@ public void testLinkProvider() {
     UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     Map<String, Object> map = update
         .setProviderToLink(USER_PROVIDER)
-        .getProperties(Utils.getDefaultJsonFactory());
+        .getProperties(ApiClientUtils.getDefaultJsonFactory());
     assertEquals(2, map.size());
     assertEquals(update.getUid(), map.get("localId"));
     assertEquals(USER_PROVIDER, map.get("linkProviderUserInfo"));
@@ -1221,7 +1221,7 @@ public void testDeleteProvider() {
     UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("test");
     Map<String, Object> map = update
         .setProvidersToUnlink(ImmutableList.of("google.com"))
-        .getProperties(Utils.getDefaultJsonFactory());
+        .getProperties(ApiClientUtils.getDefaultJsonFactory());
     assertEquals(2, map.size());
     assertEquals(update.getUid(), map.get("localId"));
     assertEquals(ImmutableList.of("google.com"), map.get("deleteProvider"));
@@ -1233,7 +1233,7 @@ public void testDeleteProviderAndPhone() {
     Map<String, Object> map = update
         .setProvidersToUnlink(ImmutableList.of("google.com"))
         .setPhoneNumber(null)
-        .getProperties(Utils.getDefaultJsonFactory());
+        .getProperties(ApiClientUtils.getDefaultJsonFactory());
     assertEquals(2, map.size());
     assertEquals(update.getUid(), map.get("localId"));
     assertEquals(ImmutableList.of("google.com", "phone"), map.get("deleteProvider"));
@@ -2898,7 +2898,7 @@ public FirebaseUserManager get() {
             return FirebaseUserManager.builder()
                 .setProjectId("test-project-id")
                 .setHttpRequestFactory(transport.createRequestFactory())
-                .setJsonFactory(Utils.getDefaultJsonFactory())
+                .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
                 .build();
           }
           })
diff --git a/src/test/java/com/google/firebase/auth/ImportUserRecordTest.java b/src/test/java/com/google/firebase/auth/ImportUserRecordTest.java
index e2ae36c09..5a90690eb 100644
--- a/src/test/java/com/google/firebase/auth/ImportUserRecordTest.java
+++ b/src/test/java/com/google/firebase/auth/ImportUserRecordTest.java
@@ -19,12 +19,13 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.io.BaseEncoding;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Date;
@@ -35,7 +36,7 @@
 
 public class ImportUserRecordTest {
 
-  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+  private static final JsonFactory JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
 
   @Test
   public void testUidOnlyRecord() {
diff --git a/src/test/java/com/google/firebase/auth/ListProviderConfigsPageTest.java b/src/test/java/com/google/firebase/auth/ListProviderConfigsPageTest.java
index ba08f9c77..d62ee4936 100644
--- a/src/test/java/com/google/firebase/auth/ListProviderConfigsPageTest.java
+++ b/src/test/java/com/google/firebase/auth/ListProviderConfigsPageTest.java
@@ -23,9 +23,10 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.common.collect.ImmutableList;
 import com.google.firebase.auth.internal.ListOidcProviderConfigsResponse;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -344,7 +345,7 @@ public void testInvalidMaxResults() throws IOException {
 
   private static OidcProviderConfig newOidcProviderConfig(String providerConfigId)
       throws IOException {
-    return Utils.getDefaultJsonFactory().fromString(
+    return ApiClientUtils.getDefaultJsonFactory().fromString(
         String.format("{\"name\":\"%s\"}", providerConfigId), OidcProviderConfig.class);
   }
 
diff --git a/src/test/java/com/google/firebase/auth/ListUsersPageTest.java b/src/test/java/com/google/firebase/auth/ListUsersPageTest.java
index 5e848069d..db490fb6a 100644
--- a/src/test/java/com/google/firebase/auth/ListUsersPageTest.java
+++ b/src/test/java/com/google/firebase/auth/ListUsersPageTest.java
@@ -23,13 +23,13 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.common.collect.ImmutableList;
 import com.google.common.io.BaseEncoding;
-import com.google.firebase.auth.ListUsersPage;
 import com.google.firebase.auth.ListUsersPage.ListUsersResult;
 import com.google.firebase.auth.internal.DownloadAccountResponse;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -349,14 +349,14 @@ public void testInvalidMaxResults() throws IOException {
   }
 
   private static ExportedUserRecord newUser(String uid) throws IOException {
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+    JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
     DownloadAccountResponse.User parsed = jsonFactory.fromString(
         String.format("{\"localId\":\"%s\"}", uid), DownloadAccountResponse.User.class);
     return new ExportedUserRecord(parsed, jsonFactory);
   }
 
   private static ExportedUserRecord newUser(String uid, String passwordHash) throws IOException {
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+    JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
     DownloadAccountResponse.User parsed = jsonFactory.fromString(
         String.format("{\"localId\":\"%s\", \"passwordHash\":\"%s\"}", uid, passwordHash),
         DownloadAccountResponse.User.class);
diff --git a/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java b/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
index 1fb4ca37b..8242d5966 100644
--- a/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
+++ b/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
@@ -20,15 +20,16 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.IOException;
 import java.util.Map;
 import org.junit.Test;
 
 public class OidcProviderConfigTest {
 
-  private static final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+  private static final JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
 
   private static final String OIDC_JSON_STRING =
       ("{"
diff --git a/src/test/java/com/google/firebase/auth/SamlProviderConfigTest.java b/src/test/java/com/google/firebase/auth/SamlProviderConfigTest.java
index e957c1ddb..b9464452e 100644
--- a/src/test/java/com/google/firebase/auth/SamlProviderConfigTest.java
+++ b/src/test/java/com/google/firebase/auth/SamlProviderConfigTest.java
@@ -21,10 +21,11 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
@@ -32,7 +33,7 @@
 
 public class SamlProviderConfigTest {
 
-  private static final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+  private static final JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
 
   private static final String SAML_JSON_STRING =
       ("{"
diff --git a/src/test/java/com/google/firebase/auth/TestTokenFactory.java b/src/test/java/com/google/firebase/auth/TestTokenFactory.java
index 0510dbb66..7bf9eebb7 100644
--- a/src/test/java/com/google/firebase/auth/TestTokenFactory.java
+++ b/src/test/java/com/google/firebase/auth/TestTokenFactory.java
@@ -16,7 +16,6 @@
 
 package com.google.firebase.auth;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.webtoken.JsonWebSignature;
 import com.google.api.client.json.webtoken.JsonWebToken;
@@ -26,6 +25,8 @@
 import com.google.api.client.util.Clock;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.io.BaseEncoding;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.KeyFactory;
@@ -35,7 +36,7 @@
 
 class TestTokenFactory {
 
-  public static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+  public static final JsonFactory JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
   public static final Clock CLOCK = new FixedClock(2002000L * 1000);
   public static final String PROJECT_ID = "proj-test-101";
   public static final String PRIVATE_KEY_ID = "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd";
diff --git a/src/test/java/com/google/firebase/auth/UserProviderTest.java b/src/test/java/com/google/firebase/auth/UserProviderTest.java
index 69806dc36..7ed8611e1 100644
--- a/src/test/java/com/google/firebase/auth/UserProviderTest.java
+++ b/src/test/java/com/google/firebase/auth/UserProviderTest.java
@@ -18,9 +18,10 @@
 
 import static org.junit.Assert.assertEquals;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
@@ -28,7 +29,7 @@
 
 public class UserProviderTest {
 
-  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+  private static final JsonFactory JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
 
   @Test
   public void testAllProperties() throws IOException {
diff --git a/src/test/java/com/google/firebase/auth/UserRecordTest.java b/src/test/java/com/google/firebase/auth/UserRecordTest.java
index 22911d537..6d50f075c 100644
--- a/src/test/java/com/google/firebase/auth/UserRecordTest.java
+++ b/src/test/java/com/google/firebase/auth/UserRecordTest.java
@@ -5,13 +5,13 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.firebase.auth.UserRecord.UpdateRequest;
 import com.google.firebase.auth.internal.DownloadAccountResponse;
 import com.google.firebase.auth.internal.GetAccountInfoResponse;
+import com.google.firebase.internal.ApiClientUtils;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -21,7 +21,7 @@
 
 public class UserRecordTest {
 
-  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+  private static final JsonFactory JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
 
   @Test(expected = NullPointerException.class)
   public void testNullResponse() {
diff --git a/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java b/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
index 73477ad42..679fe5a3c 100644
--- a/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
+++ b/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
@@ -23,7 +23,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpStatusCodes;
 import com.google.api.client.testing.http.MockHttpTransport;
@@ -39,6 +38,7 @@
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestResponseInterceptor;
@@ -70,7 +70,7 @@ public void testInvalidServiceAccountCryptoSigner() {
   @Test
   public void testIAMCryptoSigner() throws Exception {
     String signature = BaseEncoding.base64().encode("signed-bytes".getBytes());
-    String response = Utils.getDefaultJsonFactory().toString(
+    String response = ApiClientUtils.getDefaultJsonFactory().toString(
         ImmutableMap.of("signedBlob", signature));
     MockHttpTransport transport = new MockHttpTransport.Builder()
         .setLowLevelHttpResponse(new MockLowLevelHttpResponse().setContent(response))
@@ -78,7 +78,7 @@ public void testIAMCryptoSigner() throws Exception {
     TestResponseInterceptor interceptor = new TestResponseInterceptor();
     CryptoSigners.IAMCryptoSigner signer = new CryptoSigners.IAMCryptoSigner(
         transport.createRequestFactory(),
-        Utils.getDefaultJsonFactory(),
+        ApiClientUtils.getDefaultJsonFactory(),
         "test-service-account@iam.gserviceaccount.com");
     signer.setInterceptor(interceptor);
 
@@ -99,7 +99,7 @@ public void testIAMCryptoSignerHttpError() {
         .build();
     CryptoSigners.IAMCryptoSigner signer = new CryptoSigners.IAMCryptoSigner(
         transport.createRequestFactory(),
-        Utils.getDefaultJsonFactory(),
+        ApiClientUtils.getDefaultJsonFactory(),
         "test-service-account@iam.gserviceaccount.com");
     try {
       signer.sign("foo".getBytes());
@@ -115,7 +115,7 @@ public void testIAMCryptoSignerHttpError() {
   @Test
   public void testInvalidIAMCryptoSigner() {
     try {
-      new CryptoSigners.IAMCryptoSigner(null, Utils.getDefaultJsonFactory(), "test");
+      new CryptoSigners.IAMCryptoSigner(null, ApiClientUtils.getDefaultJsonFactory(), "test");
       fail("No error thrown for null request factory");
     } catch (NullPointerException expected) {
       // expected
@@ -131,7 +131,7 @@ public void testInvalidIAMCryptoSigner() {
 
     try {
       new CryptoSigners.IAMCryptoSigner(transport.createRequestFactory(),
-          Utils.getDefaultJsonFactory(), null);
+          ApiClientUtils.getDefaultJsonFactory(), null);
       fail("No error thrown for null service account");
     } catch (IllegalArgumentException expected) {
       // expected
@@ -139,7 +139,7 @@ public void testInvalidIAMCryptoSigner() {
 
     try {
       new CryptoSigners.IAMCryptoSigner(transport.createRequestFactory(),
-          Utils.getDefaultJsonFactory(), "");
+          ApiClientUtils.getDefaultJsonFactory(), "");
       fail("No error thrown for empty service account");
     } catch (IllegalArgumentException expected) {
       // expected
@@ -149,7 +149,7 @@ public void testInvalidIAMCryptoSigner() {
   @Test
   public void testMetadataService() throws Exception {
     String signature = BaseEncoding.base64().encode("signed-bytes".getBytes());
-    String response = Utils.getDefaultJsonFactory().toString(
+    String response = ApiClientUtils.getDefaultJsonFactory().toString(
         ImmutableMap.of("signedBlob", signature));
     MockHttpTransport transport = new MultiRequestMockHttpTransport(
         ImmutableList.of(
@@ -178,7 +178,7 @@ public void testMetadataService() throws Exception {
   @Test
   public void testExplicitServiceAccountEmail() throws Exception {
     String signature = BaseEncoding.base64().encode("signed-bytes".getBytes());
-    String response = Utils.getDefaultJsonFactory().toString(
+    String response = ApiClientUtils.getDefaultJsonFactory().toString(
         ImmutableMap.of("signedBlob", signature));
 
     // Explicit service account should get precedence
diff --git a/src/test/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponseTest.java b/src/test/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponseTest.java
index fbe587e56..433084951 100644
--- a/src/test/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponseTest.java
+++ b/src/test/java/com/google/firebase/auth/internal/ListOidcProviderConfigsResponseTest.java
@@ -20,17 +20,17 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.firebase.auth.OidcProviderConfig;
+import com.google.firebase.internal.ApiClientUtils;
 
 import org.junit.Test;
 
 public class ListOidcProviderConfigsResponseTest {
 
-  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+  private static final JsonFactory JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
 
   @Test
   public void testDefaultValues() throws Exception {
diff --git a/src/test/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponseTest.java b/src/test/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponseTest.java
index 6950fe352..ae32728ec 100644
--- a/src/test/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponseTest.java
+++ b/src/test/java/com/google/firebase/auth/internal/ListSamlProviderConfigsResponseTest.java
@@ -20,17 +20,17 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.firebase.auth.SamlProviderConfig;
+import com.google.firebase.internal.ApiClientUtils;
 
 import org.junit.Test;
 
 public class ListSamlProviderConfigsResponseTest {
 
-  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+  private static final JsonFactory JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
 
   @Test
   public void testDefaultValues() throws Exception {
diff --git a/src/test/java/com/google/firebase/auth/internal/ListTenantsResponseTest.java b/src/test/java/com/google/firebase/auth/internal/ListTenantsResponseTest.java
index 7d65966bb..684af2339 100644
--- a/src/test/java/com/google/firebase/auth/internal/ListTenantsResponseTest.java
+++ b/src/test/java/com/google/firebase/auth/internal/ListTenantsResponseTest.java
@@ -20,17 +20,17 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.firebase.auth.multitenancy.Tenant;
+import com.google.firebase.internal.ApiClientUtils;
 
 import org.junit.Test;
 
 public class ListTenantsResponseTest {
 
-  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+  private static final JsonFactory JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
 
   @Test
   public void testDefaultValues() throws Exception {
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
index c76046543..b94038925 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
@@ -24,7 +24,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpHeaders;
 import com.google.api.client.http.HttpRequest;
@@ -46,6 +45,7 @@
 import com.google.firebase.auth.FirebaseAuth;
 import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.TestResponseInterceptor;
@@ -60,7 +60,7 @@
 
 public class FirebaseTenantClientTest {
 
-  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+  private static final JsonFactory JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
 
   private static final String TEST_TOKEN = "token";
 
@@ -398,7 +398,9 @@ private static TenantManager createRetryDisabledTenantManager(MockLowLevelHttpRe
         .setCredentials(credentials)
         .build());
     FirebaseTenantClient tenantClient = new FirebaseTenantClient(
-        "test-project-id", Utils.getDefaultJsonFactory(), transport.createRequestFactory());
+        "test-project-id",
+        ApiClientUtils.getDefaultJsonFactory(),
+        transport.createRequestFactory());
     return new TenantManager(app, tenantClient);
   }
 
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/ListTenantsPageTest.java b/src/test/java/com/google/firebase/auth/multitenancy/ListTenantsPageTest.java
index 10830592f..a5479e21b 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/ListTenantsPageTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/ListTenantsPageTest.java
@@ -23,10 +23,11 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.common.collect.ImmutableList;
 import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.auth.internal.ListTenantsResponse;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -319,7 +320,7 @@ public void testInvalidMaxResults() throws IOException {
   }
 
   private static Tenant newTenant(String tenantId) throws IOException {
-    return Utils.getDefaultJsonFactory().fromString(
+    return ApiClientUtils.getDefaultJsonFactory().fromString(
         String.format("{\"name\":\"%s\"}", tenantId), Tenant.class);
   }
 
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
index 1ebac213f..93b7dab94 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
@@ -23,7 +23,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpResponse;
@@ -54,6 +53,7 @@
 import com.google.firebase.auth.UserTestUtils;
 import com.google.firebase.auth.UserTestUtils.RandomUser;
 import com.google.firebase.auth.UserTestUtils.TemporaryUser;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.Nullable;
 import com.google.firebase.testing.IntegrationTestUtils;
 import java.io.IOException;
@@ -73,8 +73,8 @@ public class TenantAwareFirebaseAuthIT {
 
   private static final String VERIFY_CUSTOM_TOKEN_URL =
       "https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken";
-  private static final JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
-  private static final HttpTransport transport = Utils.getDefaultTransport();
+  private static final JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
+  private static final HttpTransport transport = ApiClientUtils.getDefaultTransport();
 
   private static TenantManager tenantManager;
   private static TenantAwareFirebaseAuth tenantAwareAuth;
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
index db0099791..68e35492e 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
@@ -21,7 +21,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.HttpMethods;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.json.GenericJson;
@@ -38,6 +37,7 @@
 import com.google.firebase.auth.MockGoogleCredentials;
 import com.google.firebase.auth.MockTokenVerifier;
 import com.google.firebase.auth.SessionCookieOptions;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
 import java.io.ByteArrayOutputStream;
@@ -270,7 +270,7 @@ private static FirebaseApp initializeAppWithResponse(String response) {
     MockHttpTransport transport = new MockHttpTransport.Builder()
         .setLowLevelHttpResponse(new MockLowLevelHttpResponse().setContent(response))
         .build();
-    return FirebaseApp.initializeApp(new FirebaseOptions.Builder()
+    return FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials("token"))
         .setHttpTransport(transport)
         .setProjectId("test-project-id")
@@ -281,7 +281,7 @@ private static GenericJson parseRequestContent(TestResponseInterceptor intercept
       throws IOException {
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     interceptor.getResponse().getRequest().getContent().writeTo(out);
-    return Utils.getDefaultJsonFactory().fromString(
+    return ApiClientUtils.getDefaultJsonFactory().fromString(
         new String(out.toByteArray()), GenericJson.class);
   }
 
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantTest.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantTest.java
index 7ea4f2539..f4ee0a326 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantTest.java
@@ -20,17 +20,18 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.json.JsonFactory;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.IOException;
 import java.util.Map;
 import org.junit.Test;
 
 public class TenantTest {
 
-  private static final JsonFactory JSON_FACTORY = Utils.getDefaultJsonFactory();
+  private static final JsonFactory JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
 
-  private static final String TENANT_JSON_STRING = 
+  private static final String TENANT_JSON_STRING =
       "{"
         + "\"name\":\"projects/project-id/resource/TENANT_ID\","
         + "\"displayName\":\"DISPLAY_NAME\","
diff --git a/src/test/java/com/google/firebase/internal/AbstractPlatformErrorHandlerTest.java b/src/test/java/com/google/firebase/internal/AbstractPlatformErrorHandlerTest.java
index 7e927f51b..ca4b063f0 100644
--- a/src/test/java/com/google/firebase/internal/AbstractPlatformErrorHandlerTest.java
+++ b/src/test/java/com/google/firebase/internal/AbstractPlatformErrorHandlerTest.java
@@ -251,7 +251,7 @@ private ErrorHandlingHttpClient<MockFirebaseException> createHttpClient(
         .build();
     return new ErrorHandlingHttpClient<>(
         transport.createRequestFactory(),
-        Utils.getDefaultJsonFactory(),
+        ApiClientUtils.getDefaultJsonFactory(),
         new TestPlatformErrorHandler());
   }
 
@@ -265,7 +265,7 @@ public LowLevelHttpRequest buildRequest(String method, String url) throws IOExce
     };
     return new ErrorHandlingHttpClient<>(
         transport.createRequestFactory(),
-        Utils.getDefaultJsonFactory(),
+        ApiClientUtils.getDefaultJsonFactory(),
         new TestPlatformErrorHandler());
   }
 
@@ -281,7 +281,7 @@ private static class TestPlatformErrorHandler extends
       AbstractPlatformErrorHandler<MockFirebaseException> {
 
     TestPlatformErrorHandler() {
-      super(Utils.getDefaultJsonFactory());
+      super(ApiClientUtils.getDefaultJsonFactory());
     }
 
     @Override
diff --git a/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java b/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java
index 591914002..8b3e75efd 100644
--- a/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java
+++ b/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java
@@ -22,7 +22,6 @@
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.ByteArrayContent;
 import com.google.api.client.http.HttpContent;
 import com.google.api.client.http.HttpMethods;
@@ -53,7 +52,7 @@
 
 public class ErrorHandlingHttpClientTest {
 
-  private static final JsonFactory DEFAULT_JSON_FACTORY = Utils.getDefaultJsonFactory();
+  private static final JsonFactory DEFAULT_JSON_FACTORY = ApiClientUtils.getDefaultJsonFactory();
 
   private static final HttpRequestInfo TEST_REQUEST = HttpRequestInfo.buildGetRequest(
       "https://firebase.google.com");
@@ -69,7 +68,7 @@ public void testNullRequestFactory() {
   @Test(expected = NullPointerException.class)
   public void testNullJsonFactory() {
     new ErrorHandlingHttpClient<>(
-        Utils.getDefaultTransport().createRequestFactory(),
+        ApiClientUtils.getDefaultTransport().createRequestFactory(),
         null,
         new TestHttpErrorHandler());
   }
@@ -77,7 +76,7 @@ public void testNullJsonFactory() {
   @Test(expected = NullPointerException.class)
   public void testNullErrorHandler() {
     new ErrorHandlingHttpClient<>(
-        Utils.getDefaultTransport().createRequestFactory(),
+        ApiClientUtils.getDefaultTransport().createRequestFactory(),
         DEFAULT_JSON_FACTORY,
         null);
   }
@@ -267,7 +266,7 @@ public void testRetryOnError() {
     HttpRequestFactory requestFactory = ApiClientUtils.newAuthorizedRequestFactory(
         app, retryConfig);
     ErrorHandlingHttpClient<FirebaseException> client = new ErrorHandlingHttpClient<>(
-        requestFactory, Utils.getDefaultJsonFactory(), new TestHttpErrorHandler());
+        requestFactory, ApiClientUtils.getDefaultJsonFactory(), new TestHttpErrorHandler());
 
     try {
       client.sendAndParse(TEST_REQUEST, GenericData.class);
@@ -302,7 +301,7 @@ public AccessToken refreshAccessToken() throws IOException {
         .build());
     HttpRequestFactory requestFactory = ApiClientUtils.newAuthorizedRequestFactory(app);
     ErrorHandlingHttpClient<FirebaseException> client = new ErrorHandlingHttpClient<>(
-        requestFactory, Utils.getDefaultJsonFactory(), new TestHttpErrorHandler());
+        requestFactory, ApiClientUtils.getDefaultJsonFactory(), new TestHttpErrorHandler());
 
     try {
       client.sendAndParse(TEST_REQUEST, GenericData.class);
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
index a64c68d4b..17848cc65 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
@@ -43,6 +43,7 @@
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.OutgoingHttpRequest;
 import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.messaging.WebpushNotification.Action;
 import com.google.firebase.messaging.WebpushNotification.Direction;
@@ -355,7 +356,7 @@ public void initialize(HttpRequest httpRequest) {
     };
     FirebaseMessagingClientImpl client = FirebaseMessagingClientImpl.builder()
         .setProjectId("test-project")
-        .setJsonFactory(Utils.getDefaultJsonFactory())
+        .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
         .setRequestFactory(transport.createRequestFactory(initializer))
         .setChildRequestFactory(Utils.getDefaultTransport().createRequestFactory())
         .setResponseInterceptor(interceptor)
@@ -555,7 +556,7 @@ private FirebaseMessagingClientImpl initMessagingClient(
 
     return FirebaseMessagingClientImpl.builder()
         .setProjectId("test-project")
-        .setJsonFactory(Utils.getDefaultJsonFactory())
+        .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
         .setRequestFactory(transport.createRequestFactory())
         .setChildRequestFactory(Utils.getDefaultTransport().createRequestFactory())
         .setResponseInterceptor(interceptor)
@@ -578,7 +579,7 @@ private FirebaseMessagingClientImpl initClientWithFaultyTransport() {
     HttpTransport transport = TestUtils.createFaultyHttpTransport();
     return FirebaseMessagingClientImpl.builder()
         .setProjectId("test-project")
-        .setJsonFactory(Utils.getDefaultJsonFactory())
+        .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
         .setRequestFactory(transport.createRequestFactory())
         .setChildRequestFactory(Utils.getDefaultTransport().createRequestFactory())
         .build();
@@ -596,7 +597,7 @@ private void checkRequest(
       HttpRequest request, Map<String, Object> expected) throws IOException {
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     request.getContent().writeTo(out);
-    JsonParser parser = Utils.getDefaultJsonFactory().createJsonParser(out.toString());
+    JsonParser parser = ApiClientUtils.getDefaultJsonFactory().createJsonParser(out.toString());
     Map<String, Object> parsed = new HashMap<>();
     parser.parseAndClose(parsed);
     assertEquals(expected, parsed);
@@ -663,7 +664,7 @@ private int countLinesWithPrefix(String[] lines, String prefix) {
   private FirebaseMessagingClientImpl.Builder fullyPopulatedBuilder() {
     return FirebaseMessagingClientImpl.builder()
         .setProjectId("test-project")
-        .setJsonFactory(Utils.getDefaultJsonFactory())
+        .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
         .setRequestFactory(Utils.getDefaultTransport().createRequestFactory())
         .setChildRequestFactory(Utils.getDefaultTransport().createRequestFactory());
   }
diff --git a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
index 7724e4f6e..e7222ccb5 100644
--- a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
@@ -40,6 +40,7 @@
 import com.google.firebase.OutgoingHttpRequest;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
 import java.io.ByteArrayOutputStream;
@@ -352,7 +353,7 @@ public void testUnsubscribeParseError() {
 
   @Test(expected = NullPointerException.class)
   public void testRequestFactoryIsNull() {
-    new InstanceIdClientImpl(null, Utils.getDefaultJsonFactory());
+    new InstanceIdClientImpl(null, ApiClientUtils.getDefaultJsonFactory());
   }
 
   @Test(expected = NullPointerException.class)
@@ -420,7 +421,7 @@ private static InstanceIdClientImpl initInstanceIdClient(
         .build();
     return new InstanceIdClientImpl(
         transport.createRequestFactory(),
-        Utils.getDefaultJsonFactory(),
+        ApiClientUtils.getDefaultJsonFactory(),
         interceptor);
   }
 
@@ -435,7 +436,7 @@ private void checkTopicManagementRequest(
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     request.getContent().writeTo(out);
     Map<String, Object> parsed = new HashMap<>();
-    JsonParser parser = Utils.getDefaultJsonFactory().createJsonParser(out.toString());
+    JsonParser parser = ApiClientUtils.getDefaultJsonFactory().createJsonParser(out.toString());
     parser.parseAndClose(parsed);
     assertEquals(2, parsed.size());
     assertEquals("/topics/test-topic", parsed.get("to"));
@@ -467,6 +468,6 @@ private void checkExceptionFromHttpResponse(
   private InstanceIdClient initClientWithFaultyTransport() {
     return new InstanceIdClientImpl(
         TestUtils.createFaultyHttpTransport().createRequestFactory(),
-        Utils.getDefaultJsonFactory());
+        ApiClientUtils.getDefaultJsonFactory());
   }
 }
diff --git a/src/test/java/com/google/firebase/messaging/MessageTest.java b/src/test/java/com/google/firebase/messaging/MessageTest.java
index 90b867d5f..992644b35 100644
--- a/src/test/java/com/google/firebase/messaging/MessageTest.java
+++ b/src/test/java/com/google/firebase/messaging/MessageTest.java
@@ -25,6 +25,7 @@
 import com.google.api.client.json.JsonParser;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.messaging.AndroidConfig.Priority;
 import java.io.IOException;
 import java.math.BigDecimal;
@@ -186,7 +187,7 @@ public void testAndroidMessageWithNotification() throws IOException {
         .put("body_loc_args", ImmutableList.of("body-arg1", "body-arg2", "body-arg3"))
         .put("channel_id", "channel-id")
         // There is a problem with the JsonParser assignment to BigDecimal takes priority over
-        // all other number types and so this integer value is interpreted as a BigDecimal 
+        // all other number types and so this integer value is interpreted as a BigDecimal
         // rather than an Integer.
         .put("notification_count", BigDecimal.valueOf(4L))
         .build();
@@ -227,7 +228,7 @@ public void testAndroidMessageWithDirectBootOk() throws IOException {
   public void testAndroidNotificationWithNegativeCount() throws IllegalArgumentException {
     AndroidNotification.builder().setNotificationCount(-1).build();
   }
-  
+
   @Test
   public void testAndroidMessageWithoutLocalization() throws IOException {
     Message message = Message.builder()
@@ -934,7 +935,7 @@ private static void assertJsonEquals(
   }
 
   private static Map<String, Object> toMap(Object object) throws IOException {
-    JsonFactory jsonFactory = Utils.getDefaultJsonFactory();
+    JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
     String json = jsonFactory.toString(object);
     JsonParser parser = jsonFactory.createJsonParser(json);
     Map<String, Object> map = new HashMap<>();
diff --git a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
index 8d227ef52..853074e65 100644
--- a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
+++ b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
@@ -26,7 +26,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpResponse;
@@ -44,6 +43,7 @@
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.internal.TestApiClientUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
@@ -1135,7 +1135,7 @@ private void checkRequestPayload(Map<String, String> expected) throws IOExceptio
   private void checkRequestPayload(int index, Map<String, String> expected) throws IOException {
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     interceptor.getResponse(index).getRequest().getContent().writeTo(out);
-    JsonParser parser = Utils.getDefaultJsonFactory().createJsonParser(out.toString());
+    JsonParser parser = ApiClientUtils.getDefaultJsonFactory().createJsonParser(out.toString());
     Map<String, String> parsed = new HashMap<>();
     parser.parseAndClose(parsed);
     assertEquals(expected, parsed);
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
index 9be41852d..71e6f81ec 100644
--- a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
@@ -43,6 +43,7 @@
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.OutgoingHttpRequest;
 import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.remoteconfig.internal.TemplateResponse;
 import com.google.firebase.testing.TestResponseInterceptor;
@@ -1150,7 +1151,7 @@ private FirebaseRemoteConfigClientImpl initRemoteConfigClient(
 
     return FirebaseRemoteConfigClientImpl.builder()
             .setProjectId("test-project")
-            .setJsonFactory(Utils.getDefaultJsonFactory())
+            .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
             .setRequestFactory(transport.createRequestFactory())
             .setResponseInterceptor(interceptor)
             .build();
@@ -1160,7 +1161,7 @@ private FirebaseRemoteConfigClientImpl initClientWithFaultyTransport() {
     HttpTransport transport = TestUtils.createFaultyHttpTransport();
     return FirebaseRemoteConfigClientImpl.builder()
             .setProjectId("test-project")
-            .setJsonFactory(Utils.getDefaultJsonFactory())
+            .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
             .setRequestFactory(transport.createRequestFactory())
             .build();
   }
@@ -1168,7 +1169,7 @@ private FirebaseRemoteConfigClientImpl initClientWithFaultyTransport() {
   private FirebaseRemoteConfigClientImpl.Builder fullyPopulatedBuilder() {
     return FirebaseRemoteConfigClientImpl.builder()
             .setProjectId("test-project")
-            .setJsonFactory(Utils.getDefaultJsonFactory())
+            .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
             .setRequestFactory(Utils.getDefaultTransport().createRequestFactory());
   }
 
@@ -1209,7 +1210,7 @@ private void checkRequestContent(
           HttpRequest request, Map<String, Object> expected) throws IOException {
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     request.getContent().writeTo(out);
-    JsonParser parser = Utils.getDefaultJsonFactory().createJsonParser(out.toString());
+    JsonParser parser = ApiClientUtils.getDefaultJsonFactory().createJsonParser(out.toString());
     Map<String, Object> parsed = new HashMap<>();
     parser.parseAndClose(parsed);
     assertEquals(expected, parsed);
diff --git a/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java b/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
index c9890354e..3d0c55024 100644
--- a/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
+++ b/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.ByteArrayContent;
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpRequest;
@@ -34,6 +33,8 @@
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.database.DatabaseReference;
 import com.google.firebase.database.FirebaseDatabase;
+import com.google.firebase.internal.ApiClientUtils;
+
 import java.io.ByteArrayInputStream;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -53,7 +54,8 @@ public class IntegrationTestUtils {
   private static synchronized GenericJson ensureServiceAccount() {
     if (serviceAccount == null) {
       try (InputStream stream = new FileInputStream(IT_SERVICE_ACCOUNT_PATH)) {
-        serviceAccount = Utils.getDefaultJsonFactory().fromInputStream(stream, GenericJson.class);
+        serviceAccount = ApiClientUtils.getDefaultJsonFactory()
+          .fromInputStream(stream, GenericJson.class);
       } catch (IOException e) {
         String msg = String.format("Failed to read service account certificate from %s. "
             + "Integration tests require a service account credential obtained from a Firebase "
@@ -146,23 +148,23 @@ public static List<DatabaseReference> getRandomNode(FirebaseApp app, int count)
     }
     return builder.build();
   }
-  
+
   public static class AppHttpClient {
 
     private final FirebaseApp app;
     private final FirebaseOptions options;
     private final HttpRequestFactory requestFactory;
-    
+
     public AppHttpClient() {
       this(FirebaseApp.getInstance());
     }
-    
+
     public AppHttpClient(FirebaseApp app) {
       this.app = checkNotNull(app);
       this.options = app.getOptions();
       this.requestFactory = this.options.getHttpTransport().createRequestFactory();
     }
-    
+
     public ResponseInfo put(String path, String json) throws IOException {
       String url = options.getDatabaseUrl() + path + "?access_token=" + getToken();
       HttpRequest request = requestFactory.buildPutRequest(new GenericUrl(url),
@@ -177,18 +179,18 @@ public ResponseInfo put(String path, String json) throws IOException {
         }
       }
     }
-    
+
     private String getToken() {
       // TODO: We should consider exposing getToken (or similar) publicly for the
       // purpose of servers doing authenticated REST requests like this.
       return TestOnlyImplFirebaseTrampolines.getToken(app, false);
     }
   }
-  
+
   public static class ResponseInfo {
     private final int status;
     private final byte[] payload;
-    
+
     private ResponseInfo(HttpResponse response) throws IOException {
       this.status = response.getStatusCode();
       this.payload = ByteStreams.toByteArray(response.getContent());

From de8d52120ae1fb4ffd7d5a15f1f88a87b5a7143b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 May 2021 10:40:18 -0700
Subject: [PATCH 058/354] chore(deps-dev): bump javax.ws.rs-api from 2.0 to
 2.1.1 (#541)

Bumps [javax.ws.rs-api](https://github.com/eclipse-ee4j/jaxrs-api) from 2.0 to 2.1.1.
- [Release notes](https://github.com/eclipse-ee4j/jaxrs-api/releases)
- [Commits](https://github.com/eclipse-ee4j/jaxrs-api/commits/2.1.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f5946da6f..2e0b043b3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -487,7 +487,7 @@
             <!-- Used for some snippets -->
             <groupId>javax.ws.rs</groupId>
             <artifactId>javax.ws.rs-api</artifactId>
-            <version>2.0</version>
+            <version>2.1.1</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

From 565aef2adc301c526931ad78d5df25640fef77f3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 May 2021 10:43:24 -0700
Subject: [PATCH 059/354] chore(deps): bump maven-failsafe-plugin from 2.19.1
 to 2.22.2 (#544)

Bumps [maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 2.19.1 to 2.22.2.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-2.19.1...surefire-2.22.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2e0b043b3..648bfe434 100644
--- a/pom.xml
+++ b/pom.xml
@@ -345,7 +345,7 @@
             <!-- Verify Phase -->
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
-                <version>2.19.1</version>
+                <version>2.22.2</version>
                 <executions>
                     <execution>
                         <goals>

From 2c2a2caf99f11961e3142bbb136fc0c981dbb997 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 May 2021 11:07:16 -0700
Subject: [PATCH 060/354] chore(deps): bump maven-surefire-plugin from 2.22.0
 to 2.22.2 (#545)

Bumps [maven-surefire-plugin](https://github.com/apache/maven-surefire) from 2.22.0 to 2.22.2.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-2.22.0...surefire-2.22.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 648bfe434..407097312 100644
--- a/pom.xml
+++ b/pom.xml
@@ -289,7 +289,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.22.0</version>
+                <version>2.22.2</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From 7352a43a45bc81227354d06d1ce95713cf4408b8 Mon Sep 17 00:00:00 2001
From: Kevin Cheung <kevinthecheung@users.noreply.github.com>
Date: Mon, 3 May 2021 11:35:02 -0700
Subject: [PATCH 061/354] Auth Javadoc edits (#540)

* Javadoc edits

* AbstractFirebaseAuth docstring edits

* Update src/main/java/com/google/firebase/auth/UserRecord.java
---
 .../com/google/firebase/auth/AbstractFirebaseAuth.java    | 8 ++++----
 src/main/java/com/google/firebase/auth/UserRecord.java    | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
index 5dab1d831..e9f1a4320 100644
--- a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -555,9 +555,9 @@ protected UserRecord execute() throws FirebaseAuthException {
   }
 
   /**
-   * Gets the user data for the user corresponding to a given provider id.
+   * Gets the user data for the user corresponding to a given provider ID.
    *
-   * @param providerId Identifier for the given federated provider, for example,
+   * @param providerId Identifier for the given federated provider: for example,
    *     "google.com" for the Google provider.
    * @param uid The user identifier with the given provider.
    * @return A {@link UserRecord} instance.
@@ -571,9 +571,9 @@ public UserRecord getUserByProviderUid(
   }
 
   /**
-   * Gets the user data for the user corresponding to a given provider id.
+   * Gets the user data for the user corresponding to a given provider ID.
    *
-   * @param providerId Identifer for the given federated provider, for example,
+   * @param providerId Identifer for the given federated provider: for example,
    *     "google.com" for the Google provider.
    * @param uid The user identifier with the given provider.
    * @return An {@code ApiFuture} which will complete successfully with a {@link UserRecord}
diff --git a/src/main/java/com/google/firebase/auth/UserRecord.java b/src/main/java/com/google/firebase/auth/UserRecord.java
index dea8fc94c..ac962c52d 100644
--- a/src/main/java/com/google/firebase/auth/UserRecord.java
+++ b/src/main/java/com/google/firebase/auth/UserRecord.java
@@ -576,8 +576,8 @@ public UpdateRequest setCustomClaims(Map<String,Object> customClaims) {
      *
      * <p>Linking a provider to an existing user account does not invalidate the
      * refresh token of that account. In other words, the existing account
-     * would continue to be able to access resources, despite not having used
-     * the newly linked provider to log in. If you wish to force the user to
+     * continues to be able to access resources, despite not having used
+     * the newly linked provider to sign in. If you wish to force the user to
      * authenticate with this new provider, you need to (a) revoke their
      * refresh token (see
      * https://firebase.google.com/docs/auth/admin/manage-sessions#revoke_refresh_tokens),

From 104ab0dcefcbbff24b6b3fc747f3f363854185f2 Mon Sep 17 00:00:00 2001
From: bojeil-google <bojeil-google@users.noreply.github.com>
Date: Mon, 3 May 2021 16:42:46 -0700
Subject: [PATCH 062/354] fix(auth): adds missing EMAIL_NOT_FOUND error code
 (#546)

* fix(auth): adds missing EMAIL_NOT_FOUND error code
---
 .../google/firebase/auth/AuthErrorCode.java   |  7 ++++++
 .../auth/internal/AuthErrorHandler.java       |  6 +++++
 .../auth/FirebaseUserManagerTest.java         | 22 +++++++++++++++++++
 3 files changed, 35 insertions(+)

diff --git a/src/main/java/com/google/firebase/auth/AuthErrorCode.java b/src/main/java/com/google/firebase/auth/AuthErrorCode.java
index bea067eee..aa2821475 100644
--- a/src/main/java/com/google/firebase/auth/AuthErrorCode.java
+++ b/src/main/java/com/google/firebase/auth/AuthErrorCode.java
@@ -36,6 +36,13 @@ public enum AuthErrorCode {
    */
   EMAIL_ALREADY_EXISTS,
 
+  /**
+   * No user record found for the given email, typically raised when
+   * generating a password reset link using an email for a user that
+   * is not already registered.
+   */
+  EMAIL_NOT_FOUND,
+
   /**
    * The specified ID token is expired.
    */
diff --git a/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java b/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
index e98911407..4b9523c83 100644
--- a/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
+++ b/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
@@ -60,6 +60,12 @@ final class AuthErrorHandler extends AbstractHttpErrorHandler<FirebaseAuthExcept
                   ErrorCode.ALREADY_EXISTS,
                   "The user with the provided email already exists",
                   AuthErrorCode.EMAIL_ALREADY_EXISTS))
+          .put(
+              "EMAIL_NOT_FOUND",
+              new AuthError(
+                  ErrorCode.NOT_FOUND,
+                  "No user record found for the given email",
+                  AuthErrorCode.EMAIL_NOT_FOUND))
           .put(
               "INVALID_DYNAMIC_LINK_DOMAIN",
               new AuthError(
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index 7a25175b0..dd95eccb2 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -1587,6 +1587,27 @@ public void testHttpErrorWithUnknownCode() {
     }
   }
 
+  @Test
+  public void testHttpErrorWithEmailNotFoundCode() {
+    MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
+        .setContent("{\"error\": {\"message\": \"EMAIL_NOT_FOUND\"}}")
+        .setStatusCode(400);
+    FirebaseAuth auth = getRetryDisabledAuth(response);
+    FirebaseUserManager userManager = auth.getUserManager();
+    try {
+      userManager.getEmailActionLink(EmailLinkType.PASSWORD_RESET, "test@example.com", null);
+      fail("No exception thrown for HTTP error");
+    } catch (FirebaseAuthException e) {
+      assertEquals(ErrorCode.NOT_FOUND, e.getErrorCode());
+      assertEquals(
+          "No user record found for the given email (EMAIL_NOT_FOUND).",
+          e.getMessage());
+      assertEquals(AuthErrorCode.EMAIL_NOT_FOUND, e.getAuthErrorCode());
+      assertTrue(e.getCause() instanceof HttpResponseException);
+      assertNotNull(e.getHttpResponse());
+    }
+  }
+
   @Test
   public void testUnexpectedHttpError() {
     MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
@@ -2982,3 +3003,4 @@ private interface UserManagerOp {
   }
 
 }
+

From 7cfb2e067efce426b22971bce5796fea004251f9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 May 2021 16:50:58 -0700
Subject: [PATCH 063/354] chore(deps): bump exec-maven-plugin from 1.6.0 to
 3.0.0 (#542)

Bumps [exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 1.6.0 to 3.0.0.
- [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases)
- [Commits](https://github.com/mojohaus/exec-maven-plugin/compare/exec-maven-plugin-1.6.0...exec-maven-plugin-3.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 407097312..bb59b4ae2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -224,7 +224,7 @@
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>exec-maven-plugin</artifactId>
-                        <version>1.6.0</version>
+                        <version>3.0.0</version>
                         <executions>
                             <execution>
                                 <phase>test</phase>

From decde1efc6ca0f8c6718bda9237c07c7b9572955 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 May 2021 10:43:44 -0700
Subject: [PATCH 064/354] chore(deps): bump jacoco-maven-plugin from 0.8.5 to
 0.8.7 (#547)

Bumps [jacoco-maven-plugin](https://github.com/jacoco/jacoco) from 0.8.5 to 0.8.7.
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](https://github.com/jacoco/jacoco/compare/v0.8.5...v0.8.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index bb59b4ae2..94d87f4d4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -198,7 +198,7 @@
                     <plugin>
                         <groupId>org.jacoco</groupId>
                         <artifactId>jacoco-maven-plugin</artifactId>
-                        <version>0.8.5</version>
+                        <version>0.8.7</version>
                         <executions>
                             <execution>
                                 <id>pre-unit-test</id>

From b5c5bc548d3472c0c7d54e10dd981193e101cb8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 May 2021 10:46:49 -0700
Subject: [PATCH 065/354] chore(deps): bump netty.version from 4.1.59.Final to
 4.1.63.Final (#550)

Bumps `netty.version` from 4.1.59.Final to 4.1.63.Final.

Updates `netty-codec-http` from 4.1.59.Final to 4.1.63.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.59.Final...netty-4.1.63.Final)

Updates `netty-handler` from 4.1.59.Final to 4.1.63.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.59.Final...netty-4.1.63.Final)

Updates `netty-transport` from 4.1.59.Final to 4.1.63.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.59.Final...netty-4.1.63.Final)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 94d87f4d4..6d01e0610 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.59.Final</netty.version>
+        <netty.version>4.1.63.Final</netty.version>
     </properties>
 
     <scm>

From d2c9f80645ee5c800a7b4e9294965024910d7843 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 May 2021 10:47:49 -0700
Subject: [PATCH 066/354] chore(deps): bump nexus-staging-maven-plugin from
 1.6.7 to 1.6.8 (#549)

Bumps nexus-staging-maven-plugin from 1.6.7 to 1.6.8.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6d01e0610..594ed0619 100644
--- a/pom.xml
+++ b/pom.xml
@@ -360,7 +360,7 @@
             <plugin>
                 <groupId>org.sonatype.plugins</groupId>
                 <artifactId>nexus-staging-maven-plugin</artifactId>
-                <version>1.6.7</version>
+                <version>1.6.8</version>
                 <extensions>true</extensions>
                 <configuration>
                     <serverId>ossrh</serverId>

From 892cd15b47d7b33f0703383e80bc685457b2bffc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 May 2021 13:31:31 -0700
Subject: [PATCH 067/354] chore(deps-dev): bump mockito-core from 2.23.4 to
 2.28.2 (#554)

Bumps [mockito-core](https://github.com/mockito/mockito) from 2.23.4 to 2.28.2.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v2.23.4...v2.28.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 594ed0619..dc71d2673 100644
--- a/pom.xml
+++ b/pom.xml
@@ -468,7 +468,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>2.23.4</version>
+            <version>2.28.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From 4170ed99a79270d3932ea54a17092bfe6c6a4515 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 May 2021 13:20:59 -0700
Subject: [PATCH 068/354] chore(deps): bump maven-gpg-plugin from 1.5 to 3.0.1
 (#548)

Bumps [maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 1.5 to 3.0.1.
- [Release notes](https://github.com/apache/maven-gpg-plugin/releases)
- [Commits](https://github.com/apache/maven-gpg-plugin/compare/maven-gpg-plugin-1.5...maven-gpg-plugin-3.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index dc71d2673..7eb011ed1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -166,7 +166,7 @@
                 <plugins>
                     <plugin>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>1.5</version>
+                        <version>3.0.1</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>

From 6962561467aaf28cdbea4e2fbda3064b10f3cc1e Mon Sep 17 00:00:00 2001
From: Leo <39062083+lsirac@users.noreply.github.com>
Date: Tue, 11 May 2021 15:22:51 -0700
Subject: [PATCH 069/354] feat(auth): enables OIDC auth code flow (#532)

* feat: enables OIDC auth code flow

* fix: remove GenericJson from public API surface

* fix: remove duplication

* fix: camel case for test cases

* fix: remove import
---
 .../firebase/auth/OidcProviderConfig.java     | 114 ++++++++++++++++++
 .../google/firebase/auth/FirebaseAuthIT.java  |  21 +++-
 .../auth/FirebaseUserManagerTest.java         |  39 +++++-
 .../firebase/auth/OidcProviderConfigTest.java |  81 ++++++++++++-
 .../TenantAwareFirebaseAuthIT.java            |  21 +++-
 src/test/resources/listOidc.json              |  14 ++-
 src/test/resources/oidc.json                  |   7 +-
 7 files changed, 280 insertions(+), 17 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/OidcProviderConfig.java b/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
index 26931788e..0a4f7c0b8 100644
--- a/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
+++ b/src/main/java/com/google/firebase/auth/OidcProviderConfig.java
@@ -18,8 +18,11 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 
+import com.google.api.client.json.GenericJson;
 import com.google.api.client.util.Key;
 import com.google.common.base.Strings;
+import java.util.HashMap;
+import java.util.Map;
 
 /**
  * Contains metadata associated with an OIDC Auth provider.
@@ -31,17 +34,35 @@ public final class OidcProviderConfig extends ProviderConfig {
   @Key("clientId")
   private String clientId;
 
+  @Key("clientSecret")
+  private String clientSecret;
+
   @Key("issuer")
   private String issuer;
 
+  @Key("responseType")
+  private GenericJson responseType;
+
   public String getClientId() {
     return clientId;
   }
 
+  public String getClientSecret() {
+    return clientSecret;
+  }
+
   public String getIssuer() {
     return issuer;
   }
 
+  public boolean isCodeResponseType() {
+    return (responseType.containsKey("code") && (boolean) responseType.get("code"));
+  }
+
+  public boolean isIdTokenResponseType() {
+    return (responseType.containsKey("idToken") && (boolean) responseType.get("idToken"));
+  }
+
   /**
    * Returns a new {@link UpdateRequest}, which can be used to update the attributes of this
    * provider config.
@@ -58,6 +79,13 @@ static void checkOidcProviderId(String providerId) {
         "Invalid OIDC provider ID (must be prefixed with 'oidc.'): " + providerId);
   }
 
+  static Map<String, Boolean> ensureResponseType(Map<String,Object> properties) {
+    if (properties.get("responseType") == null) {
+      properties.put("responseType", new HashMap<String, Boolean>());
+    }
+    return (Map<String, Boolean>) properties.get("responseType");
+  }
+
   /**
    * A specification class for creating a new OIDC Auth provider.
    *
@@ -99,6 +127,19 @@ public CreateRequest setClientId(String clientId) {
       return this;
     }
 
+    /**
+     * Sets the client secret for the new provider. This is required for the code flow.
+     *
+     * @param clientSecret A non-null, non-empty client secret string.
+     * @throws IllegalArgumentException If the client secret is null or empty.
+     */
+    public CreateRequest setClientSecret(String clientSecret) {
+      checkArgument(!Strings.isNullOrEmpty(clientSecret),
+          "Client Secret must not be null or empty.");
+      properties.put("clientSecret", clientSecret);
+      return this;
+    }
+
     /**
      * Sets the issuer for the new provider.
      *
@@ -113,6 +154,36 @@ public CreateRequest setIssuer(String issuer) {
       return this;
     }
 
+    /**
+     * Sets whether to enable the code response flow for the new provider. By default, this is not
+     * enabled if no response type is specified.
+     *
+     * <p>A client secret must be set for this response type.
+     *
+     * <p>Having both the code and ID token response flows is currently not supported.
+     *
+     * @param enabled A boolean signifying whether the code response type is supported.
+     */
+    public CreateRequest setCodeResponseType(boolean enabled) {
+      Map<String, Boolean> map = ensureResponseType(properties);
+      map.put("code", enabled);
+      return this;
+    }
+
+    /**
+     * Sets whether to enable the ID token response flow for the new provider. By default, this is
+     * enabled if no response type is specified.
+     *
+     * <p>Having both the code and ID token response flows is currently not supported.
+     *
+     * @param enabled A boolean signifying whether the ID token response type is supported.
+     */
+    public CreateRequest setIdTokenResponseType(boolean enabled) {
+      Map<String, Boolean> map = ensureResponseType(properties);
+      map.put("idToken", enabled);
+      return this;
+    }
+
     CreateRequest getThis() {
       return this;
     }
@@ -156,6 +227,19 @@ public UpdateRequest setClientId(String clientId) {
       return this;
     }
 
+    /**
+     * Sets the client secret for the new provider. This is required for the code flow.
+     *
+     * @param clientSecret A non-null, non-empty client secret string.
+     * @throws IllegalArgumentException If the client secret is null or empty.
+     */
+    public UpdateRequest setClientSecret(String clientSecret) {
+      checkArgument(!Strings.isNullOrEmpty(clientSecret),
+          "Client Secret must not be null or empty.");
+      properties.put("clientSecret", clientSecret);
+      return this;
+    }
+
     /**
      * Sets the issuer for the existing provider.
      *
@@ -170,6 +254,36 @@ public UpdateRequest setIssuer(String issuer) {
       return this;
     }
 
+    /**
+     * Sets whether to enable the code response flow for the new provider. By default, this is not
+     * enabled if no response type is specified.
+     *
+     * <p>A client secret must be set for this response type.
+     *
+     * <p>Having both the code and ID token response flows is currently not supported.
+     *
+     * @param enabled A boolean signifying whether the code response type is supported.
+     */
+    public UpdateRequest setCodeResponseType(boolean enabled) {
+      Map<String, Boolean> map = ensureResponseType(properties);
+      map.put("code", enabled);
+      return this;
+    }
+
+    /**
+     * Sets whether to enable the ID token response flow for the new provider. By default, this is
+     * enabled if no response type is specified.
+     *
+     * <p>Having both the code and ID token response flows is currently not supported.
+     *
+     * @param enabled A boolean signifying whether the ID token response type is supported.
+     */
+    public UpdateRequest setIdTokenResponseType(boolean enabled) {
+      Map<String, Boolean> map = ensureResponseType(properties);
+      map.put("idToken", enabled);
+      return this;
+    }
+
     UpdateRequest getThis() {
       return this;
     }
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index f8e454af6..954850100 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -792,12 +792,19 @@ public void testOidcProviderConfigLifecycle() throws Exception {
             .setDisplayName("DisplayName")
             .setEnabled(true)
             .setClientId("ClientId")
-            .setIssuer("https://oidc.com/issuer"));
+            .setClientSecret("ClientSecret")
+            .setIssuer("https://oidc.com/issuer")
+            .setCodeResponseType(true)
+            .setIdTokenResponseType(false));
+
     assertEquals(providerId, config.getProviderId());
     assertEquals("DisplayName", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("ClientId", config.getClientId());
+    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
 
     // Get provider config
     config = auth.getOidcProviderConfigAsync(providerId).get();
@@ -805,7 +812,10 @@ public void testOidcProviderConfigLifecycle() throws Exception {
     assertEquals("DisplayName", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("ClientId", config.getClientId());
+    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
 
     // Update provider config
     OidcProviderConfig.UpdateRequest updateRequest =
@@ -813,13 +823,20 @@ public void testOidcProviderConfigLifecycle() throws Exception {
             .setDisplayName("NewDisplayName")
             .setEnabled(false)
             .setClientId("NewClientId")
-            .setIssuer("https://oidc.com/new-issuer");
+            .setClientSecret("NewClientSecret")
+            .setIssuer("https://oidc.com/new-issuer")
+            .setCodeResponseType(false)
+            .setIdTokenResponseType(true);
+
     config = auth.updateOidcProviderConfigAsync(updateRequest).get();
     assertEquals(providerId, config.getProviderId());
     assertEquals("NewDisplayName", config.getDisplayName());
     assertFalse(config.isEnabled());
     assertEquals("NewClientId", config.getClientId());
+    assertEquals("NewClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/new-issuer", config.getIssuer());
+    assertTrue(config.isIdTokenResponseType());
+    assertFalse(config.isCodeResponseType());
 
     // Delete provider config
     temporaryProviderConfig.deleteOidcProviderConfig(providerId);
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index dd95eccb2..83b98068d 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -1636,7 +1636,10 @@ public void testCreateOidcProvider() throws Exception {
             .setDisplayName("DISPLAY_NAME")
             .setEnabled(true)
             .setClientId("CLIENT_ID")
-            .setIssuer("https://oidc.com/issuer");
+            .setClientSecret("CLIENT_SECRET")
+            .setIssuer("https://oidc.com/issuer")
+            .setCodeResponseType(true)
+            .setIdTokenResponseType(true);
 
     OidcProviderConfig config = FirebaseAuth.getInstance().createOidcProviderConfig(createRequest);
 
@@ -1647,7 +1650,13 @@ public void testCreateOidcProvider() throws Exception {
     assertEquals("DISPLAY_NAME", parsed.get("displayName"));
     assertTrue((boolean) parsed.get("enabled"));
     assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("CLIENT_SECRET", parsed.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+
+    Map<String, Boolean> responseType = (Map<String, Boolean>) parsed.get("responseType");
+    assertTrue(responseType.get("code"));
+    assertTrue(responseType.get("idToken"));
+
     GenericUrl url = interceptor.getResponse().getRequest().getUrl();
     assertEquals("oidc.provider-id", url.getFirst("oauthIdpConfigId"));
   }
@@ -1661,7 +1670,10 @@ public void testCreateOidcProviderAsync() throws Exception {
             .setDisplayName("DISPLAY_NAME")
             .setEnabled(true)
             .setClientId("CLIENT_ID")
-            .setIssuer("https://oidc.com/issuer");
+            .setClientSecret("CLIENT_SECRET")
+            .setIssuer("https://oidc.com/issuer")
+            .setCodeResponseType(true)
+            .setIdTokenResponseType(true);
 
     OidcProviderConfig config =
         FirebaseAuth.getInstance().createOidcProviderConfigAsync(createRequest).get();
@@ -1673,7 +1685,13 @@ public void testCreateOidcProviderAsync() throws Exception {
     assertEquals("DISPLAY_NAME", parsed.get("displayName"));
     assertTrue((boolean) parsed.get("enabled"));
     assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("CLIENT_SECRET", parsed.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+
+    Map<String, Boolean> responseType = (Map<String, Boolean>) parsed.get("responseType");
+    assertTrue(responseType.get("code"));
+    assertTrue(responseType.get("idToken"));
+
     GenericUrl url = interceptor.getResponse().getRequest().getUrl();
     assertEquals("oidc.provider-id", url.getFirst("oauthIdpConfigId"));
   }
@@ -1876,7 +1894,10 @@ public void testTenantAwareUpdateOidcProvider() throws Exception {
             .setDisplayName("DISPLAY_NAME")
             .setEnabled(true)
             .setClientId("CLIENT_ID")
-            .setIssuer("https://oidc.com/issuer");
+            .setClientSecret("CLIENT_SECRET")
+            .setIssuer("https://oidc.com/issuer")
+            .setCodeResponseType(true)
+            .setIdTokenResponseType(true);
 
     OidcProviderConfig config = tenantAwareAuth.updateOidcProviderConfig(request);
 
@@ -1885,12 +1906,18 @@ public void testTenantAwareUpdateOidcProvider() throws Exception {
     String expectedUrl = TENANTS_BASE_URL + "/TENANT_ID/oauthIdpConfigs/oidc.provider-id";
     checkUrl(interceptor, "PATCH", expectedUrl);
     GenericUrl url = interceptor.getResponse().getRequest().getUrl();
-    assertEquals("clientId,displayName,enabled,issuer", url.getFirst("updateMask"));
+    assertEquals("clientId,clientSecret,displayName,enabled,issuer,responseType.code,"
+        + "responseType.idToken", url.getFirst("updateMask"));
     GenericJson parsed = parseRequestContent(interceptor);
     assertEquals("DISPLAY_NAME", parsed.get("displayName"));
     assertTrue((boolean) parsed.get("enabled"));
     assertEquals("CLIENT_ID", parsed.get("clientId"));
+    assertEquals("CLIENT_SECRET", parsed.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", parsed.get("issuer"));
+
+    Map<String, Boolean> responseType = (Map<String, Boolean>) parsed.get("responseType");
+    assertTrue(responseType.get("code"));
+    assertTrue(responseType.get("idToken"));
   }
 
   @Test
@@ -2969,7 +2996,10 @@ private static void checkOidcProviderConfig(OidcProviderConfig config, String pr
     assertEquals("DISPLAY_NAME", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("CLIENT_ID", config.getClientId());
+    assertEquals("CLIENT_SECRET", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
   }
 
   private static void checkSamlProviderConfig(SamlProviderConfig config, String providerId) {
@@ -3001,6 +3031,5 @@ private static void checkUrl(TestResponseInterceptor interceptor, String method,
   private interface UserManagerOp {
     void call(FirebaseAuth auth) throws Exception;
   }
-
 }
 
diff --git a/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java b/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
index 8242d5966..0fd6299ee 100644
--- a/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
+++ b/src/test/java/com/google/firebase/auth/OidcProviderConfigTest.java
@@ -18,12 +18,14 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 import com.google.api.client.json.JsonFactory;
 import com.google.firebase.internal.ApiClientUtils;
 
 import java.io.IOException;
+import java.util.HashMap;
 import java.util.Map;
 import org.junit.Test;
 
@@ -37,7 +39,12 @@ public class OidcProviderConfigTest {
         + "  'displayName': 'DISPLAY_NAME',"
         + "  'enabled':      true,"
         + "  'clientId':    'CLIENT_ID',"
-        + "  'issuer':      'https://oidc.com/issuer'"
+        + "  'clientSecret':'CLIENT_SECRET',"
+        + "  'issuer':      'https://oidc.com/issuer',"
+        + "  'responseType': {"
+        + "    'code':  true,"
+        + "    'idToken': false"
+        + "   }"
         + "}").replace("'", "\"");
 
   @Test
@@ -48,7 +55,35 @@ public void testJsonDeserialization() throws IOException {
     assertEquals("DISPLAY_NAME", config.getDisplayName());
     assertTrue(config.isEnabled());
     assertEquals("CLIENT_ID", config.getClientId());
+    assertEquals("CLIENT_SECRET", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
+  }
+
+  @Test
+  public void testEnsureResponseType() {
+    Map<String, Object> properties = new HashMap<>();
+
+    Map<String, Boolean> responseType = OidcProviderConfig.ensureResponseType(properties);
+
+    assertNotNull(responseType);
+    assertEquals(responseType, properties.get("responseType"));
+  }
+
+  @Test
+  public void testEnsureResponseTypeAlreadyPresent() {
+    Map<String, Object> properties = new HashMap<>();
+    Map<String, Boolean> responseType = new HashMap<>();
+    responseType.put("code", true);
+    properties.put("responseType", responseType);
+
+    Map<String, Boolean> returnedResponseType = OidcProviderConfig.ensureResponseType(properties);
+
+    assertEquals(responseType, returnedResponseType);
+    assertTrue(returnedResponseType.get("code"));
+    assertEquals(returnedResponseType.size(), 1);
+    assertEquals(responseType, properties.get("responseType"));
   }
 
   @Test
@@ -59,15 +94,23 @@ public void testCreateRequest() throws IOException {
       .setDisplayName("DISPLAY_NAME")
       .setEnabled(false)
       .setClientId("CLIENT_ID")
-      .setIssuer("https://oidc.com/issuer");
+      .setClientSecret("CLIENT_SECRET")
+      .setIssuer("https://oidc.com/issuer")
+      .setCodeResponseType(true)
+      .setIdTokenResponseType(false);
 
     assertEquals("oidc.provider-id", createRequest.getProviderId());
     Map<String,Object> properties = createRequest.getProperties();
-    assertEquals(properties.size(), 4);
+    assertEquals(properties.size(), 6);
     assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
     assertFalse((boolean) properties.get("enabled"));
     assertEquals("CLIENT_ID", (String) properties.get("clientId"));
+    assertEquals("CLIENT_SECRET", properties.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", (String) properties.get("issuer"));
+
+    Map<String, Boolean> responseType = (Map<String, Boolean>) properties.get("responseType");
+    assertTrue(responseType.get("code"));
+    assertFalse(responseType.get("idToken"));
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -100,6 +143,16 @@ public void testCreateRequestInvalidIssuerUrl() {
     new OidcProviderConfig.CreateRequest().setIssuer("not a valid url");
   }
 
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestMissingClientSecret() {
+    new OidcProviderConfig.CreateRequest().setClientSecret(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testCreateRequestEmptyClientSecret() {
+    new OidcProviderConfig.CreateRequest().setClientSecret("");
+  }
+
   @Test
   public void testUpdateRequestFromOidcProviderConfig() throws IOException {
     OidcProviderConfig config = jsonFactory.fromString(OIDC_JSON_STRING, OidcProviderConfig.class);
@@ -118,15 +171,23 @@ public void testUpdateRequest() throws IOException {
       .setDisplayName("DISPLAY_NAME")
       .setEnabled(false)
       .setClientId("CLIENT_ID")
-      .setIssuer("https://oidc.com/issuer");
+      .setClientSecret("CLIENT_SECRET")
+      .setIssuer("https://oidc.com/issuer")
+      .setCodeResponseType(true)
+      .setIdTokenResponseType(false);
 
     assertEquals("oidc.provider-id", updateRequest.getProviderId());
     Map<String,Object> properties = updateRequest.getProperties();
-    assertEquals(properties.size(), 4);
+    assertEquals(properties.size(), 6);
     assertEquals("DISPLAY_NAME", (String) properties.get("displayName"));
     assertFalse((boolean) properties.get("enabled"));
     assertEquals("CLIENT_ID", (String) properties.get("clientId"));
+    assertEquals("CLIENT_SECRET", (String) properties.get("clientSecret"));
     assertEquals("https://oidc.com/issuer", (String) properties.get("issuer"));
+
+    Map<String, Boolean> responseType = (Map<String, Boolean>) properties.get("responseType");
+    assertTrue(responseType.get("code"));
+    assertFalse(responseType.get("idToken"));
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -158,4 +219,14 @@ public void testUpdateRequestMissingIssuer() {
   public void testUpdateRequestInvalidIssuerUrl() {
     new OidcProviderConfig.UpdateRequest("oidc.provider-id").setIssuer("not a valid url");
   }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestMissingClientSecret() {
+    new OidcProviderConfig.UpdateRequest("oidc.provider-id").setClientSecret(null);
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testUpdateRequestEmptyClientSecret() {
+    new OidcProviderConfig.UpdateRequest("oidc.provider-id").setClientSecret("");
+  }
 }
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
index 93b7dab94..ba6d28e0b 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java
@@ -279,18 +279,28 @@ public void testOidcProviderConfigLifecycle() throws Exception {
               .setDisplayName("DisplayName")
               .setEnabled(true)
               .setClientId("ClientId")
-              .setIssuer("https://oidc.com/issuer"));
+              .setClientSecret("ClientSecret")
+              .setIssuer("https://oidc.com/issuer")
+              .setCodeResponseType(true)
+              .setIdTokenResponseType(false));
+
     assertEquals(providerId, config.getProviderId());
     assertEquals("DisplayName", config.getDisplayName());
     assertEquals("ClientId", config.getClientId());
+    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
 
     // Get provider config
     config = tenantAwareAuth.getOidcProviderConfigAsync(providerId).get();
     assertEquals(providerId, config.getProviderId());
     assertEquals("DisplayName", config.getDisplayName());
     assertEquals("ClientId", config.getClientId());
+    assertEquals("ClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/issuer", config.getIssuer());
+    assertTrue(config.isCodeResponseType());
+    assertFalse(config.isIdTokenResponseType());
 
     // Update provider config
     OidcProviderConfig.UpdateRequest updateRequest =
@@ -298,13 +308,20 @@ public void testOidcProviderConfigLifecycle() throws Exception {
             .setDisplayName("NewDisplayName")
             .setEnabled(false)
             .setClientId("NewClientId")
-            .setIssuer("https://oidc.com/new-issuer");
+            .setClientSecret("NewClientSecret")
+            .setIssuer("https://oidc.com/new-issuer")
+            .setCodeResponseType(false)
+            .setIdTokenResponseType(true);
+
     config = tenantAwareAuth.updateOidcProviderConfigAsync(updateRequest).get();
     assertEquals(providerId, config.getProviderId());
     assertEquals("NewDisplayName", config.getDisplayName());
     assertFalse(config.isEnabled());
     assertEquals("NewClientId", config.getClientId());
+    assertEquals("NewClientSecret", config.getClientSecret());
     assertEquals("https://oidc.com/new-issuer", config.getIssuer());
+    assertFalse(config.isCodeResponseType());
+    assertTrue(config.isIdTokenResponseType());
 
     // Delete provider config
     temporaryProviderConfig.deleteOidcProviderConfig(providerId);
diff --git a/src/test/resources/listOidc.json b/src/test/resources/listOidc.json
index 0c13ea48b..82a2f7669 100644
--- a/src/test/resources/listOidc.json
+++ b/src/test/resources/listOidc.json
@@ -4,12 +4,22 @@
     "displayName" : "DISPLAY_NAME",
     "enabled" : true,
     "clientId" : "CLIENT_ID",
-    "issuer" : "https://oidc.com/issuer"
+    "clientSecret" : "CLIENT_SECRET",
+    "issuer" : "https://oidc.com/issuer",
+    "responseType" : {
+      "code": true,
+      "idToken": false
+    }
   }, {
     "name": "projects/projectId/oauthIdpConfigs/oidc.provider-id2",
     "displayName" : "DISPLAY_NAME",
     "enabled" : true,
     "clientId" : "CLIENT_ID",
-    "issuer" : "https://oidc.com/issuer"
+    "clientSecret" : "CLIENT_SECRET",
+    "issuer" : "https://oidc.com/issuer",
+    "responseType" : {
+      "code": true,
+      "idToken": false
+    }
   } ]
 }
diff --git a/src/test/resources/oidc.json b/src/test/resources/oidc.json
index e2f1845de..0aed0df50 100644
--- a/src/test/resources/oidc.json
+++ b/src/test/resources/oidc.json
@@ -3,5 +3,10 @@
   "displayName" : "DISPLAY_NAME",
   "enabled" : true,
   "clientId" : "CLIENT_ID",
-  "issuer" : "https://oidc.com/issuer"
+  "clientSecret" : "CLIENT_SECRET",
+  "issuer" : "https://oidc.com/issuer",
+  "responseType" : {
+    "code": true,
+    "idToken": false
+  }
 }

From c58d86a633324e5bc2e31a685a4cc82607543811 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Tue, 11 May 2021 16:23:33 -0700
Subject: [PATCH 070/354] [chore] Release v7.3.0 (#555)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 7eb011ed1..a53dd3e62 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>7.2.0</version>
+    <version>7.3.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 543cacf1921b01138ca7589b6406dae0b2ce14ac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 May 2021 10:35:44 -0700
Subject: [PATCH 071/354] chore(deps): bump google-api-client-bom from 1.31.4
 to 1.31.5 (#556)

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 1.31.4 to 1.31.5.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/master/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.31.4...v1.31.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a53dd3e62..9cd7a2a63 100644
--- a/pom.xml
+++ b/pom.xml
@@ -400,7 +400,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.31.4</version>
+                <version>1.31.5</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 0cd520fbd1fb7fddccfe474dd569c6a477de242e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 May 2021 16:43:08 -0700
Subject: [PATCH 072/354] chore(deps): bump maven-project-info-reports-plugin
 from 2.9 to 3.1.2 (#553)

Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 2.9 to 3.1.2.
- [Release notes](https://github.com/apache/maven-project-info-reports-plugin/releases)
- [Commits](https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-2.9...maven-project-info-reports-plugin-3.1.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 9cd7a2a63..ebb72f32c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -375,7 +375,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>2.9</version>
+                <version>3.1.2</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From 32c7f4c12d21a026230e0e3a481f6338a1d62ac5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 May 2021 17:02:06 -0700
Subject: [PATCH 073/354] chore(deps): bump netty.version from 4.1.63.Final to
 4.1.64.Final (#560)

Bumps `netty.version` from 4.1.63.Final to 4.1.64.Final.

Updates `netty-codec-http` from 4.1.63.Final to 4.1.64.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.63.Final...netty-4.1.64.Final)

Updates `netty-handler` from 4.1.63.Final to 4.1.64.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.63.Final...netty-4.1.64.Final)

Updates `netty-transport` from 4.1.63.Final to 4.1.64.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.63.Final...netty-4.1.64.Final)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ebb72f32c..26e645b17 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.63.Final</netty.version>
+        <netty.version>4.1.64.Final</netty.version>
     </properties>
 
     <scm>

From 6cafee5b20ca7d1ac0e9455fab050b9f0b50bada Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 May 2021 12:10:34 -0400
Subject: [PATCH 074/354] chore(deps): bump maven-javadoc-plugin from 2.10.4 to
 3.2.0 (#539)

Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 2.10.4 to 3.2.0.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-2.10.4...maven-javadoc-plugin-3.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 26e645b17..b5fbc6e12 100644
--- a/pom.xml
+++ b/pom.xml
@@ -99,7 +99,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>2.10.4</version>
+                        <version>3.2.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -310,7 +310,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.10.4</version>
+                <version>3.2.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 041b64d477db620efd24f55d8cb6cfd3ba90cc0b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 May 2021 12:15:55 -0400
Subject: [PATCH 075/354] chore(deps): bump maven-antrun-plugin from 1.7 to
 3.0.0 (#559)

Bumps [maven-antrun-plugin](https://github.com/apache/maven-antrun-plugin) from 1.7 to 3.0.0.
- [Release notes](https://github.com/apache/maven-antrun-plugin/releases)
- [Commits](https://github.com/apache/maven-antrun-plugin/compare/maven-antrun-plugin-1.7...maven-antrun-plugin-3.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b5fbc6e12..b34f83717 100644
--- a/pom.xml
+++ b/pom.xml
@@ -140,7 +140,7 @@
                     <plugin>
                         <!-- Update relative paths in generated API docs -->
                         <artifactId>maven-antrun-plugin</artifactId>
-                        <version>1.7</version>
+                        <version>3.0.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>

From 3924f85daa69f11614d83ffa12fa28914110c8bd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 May 2021 10:10:29 -0700
Subject: [PATCH 076/354] chore(deps): bump netty.version from 4.1.64.Final to
 4.1.65.Final (#564)

Bumps `netty.version` from 4.1.64.Final to 4.1.65.Final.

Updates `netty-codec-http` from 4.1.64.Final to 4.1.65.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.64.Final...netty-4.1.65.Final)

Updates `netty-handler` from 4.1.64.Final to 4.1.65.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.64.Final...netty-4.1.65.Final)

Updates `netty-transport` from 4.1.64.Final to 4.1.65.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.64.Final...netty-4.1.65.Final)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b34f83717..25ede12a8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.64.Final</netty.version>
+        <netty.version>4.1.65.Final</netty.version>
     </properties>
 
     <scm>

From 4a677a4bb8fe46cc95eaf864f0562d336f7afa33 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Jun 2021 12:26:17 -0700
Subject: [PATCH 077/354] chore(deps): bump libraries-bom from 8.0.0 to 20.4.0
 (#558)

* chore(deps): bump libraries-bom from 8.0.0 to 20.4.0

Bumps [libraries-bom](https://github.com/GoogleCloudPlatform/cloud-opensource-java) from 8.0.0 to 20.4.0.
- [Release notes](https://github.com/GoogleCloudPlatform/cloud-opensource-java/releases)
- [Changelog](https://github.com/GoogleCloudPlatform/cloud-opensource-java/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/cloud-opensource-java/commits)

Signed-off-by: dependabot[bot] <support@github.com>

* fix: Removed legacy Firestore API calls

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Hiranya Jayathilaka <hiranya911@gmail.com>
---
 pom.xml                                                       | 2 +-
 .../java/com/google/firebase/cloud/FirestoreClientTest.java   | 4 ----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 25ede12a8..5e206c322 100644
--- a/pom.xml
+++ b/pom.xml
@@ -393,7 +393,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>8.0.0</version>
+                <version>20.4.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
diff --git a/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java b/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
index 08ee49ff0..018d0e45b 100644
--- a/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
+++ b/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
@@ -69,11 +69,9 @@ public void testFirestoreOptions() throws IOException {
         .build());
     Firestore firestore = FirestoreClient.getFirestore(app);
     assertEquals("explicit-project-id", firestore.getOptions().getProjectId());
-    assertTrue(firestore.getOptions().areTimestampsInSnapshotsEnabled());
 
     firestore = FirestoreClient.getFirestore();
     assertEquals("explicit-project-id", firestore.getOptions().getProjectId());
-    assertTrue(firestore.getOptions().areTimestampsInSnapshotsEnabled());
   }
 
   @Test
@@ -88,13 +86,11 @@ public void testFirestoreOptionsOverride() throws IOException {
         .build());
     Firestore firestore = FirestoreClient.getFirestore(app);
     assertEquals("explicit-project-id", firestore.getOptions().getProjectId());
-    assertTrue(firestore.getOptions().areTimestampsInSnapshotsEnabled());
     assertSame(ImplFirebaseTrampolines.getCredentials(app),
         firestore.getOptions().getCredentialsProvider().getCredentials());
 
     firestore = FirestoreClient.getFirestore();
     assertEquals("explicit-project-id", firestore.getOptions().getProjectId());
-    assertTrue(firestore.getOptions().areTimestampsInSnapshotsEnabled());
     assertSame(ImplFirebaseTrampolines.getCredentials(app),
         firestore.getOptions().getCredentialsProvider().getCredentials());
   }

From 70c9668184fa57982da92c0efaf7d901bcd36983 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Jun 2021 14:11:05 -0400
Subject: [PATCH 078/354] chore(deps): bump maven-javadoc-plugin from 3.2.0 to
 3.3.0 (#562)

Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.2.0...maven-javadoc-plugin-3.3.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 5e206c322..03c7b58ad 100644
--- a/pom.xml
+++ b/pom.xml
@@ -99,7 +99,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.2.0</version>
+                        <version>3.3.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -310,7 +310,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.2.0</version>
+                <version>3.3.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 5a54e76095528248a5de62905879c5afd075d4e1 Mon Sep 17 00:00:00 2001
From: egilmorez <egilmore@google.com>
Date: Tue, 8 Jun 2021 11:39:42 -0700
Subject: [PATCH 079/354] Adding detail RE default value of collapse key.
 (#568)

* Adding detail RE default value of collapse key.

* Adding a p tag apparenty required by Javadoc.
---
 .../java/com/google/firebase/messaging/AndroidConfig.java    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/google/firebase/messaging/AndroidConfig.java b/src/main/java/com/google/firebase/messaging/AndroidConfig.java
index 888f00f0d..e38e561d0 100644
--- a/src/main/java/com/google/firebase/messaging/AndroidConfig.java
+++ b/src/main/java/com/google/firebase/messaging/AndroidConfig.java
@@ -112,9 +112,12 @@ public static class Builder {
     private Builder() {}
 
     /**
-     * Sets a collapse key for the message. Collapse key serves as an identifier for a group of
+     * Sets a collapse key for the message. The collapse key serves as an identifier for a group of
      * messages that can be collapsed, so that only the last message gets sent when delivery can be
      * resumed. A maximum of 4 different collapse keys may be active at any given time.
+     * 
+     * <p>By default, the collapse key is the app package name registered in
+     * the Firebase console.</p>
      *
      * @param collapseKey A collapse key string.
      * @return This builder.

From 0d7888f6963b5f96c67c16a32980b9873df2a882 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 9 Jun 2021 18:19:19 -0400
Subject: [PATCH 080/354] Revert "chore(deps): bump maven-javadoc-plugin from
 3.2.0 to 3.3.0" (#569)

* Revert "chore(deps): bump maven-javadoc-plugin from 3.2.0 to 3.3.0 (#562)"

This reverts commit 70c9668184fa57982da92c0efaf7d901bcd36983.

* Trigger Staging
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 03c7b58ad..5e206c322 100644
--- a/pom.xml
+++ b/pom.xml
@@ -99,7 +99,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.3.0</version>
+                        <version>3.2.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -310,7 +310,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.3.0</version>
+                <version>3.2.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 39ebc144ed5c04d42956e471c0ff903eba037bb4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Jun 2021 06:51:29 -0700
Subject: [PATCH 081/354] chore(deps): bump libraries-bom from 20.4.0 to 20.6.0
 (#571)

Bumps [libraries-bom](https://github.com/GoogleCloudPlatform/cloud-opensource-java) from 20.4.0 to 20.6.0.
- [Release notes](https://github.com/GoogleCloudPlatform/cloud-opensource-java/releases)
- [Changelog](https://github.com/GoogleCloudPlatform/cloud-opensource-java/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/cloud-opensource-java/commits)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 5e206c322..675bcb049 100644
--- a/pom.xml
+++ b/pom.xml
@@ -393,7 +393,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>20.4.0</version>
+                <version>20.6.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From ccc36abce3d8601600492a1997ead8212de8a586 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Tue, 15 Jun 2021 07:08:17 -0700
Subject: [PATCH 082/354] fix: Using Java 8 in release and nightly builds
 (#573)

* fix: Using Java 8 in release and nightly builds

* fix: Removing env variable manipulation from tests

* Downgraded to mockito 2; Using wrapper classes to mock ADC
---
 .github/workflows/ci.yml                      |   8 +-
 .github/workflows/nightly.yml                 |   8 +-
 .github/workflows/release.yml                 |   8 +-
 .../java/com/google/firebase/FirebaseApp.java |   7 +-
 .../com/google/firebase/FirebaseOptions.java  |   4 +-
 .../google/firebase/auth/internal/Utils.java  |   3 +-
 .../database/util/EmulatorHelper.java         |   3 +-
 ...ApplicationDefaultCredentialsProvider.java |  46 ++++++
 .../internal/FirebaseProcessEnvironment.java  |  46 ++++++
 .../com/google/firebase/FirebaseAppTest.java  | 146 +++++++++++-------
 ...EmulatorFirebaseTokenVerifierImplTest.java |   8 +-
 .../firebase/auth/FirebaseAuthTest.java       |  10 +-
 .../firebase/auth/FirebaseTokenUtilsTest.java |  12 +-
 .../auth/FirebaseUserManagerTest.java         |   7 +-
 .../FirebaseTenantClientTest.java             |   8 +-
 .../database/FirebaseDatabaseTest.java        |  22 ++-
 .../testing/IntegrationTestUtils.java         |   7 +-
 .../google/firebase/testing/TestUtils.java    |  88 -----------
 18 files changed, 236 insertions(+), 205 deletions(-)
 create mode 100644 src/main/java/com/google/firebase/internal/ApplicationDefaultCredentialsProvider.java
 create mode 100644 src/main/java/com/google/firebase/internal/FirebaseProcessEnvironment.java

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 58ecbfa35..e765291f6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -19,13 +19,17 @@ jobs:
   build:
     runs-on: ubuntu-latest
 
+    strategy:
+      matrix:
+        java-version: [7, 8, 11]
+
     steps:
     - uses: actions/checkout@v1
 
-    - name: Set up JDK 1.7
+    - name: Set up JDK
       uses: actions/setup-java@v1
       with:
-        java-version: 1.7
+        java-version: ${{ matrix.java-version }}
 
     # Does the following:
     #  1. Runs the Checkstyle plugin (validate phase)
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index c9259a628..dd3110c46 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -33,10 +33,10 @@ jobs:
       with:
         ref: ${{ github.event.client_payload.ref || github.ref }}
 
-    - name: Set up JDK 1.7
+    - name: Set up JDK 1.8
       uses: actions/setup-java@v1
       with:
-        java-version: 1.7
+        java-version: 1.8
 
     - name: Compile, test and package
       run: ./.github/scripts/package_artifacts.sh
@@ -63,7 +63,7 @@ jobs:
         subject: 'Nightly build ${{github.run_id}} of ${{github.repository}} failed!'
         html: >
           <b>Nightly workflow ${{github.run_id}} failed on: ${{github.repository}}</b>
-          <br /><br />Navigate to the 
+          <br /><br />Navigate to the
           <a href="https://github.com/firebase/firebase-admin-java/actions/runs/${{github.run_id}}">failed workflow</a>.
       continue-on-error: true
 
@@ -78,6 +78,6 @@ jobs:
         subject: 'Nightly build ${{github.run_id}} of ${{github.repository}} cancelled!'
         html: >
           <b>Nightly workflow ${{github.run_id}} cancelled on: ${{github.repository}}</b>
-          <br /><br />Navigate to the 
+          <br /><br />Navigate to the
           <a href="https://github.com/firebase/firebase-admin-java/actions/runs/${{github.run_id}}">cancelled workflow</a>.
       continue-on-error: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 985ce94d6..b49a453fc 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -44,10 +44,10 @@ jobs:
       with:
         ref: ${{ github.event.client_payload.ref || github.ref }}
 
-    - name: Set up JDK 1.7
+    - name: Set up JDK 1.8
       uses: actions/setup-java@v1
       with:
-        java-version: 1.7
+        java-version: 1.8
 
     - name: Compile, test and package
       run: ./.github/scripts/package_artifacts.sh
@@ -82,10 +82,10 @@ jobs:
     - name: Checkout source for publish
       uses: actions/checkout@v2
 
-    - name: Set up JDK 1.7
+    - name: Set up JDK 1.8
       uses: actions/setup-java@v1
       with:
-        java-version: 1.7
+        java-version: 1.8
 
     - name: Publish preflight check
       id: preflight
diff --git a/src/main/java/com/google/firebase/FirebaseApp.java b/src/main/java/com/google/firebase/FirebaseApp.java
index d525d0673..27727c366 100644
--- a/src/main/java/com/google/firebase/FirebaseApp.java
+++ b/src/main/java/com/google/firebase/FirebaseApp.java
@@ -35,6 +35,7 @@
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.FirebaseProcessEnvironment;
 import com.google.firebase.internal.FirebaseScheduledExecutor;
 import com.google.firebase.internal.FirebaseService;
 import com.google.firebase.internal.ListenableFuture2ApiFuture;
@@ -292,10 +293,10 @@ String getProjectId() {
 
     // Try to get project ID from the environment.
     if (Strings.isNullOrEmpty(projectId)) {
-      projectId = System.getenv("GOOGLE_CLOUD_PROJECT");
+      projectId = FirebaseProcessEnvironment.getenv("GOOGLE_CLOUD_PROJECT");
     }
     if (Strings.isNullOrEmpty(projectId)) {
-      projectId = System.getenv("GCLOUD_PROJECT");
+      projectId = FirebaseProcessEnvironment.getenv("GCLOUD_PROJECT");
     }
     return projectId;
   }
@@ -563,7 +564,7 @@ enum State {
   }
 
   private static FirebaseOptions getOptionsFromEnvironment() throws IOException {
-    String defaultConfig = System.getenv(FIREBASE_CONFIG_ENV_VAR);
+    String defaultConfig = FirebaseProcessEnvironment.getenv(FIREBASE_CONFIG_ENV_VAR);
     if (Strings.isNullOrEmpty(defaultConfig)) {
       return FirebaseOptions.builder()
           .setCredentials(APPLICATION_DEFAULT_CREDENTIALS)
diff --git a/src/main/java/com/google/firebase/FirebaseOptions.java b/src/main/java/com/google/firebase/FirebaseOptions.java
index f13f022db..836f701e9 100644
--- a/src/main/java/com/google/firebase/FirebaseOptions.java
+++ b/src/main/java/com/google/firebase/FirebaseOptions.java
@@ -29,6 +29,7 @@
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableList;
 import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.ApplicationDefaultCredentialsProvider;
 import com.google.firebase.internal.FirebaseThreadManagers;
 import com.google.firebase.internal.NonNull;
 import com.google.firebase.internal.Nullable;
@@ -64,7 +65,8 @@ public final class FirebaseOptions {
         @Override
         public GoogleCredentials get() {
           try {
-            return GoogleCredentials.getApplicationDefault().createScoped(FIREBASE_SCOPES);
+            return ApplicationDefaultCredentialsProvider.getApplicationDefault()
+                .createScoped(FIREBASE_SCOPES);
           } catch (IOException e) {
             throw new IllegalStateException(e);
           }
diff --git a/src/main/java/com/google/firebase/auth/internal/Utils.java b/src/main/java/com/google/firebase/auth/internal/Utils.java
index 487892df3..f4d082917 100644
--- a/src/main/java/com/google/firebase/auth/internal/Utils.java
+++ b/src/main/java/com/google/firebase/auth/internal/Utils.java
@@ -18,6 +18,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
+import com.google.firebase.internal.FirebaseProcessEnvironment;
 
 public class Utils {
   @VisibleForTesting
@@ -28,7 +29,7 @@ public static boolean isEmulatorMode() {
   }
 
   public static String getEmulatorHost() {
-    return System.getenv(AUTH_EMULATOR_HOST);
+    return FirebaseProcessEnvironment.getenv(AUTH_EMULATOR_HOST);
   }
 
 }
diff --git a/src/main/java/com/google/firebase/database/util/EmulatorHelper.java b/src/main/java/com/google/firebase/database/util/EmulatorHelper.java
index c4ef2ff25..11c358fc6 100644
--- a/src/main/java/com/google/firebase/database/util/EmulatorHelper.java
+++ b/src/main/java/com/google/firebase/database/util/EmulatorHelper.java
@@ -22,6 +22,7 @@
 import com.google.firebase.database.core.RepoInfo;
 import com.google.firebase.database.utilities.ParsedUrl;
 import com.google.firebase.database.utilities.Utilities;
+import com.google.firebase.internal.FirebaseProcessEnvironment;
 
 public final class EmulatorHelper {
 
@@ -33,7 +34,7 @@ private EmulatorHelper() {
       "FIREBASE_DATABASE_EMULATOR_HOST";
 
   public static String getEmulatorHostFromEnv() {
-    return System.getenv(FIREBASE_RTDB_EMULATOR_HOST_ENV_VAR);
+    return FirebaseProcessEnvironment.getenv(FIREBASE_RTDB_EMULATOR_HOST_ENV_VAR);
   }
 
   @VisibleForTesting
diff --git a/src/main/java/com/google/firebase/internal/ApplicationDefaultCredentialsProvider.java b/src/main/java/com/google/firebase/internal/ApplicationDefaultCredentialsProvider.java
new file mode 100644
index 000000000..93672bbe9
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/ApplicationDefaultCredentialsProvider.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2021 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import com.google.auth.oauth2.GoogleCredentials;
+import java.io.IOException;
+
+/**
+ * Provides a hook to override application default credentials (ADC) lookup for tests. ADC has
+ * a dependency on environment variables, and Java famously doesn't support environment variable
+ * manipulation at runtime. With this class, the test cases that require ADC has a way to register
+ * their own mock credentials as ADC.
+ *
+ * <p>Once we are able to upgrade to Mockito 3.x (requires Java 8+), we can drop this class
+ * altogether, and use Mockito tools to mock the behavior of the GoogleCredentials static methods.
+ */
+public class ApplicationDefaultCredentialsProvider {
+
+  private static GoogleCredentials cachedCredentials;
+
+  public static GoogleCredentials getApplicationDefault() throws IOException {
+    if (cachedCredentials != null) {
+      return cachedCredentials;
+    }
+
+    return GoogleCredentials.getApplicationDefault();
+  }
+
+  public static void setApplicationDefault(GoogleCredentials credentials) {
+    cachedCredentials = credentials;
+  }
+}
diff --git a/src/main/java/com/google/firebase/internal/FirebaseProcessEnvironment.java b/src/main/java/com/google/firebase/internal/FirebaseProcessEnvironment.java
new file mode 100644
index 000000000..a9c3022d4
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/FirebaseProcessEnvironment.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2021 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import com.google.common.base.Strings;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * A utility for overriding environment variables during tests.
+ */
+public class FirebaseProcessEnvironment {
+
+  private static final Map<String, String> localCache = new ConcurrentHashMap<>();
+
+  public static String getenv(String name) {
+    String cachedValue = localCache.get(name);
+    if (!Strings.isNullOrEmpty(cachedValue)) {
+      return  cachedValue;
+    }
+
+    return System.getenv(name);
+  }
+
+  public static void setenv(String name, String value) {
+    localCache.put(name, value);
+  }
+
+  public static void clearCache() {
+    localCache.clear();
+  }
+}
diff --git a/src/test/java/com/google/firebase/FirebaseAppTest.java b/src/test/java/com/google/firebase/FirebaseAppTest.java
index 56e025d22..a35aefe15 100644
--- a/src/test/java/com/google/firebase/FirebaseAppTest.java
+++ b/src/test/java/com/google/firebase/FirebaseAppTest.java
@@ -38,9 +38,10 @@
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import com.google.firebase.FirebaseApp.TokenRefresher;
 import com.google.firebase.database.FirebaseDatabase;
+import com.google.firebase.internal.ApplicationDefaultCredentialsProvider;
+import com.google.firebase.internal.FirebaseProcessEnvironment;
 import com.google.firebase.internal.FirebaseService;
 import com.google.firebase.testing.FirebaseAppRule;
 import com.google.firebase.testing.ServiceAccount;
@@ -62,7 +63,6 @@
 import java.util.concurrent.TimeUnit;
 import org.junit.AfterClass;
 import org.junit.Assert;
-import org.junit.BeforeClass;
 import org.junit.Rule;
 import org.junit.Test;
 import org.mockito.Mockito;
@@ -72,21 +72,19 @@
  */
 public class FirebaseAppTest {
 
+  private static final GoogleCredentials TEST_CREDENTIALS = TestUtils.getCertCredential(
+      ServiceAccount.EDITOR.asStream());
+
   private static final FirebaseOptions OPTIONS =
       FirebaseOptions.builder()
-          .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
+          .setCredentials(TEST_CREDENTIALS)
           .build();
 
   @Rule public FirebaseAppRule firebaseAppRule = new FirebaseAppRule();
 
-  @BeforeClass
-  public static void setupClass() throws IOException {
-    TestUtils.getApplicationDefaultCredentials();
-  }
-
   @AfterClass
   public static void tearDownClass() {
-    TestUtils.unsetEnvironmentVariables(ImmutableSet.of(FirebaseApp.FIREBASE_CONFIG_ENV_VAR));
+    FirebaseProcessEnvironment.clearCache();
   }
 
   @Test(expected = NullPointerException.class)
@@ -128,8 +126,7 @@ public void testGetProjectIdFromCredential() {
   public void testGetProjectIdFromEnvironment() {
     List<String> variables = ImmutableList.of("GCLOUD_PROJECT", "GOOGLE_CLOUD_PROJECT");
     for (String variable : variables) {
-      String gcloudProject = System.getenv(variable);
-      TestUtils.setEnvironmentVariables(ImmutableMap.of(variable, "project-id-1"));
+      FirebaseProcessEnvironment.setenv(variable, "project-id-1");
       FirebaseOptions options = FirebaseOptions.builder()
           .setCredentials(new MockGoogleCredentials())
           .build();
@@ -138,8 +135,7 @@ public void testGetProjectIdFromEnvironment() {
         String projectId = ImplFirebaseTrampolines.getProjectId(app);
         assertEquals("project-id-1", projectId);
       } finally {
-        TestUtils.setEnvironmentVariables(ImmutableMap.of(
-            variable, Strings.nullToEmpty(gcloudProject)));
+        FirebaseProcessEnvironment.clearCache();
       }
     }
   }
@@ -152,8 +148,8 @@ public void testProjectIdEnvironmentVariablePrecedence() {
     currentValues.put("GOOGLE_CLOUD_PROJECT", Strings.nullToEmpty(
         System.getenv("GOOGLE_CLOUD_PROJECT")));
 
-    TestUtils.setEnvironmentVariables(ImmutableMap.of(
-        "GCLOUD_PROJECT", "project-id-1", "GOOGLE_CLOUD_PROJECT", "project-id-2"));
+    FirebaseProcessEnvironment.setenv("GCLOUD_PROJECT", "project-id-1");
+    FirebaseProcessEnvironment.setenv("GOOGLE_CLOUD_PROJECT", "project-id-2");
     FirebaseOptions options = FirebaseOptions.builder()
         .setCredentials(new MockGoogleCredentials())
         .build();
@@ -162,7 +158,7 @@ public void testProjectIdEnvironmentVariablePrecedence() {
       String projectId = ImplFirebaseTrampolines.getProjectId(app);
       assertEquals("project-id-2", projectId);
     } finally {
-      TestUtils.setEnvironmentVariables(currentValues);
+      FirebaseProcessEnvironment.clearCache();
     }
   }
 
@@ -264,11 +260,7 @@ public void testGetNullApp() {
 
   @Test
   public void testToString() throws IOException {
-    FirebaseOptions options =
-        FirebaseOptions.builder()
-            .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
-            .build();
-    FirebaseApp app = FirebaseApp.initializeApp(options, "app");
+    FirebaseApp app = FirebaseApp.initializeApp(OPTIONS, "app");
     String pattern = "FirebaseApp\\{name=app}";
     assertTrue(app.toString().matches(pattern));
   }
@@ -503,23 +495,33 @@ public void testEmptyFirebaseConfigFile() {
   }
 
   @Test
-  public void testEmptyFirebaseConfigString() {
+  public void testEmptyFirebaseConfigString() throws IOException {
     setFirebaseConfigEnvironmentVariable("");
-    FirebaseApp firebaseApp = FirebaseApp.initializeApp();
-    assertNull(firebaseApp.getOptions().getProjectId());
-    assertNull(firebaseApp.getOptions().getStorageBucket());
-    assertNull(firebaseApp.getOptions().getDatabaseUrl());
-    assertTrue(firebaseApp.getOptions().getDatabaseAuthVariableOverride().isEmpty());
+    ApplicationDefaultCredentialsProvider.setApplicationDefault(TEST_CREDENTIALS);
+    try {
+      FirebaseApp firebaseApp = FirebaseApp.initializeApp();
+      assertNull(firebaseApp.getOptions().getProjectId());
+      assertNull(firebaseApp.getOptions().getStorageBucket());
+      assertNull(firebaseApp.getOptions().getDatabaseUrl());
+      assertTrue(firebaseApp.getOptions().getDatabaseAuthVariableOverride().isEmpty());
+    } finally {
+      ApplicationDefaultCredentialsProvider.setApplicationDefault(null);
+    }
   }
 
   @Test
-  public void testEmptyFirebaseConfigJSONObject() {
+  public void testEmptyFirebaseConfigJSONObject() throws IOException {
     setFirebaseConfigEnvironmentVariable("{}");
-    FirebaseApp firebaseApp = FirebaseApp.initializeApp();
-    assertNull(firebaseApp.getOptions().getProjectId());
-    assertNull(firebaseApp.getOptions().getStorageBucket());
-    assertNull(firebaseApp.getOptions().getDatabaseUrl());
-    assertTrue(firebaseApp.getOptions().getDatabaseAuthVariableOverride().isEmpty());
+    ApplicationDefaultCredentialsProvider.setApplicationDefault(TEST_CREDENTIALS);
+    try {
+      FirebaseApp firebaseApp = FirebaseApp.initializeApp();
+      assertNull(firebaseApp.getOptions().getProjectId());
+      assertNull(firebaseApp.getOptions().getStorageBucket());
+      assertNull(firebaseApp.getOptions().getDatabaseUrl());
+      assertTrue(firebaseApp.getOptions().getDatabaseAuthVariableOverride().isEmpty());
+    } finally {
+      ApplicationDefaultCredentialsProvider.setApplicationDefault(null);
+    }
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -541,21 +543,33 @@ public void testFirebaseConfigMissingFile() {
   }
 
   @Test
-  public void testFirebaseConfigFileWithSomeKeysMissing() {
+  public void testFirebaseConfigFileWithSomeKeysMissing() throws IOException {
     setFirebaseConfigEnvironmentVariable("firebase_config_partial.json");
-    FirebaseApp firebaseApp = FirebaseApp.initializeApp();
-    assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
-    assertEquals("https://hipster-chat.firebaseio.mock", firebaseApp.getOptions().getDatabaseUrl());
+    ApplicationDefaultCredentialsProvider.setApplicationDefault(TEST_CREDENTIALS);
+    try {
+      FirebaseApp firebaseApp = FirebaseApp.initializeApp();
+      assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
+      assertEquals("https://hipster-chat.firebaseio.mock", firebaseApp.getOptions().getDatabaseUrl());
+    } finally {
+      ApplicationDefaultCredentialsProvider.setApplicationDefault(null);
+    }
   }
 
   @Test
-  public void testValidFirebaseConfigFile() {
+  public void testValidFirebaseConfigFile() throws IOException {
     setFirebaseConfigEnvironmentVariable("firebase_config.json");
-    FirebaseApp firebaseApp = FirebaseApp.initializeApp();
-    assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
-    assertEquals("hipster-chat.appspot.mock", firebaseApp.getOptions().getStorageBucket());
-    assertEquals("https://hipster-chat.firebaseio.mock", firebaseApp.getOptions().getDatabaseUrl());
-    assertEquals("testuser", firebaseApp.getOptions().getDatabaseAuthVariableOverride().get("uid"));
+    ApplicationDefaultCredentialsProvider.setApplicationDefault(TEST_CREDENTIALS);
+    try {
+      FirebaseApp firebaseApp = FirebaseApp.initializeApp();
+      assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
+      assertEquals("hipster-chat.appspot.mock", firebaseApp.getOptions().getStorageBucket());
+      assertEquals(
+          "https://hipster-chat.firebaseio.mock", firebaseApp.getOptions().getDatabaseUrl());
+      assertEquals(
+          "testuser", firebaseApp.getOptions().getDatabaseAuthVariableOverride().get("uid"));
+    } finally {
+      ApplicationDefaultCredentialsProvider.setApplicationDefault(null);
+    }
   }
 
   @Test
@@ -569,7 +583,7 @@ public void testEnvironmentVariableIgnored() {
   }
 
   @Test
-  public void testValidFirebaseConfigString() {
+  public void testValidFirebaseConfigString() throws IOException {
     setFirebaseConfigEnvironmentVariable("{"
         + "\"databaseAuthVariableOverride\": {"
         +   "\"uid\":"
@@ -579,29 +593,44 @@ public void testValidFirebaseConfigString() {
         + "\"projectId\": \"hipster-chat-mock\","
         + "\"storageBucket\": \"hipster-chat.appspot.mock\""
         + "}");
-    FirebaseApp firebaseApp = FirebaseApp.initializeApp();
-    assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
-    assertEquals("hipster-chat.appspot.mock", firebaseApp.getOptions().getStorageBucket());
-    assertEquals("https://hipster-chat.firebaseio.mock", firebaseApp.getOptions().getDatabaseUrl());
-    assertEquals("testuser",
-        firebaseApp.getOptions().getDatabaseAuthVariableOverride().get("uid"));
+    ApplicationDefaultCredentialsProvider.setApplicationDefault(TEST_CREDENTIALS);
+    try {
+      FirebaseApp firebaseApp = FirebaseApp.initializeApp();
+      assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
+      assertEquals("hipster-chat.appspot.mock", firebaseApp.getOptions().getStorageBucket());
+      assertEquals("https://hipster-chat.firebaseio.mock", firebaseApp.getOptions().getDatabaseUrl());
+      assertEquals("testuser",
+          firebaseApp.getOptions().getDatabaseAuthVariableOverride().get("uid"));
+    } finally {
+      ApplicationDefaultCredentialsProvider.setApplicationDefault(null);
+    }
   }
 
   @Test
-  public void testFirebaseConfigFileIgnoresInvalidKey() {
+  public void testFirebaseConfigFileIgnoresInvalidKey() throws IOException {
     setFirebaseConfigEnvironmentVariable("firebase_config_invalid_key.json");
-    FirebaseApp firebaseApp = FirebaseApp.initializeApp();
-    assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
+    ApplicationDefaultCredentialsProvider.setApplicationDefault(TEST_CREDENTIALS);
+    try {
+      FirebaseApp firebaseApp = FirebaseApp.initializeApp();
+      assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
+    } finally {
+      ApplicationDefaultCredentialsProvider.setApplicationDefault(null);
+    }
   }
 
   @Test
-  public void testFirebaseConfigStringIgnoresInvalidKey() {
+  public void testFirebaseConfigStringIgnoresInvalidKey() throws IOException {
     setFirebaseConfigEnvironmentVariable("{"
         + "\"databaseUareL\": \"https://hipster-chat.firebaseio.mock\","
         + "\"projectId\": \"hipster-chat-mock\""
         + "}");
-    FirebaseApp firebaseApp = FirebaseApp.initializeApp();
-    assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
+    ApplicationDefaultCredentialsProvider.setApplicationDefault(TEST_CREDENTIALS);
+    try {
+      FirebaseApp firebaseApp = FirebaseApp.initializeApp();
+      assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
+    } finally {
+      ApplicationDefaultCredentialsProvider.setApplicationDefault(null);
+    }
   }
 
   @Test
@@ -618,9 +647,8 @@ private static void setFirebaseConfigEnvironmentVariable(String configJSON) {
     } else {
       configValue = new File("src/test/resources", configJSON).getAbsolutePath();
     }
-    Map<String, String> environmentVariables =
-        ImmutableMap.of(FirebaseApp.FIREBASE_CONFIG_ENV_VAR , configValue);
-    TestUtils.setEnvironmentVariables(environmentVariables);
+
+    FirebaseProcessEnvironment.setenv(FirebaseApp.FIREBASE_CONFIG_ENV_VAR, configValue);
   }
 
   private static FirebaseOptions getMockCredentialOptions() {
diff --git a/src/test/java/com/google/firebase/auth/EmulatorFirebaseTokenVerifierImplTest.java b/src/test/java/com/google/firebase/auth/EmulatorFirebaseTokenVerifierImplTest.java
index 0cc12c6f9..55ca7bf6c 100644
--- a/src/test/java/com/google/firebase/auth/EmulatorFirebaseTokenVerifierImplTest.java
+++ b/src/test/java/com/google/firebase/auth/EmulatorFirebaseTokenVerifierImplTest.java
@@ -29,11 +29,9 @@
 
 import com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager;
 import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import com.google.firebase.ErrorCode;
+import com.google.firebase.internal.FirebaseProcessEnvironment;
 import com.google.firebase.testing.ServiceAccount;
-import com.google.firebase.testing.TestUtils;
 import java.util.concurrent.TimeUnit;
 import org.junit.After;
 import org.junit.Before;
@@ -46,7 +44,7 @@ public class EmulatorFirebaseTokenVerifierImplTest {
   @Before
   public void setUp() throws Exception {
     // Set the Auth Emulator host prior to initialization
-    TestUtils.setEnvironmentVariables(ImmutableMap.of(AUTH_EMULATOR_HOST, "localhost:9099"));
+    FirebaseProcessEnvironment.setenv(AUTH_EMULATOR_HOST, "localhost:9099");
     ServiceAccount serviceAccount = ServiceAccount.EDITOR;
     GooglePublicKeysManager publicKeysManager = newPublicKeysManager(serviceAccount.getCert());
     this.tokenVerifier = newTestTokenVerifier(publicKeysManager);
@@ -55,7 +53,7 @@ public void setUp() throws Exception {
 
   @After
   public void tearDown() {
-    TestUtils.unsetEnvironmentVariables(ImmutableSet.of(AUTH_EMULATOR_HOST));
+    FirebaseProcessEnvironment.clearCache();
   }
 
   @Test
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
index d385e7e4e..8784193ac 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
@@ -31,12 +31,12 @@
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import com.google.firebase.ErrorCode;
 
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
+import com.google.firebase.internal.FirebaseProcessEnvironment;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
@@ -62,7 +62,7 @@ public class FirebaseAuthTest {
   @After
   public void cleanup() {
     // Cleanup for tests on Auth Emulator
-    TestUtils.unsetEnvironmentVariables(ImmutableSet.of("FIREBASE_AUTH_EMULATOR_HOST"));
+    FirebaseProcessEnvironment.clearCache();
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
   }
 
@@ -269,8 +269,7 @@ public void testVerifyIdTokenWithRevocationCheckFailure() {
   @Test
   public void testVerifyIdTokenWithEmulator() throws Exception {
     // Enable emulator mode
-    TestUtils.setEnvironmentVariables(
-        ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    FirebaseProcessEnvironment.setenv("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR);
     MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
         getFirebaseToken(VALID_SINCE + 1000));
     FirebaseAuth auth = getAuthForIdTokenVerificationWithRevocationCheck(tokenVerifier);
@@ -284,8 +283,7 @@ public void testVerifyIdTokenWithEmulator() throws Exception {
   @Test
   public void testVerifyIdTokenFailureWithEmulator() {
     // Enable emulator mode
-    TestUtils.setEnvironmentVariables(
-        ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    FirebaseProcessEnvironment.setenv("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR);
     MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
         getFirebaseToken(VALID_SINCE - 1000));
     FirebaseAuth auth = getAuthForIdTokenVerificationWithRevocationCheck(tokenVerifier);
diff --git a/src/test/java/com/google/firebase/auth/FirebaseTokenUtilsTest.java b/src/test/java/com/google/firebase/auth/FirebaseTokenUtilsTest.java
index ccc1ad6a9..a274c0b11 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseTokenUtilsTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseTokenUtilsTest.java
@@ -27,13 +27,11 @@
 import com.google.api.client.testing.http.FixedClock;
 import com.google.api.client.util.Clock;
 import com.google.auth.oauth2.GoogleCredentials;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
-import com.google.firebase.testing.TestUtils;
+import com.google.firebase.internal.FirebaseProcessEnvironment;
 import org.junit.After;
 import org.junit.Rule;
 import org.junit.Test;
@@ -51,7 +49,7 @@ public class FirebaseTokenUtilsTest {
 
   @After
   public void tearDown() {
-    TestUtils.unsetEnvironmentVariables(ImmutableSet.of("FIREBASE_AUTH_EMULATOR_HOST"));
+    FirebaseProcessEnvironment.clearCache();
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
   }
 
@@ -79,8 +77,7 @@ public void testCreateIdTokenVerifier() {
 
   @Test
   public void testCreateIdTokenVerifierForEmulator() {
-    TestUtils.setEnvironmentVariables(
-        ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    FirebaseProcessEnvironment.setenv("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR);
     FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(MOCK_CREDENTIALS)
         .setProjectId(TEST_PROJECT_ID)
@@ -130,8 +127,7 @@ public void testSessionCookieVerifier() {
 
   @Test
   public void testSessionCookieVerifierForEmulator() {
-    TestUtils.setEnvironmentVariables(
-        ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    FirebaseProcessEnvironment.setenv("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR);
     FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(MOCK_CREDENTIALS)
         .setProjectId(TEST_PROJECT_ID)
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index 83b98068d..cd43c0147 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -38,7 +38,6 @@
 import com.google.common.base.Supplier;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
@@ -48,6 +47,7 @@
 import com.google.firebase.auth.multitenancy.TenantAwareFirebaseAuth;
 import com.google.firebase.auth.multitenancy.TenantManager;
 import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.FirebaseProcessEnvironment;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.TestResponseInterceptor;
@@ -108,7 +108,7 @@ public class FirebaseUserManagerTest {
 
   @After
   public void tearDown() {
-    TestUtils.unsetEnvironmentVariables(ImmutableSet.of("FIREBASE_AUTH_EMULATOR_HOST"));
+    FirebaseProcessEnvironment.clearCache();
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
   }
 
@@ -2853,8 +2853,7 @@ public void testTenantAwareDeleteSamlProviderConfig() throws Exception {
 
   @Test
   public void testCreateOidcProviderFromEmulatorAuth() throws Exception {
-    TestUtils.setEnvironmentVariables(
-            ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    FirebaseProcessEnvironment.setenv("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR);
     TestResponseInterceptor interceptor = initializeAppForUserManagement(OIDC_RESPONSE);
     OidcProviderConfig.CreateRequest createRequest =
             new OidcProviderConfig.CreateRequest()
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
index b94038925..3e57dc3a1 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
@@ -34,8 +34,6 @@
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
@@ -46,6 +44,7 @@
 import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.auth.MockGoogleCredentials;
 import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.FirebaseProcessEnvironment;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.TestResponseInterceptor;
@@ -78,7 +77,7 @@ public class FirebaseTenantClientTest {
 
   @After
   public void tearDown() throws ReflectiveOperationException {
-    TestUtils.unsetEnvironmentVariables(ImmutableSet.of("FIREBASE_AUTH_EMULATOR_HOST"));
+    FirebaseProcessEnvironment.clearCache();
     TestOnlyImplFirebaseTrampolines.clearInstancesForTest();
   }
 
@@ -323,8 +322,7 @@ public void testDeleteTenantWithNotFoundError() {
 
   @Test
   public void testGetTenantFromAuthEmulator() throws Exception {
-    TestUtils.setEnvironmentVariables(
-            ImmutableMap.of("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR));
+    FirebaseProcessEnvironment.setenv("FIREBASE_AUTH_EMULATOR_HOST", AUTH_EMULATOR);
     TestResponseInterceptor interceptor = initializeAppForTenantManagement(
             TestUtils.loadResource("tenant.json"));
 
diff --git a/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java b/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java
index 2bdc6185e..3dc23746d 100644
--- a/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java
+++ b/src/test/java/com/google/firebase/database/FirebaseDatabaseTest.java
@@ -23,15 +23,13 @@
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.fail;
 
-import com.google.auth.oauth2.GoogleCredentials;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.database.util.EmulatorHelper;
+import com.google.firebase.internal.FirebaseProcessEnvironment;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestUtils;
 import java.io.IOException;
@@ -220,9 +218,9 @@ public void testDbUrlIsEmulatorUrlWhenSettingOptionsManually() throws IOExceptio
     for (CustomTestCase tc : testCases) {
       try {
         FirebaseApp app = FirebaseApp.initializeApp(firebaseOptionsWithoutDatabaseUrl);
-        TestUtils.setEnvironmentVariables(
-            ImmutableMap.of(EmulatorHelper.FIREBASE_RTDB_EMULATOR_HOST_ENV_VAR,
-                Strings.nullToEmpty(tc.envVariableUrl)));
+        FirebaseProcessEnvironment.setenv(
+            EmulatorHelper.FIREBASE_RTDB_EMULATOR_HOST_ENV_VAR,
+            Strings.nullToEmpty(tc.envVariableUrl));
         FirebaseDatabase instance = FirebaseDatabase.getInstance(app, tc.rootDbUrl);
         assertEquals(tc.expectedEmulatorRootUrl,
             instance.getReference().repo.getRepoInfo().toString());
@@ -230,8 +228,7 @@ public void testDbUrlIsEmulatorUrlWhenSettingOptionsManually() throws IOExceptio
         // clean up after
         app.delete();
       } finally {
-        TestUtils.unsetEnvironmentVariables(
-            ImmutableSet.of(EmulatorHelper.FIREBASE_RTDB_EMULATOR_HOST_ENV_VAR));
+        FirebaseProcessEnvironment.clearCache();
       }
     }
   }
@@ -257,9 +254,9 @@ public void testDbUrlIsEmulatorUrlForDbRefWithPath() throws IOException {
     for (CustomTestCase tc : testCases) {
       try {
         FirebaseApp app = FirebaseApp.initializeApp(firebaseOptionsWithoutDatabaseUrl);
-        TestUtils.setEnvironmentVariables(
-            ImmutableMap.of(EmulatorHelper.FIREBASE_RTDB_EMULATOR_HOST_ENV_VAR,
-                Strings.nullToEmpty(tc.envVariableUrl)));
+        FirebaseProcessEnvironment.setenv(
+            EmulatorHelper.FIREBASE_RTDB_EMULATOR_HOST_ENV_VAR,
+            Strings.nullToEmpty(tc.envVariableUrl));
         FirebaseDatabase instance = FirebaseDatabase.getInstance(app, tc.rootDbUrl);
         DatabaseReference dbRef = instance.getReferenceFromUrl(tc.pathUrl);
         assertEquals(tc.expectedEmulatorRootUrl, dbRef.repo.getRepoInfo().toString());
@@ -269,8 +266,7 @@ public void testDbUrlIsEmulatorUrlForDbRefWithPath() throws IOException {
         app.delete();
 
       } finally {
-        TestUtils.unsetEnvironmentVariables(
-            ImmutableSet.of(EmulatorHelper.FIREBASE_RTDB_EMULATOR_HOST_ENV_VAR));
+        FirebaseProcessEnvironment.clearCache();
       }
     }
   }
diff --git a/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java b/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
index 3d0c55024..1c0a24c11 100644
--- a/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
+++ b/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
@@ -193,7 +193,12 @@ public static class ResponseInfo {
 
     private ResponseInfo(HttpResponse response) throws IOException {
       this.status = response.getStatusCode();
-      this.payload = ByteStreams.toByteArray(response.getContent());
+      InputStream in = response.getContent();
+      if (in != null) {
+        this.payload = ByteStreams.toByteArray(in);
+      } else {
+        this.payload = new byte[0];
+      }
     }
 
     public int getStatus() {
diff --git a/src/test/java/com/google/firebase/testing/TestUtils.java b/src/test/java/com/google/firebase/testing/TestUtils.java
index e44ca2be8..59f6b7195 100644
--- a/src/test/java/com/google/firebase/testing/TestUtils.java
+++ b/src/test/java/com/google/firebase/testing/TestUtils.java
@@ -18,7 +18,6 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
-import com.google.api.client.googleapis.testing.auth.oauth2.MockTokenServerTransport;
 import com.google.api.client.http.EmptyContent;
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpRequest;
@@ -28,32 +27,20 @@
 import com.google.api.client.json.webtoken.JsonWebSignature;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpRequest;
-import com.google.auth.http.HttpTransportFactory;
 import com.google.auth.oauth2.GoogleCredentials;
-import com.google.common.collect.ImmutableMap;
 import com.google.common.io.CharStreams;
-import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.lang.reflect.Field;
-import java.lang.reflect.Modifier;
 import java.security.PublicKey;
-import java.util.Collections;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
-import java.util.Set;
 
 /** Test Utils for use by all tests (both unit and integration tests). */
 public class TestUtils {
 
   public static final long TEST_TIMEOUT_MILLIS = 7 * 1000;
-  private static final String TEST_ADC_ACCESS_TOKEN = "test-adc-access-token";
   private static final GenericUrl TEST_URL = new GenericUrl("https://firebase.google.com");
 
-  private static GoogleCredentials defaultCredentials;
-
   public static boolean verifySignature(JsonWebSignature token, List<PublicKey> keys)
       throws Exception {
     for (PublicKey key : keys) {
@@ -64,52 +51,6 @@ public static boolean verifySignature(JsonWebSignature token, List<PublicKey> ke
     return false;
   }
 
-  public static void setEnvironmentVariables(Map<String, String> vars) {
-    // Setting the environment variables after the JVM has started requires a bit of a hack:
-    // we reach into the package-private java.lang.ProcessEnvironment class, which incidentally
-    // is platform-specific, and replace the map held in a static final field there,
-    // using yet more reflection.
-    //
-    // This is copied from {#see com.google.apphosting.runtime.NullSandboxPlugin}
-    Map<String, String> allVars = new HashMap<>(System.getenv());
-    allVars.putAll(vars);
-    try {
-      Class<?> pe = Class.forName("java.lang.ProcessEnvironment", true, null);
-      Field f = pe.getDeclaredField("theUnmodifiableEnvironment");
-      f.setAccessible(true);
-      Field m = Field.class.getDeclaredField("modifiers");
-      m.setAccessible(true);
-      m.setInt(f, m.getInt(f) & ~Modifier.FINAL);
-      f.set(null, Collections.unmodifiableMap(allVars));
-    } catch (ReflectiveOperationException e) {
-      throw new RuntimeException("failed to set the environment variables", e);
-    }
-  }
-
-  public static void unsetEnvironmentVariables(Set<String> vars) {
-    // Unsetting the environment variables after the JVM has started requires a bit of a hack:
-    // we reach into the package-private java.lang.ProcessEnvironment class, which incidentally
-    // is platform-specific, and replace the map held in a static final field there,
-    // using yet more reflection.
-    //
-    // This is copied from {#see com.google.apphosting.runtime.NullSandboxPlugin}
-    Map<String, String> allVars = new HashMap<>(System.getenv());
-    for (String var : vars) {
-      allVars.remove(var);
-    }
-    try {
-      Class<?> pe = Class.forName("java.lang.ProcessEnvironment", true, null);
-      Field f = pe.getDeclaredField("theUnmodifiableEnvironment");
-      f.setAccessible(true);
-      Field m = Field.class.getDeclaredField("modifiers");
-      m.setAccessible(true);
-      m.setInt(f, m.getInt(f) & ~Modifier.FINAL);
-      f.set(null, Collections.unmodifiableMap(allVars));
-    } catch (ReflectiveOperationException e) {
-      throw new RuntimeException("failed to unset the environment variables", e);
-    }
-  }
-
   public static String loadResource(String path) {
     InputStream stream = TestUtils.class.getClassLoader().getResourceAsStream(path);
     checkNotNull(stream, "Failed to load resource: %s", path);
@@ -128,35 +69,6 @@ public static GoogleCredentials getCertCredential(InputStream stream) {
     }
   }
 
-  /**
-   * Ensures initialization of Google Application Default Credentials. Any test that depends on
-   * ADC should consider this as a fixture, and invoke it before hand. Since ADC are initialized
-   * once per JVM, this makes sure that all dependent tests get the same ADC instance, and
-   * can reliably reason about the tokens minted using it.
-   */
-  public static synchronized GoogleCredentials getApplicationDefaultCredentials()
-      throws IOException {
-    if (defaultCredentials != null) {
-      return defaultCredentials;
-    }
-    final MockTokenServerTransport transport = new MockTokenServerTransport(
-        "https://accounts.google.com/o/oauth2/token");
-    transport.addServiceAccount(ServiceAccount.EDITOR.getEmail(), TEST_ADC_ACCESS_TOKEN);
-    File serviceAccount = new File("src/test/resources/service_accounts", "editor.json");
-    Map<String, String> environmentVariables =
-        ImmutableMap.<String, String>builder()
-            .put("GOOGLE_APPLICATION_CREDENTIALS", serviceAccount.getAbsolutePath())
-            .build();
-    setEnvironmentVariables(environmentVariables);
-    defaultCredentials = GoogleCredentials.getApplicationDefault(new HttpTransportFactory() {
-      @Override
-      public HttpTransport create() {
-        return transport;
-      }
-    });
-    return defaultCredentials;
-  }
-
   public static HttpRequest createRequest() throws IOException {
     return createRequest(new MockLowLevelHttpRequest());
   }

From 3aa5124c905deb30caac7c388489a951160dd9c7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Jun 2021 16:19:01 -0700
Subject: [PATCH 083/354] chore(deps): bump slf4j-api from 1.7.30 to 1.7.31
 (#574)

Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.30 to 1.7.31.
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](https://github.com/qos-ch/slf4j/compare/v_1.7.30...v_1.7.31)

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 675bcb049..58102dd21 100644
--- a/pom.xml
+++ b/pom.xml
@@ -446,7 +446,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.30</version>
+            <version>1.7.31</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From 70e3507fca4e0ced75d1740f85cb49d02baca354 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Jun 2021 17:38:41 -0700
Subject: [PATCH 084/354] chore(deps): bump maven-source-plugin from 2.2.1 to
 3.2.1 (#563)

Bumps [maven-source-plugin](https://github.com/apache/maven-source-plugin) from 2.2.1 to 3.2.1.
- [Release notes](https://github.com/apache/maven-source-plugin/releases)
- [Commits](https://github.com/apache/maven-source-plugin/compare/maven-source-plugin-2.2.1...maven-source-plugin-3.2.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 58102dd21..0b83ff84b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -298,7 +298,7 @@
             <!-- Package Phase -->
             <plugin>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>2.2.1</version>
+                <version>3.2.1</version>
                 <executions>
                     <execution>
                         <id>attach-sources</id>

From a8ca85178be90ce04a7f6164b017d43caa0f660c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Jun 2021 17:42:59 -0700
Subject: [PATCH 085/354] chore(deps): bump maven-javadoc-plugin from 3.2.0 to
 3.3.0 (#572)

Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.2.0...maven-javadoc-plugin-3.3.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0b83ff84b..98faf9fae 100644
--- a/pom.xml
+++ b/pom.xml
@@ -99,7 +99,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.2.0</version>
+                        <version>3.3.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -310,7 +310,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.2.0</version>
+                <version>3.3.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 49c3f580c6d35892190375f4b3d25e0171cc0cf3 Mon Sep 17 00:00:00 2001
From: chong-shao <31256040+chong-shao@users.noreply.github.com>
Date: Mon, 28 Jun 2021 10:00:52 -0700
Subject: [PATCH 086/354] Drop 500 from the retriable errorcode list (#576)

---
 src/main/java/com/google/firebase/internal/ApiClientUtils.java  | 2 +-
 .../java/com/google/firebase/internal/ApiClientUtilsTest.java   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/google/firebase/internal/ApiClientUtils.java b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
index 723fc6d52..e586bd11f 100644
--- a/src/main/java/com/google/firebase/internal/ApiClientUtils.java
+++ b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
@@ -34,7 +34,7 @@ public class ApiClientUtils {
 
   static final RetryConfig DEFAULT_RETRY_CONFIG = RetryConfig.builder()
       .setMaxRetries(4)
-      .setRetryStatusCodes(ImmutableList.of(500, 503))
+      .setRetryStatusCodes(ImmutableList.of(503))
       .setMaxIntervalMillis(60 * 1000)
       .build();
 
diff --git a/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java b/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java
index c19f5f567..f23c7a34d 100644
--- a/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java
+++ b/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java
@@ -66,7 +66,7 @@ public void testAuthorizedHttpClient() throws IOException {
     assertEquals(4, retryConfig.getMaxRetries());
     assertEquals(60 * 1000, retryConfig.getMaxIntervalMillis());
     assertFalse(retryConfig.isRetryOnIOExceptions());
-    assertEquals(retryConfig.getRetryStatusCodes(), ImmutableList.of(500, 503));
+    assertEquals(retryConfig.getRetryStatusCodes(), ImmutableList.of(503));
   }
 
   @Test

From d7da40ee26fddcc445883b9f6247baf61c5ecc2e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Jun 2021 10:31:17 -0700
Subject: [PATCH 087/354] chore(deps): bump google-api-client-bom from 1.31.5
 to 1.32.1 (#577)

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 1.31.5 to 1.32.1.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/master/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.31.5...v1.32.1)

---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 98faf9fae..60571a5a4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -400,7 +400,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.31.5</version>
+                <version>1.32.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 579d1d1ccc1549166dbeaa9486f22dd20f48da1c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Jun 2021 10:34:37 -0700
Subject: [PATCH 088/354] chore(deps): bump libraries-bom from 20.6.0 to 20.7.0
 (#578)

Bumps [libraries-bom](https://github.com/GoogleCloudPlatform/cloud-opensource-java) from 20.6.0 to 20.7.0.
- [Release notes](https://github.com/GoogleCloudPlatform/cloud-opensource-java/releases)
- [Changelog](https://github.com/GoogleCloudPlatform/cloud-opensource-java/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/cloud-opensource-java/commits)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 60571a5a4..9985929bb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -393,7 +393,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>20.6.0</version>
+                <version>20.7.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 91f6705dbd7fe2c7a8d5683792b8379b6834a380 Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Wed, 30 Jun 2021 12:17:27 -0700
Subject: [PATCH 089/354] [chore] Release 8.0.0 (#579)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 9985929bb..2bfa62fdd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>7.3.0</version>
+    <version>8.0.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From bfc8d95506d229d4e3f3b6cf92918f7bb5cc1c99 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 7 Jul 2021 15:48:01 -0400
Subject: [PATCH 090/354] Set trimStackTrace property to false (#580)

Set `trimStackTrace` to `false` in mvn failsafe plugin.
This will print the full stack trace for failed integration tests making it easier to investigate nightly build failures.
---
 .github/scripts/package_artifacts.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/scripts/package_artifacts.sh b/.github/scripts/package_artifacts.sh
index 6e993066e..30d998c75 100755
--- a/.github/scripts/package_artifacts.sh
+++ b/.github/scripts/package_artifacts.sh
@@ -28,7 +28,7 @@ echo "${FIREBASE_API_KEY}" > integration_apikey.txt
 #  3. Runs the unit tests (test phase)
 #  4. Packages the artifacts - src, bin, javadocs (package phase)
 #  5. Runs the integration tests (verify phase)
-mvn -B clean verify
+mvn -DtrimStackTrace=false -B clean verify
 
 # Maven target directory can consist of many files. Just copy the jar artifacts
 # into a new directory for upload.

From 1a5ab1c88c6dbcfa9a84b0db1340ae5045cf8bec Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Jul 2021 16:29:18 -0700
Subject: [PATCH 091/354] chore(deps): bump libraries-bom from 20.7.0 to 20.8.0
 (#581)

Bumps [libraries-bom](https://github.com/GoogleCloudPlatform/cloud-opensource-java) from 20.7.0 to 20.8.0.
- [Release notes](https://github.com/GoogleCloudPlatform/cloud-opensource-java/releases)
- [Changelog](https://github.com/GoogleCloudPlatform/cloud-opensource-java/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/cloud-opensource-java/commits)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2bfa62fdd..57ee68bd0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -393,7 +393,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>20.7.0</version>
+                <version>20.8.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 1568699bc239fc51aae3d6d39332ce187e1880d3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Jul 2021 16:17:06 -0700
Subject: [PATCH 092/354] chore(deps): bump netty.version from 4.1.65.Final to
 4.1.66.Final (#582)

Bumps `netty.version` from 4.1.65.Final to 4.1.66.Final.

Updates `netty-codec-http` from 4.1.65.Final to 4.1.66.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.65.Final...netty-4.1.66.Final)

Updates `netty-handler` from 4.1.65.Final to 4.1.66.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.65.Final...netty-4.1.66.Final)

Updates `netty-transport` from 4.1.65.Final to 4.1.66.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.65.Final...netty-4.1.66.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 57ee68bd0..7753b6e37 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.65.Final</netty.version>
+        <netty.version>4.1.66.Final</netty.version>
     </properties>
 
     <scm>

From 0ea84bc7b18a83bfe09d75da050659940962625b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Jul 2021 10:44:29 -0700
Subject: [PATCH 093/354] chore(deps): bump libraries-bom from 20.8.0 to 20.9.0
 (#583)

Bumps [libraries-bom](https://github.com/GoogleCloudPlatform/cloud-opensource-java) from 20.8.0 to 20.9.0.
- [Release notes](https://github.com/GoogleCloudPlatform/cloud-opensource-java/releases)
- [Changelog](https://github.com/GoogleCloudPlatform/cloud-opensource-java/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/cloud-opensource-java/commits)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 7753b6e37..89e5faf38 100644
--- a/pom.xml
+++ b/pom.xml
@@ -393,7 +393,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>20.8.0</version>
+                <version>20.9.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From b071b03674ee0694dc3b06438295227853201617 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Jul 2021 10:45:07 -0700
Subject: [PATCH 094/354] chore(deps): bump slf4j-api from 1.7.31 to 1.7.32
 (#584)

Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.31 to 1.7.32.
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](https://github.com/qos-ch/slf4j/commits)

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 89e5faf38..73f8e2786 100644
--- a/pom.xml
+++ b/pom.xml
@@ -446,7 +446,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.31</version>
+            <version>1.7.32</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From 2d50628d5d12f9c8bf582d14ca52d263bae0a534 Mon Sep 17 00:00:00 2001
From: Leo <39062083+lsirac@users.noreply.github.com>
Date: Mon, 9 Aug 2021 15:07:13 -0700
Subject: [PATCH 095/354] fix(auth): check if the user is disabled on
 checkRevoked=true for verifyIdToken and verifySessionCookie (#585)

* fix(auth): check if the user is disabled on checkRevoked=true for verifyIdToken and verifySessionCookie

* fix: review comments
---
 .../firebase/auth/AbstractFirebaseAuth.java   | 11 ++-
 .../google/firebase/auth/AuthErrorCode.java   |  5 ++
 .../auth/RevocationCheckDecorator.java        | 24 ++++--
 .../google/firebase/auth/FirebaseAuthIT.java  | 86 +++++++++++++++++++
 .../firebase/auth/FirebaseAuthTest.java       | 70 +++++++++++++++
 5 files changed, 184 insertions(+), 12 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
index e9f1a4320..d1b4a513e 100644
--- a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -256,11 +256,13 @@ public FirebaseToken verifyIdToken(@NonNull String idToken) throws FirebaseAuthE
    * API call.
    *
    * @param idToken A Firebase ID token string to parse and verify.
-   * @param checkRevoked A boolean denoting whether to check if the tokens were revoked.
+   * @param checkRevoked A boolean denoting whether to check if the tokens were revoked or if
+   *                     the user is disabled.
    * @return A {@link FirebaseToken} representing the verified and decoded token.
    * @throws IllegalArgumentException If the token is null, empty, or if the {@link FirebaseApp}
    *     instance does not have a project ID associated with it.
-   * @throws FirebaseAuthException If an error occurs while parsing or validating the token.
+   * @throws FirebaseAuthException If an error occurs while parsing or validating the token, or if
+   *     the user is disabled.
    */
   public FirebaseToken verifyIdToken(@NonNull String idToken, boolean checkRevoked)
       throws FirebaseAuthException {
@@ -343,8 +345,11 @@ public FirebaseToken verifySessionCookie(String cookie) throws FirebaseAuthExcep
    * checkRevoked} is true, throws a {@link FirebaseAuthException}.
    *
    * @param cookie A Firebase session cookie string to verify and parse.
-   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
+   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked
+   *                    or if the user is disabled.
    * @return A {@link FirebaseToken} representing the verified and decoded cookie.
+   * @throws FirebaseAuthException If an error occurs while parsing or validating the token, or if
+   *     the user is disabled.
    */
   public FirebaseToken verifySessionCookie(String cookie, boolean checkRevoked)
       throws FirebaseAuthException {
diff --git a/src/main/java/com/google/firebase/auth/AuthErrorCode.java b/src/main/java/com/google/firebase/auth/AuthErrorCode.java
index aa2821475..90b5da1a2 100644
--- a/src/main/java/com/google/firebase/auth/AuthErrorCode.java
+++ b/src/main/java/com/google/firebase/auth/AuthErrorCode.java
@@ -108,4 +108,9 @@ public enum AuthErrorCode {
    * No user record found for the given identifier.
    */
   USER_NOT_FOUND,
+
+  /**
+   * The user record is disabled.
+   */
+  USER_DISABLED,
 }
diff --git a/src/main/java/com/google/firebase/auth/RevocationCheckDecorator.java b/src/main/java/com/google/firebase/auth/RevocationCheckDecorator.java
index 74cda69c9..9a99fd5df 100644
--- a/src/main/java/com/google/firebase/auth/RevocationCheckDecorator.java
+++ b/src/main/java/com/google/firebase/auth/RevocationCheckDecorator.java
@@ -51,7 +51,21 @@ private RevocationCheckDecorator(
   @Override
   public FirebaseToken verifyToken(String token) throws FirebaseAuthException {
     FirebaseToken firebaseToken = tokenVerifier.verifyToken(token);
-    if (isRevoked(firebaseToken)) {
+    validateDisabledOrRevoked(firebaseToken);
+    return firebaseToken;
+  }
+
+  private void validateDisabledOrRevoked(FirebaseToken firebaseToken) throws FirebaseAuthException {
+    UserRecord user = userManager.getUserById(firebaseToken.getUid());
+    if (user.isDisabled()) {
+      throw new FirebaseAuthException(ErrorCode.INVALID_ARGUMENT,
+          "The user record is disabled.",
+          /* cause= */ null,
+          /* response= */ null,
+          AuthErrorCode.USER_DISABLED);
+    }
+    long issuedAtInSeconds = (long) firebaseToken.getClaims().get("iat");
+    if (user.getTokensValidAfterTimestamp() > issuedAtInSeconds * 1000) {
       throw new FirebaseAuthException(
           ErrorCode.INVALID_ARGUMENT,
           "Firebase " + shortName + " is revoked.",
@@ -59,14 +73,6 @@ public FirebaseToken verifyToken(String token) throws FirebaseAuthException {
           null,
           errorCode);
     }
-
-    return firebaseToken;
-  }
-
-  private boolean isRevoked(FirebaseToken firebaseToken) throws FirebaseAuthException {
-    UserRecord user = userManager.getUserById(firebaseToken.getUid());
-    long issuedAtInSeconds = (long) firebaseToken.getClaims().get("iat");
-    return user.getTokensValidAfterTimestamp() > issuedAtInSeconds * 1000;
   }
 
   static RevocationCheckDecorator decorateIdTokenVerifier(
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index 954850100..5862450ae 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -625,6 +625,46 @@ public void testVerifyIdToken() throws Exception {
     auth.deleteUserAsync("user2");
   }
 
+  @Test
+  public void testVerifyIdTokenUserDisabled() throws Exception {
+    RandomUser user = UserTestUtils.generateRandomUserInfo();
+    String customToken = auth.createCustomToken(user.getUid());
+    String idToken = signInWithCustomToken(customToken);
+
+    temporaryUser.registerUid(user.getUid());
+
+    // User is not disabled, this should not throw an exception.
+    FirebaseToken decoded = auth.verifyIdToken(idToken, /* checkRevoked= */true);
+    assertEquals(user.getUid(), decoded.getUid());
+
+    // Disable the user record.
+    auth.updateUser(new UserRecord.UpdateRequest(user.getUid()).setDisabled(true));
+
+    // Verify the ID token without checking revocation. This should not throw an exception.
+    decoded = auth.verifyIdToken(idToken);
+    assertEquals(user.getUid(), decoded.getUid());
+
+    // Verify the ID token while checking revocation. This should throw an exception.
+    try {
+      auth.verifyIdToken(idToken, /* checkRevoked= */true);
+      fail("Should throw a FirebaseAuthException since the user is disabled.");
+    } catch (FirebaseAuthException e) {
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals(AuthErrorCode.USER_DISABLED, e.getAuthErrorCode());
+      assertEquals("The user record is disabled.", e.getMessage());
+    }
+
+    // Revoke the tokens for the user. The USER_DISABLED should take precedence over
+    // the revocation error.
+    auth.revokeRefreshTokens(user.getUid());
+    try {
+      auth.verifyIdToken(idToken, /* checkRevoked= */ true);
+      fail("Should throw an exception as the ID tokens are revoked.");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthErrorCode.USER_DISABLED, e.getAuthErrorCode());
+    }
+  }
+
   @Test
   public void testVerifySessionCookie() throws Exception {
     String customToken = auth.createCustomTokenAsync("user3").get();
@@ -661,6 +701,52 @@ public void testVerifySessionCookie() throws Exception {
     auth.deleteUserAsync("user3");
   }
 
+  @Test
+  public void testVerifySessionCookieUserDisabled() throws Exception {
+    RandomUser user = UserTestUtils.generateRandomUserInfo();
+    String customToken = auth.createCustomToken(user.getUid());
+    String idToken = signInWithCustomToken(customToken);
+
+    temporaryUser.registerUid(user.getUid());
+
+    SessionCookieOptions options = SessionCookieOptions.builder()
+        .setExpiresIn(TimeUnit.HOURS.toMillis(1))
+        .build();
+    String sessionCookie = auth.createSessionCookieAsync(idToken, options).get();
+    assertFalse(Strings.isNullOrEmpty(sessionCookie));
+
+    // User is not disabled, this should not throw an exception.
+    FirebaseToken decoded = auth.verifySessionCookie(sessionCookie, /* checkRevoked= */true);
+    assertEquals(user.getUid(), decoded.getUid());
+
+    // Disable the user record.
+    auth.updateUser(new UserRecord.UpdateRequest(user.getUid()).setDisabled(true));
+
+    // Verify the session cookie without checking revocation. This should not throw an exception.
+    decoded = auth.verifySessionCookie(sessionCookie);
+    assertEquals(user.getUid(), decoded.getUid());
+
+    // Verify the session cookie while checking revocation. This should throw an exception.
+    try {
+      auth.verifySessionCookie(sessionCookie, /* checkRevoked= */true);
+      fail("Should throw a FirebaseAuthException since the user is disabled.");
+    } catch (FirebaseAuthException e) {
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals(AuthErrorCode.USER_DISABLED, e.getAuthErrorCode());
+      assertEquals("The user record is disabled.", e.getMessage());
+    }
+
+    // Revoke the tokens for the user. The USER_DISABLED should take precedence over
+    // the revocation error.
+    auth.revokeRefreshTokens(user.getUid());
+    try {
+      auth.verifySessionCookie(sessionCookie, /* checkRevoked= */ true);
+      fail("Should throw an exception as the tokens are revoked.");
+    } catch (FirebaseAuthException e) {
+      assertEquals(AuthErrorCode.USER_DISABLED, e.getAuthErrorCode());
+    }
+  }
+
   @Test
   public void testCustomTokenWithClaims() throws Exception {
     Map<String, Object> devClaims = ImmutableMap.<String, Object>of(
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
index 8784193ac..da46b6322 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthTest.java
@@ -25,6 +25,8 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
+import com.google.api.client.json.GenericJson;
+import com.google.api.client.json.JsonParser;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.api.core.ApiFuture;
@@ -36,10 +38,15 @@
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
+import com.google.firebase.internal.ApiClientUtils;
 import com.google.firebase.internal.FirebaseProcessEnvironment;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Map;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
@@ -246,6 +253,22 @@ public void testVerifyIdTokenWithRevocationCheck() throws Exception {
     assertEquals("idtoken", tokenVerifier.getLastTokenString());
   }
 
+  @Test
+  public void testVerifyIdTokenWithRevocationCheckAndUserDisabled() throws Exception {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
+        getFirebaseToken(VALID_SINCE + 1000));
+    FirebaseAuth auth =
+        getAuthForIdTokenVerificationWithRevocationCheckWithDisabledUser(tokenVerifier);
+    try {
+      auth.verifyIdToken("idtoken", true);
+      fail("No exception thrown for disabled user.");
+    } catch (FirebaseAuthException e) {
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals(AuthErrorCode.USER_DISABLED, e.getAuthErrorCode());
+      assertEquals("The user record is disabled.", e.getMessage());
+    }
+  }
+
   @Test
   public void testVerifyIdTokenWithRevocationCheckFailure() {
     MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
@@ -444,6 +467,22 @@ public void testVerifySessionCookieWithRevocationCheck() throws Exception {
     assertEquals("cookie", tokenVerifier.getLastTokenString());
   }
 
+  @Test
+  public void testVerifySessionCookieWithRevocationCheckAndUserDisabled() throws Exception {
+    MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
+        getFirebaseToken(VALID_SINCE + 1000));
+    FirebaseAuth auth =
+        getAuthForSessionCookieVerificationWithRevocationCheckAndUserDisabled(tokenVerifier);
+    try {
+      auth.verifySessionCookie("cookie", true);
+      fail("No exception thrown for disabled user.");
+    } catch (FirebaseAuthException e) {
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertEquals(AuthErrorCode.USER_DISABLED, e.getAuthErrorCode());
+      assertEquals("The user record is disabled.", e.getMessage());
+    }
+  }
+
   @Test
   public void testVerifySessionCookieWithRevocationCheckFailure() {
     MockTokenVerifier tokenVerifier = MockTokenVerifier.fromResult(
@@ -513,6 +552,12 @@ FirebaseAuth getAuthForIdTokenVerificationWithRevocationCheck(
     return getAuthForIdTokenVerification(app, Suppliers.ofInstance(tokenVerifier));
   }
 
+  FirebaseAuth getAuthForIdTokenVerificationWithRevocationCheckWithDisabledUser(
+      FirebaseTokenVerifier tokenVerifier) throws IOException {
+    FirebaseApp app = getFirebaseAppForDisabledUserRetrieval();
+    return getAuthForIdTokenVerification(app, Suppliers.ofInstance(tokenVerifier));
+  }
+
   private FirebaseAuth getAuthForIdTokenVerification(FirebaseTokenVerifier tokenVerifier) {
     return getAuthForIdTokenVerification(Suppliers.ofInstance(tokenVerifier));
   }
@@ -540,6 +585,12 @@ FirebaseAuth getAuthForSessionCookieVerificationWithRevocationCheck(
     return getAuthForSessionCookieVerification(app, Suppliers.ofInstance(tokenVerifier));
   }
 
+  FirebaseAuth getAuthForSessionCookieVerificationWithRevocationCheckAndUserDisabled(
+      FirebaseTokenVerifier tokenVerifier) throws IOException {
+    FirebaseApp app = getFirebaseAppForDisabledUserRetrieval();
+    return getAuthForSessionCookieVerification(app, Suppliers.ofInstance(tokenVerifier));
+  }
+
   private FirebaseAuth getAuthForSessionCookieVerification(FirebaseTokenVerifier tokenVerifier) {
     return getAuthForSessionCookieVerification(Suppliers.ofInstance(tokenVerifier));
   }
@@ -573,6 +624,25 @@ private FirebaseApp getFirebaseAppForUserRetrieval() {
         .build());
   }
 
+  private FirebaseApp getFirebaseAppForDisabledUserRetrieval() throws IOException {
+    String getUserResponse = TestUtils.loadResource("getUser.json");
+    JsonParser parser = ApiClientUtils.getDefaultJsonFactory().createJsonParser(getUserResponse);
+    GenericJson json =
+        parser.parseAndClose(GenericJson.class);
+    Map<String, Object> users =
+        ((ArrayList<Map<String, Object>>) json.get("users")).get(0);
+    users.put("disabled", true);
+
+    MockHttpTransport transport = new MockHttpTransport.Builder()
+        .setLowLevelHttpResponse(new MockLowLevelHttpResponse().setContent(json.toString()))
+        .build();
+    return FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(new MockGoogleCredentials("test-token"))
+        .setHttpTransport(transport)
+        .setProjectId("test-project-id")
+        .build());
+  }
+
   public static TestResponseInterceptor setUserManager(
       AbstractFirebaseAuth.Builder<?> builder, FirebaseApp app, String tenantId) {
     TestResponseInterceptor interceptor = new TestResponseInterceptor();

From fe43bd04b7082d7da2faed8628edacef1d93e4bf Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Fri, 13 Aug 2021 14:16:15 -0400
Subject: [PATCH 096/354] [chore] Release 8.0.1 (#586)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 73f8e2786..489510588 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>8.0.0</version>
+    <version>8.0.1</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 9f57c9a262761ac116a4f316ea54a06f03be88ca Mon Sep 17 00:00:00 2001
From: Hiranya Jayathilaka <hiranya911@gmail.com>
Date: Wed, 25 Aug 2021 11:42:29 -0700
Subject: [PATCH 097/354] fix: Using AuthorizedHttpClient for updating rules
 during tests (#590)

---
 .../FirebaseDatabaseAuthTestIT.java           | 38 +++++-----
 .../database/integration/OrderByTestIT.java   |  5 +-
 .../database/integration/RulesClient.java     | 65 +++++++++++++++++
 .../database/integration/RulesTestIT.java     |  7 +-
 .../testing/IntegrationTestUtils.java         | 70 -------------------
 5 files changed, 87 insertions(+), 98 deletions(-)
 create mode 100644 src/test/java/com/google/firebase/database/integration/RulesClient.java

diff --git a/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseAuthTestIT.java b/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseAuthTestIT.java
index 58e313450..787e69ae3 100644
--- a/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseAuthTestIT.java
+++ b/src/test/java/com/google/firebase/database/integration/FirebaseDatabaseAuthTestIT.java
@@ -16,7 +16,6 @@
 
 package com.google.firebase.database.integration;
 
-import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
 import com.google.api.core.ApiFutureCallback;
@@ -33,8 +32,6 @@
 import com.google.firebase.database.TestHelpers;
 import com.google.firebase.database.ValueEventListener;
 import com.google.firebase.testing.IntegrationTestUtils;
-import com.google.firebase.testing.IntegrationTestUtils.AppHttpClient;
-import com.google.firebase.testing.IntegrationTestUtils.ResponseInfo;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestUtils;
 import java.io.IOException;
@@ -49,11 +46,11 @@
 import org.junit.Test;
 
 public class FirebaseDatabaseAuthTestIT {
-  
+
   private static FirebaseApp masterApp;
-  
+
   @BeforeClass
-  public static void setUpClass() throws IOException {    
+  public static void setUpClass() throws IOException {
     masterApp = IntegrationTestUtils.ensureDefaultApp();
     setDatabaseRules();
   }
@@ -74,7 +71,7 @@ public void testAuthWithValidCertificateCredential() throws InterruptedException
     assertWriteSucceeds(db.getReference());
     assertReadSucceeds(db.getReference());
   }
-  
+
   @Test
   public void testAuthWithInvalidCertificateCredential() throws InterruptedException, IOException {
     FirebaseOptions options =
@@ -87,7 +84,7 @@ public void testAuthWithInvalidCertificateCredential() throws InterruptedExcepti
     // TODO: Ideally, we would find a way to verify the correct log output.
     assertWriteTimeout(db.getReference());
   }
-  
+
   @Test
   public void testDatabaseAuthVariablesAuthorization() throws InterruptedException {
     Map<String, Object> authVariableOverrides = ImmutableMap.<String, Object>of(
@@ -110,7 +107,7 @@ public void testDatabaseAuthVariablesAuthorization() throws InterruptedException
     assertWriteSucceeds(testAuthOverridesDb.getReference("test-custom-field-only"));
     assertReadSucceeds(testAuthOverridesDb.getReference("test-custom-field-only"));
   }
-  
+
   @Test
   public void testDatabaseAuthVariablesNoAuthorization() throws InterruptedException {
     FirebaseOptions options = masterApp.getOptions().toBuilder()
@@ -128,25 +125,25 @@ public void testDatabaseAuthVariablesNoAuthorization() throws InterruptedExcepti
     assertReadFails(testAuthOverridesDb.getReference("test-uid-only"));
     assertWriteFails(testAuthOverridesDb.getReference("test-custom-field-only"));
     assertReadFails(testAuthOverridesDb.getReference("test-custom-field-only"));
-    assertWriteSucceeds(testAuthOverridesDb.getReference("test-noauth-only"));    
+    assertWriteSucceeds(testAuthOverridesDb.getReference("test-noauth-only"));
   }
-  
+
   private static void assertWriteSucceeds(DatabaseReference ref) throws InterruptedException {
     doWrite(ref, /*shouldSucceed=*/ true, /*shouldTimeout=*/ false);
   }
-  
+
   private static void assertWriteFails(DatabaseReference ref) throws InterruptedException {
     doWrite(ref, /*shouldSucceed=*/ false, /*shouldTimeout=*/ false);
   }
-  
+
   private static void assertWriteTimeout(DatabaseReference ref) throws InterruptedException {
     doWrite(ref, /*shouldSucceed=*/ false, /*shouldTimeout=*/ true);
   }
-  
+
   private static void assertReadSucceeds(DatabaseReference ref) throws InterruptedException {
     doRead(ref, /*shouldSucceed=*/ true, /*shouldTimeout=*/ false);
   }
-  
+
   private static void assertReadFails(DatabaseReference ref) throws InterruptedException {
     doRead(ref, /*shouldSucceed=*/ false, /*shouldTimeout=*/ false);
   }
@@ -180,7 +177,7 @@ public void onSuccess(Void result) {
       assertTrue("Write successful (expected to fail).", !success.get());
     }
   }
-  
+
   private static void doRead(
       DatabaseReference ref, final boolean shouldSucceed, final boolean shouldTimeout)
       throws InterruptedException {
@@ -211,9 +208,9 @@ public void onCancelled(DatabaseError databaseError) {
       assertTrue("Read successful (expected to fail).", !success.get());
     }
   }
-  
+
   private static void setDatabaseRules() throws IOException {
-    // TODO: Use more than uid in rule Set rules so the only allowed operation is writing to 
+    // TODO: Use more than uid in rule Set rules so the only allowed operation is writing to
     // /test-uid-only by user with uid 'test'.
     String rules =
         "{\n"
@@ -232,8 +229,7 @@ private static void setDatabaseRules() throws IOException {
             + "  }\n"
             + "}";
 
-    AppHttpClient client = new AppHttpClient();
-    ResponseInfo info = client.put("/.settings/rules.json", rules);
-    assertEquals(200, info.getStatus());
+    RulesClient client = new RulesClient();
+    client.updateRules(rules);
   }
 }
diff --git a/src/test/java/com/google/firebase/database/integration/OrderByTestIT.java b/src/test/java/com/google/firebase/database/integration/OrderByTestIT.java
index 2160406eb..416e56ca1 100644
--- a/src/test/java/com/google/firebase/database/integration/OrderByTestIT.java
+++ b/src/test/java/com/google/firebase/database/integration/OrderByTestIT.java
@@ -87,9 +87,8 @@ private static String formatRules(DatabaseReference ref, String rules) {
   }
 
   private static void uploadRules(FirebaseApp app, String rules) throws IOException {
-    IntegrationTestUtils.AppHttpClient client = new IntegrationTestUtils.AppHttpClient(app);
-    IntegrationTestUtils.ResponseInfo response = client.put("/.settings/rules.json", rules);
-    assertEquals(200, response.getStatus());
+    RulesClient client = new RulesClient(app);
+    client.updateRules(rules);
   }
 
   @Test
diff --git a/src/test/java/com/google/firebase/database/integration/RulesClient.java b/src/test/java/com/google/firebase/database/integration/RulesClient.java
new file mode 100644
index 000000000..2e88d3a82
--- /dev/null
+++ b/src/test/java/com/google/firebase/database/integration/RulesClient.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2021 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.database.integration;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.http.ByteArrayContent;
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.HttpResponse;
+import com.google.common.io.ByteStreams;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.internal.ApiClientUtils;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * A simple HTTP client wrapper for updating RTDB security rules.
+ */
+final class RulesClient {
+
+  private final String databaseUrl;
+  private final HttpRequestFactory requestFactory;
+
+  RulesClient() {
+    this(FirebaseApp.getInstance());
+  }
+
+  RulesClient(FirebaseApp app) {
+    this.databaseUrl = checkNotNull(app).getOptions().getDatabaseUrl();
+    this.requestFactory = ApiClientUtils.newAuthorizedRequestFactory(
+      app, /*retryConfig*/ null);
+  }
+
+  public void updateRules(String json) throws IOException {
+    String url = this.databaseUrl + "/.settings/rules.json";
+    HttpRequest request = requestFactory.buildPutRequest(
+        new GenericUrl(url),
+        ByteArrayContent.fromString("application/json", json));
+    HttpResponse response = request.execute();
+    try {
+      InputStream in = response.getContent();
+      if (in != null) {
+        ByteStreams.exhaust(in);
+      }
+    } finally {
+      ApiClientUtils.disconnectQuietly(response);
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/database/integration/RulesTestIT.java b/src/test/java/com/google/firebase/database/integration/RulesTestIT.java
index b46c1287f..b41e2993d 100644
--- a/src/test/java/com/google/firebase/database/integration/RulesTestIT.java
+++ b/src/test/java/com/google/firebase/database/integration/RulesTestIT.java
@@ -66,7 +66,7 @@ public class RulesTestIT {
       MapBuilder.of("rules", MapBuilder.of(".read", "auth != null", ".write", "auth != null"));
 
   private static final Map<String, Object> testRules;
-  
+
   static {
     testRules = new MapBuilder()
         .put("read_only", MapBuilder.of(".read", true))
@@ -137,9 +137,8 @@ public void checkAndCleanupApp() {
   }
 
   private static void uploadRules(String rules) throws IOException {
-    IntegrationTestUtils.AppHttpClient client = new IntegrationTestUtils.AppHttpClient(masterApp);
-    IntegrationTestUtils.ResponseInfo response = client.put("/.settings/rules.json", rules);
-    assertEquals(200, response.getStatus());
+    RulesClient client = new RulesClient(masterApp);
+    client.updateRules(rules);
   }
 
   @Test
diff --git a/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java b/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
index 1c0a24c11..fcfda7460 100644
--- a/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
+++ b/src/test/java/com/google/firebase/testing/IntegrationTestUtils.java
@@ -16,21 +16,12 @@
 
 package com.google.firebase.testing;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
-import com.google.api.client.http.ByteArrayContent;
-import com.google.api.client.http.GenericUrl;
-import com.google.api.client.http.HttpRequest;
-import com.google.api.client.http.HttpRequestFactory;
-import com.google.api.client.http.HttpResponse;
 import com.google.api.client.json.GenericJson;
 import com.google.cloud.firestore.FirestoreOptions;
 import com.google.common.collect.ImmutableList;
-import com.google.common.io.ByteStreams;
 import com.google.common.io.CharStreams;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
-import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.database.DatabaseReference;
 import com.google.firebase.database.FirebaseDatabase;
 import com.google.firebase.internal.ApiClientUtils;
@@ -148,65 +139,4 @@ public static List<DatabaseReference> getRandomNode(FirebaseApp app, int count)
     }
     return builder.build();
   }
-
-  public static class AppHttpClient {
-
-    private final FirebaseApp app;
-    private final FirebaseOptions options;
-    private final HttpRequestFactory requestFactory;
-
-    public AppHttpClient() {
-      this(FirebaseApp.getInstance());
-    }
-
-    public AppHttpClient(FirebaseApp app) {
-      this.app = checkNotNull(app);
-      this.options = app.getOptions();
-      this.requestFactory = this.options.getHttpTransport().createRequestFactory();
-    }
-
-    public ResponseInfo put(String path, String json) throws IOException {
-      String url = options.getDatabaseUrl() + path + "?access_token=" + getToken();
-      HttpRequest request = requestFactory.buildPutRequest(new GenericUrl(url),
-          ByteArrayContent.fromString("application/json", json));
-      HttpResponse response = null;
-      try {
-        response = request.execute();
-        return new ResponseInfo(response);
-      } finally {
-        if (response != null) {
-          response.disconnect();
-        }
-      }
-    }
-
-    private String getToken() {
-      // TODO: We should consider exposing getToken (or similar) publicly for the
-      // purpose of servers doing authenticated REST requests like this.
-      return TestOnlyImplFirebaseTrampolines.getToken(app, false);
-    }
-  }
-
-  public static class ResponseInfo {
-    private final int status;
-    private final byte[] payload;
-
-    private ResponseInfo(HttpResponse response) throws IOException {
-      this.status = response.getStatusCode();
-      InputStream in = response.getContent();
-      if (in != null) {
-        this.payload = ByteStreams.toByteArray(in);
-      } else {
-        this.payload = new byte[0];
-      }
-    }
-
-    public int getStatus() {
-      return status;
-    }
-
-    public byte[] getPayload() {
-      return payload;
-    }
-  }
 }

From c9ff22313c32543ddeb81bb32dffd7c86fb94032 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Aug 2021 13:49:29 -0700
Subject: [PATCH 098/354] chore(deps): bump netty.version from 4.1.66.Final to
 4.1.67.Final (#588)

Bumps `netty.version` from 4.1.66.Final to 4.1.67.Final.

Updates `netty-codec-http` from 4.1.66.Final to 4.1.67.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.66.Final...netty-4.1.67.Final)

Updates `netty-handler` from 4.1.66.Final to 4.1.67.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.66.Final...netty-4.1.67.Final)

Updates `netty-transport` from 4.1.66.Final to 4.1.67.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.66.Final...netty-4.1.67.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 489510588..340b59ada 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.66.Final</netty.version>
+        <netty.version>4.1.67.Final</netty.version>
     </properties>
 
     <scm>

From ec4b5cdcf74f979d6cc5ccd1fd87cf78f0b10ccb Mon Sep 17 00:00:00 2001
From: Alexey Markevich <buhhunyx@gmail.com>
Date: Tue, 31 Aug 2021 20:03:42 +0000
Subject: [PATCH 099/354] fix: FirebaseOptions: move default initialization
 from Builder (#592)

* FirebaseOptions: move default initialization from Builder

* Do a checkNotNull() in the corresponding setter methods
---
 .../com/google/firebase/FirebaseOptions.java  | 27 ++++++++++---------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/src/main/java/com/google/firebase/FirebaseOptions.java b/src/main/java/com/google/firebase/FirebaseOptions.java
index 836f701e9..8e7a29ccb 100644
--- a/src/main/java/com/google/firebase/FirebaseOptions.java
+++ b/src/main/java/com/google/firebase/FirebaseOptions.java
@@ -102,12 +102,12 @@ private FirebaseOptions(@NonNull final FirebaseOptions.Builder builder) {
       this.serviceAccountId = null;
     }
     this.storageBucket = builder.storageBucket;
-    this.httpTransport = checkNotNull(builder.httpTransport,
-        "FirebaseOptions must be initialized with a non-null HttpTransport.");
-    this.jsonFactory = checkNotNull(builder.jsonFactory,
-        "FirebaseOptions must be initialized with a non-null JsonFactory.");
-    this.threadManager = checkNotNull(builder.threadManager,
-        "FirebaseOptions must be initialized with a non-null ThreadManager.");
+    this.httpTransport = builder.httpTransport != null ? builder.httpTransport
+      : ApiClientUtils.getDefaultTransport();
+    this.jsonFactory = builder.jsonFactory != null ? builder.jsonFactory
+      : ApiClientUtils.getDefaultJsonFactory();
+    this.threadManager = builder.threadManager != null ? builder.threadManager
+      : FirebaseThreadManagers.DEFAULT_THREAD_MANAGER;
     checkArgument(builder.connectTimeout >= 0);
     this.connectTimeout = builder.connectTimeout;
     checkArgument(builder.readTimeout >= 0);
@@ -255,9 +255,9 @@ public static final class Builder {
     private String serviceAccountId;
     private Supplier<GoogleCredentials> credentialsSupplier;
     private FirestoreOptions firestoreOptions;
-    private HttpTransport httpTransport = ApiClientUtils.getDefaultTransport();
-    private JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
-    private ThreadManager threadManager = FirebaseThreadManagers.DEFAULT_THREAD_MANAGER;
+    private HttpTransport httpTransport;
+    private JsonFactory jsonFactory;
+    private ThreadManager threadManager;
     private int connectTimeout;
     private int readTimeout;
 
@@ -421,7 +421,8 @@ public Builder setServiceAccountId(@NonNull String serviceAccountId) {
      * @return This <code>Builder</code> instance is returned so subsequent calls can be chained.
      */
     public Builder setHttpTransport(HttpTransport httpTransport) {
-      this.httpTransport = httpTransport;
+      this.httpTransport = checkNotNull(httpTransport,
+          "FirebaseOptions must be initialized with a non-null HttpTransport.");
       return this;
     }
 
@@ -433,7 +434,8 @@ public Builder setHttpTransport(HttpTransport httpTransport) {
      * @return This <code>Builder</code> instance is returned so subsequent calls can be chained.
      */
     public Builder setJsonFactory(JsonFactory jsonFactory) {
-      this.jsonFactory = jsonFactory;
+      this.jsonFactory = checkNotNull(jsonFactory,
+            "FirebaseOptions must be initialized with a non-null JsonFactory.");
       return this;
     }
 
@@ -445,7 +447,8 @@ public Builder setJsonFactory(JsonFactory jsonFactory) {
      * @return This <code>Builder</code> instance is returned so subsequent calls can be chained.
      */
     public Builder setThreadManager(ThreadManager threadManager) {
-      this.threadManager = threadManager;
+      this.threadManager = checkNotNull(threadManager,
+            "FirebaseOptions must be initialized with a non-null ThreadManager.");
       return this;
     }
 

From 18826db4fb8e239abad4f2ddaaccd416d3ca20be Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 22 Sep 2021 12:49:04 -0400
Subject: [PATCH 100/354] feat(rc): Add Remote Config Parameter Value Type
 support (#591)

* feat(rc): Add Remote Config Parameter Value Type support

* Update integration tests
---
 .../firebase/remoteconfig/Parameter.java      | 35 ++++++++++++++++--
 .../remoteconfig/ParameterValueType.java      | 37 +++++++++++++++++++
 .../internal/TemplateResponse.java            | 12 ++++++
 .../FirebaseRemoteConfigClientImplTest.java   |  5 ++-
 .../remoteconfig/FirebaseRemoteConfigIT.java  |  9 +++--
 .../firebase/remoteconfig/ParameterTest.java  | 16 ++++++++
 .../firebase/remoteconfig/TemplateTest.java   | 11 ++++--
 src/test/resources/getRemoteConfig.json       |  9 +++--
 8 files changed, 120 insertions(+), 14 deletions(-)
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ParameterValueType.java

diff --git a/src/main/java/com/google/firebase/remoteconfig/Parameter.java b/src/main/java/com/google/firebase/remoteconfig/Parameter.java
index d61816b43..0b1ee6e9f 100644
--- a/src/main/java/com/google/firebase/remoteconfig/Parameter.java
+++ b/src/main/java/com/google/firebase/remoteconfig/Parameter.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import com.google.common.base.Strings;
 import com.google.firebase.internal.NonNull;
 import com.google.firebase.internal.Nullable;
 import com.google.firebase.remoteconfig.internal.TemplateResponse.ParameterResponse;
@@ -37,6 +38,7 @@ public final class Parameter {
   private ParameterValue defaultValue;
   private String description;
   private Map<String, ParameterValue> conditionalValues;
+  private ParameterValueType valueType;
 
   /**
    * Creates a new {@link Parameter}.
@@ -59,6 +61,9 @@ public Parameter() {
     this.defaultValue = (responseDefaultValue == null) ? null
             : ParameterValue.fromParameterValueResponse(responseDefaultValue);
     this.description = parameterResponse.getDescription();
+    if (!Strings.isNullOrEmpty(parameterResponse.getValueType())) {
+      this.valueType = ParameterValueType.valueOf(parameterResponse.getValueType());
+    }
   }
 
   /**
@@ -93,6 +98,16 @@ public Map<String, ParameterValue> getConditionalValues() {
     return conditionalValues;
   }
 
+  /**
+   * Gets the data type of the parameter value.
+   *
+   * @return The data type of the parameter value or null.
+   */
+  @Nullable
+  public ParameterValueType getValueType() {
+    return valueType;
+  }
+
   /**
    * Sets the default value of the parameter.
    * This is the value to set the parameter to, when none of the named conditions
@@ -133,6 +148,18 @@ public Parameter setConditionalValues(
     return this;
   }
 
+  /**
+   * Sets the data type of the parameter value.
+   * Defaults to `ParameterValueType.STRING` if unspecified.
+   *
+   * @param valueType The data type of the parameter value.
+   * @return This {@link Parameter}.
+   */
+  public Parameter setValueType(@Nullable ParameterValueType valueType) {
+    this.valueType = valueType;
+    return this;
+  }
+
   ParameterResponse toParameterResponse() {
     Map<String, ParameterValueResponse> conditionalResponseValues = new HashMap<>();
     for (Map.Entry<String, ParameterValue> entry : conditionalValues.entrySet()) {
@@ -143,7 +170,8 @@ ParameterResponse toParameterResponse() {
     return new ParameterResponse()
             .setDefaultValue(defaultValueResponse)
             .setDescription(description)
-            .setConditionalValues(conditionalResponseValues);
+            .setConditionalValues(conditionalResponseValues)
+            .setValueType(this.valueType == null ? null : this.valueType.getValueType());
   }
 
   @Override
@@ -157,11 +185,12 @@ public boolean equals(Object o) {
     Parameter parameter = (Parameter) o;
     return Objects.equals(defaultValue, parameter.defaultValue)
             && Objects.equals(description, parameter.description)
-            && Objects.equals(conditionalValues, parameter.conditionalValues);
+            && Objects.equals(conditionalValues, parameter.conditionalValues)
+            && Objects.equals(valueType, parameter.valueType);
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(defaultValue, description, conditionalValues);
+    return Objects.hash(defaultValue, description, conditionalValues, valueType);
   }
 }
diff --git a/src/main/java/com/google/firebase/remoteconfig/ParameterValueType.java b/src/main/java/com/google/firebase/remoteconfig/ParameterValueType.java
new file mode 100644
index 000000000..e9957cb77
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ParameterValueType.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+/**
+ * Data types that are associated with parameter values.
+ */
+public enum ParameterValueType {
+  STRING("STRING"),
+  BOOLEAN("BOOLEAN"),
+  NUMBER("NUMBER"),
+  JSON("JSON");
+
+  private final String valueType;
+
+  ParameterValueType(String valueType) {
+    this.valueType = valueType;
+  }
+
+  public String getValueType() {
+    return valueType;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/internal/TemplateResponse.java b/src/main/java/com/google/firebase/remoteconfig/internal/TemplateResponse.java
index 09e71ef84..57a066bf2 100644
--- a/src/main/java/com/google/firebase/remoteconfig/internal/TemplateResponse.java
+++ b/src/main/java/com/google/firebase/remoteconfig/internal/TemplateResponse.java
@@ -107,6 +107,9 @@ public static final class ParameterResponse {
     @Key("conditionalValues")
     private Map<String, ParameterValueResponse> conditionalValues;
 
+    @Key("valueType")
+    private String valueType;
+
     public ParameterValueResponse getDefaultValue() {
       return defaultValue;
     }
@@ -119,6 +122,10 @@ public Map<String, ParameterValueResponse> getConditionalValues() {
       return conditionalValues;
     }
 
+    public String getValueType() {
+      return valueType;
+    }
+
     public ParameterResponse setDefaultValue(
             ParameterValueResponse defaultValue) {
       this.defaultValue = defaultValue;
@@ -135,6 +142,11 @@ public ParameterResponse setConditionalValues(
       this.conditionalValues = conditionalValues;
       return this;
     }
+
+    public ParameterResponse setValueType(String valueType) {
+      this.valueType = valueType;
+      return this;
+    }
   }
 
   /**
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
index 71e6f81ec..f2d5c8126 100644
--- a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
@@ -85,9 +85,11 @@ public class FirebaseRemoteConfigClientImplTest {
                   .setConditionalValues(ImmutableMap.<String, ParameterValue>of(
                           "ios_en", ParameterValue.of("welcome to app en")
                   ))
-                  .setDescription("text for welcome message!"),
+                  .setDescription("text for welcome message!")
+                  .setValueType(ParameterValueType.STRING),
           "header_text", new Parameter()
                   .setDefaultValue(ParameterValue.inAppDefault())
+                  .setValueType(ParameterValueType.STRING)
   );
 
   private static final Map<String, ParameterGroup> EXPECTED_PARAMETER_GROUPS = ImmutableMap.of(
@@ -97,6 +99,7 @@ public class FirebaseRemoteConfigClientImplTest {
                           "pumpkin_spice_season", new Parameter()
                                   .setDefaultValue(ParameterValue.of("true"))
                                   .setDescription("Whether it's currently pumpkin spice season.")
+                                  .setValueType(ParameterValueType.BOOLEAN)
                           )
                   )
   );
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
index bb90c6cb9..07a3c6c11 100644
--- a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigIT.java
@@ -249,9 +249,11 @@ private Map<String, Parameter> getParameters() {
                             "ios_en",
                             ParameterValue.of(String.format("welcome to app en %s", timestamp))
                     ))
-                    .setDescription("text for welcome message!"),
+                    .setDescription("text for welcome message!")
+                    .setValueType(ParameterValueType.STRING),
             "header_text", new Parameter()
-                    .setDefaultValue(ParameterValue.inAppDefault()));
+                    .setDefaultValue(ParameterValue.inAppDefault())
+                    .setValueType(ParameterValueType.STRING));
   }
 
   private Map<String, ParameterGroup> getParameterGroups() {
@@ -262,7 +264,8 @@ private Map<String, ParameterGroup> getParameterGroups() {
                     .setParameters(ImmutableMap.of(
                             "pumpkin_spice_season", new Parameter()
                                     .setDefaultValue(ParameterValue.of("true"))
-                                    .setDescription("Whether it's currently pumpkin spice season."))
+                                    .setDescription("Whether it's currently pumpkin spice season.")
+                                    .setValueType(ParameterValueType.STRING))
                     ));
   }
 
diff --git a/src/test/java/com/google/firebase/remoteconfig/ParameterTest.java b/src/test/java/com/google/firebase/remoteconfig/ParameterTest.java
index 952ea8b82..7fc6ee555 100644
--- a/src/test/java/com/google/firebase/remoteconfig/ParameterTest.java
+++ b/src/test/java/com/google/firebase/remoteconfig/ParameterTest.java
@@ -38,6 +38,7 @@ public void testConstructor() {
     assertTrue(parameter.getConditionalValues().isEmpty());
     assertNull(parameter.getDefaultValue());
     assertNull(parameter.getDescription());
+    assertNull(parameter.getValueType());
   }
 
   @Test(expected = NullPointerException.class)
@@ -84,8 +85,23 @@ public void testEquality() {
             .setConditionalValues(conditionalValues);
 
     assertEquals(parameterFive, parameterSix);
+
+    final Parameter parameterSeven = new Parameter()
+            .setDefaultValue(ParameterValue.inAppDefault())
+            .setDescription("greeting text")
+            .setConditionalValues(conditionalValues)
+            .setValueType(ParameterValueType.STRING);
+    final Parameter parameterEight = new Parameter()
+            .setDefaultValue(ParameterValue.inAppDefault())
+            .setDescription("greeting text")
+            .setConditionalValues(conditionalValues)
+            .setValueType(ParameterValueType.STRING);
+
+    assertEquals(parameterSeven, parameterEight);
     assertNotEquals(parameterOne, parameterThree);
     assertNotEquals(parameterOne, parameterFive);
+    assertNotEquals(parameterOne, parameterSeven);
     assertNotEquals(parameterThree, parameterFive);
+    assertNotEquals(parameterThree, parameterSeven);
   }
 }
diff --git a/src/test/java/com/google/firebase/remoteconfig/TemplateTest.java b/src/test/java/com/google/firebase/remoteconfig/TemplateTest.java
index ad4d48f87..a3ea3e878 100644
--- a/src/test/java/com/google/firebase/remoteconfig/TemplateTest.java
+++ b/src/test/java/com/google/firebase/remoteconfig/TemplateTest.java
@@ -49,7 +49,8 @@ public class TemplateTest {
           "greeting_header", new Parameter()
                   .setDefaultValue(ParameterValue.inAppDefault())
                   .setDescription("greeting header text")
-                  .setConditionalValues(CONDITIONAL_VALUES),
+                  .setConditionalValues(CONDITIONAL_VALUES)
+                  .setValueType(ParameterValueType.STRING),
           "greeting_text", new Parameter()
                   .setDefaultValue(ParameterValue.inAppDefault())
                   .setDescription("greeting text")
@@ -274,15 +275,17 @@ public void testToJSONWithEmptyTemplate() {
   public void testToJSONWithParameterValues() {
     Template t = new Template();
     t.getParameters()
-            .put("with_value", new Parameter().setDefaultValue(ParameterValue.of("hello")));
+            .put("with_value", new Parameter().setDefaultValue(ParameterValue.of("hello"))
+                    .setValueType(ParameterValueType.NUMBER));
     t.getParameters()
             .put("with_inApp", new Parameter().setDefaultValue(ParameterValue.inAppDefault()));
     String jsonString = t.toJSON();
 
     assertEquals("{\"conditions\":[],\"parameterGroups\":{},"
             + "\"parameters\":{\"with_value\":{\"conditionalValues\":{},"
-            + "\"defaultValue\":{\"value\":\"hello\"}},\"with_inApp\":{\"conditionalValues\":{},"
-            + "\"defaultValue\":{\"useInAppDefault\":true}}}}", jsonString);
+            + "\"defaultValue\":{\"value\":\"hello\"},\"valueType\":\"NUMBER\"},\"with_inApp\":{"
+            + "\"conditionalValues\":{},\"defaultValue\":{\"useInAppDefault\":true}"
+            + "}}}", jsonString);
   }
 
   @Test
diff --git a/src/test/resources/getRemoteConfig.json b/src/test/resources/getRemoteConfig.json
index a4969f0d1..a80caa07d 100644
--- a/src/test/resources/getRemoteConfig.json
+++ b/src/test/resources/getRemoteConfig.json
@@ -20,12 +20,14 @@
           "value": "welcome to app en"
         }
       },
-      "description": "text for welcome message!"
+      "description": "text for welcome message!",
+      "valueType": "STRING"
     },
     "header_text": {
       "defaultValue": {
         "useInAppDefault": true
-      }
+      },
+      "valueType": "STRING"
     }
   },
   "parameterGroups": {
@@ -36,7 +38,8 @@
           "defaultValue": {
             "value": "true"
           },
-          "description": "Whether it's currently pumpkin spice season."
+          "description": "Whether it's currently pumpkin spice season.",
+          "valueType": "BOOLEAN"
         }
       }
     }

From 89ac0d055222ef7a14a9b946f783f085db906d9e Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 22 Sep 2021 17:27:22 -0400
Subject: [PATCH 101/354] Update custom Doclet configuration for javadoc (#587)

* Update custom Doclet configuration for javadoc

From version 3.0 and up `javadoc` has updated parameter names used in custom Doclet configurations, which affects our internal devsite scripts.
This PR updates the config to use the new parameters names.

* Update other param instances

* remove java 8 exception

* Add -Xdoclint:none option

* Added <doclint>none</doclint>
---
 pom.xml | 38 +++++++++++++++-----------------------
 1 file changed, 15 insertions(+), 23 deletions(-)

diff --git a/pom.xml b/pom.xml
index 340b59ada..d9003bdd3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,16 +77,6 @@
     </distributionManagement>
 
     <profiles>
-        <profile>
-            <!-- Disable Doclint on Java 8 and higher -->
-            <id>disable-java8-doclint</id>
-            <activation>
-                <jdk>[1.8,)</jdk>
-            </activation>
-            <properties>
-                <additionalparam>-Xdoclint:none</additionalparam>
-            </properties>
-        </profile>
         <profile>
             <id>devsite-apidocs</id>
             <activation>
@@ -123,18 +113,19 @@
                                     <version>1.3</version>
                                 </additionalDependency>
                             </additionalDependencies>
-                            <additionalparam>
-                                -hdf book.path /docs/reference/_book.yaml
-                                -hdf project.path /_project.yaml
-                                -hdf devsite.path /docs/reference/admin/java/reference/
-                                -d ${project.build.directory}/apidocs
-                                -templatedir ${devsite.template}
-                                -toroot /docs/reference/admin/java/reference/
-                                -yaml _toc.yaml
-                                -warning 101
-                            </additionalparam>
+                            <additionalOptions>
+                                <additionalOption>-hdf book.path /docs/reference/_book.yaml</additionalOption>
+                                <additionalOption>-hdf project.path /_project.yaml</additionalOption>
+                                <additionalOption>-hdf devsite.path /docs/reference/admin/java/reference/</additionalOption>
+                                <additionalOption>-d ${project.build.directory}/apidocs</additionalOption>
+                                <additionalOption>-templatedir ${devsite.template}</additionalOption>
+                                <additionalOption>-toroot /docs/reference/admin/java/reference/</additionalOption>
+                                <additionalOption>-yaml _toc.yaml</additionalOption>
+                                <additionalOption>-warning 101</additionalOption>
+                            </additionalOptions>
                             <useStandardDocletOptions>false</useStandardDocletOptions>
                             <additionalJOption>-J-Xmx1024m</additionalJOption>
+                            <doclint>none</doclint>
                         </configuration>
                     </plugin>
                     <plugin>
@@ -334,11 +325,12 @@
                             <version>1.3</version>
                         </additionalDependency>
                     </additionalDependencies>
-                    <additionalparam>
-                        -warning 101
-                    </additionalparam>
+                    <additionalOptions>
+                        <additionalOption>-warning 101</additionalOption>
+                    </additionalOptions>
                     <useStandardDocletOptions>false</useStandardDocletOptions>
                     <additionalJOption>-J-Xmx1024m</additionalJOption>
+                    <doclint>none</doclint>
                 </configuration>
             </plugin>
 

From e86c80e689990c02c5ac5c0cd3ac372fdbaf091f Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 23 Sep 2021 16:50:48 -0400
Subject: [PATCH 102/354] [chore] Release 8.1.0 (#599)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d9003bdd3..cef39e156 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>8.0.1</version>
+    <version>8.1.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From f86f6519207b2dccc4cf1c336e7a0702ec4af4cc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Oct 2021 09:59:01 -0700
Subject: [PATCH 103/354] chore(deps): bump netty.version from 4.1.67.Final to
 4.1.68.Final (#595)

Bumps `netty.version` from 4.1.67.Final to 4.1.68.Final.

Updates `netty-codec-http` from 4.1.67.Final to 4.1.68.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.67.Final...netty-4.1.68.Final)

Updates `netty-handler` from 4.1.67.Final to 4.1.68.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.67.Final...netty-4.1.68.Final)

Updates `netty-transport` from 4.1.67.Final to 4.1.68.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.67.Final...netty-4.1.68.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index cef39e156..30d4f6028 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.67.Final</netty.version>
+        <netty.version>4.1.68.Final</netty.version>
     </properties>
 
     <scm>

From f6a4bc3c0941b1f80d5cc1f5393cdc878d6996ac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Dec 2021 16:16:12 -0500
Subject: [PATCH 104/354] chore(deps): bump netty.version from 4.1.68.Final to
 4.1.72.Final (#613)

Bumps `netty.version` from 4.1.68.Final to 4.1.72.Final.

Updates `netty-codec-http` from 4.1.68.Final to 4.1.72.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.68.Final...netty-4.1.72.Final)

Updates `netty-handler` from 4.1.68.Final to 4.1.72.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.68.Final...netty-4.1.72.Final)

Updates `netty-transport` from 4.1.68.Final to 4.1.72.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.68.Final...netty-4.1.72.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 30d4f6028..20afec1fa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.68.Final</netty.version>
+        <netty.version>4.1.72.Final</netty.version>
     </properties>
 
     <scm>

From ede3b41a74903e36167dfc1b396b8da04c076e16 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 16 Dec 2021 16:16:44 -0500
Subject: [PATCH 105/354] Update issue templates (#617)

* Update issue templates

* update content
---
 .../ISSUE_TEMPLATE/bug_report.md              | 14 +++++++++++++
 .github/ISSUE_TEMPLATE/feature_request.md     | 20 +++++++++++++++++++
 2 files changed, 34 insertions(+)
 rename ISSUE_TEMPLATE.md => .github/ISSUE_TEMPLATE/bug_report.md (76%)
 create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md

diff --git a/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE/bug_report.md
similarity index 76%
rename from ISSUE_TEMPLATE.md
rename to .github/ISSUE_TEMPLATE/bug_report.md
index 5de83b2cc..f7124c050 100644
--- a/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,3 +1,17 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+---
+**Thank you for submitting your issue. We are operating at reduced capacity from Dec 17 2021 to Jan 4 2022. Please expect delayed responses. For more urgent requests please reach us via our support channels https://firebase.google.com/support**
+
+---
+
 ### [READ] Step 1: Are you in the right place?
 
   * For issues or feature requests related to __the code in this repository__
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 000000000..3408a0aa1
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: '[FR]'
+labels: 'type: feature request'
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

From 1c9429487945bf85f940b4352639fd78e7e698fc Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 16 Dec 2021 16:26:25 -0500
Subject: [PATCH 106/354] Fix the delayed response message

Removing the table from markdown
---
 .github/ISSUE_TEMPLATE/bug_report.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index f7124c050..d5792111b 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,11 +7,8 @@ assignees: ''
 
 ---
 
----
 **Thank you for submitting your issue. We are operating at reduced capacity from Dec 17 2021 to Jan 4 2022. Please expect delayed responses. For more urgent requests please reach us via our support channels https://firebase.google.com/support**
 
----
-
 ### [READ] Step 1: Are you in the right place?
 
   * For issues or feature requests related to __the code in this repository__

From 53b9380c2eec94f1fed704dd0ae8a8bcb097ebb2 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 5 Jan 2022 14:42:08 -0500
Subject: [PATCH 107/354] Remove delayed response message for holidays (#621)

Remove delayed response message for holidays
---
 .github/ISSUE_TEMPLATE/bug_report.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index d5792111b..36eea6edb 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,8 +7,6 @@ assignees: ''
 
 ---
 
-**Thank you for submitting your issue. We are operating at reduced capacity from Dec 17 2021 to Jan 4 2022. Please expect delayed responses. For more urgent requests please reach us via our support channels https://firebase.google.com/support**
-
 ### [READ] Step 1: Are you in the right place?
 
   * For issues or feature requests related to __the code in this repository__

From a71942ce8ddfaf7d1c769aea378d426b9fed9533 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Jan 2022 17:15:38 -0500
Subject: [PATCH 108/354] chore(deps): bump maven-javadoc-plugin from 3.3.0 to
 3.3.1 (#596)

Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.3.0...maven-javadoc-plugin-3.3.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 20afec1fa..539f3efed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.3.0</version>
+                        <version>3.3.1</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.3.0</version>
+                <version>3.3.1</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 21533c5d4828a7cf1fd559f1322a67260c164d2a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Jan 2022 18:03:41 -0500
Subject: [PATCH 109/354] chore(deps): bump google-api-client-bom from 1.32.1
 to 1.33.0 (#623)

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 1.32.1 to 1.33.0.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.32.1...v1.33.0)

---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 539f3efed..b967ee665 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.32.1</version>
+                <version>1.33.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 23321cf17c568184b78f1371ee4cc9860b9e4296 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Jan 2022 13:15:49 -0500
Subject: [PATCH 110/354] chore(deps): bump slf4j-api from 1.7.32 to 1.7.33
 (#626)

Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.32 to 1.7.33.
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](https://github.com/qos-ch/slf4j/compare/v_1.7.32...v_1.7.33)

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b967ee665..014d8c738 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.32</version>
+            <version>1.7.33</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From 8506ebbf91792ccaa67cf4eea69f529bf65867ff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 31 Jan 2022 18:53:12 -0500
Subject: [PATCH 111/354] chore(deps): bump google-api-client-bom from 1.33.0
 to 1.33.1 (#632)

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 1.33.0 to 1.33.1.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.33.0...v1.33.1)

---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 014d8c738..f13af91ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.33.0</version>
+                <version>1.33.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 8cadc0d48d5ce024dfaf8deedf06fbbc5633a6ce Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 10 Feb 2022 14:57:51 -0500
Subject: [PATCH 112/354] chore(deps): bump slf4j-api from 1.7.33 to 1.7.35
 (#635)

Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.33 to 1.7.35.
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](https://github.com/qos-ch/slf4j/compare/v_1.7.33...v_1.7.35)

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f13af91ce..1eff55489 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.33</version>
+            <version>1.7.35</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From 0a17730035b3eaf937cc0c7fca87e491006f032a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 10 Feb 2022 15:01:32 -0500
Subject: [PATCH 113/354] chore(deps): bump netty.version from 4.1.72.Final to
 4.1.74.Final (#638)

Bumps `netty.version` from 4.1.72.Final to 4.1.74.Final.

Updates `netty-codec-http` from 4.1.72.Final to 4.1.74.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.72.Final...netty-4.1.74.Final)

Updates `netty-handler` from 4.1.72.Final to 4.1.74.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.72.Final...netty-4.1.74.Final)

Updates `netty-transport` from 4.1.72.Final to 4.1.74.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.72.Final...netty-4.1.74.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1eff55489..8bf295f47 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.72.Final</netty.version>
+        <netty.version>4.1.74.Final</netty.version>
     </properties>
 
     <scm>

From c213726b6bb63c208c102583c1ddeea773bda15f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 10 Feb 2022 15:14:48 -0500
Subject: [PATCH 114/354] chore(deps): bump slf4j-api from 1.7.35 to 1.7.36
 (#640)

Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.35 to 1.7.36.
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](https://github.com/qos-ch/slf4j/compare/v_1.7.35...v_1.7.36)

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8bf295f47..516821b64 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.35</version>
+            <version>1.7.36</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From 72bfe0b209bdf17234df58b216769d99abe60e09 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Apr 2022 12:46:21 -0400
Subject: [PATCH 115/354] chore(deps): bump google-api-client-bom from 1.33.1
 to 1.33.4 (#653)

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 1.33.1 to 1.33.4.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.33.1...v1.33.4)

---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 516821b64..a383d855f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.33.1</version>
+                <version>1.33.4</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From bc99272e27e6a26ceca0e60f23d009d5ce0ff5d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Apr 2022 12:57:37 -0400
Subject: [PATCH 116/354] chore(deps): bump maven-project-info-reports-plugin
 from 3.1.2 to 3.2.2 (#656)

Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.1.2 to 3.2.2.
- [Release notes](https://github.com/apache/maven-project-info-reports-plugin/releases)
- [Commits](https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.1.2...maven-project-info-reports-plugin-3.2.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-project-info-reports-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a383d855f..8d752573e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -367,7 +367,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.1.2</version>
+                <version>3.2.2</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From fad6471243e9f39be00352849d47150a49b51214 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Apr 2022 13:03:38 -0400
Subject: [PATCH 117/354] chore(deps): bump netty.version from 4.1.74.Final to
 4.1.75.Final (#657)

Bumps `netty.version` from 4.1.74.Final to 4.1.75.Final.

Updates `netty-codec-http` from 4.1.74.Final to 4.1.75.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.74.Final...netty-4.1.75.Final)

Updates `netty-handler` from 4.1.74.Final to 4.1.75.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.74.Final...netty-4.1.75.Final)

Updates `netty-transport` from 4.1.74.Final to 4.1.75.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.74.Final...netty-4.1.75.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8d752573e..54909dab1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.74.Final</netty.version>
+        <netty.version>4.1.75.Final</netty.version>
     </properties>
 
     <scm>

From 8168b17944ad281fdc18d3d42a8065b1407ac0e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Apr 2022 14:18:30 -0400
Subject: [PATCH 118/354] chore(deps): bump jacoco-maven-plugin from 0.8.7 to
 0.8.8 (#658)

Bumps [jacoco-maven-plugin](https://github.com/jacoco/jacoco) from 0.8.7 to 0.8.8.
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](https://github.com/jacoco/jacoco/compare/v0.8.7...v0.8.8)

---
updated-dependencies:
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 54909dab1..ea826866d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -189,7 +189,7 @@
                     <plugin>
                         <groupId>org.jacoco</groupId>
                         <artifactId>jacoco-maven-plugin</artifactId>
-                        <version>0.8.7</version>
+                        <version>0.8.8</version>
                         <executions>
                             <execution>
                                 <id>pre-unit-test</id>

From 33b903305ff3f61de49dfd73665dd8eca9372e59 Mon Sep 17 00:00:00 2001
From: ssbushi <66321939+ssbushi@users.noreply.github.com>
Date: Mon, 25 Apr 2022 09:51:40 -0400
Subject: [PATCH 119/354] Add Argon2 Hashing Algorithm support (#637)

* Add Argon2

* More checks for associatedData

* Use String for associated data, add another test

* Removed default handling for Version in Argon2

* lint fix

* more tests

* Address comments. Use consts for param limits

* Add javadoc for the Builder methods

* Fix the mapping for Argon2. All parameters must be inside the `argon2Parameters` field
---
 .../com/google/firebase/auth/hash/Argon2.java | 217 ++++++++++++++++++
 .../firebase/auth/UserImportHashTest.java     |  99 ++++++++
 .../firebase/auth/hash/InvalidHashTest.java   |  68 ++++++
 3 files changed, 384 insertions(+)
 create mode 100644 src/main/java/com/google/firebase/auth/hash/Argon2.java

diff --git a/src/main/java/com/google/firebase/auth/hash/Argon2.java b/src/main/java/com/google/firebase/auth/hash/Argon2.java
new file mode 100644
index 000000000..8edcf11b7
--- /dev/null
+++ b/src/main/java/com/google/firebase/auth/hash/Argon2.java
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2022 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.hash;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.io.BaseEncoding;
+import com.google.firebase.auth.UserImportHash;
+import java.util.Map;
+
+/**
+ * Represents the Argon2 password hashing algorithm. Can be used as an instance of {@link
+ * com.google.firebase.auth.UserImportHash} when importing users.
+ */
+public final class Argon2 extends UserImportHash {
+
+  private static final int MIN_HASH_LENGTH_BYTES = 4;
+  private static final int MAX_HASH_LENGTH_BYTES = 1024;
+  private static final int MIN_PARALLELISM = 1;
+  private static final int MAX_PARALLELISM = 16;
+  private static final int MIN_ITERATIONS = 1;
+  private static final int MAX_ITERATIONS = 16;
+  private static final int MIN_MEMORY_COST_KIB = 1;
+  private static final int MAX_MEMORY_COST_KIB = 32768;
+
+  private final int hashLengthBytes;
+  private final Argon2HashType hashType;
+  private final int parallelism;
+  private final int iterations;
+  private final int memoryCostKib;
+  private final Argon2Version version;
+  private final String associatedData;
+
+  private Argon2(Builder builder) {
+    super("ARGON2");
+    checkArgument(intShouldBeBetweenLimitsInclusive(builder.hashLengthBytes, MIN_HASH_LENGTH_BYTES,
+            MAX_HASH_LENGTH_BYTES),
+        "hashLengthBytes is required for Argon2 and must be between %s and %s",
+        MIN_HASH_LENGTH_BYTES, MAX_HASH_LENGTH_BYTES);
+    checkArgument(builder.hashType != null,
+        "A hashType is required for Argon2");
+    checkArgument(
+        intShouldBeBetweenLimitsInclusive(builder.parallelism, MIN_PARALLELISM, MAX_PARALLELISM),
+        "parallelism is required for Argon2 and must be between %s and %s", MIN_PARALLELISM,
+        MAX_PARALLELISM);
+    checkArgument(
+        intShouldBeBetweenLimitsInclusive(builder.iterations, MIN_ITERATIONS, MAX_ITERATIONS),
+        "iterations is required for Argon2 and must be between %s and %s", MIN_ITERATIONS,
+        MAX_ITERATIONS);
+    checkArgument(intShouldBeBetweenLimitsInclusive(builder.memoryCostKib, MIN_MEMORY_COST_KIB,
+            MAX_MEMORY_COST_KIB),
+        "memoryCostKib is required for Argon2 and must be less than or equal to %s",
+        MAX_MEMORY_COST_KIB);
+    this.hashLengthBytes = builder.hashLengthBytes;
+    this.hashType = builder.hashType;
+    this.parallelism = builder.parallelism;
+    this.iterations = builder.iterations;
+    this.memoryCostKib = builder.memoryCostKib;
+    if (builder.version != null) {
+      this.version = builder.version;
+    } else {
+      this.version = null;
+    }
+    if (builder.associatedData != null) {
+      this.associatedData = BaseEncoding.base64Url().encode(builder.associatedData);
+    } else {
+      this.associatedData = null;
+    }
+  }
+
+  private static boolean intShouldBeBetweenLimitsInclusive(int property, int fromInclusive,
+      int toInclusive) {
+    return property >= fromInclusive && property <= toInclusive;
+  }
+
+  @Override
+  protected Map<String, Object> getOptions() {
+    ImmutableMap.Builder<String, Object> argon2Parameters = ImmutableMap.<String, Object>builder()
+        .put("hashLengthBytes", hashLengthBytes)
+        .put("hashType", hashType.toString())
+        .put("parallelism", parallelism)
+        .put("iterations", iterations)
+        .put("memoryCostKib", memoryCostKib);
+    if (this.associatedData != null) {
+      argon2Parameters.put("associatedData", associatedData);
+    }
+    if (this.version != null) {
+      argon2Parameters.put("version", version.toString());
+    }
+    return ImmutableMap.<String, Object>of("argon2Parameters", argon2Parameters.build());
+  }
+
+  public static Builder builder() {
+    return new Builder();
+  }
+
+  public static class Builder {
+
+    private int hashLengthBytes;
+    private Argon2HashType hashType;
+    private int parallelism;
+    private int iterations;
+    private int memoryCostKib;
+    private Argon2Version version;
+    private byte[] associatedData;
+
+    private Builder() {}
+
+    /**
+     * Sets the hash length in bytes. Required field.
+     *
+     * @param hashLengthBytes an integer between 4 and 1024 (inclusive).
+     * @return This builder.
+     */
+    public Builder setHashLengthBytes(int hashLengthBytes) {
+      this.hashLengthBytes = hashLengthBytes;
+      return this;
+    }
+
+    /**
+     * Sets the Argon2 hash type. Required field.
+     *
+     * @param hashType a value from the {@link Argon2HashType} enum.
+     * @return This builder.
+     */
+    public Builder setHashType(Argon2HashType hashType) {
+      this.hashType = hashType;
+      return this;
+    }
+
+    /**
+     * Sets the degree of parallelism, also called threads or lanes. Required field.
+     *
+     * @param parallelism an integer between 1 and 16 (inclusive).
+     * @return This builder.
+     */
+    public Builder setParallelism(int parallelism) {
+      this.parallelism = parallelism;
+      return this;
+    }
+
+    /**
+     * Sets the number of iterations to perform. Required field.
+     *
+     * @param iterations an integer between 1 and 16 (inclusive).
+     * @return This builder.
+     */
+    public Builder setIterations(int iterations) {
+      this.iterations = iterations;
+      return this;
+    }
+
+    /**
+     * Sets the memory cost in kibibytes. Required field.
+     *
+     * @param memoryCostKib an integer between 1 and 32768 (inclusive).
+     * @return This builder.
+     */
+    public Builder setMemoryCostKib(int memoryCostKib) {
+      this.memoryCostKib = memoryCostKib;
+      return this;
+    }
+
+    /**
+     * Sets the version of the Argon2 algorithm.
+     *
+     * @param version a value from the {@link Argon2Version} enum.
+     * @return This builder.
+     */
+    public Builder setVersion(Argon2Version version) {
+      this.version = version;
+      return this;
+    }
+
+    /**
+     * Sets additional associated data, if provided, to append to the hash value for additional
+     * security. This data is base64 encoded before it is sent to the API.
+     *
+     * @param associatedData Associated data as a byte array.
+     * @return This builder.
+     */
+    public Builder setAssociatedData(byte[] associatedData) {
+      this.associatedData = associatedData;
+      return this;
+    }
+
+    public Argon2 build() {
+      return new Argon2(this);
+    }
+  }
+
+  public enum Argon2HashType {
+    ARGON2_D,
+    ARGON2_ID,
+    ARGON2_I
+  }
+
+  public enum Argon2Version {
+    VERSION_10,
+    VERSION_13
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/UserImportHashTest.java b/src/test/java/com/google/firebase/auth/UserImportHashTest.java
index e4a3af14a..95d85088a 100644
--- a/src/test/java/com/google/firebase/auth/UserImportHashTest.java
+++ b/src/test/java/com/google/firebase/auth/UserImportHashTest.java
@@ -20,6 +20,9 @@
 
 import com.google.common.collect.ImmutableMap;
 import com.google.common.io.BaseEncoding;
+import com.google.firebase.auth.hash.Argon2;
+import com.google.firebase.auth.hash.Argon2.Argon2HashType;
+import com.google.firebase.auth.hash.Argon2.Argon2Version;
 import com.google.firebase.auth.hash.Bcrypt;
 import com.google.firebase.auth.hash.HmacMd5;
 import com.google.firebase.auth.hash.HmacSha1;
@@ -40,6 +43,7 @@ public class UserImportHashTest {
 
   private static final byte[] SIGNER_KEY = "key".getBytes();
   private static final byte[] SALT_SEPARATOR = "separator".getBytes();
+  private static final byte[] ARGON2_ASSOCIATED_DATA = "associatedData".getBytes();
 
   private static class MockHash extends UserImportHash {
     MockHash() {
@@ -109,6 +113,94 @@ public void testStandardScryptHash() {
     assertEquals(properties, scrypt.getProperties());
   }
 
+  @Test
+  public void testArgon2Hash_withoutAssociatedDataWithVersion() {
+    UserImportHash argon2 = Argon2.builder()
+        .setHashLengthBytes(512)
+        .setHashType(Argon2HashType.ARGON2_ID)
+        .setParallelism(8)
+        .setIterations(16)
+        .setMemoryCostKib(512)
+        .setVersion(Argon2Version.VERSION_10)
+        .build();
+
+    Map<String, Object> argon2Parameters = ImmutableMap.<String, Object>builder()
+        .put("hashLengthBytes", 512)
+        .put("hashType", "ARGON2_ID")
+        .put("parallelism", 8)
+        .put("iterations", 16)
+        .put("memoryCostKib", 512)
+        .put("version", "VERSION_10")
+        .build();
+    assertEquals(getArgon2ParametersMap(argon2Parameters), argon2.getProperties());
+  }
+
+  @Test
+  public void testArgon2Hash_withAssociatedDataWithoutVersion() {
+    UserImportHash argon2 = Argon2.builder()
+        .setHashLengthBytes(512)
+        .setHashType(Argon2HashType.ARGON2_ID)
+        .setParallelism(8)
+        .setIterations(16)
+        .setMemoryCostKib(512)
+        .setAssociatedData(ARGON2_ASSOCIATED_DATA)
+        .build();
+
+    Map<String, Object> argon2Parameters = ImmutableMap.<String, Object>builder()
+        .put("hashLengthBytes", 512)
+        .put("hashType", "ARGON2_ID")
+        .put("parallelism", 8)
+        .put("iterations", 16)
+        .put("memoryCostKib", 512)
+        .put("associatedData", BaseEncoding.base64Url().encode(ARGON2_ASSOCIATED_DATA))
+        .build();
+    assertEquals(getArgon2ParametersMap(argon2Parameters), argon2.getProperties());
+  }
+
+  @Test
+  public void testArgon2Hash_withAssociatedDataAndVersion() {
+    UserImportHash argon2 = Argon2.builder()
+        .setHashLengthBytes(512)
+        .setHashType(Argon2HashType.ARGON2_ID)
+        .setParallelism(8)
+        .setIterations(16)
+        .setMemoryCostKib(512)
+        .setAssociatedData(ARGON2_ASSOCIATED_DATA)
+        .setVersion(Argon2Version.VERSION_10)
+        .build();
+
+    Map<String, Object> argon2Parameters = ImmutableMap.<String, Object>builder()
+        .put("hashLengthBytes", 512)
+        .put("hashType", "ARGON2_ID")
+        .put("parallelism", 8)
+        .put("iterations", 16)
+        .put("memoryCostKib", 512)
+        .put("associatedData", BaseEncoding.base64Url().encode(ARGON2_ASSOCIATED_DATA))
+        .put("version", "VERSION_10")
+        .build();
+    assertEquals(getArgon2ParametersMap(argon2Parameters), argon2.getProperties());
+  }
+
+  @Test
+  public void testArgon2Hash_withoutAssociatedDataAndVersion() {
+    UserImportHash argon2 = Argon2.builder()
+        .setHashLengthBytes(512)
+        .setHashType(Argon2HashType.ARGON2_ID)
+        .setParallelism(8)
+        .setIterations(16)
+        .setMemoryCostKib(2048)
+        .build();
+
+    Map<String, Object> argon2Parameters = ImmutableMap.<String, Object>builder()
+        .put("hashLengthBytes", 512)
+        .put("hashType", "ARGON2_ID")
+        .put("parallelism", 8)
+        .put("iterations", 16)
+        .put("memoryCostKib", 2048)
+        .build();
+    assertEquals(getArgon2ParametersMap(argon2Parameters), argon2.getProperties());
+  }
+
   @Test
   public void testHmacHash() {
     Map<String, UserImportHash> hashes = ImmutableMap.<String, UserImportHash>of(
@@ -151,4 +243,11 @@ public void testBcryptHash() {
     Map<String, Object> properties = ImmutableMap.<String, Object>of("hashAlgorithm", "BCRYPT");
     assertEquals(properties, bcrypt.getProperties());
   }
+
+  private static ImmutableMap<String, Object> getArgon2ParametersMap(
+      Map<String, Object> argon2Parameters) {
+    return ImmutableMap.of(
+        "hashAlgorithm", "ARGON2",
+        "argon2Parameters", argon2Parameters);
+  }
 }
diff --git a/src/test/java/com/google/firebase/auth/hash/InvalidHashTest.java b/src/test/java/com/google/firebase/auth/hash/InvalidHashTest.java
index 5186a443a..8087b8583 100644
--- a/src/test/java/com/google/firebase/auth/hash/InvalidHashTest.java
+++ b/src/test/java/com/google/firebase/auth/hash/InvalidHashTest.java
@@ -20,6 +20,7 @@
 import static org.junit.Assert.fail;
 
 import com.google.common.collect.ImmutableList;
+import com.google.firebase.auth.hash.Argon2.Argon2HashType;
 import java.util.List;
 import org.junit.Test;
 
@@ -124,4 +125,71 @@ public void testInvalidScrypt() {
       }
     }
   }
+
+  @Test
+  public void testInvalidArgon2() {
+    List<Argon2.Builder> builders = ImmutableList.of(
+        Argon2.builder() // hashLengthBytes < 4
+            .setHashLengthBytes(2)
+            .setHashType(Argon2HashType.ARGON2_ID)
+            .setParallelism(8)
+            .setIterations(16)
+            .setMemoryCostKib(512),
+        Argon2.builder() // hashLengthBytes > 1024
+            .setHashLengthBytes(2048)
+            .setHashType(Argon2HashType.ARGON2_ID)
+            .setParallelism(8)
+            .setIterations(16)
+            .setMemoryCostKib(512),
+        Argon2.builder() // missing hashType
+            .setHashLengthBytes(32)
+            .setParallelism(8)
+            .setIterations(16)
+            .setMemoryCostKib(512),
+        Argon2.builder() // parallelism < 1
+            .setHashType(Argon2HashType.ARGON2_ID)
+            .setParallelism(0)
+            .setHashLengthBytes(32)
+            .setIterations(16)
+            .setMemoryCostKib(512),
+        Argon2.builder() // parallelism > 16
+            .setHashType(Argon2HashType.ARGON2_ID)
+            .setParallelism(32)
+            .setHashLengthBytes(32)
+            .setIterations(16)
+            .setMemoryCostKib(512),
+        Argon2.builder() // iterations < 1
+            .setHashType(Argon2HashType.ARGON2_ID)
+            .setParallelism(16)
+            .setHashLengthBytes(32)
+            .setIterations(0)
+            .setMemoryCostKib(512),
+        Argon2.builder() // iterations > 16
+            .setHashType(Argon2HashType.ARGON2_ID)
+            .setParallelism(16)
+            .setHashLengthBytes(32)
+            .setIterations(32)
+            .setMemoryCostKib(512),
+        Argon2.builder() // memoryCostKib < 1
+            .setHashType(Argon2HashType.ARGON2_ID)
+            .setParallelism(16)
+            .setHashLengthBytes(32)
+            .setIterations(8)
+            .setMemoryCostKib(0),
+        Argon2.builder() // memoryCostKib > 32768
+            .setHashType(Argon2HashType.ARGON2_ID)
+            .setParallelism(16)
+            .setHashLengthBytes(32)
+            .setIterations(8)
+            .setMemoryCostKib(32769)
+    );
+    for (Argon2.Builder builder : builders) {
+      try {
+        builder.build();
+        fail("No error thrown for invalid configuration");
+      } catch (IllegalArgumentException expected) {
+        // expected
+      }
+    }
+  }
 }

From ddcbe667696f10230cd9476bee1e7805b045b04e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Apr 2022 10:05:29 -0400
Subject: [PATCH 120/354] chore(deps): bump maven-javadoc-plugin from 3.3.1 to
 3.3.2 (#659)

Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.3.1...maven-javadoc-plugin-3.3.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index ea826866d..11b6cd228 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.3.1</version>
+                        <version>3.3.2</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.3.1</version>
+                <version>3.3.2</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 9c71576a2d6ebd886a05575fdafc1516514b09b1 Mon Sep 17 00:00:00 2001
From: ssbushi <66321939+ssbushi@users.noreply.github.com>
Date: Mon, 25 Apr 2022 15:07:27 -0400
Subject: [PATCH 121/354] Add Argon2 Java snippet (#664)

---
 .../snippets/FirebaseAuthSnippets.java        | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
index e96170cf9..cd73908da 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
@@ -37,6 +37,9 @@
 import com.google.firebase.auth.UserRecord;
 import com.google.firebase.auth.UserRecord.CreateRequest;
 import com.google.firebase.auth.UserRecord.UpdateRequest;
+import com.google.firebase.auth.hash.Argon2;
+import com.google.firebase.auth.hash.Argon2.Argon2HashType;
+import com.google.firebase.auth.hash.Argon2.Argon2Version;
 import com.google.firebase.auth.hash.Bcrypt;
 import com.google.firebase.auth.hash.HmacSha256;
 import com.google.firebase.auth.hash.Pbkdf2Sha256;
@@ -588,6 +591,35 @@ public void importWithScrypt() {
     // [END import_with_scrypt]
   }
 
+  public void importWithArgon2() {
+    // [START import_with_argon2]
+    try {
+      List<ImportUserRecord> users = Collections.singletonList(ImportUserRecord.builder()
+          .setUid("some-uid")
+          .setEmail("user@example.com")
+          .setPasswordHash("password-hash".getBytes())
+          .setPasswordSalt("salt".getBytes())
+          .build());
+      UserImportOptions options = UserImportOptions.withHash(
+          Argon2.builder()
+              .setHashLengthBytes(512)
+              .setHashType(Argon2HashType.ARGON2_ID)
+              .setParallelism(8)
+              .setIterations(16)
+              .setMemoryCostKib(2048)
+              .setVersion(Argon2Version.VERSION_10)
+              .setAssociatedData("associated-data".getBytes())
+              .build());
+      UserImportResult result = FirebaseAuth.getInstance().importUsers(users, options);
+      for (ErrorInfo indexedError : result.getErrors()) {
+        System.out.println("Failed to import user: " + indexedError.getReason());
+      }
+    } catch (FirebaseAuthException e) {
+      System.out.println("Error importing users: " + e.getMessage());
+    }
+    // [END import_with_argon2]
+  }
+
   public void importWithoutPassword() {
     // [START import_without_password]
     try {

From 9102585a8704e1cbad554db436efdef208b807b3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Apr 2022 13:50:46 -0400
Subject: [PATCH 122/354] chore(deps): bump netty.version from 4.1.75.Final to
 4.1.76.Final (#661)

Bumps `netty.version` from 4.1.75.Final to 4.1.76.Final.

Updates `netty-codec-http` from 4.1.75.Final to 4.1.76.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.75.Final...netty-4.1.76.Final)

Updates `netty-handler` from 4.1.75.Final to 4.1.76.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.75.Final...netty-4.1.76.Final)

Updates `netty-transport` from 4.1.75.Final to 4.1.76.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.75.Final...netty-4.1.76.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 11b6cd228..eed44f1f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.75.Final</netty.version>
+        <netty.version>4.1.76.Final</netty.version>
     </properties>
 
     <scm>

From b2687f760e8ecde1861d9c4f3dfde46dc3d51c11 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Apr 2022 13:58:28 -0400
Subject: [PATCH 123/354] chore(deps): bump maven-antrun-plugin from 3.0.0 to
 3.1.0 (#665)

Bumps [maven-antrun-plugin](https://github.com/apache/maven-antrun-plugin) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/apache/maven-antrun-plugin/releases)
- [Commits](https://github.com/apache/maven-antrun-plugin/compare/maven-antrun-plugin-3.0.0...maven-antrun-plugin-3.1.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-antrun-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index eed44f1f0..6de53572a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,7 +131,7 @@
                     <plugin>
                         <!-- Update relative paths in generated API docs -->
                         <artifactId>maven-antrun-plugin</artifactId>
-                        <version>3.0.0</version>
+                        <version>3.1.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>

From 198f0b47861da7b2e6914bed5dce2b2a99e6523f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Apr 2022 14:05:21 -0400
Subject: [PATCH 124/354] chore(deps): bump google-api-client-bom from 1.33.4
 to 1.34.0 (#667)

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 1.33.4 to 1.34.0.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.33.4...v1.34.0)

---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6de53572a..dc58b6b2c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.33.4</version>
+                <version>1.34.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From af05f8c6cc95da103a69b2a8b9eaade56b80b434 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 May 2022 15:12:59 -0400
Subject: [PATCH 125/354] chore(deps): bump maven-project-info-reports-plugin
 from 3.2.2 to 3.3.0 (#668)

Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.2.2 to 3.3.0.
- [Release notes](https://github.com/apache/maven-project-info-reports-plugin/releases)
- [Commits](https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.2.2...maven-project-info-reports-plugin-3.3.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-project-info-reports-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index dc58b6b2c..71a817152 100644
--- a/pom.xml
+++ b/pom.xml
@@ -367,7 +367,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.2.2</version>
+                <version>3.3.0</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From e0165d65dd6eb9140de09c84296f2c80ca2c4ace Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 May 2022 15:27:40 -0400
Subject: [PATCH 126/354] chore(deps): bump netty.version from 4.1.76.Final to
 4.1.77.Final (#674)

Bumps `netty.version` from 4.1.76.Final to 4.1.77.Final.

Updates `netty-codec-http` from 4.1.76.Final to 4.1.77.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.76.Final...netty-4.1.77.Final)

Updates `netty-handler` from 4.1.76.Final to 4.1.77.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.76.Final...netty-4.1.77.Final)

Updates `netty-transport` from 4.1.76.Final to 4.1.77.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.76.Final...netty-4.1.77.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 71a817152..857f7d0fb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.76.Final</netty.version>
+        <netty.version>4.1.77.Final</netty.version>
     </properties>
 
     <scm>

From 14c7ade015fb98b18bf51637c718b86ed162b3af Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 May 2022 15:38:03 -0400
Subject: [PATCH 127/354] chore(deps): bump netty-codec-http from 4.1.76.Final
 to 4.1.77.Final (#673)

Bumps [netty-codec-http](https://github.com/netty/netty) from 4.1.76.Final to 4.1.77.Final.
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.76.Final...netty-4.1.77.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

From d589482873aad52ebc1003f3278c308a5f0c1438 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 May 2022 13:50:31 -0400
Subject: [PATCH 128/354] chore(deps): bump maven-javadoc-plugin from 3.3.2 to
 3.4.0 (#677)

Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.3.2 to 3.4.0.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.3.2...maven-javadoc-plugin-3.4.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 857f7d0fb..72ac372f7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.3.2</version>
+                        <version>3.4.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.3.2</version>
+                <version>3.4.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From d55d05e7ef4e1f94c39bf6660343f1e79c7e0c9f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 24 May 2022 19:54:38 +0000
Subject: [PATCH 129/354] chore(deps): bump google-api-client-bom from 1.34.0
 to 1.34.1 (#680)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 72ac372f7..560aca681 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.34.0</version>
+                <version>1.34.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From f1b003f605454813f2b1b9df593750f689603a5f Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 2 Jun 2022 12:59:55 -0400
Subject: [PATCH 130/354] change: Deprecated support for Java 7 (#682)

RELEASE NOTE: Deprecated support for Java 7. Developers are advised to use Java 8 or higher when deploying the Admin SDK. Java 7 support will be dropped in the next major version.
---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 406223d06..c190e7713 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,9 @@ requests, code review feedback, and also pull requests.
 
 ## Supported Java Versions
 
-We support Java 7 and higher. Firebase Admin Java SDK also runs on [Google App
+We currently support Java 7 and higher. However, Java 7 support is deprecated.
+We strongly encourage you to use Java 8 or higher as we will drop support for
+Java 7 in the next major version. Firebase Admin Java SDK also runs on [Google App
 Engine](https://cloud.google.com/appengine/).
 
 

From 80e9640cea5ec4fa726250cb0b42627cec671c4f Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 2 Jun 2022 14:08:48 -0400
Subject: [PATCH 131/354] [chore] Release 8.2.0 (#683)

- Deprecated support for Java 7. Instead use Java 8 or higher when deploying the Admin SDK. Java 7 support will be dropped in the next major version.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 560aca681..aac0d4203 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>8.1.0</version>
+    <version>8.2.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 45243455591967b83610e3bde12e320b8d1a42ea Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 2 Jun 2022 15:00:21 -0400
Subject: [PATCH 132/354] Revert "[chore] Release 8.2.0 (#683)" (#684)

This reverts commit 80e9640cea5ec4fa726250cb0b42627cec671c4f.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index aac0d4203..560aca681 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>8.2.0</version>
+    <version>8.1.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 723692ac9008ffa1161d78397eef80ead99860f9 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 2 Jun 2022 16:13:20 -0400
Subject: [PATCH 133/354] [chore] Release 8.2.0 Take 2 (#685)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 560aca681..aac0d4203 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>8.1.0</version>
+    <version>8.2.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 2a168dbfe5d458c951917e4ee2779837a87f0cf5 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 2 Jun 2022 16:36:15 -0400
Subject: [PATCH 134/354] [chore] Release 8.2.0 Take 3 (#686)

---
 .github/resources/settings.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/resources/settings.xml b/.github/resources/settings.xml
index 4afbaca26..8da474829 100644
--- a/.github/resources/settings.xml
+++ b/.github/resources/settings.xml
@@ -21,7 +21,7 @@
       </activation>
       <properties>
         <gpg.executable>gpg</gpg.executable>
-        <gpg.keyname>A9B90B41060565F56F348F948B6B459CFD695DE8</gpg.keyname>
+        <gpg.keyname>8B6B459CFD695DE8</gpg.keyname>
         <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
       </properties>
     </profile>

From 078ec13d7253f54882cd9abc545931d44544d587 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 2 Jun 2022 18:19:37 -0400
Subject: [PATCH 135/354] [chore] Release 8.2.0 (#687)

* chore: Update the release process

* Trigger CI
---
 .github/resources/firebase.asc.gpg | Bin 4061 -> 5213 bytes
 .github/resources/settings.xml     |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/resources/firebase.asc.gpg b/.github/resources/firebase.asc.gpg
index 8fd7d0769b6056896ebff240b9955656f7c98a60..dae950b79907fe1755832d9d37ad34cef5e2e284 100644
GIT binary patch
literal 5213
zcmV-j6r$^l4Fm}T0y~cD1mMJ_9{<wp0i86)7ERaQ{4$I-{swz_jV+_2Hlxkq_;ps4
zwvUZVMH^Zrg5L6m=My^$8qutKRZEx^AmUixv3Q_b_+)TpCt^Xs&v;BX7M$Oz@z#`m
zdnh02xPpTE+d%cFpvBU?1Zh_d{bO1$IPcW_@lQyV5&?fo+C9!CZ71&`;eE0p(&0LU
zO8QueN{U>NSJ|6_^aOlzDF;9a=bJ=4>+~FpqQRBCwHSU;vuJq+^UYpVdggTmZa@nZ
zh%<#5tD=T>i3_X%SbV<2CTS7D4c#%aWv)d#b*tw~8+%O{skDSn|13iD2v)_1xzdfx
zd|N-H=t9%Fl}2giyw5{Ko-Yi%h2^JwFp>_YEU}vRh3*8E<>KjRhm_>N0-Et3d9jru
zcglr?n~c_YSsz6F^M5CZ6c^N|c={`W@y04~XVu+29IoBZ<?mdUPYvRN4W8uV*JOTu
zW<(ZJ5DzF7{w{->f0&sBDqggsVeMcuCFjyRczh;{iahd*t}*fNh7Y&8{hAouJ*d`L
zLWIR{NJw-U5mx&0MsxLXLFTW`mXC%Yb($@IP4aQam*rc}o$jj){;`BWb%*GXo<xh%
zX3A=BD5H~066R{#O3;G{;wAlYp{*yxjJsNFzbO};q`6$niX13=?GU2Nu9-yzN~Mz)
zB8!EL{-9jHXH6Yt;A3cdHt9>GrmbS<!|qaKJiPqZv>hPt=lzBr%B!Z8QZ~0WaMV}5
z)Ae`!7C-WsW+n~8cqYdF>dE<bs%2f6om%t#j|{u-x;9Ozs$3;oL}&Fjn!MgboY(Qe
z_je-Z1*CQ3OqDic&rAG?G`Z?wsbz$pJXmR5OJ^pZ-hS1Rp#fLHCu1K{>hUtr6di!U
zg7DWt`tl}u%-FV28=Ut>XZJ|DyQ!&3#$7xT*App?cawN9el^octlJhGCwb657Kg`#
z%Dda_0-j;vIiqfx{j?n5`RLiMNYN-huKS2B$jqTJTzH>of45!+F1`Kces;fvdQgcM
z0*YsDI+0s}Q?Ww*c?U7qrYZd&b{{Mj=j>`J$x9<amRvl{OeZ~Ii@ZQl)KNW|r?`Mb
z&?}w(>@Eoz_Dn=KSALFFqi75s|JdIy^fx7vxN&M2He#y3zgZvkp@I1BuSMQIV5Pyq
z+pH4*kP<S&@ZGL{lzc~<6Q$@mXGWTgXhJdDD{W%#9f+o{;(ob5IjHN8k4~<~t9PUL
z_|u-Bb>2>ps;;66BZUFe5puUt5>AjvdI;hy&~{^b>m2j0Pm}=15s7u}qWeSvAN_xO
zFTK-J=GM4upv;@lMs%7e72iDQiDFEMJaNYnUZ=T^^WsxFu!<rqe2pfWxtkuEfM?Gj
z788ytUs@3BQFYfWsLrj0i|=A=UXpgTiSNm;BrCXiCa8fz;3xml_W;taC5&o6JDfXi
z6MbiPCe|sEB1JSAO**gyEh2kZ^?McYXW{`A#~;)$10L@Li@YiWv0z*eZw?pjoi!WL
zYMELcXLkgem1Ujr(Ol6p@HPi!Vx`YpL@Har%y~i(KJ|!;(iiR*+1k8ZZF8p|(eWd3
zcCvDxJz^nUm9&NSe_MV>l_UD5lOU;tXtlzL+(~HMS;Gx2aLeKTdj%Gx;V*D=(3db+
zwWSCh?d(vsBKxj?e1qQt>2JWs;I@5A7#gCKoLx>9V=&A!ZS;~}+&z!IkJaVGAQ%Qg
zb^L8PX7b<BNU$DHN$Gq+*PqGV|A#WVM6FO3kKLd#itK`YK=5o+KQ(vrA`qwl2i}j$
zDxXFs)#*Q}>vMx(&hjf1eQwM?yS+@&p4Q0_xsFo&OJ>4I1d;LIF8NcJV<oZsc;Z|S
z8Jyl)UA#4eNbE7Xic1(_4%Mrm32SzNdGAysT2@7Yfi8yD0}~#i>MdB~U{Ffw^MQXx
z&9vf}0n)!`L>n9ML{yOYR{F|iiLdsROq1h+1{}PLJa2>Q-8#}eEbO_$OQfNs$;x3~
zR02wC;HAo3NmHasI7207%XyLYV&Z72U|2(MEwO0Uh&eNGr8%v&p`X%1DaYxgl}$rz
z@v7eUU1St}cN9s_o%N@VgGGt57^^1vtF|0eoNSDdwTzP?)?68|x<f+&HzAeVcUj%Z
zPEaA_Z)|>eP%QqW=l1!|9^uwEf|YAhU4T{bn8+~W$<?fnF1SGNl#umh8KJMX;40ZK
zo?b9%xdtxvp)Hv*!(gY8g~Ft|xlTNgO;py1vi=A#%23a`v>5>maxkg4Hd6%FsoN7c
zO~I^o*L2nTZR&zNl07Oi)y{oN^DtcvK(SOI*Y0>Ybuar6xrG(XK^dfK`&C4MJ-e=K
zZnKxHf%<M~H2&Oq5-$8z%S`p+kMu)D6K)?tUP1Mf!wJt6iUWrv4@X4Y7nYQNx=0-C
zALM%%2RcNW3yOs{F>qwe;<YRo*siZ}2=SiNUFmL<Nc{^R3qh7Pzs~WY&+*c4MJ!N}
zMB#fcoypGn+I{5?Hk>50O8;3k)4bdoBjyTAqs(!tnp$Buf68tvWUlz7z$6xk$i)kD
zX=0YAOOh$u#R6V$%F?*l&$EHHVA{gVEh(NNv|bKo^$yxT4}#pL0Blp9spkEst&Z!g
zqbMUyFXg+eZjeT+^RTaV&Jm)hd21Y%AaW3^Lqblg)2sER6*#gei94~!<(M{b_3{HF
zwd3`)aIxZMI3J&c#~0b?w01xqb{S)|QK83#L%(IKo!QdckrvC!zIHb6tu1CQIt%XL
ziK;-F57I`VaR3d{o^SW0z`Tlg6r|7(u?<R=`~KsqY^3Q$4{+3}T;)+vBojz#)2u8l
zGmlY=W;QP`E5P`&ManKqS7m)91vtkx1yL=yV<go`WF-mqY@!J`&4?!pa}W<o^k53)
zTo9^~n@AvAH)zXH^&f2vqU@Q?@M3b2{xx0V_NF<UP;GQvQNb~$66dqrukp72AS}cB
zo*xAgVS+Ona)W%QN7c!JgX>SW;R-=R$T0cuCo_S<b=mfI5#jTTPxpVGuhZOtZ$DIg
z$#|q-(Yufg%9DRX?5-j#Fd`R^(UQn$qXTB7W;a*m14Yg}s0*i)HODsUuE378<J0iG
z_s@=Lh^SxhFW{HQIj0gfk1D}P#~;PJHAIy0YJzJMWfu_odau}&bq2!O>Iyidv+e-Z
zlm<`xPuT1mGQbfoUQC!VzP^{#%8U?tCE?zvh{b+;_VNmb%-x*u{R5Qtc9U?x7<b)X
z4`Or{b^}lYzNU7>fC|;Hfrw7oO#%MOJ--mnj1<&fOU)~#i76#MW=V27AZO-$K(LeD
zETl~4j=1ql&j~rVzN$L)%@D+U1M2)Dj{*{6)I}&UPGq0OE^<Snhe0v;;3ckKJ4)>K
zpXR(!Z|F2*D(P&67eq-9X5&(LiN1Y}@htX#z}jOO8|N9rLrve76IAB00?FUVz0e(Y
zx;0bf^@>O=lvjkR#9q*1!B%*NO9^PH$S)rn)%%g+1nKM?F!pRRxBRQ0VeCplGS7_|
zsh|S;`1XAL_9f*Sss)a)YzWY^Z_o(#^%mc2^A2fbC~Vtls4maI_>Dr{FFRZ0&Pqq)
z`wdZhs<Jz^a})Kkfj<nT6s9Uw!Y_WxrUDrQ?<50eg&w~Cf1kUFYVOEE@+BU0a6kMl
zb-N|4a#NW(kqqc4P3;}8U>h<38I16GIm{0ZTEr__!fP+3G{$(2JR{mhg@V4G?kX>M
zQ~JTq;1ey%npIir>qza~5oHsK(oV>Ht+t}HZ0@=_D?KHEST}Je-cZ-AI~>5&{t21a
zn42<f@+$kTcXzyy2Cs;!b@hs1^Wsg=2he*L69~GSH28|IEA~q_DuEzl)qUMpAghYk
z#E;fbvN7yH6|0Fd>zwbYG7}h>#bw608CQV-Q-v1!o~0b|hj9_R@_qhLF%pA$G8kc^
zC_tXksu8YLCz4CM;(D3%-ryzJ7)na?G`Ml(Q`3Ns`!Yvg9dUfe-LRSy9?uho8Y2r#
zM+W8ftj=T-A6`83-Xog@nS1Wz#5}I^TmQ1c&F4zGWb80K5<uPkxF1D8o#zCnU2{lC
zx;OI!n;s$0VfK^d@$xiWwI>TFXTsEZ<<q+TzJ;V?SF57>?|9v;S*RR1OTUf9YJcxZ
zCVh$uA#0s=$pB?Dz3<|t4T;3!k<aPAxeEihW5sJ_1eO!33HKIG)iZL1eBaAjn!X5~
zy=h`ECIIa3L;nnI=JqiV>dqw9;y%G-dIkz~W+??tSn046hCZtL!2l`r%7nu~X-p-g
zktkXLj~Qu04H$CKb!C);=}pCVe>6jf&Xof@Or$Z7(Kf?UYgVrljDij~n!5pdrAX*h
zmag^pefSf4E_boQ1JV~T-BZt6QcNhOMdy7;2tEX@P@j19q&SzqEZQC|Eug08?UUjl
zSLZzcX*LTzr(@20JJNi%7)Pt+HFLev{Jc;GkdI0RgeFOpQ41(4`R<Yn-Ro_r8n1EQ
z%S~nc!eecIp)3_#QutzM?XrCf?`*fMvGaM(R%f3HLTL^^%bI!lV@ocjHwyAqR);a`
z%)!3^^ZNFBq2Od8z5M>$v0~7Iy_KR%wT#&H(nTV`|6XCIt6*=d_M&7iVrtPCYl6I$
z9Xs6+BtcYY)vh;lIxle`)@Phfw@xRvS#Z?(0~b)V5@nYemY-UWvYxmX?XD_-zm#Q*
zq~Aup`}dRl?Jndj|E|r_2QH(1@9G<N31eUb`VDXJ2XWU&YT3^L)}t-%jqOdD{jh;)
z1-$6`gq_hn_LkxfX+B@m))~ekjZco7|3|^f0Bl{KxL%ry!5V=-5yF9r>vUh=&agz{
z`BFGi6qXUV=jAw_E2ioD$`41a<7fJ*4Im*iZLve}sTPEq+^Hidp!awyGOS~tL>8rV
zwiPNSKve@m-*Fd7I(HOE6r!Dk=Cyr#q*X;A+%W9`_0AI~oE=fOUGk%~%+@)L*A^z)
zD_$-y@5AMaYx_AH#6VQY?C98DY4_$FWfuaA7J@a6DnsBZ*J=D%x-Rtx+|gQAUx0|5
z9tVWKXZ>u-{_&b6w7vKIK~p>czIL@JkKw6Z6o}66Xw~IAKx7{_B$4nMFB51}N~-$3
zs`8z!S_12b>iz?Plj|e~1LinXR|$vjG-G-CIvJql&leGNU09xUm?v3@St*^kOJM6a
z(4<3o_%=)S0@n@~wkwOE9j5+x(UQT$6p6WlLnC>19D6LpujoCJ|0sY>nK|e3hb+>A
zExOpMWTv00f7|i*)loysK-wxGfEB>ooR(4ojRgc=yGev{W0vNW`fAwDh%rsXv>HTR
zWOCt;b;`sZcvh+#WB@ue<?QSaEy)X^B|fhGG*4`(BzN#DvM>2$3I*uAfZh;DaSOkR
zX+V4KL+PwD^<?a?+AZmZP2N5&&@PUdWRs-I7$H;-zo8yIK{+wTxFPDL8D27>t6m5}
z$`%AFpYhO1>Ta-;>Sd6lxwR96;*2Ey<elKki*!E0F6o!QQ{_?xQ_tT<%}f%PSt-ES
zvpR;T@Ba=m;*vlt8*vzqvP}xqS*OUSVB!9@3K$Tuixm)dJy9R@_$;}UESyJ+rI4xN
zkX7yO^K-)Rd>JH7!1vVA`N(a7?{cNKBSXj>E>=gU6G(xPI#O>NY`-DvZK@}Q`%7k7
zTJ28;wOmL6mfQKFM(M%0O>wr;kI?ZjI+i`b6V?w;MBd00#Tp1YEL|TUqdOf=wwzcG
zUd6{L_b&v{yZTZn59HISeoLE4h|1KN!HYI!(Kdp!v0%XIH3ve-gKX)Y^#D4!uk*KE
zxY8Q2VoNnL6^^z;ADGg|()E-#?PFSI{ATHo(^BZ9T<~|F%W<hplZKufGhiZBOr_N6
z2z^27&x^F|;YE;TaWv<Z_6e#s5qjiblQSFDx8V}5?@5d&e*>ZWr&|JVm7~?I?_zG1
z20U2JtZuP{KO?}g(Wtp4GrUVNBAZ_KA<(*`0ZFUxIEwkfsSxO0jFYqR$ar+WvNh+3
z#?`SS1=E4Y@Lc`3`^jkg*>%cv`&7%o+f3HpZXIqZnE3{)6;!mFr4`Ww`{2Rc?QxFb
zYVp_h)YqFpcd;0iAHE=ex$EYy0eUIpc1X(5wGi17HW<aBY2OiwEH7GZzId23vpA4f
zb`QUJIMuev2G8f=m#&pgk>TpM$~gm#k-y*2jdSyJSl`de$Jd^wjLMoL$Ax@B5lGf>
z4FxvLE9j7m%wTH=^1STMjE`t6XSeW%0?}voD8f2ePtYkM(d1Je<ZS)p&*s9WFyq@`
zhx58?v$oX+kJM+O{Z*oxH!}=1RW@{<mp|ee*-y4vliTrGx=8FmAq-V)I6ub-`g81Z
zo{$G%j7>S~V~<6jfqv<Od)Q(PnSKp5L+t_21UGVLD!}=Hg@f&Ol!jtOR@;#J*XL32
z#~2M9tUeIymS13MUe4nScuyg^uJJB7OlC^L_5y_p^H2^^=<yj&l;T&zgds@1<9MDa
zZ{^T^MC?kld0Y-?@+|hDxDU7#Jl_&MMCStov3C<T;TLGKz>zeieJJ3oPP|?Ss_<U)
zeKC-Kf2B(D-H7n9K(qu=d{Dt|tmLK^KWx^R{&5lk20CWfAGB2JWYX87q+E2=#=RnA
zD!UK1vFZv|t!0~B3)giTN%-LZ-0n;q)u7v<^g%u~yE2}bIN!pLvO}0)7swy>L#q1s
z!upQ5m~;!NlZ3WqJ&nAA9iz5<LB)Zv&P)0*@|}_}xG$;GA~u`|b^?%KPWne_J}KS4
z$ygO#jq5ShH~q1u?2x6%)KC!|da!?T1=q5?3YGF?4gDruqa();=LM!sT$d~x#7d%s
z9|%N4N-M<;tbAw@1+eX2tuvR?1}47xb15>q6o<$yy}nO;WU%go8bT@5`if&rsX%C)
XrIgL-1=1;}YjbYhxg363z=nJD3<gNp

literal 4061
zcmV<34<hi44Fm}T0;1e~Uq6v&ZU55i0XZ@X8m7GywFb2t{hr^|4{g*4e1b<9dMkI+
zxkb&yKU`9_;D{y5>>TRDh<w(!$u7~y_d+d*^Ea!u)%;~WT$p??w?dKX%dp9zzz1h#
z22kNNL8wk^^+Kl6?LkR>12twaxxgrB=~nu4Ie_l{B4=u%Z!ZxI0Yr=F9w=iT{b&g_
zw-c$@r|V{b{y-ay=@PtDT7)9C*C09hepY{5sNuZs*%)_x^`u}LsM4fZ+W>w_1huO(
z%@c>7hIE>+#}dDaru{9lKFrrwJ~m)gys#I`B@&VNwDt<aiQxG-`iZ8`p2aCkE$4k&
z?tnNhnM|IWC-p5U`L>H@F5_E$O!~J06yi;j2f+<IWNp#K4Sk%~%W8u?f?MLD!IMXV
zL1h-^#wM?0R7Es)jt0lpRKfpw(}yQ3mS#t^X4P~^&ueeJFGB4vv^vuJC-HeCwS?fy
z5hSz!EjAK#67)2~lxyi8jkhizGiH@N6bh@mE`NV&_qkMg6(FlfKIh3L0+|bAIOTz!
zLrjlT#gug7;xL+U#7%6~hDccc!3PL>Lr=e)3IkT*mj|4P^3n6MwY;}sTk0@P%l&sf
zVK}afzDH%-Ga~<Sjc8*w^D3>R6e&tt7&eFqLx~Kt9?Ch$wFpKravh*+vc|l1uZmRT
zQg6pu(L&zpsvS1Fb0qpUAjJEAsZi&$WXyKuG&`;?AOE@od`tm&azIt-fvFjs$A77A
zfwiwhOi#eI35UZx0i*oi8-BQlmhFg1W38YzFUkDZSkQT$cL`$mecv+p`NPne#*Q-`
z^a}Xh-T%r6-fU1CT|MxK0}z0VwojB5_C35grZ}bVI<37u$q9V-snzMXRL`QH_s;pd
z+JH9TQ3Tw1_n<7(glRHMhS2AYVoU$#GSlj$XkS710%aSznI4joqCgvZ8J;d2{xi-G
zK#|Pk6-9oXY5<5P6d%XxOaui|Bvt2T5dgXZ-Z%fG=6C|0j14qIKw&}K-pT;f7#{&9
zrBvU-Hdib)$<RcBpn=_Dj7C8YC=O-!<GIe$upe^qkAwr}o+mch*udXOG_TePDLo08
zL{<kJ^CBPF%v6*pN*S|f2>r$$lx#w4fIXS;V_9N4S`0CHoS!gc*q<#Weu{g2yOR0_
zLbV|rO2){j48X0>)z~!Wk735N1OfNmiePSpB~vNurH6r%&9R^AwdTu!-=RB@6$tOu
zFD=1luY?>%-(4`F8+^R6DLU_c{Nf$L_S8=~nt^V~jg>_`a?(rdv4M}co;tcE84tR_
zbAFf;!T+q!6?VThSH2VesUu>vHl-E^v@#LXC~kLnjP}6%{CCYDQ(3wh5V?QDqf2px
zUmyq|`daYnw_i~B8m^)fz5@b!?m`tNh|z^!xxV8Xw6G+gqxC}?hW67f{z~FZq59W6
z^^@;&xL)PZHT$aB%p%!D9HP&qJscOSi=^~T{BaEaVnLFx(e3PN$e%KKc<CWg?un^a
z)4is(EbjFhwojW5d)w1(3aOU*WXG=*r>YSXCR11LpRq)QJWnyvh&58kSVK<%e=hI%
zdOEP>StfE5yeD99e2B+Q=BP+~X2_;q4*+0!vY}E5Iq4$uVb&`1b)u6Ib4Z>3DYBbD
zydh-S5Km;^20iFd-8#w>=r_PDxMpR5Z)Sv}fjB8ED2G=fD)CevCX&$?%kMrRGRQKr
zlhjT$1oB1@bC+L!g5=3!P#@>zWm#0DBHi3d>V)*~&=xo02z@S9xX$~fLIgt337n=y
zWC&~j_SM?|$JU{?Hj-B4eYqcEE6HK`ewdgRj{E``^)!rAcn&<mgF*DbpyB~8#RzMC
zx{_0ncdh_LM11_cudD*U8O2=Tj!))_Fk6!{ETj`+QbG{3DWs!w9hb70-X&lU@A*}(
z%Bm@XwtBK3YXp)2saBGECK@Fp9Cj;j>Y(E(Su6x2*k5QqFkdLqoSylqxE(D&K1sj+
zq{)|j&VLF{*+I${cFiX^m6e|Mg>OOh<Ipvi6p8newT~1@P58_LJ3VYJvt_+q_O)W#
zCh>KdY3Ug+;t{+hO9BqxN+zT`;vAaz9gKi5&t;6N9hQC8Jh~Lb&mxdoDzRf<M+S=^
z2HFw(0K2iZ03mLOKD<$V5d`WR4!+T29_u@uF5@P|Zkqm8=)yo{fYTV$$hDtQUq6@p
zI`%R1#yBR^@KlyvF4)7rDfA{uwEVMHM3fN!s{xl|FuStg?3eN;+4y=^?ZWbY(5Y8R
z#rPE{o#7%xp=DUJSvW~23l*B7(iO&#whg!yi218^Hs7ltE)q*Px>gu=JkqV@QlhVO
z#DG|EbK$Bl5m4~9n;t{`A=*xPn+VP{ZOPTF%Rix5qI?tm5~H)4L(9AOa*FcC#!4h$
zay6GGE+!(A@34Nh-_9@+-IAn}t^q~`fp6Ypgk?7&5IM6cdlo=oo<2Y)evnV$5N0Q9
z(d^pc&3h9aPo{Ri`3mGV-(Z*yre1c7xmhKmCIWF2fAy~B62OYXzIh7q)+rjmx2d%r
zG&BL~G9NN%Wdu;P6A-}l7mB3#;};>bLJu%Zf5*LD!SQxit_ydd%RCSOG)5T2ZN++v
znv=;S8`vSB0@e|sS#z#20S`Z-L?o`0z3Tj})7$;JX=*RR)KqnjZ9!=mpbJt8hpsRR
zS98jB&cJm}8r>@$rK}rb`>AihF?l#SJOC>LChFmA3>=2detiMok)NLr>PR|A>_hZ+
zIx>&#L=O4sapFtit<shKEC|a7ANHnK^wk0T?1$pQcbf<=N9qb-N~cKKn+sjBIj0Wu
zUKkfBnFtvx76P3XRy%MICNO9Cj0294tKM9gf(65vVI}_3spl#xAz2w+YIi37CL6S>
zwi+1b%q~hcr{1P-<mP=wePFIV-F#<La`qxe@6mwxrGmr$F@KmTv@k#+T&8xJt|6ub
z-rCN2UqNcbm96`<4MFxp?fZ)_tNbcq@L`(j9JmpUtT^vX8C4#}^}X3ToKbPdaAS|0
zLbQ!ci&N=crLAWgUu%$|Vq%gv=_bH>_W3FUYfdlArUU_HK<OtT;MAdp$>eOSBakbl
zGsPs&JSxcOA7$L&B!TI@HwL}Ed9#lEQ4P<hQHj)u`%GRNEnLYdmpSg9us%Psv9{ui
zJ!^x<X6bspPD@cT_bX}Bk{q`~yYRS{_DCA~ro(^>h+M3!tR<hA*895J1yFaoSKWVX
z3OR^(=2J(XsOxJ|n-5Gt1`&o)bxEJ*g1-=T9x9RFCQio~%8897Z0xbe@wUCGi52K0
z=fhULzV?T$ZZgJ>EoCx>p|;=tr`)5uLr1<4!4)$M#KvhVNWK&n4m4$pu};hZKI;2?
zRD}0k<hfhBXp9n7y<ktMV#Wer_~<2yu`qkc+7=8gXstP308@!}+7T>q_+arS4lQ0J
zyV!~G@};dT53c&SFB-gJ%KFJyvgKTO?69z~7}SrHXCB-|pU>@Jx71J3ZEv_<5Q8q)
zkt`{Wh#aZ~1)7|o*dGQktcJ+0_NYL3UxK6pUUWVikKFc-=fzqrniwP!K7%dNV`Rvm
zwI5o@g$isY*jX&K{GZ?i=+SmL_Vul(ROv#oMj{eqRioz26fx7Tpdov3mdKzW)}r0r
z2!CL#4s6j<&CH~ls&lZaPn7>%%o}NlnG%5DO;d#Dwt&;6NvEy>sN=`7db^O^)i)$~
z4@&y<U^5wPVg~bH>o4XW4S|t{h`jM_)%krF4g_bJcZ6>dk`_WNZ4nHcF@2(5I<MAj
z(QNI!JEbCJzJC7--YaCEux*hv#(aFczRSA2-~($|yhXSn=$X`9?OF+=xJ%|!GKEWr
zgB1lOzcD|!l{0XL^D+sLKtA}T;AQ5=Z!AGd-czDm%((%vlgti)RZx7%noY?u`YYyv
z^uX(<<8qYq?+N}&X{SOQ9dve5JS*mLTRoJJI+UL7{xR~EZmEEKFbntJycg#ANR8+?
zK8dy{t2_!YBFRBKccI>uCgy$!3U2@`Z2TnKK~3Xl0JTzVNg}$Z(RpH)to$6lf|FFF
zGS{o&YE@nLc^U^}fNxAWgl|JrZIY|$^(|wjvFS$3Cf0W)kFuCTQrCDLnnWY=8a7Q6
zQM`YT4>_ktr+<{7=q5A^xn=4^tSmyIs;)BcW9>{eoHt<dI#rxf9cgcINa+@U@jV)o
zTon{Hb)PLARXwy{r+hfZ^?^x~s!dDmAP{u;+-t=_g1SGvG9uCmVFC6QV;ktKEue@1
zop6<sFoyGtln{4Oh9gu$!Z8j&dq$E_8t$epW5j=8C~C67u8`biou*VXIjw&SA91vq
z<Qt%EZO^b4VvE;t!6kbIw)dkqfKqEas~vxF`P_|E%@}eg3aePAst@R0=RSvqUf=+7
zHrsXXQfmQsS?jg61Vh_5Kf=YdY3uvUVf0db7GTk6W+!l}-y+y=;v|^wX51hm@}P&b
zc7wm<YuwH9lc)3v?8T2GFF-IZ{?8q;@?WJ>bTN*p%9WltA)oxjT&D3Mb-E!8h6)>=
ztCx0Ml9{PAY|aDh>Ldw^9al>|o?eW><8J`aY0>~&&=b=Q0(KrCb{}LpX!bg7v_HDx
z`KM|v-ie?zh?24vxs2;fPVS`gVas!_;C29sG6Osdq%p?@<!jlc==&ZOl~KQTEXbu7
zI53P-hpGlb?ZBKKw;eVWp*|Rbx)9XtcsnXTiv(kDccY<adfardQPKiP0KZ$fu|38H
zTFanga^rxfs{ri7mwgoInwr*|4A{X4&Xh(xvd|Jm_eByFL@+fA1->nZ!ON-vpZz-g
z>58&!*nw1zH-!A5`bI2^`O_r)zq#;3@xFVy#*S+OlTR@21g0ARQSD&UkE1uzyd8E3
zgLcJ9*X57fRX4uTJni0buamcXX37vnR&BL8zFMO}Lgc9qO`c)oY5=%a$4*RKMQ3F?
zSRs(o+f_N`CSh2lO5sA9kHbsK*Yr%>yFADTS^~|}A*AATR6O^!#Kvd!cbY963!(|l
z^nkJ+FJe?ski7dpkYt)sNZzA#RKqd0rr{vfoQYI}1U|pGDt^;=g;sC4L$8gUwrT3;
zEUDvmKIN@72!otR4vr0dMaHq-)oQ}~a{lHfV#nKZ+-QC7>!iWG;-OA}N3XFq=`RG|
z$LQHwMAu@sDw}|UE-b*9ZJS0^SCdD0_Qlkf_%uAQ(U{diEIPV4<MEnR5afL(S5>@j
z<<`PYX%@`#0!a0tdWO*|3C1FrKnAiL!1SerD<}n<py?x^OKZYRz;ch0uW4s#e(|j8
zw%w~K_8zanZ(EmfGBQL)yuv{B(1p0@S31W*@g#v6^os=@kzasJ<~Q^<_AwK{p)xeD
PR2h)2T?R;9F?4@&KGxAW

diff --git a/.github/resources/settings.xml b/.github/resources/settings.xml
index 8da474829..847ea52d0 100644
--- a/.github/resources/settings.xml
+++ b/.github/resources/settings.xml
@@ -21,7 +21,7 @@
       </activation>
       <properties>
         <gpg.executable>gpg</gpg.executable>
-        <gpg.keyname>8B6B459CFD695DE8</gpg.keyname>
+        <gpg.keyname>77A3CB7D41F06A4512BA8EA5AA4E6ADF6A05C58E</gpg.keyname>
         <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
       </properties>
     </profile>

From 998372527d2356e3c7676bfea37092a95079be2d Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Fri, 10 Jun 2022 14:45:12 -0400
Subject: [PATCH 136/354] change: Drop support for Java 7 (#690)

Updated the minimum support platform version to Java 8
Updated the CIs to run on Java 8, 11, and 17
Upgraded the dependencies that were blocked on Java 7, including libraries-bom
---
 .github/workflows/ci.yml |  2 +-
 README.md                | 16 +++++++++++++---
 pom.xml                  | 10 +++++-----
 3 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e765291f6..eb09f08c6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,7 +21,7 @@ jobs:
 
     strategy:
       matrix:
-        java-version: [7, 8, 11]
+        java-version: [8, 11, 17]
 
     steps:
     - uses: actions/checkout@v1
diff --git a/README.md b/README.md
index c190e7713..1ad5352e5 100644
--- a/README.md
+++ b/README.md
@@ -46,11 +46,21 @@ requests, code review feedback, and also pull requests.
 
 ## Supported Java Versions
 
-We currently support Java 7 and higher. However, Java 7 support is deprecated.
-We strongly encourage you to use Java 8 or higher as we will drop support for
-Java 7 in the next major version. Firebase Admin Java SDK also runs on [Google App
+We currently support Java 8 and higher. The Firebase Admin Java SDK also runs on [Google App
 Engine](https://cloud.google.com/appengine/).
 
+The Firebase Admin Java SDK follows the [Oracle Java SE
+support roadmap](https://www.oracle.com/java/technologies/java-se-support-roadmap.html) 
+(see the Oracle Java SE Product Releases section).
+
+### For new development
+
+In general, new feature development occurs with support for the lowest Java LTS version
+covered by Oracle's Premier Support (which typically lasts 5 years from initial General
+Availability). If the minimum required JVM for a given library is changed, it is
+accompanied by a [semver](https://semver.org/) major release.
+
+Java 11 and Java 17 are the best choices for new development.
 
 ## Documentation
 
diff --git a/pom.xml b/pom.xml
index aac0d4203..ffc9d1cd5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -270,7 +270,7 @@
             <!-- Compile Phase -->
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.8.1</version>
+                <version>3.10.1</version>
                 <configuration>
                     <source>1.7</source>
                     <target>1.7</target>
@@ -352,7 +352,7 @@
             <plugin>
                 <groupId>org.sonatype.plugins</groupId>
                 <artifactId>nexus-staging-maven-plugin</artifactId>
-                <version>1.6.8</version>
+                <version>1.6.13</version>
                 <extensions>true</extensions>
                 <configuration>
                     <serverId>ossrh</serverId>
@@ -385,14 +385,14 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>20.9.0</version>
+                <version>25.4.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.34.1</version>
+                <version>1.35.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -460,7 +460,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>2.28.2</version>
+            <version>4.6.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From dd7cfa0ea3a26c2b35ff1cafb67a37e373680e85 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Jun 2022 14:55:15 -0400
Subject: [PATCH 137/354] chore(deps): bump google-api-client-bom from 1.35.0
 to 1.35.1 (#691)

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 1.35.0 to 1.35.1.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.35.0...v1.35.1)

---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ffc9d1cd5..c8dfa23a4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.35.0</version>
+                <version>1.35.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From a73cf72ee57fc4acfe8a6ca371d27e28bf0d4dd4 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 16 Jun 2022 16:09:39 -0400
Subject: [PATCH 138/354] [chore] Release 9.0.0 (#693)

Breaking change: Dropped support for Java 7. Developers should use Java 8 or higher when deploying the Admin SDK.

Breaking change: Upgraded the dependency on libraries-bom to v25 and higher. This in turns upgrades the dependencies on google-cloud-firestore and google-cloud-storage to the latest versions.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c8dfa23a4..1db31664a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>8.2.0</version>
+    <version>9.0.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From d96376c6da5b1bafde2d61af3946de5ef71318d7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 Jun 2022 13:21:06 -0400
Subject: [PATCH 139/354] chore(deps): bump netty.version from 4.1.77.Final to
 4.1.78.Final (#694)

Bumps `netty.version` from 4.1.77.Final to 4.1.78.Final.

Updates `netty-codec-http` from 4.1.77.Final to 4.1.78.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.77.Final...netty-4.1.78.Final)

Updates `netty-handler` from 4.1.77.Final to 4.1.78.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.77.Final...netty-4.1.78.Final)

Updates `netty-transport` from 4.1.77.Final to 4.1.78.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.77.Final...netty-4.1.78.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1db31664a..ab8c12867 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.77.Final</netty.version>
+        <netty.version>4.1.78.Final</netty.version>
     </properties>
 
     <scm>

From 9afdda930ef4636c050df8a0c42f5e6e2090fa7c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Jul 2022 12:48:56 -0400
Subject: [PATCH 140/354] chore(deps): bump google-api-client-bom from 1.35.1
 to 1.35.2 (#696)

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 1.35.1 to 1.35.2.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.35.1...v1.35.2)

---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ab8c12867..10eec2462 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.35.1</version>
+                <version>1.35.2</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From ae3ea83590150f4457bd8d61bb58ff6d83df6607 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Jul 2022 13:42:16 -0400
Subject: [PATCH 141/354] chore(deps): bump libraries-bom from 25.4.0 to 26.0.0
 (#697)

Bumps [libraries-bom](https://github.com/googleapis/java-cloud-bom) from 25.4.0 to 26.0.0.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/libraries-bom-v25.4.0...libraries-bom-v26.0.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 10eec2462..5d1312561 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>25.4.0</version>
+                <version>26.0.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 5b1a60197da4221a15464fd7f4023b80c9a4e258 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Jul 2022 17:45:03 +0000
Subject: [PATCH 142/354] chore(deps): bump netty.version from 4.1.78.Final to
 4.1.79.Final (#698)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 5d1312561..c69f52e91 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.78.Final</netty.version>
+        <netty.version>4.1.79.Final</netty.version>
     </properties>
 
     <scm>

From faead80b8b5acfbeea62c31b691b024c68d517f1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 31 Aug 2022 20:01:10 -0400
Subject: [PATCH 143/354] chore(deps): bump exec-maven-plugin from 3.0.0 to
 3.1.0 (#701)

Bumps [exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases)
- [Commits](https://github.com/mojohaus/exec-maven-plugin/compare/exec-maven-plugin-3.0.0...exec-maven-plugin-3.1.0)

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:exec-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c69f52e91..d6c995492 100644
--- a/pom.xml
+++ b/pom.xml
@@ -215,7 +215,7 @@
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>exec-maven-plugin</artifactId>
-                        <version>3.0.0</version>
+                        <version>3.1.0</version>
                         <executions>
                             <execution>
                                 <phase>test</phase>

From d61e019fe7fe50493a2dfa1f72aaf7803c833267 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Sep 2022 00:04:34 +0000
Subject: [PATCH 144/354] chore(deps-dev): bump mockito-core from 4.6.1 to
 4.7.0 (#706)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d6c995492..c0871ccc4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -460,7 +460,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>4.6.1</version>
+            <version>4.7.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From 89ee249f9614cc4996c8f6ec421ada56d69143f5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Sep 2022 00:07:11 +0000
Subject: [PATCH 145/354] chore(deps): bump maven-project-info-reports-plugin
 from 3.3.0 to 3.4.1 (#708)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c0871ccc4..e751f19dc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -367,7 +367,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.3.0</version>
+                <version>3.4.1</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From 46339ef11b336b5f76a0444a236acefe8b0669ef Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Sep 2022 00:13:12 +0000
Subject: [PATCH 146/354] chore(deps): bump slf4j-api from 1.7.36 to 2.0.0
 (#710)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e751f19dc..bc010f7fa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.36</version>
+            <version>2.0.0</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From 8f27e2245dd7837428ec2201253dc73fb22e9d88 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Sep 2022 00:26:05 +0000
Subject: [PATCH 147/354] chore(deps): bump libraries-bom from 26.0.0 to 26.1.1
 (#711)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index bc010f7fa..fc4687743 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.0.0</version>
+                <version>26.1.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 834001f740053ec8a4331c1ef8ae116994e974c7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Sep 2022 00:48:51 +0000
Subject: [PATCH 148/354] chore(deps): bump netty.version from 4.1.79.Final to
 4.1.80.Final (#712)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index fc4687743..628518eba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.79.Final</netty.version>
+        <netty.version>4.1.80.Final</netty.version>
     </properties>
 
     <scm>

From 7f2ca26096fb84bcff60c3b3ab49c9ca3e316364 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Sep 2022 17:46:13 -0400
Subject: [PATCH 149/354] chore(deps): bump google-api-client-bom from 1.35.2
 to 2.0.0 (#700)

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 1.35.2 to 2.0.0.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v1.35.2...v2.0.0)

---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 628518eba..9413ad8c9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>1.35.2</version>
+                <version>2.0.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From eed0b7846adda8d8bf5e8bb40f2f2c354f64b067 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Sep 2022 22:03:23 +0000
Subject: [PATCH 150/354] chore(deps): bump maven-javadoc-plugin from 3.4.0 to
 3.4.1 (#707)

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 9413ad8c9..e76b2dc10 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.4.0</version>
+                        <version>3.4.1</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.4.0</version>
+                <version>3.4.1</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 31b8044e4f5ee5a5c51061a57017b7ac03495ef1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Sep 2022 17:02:11 -0400
Subject: [PATCH 151/354] chore(deps): bump netty.version from 4.1.80.Final to
 4.1.82.Final (#717)

Bumps `netty.version` from 4.1.80.Final to 4.1.82.Final.

Updates `netty-codec-http` from 4.1.80.Final to 4.1.82.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.80.Final...netty-4.1.82.Final)

Updates `netty-handler` from 4.1.80.Final to 4.1.82.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.80.Final...netty-4.1.82.Final)

Updates `netty-transport` from 4.1.80.Final to 4.1.82.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.80.Final...netty-4.1.82.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e76b2dc10..972967519 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.80.Final</netty.version>
+        <netty.version>4.1.82.Final</netty.version>
     </properties>
 
     <scm>

From 0cd2859e00e3bc244df3b6eb437d4f5889f9f498 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Sep 2022 21:04:59 +0000
Subject: [PATCH 152/354] chore(deps-dev): bump mockito-core from 4.7.0 to
 4.8.0 (#719)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 972967519..64bb7302e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -460,7 +460,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>4.7.0</version>
+            <version>4.8.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From 58820a17dd3425cc7ee01039e13ef4c14bf09d47 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Sep 2022 21:08:07 +0000
Subject: [PATCH 153/354] chore(deps): bump slf4j-api from 2.0.0 to 2.0.2
 (#721)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 64bb7302e..828fdeb2e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.0</version>
+            <version>2.0.2</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From d164dca69cb4f600ed13c389fadfea0ad098e51e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Sep 2022 21:11:03 +0000
Subject: [PATCH 154/354] chore(deps): bump libraries-bom from 26.1.1 to 26.1.2
 (#720)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 828fdeb2e..5c1647931 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.1.1</version>
+                <version>26.1.2</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From dc3835f29dae8ffaaa9be2a5d8186b1bb0f0251d Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 28 Sep 2022 15:09:59 -0400
Subject: [PATCH 155/354] chore: Update source target to 1.8 (#724)

Updated maven source config to 1.8
Updated the CONTRIBUTING.md to reflect Java 8+ support.
---
 CONTRIBUTING.md | 4 +---
 pom.xml         | 4 ++--
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index c346c5b9d..a3b65e101 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -85,9 +85,7 @@ information on using pull requests.
 
 ### Initial Setup
 
-Install Java 7 or higher. You can also use Java 8, but please note that the Firebase Admin SDK must
-maintain full Java 7 compatibility. Therefore make sure that you do not use any Java 8 features
-(e.g. lambdas) when writing code for the Admin Java SDK.
+Install Java 8 or higher.
 
 We use [Apache Maven](http://maven.apache.org/) for building, testing and releasing the Admin Java
 SDK code. Follow the [installation guide](http://maven.apache.org/install.html), and install Maven
diff --git a/pom.xml b/pom.xml
index 5c1647931..74ab77b67 100644
--- a/pom.xml
+++ b/pom.xml
@@ -272,8 +272,8 @@
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.10.1</version>
                 <configuration>
-                    <source>1.7</source>
-                    <target>1.7</target>
+                    <source>1.8</source>
+                    <target>1.8</target>
                 </configuration>
             </plugin>
 

From 9b4fff75d933a83ffe183ecc01d5bb76d421445c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Oct 2022 16:26:08 -0400
Subject: [PATCH 156/354] chore(deps): bump slf4j-api from 2.0.2 to 2.0.3
 (#726)

Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](https://github.com/qos-ch/slf4j/compare/v_2.0.2...v_2.0.3)

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 74ab77b67..94f8c025e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.2</version>
+            <version>2.0.3</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From 19cc8fc31c7c268b5c6b49242f642629e8beaa2f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Oct 2022 13:10:15 -0400
Subject: [PATCH 157/354] chore(deps): bump libraries-bom from 26.1.2 to 26.1.3
 (#727)

Bumps [libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.1.2 to 26.1.3.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/libraries-bom-v26.1.2...libraries-bom-v26.1.3)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 94f8c025e..8ee1b6919 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.1.2</version>
+                <version>26.1.3</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From b0be4b0646c778ebf66c30cddb6ec13f8d255e99 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Mon, 17 Oct 2022 15:19:16 -0400
Subject: [PATCH 158/354] [chore] Release 9.1.0 (#728)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8ee1b6919..ded322471 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.0.0</version>
+    <version>9.1.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From b0aff5200b9cbbdff1a28891e532f8c24f57ba1c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Oct 2022 11:25:36 -0400
Subject: [PATCH 159/354] chore(deps): bump netty.version from 4.1.82.Final to
 4.1.84.Final (#729)

Bumps `netty.version` from 4.1.82.Final to 4.1.84.Final.

Updates `netty-codec-http` from 4.1.82.Final to 4.1.84.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.82.Final...netty-4.1.84.Final)

Updates `netty-handler` from 4.1.82.Final to 4.1.84.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.82.Final...netty-4.1.84.Final)

Updates `netty-transport` from 4.1.82.Final to 4.1.84.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.82.Final...netty-4.1.84.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ded322471..e9172a4ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.82.Final</netty.version>
+        <netty.version>4.1.84.Final</netty.version>
     </properties>
 
     <scm>

From 1eec932b27276ddf1d6ab491a08edb68a3036170 Mon Sep 17 00:00:00 2001
From: Tom Andersen <tom-andersen@users.noreply.github.com>
Date: Fri, 21 Oct 2022 16:03:51 -0400
Subject: [PATCH 160/354] Implement MultiDB Support (#723)

* Implement MultiDB Support

* Fix Checkstyle

* Revert accidental commit

* Remove usage of Java 8 features (lambdas)

* Revert "Remove usage of Java 8 features (lambdas)"

This reverts commit 24813d0e21b31cd67d4128c2aecfda02049bee80.

* Target Java 8

* Fix API description
---
 .../firebase/cloud/FirestoreClient.java       |  88 ++++++++++---
 .../firebase/cloud/FirestoreClientTest.java   | 118 +++++++++++-------
 2 files changed, 148 insertions(+), 58 deletions(-)

diff --git a/src/main/java/com/google/firebase/cloud/FirestoreClient.java b/src/main/java/com/google/firebase/cloud/FirestoreClient.java
index fddf3320d..101201781 100644
--- a/src/main/java/com/google/firebase/cloud/FirestoreClient.java
+++ b/src/main/java/com/google/firebase/cloud/FirestoreClient.java
@@ -11,6 +11,9 @@
 import com.google.firebase.ImplFirebaseTrampolines;
 import com.google.firebase.internal.FirebaseService;
 import com.google.firebase.internal.NonNull;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -32,7 +35,7 @@ public class FirestoreClient {
 
   private final Firestore firestore;
 
-  private FirestoreClient(FirebaseApp app) {
+  private FirestoreClient(FirebaseApp app, String databaseId) {
     checkNotNull(app, "FirebaseApp must not be null");
     String projectId = ImplFirebaseTrampolines.getProjectId(app);
     checkArgument(!Strings.isNullOrEmpty(projectId),
@@ -47,13 +50,14 @@ private FirestoreClient(FirebaseApp app) {
         .setCredentialsProvider(
             FixedCredentialsProvider.create(ImplFirebaseTrampolines.getCredentials(app)))
         .setProjectId(projectId)
+        .setDatabaseId(databaseId)
         .build()
         .getService();
   }
 
   /**
-   * Returns the Firestore instance associated with the default Firebase app. Returns the same
-   * instance for all invocations. The Firestore instance and all references obtained from it
+   * Returns the default Firestore instance associated with the default Firebase app. Returns the
+   * same instance for all invocations. The Firestore instance and all references obtained from it
    * becomes unusable, once the default app is deleted.
    *
    * @return A non-null <a href="https://googlecloudplatform.github.io/google-cloud-java/google-cloud-clients/apidocs/com/google/cloud/firestore/Firestore.html">{@code Firestore}</a>
@@ -65,9 +69,9 @@ public static Firestore getFirestore() {
   }
 
   /**
-   * Returns the Firestore instance associated with the specified Firebase app. For a given app,
-   * always returns the same instance. The Firestore instance and all references obtained from it
-   * becomes unusable, once the specified app is deleted.
+   * Returns the default Firestore instance associated with the specified Firebase app. For a given
+   * app, invocation always returns the same instance. The Firestore instance and all references
+   * obtained from it becomes unusable, once the specified app is deleted.
    *
    * @param app A non-null {@link FirebaseApp}.
    * @return A non-null <a href="https://googlecloudplatform.github.io/google-cloud-java/google-cloud-clients/apidocs/com/google/cloud/firestore/Firestore.html">{@code Firestore}</a>
@@ -75,32 +79,86 @@ public static Firestore getFirestore() {
    */
   @NonNull
   public static Firestore getFirestore(FirebaseApp app) {
-    return getInstance(app).firestore;
+    return getFirestore(app, ImplFirebaseTrampolines.getFirestoreOptions(app).getDatabaseId());
+  }
+
+  /**
+   * Returns the Firestore instance associated with the specified Firebase app. Returns the same
+   * instance for all invocations given the same app and database parameter. The Firestore instance
+   * and all references obtained from it becomes unusable, once the specified app is deleted.
+   *
+   * @param app      A non-null {@link FirebaseApp}.
+   * @param database - The name of database.
+   * @return A non-null <a href="https://googlecloudplatform.github.io/google-cloud-java/google-cloud-clients/apidocs/com/google/cloud/firestore/Firestore.html">{@code Firestore}</a>
+   *     instance.
+   */
+  @NonNull
+  static Firestore getFirestore(FirebaseApp app, String database) {
+    return getInstance(app, database).firestore;
+  }
+
+  /**
+   * Returns the Firestore instance associated with the default Firebase app. Returns the same
+   * instance for all invocations given the same database parameter. The Firestore instance and all
+   * references obtained from it becomes unusable, once the default app is deleted.
+   *
+   * @param database - The name of database.
+   * @return A non-null <a href="https://googlecloudplatform.github.io/google-cloud-java/google-cloud-clients/apidocs/com/google/cloud/firestore/Firestore.html">{@code Firestore}</a>
+   *     instance.
+   */
+  @NonNull
+  static Firestore getFirestore(String database) {
+    return getFirestore(FirebaseApp.getInstance(), database);
   }
 
-  private static synchronized FirestoreClient getInstance(FirebaseApp app) {
+  private static synchronized FirestoreClient getInstance(FirebaseApp app, String database) {
     FirestoreClientService service = ImplFirebaseTrampolines.getService(app,
         SERVICE_ID, FirestoreClientService.class);
     if (service == null) {
       service = ImplFirebaseTrampolines.addService(app, new FirestoreClientService(app));
     }
-    return service.getInstance();
+    return service.getInstance().get(database);
   }
 
   private static final String SERVICE_ID = FirestoreClient.class.getName();
 
-  private static class FirestoreClientService extends FirebaseService<FirestoreClient> {
+  private static class FirestoreClientService extends FirebaseService<FirestoreInstances> {
 
     FirestoreClientService(FirebaseApp app) {
-      super(SERVICE_ID, new FirestoreClient(app));
+      super(SERVICE_ID, new FirestoreInstances(app));
     }
 
     @Override
     public void destroy() {
-      try {
-        instance.firestore.close();
-      } catch (Exception e) {
-        logger.warn("Error while closing the Firestore instance", e);
+      instance.destroy();
+    }
+  }
+
+  private static class FirestoreInstances {
+
+    private final FirebaseApp app;
+
+    private final Map<String, FirestoreClient> clients =
+        Collections.synchronizedMap(new HashMap<>());
+
+    private FirestoreInstances(FirebaseApp app) {
+      this.app = app;
+    }
+
+    FirestoreClient get(String databaseId) {
+      return clients.computeIfAbsent(databaseId, id -> new FirestoreClient(app, id));
+    }
+
+    void destroy() {
+      synchronized (clients) {
+        for (FirestoreClient client : clients.values()) {
+          try {
+            client.firestore.close();
+          } catch (Exception e) {
+            logger.warn("Error while closing the Firestore instance", e);
+          }
+        }
+        clients.clear();
       }
     }
   }
diff --git a/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java b/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
index 018d0e45b..a5f617ce6 100644
--- a/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
+++ b/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
@@ -2,9 +2,9 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNotSame;
 import static org.junit.Assert.assertSame;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
+import static org.junit.Assert.assertThrows;
 
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.cloud.firestore.DocumentReference;
@@ -26,6 +26,7 @@ public class FirestoreClientTest {
       // Setting credentials is not required (they get overridden by Admin SDK), but without
       // this Firestore logs an ugly warning during tests.
       .setCredentials(new MockGoogleCredentials("test-token"))
+      .setDatabaseId("differedDefaultDatabaseId")
       .build();
 
   @After
@@ -35,47 +36,75 @@ public void tearDown() {
 
   @Test
   public void testExplicitProjectId() throws IOException {
+    final String databaseId = "databaseIdInTestExplicitProjectId";
     FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setProjectId("explicit-project-id")
         .setFirestoreOptions(FIRESTORE_OPTIONS)
         .build());
-    Firestore firestore = FirestoreClient.getFirestore(app);
-    assertEquals("explicit-project-id", firestore.getOptions().getProjectId());
+    Firestore firestore1 = FirestoreClient.getFirestore(app);
+    assertEquals("explicit-project-id", firestore1.getOptions().getProjectId());
+    assertEquals(FIRESTORE_OPTIONS.getDatabaseId(), firestore1.getOptions().getDatabaseId());
 
-    firestore = FirestoreClient.getFirestore();
-    assertEquals("explicit-project-id", firestore.getOptions().getProjectId());
+    assertSame(firestore1, FirestoreClient.getFirestore());
+
+    Firestore firestore2 = FirestoreClient.getFirestore(app, databaseId);
+    assertEquals("explicit-project-id", firestore2.getOptions().getProjectId());
+    assertEquals(databaseId, firestore2.getOptions().getDatabaseId());
+
+    assertSame(firestore2, FirestoreClient.getFirestore(databaseId));
+
+    assertNotSame(firestore1, firestore2);
   }
 
   @Test
   public void testServiceAccountProjectId() throws IOException {
+    final String databaseId = "databaseIdInTestServiceAccountProjectId";
     FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setFirestoreOptions(FIRESTORE_OPTIONS)
         .build());
-    Firestore firestore = FirestoreClient.getFirestore(app);
-    assertEquals("mock-project-id", firestore.getOptions().getProjectId());
+    Firestore firestore1 = FirestoreClient.getFirestore(app);
+    assertEquals("mock-project-id", firestore1.getOptions().getProjectId());
+    assertEquals(FIRESTORE_OPTIONS.getDatabaseId(), firestore1.getOptions().getDatabaseId());
+
+    assertSame(firestore1, FirestoreClient.getFirestore());
 
-    firestore = FirestoreClient.getFirestore();
-    assertEquals("mock-project-id", firestore.getOptions().getProjectId());
+    Firestore firestore2 = FirestoreClient.getFirestore(app, databaseId);
+    assertEquals("mock-project-id", firestore2.getOptions().getProjectId());
+    assertEquals(databaseId, firestore2.getOptions().getDatabaseId());
+
+    assertSame(firestore2, FirestoreClient.getFirestore(databaseId));
+
+    assertNotSame(firestore1, firestore2);
   }
 
   @Test
   public void testFirestoreOptions() throws IOException {
+    final String databaseId = "databaseIdInTestFirestoreOptions";
     FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setProjectId("explicit-project-id")
         .setFirestoreOptions(FIRESTORE_OPTIONS)
         .build());
-    Firestore firestore = FirestoreClient.getFirestore(app);
-    assertEquals("explicit-project-id", firestore.getOptions().getProjectId());
+    Firestore firestore1 = FirestoreClient.getFirestore(app);
+    assertEquals("explicit-project-id", firestore1.getOptions().getProjectId());
+    assertEquals(FIRESTORE_OPTIONS.getDatabaseId(), firestore1.getOptions().getDatabaseId());
+
+    assertSame(firestore1, FirestoreClient.getFirestore());
+
+    Firestore firestore2 = FirestoreClient.getFirestore(app, databaseId);
+    assertEquals("explicit-project-id", firestore2.getOptions().getProjectId());
+    assertEquals(databaseId, firestore2.getOptions().getDatabaseId());
 
-    firestore = FirestoreClient.getFirestore();
-    assertEquals("explicit-project-id", firestore.getOptions().getProjectId());
+    assertSame(firestore2, FirestoreClient.getFirestore(databaseId));
+
+    assertNotSame(firestore1, firestore2);
   }
 
   @Test
   public void testFirestoreOptionsOverride() throws IOException {
+    final String databaseId = "databaseIdInTestFirestoreOptions";
     FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setProjectId("explicit-project-id")
@@ -84,48 +113,51 @@ public void testFirestoreOptionsOverride() throws IOException {
             .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
             .build())
         .build());
-    Firestore firestore = FirestoreClient.getFirestore(app);
-    assertEquals("explicit-project-id", firestore.getOptions().getProjectId());
+    Firestore firestore1 = FirestoreClient.getFirestore(app);
+    assertEquals("explicit-project-id", firestore1.getOptions().getProjectId());
     assertSame(ImplFirebaseTrampolines.getCredentials(app),
-        firestore.getOptions().getCredentialsProvider().getCredentials());
+        firestore1.getOptions().getCredentialsProvider().getCredentials());
+    assertEquals("(default)", firestore1.getOptions().getDatabaseId());
+
+    assertSame(firestore1, FirestoreClient.getFirestore());
 
-    firestore = FirestoreClient.getFirestore();
-    assertEquals("explicit-project-id", firestore.getOptions().getProjectId());
+    Firestore firestore2 = FirestoreClient.getFirestore(app, databaseId);
+    assertEquals("explicit-project-id", firestore2.getOptions().getProjectId());
     assertSame(ImplFirebaseTrampolines.getCredentials(app),
-        firestore.getOptions().getCredentialsProvider().getCredentials());
+        firestore2.getOptions().getCredentialsProvider().getCredentials());
+    assertEquals(databaseId, firestore2.getOptions().getDatabaseId());
+
+    assertSame(firestore2, FirestoreClient.getFirestore(databaseId));
+
+    assertNotSame(firestore1, firestore2);
   }
 
   @Test
   public void testAppDelete() throws IOException {
+    final String databaseId = "databaseIdInTestAppDelete";
     FirebaseApp app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
         .setProjectId("mock-project-id")
         .setFirestoreOptions(FIRESTORE_OPTIONS)
         .build());
 
-    Firestore firestore = FirestoreClient.getFirestore(app);
-    assertNotNull(firestore);
-    DocumentReference document = firestore.collection("collection").document("doc");
+    Firestore firestore1 = FirestoreClient.getFirestore(app);
+    assertNotNull(firestore1);
+    assertSame(firestore1, FirestoreClient.getFirestore());
+
+    Firestore firestore2 = FirestoreClient.getFirestore(app, databaseId);
+    assertNotNull(firestore2);
+    assertSame(firestore2, FirestoreClient.getFirestore(databaseId));
+
+    assertNotSame(firestore1, firestore2);
+
+    DocumentReference document = firestore1.collection("collection").document("doc");
     app.delete();
-    try {
-      FirestoreClient.getFirestore(app);
-      fail("No error thrown for deleted app");
-    } catch (IllegalStateException expected) {
-      // ignore
-    }
-
-    try {
-      document.get();
-      fail("No error thrown for deleted app");
-    } catch (IllegalStateException expected) {
-      // ignore
-    }
-
-    try {
-      FirestoreClient.getFirestore();
-      fail("No error thrown for deleted app");
-    } catch (IllegalStateException expected) {
-      // ignore
-    }
+
+    assertThrows(IllegalStateException.class, () -> FirestoreClient.getFirestore(app));
+    assertThrows(IllegalStateException.class, () -> document.get());
+    assertThrows(IllegalStateException.class, () -> FirestoreClient.getFirestore());
+    assertThrows(IllegalStateException.class, () -> FirestoreClient.getFirestore(app, databaseId));
+    assertThrows(IllegalStateException.class, () -> FirestoreClient.getFirestore(databaseId));
   }
 }

From e28ca2e6123cfdec14198f65a2e3af86dccfa588 Mon Sep 17 00:00:00 2001
From: Tom Andersen <tom-andersen@users.noreply.github.com>
Date: Mon, 7 Nov 2022 14:55:45 -0500
Subject: [PATCH 161/354] Fix MultiDB Regression (#735)

---
 .../com/google/firebase/cloud/FirestoreClient.java |  3 ++-
 .../google/firebase/cloud/FirestoreClientTest.java | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/google/firebase/cloud/FirestoreClient.java b/src/main/java/com/google/firebase/cloud/FirestoreClient.java
index 101201781..e1672ec34 100644
--- a/src/main/java/com/google/firebase/cloud/FirestoreClient.java
+++ b/src/main/java/com/google/firebase/cloud/FirestoreClient.java
@@ -79,7 +79,8 @@ public static Firestore getFirestore() {
    */
   @NonNull
   public static Firestore getFirestore(FirebaseApp app) {
-    return getFirestore(app, ImplFirebaseTrampolines.getFirestoreOptions(app).getDatabaseId());
+    final FirestoreOptions firestoreOptions = ImplFirebaseTrampolines.getFirestoreOptions(app);
+    return getFirestore(app, firestoreOptions == null ? null : firestoreOptions.getDatabaseId());
   }
 
   /**
diff --git a/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java b/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
index a5f617ce6..31ea33618 100644
--- a/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
+++ b/src/test/java/com/google/firebase/cloud/FirestoreClientTest.java
@@ -79,6 +79,20 @@ public void testServiceAccountProjectId() throws IOException {
     assertNotSame(firestore1, firestore2);
   }
 
+  @Test
+  public void testAbsentFirestoreOptions() throws Exception {
+    String projectId = "test-proj";
+    FirebaseOptions options = FirebaseOptions.builder()
+        .setCredentials(GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream()))
+        .setProjectId(projectId)
+        .build();
+
+    FirebaseApp.initializeApp(options);
+    Firestore firestore = FirestoreClient.getFirestore();
+    assertEquals(projectId, firestore.getOptions().getProjectId());
+    assertEquals("(default)", firestore.getOptions().getDatabaseId());
+  }
+
   @Test
   public void testFirestoreOptions() throws IOException {
     final String databaseId = "databaseIdInTestFirestoreOptions";

From 6278b5f0f9f1677621c681bbee3256534a5bca6f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Nov 2022 21:13:22 +0000
Subject: [PATCH 162/354] chore(deps-dev): bump mockito-core from 4.8.0 to
 4.8.1 (#730)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e9172a4ce..42f848150 100644
--- a/pom.xml
+++ b/pom.xml
@@ -460,7 +460,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>4.8.0</version>
+            <version>4.8.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From b36c7615aa8598fbe5697cb486e97f15cacb5899 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Nov 2022 21:49:56 +0000
Subject: [PATCH 163/354] chore(deps): bump libraries-bom from 26.1.3 to 26.1.4
 (#732)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 42f848150..973d0f2c4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.1.3</version>
+                <version>26.1.4</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 51a0f272ce88d1b50e79db11c0f0e4a5967d2948 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Nov 2022 17:10:54 -0500
Subject: [PATCH 164/354] chore(deps): bump google-api-client-bom from 2.0.0 to
 2.0.1 (#736)

Bumps [google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 973d0f2c4..45274ef21 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.0.0</version>
+                <version>2.0.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 9f1583851a433c8f73b8d97ccb38315f99735108 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Tue, 8 Nov 2022 13:56:27 -0500
Subject: [PATCH 165/354] fix(auth): Set emulator credentials when using the
 Auth emulator (#734)

If `FIREBASE_AUTH_EMULATOR_HOST` env var is set the SDK shouldn't connect to Auth servers for OAuth2 handshake. This PR sets the emulator credentials when emulator mode is set.
---
 .../firebase/ImplFirebaseTrampolines.java     |  5 ++
 .../firebase/database/FirebaseDatabase.java   | 23 +-------
 .../internal/EmulatorCredentials.java         | 52 +++++++++++++++++++
 .../auth/FirebaseUserManagerTest.java         | 15 +++++-
 .../FirebaseTenantClientTest.java             | 16 +++++-
 5 files changed, 85 insertions(+), 26 deletions(-)
 create mode 100644 src/main/java/com/google/firebase/internal/EmulatorCredentials.java

diff --git a/src/main/java/com/google/firebase/ImplFirebaseTrampolines.java b/src/main/java/com/google/firebase/ImplFirebaseTrampolines.java
index 3a7f6499a..0d3008b18 100644
--- a/src/main/java/com/google/firebase/ImplFirebaseTrampolines.java
+++ b/src/main/java/com/google/firebase/ImplFirebaseTrampolines.java
@@ -22,6 +22,8 @@
 import com.google.api.core.ApiFutures;
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.cloud.firestore.FirestoreOptions;
+import com.google.firebase.auth.internal.Utils;
+import com.google.firebase.internal.EmulatorCredentials;
 import com.google.firebase.internal.FirebaseService;
 import com.google.firebase.internal.NonNull;
 
@@ -41,6 +43,9 @@ public final class ImplFirebaseTrampolines {
   private ImplFirebaseTrampolines() {}
 
   public static GoogleCredentials getCredentials(@NonNull FirebaseApp app) {
+    if (Utils.isEmulatorMode()) {
+      return new EmulatorCredentials();
+    }
     return app.getOptions().getCredentials();
   }
 
diff --git a/src/main/java/com/google/firebase/database/FirebaseDatabase.java b/src/main/java/com/google/firebase/database/FirebaseDatabase.java
index 306ce9274..e59cd38fa 100644
--- a/src/main/java/com/google/firebase/database/FirebaseDatabase.java
+++ b/src/main/java/com/google/firebase/database/FirebaseDatabase.java
@@ -35,6 +35,7 @@
 import com.google.firebase.database.utilities.ParsedUrl;
 import com.google.firebase.database.utilities.Utilities;
 import com.google.firebase.database.utilities.Validation;
+import com.google.firebase.internal.EmulatorCredentials;
 import com.google.firebase.internal.FirebaseService;
 
 import com.google.firebase.internal.SdkUtils;
@@ -406,26 +407,4 @@ public void destroy() {
       instance.destroy();
     }
   }
-
-  private static class EmulatorCredentials extends GoogleCredentials {
-
-    EmulatorCredentials() {
-      super(newToken());
-    }
-
-    private static AccessToken newToken() {
-      return new AccessToken("owner",
-          new Date(System.currentTimeMillis() + TimeUnit.HOURS.toMillis(1)));
-    }
-
-    @Override
-    public AccessToken refreshAccessToken() {
-      return newToken();
-    }
-
-    @Override
-    public Map<String, List<String>> getRequestMetadata() throws IOException {
-      return ImmutableMap.of();
-    }
-  }
 }
diff --git a/src/main/java/com/google/firebase/internal/EmulatorCredentials.java b/src/main/java/com/google/firebase/internal/EmulatorCredentials.java
new file mode 100644
index 000000000..b13e971d0
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/EmulatorCredentials.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2022 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import com.google.auth.oauth2.AccessToken;
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.common.collect.ImmutableMap;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * A Mock Credentials implementation that can be used with the Emulator Suite
+ */
+public final class EmulatorCredentials extends GoogleCredentials {
+
+  public EmulatorCredentials() {
+    super(newToken());
+  }
+
+  private static AccessToken newToken() {
+    return new AccessToken("owner",
+            new Date(System.currentTimeMillis() + TimeUnit.HOURS.toMillis(1)));
+  }
+
+  @Override
+  public AccessToken refreshAccessToken() {
+    return newToken();
+  }
+
+  @Override
+  public Map<String, List<String>> getRequestMetadata() throws IOException {
+    return ImmutableMap.of();
+  }
+}
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index cd43c0147..f83c5f56f 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -71,8 +71,13 @@ public class FirebaseUserManagerTest {
 
   private static final String TEST_TOKEN = "token";
 
+  private static final String TEST_EMULATOR_TOKEN = "owner";
+
   private static final GoogleCredentials credentials = new MockGoogleCredentials(TEST_TOKEN);
 
+  private static final GoogleCredentials emulator_credentials =
+          new MockGoogleCredentials(TEST_EMULATOR_TOKEN);
+
   private static final ActionCodeSettings ACTION_CODE_SETTINGS = ActionCodeSettings.builder()
           .setUrl("https://example.dynamic.link")
           .setHandleCodeInApp(true)
@@ -2916,7 +2921,7 @@ private static void initializeAppWithResponses(String... responses) {
     }
     MockHttpTransport transport = new MultiRequestMockHttpTransport(mocks);
     FirebaseApp.initializeApp(FirebaseOptions.builder()
-        .setCredentials(credentials)
+        .setCredentials(isEmulatorMode() ? emulator_credentials : credentials)
         .setHttpTransport(transport)
         .setProjectId("test-project-id")
         .build());
@@ -3014,7 +3019,7 @@ private static void checkSamlProviderConfig(SamlProviderConfig config, String pr
 
   private static void checkRequestHeaders(TestResponseInterceptor interceptor) {
     HttpHeaders headers = interceptor.getResponse().getRequest().getHeaders();
-    String auth = "Bearer " + TEST_TOKEN;
+    String auth = "Bearer " + (isEmulatorMode() ? TEST_EMULATOR_TOKEN : TEST_TOKEN);
     assertEquals(auth, headers.getFirstHeaderStringValue("Authorization"));
 
     String clientVersion = "Java/Admin/" + SdkUtils.getVersion();
@@ -3027,6 +3032,12 @@ private static void checkUrl(TestResponseInterceptor interceptor, String method,
     assertEquals(url, request.getUrl().toString().split("\\?")[0]);
   }
 
+  private static boolean isEmulatorMode() {
+    return !Strings.isNullOrEmpty(
+            FirebaseProcessEnvironment.getenv("FIREBASE_AUTH_EMULATOR_HOST")
+    );
+  }
+
   private interface UserManagerOp {
     void call(FirebaseAuth auth) throws Exception;
   }
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
index 3e57dc3a1..eca55ee66 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
@@ -33,6 +33,7 @@
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
 import com.google.auth.oauth2.GoogleCredentials;
+import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Iterables;
 import com.google.firebase.ErrorCode;
@@ -63,8 +64,13 @@ public class FirebaseTenantClientTest {
 
   private static final String TEST_TOKEN = "token";
 
+  private static final String TEST_EMULATOR_TOKEN = "owner";
+
   private static final GoogleCredentials credentials = new MockGoogleCredentials(TEST_TOKEN);
 
+  private static final GoogleCredentials emulator_credentials =
+          new MockGoogleCredentials(TEST_EMULATOR_TOKEN);
+
   private static final String PROJECT_BASE_URL =
       "https://identitytoolkit.googleapis.com/v2/projects/test-project-id";
 
@@ -342,7 +348,7 @@ private static void checkTenant(Tenant tenant, String tenantId) {
 
   private static void checkRequestHeaders(TestResponseInterceptor interceptor) {
     HttpHeaders headers = interceptor.getResponse().getRequest().getHeaders();
-    String auth = "Bearer " + TEST_TOKEN;
+    String auth = "Bearer " + (isEmulatorMode() ? TEST_EMULATOR_TOKEN : TEST_TOKEN);
     assertEquals(auth, headers.getFirstHeaderStringValue("Authorization"));
 
     String clientVersion = "Java/Admin/" + SdkUtils.getVersion();
@@ -362,7 +368,7 @@ private static TestResponseInterceptor initializeAppForTenantManagement(String..
     }
     MockHttpTransport transport = new MultiRequestMockHttpTransport(mocks);
     FirebaseApp.initializeApp(FirebaseOptions.builder()
-        .setCredentials(credentials)
+        .setCredentials(isEmulatorMode() ? emulator_credentials : credentials)
         .setHttpTransport(transport)
         .setProjectId("test-project-id")
         .build());
@@ -408,4 +414,10 @@ private static GenericJson parseRequestContent(TestResponseInterceptor intercept
     interceptor.getResponse().getRequest().getContent().writeTo(out);
     return JSON_FACTORY.fromString(new String(out.toByteArray()), GenericJson.class);
   }
+
+  private static boolean isEmulatorMode() {
+    return !Strings.isNullOrEmpty(
+            FirebaseProcessEnvironment.getenv("FIREBASE_AUTH_EMULATOR_HOST")
+    );
+  }
 }

From d24289a6663625436ff2f19cf0ac86c258458370 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 10 Nov 2022 14:26:22 -0500
Subject: [PATCH 166/354] [chore] Release 9.1.1 (#737)

- Release v9.1.1
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 45274ef21..ffd516561 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.1.0</version>
+    <version>9.1.1</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From b819554db507f71409b230d0b4615de3101f882a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Nov 2022 17:02:10 -0500
Subject: [PATCH 167/354] chore(deps): bump netty.version from 4.1.84.Final to
 4.1.85.Final (#739)

Bumps `netty.version` from 4.1.84.Final to 4.1.85.Final.

Updates `netty-codec-http` from 4.1.84.Final to 4.1.85.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.84.Final...netty-4.1.85.Final)

Updates `netty-handler` from 4.1.84.Final to 4.1.85.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.84.Final...netty-4.1.85.Final)

Updates `netty-transport` from 4.1.84.Final to 4.1.85.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.84.Final...netty-4.1.85.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ffd516561..31026463b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.84.Final</netty.version>
+        <netty.version>4.1.85.Final</netty.version>
     </properties>
 
     <scm>

From c6b4144b40fb81db7234bae881b7c3ede053e2e3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Nov 2022 22:05:18 +0000
Subject: [PATCH 168/354] chore(deps-dev): bump mockito-core from 4.8.1 to
 4.9.0 (#740)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 31026463b..20b4bfa95 100644
--- a/pom.xml
+++ b/pom.xml
@@ -460,7 +460,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>4.8.1</version>
+            <version>4.9.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From 8cbb5d2e6999ab7952ec4d8e4c0ee6eb09f03935 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Nov 2022 17:26:38 -0500
Subject: [PATCH 169/354] chore(deps): bump libraries-bom from 26.1.4 to 26.1.5
 (#741)

Bumps [libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.1.4 to 26.1.5.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/libraries-bom-v26.1.4...libraries-bom-v26.1.5)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 20b4bfa95..bfeb2b329 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.1.4</version>
+                <version>26.1.5</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 61454914dedefb847e60a218db2c9d059f2f47e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Nov 2022 22:29:32 +0000
Subject: [PATCH 170/354] chore(deps): bump slf4j-api from 2.0.3 to 2.0.4
 (#742)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index bfeb2b329..3763023f4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.3</version>
+            <version>2.0.4</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From f0d6f499b306f9a6959749d31c4a8c18e8c8fe52 Mon Sep 17 00:00:00 2001
From: "Nhien (Ricky) Lam" <62775270+NhienLam@users.noreply.github.com>
Date: Tue, 13 Dec 2022 10:29:06 -0800
Subject: [PATCH 171/354] Fix a small bug in setCustomUserClaims() auth snippet
 (#747)

* fix a small bug in setCustomUserClaims() auth snippet

* Revert changes in setCustomUserClaims and create new function setCustomUserClaimsTenant
---
 .../snippets/FirebaseAuthSnippets.java        | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
index cd73908da..500bb2197 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
@@ -1150,6 +1150,33 @@ public void customClaimsVerifyTenant(
     // [END verify_custom_claims_tenant]
   }
 
+  public static void setCustomUserClaimsTenant(TenantAwareFirebaseAuth tenantAuth,
+      String uid) throws FirebaseAuthException {
+    // [START set_custom_user_claims_tenant]
+    // Set admin privilege on the user corresponding to uid in a specific tenant.
+    Map<String, Object> claims = new HashMap<>();
+    claims.put("admin", true);
+    tenantAuth.setCustomUserClaims(uid, claims);
+    // The new custom claims will propagate to the user's ID token the
+    // next time a new one is issued.
+    // [END set_custom_user_claims_tenant]
+
+    String idToken = "id_token";
+    // [START verify_custom_claims_tenant]
+    // Verify the ID token first.
+    FirebaseToken decoded = tenantAuth.verifyIdToken(idToken);
+    if (Boolean.TRUE.equals(decoded.getClaims().get("admin"))) {
+      // Allow access to requested admin resource.
+    }
+    // [END verify_custom_claims_tenant]
+
+    // [START read_custom_user_claims_tenant]
+    // Lookup the user associated with the specified uid in a specific tenant.
+    UserRecord user = tenantAuth.getUser(uid);
+    System.out.println(user.getCustomClaims().get("admin"));
+    // [END read_custom_user_claims_tenant]
+  }
+
   public void generateEmailVerificationLinkTenant(
       TenantAwareFirebaseAuth tenantAuth,
       String email,

From b842b04c9a5996f2b978d43b3a41cbd4f5908d50 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Dec 2022 18:33:36 +0000
Subject: [PATCH 172/354] chore(deps): bump slf4j-api from 2.0.4 to 2.0.6
 (#749)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3763023f4..11aa32772 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.4</version>
+            <version>2.0.6</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From ebfda3c03346b7c6b5b4ad7fd578458d2ae8d95a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Dec 2022 18:35:58 +0000
Subject: [PATCH 173/354] chore(deps): bump google-api-client-bom from 2.0.1 to
 2.1.1 (#746)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 11aa32772..8d22ca780 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.0.1</version>
+                <version>2.1.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 01cc4ceeabefdfbd3601169abd0f4602afe565b1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Dec 2022 18:39:15 +0000
Subject: [PATCH 174/354] chore(deps): bump netty-codec-http from 4.1.85.Final
 to 4.1.86.Final (#748)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8d22ca780..a9c06e20c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.85.Final</netty.version>
+        <netty.version>4.1.86.Final</netty.version>
     </properties>
 
     <scm>

From 239b86475e8c1f3f8ace920cf7bdaa3528b21a6a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Jan 2023 23:36:13 +0000
Subject: [PATCH 175/354] chore(deps): bump google-api-client-bom from 2.1.1 to
 2.1.2 (#756)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a9c06e20c..e6e02c282 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.1.1</version>
+                <version>2.1.2</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 4ca33c8b2984a8fb5061265441667906e890039d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Jan 2023 23:38:57 +0000
Subject: [PATCH 176/354] chore(deps-dev): bump mockito-core from 4.9.0 to
 4.11.0 (#754)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e6e02c282..c5e2a0677 100644
--- a/pom.xml
+++ b/pom.xml
@@ -460,7 +460,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>4.9.0</version>
+            <version>4.11.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From c19e812ae77edcc0a0571495f280516d808841dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Jan 2023 23:42:21 +0000
Subject: [PATCH 177/354] chore(deps): bump libraries-bom from 26.1.5 to 26.3.0
 (#755)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c5e2a0677..401cf6e07 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.1.5</version>
+                <version>26.3.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From dc40455ba22f3b269ba72af0da65570c5ed735e1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Jan 2023 17:40:57 -0500
Subject: [PATCH 178/354] chore(deps): bump netty.version from 4.1.86.Final to
 4.1.87.Final (#757)

Bumps `netty.version` from 4.1.86.Final to 4.1.87.Final.

Updates `netty-codec-http` from 4.1.86.Final to 4.1.87.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.86.Final...netty-4.1.87.Final)

Updates `netty-handler` from 4.1.86.Final to 4.1.87.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.86.Final...netty-4.1.87.Final)

Updates `netty-transport` from 4.1.86.Final to 4.1.87.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.86.Final...netty-4.1.87.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 401cf6e07..0cf873d4d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.86.Final</netty.version>
+        <netty.version>4.1.87.Final</netty.version>
     </properties>
 
     <scm>

From aa27dc00a24f84c8ec163c1598f0e1ad2c800169 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Jan 2023 22:44:13 +0000
Subject: [PATCH 179/354] chore(deps): bump maven-project-info-reports-plugin
 from 3.4.1 to 3.4.2 (#758)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0cf873d4d..e064b6ab9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -367,7 +367,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.4.1</version>
+                <version>3.4.2</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From 1ceb40b4b6bfc890386e384ba81f214e500e8db7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Jan 2023 15:59:32 -0500
Subject: [PATCH 180/354] chore(deps): bump libraries-bom from 26.3.0 to 26.4.0
 (#760)

Bumps [libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.3.0 to 26.4.0.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/libraries-bom-v26.3.0...v26.4.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e064b6ab9..27201152f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.3.0</version>
+                <version>26.4.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From e8ec68c97929972acdbe05b79b5ea18f077a08a2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Jan 2023 21:02:41 +0000
Subject: [PATCH 181/354] chore(deps): bump google-api-client-bom from 2.1.2 to
 2.2.0 (#762)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 27201152f..6209ecaf5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.1.2</version>
+                <version>2.2.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 95e542790e1b22a26258a10f7edff3a5a29c86d4 Mon Sep 17 00:00:00 2001
From: "Nhien (Ricky) Lam" <62775270+NhienLam@users.noreply.github.com>
Date: Tue, 28 Feb 2023 10:24:02 -0800
Subject: [PATCH 182/354] Update passwordHash and passwordSalt to be base64
 decoded before user import (#775)

---
 .../com/google/firebase/snippets/FirebaseAuthSnippets.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
index 500bb2197..f40c00da5 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseAuthSnippets.java
@@ -569,8 +569,8 @@ public void importWithScrypt() {
       List<ImportUserRecord> users = Collections.singletonList(ImportUserRecord.builder()
           .setUid("some-uid")
           .setEmail("user@example.com")
-          .setPasswordHash("password-hash".getBytes())
-          .setPasswordSalt("salt".getBytes())
+          .setPasswordHash(BaseEncoding.base64().decode("password-hash"))
+          .setPasswordSalt(BaseEncoding.base64().decode("salt"))
           .build());
       UserImportOptions options = UserImportOptions.withHash(
           Scrypt.builder()

From dd9ee43ac857721c2f29c537b011b968b21078c9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Mar 2023 17:37:03 +0000
Subject: [PATCH 183/354] chore(deps): bump libraries-bom from 26.4.0 to
 26.10.0 (#782)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6209ecaf5..62531dd44 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.4.0</version>
+                <version>26.10.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From cbc1a7af434e27e4cb06155e4ba72b9de1f768ca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Mar 2023 17:39:40 +0000
Subject: [PATCH 184/354] chore(deps): bump maven-javadoc-plugin from 3.4.1 to
 3.5.0 (#774)

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 62531dd44..0931f5147 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.4.1</version>
+                        <version>3.5.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.4.1</version>
+                <version>3.5.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 374bc11f20106922bb39b74216c2b4f47ba3cc8a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Mar 2023 17:42:40 +0000
Subject: [PATCH 185/354] chore(deps): bump maven-compiler-plugin from 3.10.1
 to 3.11.0 (#777)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0931f5147..9a0d4ad46 100644
--- a/pom.xml
+++ b/pom.xml
@@ -270,7 +270,7 @@
             <!-- Compile Phase -->
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.10.1</version>
+                <version>3.11.0</version>
                 <configuration>
                     <source>1.8</source>
                     <target>1.8</target>

From e16d317bd9ed1be600f2c2c54dfc5137e62c599d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Mar 2023 17:45:07 +0000
Subject: [PATCH 186/354] chore(deps): bump netty.version from 4.1.87.Final to
 4.1.90.Final (#787)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 9a0d4ad46..29bf60cd7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.87.Final</netty.version>
+        <netty.version>4.1.90.Final</netty.version>
     </properties>
 
     <scm>

From 89c4c739a0d1f8c925e1269ee208b2b2c90e8864 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Apr 2023 14:24:21 -0400
Subject: [PATCH 187/354] chore(deps): bump libraries-bom from 26.10.0 to
 26.12.0 (#796)

Bumps [libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.10.0 to 26.12.0.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/v26.10.0...v26.12.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 29bf60cd7..d85d97378 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.10.0</version>
+                <version>26.12.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 3d260badec7e7e55b1e6defd8b66dd031c42201f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Apr 2023 18:26:55 +0000
Subject: [PATCH 188/354] chore(deps): bump maven-failsafe-plugin from 2.22.2
 to 3.0.0 (#788)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d85d97378..ecb45926d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -337,7 +337,7 @@
             <!-- Verify Phase -->
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
-                <version>2.22.2</version>
+                <version>3.0.0</version>
                 <executions>
                     <execution>
                         <goals>

From de51a7fe6599a72a68cdf135b1bc432763956366 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Apr 2023 18:29:25 +0000
Subject: [PATCH 189/354] chore(deps): bump slf4j-api from 2.0.6 to 2.0.7
 (#790)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ecb45926d..77d20c702 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.6</version>
+            <version>2.0.7</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From 3179f82fdd82481f3fdde58da7fe4a26a4b4cff7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Apr 2023 18:32:25 +0000
Subject: [PATCH 190/354] chore(deps): bump netty.version from 4.1.90.Final to
 4.1.91.Final (#793)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 77d20c702..8b1aca116 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.90.Final</netty.version>
+        <netty.version>4.1.91.Final</netty.version>
     </properties>
 
     <scm>

From 7957d316b33994cef898784be2130ff0b9066f8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Apr 2023 18:35:36 +0000
Subject: [PATCH 191/354] chore(deps): bump maven-surefire-plugin from 2.22.2
 to 3.0.0 (#789)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8b1aca116..463228c56 100644
--- a/pom.xml
+++ b/pom.xml
@@ -280,7 +280,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.22.2</version>
+                <version>3.0.0</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From 22aadefb3e90f019f1172f55cfedf73c4881245b Mon Sep 17 00:00:00 2001
From: Tom Andersen <tom-andersen@users.noreply.github.com>
Date: Fri, 2 Jun 2023 12:22:44 -0400
Subject: [PATCH 192/354] Expose MultiDb API (#814)

---
 src/main/java/com/google/firebase/cloud/FirestoreClient.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/google/firebase/cloud/FirestoreClient.java b/src/main/java/com/google/firebase/cloud/FirestoreClient.java
index e1672ec34..e55d5c7e9 100644
--- a/src/main/java/com/google/firebase/cloud/FirestoreClient.java
+++ b/src/main/java/com/google/firebase/cloud/FirestoreClient.java
@@ -94,7 +94,7 @@ public static Firestore getFirestore(FirebaseApp app) {
    *     instance.
    */
   @NonNull
-  static Firestore getFirestore(FirebaseApp app, String database) {
+  public static Firestore getFirestore(FirebaseApp app, String database) {
     return getInstance(app, database).firestore;
   }
 
@@ -108,7 +108,7 @@ static Firestore getFirestore(FirebaseApp app, String database) {
    *     instance.
    */
   @NonNull
-  static Firestore getFirestore(String database) {
+  public static Firestore getFirestore(String database) {
     return getFirestore(FirebaseApp.getInstance(), database);
   }
 

From 60f97c582d975eade0f21b72e2ace24f97ff0b59 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Jun 2023 19:09:25 +0000
Subject: [PATCH 193/354] chore(deps): bump jacoco-maven-plugin from 0.8.8 to
 0.8.10 (#809)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 463228c56..1e66dcb68 100644
--- a/pom.xml
+++ b/pom.xml
@@ -189,7 +189,7 @@
                     <plugin>
                         <groupId>org.jacoco</groupId>
                         <artifactId>jacoco-maven-plugin</artifactId>
-                        <version>0.8.8</version>
+                        <version>0.8.10</version>
                         <executions>
                             <execution>
                                 <id>pre-unit-test</id>

From abd0a8fb2ac4ede1c2a2ef3e3acc5bb4b49287f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Jun 2023 19:11:29 +0000
Subject: [PATCH 194/354] chore(deps): bump maven-project-info-reports-plugin
 from 3.4.2 to 3.4.4 (#813)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1e66dcb68..6accbfcab 100644
--- a/pom.xml
+++ b/pom.xml
@@ -367,7 +367,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.4.2</version>
+                <version>3.4.4</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From 06ebf346ba42cdb1574a447304cab49f382e0ec8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Jun 2023 13:58:39 -0400
Subject: [PATCH 195/354] chore(deps): bump libraries-bom from 26.12.0 to
 26.16.0 (#817)

Bumps [libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.12.0 to 26.16.0.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/v26.12.0...v26.16.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6accbfcab..1da771e36 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.12.0</version>
+                <version>26.16.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 167f16be4d4b8b0ab861b11e52bc7d4318382318 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Jun 2023 18:05:27 +0000
Subject: [PATCH 196/354] chore(deps): bump netty.version from 4.1.91.Final to
 4.1.93.Final (#816)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1da771e36..10eacc245 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.91.Final</netty.version>
+        <netty.version>4.1.93.Final</netty.version>
     </properties>
 
     <scm>

From 17fff8374ccb1a40a7835df534cc6655d81afc34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jun 2023 13:01:00 -0400
Subject: [PATCH 197/354] chore(deps): bump maven-failsafe-plugin from 3.0.0 to
 3.1.0 (#820)

Bumps [maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.0.0...surefire-3.1.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 10eacc245..260dbfc2c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -337,7 +337,7 @@
             <!-- Verify Phase -->
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
-                <version>3.0.0</version>
+                <version>3.1.0</version>
                 <executions>
                     <execution>
                         <goals>

From 27ab2916720c56e1badfe147e38233197ec4ffe5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jun 2023 17:04:37 +0000
Subject: [PATCH 198/354] chore(deps): bump maven-gpg-plugin from 3.0.1 to
 3.1.0 (#823)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 260dbfc2c..048856fca 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
                 <plugins>
                     <plugin>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.0.1</version>
+                        <version>3.1.0</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>

From 090dd3afd1597c06a2b9b257d5e223f523579b1f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jun 2023 17:08:13 +0000
Subject: [PATCH 199/354] chore(deps): bump maven-source-plugin from 3.2.1 to
 3.3.0 (#821)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 048856fca..a21a568fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -289,7 +289,7 @@
             <!-- Package Phase -->
             <plugin>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>3.2.1</version>
+                <version>3.3.0</version>
                 <executions>
                     <execution>
                         <id>attach-sources</id>

From 25dfab675a4cda94e37ada0a4cc8998ca23523e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jun 2023 17:10:41 +0000
Subject: [PATCH 200/354] chore(deps): bump maven-surefire-plugin from 3.0.0 to
 3.1.0 (#822)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a21a568fe..dfd425ef0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -280,7 +280,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.0.0</version>
+                <version>3.1.0</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From d1baee366cebf121aa6d5a62593c08cc26ce97a8 Mon Sep 17 00:00:00 2001
From: Doris-Ge <dorisge@google.com>
Date: Thu, 8 Jun 2023 13:10:31 -0700
Subject: [PATCH 201/354] feat(fcm): Implement `sendEach`, `sendEachAsync`,
 `sendEachForMulticast` and `sendEachForMulticastAsync` (#785) (#815)

* feat(fcm): Implement `sendEach`, `sendEachAsync`, `sendEachForMulticast` and `sendEachForMulticastAsync` (#785)

* Add org.hamcrest as dependency for unit tests

* Implement sendEach, sendEachAsync, sendEachForMulticast and sendEachForMulticastAsync

`sendEach` vs `sendAll`
1. `sendEach` sends one HTTP request to V1 Send endpoint for each
    message in the array.
   `sendAll` sends only one HTTP request to V1 Batch Send endpoint
    to send all messages in the array.
2. `sendEach` calls `messagingClient.send` to send each message
    and constructs a `SendResponse` with the returned `messageId`.
    If `messagingClient.send` throws out an exception, `sendEach`
    will catch the exception and also turn it into a `SendResponse`
    with the exception in it.
    `sendEach` calls `ApiFutures.allAsList().get()` to execute all
    `messagingClient.send` calls asynchronously and wait for all of
    them to complete and construct a `BatchResponse` with all
    `SendResponse`s.
    Therefore, unlike `sendAll`, `sendEach` does not always throw
    an error for a total failure. It can also return a `BatchResponse`
    with only errors in it.

`sendEachForMulticast` calls `sendEach` under the hood.
`sendEachAsync` is the async version of `sendEach`.
`sendEachForMulticastAsync` is the async version of `sendEachForMulticast`.

* Add integration tests for batch-send re-implementation:
testSendEach(), testSendFiveHundredWithSendEach(), testSendEachForMulticast()

* Replace all "-- i.e." in the comments with "meaning that"

* Fix the build errors caused by "Line is longer than 100 characters"

* Fix the build errors caused by "package does not exist"

* Address doc review comments
---
 pom.xml                                       |   6 +
 .../firebase/messaging/FirebaseMessaging.java | 221 ++++++++++++-
 .../messaging/FirebaseMessagingIT.java        |  97 ++++++
 .../messaging/FirebaseMessagingTest.java      | 306 +++++++++++++++++-
 4 files changed, 618 insertions(+), 12 deletions(-)

diff --git a/pom.xml b/pom.xml
index dfd425ef0..0a67f6c14 100644
--- a/pom.xml
+++ b/pom.xml
@@ -482,5 +482,11 @@
             <version>2.1.1</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest</artifactId>
+            <version>2.2</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>
diff --git a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
index 95366eaa7..882fec8fc 100644
--- a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
+++ b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
@@ -20,18 +20,22 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.api.core.ApiFuture;
+import com.google.api.core.ApiFutures;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableList;
+import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.ImplFirebaseTrampolines;
 import com.google.firebase.internal.CallableOperation;
 import com.google.firebase.internal.FirebaseService;
 import com.google.firebase.internal.NonNull;
 
+import java.util.ArrayList;
 import java.util.List;
+import java.util.concurrent.ExecutionException;
 
 /**
  * This class is the entry point for all server-side Firebase Cloud Messaging actions.
@@ -91,7 +95,7 @@ public String send(@NonNull Message message) throws FirebaseMessagingException {
    *
    * <p>If the {@code dryRun} option is set to true, the message will not be actually sent. Instead
    * FCM performs all the necessary validations and emulates the send operation. The {@code dryRun}
-   * option is useful for determining whether an FCM registration has been deleted. However, it 
+   * option is useful for determining whether an FCM registration has been deleted. However, it
    * cannot be used to validate APNs tokens.
    *
    * @param message A non-null {@link Message} to be sent.
@@ -139,6 +143,191 @@ protected String execute() throws FirebaseMessagingException {
     };
   }
 
+  /**
+   * Sends each message in the given list via Firebase Cloud Messaging.
+   * Unlike {@link #sendAll(List)}, this method makes an HTTP call for each message in the
+   * given array.
+   *
+   * <p>The list of responses obtained by calling {@link BatchResponse#getResponses()} on the return
+   * value is in the same order as the input list.
+   *
+   * @param messages A non-null, non-empty list containing up to 500 messages.
+   * @return A {@link BatchResponse} indicating the result of the operation.
+   * @throws FirebaseMessagingException If an error occurs while handing the messages off to FCM for
+   *     delivery. An exception here or a {@link BatchResponse} with all failures indicates a total
+   *     failure, meaning that none of the messages in the list could be sent. Partial failures or
+   *     no failures are only indicated by a {@link BatchResponse}.
+   */
+  public BatchResponse sendEach(@NonNull List<Message> messages) throws FirebaseMessagingException {
+    return sendEachOp(messages, false).call();
+  }
+
+
+  /**
+   * Sends each message in the given list via Firebase Cloud Messaging.
+   * Unlike {@link #sendAll(List)}, this method makes an HTTP call for each message in the
+   * given array.
+   *
+   * <p>If the {@code dryRun} option is set to true, the message will not be actually sent. Instead
+   * FCM performs all the necessary validations, and emulates the send operation. The {@code dryRun}
+   * option is useful for determining whether an FCM registration has been deleted. But it cannot be
+   * used to validate APNs tokens.
+   *
+   * <p>The list of responses obtained by calling {@link BatchResponse#getResponses()} on the return
+   * value is in the same order as the input list.
+   *
+   * @param messages A non-null, non-empty list containing up to 500 messages.
+   * @param dryRun A boolean indicating whether to perform a dry run (validation only) of the send.
+   * @return A {@link BatchResponse} indicating the result of the operation.
+   * @throws FirebaseMessagingException If an error occurs while handing the messages off to FCM for
+   *     delivery. An exception here or a {@link BatchResponse} with all failures indicates a total
+   *     failure, meaning that none of the messages in the list could be sent. Partial failures or
+   *     no failures are only indicated by a {@link BatchResponse}.
+   */
+  public BatchResponse sendEach(
+      @NonNull List<Message> messages, boolean dryRun) throws FirebaseMessagingException {
+    return sendEachOp(messages, dryRun).call();
+  }
+
+  /**
+   * Similar to {@link #sendEach(List)} but performs the operation asynchronously.
+   *
+   * @param messages A non-null, non-empty list containing up to 500 messages.
+   * @return An {@code ApiFuture} that will complete with a {@link BatchResponse} when
+   *     the messages have been sent.
+   */
+  public ApiFuture<BatchResponse> sendEachAsync(@NonNull List<Message> messages) {
+    return sendEachOp(messages, false).callAsync(app);
+  }
+
+  /**
+   * Similar to {@link #sendEach(List, boolean)} but performs the operation asynchronously.
+   *
+   * @param messages A non-null, non-empty list containing up to 500 messages.
+   * @param dryRun A boolean indicating whether to perform a dry run (validation only) of the send.
+   * @return An {@code ApiFuture} that will complete with a {@link BatchResponse} when
+   *     the messages have been sent.
+   */
+  public ApiFuture<BatchResponse> sendEachAsync(@NonNull List<Message> messages, boolean dryRun) {
+    return sendEachOp(messages, dryRun).callAsync(app);
+  }
+
+  private CallableOperation<BatchResponse, FirebaseMessagingException> sendEachOp(
+      final List<Message> messages, final boolean dryRun) {
+    final List<Message> immutableMessages = ImmutableList.copyOf(messages);
+    checkArgument(!immutableMessages.isEmpty(), "messages list must not be empty");
+    checkArgument(immutableMessages.size() <= 500,
+        "messages list must not contain more than 500 elements");
+
+    return new CallableOperation<BatchResponse, FirebaseMessagingException>() {
+      @Override
+      protected BatchResponse execute() throws FirebaseMessagingException {
+        List<ApiFuture<SendResponse>> list = new ArrayList<>();
+        for (Message message : immutableMessages) {
+          ApiFuture<SendResponse> messageId = sendOpForSendResponse(message, dryRun).callAsync(app);
+          list.add(messageId);
+        }
+        try {
+          List<SendResponse> responses = ApiFutures.allAsList(list).get();
+          return new BatchResponseImpl(responses);
+        } catch (InterruptedException | ExecutionException e) {
+          throw new FirebaseMessagingException(ErrorCode.CANCELLED, SERVICE_ID);
+        }
+      }
+    };
+  }
+
+  private CallableOperation<SendResponse, FirebaseMessagingException> sendOpForSendResponse(
+      final Message message, final boolean dryRun) {
+    checkNotNull(message, "message must not be null");
+    final FirebaseMessagingClient messagingClient = getMessagingClient();
+    return new CallableOperation<SendResponse, FirebaseMessagingException>() {
+      @Override
+      protected SendResponse execute() {
+        try {
+          String messageId = messagingClient.send(message, dryRun);
+          return SendResponse.fromMessageId(messageId);
+        } catch (FirebaseMessagingException e) {
+          return SendResponse.fromException(e);
+        }
+      }
+    };
+  }
+
+  /**
+   * Sends the given multicast message to all the FCM registration tokens specified in it.
+   *
+   * <p>This method uses the {@link #sendEach(List)} API under the hood to send the given
+   * message to all the target recipients. The list of responses obtained by calling
+   * {@link BatchResponse#getResponses()} on the return value is in the same order as the
+   * tokens in the {@link MulticastMessage}.
+   *
+   * @param message A non-null {@link MulticastMessage}
+   * @return A {@link BatchResponse} indicating the result of the operation.
+   * @throws FirebaseMessagingException If an error occurs while handing the messages off to FCM for
+   *     delivery. An exception here or a {@link BatchResponse} with all failures indicates a total
+   *     failure, meaning that none of the messages in the list could be sent. Partial failures or
+   *     no failures are only indicated by a {@link BatchResponse}.
+   */
+  public BatchResponse sendEachForMulticast(
+      @NonNull MulticastMessage message) throws FirebaseMessagingException {
+    return sendEachForMulticast(message, false);
+  }
+
+  /**
+   * Sends the given multicast message to all the FCM registration tokens specified in it.
+   *
+   * <p>If the {@code dryRun} option is set to true, the message will not be actually sent. Instead
+   * FCM performs all the necessary validations, and emulates the send operation. The {@code dryRun}
+   * option is useful for determining whether an FCM registration has been deleted. But it cannot be
+   * used to validate APNs tokens.
+   *
+   * <p>This method uses the {@link #sendEach(List)} API under the hood to send the given
+   * message to all the target recipients. The list of responses obtained by calling
+   * {@link BatchResponse#getResponses()} on the return value is in the same order as the
+   * tokens in the {@link MulticastMessage}.
+   *
+   * @param message A non-null {@link MulticastMessage}.
+   * @param dryRun A boolean indicating whether to perform a dry run (validation only) of the send.
+   * @return A {@link BatchResponse} indicating the result of the operation.
+   * @throws FirebaseMessagingException If an error occurs while handing the messages off to FCM for
+   *     delivery. An exception here or a {@link BatchResponse} with all failures indicates a total
+   *     failure, meaning that none of the messages in the list could be sent. Partial failures or
+   *     no failures are only indicated by a {@link BatchResponse}.
+   */
+  public BatchResponse sendEachForMulticast(@NonNull MulticastMessage message, boolean dryRun)
+    throws FirebaseMessagingException {
+    checkNotNull(message, "multicast message must not be null");
+    return sendEach(message.getMessageList(), dryRun);
+  }
+
+  /**
+   * Similar to {@link #sendEachForMulticast(MulticastMessage)} but performs the operation
+   * asynchronously.
+   *
+   * @param message A non-null {@link MulticastMessage}.
+   * @return An {@code ApiFuture} that will complete with a {@link BatchResponse} when
+   *     the messages have been sent.
+   */
+  public ApiFuture<BatchResponse> sendEachForMulticastAsync(@NonNull MulticastMessage message) {
+    return sendEachForMulticastAsync(message, false);
+  }
+
+  /**
+   * Similar to {@link #sendEachForMulticast(MulticastMessage, boolean)} but performs the operation
+   * asynchronously.
+   *
+   * @param message A non-null {@link MulticastMessage}.
+   * @param dryRun A boolean indicating whether to perform a dry run (validation only) of the send.
+   * @return An {@code ApiFuture} that will complete with a {@link BatchResponse} when
+   *     the messages have been sent.
+   */
+  public ApiFuture<BatchResponse> sendEachForMulticastAsync(
+      @NonNull MulticastMessage message, boolean dryRun) {
+    checkNotNull(message, "multicast message must not be null");
+    return sendEachAsync(message.getMessageList(), dryRun);
+  }
+
   /**
    * Sends all the messages in the given list via Firebase Cloud Messaging. Employs batching to
    * send the entire list as a single RPC call. Compared to the {@link #send(Message)} method, this
@@ -150,8 +339,10 @@ protected String execute() throws FirebaseMessagingException {
    * @param messages A non-null, non-empty list containing up to 500 messages.
    * @return A {@link BatchResponse} indicating the result of the operation.
    * @throws FirebaseMessagingException If an error occurs while handing the messages off to FCM for
-   *     delivery. An exception here indicates a total failure -- i.e. none of the messages in the
-   *     list could be sent. Partial failures are indicated by a {@link BatchResponse} return value.
+   *     delivery. An exception here indicates a total failure, meaning that none of the messages in
+   *     the list could be sent. Partial failures are indicated by a {@link BatchResponse} return
+   *     value.
+   * @deprecated Use {@link #sendEach(List)} instead.
    */
   public BatchResponse sendAll(
       @NonNull List<Message> messages) throws FirebaseMessagingException {
@@ -175,8 +366,10 @@ public BatchResponse sendAll(
    * @param dryRun A boolean indicating whether to perform a dry run (validation only) of the send.
    * @return A {@link BatchResponse} indicating the result of the operation.
    * @throws FirebaseMessagingException If an error occurs while handing the messages off to FCM for
-   *     delivery. An exception here indicates a total failure -- i.e. none of the messages in the
-   *     list could be sent. Partial failures are indicated by a {@link BatchResponse} return value.
+   *     delivery. An exception here indicates a total failure, meaning that none of the messages in
+   *     the list could be sent. Partial failures are indicated by a {@link BatchResponse} return
+   *     value.
+   * @deprecated Use {@link #sendEach(List, boolean)} instead.
    */
   public BatchResponse sendAll(
       @NonNull List<Message> messages, boolean dryRun) throws FirebaseMessagingException {
@@ -187,8 +380,9 @@ public BatchResponse sendAll(
    * Similar to {@link #sendAll(List)} but performs the operation asynchronously.
    *
    * @param messages A non-null, non-empty list containing up to 500 messages.
-   * @return @return An {@code ApiFuture} that will complete with a {@link BatchResponse} when
+   * @return An {@code ApiFuture} that will complete with a {@link BatchResponse} when
    *     the messages have been sent.
+   * @deprecated Use {@link #sendEachAsync(List)} instead.
    */
   public ApiFuture<BatchResponse> sendAllAsync(@NonNull List<Message> messages) {
     return sendAllAsync(messages, false);
@@ -199,8 +393,9 @@ public ApiFuture<BatchResponse> sendAllAsync(@NonNull List<Message> messages) {
    *
    * @param messages A non-null, non-empty list containing up to 500 messages.
    * @param dryRun A boolean indicating whether to perform a dry run (validation only) of the send.
-   * @return @return An {@code ApiFuture} that will complete with a {@link BatchResponse} when
+   * @return An {@code ApiFuture} that will complete with a {@link BatchResponse} when
    *     the messages have been sent, or when the emulation has finished.
+   * @deprecated Use {@link #sendEachAsync(List, boolean)} instead.
    */
   public ApiFuture<BatchResponse> sendAllAsync(
       @NonNull List<Message> messages, boolean dryRun) {
@@ -218,9 +413,10 @@ public ApiFuture<BatchResponse> sendAllAsync(
    * @param message A non-null {@link MulticastMessage}
    * @return A {@link BatchResponse} indicating the result of the operation.
    * @throws FirebaseMessagingException If an error occurs while handing the messages off to FCM for
-   *     delivery. An exception here indicates a total failure -- i.e. the messages could not be
-   *     delivered to any recipient. Partial failures are indicated by a {@link BatchResponse}
+   *     delivery. An exception here indicates a total failure, meaning that the messages could not
+   *     be delivered to any recipient. Partial failures are indicated by a {@link BatchResponse}
    *     return value.
+   * @deprecated Use {@link #sendEachForMulticast(MulticastMessage)} instead.
    */
   public BatchResponse sendMulticast(
       @NonNull MulticastMessage message) throws FirebaseMessagingException {
@@ -244,9 +440,10 @@ public BatchResponse sendMulticast(
    * @param dryRun A boolean indicating whether to perform a dry run (validation only) of the send.
    * @return A {@link BatchResponse} indicating the result of the operation.
    * @throws FirebaseMessagingException If an error occurs while handing the messages off to FCM for
-   *     delivery. An exception here indicates a total failure -- i.e. the messages could not be
-   *     delivered to any recipient. Partial failures are indicated by a {@link BatchResponse}
+   *     delivery. An exception here indicates a total failure, meaning that the messages could not
+   *     be delivered to any recipient. Partial failures are indicated by a {@link BatchResponse}
    *     return value.
+   * @deprecated Use {@link #sendEachForMulticast(MulticastMessage, boolean)} instead.
    */
   public BatchResponse sendMulticast(
       @NonNull MulticastMessage message, boolean dryRun) throws FirebaseMessagingException {
@@ -261,6 +458,7 @@ public BatchResponse sendMulticast(
    * @param message A non-null {@link MulticastMessage}.
    * @return An {@code ApiFuture} that will complete with a {@link BatchResponse} when
    *     the messages have been sent.
+   * @deprecated Use {@link #sendEachForMulticastAsync(MulticastMessage)} instead.
    */
   public ApiFuture<BatchResponse> sendMulticastAsync(@NonNull MulticastMessage message) {
     return sendMulticastAsync(message, false);
@@ -274,6 +472,7 @@ public ApiFuture<BatchResponse> sendMulticastAsync(@NonNull MulticastMessage mes
    * @param dryRun A boolean indicating whether to perform a dry run (validation only) of the send.
    * @return An {@code ApiFuture} that will complete with a {@link BatchResponse} when
    *     the messages have been sent.
+   * @deprecated Use {@link #sendEachForMulticastAsync(MulticastMessage, boolean)} instead.
    */
   public ApiFuture<BatchResponse> sendMulticastAsync(
       @NonNull MulticastMessage message, boolean dryRun) {
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
index 9ae7bba24..bebae6e4d 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
@@ -96,6 +96,103 @@ public void testSendError() throws InterruptedException {
     }
   }
 
+  @Test
+  public void testSendEach() throws Exception {
+    List<Message> messages = new ArrayList<>();
+    messages.add(
+        Message.builder()
+          .setNotification(Notification.builder()
+              .setTitle("Title")
+              .setBody("Body")
+              .build())
+          .setTopic("foo-bar")
+          .build());
+    messages.add(
+        Message.builder()
+          .setNotification(Notification.builder()
+              .setTitle("Title")
+              .setBody("Body")
+              .build())
+          .setTopic("foo-bar")
+          .build());
+    messages.add(
+        Message.builder()
+          .setNotification(Notification.builder()
+              .setTitle("Title")
+              .setBody("Body")
+              .build())
+          .setToken("not-a-token")
+          .build());
+
+    BatchResponse response = FirebaseMessaging.getInstance().sendEach(messages, true);
+
+    assertEquals(2, response.getSuccessCount());
+    assertEquals(1, response.getFailureCount());
+
+    List<SendResponse> responses = response.getResponses();
+    assertEquals(3, responses.size());
+    assertTrue(responses.get(0).isSuccessful());
+    String id = responses.get(0).getMessageId();
+    assertTrue(id != null && id.matches("^projects/.*/messages/.*$"));
+
+    assertTrue(responses.get(1).isSuccessful());
+    id = responses.get(1).getMessageId();
+    assertTrue(id != null && id.matches("^projects/.*/messages/.*$"));
+
+    assertFalse(responses.get(2).isSuccessful());
+    assertNull(responses.get(2).getMessageId());
+    FirebaseMessagingException exception = responses.get(2).getException();
+    assertNotNull(exception);
+    assertEquals(ErrorCode.INVALID_ARGUMENT, exception.getErrorCode());
+  }
+
+  @Test
+  public void testSendFiveHundredWithSendEach() throws Exception {
+    List<Message> messages = new ArrayList<>();
+    for (int i = 0; i < 500; i++) {
+      messages.add(Message.builder().setTopic("foo-bar-" + (i % 10)).build());
+    }
+
+    BatchResponse response = FirebaseMessaging.getInstance().sendEach(messages, true);
+
+    assertEquals(500, response.getResponses().size());
+    assertEquals(500, response.getSuccessCount());
+    assertEquals(0, response.getFailureCount());
+    for (SendResponse sendResponse : response.getResponses()) {
+      if (!sendResponse.isSuccessful()) {
+        sendResponse.getException().printStackTrace();
+      }
+      assertTrue(sendResponse.isSuccessful());
+      String id = sendResponse.getMessageId();
+      assertTrue(id != null && id.matches("^projects/.*/messages/.*$"));
+      assertNull(sendResponse.getException());
+    }
+  }
+
+  @Test
+  public void testSendEachForMulticast() throws Exception {
+    MulticastMessage multicastMessage = MulticastMessage.builder()
+        .setNotification(Notification.builder()
+            .setTitle("Title")
+            .setBody("Body")
+            .build())
+        .addToken("not-a-token")
+        .addToken("also-not-a-token")
+        .build();
+
+    BatchResponse response = FirebaseMessaging.getInstance().sendEachForMulticast(
+        multicastMessage, true);
+
+    assertEquals(0, response.getSuccessCount());
+    assertEquals(2, response.getFailureCount());
+    assertEquals(2, response.getResponses().size());
+    for (SendResponse sendResponse : response.getResponses()) {
+      assertFalse(sendResponse.isSuccessful());
+      assertNull(sendResponse.getMessageId());
+      assertNotNull(sendResponse.getException());
+    }
+  }
+
   @Test
   public void testSendAll() throws Exception {
     List<Message> messages = new ArrayList<>();
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
index 8e8e79e07..dc07ce002 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
@@ -16,6 +16,9 @@
 
 package com.google.firebase.messaging;
 
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.anyOf;
+import static org.hamcrest.Matchers.is;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
@@ -27,13 +30,19 @@
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.Nullable;
+
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.concurrent.ExecutionException;
+
 import org.junit.After;
 import org.junit.Test;
 
@@ -46,6 +55,9 @@ public class FirebaseMessagingTest {
   private static final Message EMPTY_MESSAGE = Message.builder()
       .setTopic("test-topic")
       .build();
+  private static final Message EMPTY_MESSAGE_2 = Message.builder()
+      .setTopic("test-topic2")
+      .build();
   private static final MulticastMessage TEST_MULTICAST_MESSAGE = MulticastMessage.builder()
       .addToken("test-fcm-token1")
       .addToken("test-fcm-token2")
@@ -262,6 +274,277 @@ public void testSendAsyncFailure() throws InterruptedException {
     assertFalse(client.isLastDryRun);
   }
 
+  @Test
+  public void testSendEachWithNull() throws  FirebaseMessagingException {
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId(null);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    try {
+      messaging.sendEach(null);
+      fail("No error thrown for null message list");
+    } catch (NullPointerException expected) {
+      // expected
+    }
+
+    assertNull(client.lastMessage);
+  }
+
+  @Test
+  public void testSendEachWithEmptyList() throws FirebaseMessagingException {
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId(null);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    try {
+      messaging.sendEach(ImmutableList.<Message>of());
+      fail("No error thrown for empty message list");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+
+    assertNull(client.lastMessage);
+  }
+
+  @Test
+  public void testSendEachWithTooManyMessages() throws FirebaseMessagingException {
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId(null);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+    ImmutableList.Builder<Message> listBuilder = ImmutableList.builder();
+    for (int i = 0; i < 501; i++) {
+      listBuilder.add(Message.builder().setTopic("topic").build());
+    }
+
+    try {
+      messaging.sendEach(listBuilder.build(), false);
+      fail("No error thrown for too many messages in the list");
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+
+    assertNull(client.lastMessage);
+  }
+
+  @Test
+  public void testSendEach() throws FirebaseMessagingException {
+    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE, EMPTY_MESSAGE_2);
+    ImmutableList<String> messageIds = ImmutableList.of("test1", "test2");
+    Map<Message, SendResponse> messageMap = new HashMap<>();
+    for (int i = 0; i < 2; i++) {
+      messageMap.put(messages.get(i), SendResponse.fromMessageId(messageIds.get(i)));
+    }
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageMap(messageMap);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response = messaging.sendEach(messages);
+
+    assertEquals(2, response.getSuccessCount());
+    for (int i = 0; i < 2; i++) {
+      assertEquals(messageIds.get(i), response.getResponses().get(i).getMessageId());
+    }
+    assertThat(client.lastMessage, anyOf(is(EMPTY_MESSAGE), is(EMPTY_MESSAGE_2)));
+    assertFalse(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachDryRun() throws FirebaseMessagingException {
+    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE, EMPTY_MESSAGE_2);
+    ImmutableList<String> messageIds = ImmutableList.of("test1", "test2");
+    Map<Message, SendResponse> messageMap = new HashMap<>();
+    for (int i = 0; i < 2; i++) {
+      messageMap.put(messages.get(i), SendResponse.fromMessageId(messageIds.get(i)));
+    }
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageMap(messageMap);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response = messaging.sendEach(messages, true);
+
+    assertEquals(2, response.getSuccessCount());
+    for (int i = 0; i < 2; i++) {
+      assertEquals(messageIds.get(i), response.getResponses().get(i).getMessageId());
+    }
+    assertThat(client.lastMessage, anyOf(is(EMPTY_MESSAGE), is(EMPTY_MESSAGE_2)));
+    assertTrue(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachFailure() throws FirebaseMessagingException {
+    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE, EMPTY_MESSAGE_2);
+    Map<Message, SendResponse> messageMap = new HashMap<>();
+    messageMap.put(messages.get(0), SendResponse.fromMessageId("test"));
+    messageMap.put(messages.get(1), SendResponse.fromException(TEST_EXCEPTION));
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageMap(messageMap);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response =  messaging.sendEach(messages);
+
+    assertEquals(1, response.getFailureCount());
+    assertEquals(1, response.getSuccessCount());
+    assertEquals("test", response.getResponses().get(0).getMessageId());
+    assertEquals(TEST_EXCEPTION, response.getResponses().get(1).getException());
+    assertFalse(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachAsync() throws Exception {
+    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE, EMPTY_MESSAGE_2);
+    ImmutableList<String> messageIds = ImmutableList.of("test1", "test2");
+    Map<Message, SendResponse> messageMap = new HashMap<>();
+    for (int i = 0; i < 2; i++) {
+      messageMap.put(messages.get(i), SendResponse.fromMessageId(messageIds.get(i)));
+    }
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageMap(messageMap);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response = messaging.sendEachAsync(messages).get();
+
+    assertEquals(2, response.getSuccessCount());
+    for (int i = 0; i < 2; i++) {
+      assertEquals(messageIds.get(i), response.getResponses().get(i).getMessageId());
+    }
+    assertThat(client.lastMessage, anyOf(is(EMPTY_MESSAGE), is(EMPTY_MESSAGE_2)));
+    assertFalse(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachAsyncDryRun() throws Exception {
+    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE, EMPTY_MESSAGE_2);
+    ImmutableList<String> messageIds = ImmutableList.of("test1", "test2");
+    Map<Message, SendResponse> messageMap = new HashMap<>();
+    for (int i = 0; i < 2; i++) {
+      messageMap.put(messages.get(i), SendResponse.fromMessageId(messageIds.get(i)));
+    }
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageMap(messageMap);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response = messaging.sendEachAsync(messages, true).get();
+
+    assertEquals(2, response.getSuccessCount());
+    for (int i = 0; i < 2; i++) {
+      assertEquals(messageIds.get(i), response.getResponses().get(i).getMessageId());
+    }
+    assertThat(client.lastMessage, anyOf(is(EMPTY_MESSAGE), is(EMPTY_MESSAGE_2)));
+    assertTrue(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachAsyncFailure() throws Exception {
+    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE, EMPTY_MESSAGE_2);
+    Map<Message, SendResponse> messageMap = new HashMap<>();
+    messageMap.put(messages.get(0), SendResponse.fromMessageId("test"));
+    messageMap.put(messages.get(1), SendResponse.fromException(TEST_EXCEPTION));
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageMap(messageMap);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response =  messaging.sendEachAsync(messages).get();
+
+    assertEquals(1, response.getFailureCount());
+    assertEquals(1, response.getSuccessCount());
+    assertEquals("test", response.getResponses().get(0).getMessageId());
+    assertEquals(TEST_EXCEPTION, response.getResponses().get(1).getException());
+    assertFalse(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachForMulticastWithNull() throws  FirebaseMessagingException {
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId(null);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    try {
+      messaging.sendEachForMulticast(null);
+      fail("No error thrown for null multicast message");
+    } catch (NullPointerException expected) {
+      // expected
+    }
+
+    assertNull(client.lastMessage);
+  }
+
+  @Test
+  public void testSendEachForMulticast() throws FirebaseMessagingException {
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId("test");
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response = messaging.sendEachForMulticast(TEST_MULTICAST_MESSAGE);
+
+    assertEquals(2, response.getSuccessCount());
+    for (int i = 0; i < 2; i++) {
+      assertEquals("test", response.getResponses().get(i).getMessageId());
+    }
+    assertFalse(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachForMulticastDryRun() throws FirebaseMessagingException {
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId("test");
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response = messaging.sendEachForMulticast(TEST_MULTICAST_MESSAGE, true);
+
+    assertEquals(2, response.getSuccessCount());
+    for (int i = 0; i < 2; i++) {
+      assertEquals("test", response.getResponses().get(i).getMessageId());
+    }
+    assertTrue(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachForMulticastFailure() throws FirebaseMessagingException {
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromException(TEST_EXCEPTION);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response =  messaging.sendEachForMulticast(TEST_MULTICAST_MESSAGE);
+
+    assertEquals(2, response.getFailureCount());
+    assertEquals(0, response.getSuccessCount());
+    for (int i = 0; i < 2; i++) {
+      assertEquals(TEST_EXCEPTION, response.getResponses().get(i).getException());
+    }
+    assertFalse(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachForMulticastAsync() throws Exception {
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId("test");
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response = messaging.sendEachForMulticastAsync(TEST_MULTICAST_MESSAGE).get();
+
+    assertEquals(2, response.getSuccessCount());
+    for (int i = 0; i < 2; i++) {
+      assertEquals("test", response.getResponses().get(i).getMessageId());
+    }
+    assertFalse(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachForMulticastAsyncDryRun() throws Exception {
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId("test");
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response = messaging.sendEachForMulticastAsync(
+        TEST_MULTICAST_MESSAGE, true).get();
+
+    assertEquals(2, response.getSuccessCount());
+    for (int i = 0; i < 2; i++) {
+      assertEquals("test", response.getResponses().get(i).getMessageId());
+    }
+    assertTrue(client.isLastDryRun);
+  }
+
+  @Test
+  public void testSendEachForMulticastAsyncFailure() throws Exception {
+    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromException(TEST_EXCEPTION);
+    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
+
+    BatchResponse response =  messaging.sendEachForMulticastAsync(TEST_MULTICAST_MESSAGE).get();
+
+    assertEquals(2, response.getFailureCount());
+    assertEquals(0, response.getSuccessCount());
+    for (int i = 0; i < 2; i++) {
+      assertEquals(TEST_EXCEPTION, response.getResponses().get(i).getException());
+    }
+    assertFalse(client.isLastDryRun);
+  }
+
   @Test
   public void testSendAllWithNull() throws  FirebaseMessagingException {
     MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId(null);
@@ -681,6 +964,7 @@ private static class MockFirebaseMessagingClient implements FirebaseMessagingCli
     private Message lastMessage;
     private List<Message> lastBatch;
     private boolean isLastDryRun;
+    private ImmutableMap<Message, SendResponse> messageMap;
 
     private MockFirebaseMessagingClient(
         String messageId, BatchResponse batchResponse, FirebaseMessagingException exception) {
@@ -689,10 +973,20 @@ private MockFirebaseMessagingClient(
       this.exception = exception;
     }
 
+    private MockFirebaseMessagingClient(
+        Map<Message, SendResponse> messageMap, FirebaseMessagingException exception) {
+      this.messageMap = ImmutableMap.copyOf(messageMap);
+      this.exception = exception;
+    }
+
     static MockFirebaseMessagingClient fromMessageId(String messageId) {
       return new MockFirebaseMessagingClient(messageId, null, null);
     }
 
+    static MockFirebaseMessagingClient fromMessageMap(Map<Message, SendResponse> messageMap) {
+      return new MockFirebaseMessagingClient(messageMap, null);
+    }
+
     static MockFirebaseMessagingClient fromBatchResponse(BatchResponse batchResponse) {
       return new MockFirebaseMessagingClient(null, batchResponse, null);
     }
@@ -702,13 +996,23 @@ static MockFirebaseMessagingClient fromException(FirebaseMessagingException exce
     }
 
     @Override
+    @Nullable
     public String send(Message message, boolean dryRun) throws FirebaseMessagingException {
       lastMessage = message;
       isLastDryRun = dryRun;
       if (exception != null) {
         throw exception;
       }
-      return messageId;
+      if (messageMap == null) {
+        return messageId;
+      }
+      if (!messageMap.containsKey(message)) {
+        return null;
+      }
+      if (messageMap.get(message).getException() != null) {
+        throw messageMap.get(message).getException();
+      }
+      return messageMap.get(message).getMessageId();
     }
 
     @Override

From b940966a907e3527b61bd3eeab2027d9ea7c6bfd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jun 2023 11:21:40 -0400
Subject: [PATCH 202/354] chore(deps): bump maven-project-info-reports-plugin
 from 3.4.4 to 3.4.5 (#830)

Bumps [maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.4.4 to 3.4.5.
- [Commits](https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.4.4...maven-project-info-reports-plugin-3.4.5)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-project-info-reports-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0a67f6c14..126bd3e4f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -367,7 +367,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.4.4</version>
+                <version>3.4.5</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From ed01081597bf8e52f439699a7e3909eba016eeb6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jun 2023 15:24:35 +0000
Subject: [PATCH 203/354] chore(deps): bump maven-surefire-plugin from 3.1.0 to
 3.1.2 (#828)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 126bd3e4f..d326e9e06 100644
--- a/pom.xml
+++ b/pom.xml
@@ -280,7 +280,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.1.2</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From 4465a9141f0e747ccf1cd5cc770213382883636b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jun 2023 15:27:39 +0000
Subject: [PATCH 204/354] chore(deps): bump maven-failsafe-plugin from 3.1.0 to
 3.1.2 (#829)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d326e9e06..ba056d98e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -337,7 +337,7 @@
             <!-- Verify Phase -->
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.1.2</version>
                 <executions>
                     <execution>
                         <goals>

From 0f414298eee57e56de8d49c29796f2adbd718dc6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:05:19 -0400
Subject: [PATCH 205/354] chore(deps): bump netty-handler from 4.1.93.Final to
 4.1.94.Final (#833)

Bumps [netty-handler](https://github.com/netty/netty) from 4.1.93.Final to 4.1.94.Final.
- [Commits](https://github.com/netty/netty/compare/netty-4.1.93.Final...netty-4.1.94.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ba056d98e..878d83855 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.93.Final</netty.version>
+        <netty.version>4.1.94.Final</netty.version>
     </properties>
 
     <scm>

From adc7cf550497188c5ea41eeeea3cafed4e98626d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jun 2023 17:24:15 +0000
Subject: [PATCH 206/354] chore(deps): bump libraries-bom from 26.16.0 to
 26.17.0 (#831)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 878d83855..3d99466d1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.16.0</version>
+                <version>26.17.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 82da78bbd1b5d4a8b9bf1be9e2905c10fda39687 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 22 Jun 2023 15:37:55 -0400
Subject: [PATCH 207/354] [chore] Release 9.2.0 (#835)

- Release 9.2.0
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3d99466d1..ddd16db34 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.1.1</version>
+    <version>9.2.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 7a32102c61ade8e48649569c4c19c7b7aed01982 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Jul 2023 15:52:33 +0000
Subject: [PATCH 208/354] chore(deps): bump libraries-bom from 26.17.0 to
 26.18.0 (#839)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ddd16db34..e56f31a13 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.17.0</version>
+                <version>26.18.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 999742520a93cc8c232591802e640d5774ae5efd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Aug 2023 12:24:50 -0400
Subject: [PATCH 209/354] chore(deps): bump com.google.cloud:libraries-bom from
 26.18.0 to 26.22.0 (#854)

Bumps [com.google.cloud:libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.18.0 to 26.22.0.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/release-please-config.json)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/v26.18.0...v26.22.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e56f31a13..0e672f5d1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.18.0</version>
+                <version>26.22.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 13a285723aab9584f587762a6b70c38386acf527 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Aug 2023 16:28:32 +0000
Subject: [PATCH 210/354] chore(deps): bump netty.version from 4.1.94.Final to
 4.1.96.Final (#847)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0e672f5d1..6e41a7757 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.94.Final</netty.version>
+        <netty.version>4.1.96.Final</netty.version>
     </properties>
 
     <scm>

From 315f5c0bccf07fa025fa38939400feca9950ba45 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Oct 2023 16:54:59 +0000
Subject: [PATCH 211/354] chore(deps): bump com.google.cloud:libraries-bom from
 26.22.0 to 26.24.0 (#864)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6e41a7757..ec70ea90c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.22.0</version>
+                <version>26.24.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From a7ce4c396ba4472d812876692537d2a47efdc780 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Oct 2023 16:57:52 +0000
Subject: [PATCH 212/354] chore(deps): bump org.slf4j:slf4j-api from 2.0.7 to
 2.0.9 (#858)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ec70ea90c..70763e2cc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.7</version>
+            <version>2.0.9</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From 2dcd91a1ddef8e1e4c2f56a722ec5bebec26154d Mon Sep 17 00:00:00 2001
From: Vedran Pavic <vedran.pavic@gmail.com>
Date: Wed, 4 Oct 2023 19:08:00 +0200
Subject: [PATCH 213/354] Mark `sendAll` and `sendMulticast` variants as
 deprecated (#836)

In d1baee36 all `sendAll` and `sendMulticast` variants were deprecated,
however those methods were marked as deprecated only in javadoc but not
using `@Deprecated`.

This commit adds `@Deprecated` annotation where needed, in order to
better signal the deprecation to developers.

Co-authored-by: Lahiru Maramba <llahiru@gmail.com>
---
 .../com/google/firebase/messaging/FirebaseMessaging.java  | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
index 882fec8fc..e16b6ac9d 100644
--- a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
+++ b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
@@ -344,6 +344,7 @@ public ApiFuture<BatchResponse> sendEachForMulticastAsync(
    *     value.
    * @deprecated Use {@link #sendEach(List)} instead.
    */
+  @Deprecated
   public BatchResponse sendAll(
       @NonNull List<Message> messages) throws FirebaseMessagingException {
     return sendAll(messages, false);
@@ -371,6 +372,7 @@ public BatchResponse sendAll(
    *     value.
    * @deprecated Use {@link #sendEach(List, boolean)} instead.
    */
+  @Deprecated
   public BatchResponse sendAll(
       @NonNull List<Message> messages, boolean dryRun) throws FirebaseMessagingException {
     return sendAllOp(messages, dryRun).call();
@@ -384,6 +386,7 @@ public BatchResponse sendAll(
    *     the messages have been sent.
    * @deprecated Use {@link #sendEachAsync(List)} instead.
    */
+  @Deprecated
   public ApiFuture<BatchResponse> sendAllAsync(@NonNull List<Message> messages) {
     return sendAllAsync(messages, false);
   }
@@ -397,6 +400,7 @@ public ApiFuture<BatchResponse> sendAllAsync(@NonNull List<Message> messages) {
    *     the messages have been sent, or when the emulation has finished.
    * @deprecated Use {@link #sendEachAsync(List, boolean)} instead.
    */
+  @Deprecated
   public ApiFuture<BatchResponse> sendAllAsync(
       @NonNull List<Message> messages, boolean dryRun) {
     return sendAllOp(messages, dryRun).callAsync(app);
@@ -418,6 +422,7 @@ public ApiFuture<BatchResponse> sendAllAsync(
    *     return value.
    * @deprecated Use {@link #sendEachForMulticast(MulticastMessage)} instead.
    */
+  @Deprecated
   public BatchResponse sendMulticast(
       @NonNull MulticastMessage message) throws FirebaseMessagingException {
     return sendMulticast(message, false);
@@ -445,6 +450,7 @@ public BatchResponse sendMulticast(
    *     return value.
    * @deprecated Use {@link #sendEachForMulticast(MulticastMessage, boolean)} instead.
    */
+  @Deprecated
   public BatchResponse sendMulticast(
       @NonNull MulticastMessage message, boolean dryRun) throws FirebaseMessagingException {
     checkNotNull(message, "multicast message must not be null");
@@ -460,6 +466,7 @@ public BatchResponse sendMulticast(
    *     the messages have been sent.
    * @deprecated Use {@link #sendEachForMulticastAsync(MulticastMessage)} instead.
    */
+  @Deprecated
   public ApiFuture<BatchResponse> sendMulticastAsync(@NonNull MulticastMessage message) {
     return sendMulticastAsync(message, false);
   }
@@ -474,6 +481,7 @@ public ApiFuture<BatchResponse> sendMulticastAsync(@NonNull MulticastMessage mes
    *     the messages have been sent.
    * @deprecated Use {@link #sendEachForMulticastAsync(MulticastMessage, boolean)} instead.
    */
+  @Deprecated
   public ApiFuture<BatchResponse> sendMulticastAsync(
       @NonNull MulticastMessage message, boolean dryRun) {
     checkNotNull(message, "multicast message must not be null");

From 473500022d58fb4603de9fb0e06abf98c3e9e176 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Oct 2023 17:17:06 +0000
Subject: [PATCH 214/354] chore(deps): bump netty.version from 4.1.96.Final to
 4.1.99.Final (#865)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 70763e2cc..82eb1e4f9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.96.Final</netty.version>
+        <netty.version>4.1.99.Final</netty.version>
     </properties>
 
     <scm>

From b4ab5903fb337b6023e331feb317f0866872c439 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 12 Oct 2023 12:48:24 -0400
Subject: [PATCH 215/354] Update `github.ref` value in `release.yml` (#867)

- Fixes the release workflow to match the updates to `github.ref`
- `github.ref` now returns a fully-formed value `refs/heads/...`
 - See https://github.blog/changelog/2023-09-13-github-actions-updates-to-github_ref-and-github-ref/
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b49a453fc..94a42cfd5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -72,7 +72,7 @@ jobs:
     #   3. with the label 'release:publish', and
     #   4. the title prefix '[chore] Release '.
     if: github.event.pull_request.merged &&
-      github.ref == 'master' &&
+      github.ref == 'refs/heads/master' &&
       contains(github.event.pull_request.labels.*.name, 'release:publish') &&
       startsWith(github.event.pull_request.title, '[chore] Release ')
 

From 7822976286bb7ef2b1f91ef31315671e3b14dadf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Dec 2023 13:37:11 -0500
Subject: [PATCH 216/354] chore(deps): bump
 org.apache.maven.plugins:maven-javadoc-plugin (#881)

Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.5.0 to 3.6.3.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.5.0...maven-javadoc-plugin-3.6.3)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 82eb1e4f9..a141d2400 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.5.0</version>
+                        <version>3.6.3</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.5.0</version>
+                <version>3.6.3</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From acc184093d3a7a588df1659e5f47d7c5d99f6c6a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Dec 2023 18:42:13 +0000
Subject: [PATCH 217/354] chore(deps): bump org.jacoco:jacoco-maven-plugin from
 0.8.10 to 0.8.11 (#870)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a141d2400..86de9cfd1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -189,7 +189,7 @@
                     <plugin>
                         <groupId>org.jacoco</groupId>
                         <artifactId>jacoco-maven-plugin</artifactId>
-                        <version>0.8.10</version>
+                        <version>0.8.11</version>
                         <executions>
                             <execution>
                                 <id>pre-unit-test</id>

From 70c4808302d34fd927981aeae40f071767cb1739 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Dec 2023 18:44:25 +0000
Subject: [PATCH 218/354] chore(deps): bump com.google.cloud:libraries-bom from
 26.24.0 to 26.28.0 (#884)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 86de9cfd1..f8f04ba9f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.24.0</version>
+                <version>26.28.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 27fc4bf68d0c0e534c1313271f8ab9e48d2f3817 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Dec 2023 18:50:49 +0000
Subject: [PATCH 219/354] chore(deps): bump netty.version from 4.1.99.Final to
 4.1.101.Final (#885)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f8f04ba9f..4a9191d8a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.99.Final</netty.version>
+        <netty.version>4.1.101.Final</netty.version>
     </properties>
 
     <scm>

From 003b5544095de9e139f279a595520c03e057b22e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Dec 2023 11:43:13 -0500
Subject: [PATCH 220/354] chore(deps): bump
 org.apache.maven.plugins:maven-surefire-plugin (#889)

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.1.2 to 3.2.2.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.1.2...surefire-3.2.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4a9191d8a..b517accbe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -280,7 +280,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.1.2</version>
+                <version>3.2.2</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From fe35c0fa27c33f0633741ecec8cb0580d1da2fbf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Dec 2023 16:46:25 +0000
Subject: [PATCH 221/354] chore(deps): bump
 org.apache.maven.plugins:maven-project-info-reports-plugin (#886)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b517accbe..a289cac28 100644
--- a/pom.xml
+++ b/pom.xml
@@ -367,7 +367,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.4.5</version>
+                <version>3.5.0</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From a4aac69d9365189d8db93fb0ce35f285408c99fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Dec 2023 16:49:13 +0000
Subject: [PATCH 222/354] chore(deps): bump org.codehaus.mojo:exec-maven-plugin
 (#887)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a289cac28..60fd1e115 100644
--- a/pom.xml
+++ b/pom.xml
@@ -215,7 +215,7 @@
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>exec-maven-plugin</artifactId>
-                        <version>3.1.0</version>
+                        <version>3.1.1</version>
                         <executions>
                             <execution>
                                 <phase>test</phase>

From 4357513d7b491eab27f8a66918e6c93ecc907e33 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Dec 2023 16:52:03 +0000
Subject: [PATCH 223/354] chore(deps): bump
 org.apache.maven.plugins:maven-failsafe-plugin (#892)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 60fd1e115..c6c42d5d7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -337,7 +337,7 @@
             <!-- Verify Phase -->
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
-                <version>3.1.2</version>
+                <version>3.2.3</version>
                 <executions>
                     <execution>
                         <goals>

From 2f111fbd3d372be7bc0aab157b8781a7f80f1940 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Tue, 19 Dec 2023 12:33:34 -0500
Subject: [PATCH 224/354] chore: Update integration test project setup
 instructions. (#877)

* Update integration test project setup instructions.

* fix: remove duplicate

* fix: addresses some of the code review notes

* fix: addresses remaining code review notes and some typos

* Add note on 2nd rtdb reference.

* fix: nits

* fix: pencil

* Added service account management note.
---
 CONTRIBUTING.md | 105 ++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 84 insertions(+), 21 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index a3b65e101..2e6914c5f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -127,27 +127,90 @@ mvn test
 Integration tests are also written using Junit4. They coexist with the unit tests in the `src/test`
 subdirectory. Integration tests follow the naming convention `*IT.java` (e.g. `DataTestIT.java`),
 which enables the Maven Surefire and Failsafe plugins to differentiate between the two types of
-tests. Integration tests are executed against a real life Firebase project, and therefore
-requires an Internet connection.
-
-Create a new project in the [Firebase console](https://console.firebase.google.com/) if you do
-not already have one. Use a separate, dedicated project for integration tests since the test suite
-makes a large number of writes to the Firebase realtime database. Download the service account
-private key from the "Settings > Service Accounts" page of the project, and save it as
-`integration_cert.json` at the root of the codebase. Grant your service account the `Firebase
-Authentication Admin` role at
-[Google Cloud Platform Console / IAM & admin](https://console.cloud.google.com/iam-admin). This is
-required to ensure that exported user records contain the password hashes of the user accounts.
-Also obtain the web API key of the project from the "Settings > General" page, and save it as
-`integration_apikey.txt` at the root of the codebase.
-
-Some of the integration tests require an
-[Identity Platform](https://cloud.google.com/identity-platform/) project with multi-tenancy
-[enabled](https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart#enabling_multi-tenancy).
-An existing Firebase project can be upgraded to an Identity Platform project without losing any
-functionality via the
-[Identity Platform Marketplace Page](https://console.cloud.google.com/customer-identity). Note that
-charges may be incurred for active users beyond the Identity Platform free tier.
+tests.
+
+Integration tests are executed against a real life Firebase project. If you do not already
+have one suitable for running the tests against, you can create a new project in the
+[Firebase Console](https://console.firebase.google.com) following the setup guide below.
+If you already have a Firebase project, you'll need to obtain credentials to communicate and
+authorize access to your Firebase project:
+
+1. Service account certificate: This allows access to your Firebase project through a service account
+which is required for all integration tests. This can be downloaded as a JSON file from the 
+**Settings > Service Accounts** tab of the Firebase console when you click the
+**Generate new private key** button. Copy the file into the repo so it's available at
+`integration_cert.json`.
+   > **Note:** Service accounts should be carefully managed and their keys should never be stored in publicly accessible source code or repositories.
+
+
+2. Web API key: This allows for Auth sign-in needed for some Authentication and Tenant Management
+integration tests. This is displayed in the **Settings > General** tab of the Firebase console
+after enabling Authentication as described in the steps below. Copy it and save to a new text
+file at `integration_apikey.txt`.
+
+
+Set up your Firebase project as follows:
+
+
+1. Enable Authentication:
+   1. Go to the Firebase Console, and select **Authentication** from the **Build** menu.
+   2. Click on **Get Started**.
+   3. Select **Sign-in method > Add new provider > Email/Password** then enable both the
+   **Email/Password** and **Email link (passwordless sign-in)** options.
+
+
+2. Enable Firestore:
+   1. Go to the Firebase Console, and select **Firestore Database** from the **Build** menu.
+   2. Click on the **Create database** button. You can choose to set up Firestore either in
+   the production mode or in the test mode.
+
+
+3. Enable Realtime Database:
+   1. Go to the Firebase Console, and select **Realtime Database** from the **Build** menu.
+   2. Click on the **Create Database** button. You can choose to set up the Realtime Database
+   either in the locked mode or in the test mode.
+
+   > **Note:** Integration tests are not run against the default Realtime Database reference and are
+   instead run against a database created at `https://{PROJECT_ID}.firebaseio.com`.
+   This second Realtime Database reference is created in the following steps.
+
+   3. In the **Data** tab click on the kebab menu (3 dots) and select **Create Database**.
+   4. Enter your Project ID (Found in the **General** tab in **Account Settings**) as the
+   **Realtime Database reference**. Again, you can choose to set up the Realtime Database
+   either in the locked mode or in the test mode.
+
+
+4. Enable Storage:
+   1. Go to the Firebase Console, and select **Storage** from the **Build** menu.
+   2. Click on the **Get started** button. You can choose to set up Cloud Storage
+   either in the production mode or in the test mode.
+
+
+5. Enable the IAM API:
+   1. Go to the [Google Cloud console](https://console.cloud.google.com)
+   and make sure your Firebase project is selected.
+   2. Select **APIs & Services** from the main menu, and click the
+   **ENABLE APIS AND SERVICES** button.
+   3. Search for and enable **Identity and Access Management (IAM) API** by Google Enterprise API.
+
+
+6. Enable Tenant Management:
+   1. Go to
+   [Google Cloud console | Identity Platform](https://console.cloud.google.com/customer-identity/)
+   and if it is not already enabled, click **Enable**.
+   2. Then
+   [enable multi-tenancy](https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart#enabling_multi-tenancy)
+   for your project.
+
+
+7. Ensure your service account has the **Firebase Authentication Admin** role. This is required
+to ensure that exported user records contain the password hashes of the user accounts:
+   1. Go to [Google Cloud console | IAM & admin](https://console.cloud.google.com/iam-admin).
+   2. Find your service account in the list. If not added click the pencil icon to edit its
+   permissions.
+   3. Click **ADD ANOTHER ROLE** and choose **Firebase Authentication Admin**.
+   4. Click **SAVE**.
+
 
 Now run the following command to invoke the integration test suite:
 

From 5609fb45739222bd0cad25401dad8b7e4c287a64 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 16:48:50 -0500
Subject: [PATCH 225/354] chore(deps): bump com.google.cloud:libraries-bom from
 26.28.0 to 26.31.0 (#907)

Bumps [com.google.cloud:libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.28.0 to 26.31.0.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/release-please-config.json)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/v26.28.0...v26.31.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c6c42d5d7..a6804d543 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.28.0</version>
+                <version>26.31.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From cbf68e5642d99119996219e9ca5bc10c983230dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 21:51:35 +0000
Subject: [PATCH 226/354] chore(deps): bump
 org.apache.maven.plugins:maven-surefire-plugin (#903)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a6804d543..3321dd105 100644
--- a/pom.xml
+++ b/pom.xml
@@ -280,7 +280,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.2.2</version>
+                <version>3.2.5</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From 67e8435f7f5289863eb3cba8222a0160846ce7c9 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Wed, 7 Feb 2024 09:28:41 -0500
Subject: [PATCH 227/354] [chore] Update Github action workflows to fix node
 version and `set-output` deprecation warnings (#905)

* Update Github action workflows to fix node version and `set-output` deprecation warnings

* revert upload-artifact to v1

* revert upload-artifact to v1

* fix: JDK version syntax
---
 .github/scripts/publish_preflight_check.sh | 13 +++++----
 .github/workflows/ci.yml                   |  5 ++--
 .github/workflows/nightly.yml              |  9 +++---
 .github/workflows/release.yml              | 32 ++++++++++------------
 4 files changed, 29 insertions(+), 30 deletions(-)

diff --git a/.github/scripts/publish_preflight_check.sh b/.github/scripts/publish_preflight_check.sh
index 7a191518d..7c8e384e2 100755
--- a/.github/scripts/publish_preflight_check.sh
+++ b/.github/scripts/publish_preflight_check.sh
@@ -69,7 +69,7 @@ if [[ ! "${RELEASE_VERSION}" =~ ^([0-9]*)\.([0-9]*)\.([0-9]*)$ ]]; then
 fi
 
 echo_info "Extracted release version: ${RELEASE_VERSION}"
-echo "::set-output name=version::v${RELEASE_VERSION}"
+echo "version=v${RELEASE_VERSION}" >> $GITHUB_OUTPUT
 
 
 echo_info ""
@@ -132,12 +132,13 @@ readonly CHANGELOG=`${CURRENT_DIR}/generate_changelog.sh`
 echo "$CHANGELOG"
 
 # Parse and preformat the text to handle multi-line output.
-# See https://github.amrom.workers.devmunity/t5/GitHub-Actions/set-output-Truncates-Multiline-Strings/td-p/37870
+# See https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#example-of-a-multiline-string
+# and https://github.com/github/docs/issues/21529#issue-1418590935
 FILTERED_CHANGELOG=`echo "$CHANGELOG" | grep -v "\\[INFO\\]"`
-FILTERED_CHANGELOG="${FILTERED_CHANGELOG//'%'/'%25'}"
-FILTERED_CHANGELOG="${FILTERED_CHANGELOG//$'\n'/'%0A'}"
-FILTERED_CHANGELOG="${FILTERED_CHANGELOG//$'\r'/'%0D'}"
-echo "::set-output name=changelog::${FILTERED_CHANGELOG}"
+FILTERED_CHANGELOG="${FILTERED_CHANGELOG//$'\''/'"'}"
+echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT
+echo -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT
+echo "CHANGELOGEOF" >> $GITHUB_OUTPUT
 
 
 echo ""
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index eb09f08c6..39948e9e9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,11 +24,12 @@ jobs:
         java-version: [8, 11, 17]
 
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v4
 
     - name: Set up JDK
-      uses: actions/setup-java@v1
+      uses: actions/setup-java@v4
       with:
+        distribution: 'zulu'
         java-version: ${{ matrix.java-version }}
 
     # Does the following:
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index dd3110c46..b29cd2fc4 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -29,14 +29,15 @@ jobs:
 
     steps:
     - name: Checkout source for staging
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         ref: ${{ github.event.client_payload.ref || github.ref }}
 
-    - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
+    - name: Set up JDK 8
+      uses: actions/setup-java@v4
       with:
-        java-version: 1.8
+        distribution: 'zulu'
+        java-version: 8
 
     - name: Compile, test and package
       run: ./.github/scripts/package_artifacts.sh
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 94a42cfd5..c8a7050d8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -40,14 +40,15 @@ jobs:
     # via the 'ref' client parameter.
     steps:
     - name: Checkout source for staging
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         ref: ${{ github.event.client_payload.ref || github.ref }}
 
-    - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
+    - name: Set up JDK 8
+      uses: actions/setup-java@v4
       with:
-        java-version: 1.8
+        distribution: 'zulu'
+        java-version: 8
 
     - name: Compile, test and package
       run: ./.github/scripts/package_artifacts.sh
@@ -80,12 +81,13 @@ jobs:
 
     steps:
     - name: Checkout source for publish
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
-    - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
+    - name: Set up JDK 8
+      uses: actions/setup-java@v4
       with:
-        java-version: 1.8
+        distribution: 'zulu'
+        java-version: 8
 
     - name: Publish preflight check
       id: preflight
@@ -99,19 +101,13 @@ jobs:
         NEXUS_OSSRH_USERNAME: ${{ secrets.NEXUS_OSSRH_USERNAME }}
         NEXUS_OSSRH_PASSWORD: ${{ secrets.NEXUS_OSSRH_PASSWORD }}
 
-    # We pull this action from a custom fork of a contributor until
-    # https://github.com/actions/create-release/pull/32 is merged. Also note that v1 of
-    # this action does not support the "body" parameter.
+    # See: https://cli.github.com/manual/gh_release_create
     - name: Create release tag
-      uses: fleskesvor/create-release@1a72e235c178bf2ae6c51a8ae36febc24568c5fe
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        tag_name: ${{ steps.preflight.outputs.version }}
-        release_name: Firebase Admin Java SDK ${{ steps.preflight.outputs.version }}
-        body: ${{ steps.preflight.outputs.changelog }}
-        draft: false
-        prerelease: false
+      run: gh release create ${{ steps.preflight.outputs.version }}
+            --title "Firebase Admin Java SDK ${{ steps.preflight.outputs.version }}"
+            --notes '${{ steps.preflight.outputs.changelog }}'
 
     # Post to Twitter if explicitly opted-in by adding the label 'release:tweet'.
     - name: Post to Twitter

From 7e61d864209c631fa306e575e1254c39d4e77cd5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Feb 2024 16:41:04 +0000
Subject: [PATCH 228/354] chore(deps): bump
 com.google.api-client:google-api-client-bom (#911)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3321dd105..09e73a644 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.2.0</version>
+                <version>2.3.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 8214d8b2341d53899f8bf0b99ff789754f89e5f4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Feb 2024 15:57:43 -0500
Subject: [PATCH 229/354] chore(deps): bump netty.version from 4.1.101.Final to
 4.1.107.Final (#913)

Bumps `netty.version` from 4.1.101.Final to 4.1.107.Final.

Updates `io.netty:netty-codec-http` from 4.1.101.Final to 4.1.107.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.1.101.Final...netty-4.1.107.Final)

Updates `io.netty:netty-handler` from 4.1.101.Final to 4.1.107.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.1.101.Final...netty-4.1.107.Final)

Updates `io.netty:netty-transport` from 4.1.101.Final to 4.1.107.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.1.101.Final...netty-4.1.107.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 09e73a644..a3e60453b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.101.Final</netty.version>
+        <netty.version>4.1.107.Final</netty.version>
     </properties>
 
     <scm>

From 4b01900164a7925612c2fcf54ab3d3c508ae5fda Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Feb 2024 20:59:47 +0000
Subject: [PATCH 230/354] chore(deps): bump org.slf4j:slf4j-api from 2.0.9 to
 2.0.12 (#910)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a3e60453b..816fca592 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.9</version>
+            <version>2.0.12</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From dbc10e85bc2b24a19e7f80c0f66a7b57357115d1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Feb 2024 21:14:31 +0000
Subject: [PATCH 231/354] chore(deps): bump
 org.apache.maven.plugins:maven-compiler-plugin (#897)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 816fca592..da047fbed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -270,7 +270,7 @@
             <!-- Compile Phase -->
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.11.0</version>
+                <version>3.12.1</version>
                 <configuration>
                     <source>1.8</source>
                     <target>1.8</target>

From fd4595c8289aeed4c14d5c714ad5d7b6f6b794c1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Feb 2024 15:01:50 -0500
Subject: [PATCH 232/354] chore(deps): bump
 org.apache.maven.plugins:maven-failsafe-plugin (#914)

Bumps [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 3.2.3 to 3.2.5.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.2.3...surefire-3.2.5)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index da047fbed..131c6f3a8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -337,7 +337,7 @@
             <!-- Verify Phase -->
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
-                <version>3.2.3</version>
+                <version>3.2.5</version>
                 <executions>
                     <execution>
                         <goals>

From bd6b207a664aca510a3d78ac8d729e6a557b85d3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Feb 2024 20:03:57 +0000
Subject: [PATCH 233/354] chore(deps): bump com.google.cloud:libraries-bom from
 26.31.0 to 26.32.0 (#915)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 131c6f3a8..8c6df98a5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.31.0</version>
+                <version>26.32.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 4e7c425489d0f887cd78b904bfc7b4275a7385b4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Mar 2024 11:48:32 -0400
Subject: [PATCH 234/354] chore(deps): bump io.netty:netty-codec-http (#927)

Bumps [io.netty:netty-codec-http](https://github.com/netty/netty) from 4.1.107.Final to 4.1.108.Final.
- [Commits](https://github.com/netty/netty/compare/netty-4.1.107.Final...netty-4.1.108.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8c6df98a5..3218d8f2f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.107.Final</netty.version>
+        <netty.version>4.1.108.Final</netty.version>
     </properties>
 
     <scm>

From 12a6c3698d452215f8444de776ee711efa8d18fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Mar 2024 15:50:51 +0000
Subject: [PATCH 235/354] chore(deps): bump
 org.apache.maven.plugins:maven-gpg-plugin (#928)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3218d8f2f..f6a329ebf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
                 <plugins>
                     <plugin>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.1.0</version>
+                        <version>3.2.2</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>

From 3c09099ee430eb36fd2280c3e853208f8e8ba1b4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Mar 2024 15:53:21 +0000
Subject: [PATCH 236/354] chore(deps): bump com.google.cloud:libraries-bom from
 26.32.0 to 26.34.0 (#921)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f6a329ebf..59d80a14d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.32.0</version>
+                <version>26.34.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 5cf06b0addafdad3431c745bc1d467b0b9d98407 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Mar 2024 15:55:58 +0000
Subject: [PATCH 237/354] chore(deps): bump org.codehaus.mojo:exec-maven-plugin
 (#918)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 59d80a14d..69392b00a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -215,7 +215,7 @@
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>exec-maven-plugin</artifactId>
-                        <version>3.1.1</version>
+                        <version>3.2.0</version>
                         <executions>
                             <execution>
                                 <phase>test</phase>

From 3df58ccfc88dea4afa6519284be35ee5fe6c3de5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Mar 2024 15:59:13 +0000
Subject: [PATCH 238/354] chore(deps): bump
 com.google.api-client:google-api-client-bom (#926)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 69392b00a..40458c83e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.3.0</version>
+                <version>2.4.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 190e6afb100dfdcb99c0d37ee0c1a878fd8ddac4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Apr 2024 14:12:17 -0400
Subject: [PATCH 239/354] chore(deps): bump
 org.apache.maven.plugins:maven-compiler-plugin (#930)

Bumps [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.12.1 to 3.13.0.
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](https://github.com/apache/maven-compiler-plugin/compare/maven-compiler-plugin-3.12.1...maven-compiler-plugin-3.13.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 40458c83e..96a64d4a5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -270,7 +270,7 @@
             <!-- Compile Phase -->
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.12.1</version>
+                <version>3.13.0</version>
                 <configuration>
                     <source>1.8</source>
                     <target>1.8</target>

From bb4900f8854f4606967459e9d650864b80b817b0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Apr 2024 18:14:39 +0000
Subject: [PATCH 240/354] chore(deps): bump com.google.cloud:libraries-bom from
 26.34.0 to 26.36.0 (#932)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 96a64d4a5..4ab9b6065 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.34.0</version>
+                <version>26.36.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From c044a9c55f838d4ffd7a8429ea5e5d7d830f3b3e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Apr 2024 19:36:39 +0000
Subject: [PATCH 241/354] chore(deps): bump org.slf4j:slf4j-api from 2.0.12 to
 2.0.13 (#937)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4ab9b6065..d52fd09aa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.12</version>
+            <version>2.0.13</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From de76f4e85e6ed9947cdcc98e0e428a6da0d43d52 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Apr 2024 19:40:09 +0000
Subject: [PATCH 242/354] chore(deps): bump
 org.apache.maven.plugins:maven-source-plugin (#936)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d52fd09aa..09eea59e2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -289,7 +289,7 @@
             <!-- Package Phase -->
             <plugin>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>3.3.0</version>
+                <version>3.3.1</version>
                 <executions>
                     <execution>
                         <id>attach-sources</id>

From b5251dd20f7407d6d8f61e2b0220bb9ed7698f88 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Apr 2024 19:44:30 +0000
Subject: [PATCH 243/354] chore(deps): bump com.google.cloud:libraries-bom from
 26.36.0 to 26.37.0 (#935)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 09eea59e2..13399d553 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.36.0</version>
+                <version>26.37.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 451a4e3532bb7e9f70c38dda586e5f777b856460 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Apr 2024 19:48:07 +0000
Subject: [PATCH 244/354] chore(deps): bump org.jacoco:jacoco-maven-plugin from
 0.8.11 to 0.8.12 (#934)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 13399d553..51239b23b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -189,7 +189,7 @@
                     <plugin>
                         <groupId>org.jacoco</groupId>
                         <artifactId>jacoco-maven-plugin</artifactId>
-                        <version>0.8.11</version>
+                        <version>0.8.12</version>
                         <executions>
                             <execution>
                                 <id>pre-unit-test</id>

From 06bf0b3ef471cba09aa56a27be20761560ff9aac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 May 2024 16:24:06 -0400
Subject: [PATCH 245/354] chore(deps): bump
 org.apache.maven.plugins:maven-gpg-plugin (#940)

Bumps [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 3.2.2 to 3.2.4.
- [Release notes](https://github.com/apache/maven-gpg-plugin/releases)
- [Commits](https://github.com/apache/maven-gpg-plugin/compare/maven-gpg-plugin-3.2.2...maven-gpg-plugin-3.2.4)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-gpg-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 51239b23b..3a59e7d01 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
                 <plugins>
                     <plugin>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.2.2</version>
+                        <version>3.2.4</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>

From 907344b102d749db157dcebd49278761612e1944 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 May 2024 20:26:54 +0000
Subject: [PATCH 246/354] chore(deps): bump
 com.google.api-client:google-api-client-bom (#939)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3a59e7d01..71f813396 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.4.0</version>
+                <version>2.4.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 307a28b8e8d61aeda8912e36bbeede287a110130 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 May 2024 20:29:37 +0000
Subject: [PATCH 247/354] chore(deps): bump netty.version from 4.1.108.Final to
 4.1.109.Final (#938)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 71f813396..39257c4cb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.108.Final</netty.version>
+        <netty.version>4.1.109.Final</netty.version>
     </properties>
 
     <scm>

From d7e0470e44a2cd3a103cf18a7ad6185bddb0c2b4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 May 2024 13:29:24 -0400
Subject: [PATCH 248/354] chore(deps): bump com.google.cloud:libraries-bom from
 26.37.0 to 26.38.0 (#942)

Bumps [com.google.cloud:libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.37.0 to 26.38.0.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/release-please-config.json)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/v26.37.0...v26.38.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 39257c4cb..33d89ee67 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.37.0</version>
+                <version>26.38.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From bad0201c4c8decd0878f7238b9d1521d0d59fc72 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 14 May 2024 11:25:35 -0400
Subject: [PATCH 249/354] chore(deps): bump
 com.google.api-client:google-api-client-bom (#946)

Bumps [com.google.api-client:google-api-client-bom](https://github.com/googleapis/google-api-java-client) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/googleapis/google-api-java-client/releases)
- [Changelog](https://github.com/googleapis/google-api-java-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-java-client/compare/v2.4.1...v2.5.0)

---
updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 33d89ee67..09782cda6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.4.1</version>
+                <version>2.5.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 01dd6cc2f5d52ae17bba890bc3913338fac7b837 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 14 May 2024 17:02:59 +0000
Subject: [PATCH 250/354] chore(deps): bump com.google.cloud:libraries-bom from
 26.38.0 to 26.39.0 (#944)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 09782cda6..c9dad6269 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.38.0</version>
+                <version>26.39.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From ebd86a592adb039f2f1b3f558c68ee3896f0ba7e Mon Sep 17 00:00:00 2001
From: Felix Rittler <felix.rittler@outlook.com>
Date: Wed, 15 May 2024 21:19:43 +0200
Subject: [PATCH 251/354] fix: Make writeTimeout configurable (similar to
 readTimeout) (#900)

* add option to configure write timeout in FirebaseOptions

* improve tests and fix javadoc

---------

Co-authored-by: Felix Rittler <felix.rittler@chrono24.com>
Co-authored-by: Lahiru Maramba <llahiru@gmail.com>
---
 .../com/google/firebase/FirebaseOptions.java  | 28 +++++++++++++++++++
 .../internal/FirebaseRequestInitializer.java  |  3 ++
 .../google/firebase/FirebaseOptionsTest.java  | 12 +++++++-
 .../auth/FirebaseUserManagerTest.java         |  2 ++
 .../FirebaseRequestInitializerTest.java       |  3 ++
 5 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/google/firebase/FirebaseOptions.java b/src/main/java/com/google/firebase/FirebaseOptions.java
index 8e7a29ccb..849b38b8a 100644
--- a/src/main/java/com/google/firebase/FirebaseOptions.java
+++ b/src/main/java/com/google/firebase/FirebaseOptions.java
@@ -82,6 +82,7 @@ public GoogleCredentials get() {
   private final HttpTransport httpTransport;
   private final int connectTimeout;
   private final int readTimeout;
+  private final int writeTimeout;
   private final JsonFactory jsonFactory;
   private final ThreadManager threadManager;
   private final FirestoreOptions firestoreOptions;
@@ -112,6 +113,8 @@ private FirebaseOptions(@NonNull final FirebaseOptions.Builder builder) {
     this.connectTimeout = builder.connectTimeout;
     checkArgument(builder.readTimeout >= 0);
     this.readTimeout = builder.readTimeout;
+    checkArgument(builder.writeTimeout >= 0);
+    this.writeTimeout = builder.writeTimeout;
     this.firestoreOptions = builder.firestoreOptions;
   }
 
@@ -207,6 +210,16 @@ public int getReadTimeout() {
     return readTimeout;
   }
 
+  /**
+   * Returns the write timeout in milliseconds, which is applied to outgoing REST calls
+   * made by the SDK.
+   *
+   * @return Write timeout in milliseconds. 0 indicates an infinite timeout.
+   */
+  public int getWriteTimeout() {
+    return writeTimeout;
+  }
+
   @NonNull
   ThreadManager getThreadManager() {
     return threadManager;
@@ -260,6 +273,7 @@ public static final class Builder {
     private ThreadManager threadManager;
     private int connectTimeout;
     private int readTimeout;
+    private int writeTimeout;
 
     /**
      * Constructs an empty builder.
@@ -289,6 +303,7 @@ public Builder(FirebaseOptions options) {
       threadManager = options.threadManager;
       connectTimeout = options.connectTimeout;
       readTimeout = options.readTimeout;
+      writeTimeout = options.writeTimeout;
       firestoreOptions = options.firestoreOptions;
     }
 
@@ -495,6 +510,19 @@ public Builder setReadTimeout(int readTimeout) {
       return this;
     }
 
+    /**
+     * Sets the write timeout for outgoing HTTP (REST) calls made by the SDK. This does not affect
+     * the {@link com.google.firebase.database.FirebaseDatabase} and
+     * {@link com.google.firebase.cloud.FirestoreClient} APIs.
+     *
+     * @param writeTimeout Write timeout in milliseconds. Must not be negative.
+     * @return This <code>Builder</code> instance is returned so subsequent calls can be chained.
+     */
+    public Builder setWriteTimeout(int writeTimeout) {
+      this.writeTimeout = writeTimeout;
+      return this;
+    }
+
     /**
      * Builds the {@link FirebaseOptions} instance from the previously set options.
      *
diff --git a/src/main/java/com/google/firebase/internal/FirebaseRequestInitializer.java b/src/main/java/com/google/firebase/internal/FirebaseRequestInitializer.java
index e73f93953..e12690629 100644
--- a/src/main/java/com/google/firebase/internal/FirebaseRequestInitializer.java
+++ b/src/main/java/com/google/firebase/internal/FirebaseRequestInitializer.java
@@ -60,16 +60,19 @@ private static class TimeoutInitializer implements HttpRequestInitializer {
 
     private final int connectTimeoutMillis;
     private final int readTimeoutMillis;
+    private final int writeTimeoutMillis;
 
     TimeoutInitializer(FirebaseOptions options) {
       this.connectTimeoutMillis = options.getConnectTimeout();
       this.readTimeoutMillis = options.getReadTimeout();
+      this.writeTimeoutMillis = options.getWriteTimeout();
     }
 
     @Override
     public void initialize(HttpRequest request) {
       request.setConnectTimeout(connectTimeoutMillis);
       request.setReadTimeout(readTimeoutMillis);
+      request.setWriteTimeout(writeTimeoutMillis);
     }
   }
 }
diff --git a/src/test/java/com/google/firebase/FirebaseOptionsTest.java b/src/test/java/com/google/firebase/FirebaseOptionsTest.java
index c74215beb..0a4e9e81a 100644
--- a/src/test/java/com/google/firebase/FirebaseOptionsTest.java
+++ b/src/test/java/com/google/firebase/FirebaseOptionsTest.java
@@ -38,7 +38,7 @@
 
 import org.junit.Test;
 
-/** 
+/**
  * Tests for {@link FirebaseOptions}.
  */
 public class FirebaseOptionsTest {
@@ -87,6 +87,7 @@ public void createOptionsWithAllValuesSet() throws IOException {
             .setThreadManager(MOCK_THREAD_MANAGER)
             .setConnectTimeout(30000)
             .setReadTimeout(60000)
+            .setWriteTimeout(90000)
             .setFirestoreOptions(firestoreOptions)
             .build();
     assertEquals(FIREBASE_DB_URL, firebaseOptions.getDatabaseUrl());
@@ -97,6 +98,7 @@ public void createOptionsWithAllValuesSet() throws IOException {
     assertSame(MOCK_THREAD_MANAGER, firebaseOptions.getThreadManager());
     assertEquals(30000, firebaseOptions.getConnectTimeout());
     assertEquals(60000, firebaseOptions.getReadTimeout());
+    assertEquals(90000, firebaseOptions.getWriteTimeout());
     assertSame(firestoreOptions, firebaseOptions.getFirestoreOptions());
 
     GoogleCredentials credentials = firebaseOptions.getCredentials();
@@ -209,6 +211,14 @@ public void createOptionsWithInvalidReadTimeout() {
         .build();
   }
 
+  @Test(expected = IllegalArgumentException.class)
+  public void createOptionsWithInvalidWriteTimeout() {
+    FirebaseOptions.builder()
+            .setCredentials(TestUtils.getCertCredential(ServiceAccount.EDITOR.asStream()))
+            .setWriteTimeout(-1)
+            .build();
+  }
+
   @Test
   public void testNotEquals() throws IOException {
     GoogleCredentials credentials = GoogleCredentials.fromStream(ServiceAccount.EDITOR.asStream());
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index f83c5f56f..41085d181 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -979,6 +979,7 @@ public void testTimeout() throws Exception {
         .setHttpTransport(transport)
         .setConnectTimeout(30000)
         .setReadTimeout(60000)
+        .setWriteTimeout(90000)
         .build());
     FirebaseAuth auth = FirebaseAuth.getInstance();
     FirebaseUserManager userManager = auth.getUserManager();
@@ -989,6 +990,7 @@ public void testTimeout() throws Exception {
     HttpRequest request = interceptor.getResponse().getRequest();
     assertEquals(30000, request.getConnectTimeout());
     assertEquals(60000, request.getReadTimeout());
+    assertEquals(90000, request.getWriteTimeout());
   }
 
   @Test
diff --git a/src/test/java/com/google/firebase/internal/FirebaseRequestInitializerTest.java b/src/test/java/com/google/firebase/internal/FirebaseRequestInitializerTest.java
index fde2f918b..49805d373 100644
--- a/src/test/java/com/google/firebase/internal/FirebaseRequestInitializerTest.java
+++ b/src/test/java/com/google/firebase/internal/FirebaseRequestInitializerTest.java
@@ -38,6 +38,7 @@ public class FirebaseRequestInitializerTest {
   private static final int MAX_RETRIES = 5;
   private static final int CONNECT_TIMEOUT_MILLIS = 30000;
   private static final int READ_TIMEOUT_MILLIS = 60000;
+  private static final int WRITE_TIMEOUT_MILLIS = 90000;
 
   @After
   public void tearDown() {
@@ -69,6 +70,7 @@ public void testExplicitTimeouts() throws Exception {
         .setCredentials(new MockGoogleCredentials("token"))
         .setConnectTimeout(CONNECT_TIMEOUT_MILLIS)
         .setReadTimeout(READ_TIMEOUT_MILLIS)
+        .setWriteTimeout(WRITE_TIMEOUT_MILLIS)
         .build());
     HttpRequest request = TestUtils.createRequest();
 
@@ -77,6 +79,7 @@ public void testExplicitTimeouts() throws Exception {
 
     assertEquals(CONNECT_TIMEOUT_MILLIS, request.getConnectTimeout());
     assertEquals(READ_TIMEOUT_MILLIS, request.getReadTimeout());
+    assertEquals(WRITE_TIMEOUT_MILLIS, request.getWriteTimeout());
     assertEquals("Bearer token", request.getHeaders().getAuthorization());
     assertEquals(HttpRequest.DEFAULT_NUMBER_OF_RETRIES, request.getNumberOfRetries());
     assertNull(request.getIOExceptionHandler());

From 2988d9c83dc1dad707195d006ac132085ed3a80b Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 16 May 2024 14:29:05 +0000
Subject: [PATCH 252/354] Fix doc strings in #900 (#947)

Address TW reviews in #900
---
 src/main/java/com/google/firebase/FirebaseOptions.java | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/google/firebase/FirebaseOptions.java b/src/main/java/com/google/firebase/FirebaseOptions.java
index 849b38b8a..03f1b34a4 100644
--- a/src/main/java/com/google/firebase/FirebaseOptions.java
+++ b/src/main/java/com/google/firebase/FirebaseOptions.java
@@ -201,8 +201,7 @@ public int getConnectTimeout() {
   }
 
   /**
-   * Returns the read timeout in milliseconds, which is applied to outgoing REST calls
-   * made by the SDK.
+   * Returns the read timeout applied to outgoing REST calls in milliseconds.
    *
    * @return Read timeout in milliseconds. 0 indicates an infinite timeout.
    */
@@ -211,8 +210,7 @@ public int getReadTimeout() {
   }
 
   /**
-   * Returns the write timeout in milliseconds, which is applied to outgoing REST calls
-   * made by the SDK.
+   * Returns the write timeout applied to outgoing REST calls in milliseconds.
    *
    * @return Write timeout in milliseconds. 0 indicates an infinite timeout.
    */

From 02eda9d093eb540f1f57a28c57547424646aebd8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 May 2024 10:27:21 -0400
Subject: [PATCH 253/354] --- (#949)

updated-dependencies:
- dependency-name: com.google.api-client:google-api-client-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c9dad6269..c37d3ebc2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.5.0</version>
+                <version>2.5.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 037af4f4f0a37f91c435ddbbf22c72f879e5e9b9 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Tue, 21 May 2024 18:14:19 +0000
Subject: [PATCH 254/354] [chore] Release 9.3.0 (#948)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c37d3ebc2..c421c06fc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.2.0</version>
+    <version>9.3.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From c673c266c8a644d6f8675da8cbe1e96966d727d4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Jun 2024 15:36:17 -0400
Subject: [PATCH 255/354] chore(deps): Bump
 org.apache.maven.plugins:maven-javadoc-plugin (#955)

Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.6.3 to 3.7.0.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.6.3...maven-javadoc-plugin-3.7.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index c421c06fc..bd45b4dd3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.6.3</version>
+                        <version>3.7.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.6.3</version>
+                <version>3.7.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 312434a8a85e602ba3e39d0cce596a23f3fa7776 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Jun 2024 19:38:27 +0000
Subject: [PATCH 256/354] chore(deps): Bump org.codehaus.mojo:exec-maven-plugin
 (#954)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index bd45b4dd3..30b4df7ed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -215,7 +215,7 @@
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>exec-maven-plugin</artifactId>
-                        <version>3.2.0</version>
+                        <version>3.3.0</version>
                         <executions>
                             <execution>
                                 <phase>test</phase>

From e728ce2d1532053b94858c886b48f6626fc8d5dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Jun 2024 19:40:44 +0000
Subject: [PATCH 257/354] chore(deps): Bump
 org.sonatype.plugins:nexus-staging-maven-plugin (#952)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 30b4df7ed..7f7bd423e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -352,7 +352,7 @@
             <plugin>
                 <groupId>org.sonatype.plugins</groupId>
                 <artifactId>nexus-staging-maven-plugin</artifactId>
-                <version>1.6.13</version>
+                <version>1.7.0</version>
                 <extensions>true</extensions>
                 <configuration>
                     <serverId>ossrh</serverId>

From 9806e3549ef2eff94801ee5ace294f591d1d6bbb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Jun 2024 19:44:13 +0000
Subject: [PATCH 258/354] chore(deps): Bump netty.version from 4.1.109.Final to
 4.1.110.Final (#953)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 7f7bd423e..128632f95 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.109.Final</netty.version>
+        <netty.version>4.1.110.Final</netty.version>
     </properties>
 
     <scm>

From 9ce559bb548d92ea2b6367e699e7b9ea6b756948 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 3 Jul 2024 16:16:18 +0000
Subject: [PATCH 259/354] chore: Update integration test resources (#966)

* chore: Update integration test resources

* Trigger CI
---
 .../resources/integ-service-account.json.gpg  | Bin 1734 -> 1762 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/.github/resources/integ-service-account.json.gpg b/.github/resources/integ-service-account.json.gpg
index da547f44dff331d7c4b1e454ca1a230aef03622c..7740dccd8bdada2eecc181f75c552c00e912e5c2 100644
GIT binary patch
literal 1762
zcmV<81|9i~4Fm}T0)n*iur~xo<p0v@0beh^OJr^u2=h79ok3$}Gti~VW;$nz&o&um
zQ)|H_<H_UdBRdasM>xnP%@af)-$RhZ&7)3w(?>+$-b1cw>C)uo%^A>P*=<*0iel03
za}Fsg1`ruYzno_!>aY;)OsTkc%h&&pe{$nZw5?@UjcH^%VjHu)VgwEnKQUK4HJk0=
zyZ5gIrQ>xo>l)_!-wlcQad@p8gshGgv1xcg_Yjj!nW#U|n*LMBm3Wlbk?i_CZ5Ume
zal+118<A>4AaJ?*V#JRCa=MTz1K6B-nEb*&W)}8_{YN|7UTh+U!ds%WR1v?9Hbxk@
z+EogP!glp>+*yB=n_Y5O!Q;p67Vmj%K0Z&IQHoSQT$5HK`B~z1yiX&eY#WwU=~;7S
z*R}F3&c9V&rDM=B?(>!Z9}?HjEfYzeD!pR<0+x@F>TU9zk7}<kD@qJ_abjYOs8hRq
zh7Jm)-NU`H`c6=I&(MQj_=6dt9@WEYi!or?8Rt!!pCBv*k-S9~KOI5vj$pMaMw^Qf
zBVR!3mpTDmS!mu9l<WcgcWnqFS5iutv-E~%f)5Jpy-W&sb_7%(q-;Ao6VuF}jD7Io
z6;$WA(n$TdIy;uy4;ZtMkw+=@T`+Y|R6>`hv#*;%+wZyrU0HEofh5VjbOiejUW3pY
z12D!+Wf#4>(VKPmD<n)kQME-pHhyLIsE@m&mae7pDVYTafP0(5{HTcJy!q>}rZ71T
zja(Co^VJ`de?Q=DM7vMvigtGHs?54vGS7;%Hh%Kgpcm|%^7?KEi%S69Cr3HH;P{#2
zQKW(H3{(*{l=~Bf7Rl-tT)anXQbTFgdpURPL%zy_*wvVIb#5uC(O*IiG}XiMGUA%y
z{hDOjK*5$4CjH6|s5_9ya<kCmTf*~7BVko*J60v>=cleH7`i?@E_&%aD!Azwfl->_
z*G%8=hHUxvc;-w-<E#k;-y|JdM{z{{85Sh-2}%DO9Y7S{sJfRLP)hDFrloQ6p7}q7
z@&f+gYKW*z2uzjh6T9Z1VXTLQ<J#n>8SZhmd?W7x5Q>Gdn&TWCqCer@&YB71xG=dZ
z)$Q#4CnyByk9+}lQNhr0X%Yl^Z@x^E{?CS9l0qFDy5|%MRx3RMp&FRUbXi#z!svt^
z$1+LBRDKak{r8lR!uG7M$<EM^oTQ7QggRH{{*=$CYZS{EHP}1oAvEus)Y=F0`!Q3M
zsnbi3<qek`{DG<3)B;vKn-~cWYL@}dok@zU#1&+o;|L1PP_rxGqaNi3^$~2D!z$I!
zg+PP=1}j3_HRp@eO}X7_KzSv2F_<<rY4!3;jxGqn-ENX@#tVR3Ag=6O_q()P;Vxir
zdBfPUR2L{e>3y`i=mM%I6C;mOE*azp=yC&EjEO@hZAV~%vb<>vw*Tx}<@1-F%E1MJ
z&Kx%>OC=ss;A2c#Xs*e!O^%Y!Dj=VPAc>{~z^9u8{@H%2A-4|8w>siL6sFHXXGAGp
z6u#;-ci&~<6YWll-R0BZ(9=FJ*d=Z^1zpP&lo<hZs|=`(eFb~y_fsZJNEPxZUc;l~
zje!r$2@>XySLaK2LILSvW!Dc?^#B&6$r*#Z0VQL=<ZX-EGMnW7b^Z4uTJ!Ed_ik||
z?;l;;(uiOYL1h<|zM#4KNBJs@gY4=FP?i84T>xlo$_b_5MO*>kW6!}M4b=rO4;kC?
z7>1#k9x6oenqHJ=>|?M)^;{lP0reAV^DsBc!yt{hJ=)44ze!{NMcolK=<LKc1}lAf
zgg_WyIc6(L!ew)*p?xVisbTkfPBI&plnd1KRr^@{@8RognvqT)cx2rwCkuYhTHyA%
zI15T^ko+a^_dIa`GT{>)E*z3xPIFQ}^9xIoZ8E2fWR@#G|3UOCwegz@y^#$8?WWnJ
zs2>$dD-U!>e@QG<l$^KOOyauoteF_>8RfQO0o(=0E;V|(Wz7kVeam0oZT7r|6xiFJ
zNd8hqdzqJ0-`fL-a@okskU*`zWMi=%n<V-=@;H=D3ifs^Te<V`x2Vgdeq7c{WpVYh
zslX0CfiPXweuSc`jBt?%tQcza76g7|bZX77no>1PPxq!&m!cL|J#l~QZ}A3JebK?T
zy$sIEE!|IkVGk9;6HzHA)9Y-IXTCA)$QGOVqdT1OhM%`yYT53qvYtc=4KjLTfqCH9
zgC*H0Jk^%P@UH!391-ApSu$Z<?~37SNX@G;uGzrNDT1E57mg1TR>{4D#3;W{vq*kO
zsL+qpghA`Jm|4{gJrTOb%(>>3vR5{Am*n3SBI9H-+h-WW$}kgTg9MyYUUi*K+#nml
Ero6&wRR910

literal 1734
zcmV;%208hR4Fm}T0_WqJMLyD96#vrd0kSseMv-_5+A>|dXkh)Lxg1WlZ_;HhFTh#x
zDXB$vd955)y_i6fJ)Oj)aBCs+sb^rD8ckG^9BEnrFn(oz#yfzS@$+cn3lx!+B3v>8
z+oZYA$+d_~HR_?8Y|47V&47`mfrj&cS28OWOy@;W6RABVdPnTBDiQppT7W_J!vZ~k
zJU+n4wlc$u!0!vj)k)conSKAdiLj5M4~3gTnMvFiA3OAaxG9$-Fi4Hz8zrK}UW+wP
zy2KkBMs*nJt{;S3op3>^&flbtsElr~I!hsD^U2aEDCp+ScE}*!0)iJIYxI~0rz0!!
z$*UJ{b*NbH9yB>mQVu(OxgZzVjskCoA1LLO)@Ob*I`%xmx3pY(UfU8<8kU$joj5L4
zATtgXL$nQ}etB%PN4yHDL~%HN5EDvD5vvXO-mjxu`Jw^zi}3M^AJM(=3}3DOf8t`1
zj@}P~D3y#8&Z~?x@1we($j}oT5e)y|907FiLk@uC)}}$TRV@Z^%|3?~AHf{N=JdS&
zmAz<v&TLF^P{Sp511{sZ)&69P=W))D!K^a-=w=bz7uPowT6IF=tU21rwxA6L#dHq}
z!01292~?;YwSmGn^gef#dc?|P$sGIgw>u?{0*volC=e78`s^b_7LW?R+;1;+(&V((
zT*de9#KZNX^&6OE$fSpA*AbRQ@qfp9pz}Jz&>w6bXOw_#xf2&v-L&Phl|oHWm@D3}
zOys2V$RMQlp$0{v*s34|sV=iP;x;zP=5RpwWJqnMP&QI7t)^63FDPCOen|MjFf6Fy
zbH8(4!{wkLz8MP^38`HGosmm`E%%?rxE~2g)rNC_O(^3S*C5=3vYzG?3+y!oJ{s{1
zzUNA>f{FX&_8Zr~`3Aw+iI_(l<`oeGJGikkiq2sFOWR;=B!0NQRSX2%#^zb?1Vrn0
zUAk&@PC~v?RWOgIT?*LH&uK#GKtFXuFkP#zy6ByVhMXCsN=h$QNcx6Fab!8QW6Ur&
zu}^KvHWAtV9#3G<hU^>kF0lWTE~;FldqZH>&o2Z%KX~iA^p+fyiGvth=T-)<@CAc*
z?GOwo%qlyt!74iU48M9XWmg)7k`fK)b}RNsiVo+UFE1g{y{tK^E0QF7xiW`>{iE_L
z2e)`aCjrF4vaJ(AvkPqelNNjHn&uE@P7P07O+*CceK`8`Ej^O>;!(i7HaCaidZ~kj
z$!=OMn@HL1CK6=ew?$<qWWAuj)nX*h^JP=%j>zQygRGVm+>k2DR7{CKke27evSnGj
z1<tt|+S%y*#HvT~Axm-_X6T4-a>DV~gv?jynB1yH$8kV3HDk^T{2PYCrSXN1{hh09
z;l&(GhZ7|l=@6E5%7=<t9Rq~9#|Uhb@)NZq-I`d=HBI&G#fV3-$<eL$PdpNNm;)xB
z7-l56V*J2STQOKrU#;^gKpromLVyvUeV*j@1`{r-3%*VvyPL=^z(e?|#Mi{yv8%Nf
zxT#EbEp3Iq9u@J?#ZS|inVmFHVkGv8>&;~1HUa3Edum39CeKllCDf5<iJRd-7DqpJ
z*K1d8XrH!uMA-wC=yK6rij(!cCO5Xkz>wr&+x@&+?!$Me2rKSZQ|DnUwYV~xd6kbA
z^fr&FN-_FU?HQ=YD~>e6<GP5E{X7M$kjf^!A^=T3agxw5y!IqI`8hXCNJI$ZUJ}DL
z-msVu2UX+J$^=|eEc)lSM)-<W_alD;%;K0Dt#hUE0)R@s*t^q`Y5x?Rj^mL)<IK-o
z&1U+vSf~<vB4{^Ck=4p3uX~S$oMM*-@cHzm$$AJy@gDaBMfgE3%F~;=;}+M8h$7q3
zr9K*(>BR*{U((QLQmN58HK)d%N*5aF<rYi1=+3+SErOTiJ?%!EgBG4P=fu5U5i|@;
z+3NFK;nbmd*tRABX6jW+7^e-eqC>TL7;s!iBET0tq(c}0dVe8m%YTz{Xp6^}&9rC_
zFW>egRI>>@J|qb&;qSrsBP~vN2r{|}xny7Ft7$IqnF5kN{Ynzk**xBl6FNa!ASKZr
zjkC^DnaK9M?q75@{PckJ6UMReK^Nr?iNe=Y6Rz(Imio@B{ax^h!#Hx-I^eU|&f@Sk
zeh`^4eBkBo*Y~t$e?2{Lb0)LXxo?T=3jk#6n!+oCl3nSeNpa@uI5Oj<LW(Kbwq1>P
zK#5K-d&uK-Mex4OqRTzG{P7!FF<?n=N42}0t{GTka7B6Cc7$I0Wz#<nSHlr!CajTz
c)4VZY*mj;r+l$@-e)s@UP5vwxAcnw&Vw3J-c>n+a


From db472394f73275e7bb60faa091c4360181a022ac Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Tue, 6 Aug 2024 23:40:21 +0000
Subject: [PATCH 260/354] chore: Update GHA resources (#970)

---
 .github/resources/firebase.asc.gpg | Bin 5213 -> 4078 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/.github/resources/firebase.asc.gpg b/.github/resources/firebase.asc.gpg
index dae950b79907fe1755832d9d37ad34cef5e2e284..feb690edb55d475e520c91829b1bddf74e5210a3 100644
GIT binary patch
literal 4078
zcmV<K4-xQ;4Fm}T0#|P7o|pEg8voMk0eCVN*}bbmlD|RLkG*nyknQdo>@KM2ENfd`
znc#W*a3Ooqd*(W{g1h_a8@BIbn7Nt>^*8M7f?&enK2bc&q|G~nl#e|f<2iTRItr2~
z<8LWj4`IS0<hoAvp!2kJ{A+N*Vm5f}0%?n=c_upJn`h1-H(Kw)eZu<OCwSKTYrj)H
zFZ|}FH9DH=HLfftfc^zR7`3G4SQ6Y#pFPG@yYj-ZnLCP>eBc)Y)1(D8Qnh*R5a*?g
zt;VUB`_4$)G30ADeXbW9j_^MOT>5b6LVbl;EQ6{8%}k`3TzszD*fk!l?!-5&Twqgm
ziC_HBh84?sC2A)O@^nnt7X)m6H-#dVQm$bp#vd~TNg@pm;`L=y4cb^-cIFt<YU!!I
zUezyUq}&dqO$dtCc_v^mDIU!i8Ks`PrVX^DoyFyo5Hw4AT}`bbwC+ZKlQ?v<gUM3i
zX^jd$<OeRvTILmP;MF3wsmHT|R^Dfy;<DAj(H-~w5&OE0#B4cs8p_$_Pd&UeyNw{m
z5IM+~!v;i&M)Lt;HMbeRthS+*ij`V%xCrL75Je?6uyjlu7ip7`m#>e9<A_9}X)Zu8
zv>V3e?Y2`s|I&Xw-=Xhff??~-R>{K%)84+;-8g|Ju0*l&04TLb4b-vPvL8lrFk~VW
zs>D<1-tYm>mI9$KEo#j_i9{%EOqaq^H6i(>GU#}5aAEh`B8A*_F%EbEbVld04aA4g
z6}J6Ek+CfOJc!6N;d;^6(~Q~-jIsN>3#E<K^3=%gO|bS(TeS_Fx2R`^?}3&deOrBx
z(($H-)P}U|h$FEEKrehke)oS-TK}Cd$W3dh8o`E*z{?QTbBx?>R;5E{fK9v}qQqf-
zoJ!LThr^Y{843w;o|SUab2q8Hbi9WC6_1)$xJW4Mhq%YOwSW4=6q9ASm=7VAzhcr3
z1w)OTjuA;1PaWv`FdrOZ^Hs-28s_c`@ua&<Yf01eb^zy{;WCB0_yr2?mGr1g0va9)
zcTQPjLT$;<%}>Ah$<rt|MK<;nSp(fx9+*QNZnTtoFZVQ-XD9&|UlPzHEx4S6O1+d>
zi${nW!Vk$Z7x<4l(!HbY<TK{BR<xh;<2@fP;Am`F$lB6<H<x@m?v_M{cBmG*DqIGv
zDV@={TKKm8@;aV}a;eVHnn70!BOk3$iLz#D_?P|gBEV4svBRWrSoI?#2-0*t7+46A
zi(gGYG+NfwK1t5Wu*{7JAzfleY9pgqSVD2g4=Q0S{e6}jvt2c}5<Jpzjq<HDFqM(k
zje8C0RY(XHzgw}GP6a`9&c4X-Pl<MUKs~HXKt$T+<K3zR049N$4u75HRkonm+02ee
zxNy!GW(pEYNPf1z#)A>6)KyS|gW`KGoitXa8m%#-k>|5@Y8mko<y=e7iw;kJS_;WP
zzST;G*ZNV?J)+D9FUsUcu1w0;g+-zDpxd>C{c8~TKdIRL7r(AdMf_+~wYXRQxht!(
z<xkTaT6p=xDwS{6+AMK8uJNFCS@*_|th77r8J0CsrYku2{6{8TYB-g$#i6q};>D{D
zL{JkyB6SRl*~G5Ty$PDu6TG7?hqbUDx3$d4=#98gb&7iabITcOFE=}Ss#bill^)Tj
z+gR2=zxAs9GAh)Ql~}yg+YX=={Wil5%>gic6!6^bRzp#?K9nZWDI$JE(>Lz$YQZb;
z^v`lltn%;Sj5-aNQG;43ujMC&T2;yThD&)`FiiQpV}|<M@*#E&hW|FjSMZzX`Xzmp
zKUsQ>2(>GNXh2d*Cx1t#F$h=2pSCGfKlunKi$YK57L56Dtr=fRRtj-qI2kNpi}2Q^
zB154`675|)zdKJy;EBb+_Jo$RnU3UjD^3;H=Ethqt$Y6s8kpNW>j@>XT#InnAQ#Tv
zq{3?io7fp+&A;QxCS}u~JcS<Sq>*SZJt8Dmf#lj3s{rUBnkE?RwO5YuyG{{)3;Ij?
zFHspS+eq|NtP3W8jn?`e`&!|h@uZ6m?D>6?9aYg0R+(~i0SjaI5?+{kOZKNHs8-*X
z*@;2nopIv7&asv{fQEG!01RN5w!HI@g;u=C{_hsZ!Cldo%6Tl>LNkfbCu;!ozTH4L
zXyu~Ea2~aULuul^v^0j*&VQ>0ApoG+Ocuu#P@&2NHKYdAP5SEomQ)(H7+x_2VRU8+
zjtU`Zra4$+*g$n@{8M$Mf@gk_545<Cq%789WWCVH@!5feKsU_=rA$UxXFwJYlsOtl
zM!)mpvlx(m`qon3RFlAid8DV|U3RraTFPTHZ)&~n54$&NxJ>HMU-o`~-JF6SiL02m
zd)2{k)qETfW-|8%feRGm6eo+(qV?=e5sqXkqnS}W+8>bmM0I#dp!PbK#rXX;r!Fop
z?osyTL~1kCR1A<<LyOL+O}6kBqU^`NMH<}=Ks~jMVBmT_uz;qzOoOfsoV6bDw7yRw
zR?Y|ODgdglwN1L@Kz6ZC_P6$0um&zU?mJ*6T42)es?p{mVw+D)+CRgZ0Ram_FC4s1
zLNZR3YtdpVY6|R<5oc7d2;mXv0oT$foMrQ+824i~@#&i<%T31Mbg~R>L_FImJFXKI
zD}Izrm6!-7v8V*|x2dob34a`$X$du_B@WeeA&$47OfPB{*R*avqx9|adC~JVrbbcX
zKQ<~HEIA<zEz|7Ir{cT9m`S+p(>AGd8AS4op4DO40s4*}tFidP8!l+~>c%#?t$br$
zlUw(xg?Vyq>|i{tc7|i%s8PXDeq}dJ+X^Hs+fCg-0Sq25_!!3{H5vn3Y~c04T@-Wm
z{2;sp<n#xVHo0MG%-(K~sN?q-r7x#4ed;-buuXB*fz6veSp{SH1*3vaP~?gS&qyz6
z>uy=7kYxC&EL~IW0C$y&ViMQM7Hib|<O5Dz>o@&=kyVDcjs72ZW9u#vR8jglzn!Tr
zUVdnmKBskyd1hDdMbOWcZQ1;7+{xJD_&6c*&nZ9#m2!GX<(-^`<-p5gc`n35Trm=R
z0qXbS;F4TWjruUJc`>la!PE0h=05=4=zY+lxer^l)aP<k$-{%-ez9fI3K$VLu0JIR
zJjIxLi((W}RtMZQW@|NH0(VwYIJ5ZPxubUBNT5DiT?OjDyoXH$JTu2q#59(3jEAN<
z3$2U+3M!Z}`l!=Mc1ORiX(sx|_t!CB4saPm=gU-ccz>kzF+cYyOo!(Zd+-s^=5?kJ
zbmUI|xUdW&`s$(lVW7qSs*YT_X5Xgl2KzN)ijnrEIHP<x#-Zjb&9*Up*Rnwr1CHyt
zXeIB2GjJWQ@eaY5!V|u_`;k3Icc{buHn7M>vO`@;>hYGRF>X6V(71P9eh#z8xW&N6
z&D_j?e_LysY$B}2!}8{m2j%>aC}mK{^80`_P-I<>gu{y&JlrG?SQI3d=_H_#9l`yk
zSr6;J9t#BIcWMC|o{9b(=D*O+kkg-%DbT|s+(<1ldE+LsMW8q>)k8&BpANs1gdeV5
zvd;hi+(&s`BQ?iu$n{MkP?_$1?QsT~`mpl^u^$sOe5MoctjNY6MYsqIYLQeR%PG+u
zzZ<_}b%Tb>WP&oC@H<+SL-&_}^x>A{%gGsdWHE8vZW6O+J69RRC97bPiuO{_1av>+
zxy8JkX!S%-8x^?9T0VE8u9vDo4b{h&%0pVHF(+6I1g2AdU|uB{Vhry}j0S3#s>mo2
zbh>&S!<2$uiD*{;aHw<}=|%Ht3vi+v0521EGkJhw>ow?sIt3jPO86zHt$p~WJbt10
ziM#lf{DnH$!5SAfC?0amV>nBO;zgE@(xA7ZPKbDB`7F+wL(Nj|ubUx8f<|MV^!*l<
zZ465}A%c3VXdFyL1`DCwHUl6djAmD~0_D_Y8Li!ZD&C7!TlE22?>X|Z>9V?dz;q%L
z4jwE<l%!K7zThatdBmmv@z!ai!y8G^kx>Mo_GHOrVAex0Dool7CwI2rSP$-K6m->U
z5$TGTK0S2_9Rq6q^_t`poDSrkUzMvvpv|@|7uX!C7W)k{^k?Rd8TPl}oXf>?RB=MV
zC-bGECQ_xMxCEyxTsNWypXXwvmQbWWMC?e8x9J<^hxK>%B@kSBjOEPsPSx2s$&jzw
zUmAwjBVECS8p`cl&~ch1-kD+;A+-N8r2T{t%oXns?OaCP{4a^RlyKB~XR_yGXST0r
z+q^%bJS0W)C<6XAo{P3XtS_OnvUiOya6#tOEg6<IoDH9iUjJ7VOT<L90AH?+nT0LX
zUckhMAmh3mB7>Ok^uP?r5~%VjI{WcJ)c-bqJ1M`4VkU*Z&S=hs13i$!t8M<ReT=>K
zxhR1Or*Dc+w1Mxk6A$X$zk&--%wXXj4ZvTQ<+qF{a~Az9#-IRyw+bFeuMOq<d!jpO
zJLDOI(9;8$IpGDqwAQelwTfO=Q~Z@&3V6QO(%8bhkGwo8b=)mF8n)kGt3REc4$|&W
z|GSzYfh$<Iq^H2b=`o<c=}P{`3JwQIgTz+}+%($Oh+cZGx&772`Q)pt&^jdA*atpQ
zRS<5No+`c$bkZT%V%Ry5i<oQ4Q(E7L4pdb87JL9ey$dI8PrMx+Vbn8QO=44`iMNb7
zGRo4d6%9Ux{Q0~bC0gb0!CgN;^X+(AadyFW{z94)`<UDJ$3?mR0k*ury|e0PjCJ_V
z`4o-k$h<xgNKo|IFkFYU`6c<VJ>qyzNb9e0jgD9K%dSDj*z<YF!}eb{X^FT&ONTBn
zq^6)v*#iGCb!t8eXE?6Hom}ek`SigVssog?AlwoRvMQ}Y*NrRSXhS>b?{vRYnL|$)
zSF?pTBkqMIYho$kKK!mAN&nEI_gTf7hO|cEnq>#KsO?p%t3X{D((akW-ghN2JhtMQ
z3R-6vnBTd&=Ax8h-S(cCrqVb?)kkZ_Nl?<A_Jza!Ah8#&J!P%KWXGrSP*^vmeJ$-c
zysikClb3=)R5iIy$AM=56D0Cf(8+ufqI~X$Yu0G!@KGnX5uc&2!Z5UDz`N>l6JyEW
zDuxY(4xmK}UE<s=Y<;4kq{A1jXhfdS_gl-5%zuXe(I|=Zcy)>s=<^4pp29v`<&_Q4
zvr9p-TjdRBaUj(A=EV3D7%WS$HU7Wl?$pAz4J{n7oqET#Wj!ad$s)GxAm6lwu&m<J
zK54AYrN9-isK@oy>@jqXF2t7fY&)M0JbQAeBLHp=odW_)Iz3(<{dUbrYik5#>A^QO
zj~xc02=e9?)Z~_2t?!_k`(ZmsX+Q6fmE}U@afYv(ORqUl06go~;U`0Kz+w$1Q(;!`
zXh^_0zX&PO9lXa}GeDj>x|eC`K`&7H=qWI!sxLC5<O^Zd%F~X4zF21t{q(rT&0!i@
g&laipv1Ue_1_gvRysJ{b@MWN%&Ttfr?tEMTR=>j!_5c6?

literal 5213
zcmV-j6r$^l4Fm}T0y~cD1mMJ_9{<wp0i86)7ERaQ{4$I-{swz_jV+_2Hlxkq_;ps4
zwvUZVMH^Zrg5L6m=My^$8qutKRZEx^AmUixv3Q_b_+)TpCt^Xs&v;BX7M$Oz@z#`m
zdnh02xPpTE+d%cFpvBU?1Zh_d{bO1$IPcW_@lQyV5&?fo+C9!CZ71&`;eE0p(&0LU
zO8QueN{U>NSJ|6_^aOlzDF;9a=bJ=4>+~FpqQRBCwHSU;vuJq+^UYpVdggTmZa@nZ
zh%<#5tD=T>i3_X%SbV<2CTS7D4c#%aWv)d#b*tw~8+%O{skDSn|13iD2v)_1xzdfx
zd|N-H=t9%Fl}2giyw5{Ko-Yi%h2^JwFp>_YEU}vRh3*8E<>KjRhm_>N0-Et3d9jru
zcglr?n~c_YSsz6F^M5CZ6c^N|c={`W@y04~XVu+29IoBZ<?mdUPYvRN4W8uV*JOTu
zW<(ZJ5DzF7{w{->f0&sBDqggsVeMcuCFjyRczh;{iahd*t}*fNh7Y&8{hAouJ*d`L
zLWIR{NJw-U5mx&0MsxLXLFTW`mXC%Yb($@IP4aQam*rc}o$jj){;`BWb%*GXo<xh%
zX3A=BD5H~066R{#O3;G{;wAlYp{*yxjJsNFzbO};q`6$niX13=?GU2Nu9-yzN~Mz)
zB8!EL{-9jHXH6Yt;A3cdHt9>GrmbS<!|qaKJiPqZv>hPt=lzBr%B!Z8QZ~0WaMV}5
z)Ae`!7C-WsW+n~8cqYdF>dE<bs%2f6om%t#j|{u-x;9Ozs$3;oL}&Fjn!MgboY(Qe
z_je-Z1*CQ3OqDic&rAG?G`Z?wsbz$pJXmR5OJ^pZ-hS1Rp#fLHCu1K{>hUtr6di!U
zg7DWt`tl}u%-FV28=Ut>XZJ|DyQ!&3#$7xT*App?cawN9el^octlJhGCwb657Kg`#
z%Dda_0-j;vIiqfx{j?n5`RLiMNYN-huKS2B$jqTJTzH>of45!+F1`Kces;fvdQgcM
z0*YsDI+0s}Q?Ww*c?U7qrYZd&b{{Mj=j>`J$x9<amRvl{OeZ~Ii@ZQl)KNW|r?`Mb
z&?}w(>@Eoz_Dn=KSALFFqi75s|JdIy^fx7vxN&M2He#y3zgZvkp@I1BuSMQIV5Pyq
z+pH4*kP<S&@ZGL{lzc~<6Q$@mXGWTgXhJdDD{W%#9f+o{;(ob5IjHN8k4~<~t9PUL
z_|u-Bb>2>ps;;66BZUFe5puUt5>AjvdI;hy&~{^b>m2j0Pm}=15s7u}qWeSvAN_xO
zFTK-J=GM4upv;@lMs%7e72iDQiDFEMJaNYnUZ=T^^WsxFu!<rqe2pfWxtkuEfM?Gj
z788ytUs@3BQFYfWsLrj0i|=A=UXpgTiSNm;BrCXiCa8fz;3xml_W;taC5&o6JDfXi
z6MbiPCe|sEB1JSAO**gyEh2kZ^?McYXW{`A#~;)$10L@Li@YiWv0z*eZw?pjoi!WL
zYMELcXLkgem1Ujr(Ol6p@HPi!Vx`YpL@Har%y~i(KJ|!;(iiR*+1k8ZZF8p|(eWd3
zcCvDxJz^nUm9&NSe_MV>l_UD5lOU;tXtlzL+(~HMS;Gx2aLeKTdj%Gx;V*D=(3db+
zwWSCh?d(vsBKxj?e1qQt>2JWs;I@5A7#gCKoLx>9V=&A!ZS;~}+&z!IkJaVGAQ%Qg
zb^L8PX7b<BNU$DHN$Gq+*PqGV|A#WVM6FO3kKLd#itK`YK=5o+KQ(vrA`qwl2i}j$
zDxXFs)#*Q}>vMx(&hjf1eQwM?yS+@&p4Q0_xsFo&OJ>4I1d;LIF8NcJV<oZsc;Z|S
z8Jyl)UA#4eNbE7Xic1(_4%Mrm32SzNdGAysT2@7Yfi8yD0}~#i>MdB~U{Ffw^MQXx
z&9vf}0n)!`L>n9ML{yOYR{F|iiLdsROq1h+1{}PLJa2>Q-8#}eEbO_$OQfNs$;x3~
zR02wC;HAo3NmHasI7207%XyLYV&Z72U|2(MEwO0Uh&eNGr8%v&p`X%1DaYxgl}$rz
z@v7eUU1St}cN9s_o%N@VgGGt57^^1vtF|0eoNSDdwTzP?)?68|x<f+&HzAeVcUj%Z
zPEaA_Z)|>eP%QqW=l1!|9^uwEf|YAhU4T{bn8+~W$<?fnF1SGNl#umh8KJMX;40ZK
zo?b9%xdtxvp)Hv*!(gY8g~Ft|xlTNgO;py1vi=A#%23a`v>5>maxkg4Hd6%FsoN7c
zO~I^o*L2nTZR&zNl07Oi)y{oN^DtcvK(SOI*Y0>Ybuar6xrG(XK^dfK`&C4MJ-e=K
zZnKxHf%<M~H2&Oq5-$8z%S`p+kMu)D6K)?tUP1Mf!wJt6iUWrv4@X4Y7nYQNx=0-C
zALM%%2RcNW3yOs{F>qwe;<YRo*siZ}2=SiNUFmL<Nc{^R3qh7Pzs~WY&+*c4MJ!N}
zMB#fcoypGn+I{5?Hk>50O8;3k)4bdoBjyTAqs(!tnp$Buf68tvWUlz7z$6xk$i)kD
zX=0YAOOh$u#R6V$%F?*l&$EHHVA{gVEh(NNv|bKo^$yxT4}#pL0Blp9spkEst&Z!g
zqbMUyFXg+eZjeT+^RTaV&Jm)hd21Y%AaW3^Lqblg)2sER6*#gei94~!<(M{b_3{HF
zwd3`)aIxZMI3J&c#~0b?w01xqb{S)|QK83#L%(IKo!QdckrvC!zIHb6tu1CQIt%XL
ziK;-F57I`VaR3d{o^SW0z`Tlg6r|7(u?<R=`~KsqY^3Q$4{+3}T;)+vBojz#)2u8l
zGmlY=W;QP`E5P`&ManKqS7m)91vtkx1yL=yV<go`WF-mqY@!J`&4?!pa}W<o^k53)
zTo9^~n@AvAH)zXH^&f2vqU@Q?@M3b2{xx0V_NF<UP;GQvQNb~$66dqrukp72AS}cB
zo*xAgVS+Ona)W%QN7c!JgX>SW;R-=R$T0cuCo_S<b=mfI5#jTTPxpVGuhZOtZ$DIg
z$#|q-(Yufg%9DRX?5-j#Fd`R^(UQn$qXTB7W;a*m14Yg}s0*i)HODsUuE378<J0iG
z_s@=Lh^SxhFW{HQIj0gfk1D}P#~;PJHAIy0YJzJMWfu_odau}&bq2!O>Iyidv+e-Z
zlm<`xPuT1mGQbfoUQC!VzP^{#%8U?tCE?zvh{b+;_VNmb%-x*u{R5Qtc9U?x7<b)X
z4`Or{b^}lYzNU7>fC|;Hfrw7oO#%MOJ--mnj1<&fOU)~#i76#MW=V27AZO-$K(LeD
zETl~4j=1ql&j~rVzN$L)%@D+U1M2)Dj{*{6)I}&UPGq0OE^<Snhe0v;;3ckKJ4)>K
zpXR(!Z|F2*D(P&67eq-9X5&(LiN1Y}@htX#z}jOO8|N9rLrve76IAB00?FUVz0e(Y
zx;0bf^@>O=lvjkR#9q*1!B%*NO9^PH$S)rn)%%g+1nKM?F!pRRxBRQ0VeCplGS7_|
zsh|S;`1XAL_9f*Sss)a)YzWY^Z_o(#^%mc2^A2fbC~Vtls4maI_>Dr{FFRZ0&Pqq)
z`wdZhs<Jz^a})Kkfj<nT6s9Uw!Y_WxrUDrQ?<50eg&w~Cf1kUFYVOEE@+BU0a6kMl
zb-N|4a#NW(kqqc4P3;}8U>h<38I16GIm{0ZTEr__!fP+3G{$(2JR{mhg@V4G?kX>M
zQ~JTq;1ey%npIir>qza~5oHsK(oV>Ht+t}HZ0@=_D?KHEST}Je-cZ-AI~>5&{t21a
zn42<f@+$kTcXzyy2Cs;!b@hs1^Wsg=2he*L69~GSH28|IEA~q_DuEzl)qUMpAghYk
z#E;fbvN7yH6|0Fd>zwbYG7}h>#bw608CQV-Q-v1!o~0b|hj9_R@_qhLF%pA$G8kc^
zC_tXksu8YLCz4CM;(D3%-ryzJ7)na?G`Ml(Q`3Ns`!Yvg9dUfe-LRSy9?uho8Y2r#
zM+W8ftj=T-A6`83-Xog@nS1Wz#5}I^TmQ1c&F4zGWb80K5<uPkxF1D8o#zCnU2{lC
zx;OI!n;s$0VfK^d@$xiWwI>TFXTsEZ<<q+TzJ;V?SF57>?|9v;S*RR1OTUf9YJcxZ
zCVh$uA#0s=$pB?Dz3<|t4T;3!k<aPAxeEihW5sJ_1eO!33HKIG)iZL1eBaAjn!X5~
zy=h`ECIIa3L;nnI=JqiV>dqw9;y%G-dIkz~W+??tSn046hCZtL!2l`r%7nu~X-p-g
zktkXLj~Qu04H$CKb!C);=}pCVe>6jf&Xof@Or$Z7(Kf?UYgVrljDij~n!5pdrAX*h
zmag^pefSf4E_boQ1JV~T-BZt6QcNhOMdy7;2tEX@P@j19q&SzqEZQC|Eug08?UUjl
zSLZzcX*LTzr(@20JJNi%7)Pt+HFLev{Jc;GkdI0RgeFOpQ41(4`R<Yn-Ro_r8n1EQ
z%S~nc!eecIp)3_#QutzM?XrCf?`*fMvGaM(R%f3HLTL^^%bI!lV@ocjHwyAqR);a`
z%)!3^^ZNFBq2Od8z5M>$v0~7Iy_KR%wT#&H(nTV`|6XCIt6*=d_M&7iVrtPCYl6I$
z9Xs6+BtcYY)vh;lIxle`)@Phfw@xRvS#Z?(0~b)V5@nYemY-UWvYxmX?XD_-zm#Q*
zq~Aup`}dRl?Jndj|E|r_2QH(1@9G<N31eUb`VDXJ2XWU&YT3^L)}t-%jqOdD{jh;)
z1-$6`gq_hn_LkxfX+B@m))~ekjZco7|3|^f0Bl{KxL%ry!5V=-5yF9r>vUh=&agz{
z`BFGi6qXUV=jAw_E2ioD$`41a<7fJ*4Im*iZLve}sTPEq+^Hidp!awyGOS~tL>8rV
zwiPNSKve@m-*Fd7I(HOE6r!Dk=Cyr#q*X;A+%W9`_0AI~oE=fOUGk%~%+@)L*A^z)
zD_$-y@5AMaYx_AH#6VQY?C98DY4_$FWfuaA7J@a6DnsBZ*J=D%x-Rtx+|gQAUx0|5
z9tVWKXZ>u-{_&b6w7vKIK~p>czIL@JkKw6Z6o}66Xw~IAKx7{_B$4nMFB51}N~-$3
zs`8z!S_12b>iz?Plj|e~1LinXR|$vjG-G-CIvJql&leGNU09xUm?v3@St*^kOJM6a
z(4<3o_%=)S0@n@~wkwOE9j5+x(UQT$6p6WlLnC>19D6LpujoCJ|0sY>nK|e3hb+>A
zExOpMWTv00f7|i*)loysK-wxGfEB>ooR(4ojRgc=yGev{W0vNW`fAwDh%rsXv>HTR
zWOCt;b;`sZcvh+#WB@ue<?QSaEy)X^B|fhGG*4`(BzN#DvM>2$3I*uAfZh;DaSOkR
zX+V4KL+PwD^<?a?+AZmZP2N5&&@PUdWRs-I7$H;-zo8yIK{+wTxFPDL8D27>t6m5}
z$`%AFpYhO1>Ta-;>Sd6lxwR96;*2Ey<elKki*!E0F6o!QQ{_?xQ_tT<%}f%PSt-ES
zvpR;T@Ba=m;*vlt8*vzqvP}xqS*OUSVB!9@3K$Tuixm)dJy9R@_$;}UESyJ+rI4xN
zkX7yO^K-)Rd>JH7!1vVA`N(a7?{cNKBSXj>E>=gU6G(xPI#O>NY`-DvZK@}Q`%7k7
zTJ28;wOmL6mfQKFM(M%0O>wr;kI?ZjI+i`b6V?w;MBd00#Tp1YEL|TUqdOf=wwzcG
zUd6{L_b&v{yZTZn59HISeoLE4h|1KN!HYI!(Kdp!v0%XIH3ve-gKX)Y^#D4!uk*KE
zxY8Q2VoNnL6^^z;ADGg|()E-#?PFSI{ATHo(^BZ9T<~|F%W<hplZKufGhiZBOr_N6
z2z^27&x^F|;YE;TaWv<Z_6e#s5qjiblQSFDx8V}5?@5d&e*>ZWr&|JVm7~?I?_zG1
z20U2JtZuP{KO?}g(Wtp4GrUVNBAZ_KA<(*`0ZFUxIEwkfsSxO0jFYqR$ar+WvNh+3
z#?`SS1=E4Y@Lc`3`^jkg*>%cv`&7%o+f3HpZXIqZnE3{)6;!mFr4`Ww`{2Rc?QxFb
zYVp_h)YqFpcd;0iAHE=ex$EYy0eUIpc1X(5wGi17HW<aBY2OiwEH7GZzId23vpA4f
zb`QUJIMuev2G8f=m#&pgk>TpM$~gm#k-y*2jdSyJSl`de$Jd^wjLMoL$Ax@B5lGf>
z4FxvLE9j7m%wTH=^1STMjE`t6XSeW%0?}voD8f2ePtYkM(d1Je<ZS)p&*s9WFyq@`
zhx58?v$oX+kJM+O{Z*oxH!}=1RW@{<mp|ee*-y4vliTrGx=8FmAq-V)I6ub-`g81Z
zo{$G%j7>S~V~<6jfqv<Od)Q(PnSKp5L+t_21UGVLD!}=Hg@f&Ol!jtOR@;#J*XL32
z#~2M9tUeIymS13MUe4nScuyg^uJJB7OlC^L_5y_p^H2^^=<yj&l;T&zgds@1<9MDa
zZ{^T^MC?kld0Y-?@+|hDxDU7#Jl_&MMCStov3C<T;TLGKz>zeieJJ3oPP|?Ss_<U)
zeKC-Kf2B(D-H7n9K(qu=d{Dt|tmLK^KWx^R{&5lk20CWfAGB2JWYX87q+E2=#=RnA
zD!UK1vFZv|t!0~B3)giTN%-LZ-0n;q)u7v<^g%u~yE2}bIN!pLvO}0)7swy>L#q1s
z!upQ5m~;!NlZ3WqJ&nAA9iz5<LB)Zv&P)0*@|}_}xG$;GA~u`|b^?%KPWne_J}KS4
z$ygO#jq5ShH~q1u?2x6%)KC!|da!?T1=q5?3YGF?4gDruqa();=LM!sT$d~x#7d%s
z9|%N4N-M<;tbAw@1+eX2tuvR?1}47xb15>q6o<$yy}nO;WU%go8bT@5`if&rsX%C)
XrIgL-1=1;}YjbYhxg363z=nJD3<gNp


From 07bbb98da7553fba7b934f50ccaf1b7d54a404f4 Mon Sep 17 00:00:00 2001
From: Kurt Alfred Kluever <kak@google.com>
Date: Tue, 6 Aug 2024 21:21:50 -0400
Subject: [PATCH 261/354] Migrate from the deprecated Charsets constants (in
 Guava) to the StandardCharsets constants (in the JDK). (#971)

---
 .../com/google/firebase/database/utilities/Utilities.java   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/google/firebase/database/utilities/Utilities.java b/src/main/java/com/google/firebase/database/utilities/Utilities.java
index 5a3c64822..6181071ec 100644
--- a/src/main/java/com/google/firebase/database/utilities/Utilities.java
+++ b/src/main/java/com/google/firebase/database/utilities/Utilities.java
@@ -19,7 +19,6 @@
 import com.google.api.core.ApiFuture;
 import com.google.api.core.SettableApiFuture;
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Charsets;
 import com.google.common.base.Strings;
 import com.google.common.io.BaseEncoding;
 import com.google.common.net.UrlEscapers;
@@ -32,6 +31,7 @@
 import java.net.URI;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
@@ -108,8 +108,8 @@ static Map<String, String> getQueryParamsMap(String queryString)
     for (String paramPair : paramPairs) {
       String[] pairParts = paramPair.split("=");
       // both the first and second part will be encoded now, we must decode them
-      String decodedKey = URLDecoder.decode(pairParts[0], Charsets.UTF_8.name());
-      String decodedValue = URLDecoder.decode(pairParts[1], Charsets.UTF_8.name());
+      String decodedKey = URLDecoder.decode(pairParts[0], StandardCharsets.UTF_8.name());
+      String decodedValue = URLDecoder.decode(pairParts[1], StandardCharsets.UTF_8.name());
       String runningValue = paramsMap.get(decodedKey);
       if (Strings.isNullOrEmpty(runningValue)) {
         runningValue = decodedValue;

From 90b0cd60f92fa35776223f21e1ca6982a7739c4f Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Tue, 20 Aug 2024 09:50:42 -0400
Subject: [PATCH 262/354] chore: Remove tests for deprecated FCM apis (#978)

* chore: Remove tests for deprecated FCM apis

* Trigger Integration Tests

* Remove remaining tests for deprecated FCM apis
---
 .../FirebaseMessagingClientImplTest.java      | 260 -----------------
 .../messaging/FirebaseMessagingIT.java        |  97 -------
 .../messaging/FirebaseMessagingTest.java      | 272 ------------------
 3 files changed, 629 deletions(-)

diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
index 17848cc65..3180aea01 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
@@ -17,7 +17,6 @@
 package com.google.firebase.messaging;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
@@ -29,7 +28,6 @@
 import com.google.api.client.http.HttpHeaders;
 import com.google.api.client.http.HttpMethods;
 import com.google.api.client.http.HttpRequest;
-import com.google.api.client.http.HttpRequestInitializer;
 import com.google.api.client.http.HttpResponseException;
 import com.google.api.client.http.HttpResponseInterceptor;
 import com.google.api.client.http.HttpTransport;
@@ -73,16 +71,9 @@ public class FirebaseMessagingClientImplTest {
 
   private static final String MOCK_RESPONSE = "{\"name\": \"mock-name\"}";
 
-  private static final String MOCK_BATCH_SUCCESS_RESPONSE = TestUtils.loadResource(
-      "fcm_batch_success.txt");
-
-  private static final String MOCK_BATCH_FAILURE_RESPONSE = TestUtils.loadResource(
-      "fcm_batch_failure.txt");
-
   private static final Message EMPTY_MESSAGE = Message.builder()
       .setTopic("test-topic")
       .build();
-  private static final List<Message> MESSAGE_LIST = ImmutableList.of(EMPTY_MESSAGE, EMPTY_MESSAGE);
 
   private static final boolean DRY_RUN_ENABLED = true;
   private static final boolean DRY_RUN_DISABLED = false;
@@ -320,187 +311,6 @@ public void testSendErrorWithDetailsAndNoCode() {
     }
   }
 
-  @Test
-  public void testSendAll() throws Exception {
-    final TestResponseInterceptor interceptor = new TestResponseInterceptor();
-    FirebaseMessagingClient client = initMessagingClientForBatchRequests(
-        MOCK_BATCH_SUCCESS_RESPONSE, interceptor);
-
-    BatchResponse responses = client.sendAll(MESSAGE_LIST, false);
-
-    assertBatchResponse(responses, interceptor, 2, 0);
-  }
-
-  @Test
-  public void testSendAllDryRun() throws Exception {
-    final TestResponseInterceptor interceptor = new TestResponseInterceptor();
-    FirebaseMessagingClient client = initMessagingClientForBatchRequests(
-        MOCK_BATCH_SUCCESS_RESPONSE, interceptor);
-
-    BatchResponse responses = client.sendAll(MESSAGE_LIST, true);
-
-    assertBatchResponse(responses, interceptor, 2, 0);
-  }
-
-  @Test
-  public void testRequestInitializerAppliedToBatchRequests() throws Exception {
-    TestResponseInterceptor interceptor = new TestResponseInterceptor();
-    MockHttpTransport transport = new MockHttpTransport.Builder()
-        .setLowLevelHttpResponse(getBatchResponse(MOCK_BATCH_SUCCESS_RESPONSE))
-        .build();
-    HttpRequestInitializer initializer = new HttpRequestInitializer() {
-      @Override
-      public void initialize(HttpRequest httpRequest) {
-        httpRequest.getHeaders().set("x-custom-header", "test-value");
-      }
-    };
-    FirebaseMessagingClientImpl client = FirebaseMessagingClientImpl.builder()
-        .setProjectId("test-project")
-        .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
-        .setRequestFactory(transport.createRequestFactory(initializer))
-        .setChildRequestFactory(Utils.getDefaultTransport().createRequestFactory())
-        .setResponseInterceptor(interceptor)
-        .build();
-
-    try {
-      client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
-    } finally {
-      HttpRequest request = interceptor.getLastRequest();
-      assertEquals("test-value", request.getHeaders().get("x-custom-header"));
-    }
-  }
-
-  @Test
-  public void testSendAllFailure() throws Exception {
-    final TestResponseInterceptor interceptor = new TestResponseInterceptor();
-    FirebaseMessagingClient client = initMessagingClientForBatchRequests(
-        MOCK_BATCH_FAILURE_RESPONSE, interceptor);
-    List<Message> messages = ImmutableList.of(EMPTY_MESSAGE, EMPTY_MESSAGE, EMPTY_MESSAGE);
-
-    BatchResponse responses = client.sendAll(messages, DRY_RUN_DISABLED);
-
-    assertBatchResponse(responses, interceptor, 1, 2);
-  }
-
-  @Test
-  public void testSendAllHttpError() {
-    for (int code : HTTP_ERRORS) {
-      response.setStatusCode(code).setContent("{}");
-
-      try {
-        client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
-        fail("No error thrown for HTTP error");
-      } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, HTTP_2_ERROR.get(code), null,
-            "Unexpected HTTP response with status: " + code + "\n{}");
-      }
-      checkBatchRequestHeader(interceptor.getLastRequest());
-    }
-  }
-
-  @Test
-  public void testSendAllTransportError() {
-    FirebaseMessagingClient client = initClientWithFaultyTransport();
-
-    try {
-      client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
-      fail("No error thrown for HTTP error");
-    } catch (FirebaseMessagingException error) {
-      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
-      assertEquals(
-          "Unknown error while making a remote service call: transport error", error.getMessage());
-      assertTrue(error.getCause() instanceof IOException);
-      assertNull(error.getHttpResponse());
-      assertNull(error.getMessagingErrorCode());
-    }
-  }
-
-  @Test
-  public void testSendAllErrorWithEmptyResponse() {
-    for (int code : HTTP_ERRORS) {
-      response.setStatusCode(code).setZeroContent();
-
-      try {
-        client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
-        fail("No error thrown for HTTP error");
-      } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, HTTP_2_ERROR.get(code), null,
-            "Unexpected HTTP response with status: " + code + "\nnull");
-      }
-      checkBatchRequestHeader(interceptor.getLastRequest());
-    }
-  }
-
-  @Test
-  public void testSendAllErrorWithDetails() {
-    for (int code : HTTP_ERRORS) {
-      response.setStatusCode(code).setContent(
-          "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
-
-      try {
-        client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
-        fail("No error thrown for HTTP error");
-      } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null);
-      }
-      checkBatchRequestHeader(interceptor.getLastRequest());
-    }
-  }
-
-  @Test
-  public void testSendAllErrorWithCanonicalCode() {
-    for (int code : HTTP_ERRORS) {
-      response.setStatusCode(code).setContent(
-          "{\"error\": {\"status\": \"NOT_FOUND\", \"message\": \"test error\"}}");
-
-      try {
-        client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
-        fail("No error thrown for HTTP error");
-      } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.NOT_FOUND, null);
-      }
-      checkBatchRequestHeader(interceptor.getLastRequest());
-    }
-  }
-
-  @Test
-  public void testSendAllErrorWithFcmError() {
-    for (int code : HTTP_ERRORS) {
-      response.setStatusCode(code).setContent(
-          "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\", "
-              + "\"details\":[{\"@type\": \"type.googleapis.com/google.firebase.fcm"
-              + ".v1.FcmError\", \"errorCode\": \"UNREGISTERED\"}]}}");
-
-      try {
-        client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
-        fail("No error thrown for HTTP error");
-      } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
-            MessagingErrorCode.UNREGISTERED);
-      }
-      checkBatchRequestHeader(interceptor.getLastRequest());
-    }
-  }
-
-  @Test
-  public void testSendAllErrorWithoutMessage() {
-    final String responseBody = "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
-        + "\"details\":[{\"@type\": \"type.googleapis.com/google.firebase.fcm"
-        + ".v1.FcmError\", \"errorCode\": \"UNREGISTERED\"}]}}";
-    for (int code : HTTP_ERRORS) {
-      response.setStatusCode(code).setContent(responseBody);
-
-      try {
-        client.sendAll(MESSAGE_LIST, DRY_RUN_DISABLED);
-        fail("No error thrown for HTTP error");
-      } catch (FirebaseMessagingException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
-            MessagingErrorCode.UNREGISTERED,
-            "Unexpected HTTP response with status: " + code + "\n" + responseBody);
-      }
-      checkBatchRequestHeader(interceptor.getLastRequest());
-    }
-  }
 
   @Test(expected = IllegalArgumentException.class)
   public void testBuilderNullProjectId() {
@@ -563,18 +373,6 @@ private FirebaseMessagingClientImpl initMessagingClient(
         .build();
   }
 
-  private FirebaseMessagingClientImpl initMessagingClientForBatchRequests(
-      String responsePayload, TestResponseInterceptor interceptor) {
-    MockLowLevelHttpResponse httpResponse = getBatchResponse(responsePayload);
-    return initMessagingClient(httpResponse, interceptor);
-  }
-
-  private MockLowLevelHttpResponse getBatchResponse(String responsePayload) {
-    return new MockLowLevelHttpResponse()
-        .setContentType("multipart/mixed; boundary=test_boundary")
-        .setContent(responsePayload);
-  }
-
   private FirebaseMessagingClientImpl initClientWithFaultyTransport() {
     HttpTransport transport = TestUtils.createFaultyHttpTransport();
     return FirebaseMessagingClientImpl.builder()
@@ -603,64 +401,6 @@ private void checkRequest(
     assertEquals(expected, parsed);
   }
 
-  private void assertBatchResponse(
-      BatchResponse batchResponse, TestResponseInterceptor interceptor,
-      int successCount, int failureCount) throws IOException {
-
-    assertEquals(successCount, batchResponse.getSuccessCount());
-    assertEquals(failureCount, batchResponse.getFailureCount());
-
-    List<SendResponse> responses = batchResponse.getResponses();
-    assertEquals(successCount + failureCount, responses.size());
-    for (int i = 0; i < successCount; i++) {
-      SendResponse sendResponse = responses.get(i);
-      assertTrue(sendResponse.isSuccessful());
-      assertEquals("projects/test-project/messages/" + (i + 1), sendResponse.getMessageId());
-      assertNull(sendResponse.getException());
-    }
-
-    for (int i = successCount; i < failureCount; i++) {
-      SendResponse sendResponse = responses.get(i);
-      assertFalse(sendResponse.isSuccessful());
-      assertNull(sendResponse.getMessageId());
-
-      FirebaseMessagingException exception = sendResponse.getException();
-      assertNotNull(exception);
-      assertEquals(ErrorCode.INVALID_ARGUMENT, exception.getErrorCode());
-      assertNull(exception.getCause());
-      assertNull(exception.getHttpResponse());
-      assertEquals(MessagingErrorCode.INVALID_ARGUMENT, exception.getMessagingErrorCode());
-    }
-
-    checkBatchRequestHeader(interceptor.getLastRequest());
-    checkBatchRequest(interceptor.getLastRequest(), successCount + failureCount);
-  }
-
-  private void checkBatchRequestHeader(HttpRequest request) {
-    assertEquals("POST", request.getRequestMethod());
-    assertEquals("https://fcm.googleapis.com/batch", request.getUrl().toString());
-  }
-
-  private void checkBatchRequest(HttpRequest request, int expectedParts) throws IOException {
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    request.getContent().writeTo(out);
-    String[] lines = out.toString().split("\n");
-    assertEquals(expectedParts, countLinesWithPrefix(lines, "POST " + TEST_FCM_URL));
-    assertEquals(expectedParts, countLinesWithPrefix(lines, "x-goog-api-format-version: 2"));
-    assertEquals(expectedParts, countLinesWithPrefix(
-        lines, "x-firebase-client: fire-admin-java/" + SdkUtils.getVersion()));
-  }
-
-  private int countLinesWithPrefix(String[] lines, String prefix) {
-    int matchCount = 0;
-    for (String line : lines) {
-      if (line.trim().startsWith(prefix)) {
-        matchCount++;
-      }
-    }
-    return matchCount;
-  }
-
   private FirebaseMessagingClientImpl.Builder fullyPopulatedBuilder() {
     return FirebaseMessagingClientImpl.builder()
         .setProjectId("test-project")
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
index bebae6e4d..d9375781c 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
@@ -193,103 +193,6 @@ public void testSendEachForMulticast() throws Exception {
     }
   }
 
-  @Test
-  public void testSendAll() throws Exception {
-    List<Message> messages = new ArrayList<>();
-    messages.add(
-        Message.builder()
-          .setNotification(Notification.builder()
-              .setTitle("Title")
-              .setBody("Body")
-              .build())
-          .setTopic("foo-bar")
-          .build());
-    messages.add(
-        Message.builder()
-          .setNotification(Notification.builder()
-              .setTitle("Title")
-              .setBody("Body")
-              .build())
-          .setTopic("foo-bar")
-          .build());
-    messages.add(
-        Message.builder()
-          .setNotification(Notification.builder()
-              .setTitle("Title")
-              .setBody("Body")
-              .build())
-          .setToken("not-a-token")
-          .build());
-
-    BatchResponse response = FirebaseMessaging.getInstance().sendAll(messages, true);
-
-    assertEquals(2, response.getSuccessCount());
-    assertEquals(1, response.getFailureCount());
-
-    List<SendResponse> responses = response.getResponses();
-    assertEquals(3, responses.size());
-    assertTrue(responses.get(0).isSuccessful());
-    String id = responses.get(0).getMessageId();
-    assertTrue(id != null && id.matches("^projects/.*/messages/.*$"));
-
-    assertTrue(responses.get(1).isSuccessful());
-    id = responses.get(1).getMessageId();
-    assertTrue(id != null && id.matches("^projects/.*/messages/.*$"));
-
-    assertFalse(responses.get(2).isSuccessful());
-    assertNull(responses.get(2).getMessageId());
-    FirebaseMessagingException exception = responses.get(2).getException();
-    assertNotNull(exception);
-    assertEquals(ErrorCode.INVALID_ARGUMENT, exception.getErrorCode());
-  }
-
-  @Test
-  public void testSendFiveHundred() throws Exception {
-    List<Message> messages = new ArrayList<>();
-    for (int i = 0; i < 500; i++) {
-      messages.add(Message.builder().setTopic("foo-bar-" + (i % 10)).build());
-    }
-
-    BatchResponse response = FirebaseMessaging.getInstance().sendAll(messages, true);
-
-    assertEquals(500, response.getResponses().size());
-    assertEquals(500, response.getSuccessCount());
-    assertEquals(0, response.getFailureCount());
-    for (SendResponse sendResponse : response.getResponses()) {
-      if (!sendResponse.isSuccessful()) {
-        sendResponse.getException().printStackTrace();
-      }
-      assertTrue(sendResponse.isSuccessful());
-      String id = sendResponse.getMessageId();
-      assertTrue(id != null && id.matches("^projects/.*/messages/.*$"));
-      assertNull(sendResponse.getException());
-    }
-  }
-
-  @Test
-  public void testSendMulticast() throws Exception {
-    MulticastMessage multicastMessage = MulticastMessage.builder()
-        .setNotification(Notification.builder()
-            .setTitle("Title")
-            .setBody("Body")
-            .build())
-        .addToken("not-a-token")
-        .addToken("also-not-a-token")
-        .build();
-
-    BatchResponse response = FirebaseMessaging.getInstance().sendMulticast(
-        multicastMessage, true);
-
-    assertEquals(0, response.getSuccessCount());
-    assertEquals(2, response.getFailureCount());
-    assertEquals(2, response.getResponses().size());
-    for (SendResponse sendResponse : response.getResponses()) {
-      assertFalse(sendResponse.isSuccessful());
-      assertNull(sendResponse.getMessageId());
-      assertNotNull(sendResponse.getException());
-    }
-  }
-
   @Test
   public void testSubscribe() throws Exception {
     FirebaseMessaging messaging = FirebaseMessaging.getInstance();
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
index dc07ce002..6d61f51de 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingTest.java
@@ -545,260 +545,6 @@ public void testSendEachForMulticastAsyncFailure() throws Exception {
     assertFalse(client.isLastDryRun);
   }
 
-  @Test
-  public void testSendAllWithNull() throws  FirebaseMessagingException {
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId(null);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-
-    try {
-      messaging.sendAll(null);
-      fail("No error thrown for null message list");
-    } catch (NullPointerException expected) {
-      // expected
-    }
-
-    assertNull(client.lastBatch);
-  }
-
-  @Test
-  public void testSendAllWithEmptyList() throws FirebaseMessagingException {
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId(null);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-
-    try {
-      messaging.sendAll(ImmutableList.<Message>of());
-      fail("No error thrown for empty message list");
-    } catch (IllegalArgumentException expected) {
-      // expected
-    }
-
-    assertNull(client.lastBatch);
-  }
-
-  @Test
-  public void testSendAllWithTooManyMessages() throws FirebaseMessagingException {
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId(null);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-    ImmutableList.Builder<Message> listBuilder = ImmutableList.builder();
-    for (int i = 0; i < 501; i++) {
-      listBuilder.add(Message.builder().setTopic("topic").build());
-    }
-
-    try {
-      messaging.sendAll(listBuilder.build(), false);
-      fail("No error thrown for too many messages in the list");
-    } catch (IllegalArgumentException expected) {
-      // expected
-    }
-
-    assertNull(client.lastBatch);
-  }
-
-  @Test
-  public void testSendAll() throws FirebaseMessagingException {
-    BatchResponse batchResponse = getBatchResponse("test");
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient
-        .fromBatchResponse(batchResponse);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE);
-
-    BatchResponse response = messaging.sendAll(messages);
-
-    assertSame(batchResponse, response);
-    assertSame(messages, client.lastBatch);
-    assertFalse(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendAllDryRun() throws FirebaseMessagingException {
-    BatchResponse batchResponse = getBatchResponse("test");
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient
-        .fromBatchResponse(batchResponse);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE);
-
-    BatchResponse response = messaging.sendAll(messages, true);
-
-    assertSame(batchResponse, response);
-    assertSame(messages, client.lastBatch);
-    assertTrue(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendAllFailure() {
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromException(TEST_EXCEPTION);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE);
-
-    try {
-      messaging.sendAll(messages);
-    } catch (FirebaseMessagingException e) {
-      assertSame(TEST_EXCEPTION, e);
-    }
-
-    assertSame(messages, client.lastBatch);
-    assertFalse(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendAllAsync() throws Exception {
-    BatchResponse batchResponse = getBatchResponse("test");
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient
-        .fromBatchResponse(batchResponse);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE);
-
-    BatchResponse response = messaging.sendAllAsync(messages).get();
-
-    assertSame(batchResponse, response);
-    assertSame(messages, client.lastBatch);
-    assertFalse(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendAllAsyncDryRun() throws Exception {
-    BatchResponse batchResponse = getBatchResponse("test");
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient
-        .fromBatchResponse(batchResponse);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE);
-
-    BatchResponse response = messaging.sendAllAsync(messages, true).get();
-
-    assertSame(batchResponse, response);
-    assertSame(messages, client.lastBatch);
-    assertTrue(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendAllAsyncFailure() throws InterruptedException {
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromException(TEST_EXCEPTION);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-    ImmutableList<Message> messages = ImmutableList.of(EMPTY_MESSAGE);
-
-    try {
-      messaging.sendAllAsync(messages).get();
-    } catch (ExecutionException e) {
-      assertSame(TEST_EXCEPTION, e.getCause());
-    }
-
-    assertSame(messages, client.lastBatch);
-    assertFalse(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendMulticastWithNull() throws  FirebaseMessagingException {
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromMessageId(null);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-
-    try {
-      messaging.sendMulticast(null);
-      fail("No error thrown for null multicast message");
-    } catch (NullPointerException expected) {
-      // expected
-    }
-
-    assertNull(client.lastBatch);
-  }
-
-  @Test
-  public void testSendMulticast() throws FirebaseMessagingException {
-    BatchResponse batchResponse = getBatchResponse("test");
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient
-        .fromBatchResponse(batchResponse);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-
-    BatchResponse response = messaging.sendMulticast(TEST_MULTICAST_MESSAGE);
-
-    assertSame(batchResponse, response);
-    assertEquals(2, client.lastBatch.size());
-    assertEquals("test-fcm-token1", client.lastBatch.get(0).getToken());
-    assertEquals("test-fcm-token2", client.lastBatch.get(1).getToken());
-    assertFalse(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendMulticastDryRun() throws FirebaseMessagingException {
-    BatchResponse batchResponse = getBatchResponse("test");
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient
-        .fromBatchResponse(batchResponse);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-
-    BatchResponse response = messaging.sendMulticast(TEST_MULTICAST_MESSAGE, true);
-
-    assertSame(batchResponse, response);
-    assertEquals(2, client.lastBatch.size());
-    assertEquals("test-fcm-token1", client.lastBatch.get(0).getToken());
-    assertEquals("test-fcm-token2", client.lastBatch.get(1).getToken());
-    assertTrue(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendMulticastFailure() {
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromException(TEST_EXCEPTION);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-
-    try {
-      messaging.sendMulticast(TEST_MULTICAST_MESSAGE);
-    } catch (FirebaseMessagingException e) {
-      assertSame(TEST_EXCEPTION, e);
-    }
-
-    assertEquals(2, client.lastBatch.size());
-    assertEquals("test-fcm-token1", client.lastBatch.get(0).getToken());
-    assertEquals("test-fcm-token2", client.lastBatch.get(1).getToken());
-    assertFalse(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendMulticastAsync() throws Exception {
-    BatchResponse batchResponse = getBatchResponse("test");
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient
-        .fromBatchResponse(batchResponse);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-
-    BatchResponse response = messaging.sendMulticastAsync(TEST_MULTICAST_MESSAGE).get();
-
-    assertSame(batchResponse, response);
-    assertEquals(2, client.lastBatch.size());
-    assertEquals("test-fcm-token1", client.lastBatch.get(0).getToken());
-    assertEquals("test-fcm-token2", client.lastBatch.get(1).getToken());
-    assertFalse(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendMulticastAsyncDryRun() throws Exception {
-    BatchResponse batchResponse = getBatchResponse("test");
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient
-        .fromBatchResponse(batchResponse);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-
-    BatchResponse response = messaging.sendMulticastAsync(TEST_MULTICAST_MESSAGE, true).get();
-
-    assertSame(batchResponse, response);
-    assertEquals(2, client.lastBatch.size());
-    assertEquals("test-fcm-token1", client.lastBatch.get(0).getToken());
-    assertEquals("test-fcm-token2", client.lastBatch.get(1).getToken());
-    assertTrue(client.isLastDryRun);
-  }
-
-  @Test
-  public void testSendMulticastAsyncFailure() throws InterruptedException {
-    MockFirebaseMessagingClient client = MockFirebaseMessagingClient.fromException(TEST_EXCEPTION);
-    FirebaseMessaging messaging = getMessagingForSend(Suppliers.ofInstance(client));
-
-    try {
-      messaging.sendMulticastAsync(TEST_MULTICAST_MESSAGE).get();
-    } catch (ExecutionException e) {
-      assertSame(TEST_EXCEPTION, e.getCause());
-    }
-
-    assertEquals(2, client.lastBatch.size());
-    assertEquals("test-fcm-token1", client.lastBatch.get(0).getToken());
-    assertEquals("test-fcm-token2", client.lastBatch.get(1).getToken());
-    assertFalse(client.isLastDryRun);
-  }
-
   @Test
   public void testInvalidSubscribe() throws FirebaseMessagingException {
     MockInstanceIdClient client = MockInstanceIdClient.fromResponse(null);
@@ -947,14 +693,6 @@ private FirebaseMessaging getMessagingForTopicManagement(
         .build();
   }
 
-  private BatchResponse getBatchResponse(String ...messageIds) {
-    ImmutableList.Builder<SendResponse> listBuilder = ImmutableList.builder();
-    for (String messageId : messageIds) {
-      listBuilder.add(SendResponse.fromMessageId(messageId));
-    }
-    return new BatchResponseImpl(listBuilder.build());
-  }
-
   private static class MockFirebaseMessagingClient implements FirebaseMessagingClient {
 
     private String messageId;
@@ -962,7 +700,6 @@ private static class MockFirebaseMessagingClient implements FirebaseMessagingCli
     private FirebaseMessagingException exception;
 
     private Message lastMessage;
-    private List<Message> lastBatch;
     private boolean isLastDryRun;
     private ImmutableMap<Message, SendResponse> messageMap;
 
@@ -987,10 +724,6 @@ static MockFirebaseMessagingClient fromMessageMap(Map<Message, SendResponse> mes
       return new MockFirebaseMessagingClient(messageMap, null);
     }
 
-    static MockFirebaseMessagingClient fromBatchResponse(BatchResponse batchResponse) {
-      return new MockFirebaseMessagingClient(null, batchResponse, null);
-    }
-
     static MockFirebaseMessagingClient fromException(FirebaseMessagingException exception) {
       return new MockFirebaseMessagingClient(null, null, exception);
     }
@@ -1018,11 +751,6 @@ public String send(Message message, boolean dryRun) throws FirebaseMessagingExce
     @Override
     public BatchResponse sendAll(
         List<Message> messages, boolean dryRun) throws FirebaseMessagingException {
-      lastBatch = messages;
-      isLastDryRun = dryRun;
-      if (exception != null) {
-        throw exception;
-      }
       return batchResponse;
     }
   }

From d812307a3e23b12dad33f150ca6d9708b277f507 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Aug 2024 15:01:28 +0000
Subject: [PATCH 263/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.39.0 to 26.44.0 (#975)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 128632f95..3da4d9fe7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.39.0</version>
+                <version>26.44.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From f6472d9f552771e8956d524061070b10940a3b5f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Aug 2024 14:44:50 -0400
Subject: [PATCH 264/354] chore(deps): Bump netty.version from 4.1.110.Final to
 4.1.112.Final (#980)

Bumps `netty.version` from 4.1.110.Final to 4.1.112.Final.

Updates `io.netty:netty-codec-http` from 4.1.110.Final to 4.1.112.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.1.110.Final...netty-4.1.112.Final)

Updates `io.netty:netty-handler` from 4.1.110.Final to 4.1.112.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.1.110.Final...netty-4.1.112.Final)

Updates `io.netty:netty-transport` from 4.1.110.Final to 4.1.112.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.1.110.Final...netty-4.1.112.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3da4d9fe7..8edc7d537 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.110.Final</netty.version>
+        <netty.version>4.1.112.Final</netty.version>
     </properties>
 
     <scm>

From 5465926ebecebfaee99f765b0425406e3dc5ad1b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Aug 2024 18:47:58 +0000
Subject: [PATCH 265/354] chore(deps): Bump
 org.apache.maven.plugins:maven-javadoc-plugin (#986)

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 8edc7d537..f5d141ed0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.7.0</version>
+                        <version>3.10.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.7.0</version>
+                <version>3.10.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 6817e15e43c204079e45c1081a0e04b015bf6554 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Aug 2024 18:50:05 +0000
Subject: [PATCH 266/354] chore(deps): Bump
 com.google.api-client:google-api-client-bom (#987)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f5d141ed0..cabf2260a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.5.1</version>
+                <version>2.7.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From bbfa43a145d0b4a423b98414ae6fb83bdf226643 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Aug 2024 18:53:00 +0000
Subject: [PATCH 267/354] chore(deps): Bump
 org.apache.maven.plugins:maven-project-info-reports-plugin (#983)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index cabf2260a..40185081f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -367,7 +367,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.5.0</version>
+                <version>3.7.0</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From 797a8af55a2992e0aa79420617c9b079571fba4b Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Fri, 30 Aug 2024 14:55:28 -0400
Subject: [PATCH 268/354] fix: Limit default `ThreadPoolExecutor` thread count
 and remove deadlock scenario (#985)

* fix: Remove possible deadlock with nested `callAsync()`

* Set default `ThreadPoolExecutor` to a fixed thread pool

* fix: add keepAliveTime to close idle threads

* Added comments explainging the sendEachAsync change
---
 .../internal/FirebaseThreadManagers.java      |  9 +++-
 .../firebase/messaging/FirebaseMessaging.java | 52 +++++++++++--------
 2 files changed, 39 insertions(+), 22 deletions(-)

diff --git a/src/main/java/com/google/firebase/internal/FirebaseThreadManagers.java b/src/main/java/com/google/firebase/internal/FirebaseThreadManagers.java
index 877450fcc..c14fbd611 100644
--- a/src/main/java/com/google/firebase/internal/FirebaseThreadManagers.java
+++ b/src/main/java/com/google/firebase/internal/FirebaseThreadManagers.java
@@ -23,7 +23,10 @@
 import java.util.Set;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
+import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -84,7 +87,11 @@ private static class DefaultThreadManager extends GlobalThreadManager {
     protected ExecutorService doInit() {
       ThreadFactory threadFactory = FirebaseScheduledExecutor.getThreadFactoryWithName(
           getThreadFactory(), "firebase-default-%d");
-      return Executors.newCachedThreadPool(threadFactory);
+
+      ThreadPoolExecutor threadPoolExecutor = new ThreadPoolExecutor(100, 100, 60L,
+          TimeUnit.SECONDS, new LinkedBlockingQueue<Runnable>(), threadFactory);
+      threadPoolExecutor.allowCoreThreadTimeOut(true);
+      return threadPoolExecutor;
     }
 
     @Override
diff --git a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
index e16b6ac9d..870940f77 100644
--- a/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
+++ b/src/main/java/com/google/firebase/messaging/FirebaseMessaging.java
@@ -26,6 +26,7 @@
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableList;
+import com.google.common.util.concurrent.MoreExecutors;
 import com.google.firebase.ErrorCode;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.ImplFirebaseTrampolines;
@@ -159,7 +160,7 @@ protected String execute() throws FirebaseMessagingException {
    *     no failures are only indicated by a {@link BatchResponse}.
    */
   public BatchResponse sendEach(@NonNull List<Message> messages) throws FirebaseMessagingException {
-    return sendEachOp(messages, false).call();
+    return sendEach(messages, false);
   }
 
 
@@ -186,7 +187,11 @@ public BatchResponse sendEach(@NonNull List<Message> messages) throws FirebaseMe
    */
   public BatchResponse sendEach(
       @NonNull List<Message> messages, boolean dryRun) throws FirebaseMessagingException {
-    return sendEachOp(messages, dryRun).call();
+    try {
+      return sendEachOpAsync(messages, dryRun).get();
+    } catch (InterruptedException | ExecutionException e) {
+      throw new FirebaseMessagingException(ErrorCode.CANCELLED, SERVICE_ID);
+    }
   }
 
   /**
@@ -197,7 +202,7 @@ public BatchResponse sendEach(
    *     the messages have been sent.
    */
   public ApiFuture<BatchResponse> sendEachAsync(@NonNull List<Message> messages) {
-    return sendEachOp(messages, false).callAsync(app);
+    return sendEachOpAsync(messages, false);
   }
 
   /**
@@ -209,32 +214,37 @@ public ApiFuture<BatchResponse> sendEachAsync(@NonNull List<Message> messages) {
    *     the messages have been sent.
    */
   public ApiFuture<BatchResponse> sendEachAsync(@NonNull List<Message> messages, boolean dryRun) {
-    return sendEachOp(messages, dryRun).callAsync(app);
+    return sendEachOpAsync(messages, dryRun);
   }
 
-  private CallableOperation<BatchResponse, FirebaseMessagingException> sendEachOp(
+  // Returns an ApiFuture directly since this function is non-blocking. Individual child send 
+  // requests are still called async and run in background threads.
+  private ApiFuture<BatchResponse> sendEachOpAsync(
       final List<Message> messages, final boolean dryRun) {
     final List<Message> immutableMessages = ImmutableList.copyOf(messages);
     checkArgument(!immutableMessages.isEmpty(), "messages list must not be empty");
     checkArgument(immutableMessages.size() <= 500,
         "messages list must not contain more than 500 elements");
 
-    return new CallableOperation<BatchResponse, FirebaseMessagingException>() {
-      @Override
-      protected BatchResponse execute() throws FirebaseMessagingException {
-        List<ApiFuture<SendResponse>> list = new ArrayList<>();
-        for (Message message : immutableMessages) {
-          ApiFuture<SendResponse> messageId = sendOpForSendResponse(message, dryRun).callAsync(app);
-          list.add(messageId);
-        }
-        try {
-          List<SendResponse> responses = ApiFutures.allAsList(list).get();
-          return new BatchResponseImpl(responses);
-        } catch (InterruptedException | ExecutionException e) {
-          throw new FirebaseMessagingException(ErrorCode.CANCELLED, SERVICE_ID);
-        }
-      }
-    };
+    List<ApiFuture<SendResponse>> list = new ArrayList<>();
+    for (Message message : immutableMessages) {
+      // Make async send calls per message
+      ApiFuture<SendResponse> messageId = sendOpForSendResponse(message, dryRun).callAsync(app);
+      list.add(messageId);
+    }
+    
+    // Gather all futures and combine into a list
+    ApiFuture<List<SendResponse>> responsesFuture = ApiFutures.allAsList(list);
+
+    // Chain this future to wrap the eventual responses in a BatchResponse without blocking
+    // the main thread. This uses the current thread to execute, but since the transformation
+    // function is non-blocking the transformation itself is also non-blocking.
+    return ApiFutures.transform(
+      responsesFuture, 
+      (responses) -> {
+        return new BatchResponseImpl(responses);
+      },
+      MoreExecutors.directExecutor());
   }
 
   private CallableOperation<SendResponse, FirebaseMessagingException> sendOpForSendResponse(

From db445c58ad901fb5bccefa9ecfc9e22b77ef3c8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 11:21:33 -0400
Subject: [PATCH 269/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.44.0 to 26.45.0 (#989)

Bumps [com.google.cloud:libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.44.0 to 26.45.0.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/release-please-config.json)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/v26.44.0...v26.45.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 40185081f..57548b668 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.44.0</version>
+                <version>26.45.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From feed2c5bc731c7d171ea73ab2c5bd149671c1cc4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 15:24:39 +0000
Subject: [PATCH 270/354] chore(deps): Bump org.slf4j:slf4j-api from 2.0.13 to
 2.0.16 (#991)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 57548b668..cbebef211 100644
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.13</version>
+            <version>2.0.16</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From 183d4ecda7e8268f88224acedfc698210b0f4009 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 15:26:55 +0000
Subject: [PATCH 271/354] chore(deps): Bump
 org.apache.maven.plugins:maven-gpg-plugin (#992)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index cbebef211..6ab199498 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
                 <plugins>
                     <plugin>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.2.4</version>
+                        <version>3.2.5</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>

From db91e3d1c3753635311919fb5edebe897379fb74 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Sep 2024 11:11:19 -0400
Subject: [PATCH 272/354] chore(deps): Bump
 org.apache.maven.plugins:maven-failsafe-plugin (#990)

Bumps [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 3.2.5 to 3.5.0.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.2.5...surefire-3.5.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6ab199498..f3ba72d2c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -337,7 +337,7 @@
             <!-- Verify Phase -->
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
-                <version>3.2.5</version>
+                <version>3.5.0</version>
                 <executions>
                     <execution>
                         <goals>

From 2229ec2cb591baf5b4a04e9e5e7713f6f7c5ed23 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Sep 2024 15:13:32 +0000
Subject: [PATCH 273/354] chore(deps): Bump
 org.apache.maven.plugins:maven-surefire-plugin (#997)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f3ba72d2c..6cef75888 100644
--- a/pom.xml
+++ b/pom.xml
@@ -280,7 +280,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.2.5</version>
+                <version>3.5.0</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From b7c792bbfa7105343ba4130c59e67a4a0f14289c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Sep 2024 15:16:05 +0000
Subject: [PATCH 274/354] chore(deps-dev): Bump org.hamcrest:hamcrest from 2.2
 to 3.0 (#996)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6cef75888..20428dd00 100644
--- a/pom.xml
+++ b/pom.xml
@@ -485,7 +485,7 @@
         <dependency>
             <groupId>org.hamcrest</groupId>
             <artifactId>hamcrest</artifactId>
-            <version>2.2</version>
+            <version>3.0</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

From f4e50542148ced1321aeb4509b62a981b56284cb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Sep 2024 15:18:47 +0000
Subject: [PATCH 275/354] chore(deps): Bump netty.version from 4.1.112.Final to
 4.1.113.Final (#995)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 20428dd00..3c2963cde 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.112.Final</netty.version>
+        <netty.version>4.1.113.Final</netty.version>
     </properties>
 
     <scm>

From ce8e7fd0df9d8f89b8445ba767762589411e60c2 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Thu, 12 Sep 2024 15:07:12 -0400
Subject: [PATCH 276/354] chore: Update actions/upload-artifact (#998)

---
 .github/workflows/nightly.yml | 2 +-
 .github/workflows/release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index b29cd2fc4..7bda5ba58 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -48,7 +48,7 @@ jobs:
     # Attach the packaged artifacts to the workflow output. These can be manually
     # downloaded for later inspection if necessary.
     - name: Archive artifacts
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v4
       with:
         name: dist
         path: dist
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c8a7050d8..ca1f042c4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -59,7 +59,7 @@ jobs:
     # Attach the packaged artifacts to the workflow output. These can be manually
     # downloaded for later inspection if necessary.
     - name: Archive artifacts
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v4
       with:
         name: dist
         path: dist

From ab46aaae81e790c6007afc456080773f8b74f897 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Fri, 4 Oct 2024 10:59:48 -0400
Subject: [PATCH 277/354] feat: Add HTTP/2 enabled transport as default
 transport  (#979)

* Added HTTP/2 enabled transport and made it default.

* fix: Use internal default transport

* Added test coverage for timeouts

* fix: lint

* fix: Timeout tests no longer remove Firebase Apps for other integration tests.

* Mirror tests from google java client and added more descriptive error messages.

* fix: Remove `NO_CONNECT_URL`

* debug IT Error

* debug

* debug

* debug

* debug

* debug

* Remove test debug

* Address review comments

* Use local server to test connect timeout and fix lint

* Fix testConnectTimeoutGet test

* Fix lint

* remove deplicate tests

* fix: catch `java.net.SocketTimeoutException`

* Proxy tests
---
 pom.xml                                       |  10 +
 .../ApacheHttp2AsyncEntityProducer.java       | 150 +++++++
 .../firebase/internal/ApacheHttp2Request.java | 147 +++++++
 .../internal/ApacheHttp2Response.java         | 100 +++++
 .../internal/ApacheHttp2Transport.java        | 125 ++++++
 .../firebase/internal/ApiClientUtils.java     |   2 +-
 .../internal/MockApacheHttp2AsyncClient.java  |  73 ++++
 .../google/firebase/FirebaseOptionsTest.java  |   4 +-
 .../internal/ApacheHttp2TransportIT.java      | 409 ++++++++++++++++++
 .../internal/ApacheHttp2TransportTest.java    | 379 ++++++++++++++++
 .../internal/MockApacheHttp2Response.java     | 188 ++++++++
 .../FirebaseMessagingClientImplTest.java      |   8 +-
 .../messaging/InstanceIdClientImplTest.java   |   2 +-
 .../FirebaseRemoteConfigClientImplTest.java   |   2 +-
 14 files changed, 1590 insertions(+), 9 deletions(-)
 create mode 100644 src/main/java/com/google/firebase/internal/ApacheHttp2AsyncEntityProducer.java
 create mode 100644 src/main/java/com/google/firebase/internal/ApacheHttp2Request.java
 create mode 100644 src/main/java/com/google/firebase/internal/ApacheHttp2Response.java
 create mode 100644 src/main/java/com/google/firebase/internal/ApacheHttp2Transport.java
 create mode 100644 src/main/java/com/google/firebase/internal/MockApacheHttp2AsyncClient.java
 create mode 100644 src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java
 create mode 100644 src/test/java/com/google/firebase/internal/ApacheHttp2TransportTest.java
 create mode 100644 src/test/java/com/google/firebase/internal/MockApacheHttp2Response.java

diff --git a/pom.xml b/pom.xml
index 3c2963cde..9fe0bfdd7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -455,6 +455,11 @@
             <artifactId>netty-transport</artifactId>
             <version>${netty.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents.client5</groupId>
+            <artifactId>httpclient5</artifactId>
+            <version>5.3.1</version>
+        </dependency>
 
         <!-- Test Dependencies -->
         <dependency>
@@ -488,5 +493,10 @@
             <version>3.0</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.mock-server</groupId>
+            <artifactId>mockserver-junit-rule-no-dependencies</artifactId>
+            <version>5.14.0</version>
+        </dependency>
     </dependencies>
 </project>
diff --git a/src/main/java/com/google/firebase/internal/ApacheHttp2AsyncEntityProducer.java b/src/main/java/com/google/firebase/internal/ApacheHttp2AsyncEntityProducer.java
new file mode 100644
index 000000000..9bdf208c7
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/ApacheHttp2AsyncEntityProducer.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2024 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import com.google.api.client.util.StreamingContent;
+import com.google.common.annotations.VisibleForTesting;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.util.Set;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.atomic.AtomicReference;
+
+import org.apache.hc.core5.http.ContentType;
+import org.apache.hc.core5.http.nio.AsyncEntityProducer;
+import org.apache.hc.core5.http.nio.DataStreamChannel;
+
+public class ApacheHttp2AsyncEntityProducer implements AsyncEntityProducer {
+  private ByteBuffer bytebuf;
+  private ByteArrayOutputStream baos;
+  private final StreamingContent content;
+  private final ContentType contentType;
+  private final long contentLength;
+  private final String contentEncoding;
+  private final CompletableFuture<Void> writeFuture;
+  private final AtomicReference<Exception> exception;
+
+  public ApacheHttp2AsyncEntityProducer(StreamingContent content, ContentType contentType,
+      String contentEncoding, long contentLength, CompletableFuture<Void> writeFuture) {
+    this.content = content;
+    this.contentType = contentType;
+    this.contentEncoding = contentEncoding;
+    this.contentLength = contentLength;
+    this.writeFuture = writeFuture;
+    this.bytebuf = null;
+
+    this.baos = new ByteArrayOutputStream((int) (contentLength < 0 ? 0 : contentLength));
+    this.exception = new AtomicReference<>();
+  }
+
+  public ApacheHttp2AsyncEntityProducer(ApacheHttp2Request request,
+      CompletableFuture<Void> writeFuture) {
+    this(
+        request.getStreamingContent(),
+        ContentType.parse(request.getContentType()),
+        request.getContentEncoding(),
+        request.getContentLength(),
+        writeFuture);
+  }
+
+  @Override
+  public boolean isRepeatable() {
+    return true;
+  }
+
+  @Override
+  public String getContentType() {
+    return contentType != null ? contentType.toString() : null;
+  }
+
+  @Override
+  public long getContentLength() {
+    return contentLength;
+  }
+
+  @Override
+  public int available() {
+    return Integer.MAX_VALUE;
+  }
+
+  @Override
+  public String getContentEncoding() {
+    return contentEncoding;
+  }
+
+  @Override
+  public boolean isChunked() {
+    return contentLength == -1;
+  }
+
+  @Override
+  public Set<String> getTrailerNames() {
+    return null;
+  }
+
+  @Override
+  public void produce(DataStreamChannel channel) throws IOException {
+    if (bytebuf == null) {
+      if (content != null) {
+        try {
+          content.writeTo(baos);
+        } catch (IOException e) {
+          failed(e);
+          throw e;
+        }
+      }
+
+      this.bytebuf = ByteBuffer.wrap(baos.toByteArray());
+    }
+
+    if (bytebuf.hasRemaining()) {
+      channel.write(bytebuf);
+    }
+
+    if (!bytebuf.hasRemaining()) {
+      channel.endStream();
+      writeFuture.complete(null);
+      releaseResources();
+    }
+  }
+
+  @Override
+  public void failed(Exception cause) {
+    if (exception.compareAndSet(null, cause)) {
+      releaseResources();
+      writeFuture.completeExceptionally(cause);
+    }
+  }
+
+  public final Exception getException() {
+    return exception.get();
+  }
+
+  @Override
+  public void releaseResources() {
+    if (bytebuf != null) {
+      bytebuf.clear();
+    }
+  }
+
+  @VisibleForTesting
+  ByteBuffer getBytebuf() {
+    return bytebuf;
+  }
+}
diff --git a/src/main/java/com/google/firebase/internal/ApacheHttp2Request.java b/src/main/java/com/google/firebase/internal/ApacheHttp2Request.java
new file mode 100644
index 000000000..56c2c9034
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/ApacheHttp2Request.java
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2024 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import com.google.api.client.http.LowLevelHttpRequest;
+import com.google.api.client.http.LowLevelHttpResponse;
+import com.google.common.annotations.VisibleForTesting;
+
+import java.io.IOException;
+import java.net.SocketTimeoutException;
+import java.util.concurrent.CancellationException;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+import org.apache.hc.client5.http.ConnectTimeoutException;
+import org.apache.hc.client5.http.HttpHostConnectException;
+import org.apache.hc.client5.http.async.methods.SimpleHttpRequest;
+import org.apache.hc.client5.http.async.methods.SimpleHttpResponse;
+import org.apache.hc.client5.http.async.methods.SimpleRequestBuilder;
+import org.apache.hc.client5.http.async.methods.SimpleResponseConsumer;
+import org.apache.hc.client5.http.config.RequestConfig;
+import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
+import org.apache.hc.core5.concurrent.FutureCallback;
+import org.apache.hc.core5.http.nio.support.BasicRequestProducer;
+import org.apache.hc.core5.http2.H2StreamResetException;
+import org.apache.hc.core5.util.Timeout;
+
+final class ApacheHttp2Request extends LowLevelHttpRequest {
+  private final CloseableHttpAsyncClient httpAsyncClient;
+  private final SimpleRequestBuilder requestBuilder;
+  private SimpleHttpRequest request;
+  private final RequestConfig.Builder requestConfig;
+  private int writeTimeout;
+  private ApacheHttp2AsyncEntityProducer entityProducer;
+
+  ApacheHttp2Request(
+      CloseableHttpAsyncClient httpAsyncClient, SimpleRequestBuilder requestBuilder) {
+    this.httpAsyncClient = httpAsyncClient;
+    this.requestBuilder = requestBuilder;
+    this.writeTimeout = 0;
+
+    this.requestConfig = RequestConfig.custom()
+        .setRedirectsEnabled(false);
+  }
+
+  @Override
+  public void addHeader(String name, String value) {
+    requestBuilder.addHeader(name, value);
+  }
+
+  @Override
+  public void setTimeout(int connectionTimeout, int readTimeout) throws IOException {
+    requestConfig
+        .setConnectTimeout(Timeout.ofMilliseconds(connectionTimeout))
+        .setResponseTimeout(Timeout.ofMilliseconds(readTimeout));
+  }
+
+  @Override
+  public void setWriteTimeout(int writeTimeout) throws IOException {
+    this.writeTimeout = writeTimeout;
+  }
+
+  @Override
+  public LowLevelHttpResponse execute() throws IOException {
+    // Set request configs
+    requestBuilder.setRequestConfig(requestConfig.build());
+
+    // Build request
+    request = requestBuilder.build();
+
+    // Make Producer
+    CompletableFuture<Void> writeFuture = new CompletableFuture<>();
+    entityProducer = new ApacheHttp2AsyncEntityProducer(this, writeFuture);
+
+    // Execute
+    final Future<SimpleHttpResponse> responseFuture = httpAsyncClient.execute(
+        new BasicRequestProducer(request, entityProducer),
+        SimpleResponseConsumer.create(),
+        new FutureCallback<SimpleHttpResponse>() {
+          @Override
+          public void completed(final SimpleHttpResponse response) {
+          }
+
+          @Override
+          public void failed(final Exception exception) {
+          }
+
+          @Override
+          public void cancelled() {
+          }
+        });
+
+    // Wait for write
+    try {
+      if (writeTimeout != 0) {
+        writeFuture.get(writeTimeout, TimeUnit.MILLISECONDS);
+      }
+    } catch (TimeoutException e) {
+      throw new IOException("Write Timeout", e.getCause());
+    } catch (Exception e) {
+      throw new IOException("Exception in write", e.getCause());
+    }
+
+    // Wait for response
+    try {
+      final SimpleHttpResponse response = responseFuture.get();
+      return new ApacheHttp2Response(response);
+    } catch (ExecutionException e) {
+      if (e.getCause() instanceof ConnectTimeoutException 
+          || e.getCause() instanceof SocketTimeoutException) {
+        throw new IOException("Connection Timeout", e.getCause());
+      } else if (e.getCause() instanceof HttpHostConnectException) {
+        throw new IOException("Connection exception in request", e.getCause());
+      } else if (e.getCause() instanceof H2StreamResetException) {
+        throw new IOException("Stream exception in request", e.getCause());
+      } else {
+        throw new IOException("Unknown exception in request", e);
+      }
+    } catch (InterruptedException e) {
+      throw new IOException("Request Interrupted", e);
+    } catch (CancellationException e) {
+      throw new IOException("Request Cancelled", e);
+    }
+  }
+
+  @VisibleForTesting
+  ApacheHttp2AsyncEntityProducer getEntityProducer() {
+    return entityProducer;
+  }
+}
diff --git a/src/main/java/com/google/firebase/internal/ApacheHttp2Response.java b/src/main/java/com/google/firebase/internal/ApacheHttp2Response.java
new file mode 100644
index 000000000..4c05b0e03
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/ApacheHttp2Response.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2024 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import com.google.api.client.http.LowLevelHttpResponse;
+import com.google.common.annotations.VisibleForTesting;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.hc.client5.http.async.methods.SimpleHttpResponse;
+import org.apache.hc.core5.http.ContentType;
+import org.apache.hc.core5.http.Header;
+
+public class ApacheHttp2Response extends LowLevelHttpResponse {
+  private final SimpleHttpResponse response;
+  private final Header[] allHeaders;
+
+  ApacheHttp2Response(SimpleHttpResponse response) {
+    this.response = response;
+    allHeaders = response.getHeaders();
+  }
+
+  @Override
+  public int getStatusCode() {
+    return response.getCode();
+  }
+
+  @Override
+  public InputStream getContent() throws IOException {
+    return new ByteArrayInputStream(response.getBodyBytes());
+  }
+
+  @Override
+  public String getContentEncoding() {
+    Header contentEncodingHeader = response.getFirstHeader("Content-Encoding");
+    return contentEncodingHeader == null ? null : contentEncodingHeader.getValue();
+  }
+
+  @Override
+  public long getContentLength() {
+    String bodyText = response.getBodyText();
+    return bodyText == null ? 0 : bodyText.length();
+  }
+
+  @Override
+  public String getContentType() {
+    ContentType contentType = response.getContentType();
+    return contentType == null ? null : contentType.toString();
+  }
+
+  @Override
+  public String getReasonPhrase() {
+    return response.getReasonPhrase();
+  }
+
+  @Override
+  public String getStatusLine() {
+    return response.toString();
+  }
+
+  public String getHeaderValue(String name) {
+    return response.getLastHeader(name).getValue();
+  }
+
+  @Override
+  public String getHeaderValue(int index) {
+    return allHeaders[index].getValue();
+  }
+
+  @Override
+  public int getHeaderCount() {
+    return allHeaders.length;
+  }
+
+  @Override
+  public String getHeaderName(int index) {
+    return allHeaders[index].getName();
+  }
+
+  @VisibleForTesting
+  public SimpleHttpResponse getResponse() {
+    return response;
+  }
+}
diff --git a/src/main/java/com/google/firebase/internal/ApacheHttp2Transport.java b/src/main/java/com/google/firebase/internal/ApacheHttp2Transport.java
new file mode 100644
index 000000000..9c0e413fb
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/ApacheHttp2Transport.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2024 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import com.google.api.client.http.HttpTransport;
+
+import java.io.IOException;
+import java.net.ProxySelector;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.hc.client5.http.async.HttpAsyncClient;
+import org.apache.hc.client5.http.async.methods.SimpleRequestBuilder;
+import org.apache.hc.client5.http.config.ConnectionConfig;
+import org.apache.hc.client5.http.config.TlsConfig;
+import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
+import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
+import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
+import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
+import org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner;
+import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
+import org.apache.hc.core5.http.config.Http1Config;
+import org.apache.hc.core5.http2.HttpVersionPolicy;
+import org.apache.hc.core5.http2.config.H2Config;
+import org.apache.hc.core5.io.CloseMode;
+import org.apache.hc.core5.ssl.SSLContexts;
+
+/**
+ * HTTP/2 enabled async transport based on the Apache HTTP Client library
+ */
+public final class ApacheHttp2Transport extends HttpTransport {
+
+  private final CloseableHttpAsyncClient httpAsyncClient;
+  private final boolean isMtls;
+
+  public ApacheHttp2Transport() {
+    this(newDefaultHttpAsyncClient(), false);
+  }
+
+  public ApacheHttp2Transport(CloseableHttpAsyncClient httpAsyncClient) {
+    this(httpAsyncClient, false);
+  }
+
+  public ApacheHttp2Transport(CloseableHttpAsyncClient httpAsyncClient, boolean isMtls) {
+    this.httpAsyncClient = httpAsyncClient;
+    this.isMtls = isMtls;
+    
+    httpAsyncClient.start();
+  }
+
+  public static CloseableHttpAsyncClient newDefaultHttpAsyncClient() {
+    return defaultHttpAsyncClientBuilder().build();
+  }
+
+  public static HttpAsyncClientBuilder defaultHttpAsyncClientBuilder() {
+    PoolingAsyncClientConnectionManager connectionManager = 
+        PoolingAsyncClientConnectionManagerBuilder.create()
+          // Set Max total connections to match google api client limits
+          // https://github.com/googleapis/google-http-java-client/blob/f9d4e15bd3c784b1fd3b0f3468000a91c6f79715/google-http-client-apache-v5/src/main/java/com/google/api/client/http/apache/v5/Apache5HttpTransport.java#L151
+          .setMaxConnTotal(200)
+          // Set max connections per route to match the concurrent stream limit of the FCM backend.
+          .setMaxConnPerRoute(100)
+          .setDefaultConnectionConfig(
+            ConnectionConfig.custom().setTimeToLive(-1, TimeUnit.MILLISECONDS).build())
+          .setDefaultTlsConfig(
+            TlsConfig.custom().setVersionPolicy(HttpVersionPolicy.NEGOTIATE).build())
+          .setTlsStrategy(ClientTlsStrategyBuilder.create()
+            .setSslContext(SSLContexts.createSystemDefault())
+            .build())
+          .build();
+
+    return HttpAsyncClientBuilder.create()
+      // Set maxConcurrentStreams to 100 to match the concurrent stream limit of the FCM backend.
+      .setH2Config(H2Config.custom().setMaxConcurrentStreams(100).build())
+      .setHttp1Config(Http1Config.DEFAULT)
+      .setConnectionManager(connectionManager)
+      .setRoutePlanner(new SystemDefaultRoutePlanner(ProxySelector.getDefault()))
+      .disableRedirectHandling()
+      .disableAutomaticRetries();
+  }
+
+  @Override
+  public boolean supportsMethod(String method) {
+    return true;
+  }
+
+  @Override
+  protected ApacheHttp2Request buildRequest(String method, String url) {
+    SimpleRequestBuilder requestBuilder = SimpleRequestBuilder.create(method).setUri(url);
+    return new ApacheHttp2Request(httpAsyncClient, requestBuilder);
+  }
+
+  /**
+   * Gracefully shuts down the connection manager and releases allocated resources. This closes all
+   * connections, whether they are currently used or not.
+   */
+  @Override
+  public void shutdown() throws IOException {
+    httpAsyncClient.close(CloseMode.GRACEFUL);
+  }
+
+  /** Returns the Apache HTTP client. */
+  public HttpAsyncClient getHttpClient() {
+    return httpAsyncClient;
+  }
+
+  /** Returns if the underlying HTTP client is mTLS. */
+  @Override
+  public boolean isMtls() {
+    return isMtls;
+  }
+}
diff --git a/src/main/java/com/google/firebase/internal/ApiClientUtils.java b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
index e586bd11f..339726105 100644
--- a/src/main/java/com/google/firebase/internal/ApiClientUtils.java
+++ b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
@@ -88,6 +88,6 @@ public static JsonFactory getDefaultJsonFactory() {
   }
 
   public static HttpTransport getDefaultTransport() {
-    return Utils.getDefaultTransport();
+    return new ApacheHttp2Transport();
   }
 }
diff --git a/src/main/java/com/google/firebase/internal/MockApacheHttp2AsyncClient.java b/src/main/java/com/google/firebase/internal/MockApacheHttp2AsyncClient.java
new file mode 100644
index 000000000..c859ec485
--- /dev/null
+++ b/src/main/java/com/google/firebase/internal/MockApacheHttp2AsyncClient.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2024 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import java.io.IOException;
+import java.util.concurrent.Future;
+
+import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
+import org.apache.hc.core5.concurrent.FutureCallback;
+import org.apache.hc.core5.function.Supplier;
+import org.apache.hc.core5.http.HttpHost;
+import org.apache.hc.core5.http.nio.AsyncPushConsumer;
+import org.apache.hc.core5.http.nio.AsyncRequestProducer;
+import org.apache.hc.core5.http.nio.AsyncResponseConsumer;
+import org.apache.hc.core5.http.nio.HandlerFactory;
+import org.apache.hc.core5.http.protocol.HttpContext;
+import org.apache.hc.core5.io.CloseMode;
+import org.apache.hc.core5.reactor.IOReactorStatus;
+import org.apache.hc.core5.util.TimeValue;
+
+public class MockApacheHttp2AsyncClient extends CloseableHttpAsyncClient {
+
+  @Override
+  public void close(CloseMode closeMode) {
+  }
+
+  @Override
+  public void close() throws IOException {
+  }
+
+  @Override
+  public void start() {
+  }
+
+  @Override
+  public IOReactorStatus getStatus() {
+    return null;
+  }
+
+  @Override
+  public void awaitShutdown(TimeValue waitTime) throws InterruptedException {
+  }
+
+  @Override
+  public void initiateShutdown() {
+  }
+
+  @Override
+  protected <T> Future<T> doExecute(HttpHost target, AsyncRequestProducer requestProducer,
+      AsyncResponseConsumer<T> responseConsumer,
+      HandlerFactory<AsyncPushConsumer> pushHandlerFactory,
+      HttpContext context, FutureCallback<T> callback) {
+    return null;
+  }
+
+  @Override
+  public void register(String hostname, String uriPattern, Supplier<AsyncPushConsumer> supplier) {
+  }
+}
diff --git a/src/test/java/com/google/firebase/FirebaseOptionsTest.java b/src/test/java/com/google/firebase/FirebaseOptionsTest.java
index 0a4e9e81a..05613e98a 100644
--- a/src/test/java/com/google/firebase/FirebaseOptionsTest.java
+++ b/src/test/java/com/google/firebase/FirebaseOptionsTest.java
@@ -24,12 +24,12 @@
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 
-import com.google.api.client.http.javanet.NetHttpTransport;
 import com.google.api.client.json.gson.GsonFactory;
 import com.google.auth.oauth2.AccessToken;
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.auth.oauth2.ServiceAccountCredentials;
 import com.google.cloud.firestore.FirestoreOptions;
+import com.google.firebase.internal.ApacheHttp2Transport;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestUtils;
 import java.io.IOException;
@@ -74,7 +74,7 @@ protected ThreadFactory getThreadFactory() {
   @Test
   public void createOptionsWithAllValuesSet() throws IOException {
     GsonFactory jsonFactory = new GsonFactory();
-    NetHttpTransport httpTransport = new NetHttpTransport();
+    ApacheHttp2Transport httpTransport = new ApacheHttp2Transport();
     FirestoreOptions firestoreOptions = FirestoreOptions.newBuilder().build();
     FirebaseOptions firebaseOptions =
         FirebaseOptions.builder()
diff --git a/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java b/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java
new file mode 100644
index 000000000..c8fbe5533
--- /dev/null
+++ b/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java
@@ -0,0 +1,409 @@
+/*
+ * Copyright 2024 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockserver.model.Header.header;
+import static org.mockserver.model.HttpForward.forward;
+import static org.mockserver.model.HttpRequest.request;
+import static org.mockserver.model.HttpResponse.response;
+
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.http.HttpTransport;
+import com.google.api.client.http.LowLevelHttpResponse;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.util.GenericData;
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseException;
+import com.google.firebase.FirebaseOptions;
+import com.google.firebase.IncomingHttpResponse;
+import com.google.firebase.auth.MockGoogleCredentials;
+import java.io.IOException;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.util.concurrent.atomic.AtomicBoolean;
+import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
+import org.apache.hc.client5.http.impl.async.HttpAsyncClients;
+import org.apache.hc.core5.http.EntityDetails;
+import org.apache.hc.core5.http.Header;
+import org.apache.hc.core5.http.HttpException;
+import org.apache.hc.core5.http.HttpRequest;
+import org.apache.hc.core5.http.HttpRequestInterceptor;
+import org.apache.hc.core5.http.protocol.HttpContext;
+
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import org.mockserver.integration.ClientAndServer;
+import org.mockserver.model.HttpForward.Scheme;
+import org.mockserver.socket.PortFactory;
+
+public class ApacheHttp2TransportIT {
+  private static FirebaseApp app;
+  private static final GoogleCredentials MOCK_CREDENTIALS = new MockGoogleCredentials("test_token");
+  private static final ImmutableMap<String, Object> payload = 
+      ImmutableMap.<String, Object>of("foo", "bar");
+
+  // Sets a 5 second delay before server response to simulate a slow network that
+  // results in a read timeout.
+  private static final String DELAY_URL = "https://nghttp2.org/httpbin/delay/5";
+  private static final String GET_URL = "https://nghttp2.org/httpbin/get";
+  private static final String POST_URL = "https://nghttp2.org/httpbin/post";
+
+  private static ServerSocket serverSocket;
+  private static Socket fillerSocket;
+  private static int port;
+
+  private static ClientAndServer mockProxy;
+  private static ClientAndServer mockServer;
+
+  @BeforeClass
+  public static void setUpClass() throws IOException {
+    // Start server socket with a backlog queue of 1 and a automatically assigned
+    // port
+    serverSocket = new ServerSocket(0, 1);
+    port = serverSocket.getLocalPort();
+    // Fill the backlog queue to force socket to ignore future connections
+    fillerSocket = new Socket();
+    fillerSocket.connect(serverSocket.getLocalSocketAddress());
+  }
+
+  @AfterClass
+  public static void cleanUpClass() throws IOException {
+    if (serverSocket != null && !serverSocket.isClosed()) {
+      serverSocket.close();
+    }
+    if (fillerSocket != null && !fillerSocket.isClosed()) {
+      fillerSocket.close();
+    }
+  }
+
+  @After
+  public void cleanup() {
+    if (app != null) {
+      app.delete();
+    }
+
+    if (mockProxy != null && mockProxy.isRunning()) {
+      mockProxy.close();
+    }
+
+    if (mockServer != null && mockServer.isRunning()) {
+      mockServer.close();
+    }
+
+    System.clearProperty("http.proxyHost");
+    System.clearProperty("http.proxyPort");
+    System.clearProperty("https.proxyHost");
+    System.clearProperty("https.proxyPort");
+  }
+
+  @Test(timeout = 10_000L)
+  public void testUnauthorizedGetRequest() throws FirebaseException {
+    ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(false);
+    HttpRequestInfo request = HttpRequestInfo.buildGetRequest(GET_URL);
+    IncomingHttpResponse response = httpClient.send(request);
+    assertEquals(200, response.getStatusCode());
+  }
+
+  @Test(timeout = 10_000L)
+  public void testUnauthorizedPostRequest() throws FirebaseException {
+    ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(false);
+    HttpRequestInfo request = HttpRequestInfo.buildJsonPostRequest(POST_URL, payload);
+    GenericData body = httpClient.sendAndParse(request, GenericData.class);
+    assertEquals("{\"foo\":\"bar\"}", body.get("data"));
+  }
+
+  @Test(timeout = 10_000L)
+  public void testConnectTimeoutAuthorizedGet() throws FirebaseException {
+    app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .setConnectTimeout(100)
+        .build(), "test-app");
+    ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(true, app);
+    HttpRequestInfo request = HttpRequestInfo.buildGetRequest("https://localhost:" + port);
+
+    try {
+      httpClient.send(request);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals("IO error: Connection Timeout", e.getMessage());
+      assertNull(e.getHttpResponse());
+    }
+  }
+
+  @Test(timeout = 10_000L)
+  public void testConnectTimeoutAuthorizedPost() throws FirebaseException {
+    app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .setConnectTimeout(100)
+        .build(), "test-app");
+    ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(true, app);
+    HttpRequestInfo request = HttpRequestInfo.buildJsonPostRequest("https://localhost:" + port, payload);
+
+    try {
+      httpClient.send(request);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals("IO error: Connection Timeout", e.getMessage());
+      assertNull(e.getHttpResponse());
+    }
+  }
+
+  @Test(timeout = 10_000L)
+  public void testReadTimeoutAuthorizedGet() throws FirebaseException {
+    app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .setReadTimeout(100)
+        .build(), "test-app");
+    ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(true, app);
+    HttpRequestInfo request = HttpRequestInfo.buildGetRequest(DELAY_URL);
+
+    try {
+      httpClient.send(request);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals("IO error: Stream exception in request", e.getMessage());
+      assertNull(e.getHttpResponse());
+    }
+  }
+
+  @Test(timeout = 10_000L)
+  public void testReadTimeoutAuthorizedPost() throws FirebaseException {
+    app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .setReadTimeout(100)
+        .build(), "test-app");
+    ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(true, app);
+    HttpRequestInfo request = HttpRequestInfo.buildJsonPostRequest(DELAY_URL, payload);
+
+    try {
+      httpClient.send(request);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals("IO error: Stream exception in request", e.getMessage());
+      assertNull(e.getHttpResponse());
+    }
+  }
+
+  @Test(timeout = 10_000L)
+  public void testWriteTimeoutAuthorizedGet() throws FirebaseException {
+    app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .setWriteTimeout(100)
+        .build(), "test-app");
+    ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(true, app);
+    HttpRequestInfo request = HttpRequestInfo.buildGetRequest(GET_URL);
+
+    try {
+      httpClient.send(request);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals("IO error: Write Timeout", e.getMessage());
+      assertNull(e.getHttpResponse());
+    }
+  }
+
+  @Test(timeout = 10_000L)
+  public void testWriteTimeoutAuthorizedPost() throws FirebaseException {
+    app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .setWriteTimeout(100)
+        .build(), "test-app");
+    ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(true, app);
+    HttpRequestInfo request = HttpRequestInfo.buildJsonPostRequest(POST_URL, payload);
+
+    try {
+      httpClient.send(request);
+      fail("No exception thrown for HTTP error response");
+    } catch (FirebaseException e) {
+      assertEquals(ErrorCode.UNKNOWN, e.getErrorCode());
+      assertEquals("IO error: Write Timeout", e.getMessage());
+      assertNull(e.getHttpResponse());
+    }
+  }
+
+  @Test(timeout = 10_000L)
+  public void testRequestShouldNotFollowRedirects() throws IOException {
+    ApacheHttp2Transport transport = new ApacheHttp2Transport();
+    ApacheHttp2Request request = transport.buildRequest("GET",
+        "https://google.com");
+    LowLevelHttpResponse response = request.execute();
+
+    assertEquals(301, response.getStatusCode());
+    assert (response instanceof ApacheHttp2Response);
+    assertEquals("https://www.google.com/", ((ApacheHttp2Response) response).getHeaderValue("location"));
+  }
+
+  @Test(timeout = 10_000L)
+  public void testRequestCanSetHeaders() {
+    final AtomicBoolean interceptorCalled = new AtomicBoolean(false);
+    CloseableHttpAsyncClient client = HttpAsyncClients.custom()
+        .addRequestInterceptorFirst(
+            new HttpRequestInterceptor() {
+              @Override
+              public void process(
+                  HttpRequest request, EntityDetails details, HttpContext context)
+                  throws HttpException, IOException {
+                Header header = request.getFirstHeader("foo");
+                assertNotNull("Should have found header", header);
+                assertEquals("bar", header.getValue());
+                interceptorCalled.set(true);
+                throw new IOException("cancelling request");
+              }
+            })
+        .build();
+
+    ApacheHttp2Transport transport = new ApacheHttp2Transport(client);
+    ApacheHttp2Request request = transport.buildRequest("GET", "http://www.google.com");
+    request.addHeader("foo", "bar");
+    try {
+      request.execute();
+      fail("should not actually make the request");
+    } catch (IOException exception) {
+      assertEquals("Unknown exception in request", exception.getMessage());
+    }
+    assertTrue("Expected to have called our test interceptor", interceptorCalled.get());
+  }
+
+  @Test(timeout = 10_000L)
+  public void testVerifyProxyIsRespected() {
+    try {
+      System.setProperty("https.proxyHost", "localhost");
+      System.setProperty("https.proxyPort", "8080");
+
+      HttpTransport transport = new ApacheHttp2Transport();
+      transport.createRequestFactory().buildGetRequest(new GenericUrl(GET_URL)).execute();
+      fail("No exception thrown for HTTP error response");
+    } catch (IOException e) {
+      assertEquals("Connection exception in request", e.getMessage());
+      assertTrue(e.getCause().getMessage().contains("localhost:8080"));
+    }
+  }
+
+  @Test(timeout = 10_000L)
+  public void testProxyMockHttp() throws Exception {
+    // Start MockServer
+    mockProxy = ClientAndServer.startClientAndServer(PortFactory.findFreePort());
+    mockServer = ClientAndServer.startClientAndServer(PortFactory.findFreePort());
+
+    System.setProperty("http.proxyHost", "localhost");
+    System.setProperty("http.proxyPort", mockProxy.getPort().toString());
+
+    // Configure proxy to receieve requests and forward them to a mock destination
+    // server
+    mockProxy
+        .when(
+            request())
+        .forward(
+            forward()
+                .withHost("localhost")
+                .withPort(mockServer.getPort())
+                .withScheme(Scheme.HTTP));
+
+    // Configure server to listen and respond
+    mockServer
+        .when(
+            request())
+        .respond(
+            response()
+                .withStatusCode(200)
+                .withBody("Expected server response"));
+
+    // Send a request through the proxy
+    app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .setWriteTimeout(100)
+        .build(), "test-app");
+    ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(true, app);
+    HttpRequestInfo request = HttpRequestInfo.buildGetRequest("http://www.google.com");
+    IncomingHttpResponse response = httpClient.send(request);
+
+    // Verify that the proxy received request with destination host
+    mockProxy.verify(
+        request()
+            .withMethod("GET")
+            .withPath("/")
+            .withHeader(header("Host", "www.google.com")));
+
+    // Verify the forwarded request is received by the server
+    mockServer.verify(
+        request()
+            .withMethod("GET")
+            .withPath("/"));
+
+    // Verify response
+    assertEquals(200, response.getStatusCode());
+    assertEquals(response.getContent(), "Expected server response");
+  }
+
+  private static ErrorHandlingHttpClient<FirebaseException> getHttpClient(boolean authorized,
+      FirebaseApp app) {
+    HttpRequestFactory requestFactory;
+    if (authorized) {
+      requestFactory = ApiClientUtils.newAuthorizedRequestFactory(app);
+    } else {
+      requestFactory = ApiClientUtils.newUnauthorizedRequestFactory(app);
+    }
+    JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
+    TestHttpErrorHandler errorHandler = new TestHttpErrorHandler();
+    return new ErrorHandlingHttpClient<>(requestFactory, jsonFactory, errorHandler);
+  }
+
+  private static ErrorHandlingHttpClient<FirebaseException> getHttpClient(boolean authorized) {
+    app = FirebaseApp.initializeApp(FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .build(), "test-app");
+    return getHttpClient(authorized, app);
+  }
+
+  private static class TestHttpErrorHandler implements HttpErrorHandler<FirebaseException> {
+    @Override
+    public FirebaseException handleIOException(IOException e) {
+      return new FirebaseException(
+          ErrorCode.UNKNOWN, "IO error: " + e.getMessage(), e);
+    }
+
+    @Override
+    public FirebaseException handleHttpResponseException(
+        HttpResponseException e, IncomingHttpResponse response) {
+      return new FirebaseException(
+          ErrorCode.INTERNAL, "Example error message: " + e.getContent(), e, response);
+    }
+
+    @Override
+    public FirebaseException handleParseException(IOException e, IncomingHttpResponse response) {
+      return new FirebaseException(ErrorCode.UNKNOWN, "Parse error", e, response);
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/internal/ApacheHttp2TransportTest.java b/src/test/java/com/google/firebase/internal/ApacheHttp2TransportTest.java
new file mode 100644
index 000000000..fcaf563f3
--- /dev/null
+++ b/src/test/java/com/google/firebase/internal/ApacheHttp2TransportTest.java
@@ -0,0 +1,379 @@
+/*
+ * Copyright 2024 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import com.google.api.client.http.ByteArrayContent;
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpContent;
+import com.google.api.client.http.HttpMethods;
+import com.google.api.client.http.HttpResponseException;
+import com.google.api.client.http.HttpTransport;
+import com.google.api.client.http.InputStreamContent;
+import com.google.api.client.http.LowLevelHttpResponse;
+import com.google.api.client.util.ByteArrayStreamingContent;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.Future;
+
+import org.apache.hc.client5.http.async.HttpAsyncClient;
+import org.apache.hc.client5.http.async.methods.SimpleHttpResponse;
+import org.apache.hc.client5.http.async.methods.SimpleRequestBuilder;
+import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
+import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
+import org.apache.hc.client5.http.impl.async.HttpAsyncClients;
+import org.apache.hc.core5.concurrent.FutureCallback;
+import org.apache.hc.core5.http.ClassicHttpRequest;
+import org.apache.hc.core5.http.ClassicHttpResponse;
+import org.apache.hc.core5.http.ContentType;
+import org.apache.hc.core5.http.EntityDetails;
+import org.apache.hc.core5.http.HttpException;
+import org.apache.hc.core5.http.HttpHeaders;
+import org.apache.hc.core5.http.HttpHost;
+import org.apache.hc.core5.http.HttpRequest;
+import org.apache.hc.core5.http.HttpRequestMapper;
+import org.apache.hc.core5.http.HttpResponse;
+import org.apache.hc.core5.http.HttpStatus;
+import org.apache.hc.core5.http.impl.bootstrap.HttpServer;
+import org.apache.hc.core5.http.impl.io.HttpService;
+import org.apache.hc.core5.http.io.HttpRequestHandler;
+import org.apache.hc.core5.http.io.entity.ByteArrayEntity;
+import org.apache.hc.core5.http.io.support.BasicHttpServerRequestHandler;
+import org.apache.hc.core5.http.nio.AsyncPushConsumer;
+import org.apache.hc.core5.http.nio.AsyncRequestProducer;
+import org.apache.hc.core5.http.nio.AsyncResponseConsumer;
+import org.apache.hc.core5.http.nio.HandlerFactory;
+import org.apache.hc.core5.http.protocol.HttpContext;
+import org.apache.hc.core5.http.protocol.HttpProcessor;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ApacheHttp2TransportTest {
+  @Test
+  public void testContentLengthSet() throws Exception {
+    SimpleRequestBuilder requestBuilder = SimpleRequestBuilder.create(HttpMethods.POST)
+        .setUri("http://www.google.com");
+
+    ApacheHttp2Request request = new ApacheHttp2Request(
+        new MockApacheHttp2AsyncClient() {
+          @SuppressWarnings("unchecked")
+          @Override
+          public <T> Future<T> doExecute(
+              final HttpHost target,
+              final AsyncRequestProducer requestProducer,
+              final AsyncResponseConsumer<T> responseConsumer,
+              final HandlerFactory<AsyncPushConsumer> pushHandlerFactory,
+              final HttpContext context,
+              final FutureCallback<T> callback) {
+            return (Future<T>) CompletableFuture.completedFuture(new SimpleHttpResponse(200));
+          }
+        }, requestBuilder);
+
+    HttpContent content = new ByteArrayContent("text/plain",
+        "sample".getBytes(StandardCharsets.UTF_8));
+    request.setStreamingContent(content);
+    request.setContentLength(content.getLength());
+    request.execute();
+
+    assertFalse(request.getEntityProducer().isChunked());
+    assertEquals(6, request.getEntityProducer().getContentLength());
+  }
+
+  @Test
+  public void testChunked() throws Exception {
+    byte[] buf = new byte[300];
+    Arrays.fill(buf, (byte) ' ');
+    SimpleRequestBuilder requestBuilder = SimpleRequestBuilder.create(HttpMethods.POST)
+        .setUri("http://www.google.com");
+    ApacheHttp2Request request = new ApacheHttp2Request(
+        new MockApacheHttp2AsyncClient() {
+          @SuppressWarnings("unchecked")
+          @Override
+          public <T> Future<T> doExecute(
+              final HttpHost target,
+              final AsyncRequestProducer requestProducer,
+              final AsyncResponseConsumer<T> responseConsumer,
+              final HandlerFactory<AsyncPushConsumer> pushHandlerFactory,
+              final HttpContext context,
+              final FutureCallback<T> callback) {
+            return (Future<T>) CompletableFuture.completedFuture(new SimpleHttpResponse(200));
+          }
+        }, requestBuilder);
+
+    HttpContent content = new InputStreamContent("text/plain", new ByteArrayInputStream(buf));
+    request.setStreamingContent(content);
+    request.execute();
+
+    assertTrue(request.getEntityProducer().isChunked());
+    assertEquals(-1, request.getEntityProducer().getContentLength());
+  }
+
+  @Test
+  public void testExecute() throws Exception {
+    SimpleHttpResponse simpleHttpResponse = SimpleHttpResponse.create(200, new byte[] { 1, 2, 3 });
+
+    SimpleRequestBuilder requestBuilder = SimpleRequestBuilder.create(HttpMethods.POST)
+        .setUri("http://www.google.com");
+
+    ApacheHttp2Request request = new ApacheHttp2Request(
+        new MockApacheHttp2AsyncClient() {
+          @SuppressWarnings("unchecked")
+          @Override
+          public <T> Future<T> doExecute(
+              final HttpHost target,
+              final AsyncRequestProducer requestProducer,
+              final AsyncResponseConsumer<T> responseConsumer,
+              final HandlerFactory<AsyncPushConsumer> pushHandlerFactory,
+              final HttpContext context,
+              final FutureCallback<T> callback) {
+            return (Future<T>) CompletableFuture.completedFuture(simpleHttpResponse);
+          }
+        }, requestBuilder);
+    LowLevelHttpResponse response = request.execute();
+    assertTrue(response instanceof ApacheHttp2Response);
+
+    // we confirm that the simple response we prepared in this test is the same as
+    // the content's response
+    assertTrue(response.getContent() instanceof ByteArrayInputStream);
+    assertEquals(simpleHttpResponse, ((ApacheHttp2Response) response).getResponse());
+    // No need to cloase ByteArrayInputStream since close() has no effect.
+  }
+
+  @Test
+  public void testApacheHttpTransport() {
+    ApacheHttp2Transport transport = new ApacheHttp2Transport();
+    checkHttpTransport(transport);
+    assertFalse(transport.isMtls());
+  }
+
+  @Test
+  public void testApacheHttpTransportWithParam() {
+    HttpAsyncClientBuilder clientBuilder = HttpAsyncClients.custom();
+    ApacheHttp2Transport transport = new ApacheHttp2Transport(clientBuilder.build(), true);
+    checkHttpTransport(transport);
+    assertTrue(transport.isMtls());
+  }
+
+  @Test
+  public void testNewDefaultHttpClient() {
+    HttpAsyncClient client = ApacheHttp2Transport.newDefaultHttpAsyncClient();
+    checkHttpClient(client);
+  }
+
+  @Test
+  public void testDefaultHttpClientBuilder() {
+    HttpAsyncClientBuilder clientBuilder = ApacheHttp2Transport.defaultHttpAsyncClientBuilder();
+    HttpAsyncClient client = clientBuilder.build();
+    checkHttpClient(client);
+  }
+
+  private void checkHttpTransport(ApacheHttp2Transport transport) {
+    assertNotNull(transport);
+    HttpAsyncClient client = transport.getHttpClient();
+    checkHttpClient(client);
+  }
+
+  private void checkHttpClient(HttpAsyncClient client) {
+    assertNotNull(client);
+  }
+
+  @Test
+  public void testRequestsWithContent() throws IOException {
+    // This test confirms that we can set the content on any type of request
+    CloseableHttpAsyncClient mockClient = new MockApacheHttp2AsyncClient() {
+      @SuppressWarnings("unchecked")
+      @Override
+      public <T> Future<T> doExecute(
+          final HttpHost target,
+          final AsyncRequestProducer requestProducer,
+          final AsyncResponseConsumer<T> responseConsumer,
+          final HandlerFactory<AsyncPushConsumer> pushHandlerFactory,
+          final HttpContext context,
+          final FutureCallback<T> callback) {
+        return (Future<T>) CompletableFuture.completedFuture(new SimpleHttpResponse(200));
+      }
+    };
+    ApacheHttp2Transport transport = new ApacheHttp2Transport(mockClient);
+
+    // Test GET.
+    execute(transport.buildRequest("GET", "http://www.test.url"));
+    // Test DELETE.
+    execute(transport.buildRequest("DELETE", "http://www.test.url"));
+    // Test HEAD.
+    execute(transport.buildRequest("HEAD", "http://www.test.url"));
+    // Test PATCH.
+    execute(transport.buildRequest("PATCH", "http://www.test.url"));
+    // Test PUT.
+    execute(transport.buildRequest("PUT", "http://www.test.url"));
+    // Test POST.
+    execute(transport.buildRequest("POST", "http://www.test.url"));
+    // Test PATCH.
+    execute(transport.buildRequest("PATCH", "http://www.test.url"));
+  }
+
+  @Test
+  public void testNormalizedUrl() throws IOException {
+    final HttpRequestHandler handler = new HttpRequestHandler() {
+      @Override
+      public void handle(
+          ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context)
+          throws HttpException, IOException {
+        // Extract the request URI and convert to bytes
+        byte[] responseData = request.getRequestUri().getBytes(StandardCharsets.UTF_8);
+
+        // Set the response headers (status code and content length)
+        response.setCode(HttpStatus.SC_OK);
+        response.setHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(responseData.length));
+
+        // Set the response entity (body)
+        ByteArrayEntity entity = new ByteArrayEntity(responseData, ContentType.TEXT_PLAIN);
+        response.setEntity(entity);
+      }
+    };
+    try (FakeServer server = new FakeServer(handler)) {
+      HttpTransport transport = new ApacheHttp2Transport();
+      GenericUrl testUrl = new GenericUrl("http://localhost/foo//bar");
+      testUrl.setPort(server.getPort());
+      com.google.api.client.http.HttpResponse response = transport.createRequestFactory()
+          .buildGetRequest(testUrl)
+          .execute();
+      assertEquals(200, response.getStatusCode());
+      assertEquals("/foo//bar", response.parseAsString());
+    }
+  }
+
+  @Test
+  public void testReadErrorStream() throws IOException {
+    final HttpRequestHandler handler = new HttpRequestHandler() {
+      @Override
+      public void handle(
+          ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context)
+          throws HttpException, IOException {
+        byte[] responseData = "Forbidden".getBytes(StandardCharsets.UTF_8);
+        response.setCode(HttpStatus.SC_FORBIDDEN); // 403 Forbidden
+        response.setHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(responseData.length));
+        ByteArrayEntity entity = new ByteArrayEntity(responseData, ContentType.TEXT_PLAIN);
+        response.setEntity(entity);
+      }
+    };
+    try (FakeServer server = new FakeServer(handler)) {
+      HttpTransport transport = new ApacheHttp2Transport();
+      GenericUrl testUrl = new GenericUrl("http://localhost/foo//bar");
+      testUrl.setPort(server.getPort());
+      com.google.api.client.http.HttpRequest getRequest = transport.createRequestFactory()
+          .buildGetRequest(testUrl);
+      getRequest.setThrowExceptionOnExecuteError(false);
+      com.google.api.client.http.HttpResponse response = getRequest.execute();
+      assertEquals(403, response.getStatusCode());
+      assertEquals("Forbidden", response.parseAsString());
+    }
+  }
+
+  @Test
+  public void testReadErrorStream_withException() throws IOException {
+    final HttpRequestHandler handler = new HttpRequestHandler() {
+      @Override
+      public void handle(
+          ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context)
+          throws HttpException, IOException {
+        byte[] responseData = "Forbidden".getBytes(StandardCharsets.UTF_8);
+        response.setCode(HttpStatus.SC_FORBIDDEN); // 403 Forbidden
+        response.setHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(responseData.length));
+        ByteArrayEntity entity = new ByteArrayEntity(responseData, ContentType.TEXT_PLAIN);
+        response.setEntity(entity);
+      }
+    };
+    try (FakeServer server = new FakeServer(handler)) {
+      HttpTransport transport = new ApacheHttp2Transport();
+      GenericUrl testUrl = new GenericUrl("http://localhost/foo//bar");
+      testUrl.setPort(server.getPort());
+      com.google.api.client.http.HttpRequest getRequest = transport.createRequestFactory()
+          .buildGetRequest(testUrl);
+      try {
+        getRequest.execute();
+        Assert.fail();
+      } catch (HttpResponseException ex) {
+        assertEquals("Forbidden", ex.getContent());
+      }
+    }
+  }
+
+  private void execute(ApacheHttp2Request request) throws IOException {
+    byte[] bytes = "abc".getBytes(StandardCharsets.UTF_8);
+    request.setStreamingContent(new ByteArrayStreamingContent(bytes));
+    request.setContentType("text/html");
+    request.setContentLength(bytes.length);
+    request.execute();
+  }
+
+  private static class FakeServer implements AutoCloseable {
+    private final HttpServer server;
+
+    FakeServer(final HttpRequestHandler httpHandler) throws IOException {
+      HttpRequestMapper<HttpRequestHandler> mapper = new HttpRequestMapper<HttpRequestHandler>() {
+        @Override
+        public HttpRequestHandler resolve(HttpRequest request, HttpContext context)
+            throws HttpException {
+          return httpHandler;
+        }
+      };
+      server = new HttpServer(
+          0,
+          HttpService.builder()
+              .withHttpProcessor(
+                  new HttpProcessor() {
+                    @Override
+                    public void process(
+                        HttpRequest request, EntityDetails entity, HttpContext context)
+                        throws HttpException, IOException {
+                    }
+
+                    @Override
+                    public void process(
+                        HttpResponse response, EntityDetails entity, HttpContext context)
+                        throws HttpException, IOException {
+                    }
+                  })
+              .withHttpServerRequestHandler(new BasicHttpServerRequestHandler(mapper))
+              .build(),
+          null,
+          null,
+          null,
+          null,
+          null,
+          null);
+      server.start();
+    }
+
+    public int getPort() {
+      return server.getLocalPort();
+    }
+
+    @Override
+    public void close() {
+      server.initiateShutdown();
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/internal/MockApacheHttp2Response.java b/src/test/java/com/google/firebase/internal/MockApacheHttp2Response.java
new file mode 100644
index 000000000..0f9c04042
--- /dev/null
+++ b/src/test/java/com/google/firebase/internal/MockApacheHttp2Response.java
@@ -0,0 +1,188 @@
+/*
+ * Copyright 2024 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.internal;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+import java.util.stream.Collectors;
+
+import org.apache.hc.core5.http.Header;
+import org.apache.hc.core5.http.HttpResponse;
+import org.apache.hc.core5.http.ProtocolException;
+import org.apache.hc.core5.http.ProtocolVersion;
+
+public class MockApacheHttp2Response implements HttpResponse {
+  List<Header> headers = new ArrayList<>();
+  int code = 200;
+
+  @Override
+  public void setVersion(ProtocolVersion version) {
+  }
+
+  @Override
+  public ProtocolVersion getVersion() {
+    return null;
+  }
+
+  @Override
+  public void addHeader(Header header) {
+    headers.add(header);
+  }
+
+  @Override
+  public void addHeader(String name, Object value) {
+    addHeader(newHeader(name, value));
+  }
+
+  private Header newHeader(String key, Object value) {
+    return new Header() {
+      @Override
+      public boolean isSensitive() {
+        return false;
+      }
+
+      @Override
+      public String getName() {
+        return key;
+      }
+
+      @Override
+      public String getValue() {
+        return value.toString();
+      }
+    };
+  }
+
+  @Override
+  public void setHeader(Header header) {
+    if (headers.contains(header)) {
+      int index = headers.indexOf(header);
+      headers.set(index, header);
+    } else {
+      addHeader(header);
+    }
+  }
+
+  @Override
+  public void setHeader(String name, Object value) {
+    setHeader(newHeader(name, value));
+  }
+
+  @Override
+  public void setHeaders(Header... headers) {
+    for (Header header : headers) {
+      setHeader(header);
+    }
+  }
+
+  @Override
+  public boolean removeHeader(Header header) {
+    if (headers.contains(header)) {
+      headers.remove(headers.indexOf(header));
+      return true;
+    }
+    return false;
+  }
+
+  @Override
+  public boolean removeHeaders(String name) {
+    int initialSize = headers.size();
+    for (Header header : headers.stream().filter(h -> h.getName() == name)
+        .collect(Collectors.toList())) {
+      removeHeader(header);
+    }
+    return headers.size() < initialSize;
+  }
+
+  @Override
+  public boolean containsHeader(String name) {
+    return headers.stream().anyMatch(h -> h.getName() == name);
+  }
+
+  @Override
+  public int countHeaders(String name) {
+    return headers.size();
+  }
+
+  @Override
+  public Header getFirstHeader(String name) {
+    return headers.stream().findFirst().orElse(null);
+  }
+
+  @Override
+  public Header getHeader(String name) throws ProtocolException {
+    return headers.stream().filter(h -> h.getName() == name).findFirst().orElse(null);
+  }
+
+  @Override
+  public Header[] getHeaders() {
+    return headers.toArray(new Header[0]);
+  }
+
+  @Override
+  public Header[] getHeaders(String name) {
+    return headers.stream()
+        .filter(h -> h.getName() == name)
+        .collect(Collectors.toList())
+        .toArray(new Header[0]);
+  }
+
+  @Override
+  public Header getLastHeader(String name) {
+    return headers.isEmpty() ? null : headers.get(headers.size() - 1);
+  }
+
+  @Override
+  public Iterator<Header> headerIterator() {
+    return headers.iterator();
+  }
+
+  @Override
+  public Iterator<Header> headerIterator(String name) {
+    return headers.stream().filter(h -> h.getName() == name).iterator();
+  }
+
+  @Override
+  public int getCode() {
+    return this.code;
+  }
+
+  @Override
+  public void setCode(int code) {
+    this.code = code;
+  }
+
+  @Override
+  public String getReasonPhrase() {
+    return null;
+  }
+
+  @Override
+  public void setReasonPhrase(String reason) {
+  }
+
+  @Override
+  public Locale getLocale() {
+    return null;
+  }
+
+  @Override
+  public void setLocale(Locale loc) {
+  }
+}
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
index 3180aea01..b75d9a3d6 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
@@ -368,7 +368,7 @@ private FirebaseMessagingClientImpl initMessagingClient(
         .setProjectId("test-project")
         .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
         .setRequestFactory(transport.createRequestFactory())
-        .setChildRequestFactory(Utils.getDefaultTransport().createRequestFactory())
+        .setChildRequestFactory(ApiClientUtils.getDefaultTransport().createRequestFactory())
         .setResponseInterceptor(interceptor)
         .build();
   }
@@ -379,7 +379,7 @@ private FirebaseMessagingClientImpl initClientWithFaultyTransport() {
         .setProjectId("test-project")
         .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
         .setRequestFactory(transport.createRequestFactory())
-        .setChildRequestFactory(Utils.getDefaultTransport().createRequestFactory())
+        .setChildRequestFactory(ApiClientUtils.getDefaultTransport().createRequestFactory())
         .build();
   }
 
@@ -405,8 +405,8 @@ private FirebaseMessagingClientImpl.Builder fullyPopulatedBuilder() {
     return FirebaseMessagingClientImpl.builder()
         .setProjectId("test-project")
         .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
-        .setRequestFactory(Utils.getDefaultTransport().createRequestFactory())
-        .setChildRequestFactory(Utils.getDefaultTransport().createRequestFactory());
+        .setRequestFactory(ApiClientUtils.getDefaultTransport().createRequestFactory())
+        .setChildRequestFactory(ApiClientUtils.getDefaultTransport().createRequestFactory());
   }
 
   private void checkExceptionFromHttpResponse(
diff --git a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
index e7222ccb5..1a140680f 100644
--- a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
@@ -358,7 +358,7 @@ public void testRequestFactoryIsNull() {
 
   @Test(expected = NullPointerException.class)
   public void testJsonFactoryIsNull() {
-    new InstanceIdClientImpl(Utils.getDefaultTransport().createRequestFactory(), null);
+    new InstanceIdClientImpl(ApiClientUtils.getDefaultTransport().createRequestFactory(), null);
   }
 
   @Test
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
index f2d5c8126..0a04809cf 100644
--- a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
@@ -1173,7 +1173,7 @@ private FirebaseRemoteConfigClientImpl.Builder fullyPopulatedBuilder() {
     return FirebaseRemoteConfigClientImpl.builder()
             .setProjectId("test-project")
             .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
-            .setRequestFactory(Utils.getDefaultTransport().createRequestFactory());
+            .setRequestFactory(ApiClientUtils.getDefaultTransport().createRequestFactory());
   }
 
   private void checkGetRequestHeader(HttpRequest request) {

From 686287d7607d484003339a7cc86fbbce1e2e18f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 13:38:48 -0400
Subject: [PATCH 278/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.45.0 to 26.48.0 (#1008)

Bumps [com.google.cloud:libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.45.0 to 26.48.0.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/release-please-config.json)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/v26.45.0...v26.48.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 9fe0bfdd7..c0a217b70 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.45.0</version>
+                <version>26.48.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 0cb7af3552d64a084fb00dfbe06b7ac63bfd9681 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 17:40:51 +0000
Subject: [PATCH 279/354] chore(deps): Bump
 org.apache.maven.plugins:maven-gpg-plugin (#1005)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c0a217b70..cb44a39da 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
                 <plugins>
                     <plugin>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.2.5</version>
+                        <version>3.2.7</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>

From f29579fc15952351250d6ef0c7d8236abdce8685 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 17:43:52 +0000
Subject: [PATCH 280/354] chore(deps): Bump org.codehaus.mojo:exec-maven-plugin
 (#999)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index cb44a39da..2b63fb392 100644
--- a/pom.xml
+++ b/pom.xml
@@ -215,7 +215,7 @@
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>exec-maven-plugin</artifactId>
-                        <version>3.3.0</version>
+                        <version>3.4.1</version>
                         <executions>
                             <execution>
                                 <phase>test</phase>

From c7005d7a3c463132dcd63920c09a7fb53c5feb54 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 12:17:47 -0400
Subject: [PATCH 281/354] chore(deps): Bump
 org.apache.maven.plugins:maven-javadoc-plugin (#1011)

Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.10.0 to 3.10.1.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.10.0...maven-javadoc-plugin-3.10.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 2b63fb392..ad73afd11 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.10.0</version>
+                        <version>3.10.1</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.10.0</version>
+                <version>3.10.1</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From f8699ae4b162521f2816e0a4023de813c369a070 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 16:20:39 +0000
Subject: [PATCH 282/354] chore(deps): Bump netty.version from 4.1.113.Final to
 4.1.114.Final (#1010)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ad73afd11..f741396d9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.113.Final</netty.version>
+        <netty.version>4.1.114.Final</netty.version>
     </properties>
 
     <scm>

From c0d87b953e58834c10d63da1eb7dc3d2168aae62 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 16:22:54 +0000
Subject: [PATCH 283/354] chore(deps): Bump
 org.apache.maven.plugins:maven-failsafe-plugin (#1009)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f741396d9..7a9fcbc4c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -337,7 +337,7 @@
             <!-- Verify Phase -->
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
-                <version>3.5.0</version>
+                <version>3.5.1</version>
                 <executions>
                     <execution>
                         <goals>

From edfa49c328120d4034dbc00053f92f397c6f05e6 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Wed, 9 Oct 2024 12:47:48 -0400
Subject: [PATCH 284/354] [chore] Release 9.4.0 (#1013)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 7a9fcbc4c..62793211e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.3.0</version>
+    <version>9.4.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 2a58a9f114641a478053dd1e4937ffed6e75e9ae Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Wed, 9 Oct 2024 14:34:55 -0400
Subject: [PATCH 285/354] [chore] Release 9.4.0 Take 2 (#1014)

---
 .github/resources/settings.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/resources/settings.xml b/.github/resources/settings.xml
index 847ea52d0..f3bc754e2 100644
--- a/.github/resources/settings.xml
+++ b/.github/resources/settings.xml
@@ -21,7 +21,7 @@
       </activation>
       <properties>
         <gpg.executable>gpg</gpg.executable>
-        <gpg.keyname>77A3CB7D41F06A4512BA8EA5AA4E6ADF6A05C58E</gpg.keyname>
+        <gpg.keyname>0A05D8FAD4287A36C53BE07714D6B82AEB1DD39C</gpg.keyname>
         <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
       </properties>
     </profile>

From 2469a09f8b8aeff517fceb00734afca281132da5 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Tue, 15 Oct 2024 09:45:54 -0400
Subject: [PATCH 286/354] fix: Remove mockserver dependency (#1022)

---
 pom.xml                                       |  5 --
 .../internal/ApacheHttp2TransportIT.java      | 75 -------------------
 2 files changed, 80 deletions(-)

diff --git a/pom.xml b/pom.xml
index 62793211e..3732011ea 100644
--- a/pom.xml
+++ b/pom.xml
@@ -493,10 +493,5 @@
             <version>3.0</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.mock-server</groupId>
-            <artifactId>mockserver-junit-rule-no-dependencies</artifactId>
-            <version>5.14.0</version>
-        </dependency>
     </dependencies>
 </project>
diff --git a/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java b/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java
index c8fbe5533..047e1de0b 100644
--- a/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java
+++ b/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java
@@ -21,10 +21,6 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
-import static org.mockserver.model.Header.header;
-import static org.mockserver.model.HttpForward.forward;
-import static org.mockserver.model.HttpRequest.request;
-import static org.mockserver.model.HttpResponse.response;
 
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpRequestFactory;
@@ -59,10 +55,6 @@
 import org.junit.BeforeClass;
 import org.junit.Test;
 
-import org.mockserver.integration.ClientAndServer;
-import org.mockserver.model.HttpForward.Scheme;
-import org.mockserver.socket.PortFactory;
-
 public class ApacheHttp2TransportIT {
   private static FirebaseApp app;
   private static final GoogleCredentials MOCK_CREDENTIALS = new MockGoogleCredentials("test_token");
@@ -79,9 +71,6 @@ public class ApacheHttp2TransportIT {
   private static Socket fillerSocket;
   private static int port;
 
-  private static ClientAndServer mockProxy;
-  private static ClientAndServer mockServer;
-
   @BeforeClass
   public static void setUpClass() throws IOException {
     // Start server socket with a backlog queue of 1 and a automatically assigned
@@ -109,14 +98,6 @@ public void cleanup() {
       app.delete();
     }
 
-    if (mockProxy != null && mockProxy.isRunning()) {
-      mockProxy.close();
-    }
-
-    if (mockServer != null && mockServer.isRunning()) {
-      mockServer.close();
-    }
-
     System.clearProperty("http.proxyHost");
     System.clearProperty("http.proxyPort");
     System.clearProperty("https.proxyHost");
@@ -311,62 +292,6 @@ public void testVerifyProxyIsRespected() {
     }
   }
 
-  @Test(timeout = 10_000L)
-  public void testProxyMockHttp() throws Exception {
-    // Start MockServer
-    mockProxy = ClientAndServer.startClientAndServer(PortFactory.findFreePort());
-    mockServer = ClientAndServer.startClientAndServer(PortFactory.findFreePort());
-
-    System.setProperty("http.proxyHost", "localhost");
-    System.setProperty("http.proxyPort", mockProxy.getPort().toString());
-
-    // Configure proxy to receieve requests and forward them to a mock destination
-    // server
-    mockProxy
-        .when(
-            request())
-        .forward(
-            forward()
-                .withHost("localhost")
-                .withPort(mockServer.getPort())
-                .withScheme(Scheme.HTTP));
-
-    // Configure server to listen and respond
-    mockServer
-        .when(
-            request())
-        .respond(
-            response()
-                .withStatusCode(200)
-                .withBody("Expected server response"));
-
-    // Send a request through the proxy
-    app = FirebaseApp.initializeApp(FirebaseOptions.builder()
-        .setCredentials(MOCK_CREDENTIALS)
-        .setWriteTimeout(100)
-        .build(), "test-app");
-    ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(true, app);
-    HttpRequestInfo request = HttpRequestInfo.buildGetRequest("http://www.google.com");
-    IncomingHttpResponse response = httpClient.send(request);
-
-    // Verify that the proxy received request with destination host
-    mockProxy.verify(
-        request()
-            .withMethod("GET")
-            .withPath("/")
-            .withHeader(header("Host", "www.google.com")));
-
-    // Verify the forwarded request is received by the server
-    mockServer.verify(
-        request()
-            .withMethod("GET")
-            .withPath("/"));
-
-    // Verify response
-    assertEquals(200, response.getStatusCode());
-    assertEquals(response.getContent(), "Expected server response");
-  }
-
   private static ErrorHandlingHttpClient<FirebaseException> getHttpClient(boolean authorized,
       FirebaseApp app) {
     HttpRequestFactory requestFactory;

From 0523993e49d5d8241cb9251f3b488636a2a54f8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 12:26:25 -0400
Subject: [PATCH 287/354] chore(deps): Bump
 org.apache.maven.plugins:maven-surefire-plugin (#1021)

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.0...surefire-3.5.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3732011ea..a146c39da 100644
--- a/pom.xml
+++ b/pom.xml
@@ -280,7 +280,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.5.0</version>
+                <version>3.5.1</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From f581e5325c7595dfa40be348bbf2b169382f7491 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Tue, 15 Oct 2024 12:58:06 -0400
Subject: [PATCH 288/354] [chore] Release 9.4.1 (#1024)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a146c39da..6136770a4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.4.0</version>
+    <version>9.4.1</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 79b880950ac97763fc361fe2a3e7fa085bca1539 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 14:27:03 -0400
Subject: [PATCH 289/354] chore(deps): Bump
 org.apache.maven.plugins:maven-project-info-reports-plugin (#1026)

Bumps [org.apache.maven.plugins:maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.7.0 to 3.8.0.
- [Commits](https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.7.0...maven-project-info-reports-plugin-3.8.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-project-info-reports-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6136770a4..ce2ff9339 100644
--- a/pom.xml
+++ b/pom.xml
@@ -367,7 +367,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.7.0</version>
+                <version>3.8.0</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From feaa092802ab1a7b0170eb601c12eedb39c81eeb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 18:30:12 +0000
Subject: [PATCH 290/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.48.0 to 26.49.0 (#1025)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ce2ff9339..39548b0fa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.48.0</version>
+                <version>26.49.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 88b8e5d5b78d1494541a7ec22759d38a788256a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Nov 2024 11:46:25 -0500
Subject: [PATCH 291/354] chore(deps): Bump
 org.apache.maven.plugins:maven-surefire-plugin (#1038)

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.1...surefire-3.5.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 39548b0fa..102764938 100644
--- a/pom.xml
+++ b/pom.xml
@@ -280,7 +280,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.5.1</version>
+                <version>3.5.2</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From 0dff988c2bd2642ba83472c8110e8573d459a532 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Nov 2024 16:49:34 +0000
Subject: [PATCH 292/354] chore(deps): Bump org.codehaus.mojo:exec-maven-plugin
 (#1037)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 102764938..e0340a794 100644
--- a/pom.xml
+++ b/pom.xml
@@ -215,7 +215,7 @@
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>exec-maven-plugin</artifactId>
-                        <version>3.4.1</version>
+                        <version>3.5.0</version>
                         <executions>
                             <execution>
                                 <phase>test</phase>

From b4b2fc12510909b6515cc34ded8b8b5ba34ee056 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Tue, 26 Nov 2024 14:15:13 -0500
Subject: [PATCH 293/354] chore: Add `X-Goog-Api-Client` metric header to
 outgoing requests (#1039)

---
 .../firebase/internal/ErrorHandlingHttpClient.java       | 1 +
 src/main/java/com/google/firebase/internal/SdkUtils.java | 8 ++++++++
 .../google/firebase/auth/FirebaseUserManagerTest.java    | 2 ++
 .../google/firebase/auth/internal/CryptoSignersTest.java | 5 +++++
 .../auth/multitenancy/FirebaseTenantClientTest.java      | 1 +
 .../auth/multitenancy/TenantAwareFirebaseAuthTest.java   | 9 +++++++++
 .../com/google/firebase/iid/FirebaseInstanceIdTest.java  | 2 ++
 .../firebase/internal/ErrorHandlingHttpClientTest.java   | 1 +
 .../messaging/FirebaseMessagingClientImplTest.java       | 1 +
 .../firebase/messaging/InstanceIdClientImplTest.java     | 3 +++
 .../FirebaseProjectManagementServiceImplTest.java        | 1 +
 .../remoteconfig/FirebaseRemoteConfigClientImplTest.java | 3 +++
 12 files changed, 37 insertions(+)

diff --git a/src/main/java/com/google/firebase/internal/ErrorHandlingHttpClient.java b/src/main/java/com/google/firebase/internal/ErrorHandlingHttpClient.java
index 5efdd0ec2..cccd0cedb 100644
--- a/src/main/java/com/google/firebase/internal/ErrorHandlingHttpClient.java
+++ b/src/main/java/com/google/firebase/internal/ErrorHandlingHttpClient.java
@@ -89,6 +89,7 @@ public void sendAndParse(HttpRequestInfo requestInfo, Object destination) throws
   }
 
   public IncomingHttpResponse send(HttpRequestInfo requestInfo) throws T {
+    requestInfo.addHeader("X-Goog-Api-Client", SdkUtils.getMetricsHeader());
     HttpRequest request = createHttpRequest(requestInfo);
 
     HttpResponse response = null;
diff --git a/src/main/java/com/google/firebase/internal/SdkUtils.java b/src/main/java/com/google/firebase/internal/SdkUtils.java
index 2fa5e5767..cd9619087 100644
--- a/src/main/java/com/google/firebase/internal/SdkUtils.java
+++ b/src/main/java/com/google/firebase/internal/SdkUtils.java
@@ -39,6 +39,14 @@ public static String getVersion() {
     return SDK_VERSION;
   }
 
+  public static String getJavaVersion() {
+    return System.getProperty("java.version");
+  }
+
+  public static String getMetricsHeader() {
+    return String.format("gl-java/%s fire-admin/%s", getJavaVersion(), getVersion());
+  }
+
   private static String loadSdkVersion() {
     try (InputStream in = SdkUtils.class.getClassLoader()
         .getResourceAsStream(ADMIN_SDK_PROPERTIES)) {
diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index 41085d181..c8c733ce4 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -3026,6 +3026,8 @@ private static void checkRequestHeaders(TestResponseInterceptor interceptor) {
 
     String clientVersion = "Java/Admin/" + SdkUtils.getVersion();
     assertEquals(clientVersion, headers.getFirstHeaderStringValue("X-Client-Version"));
+    assertEquals(SdkUtils.getMetricsHeader(), headers.get("X-Goog-Api-Client"));
+
   }
 
   private static void checkUrl(TestResponseInterceptor interceptor, String method, String url) {
diff --git a/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java b/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
index 679fe5a3c..17af1eb76 100644
--- a/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
+++ b/src/test/java/com/google/firebase/auth/internal/CryptoSignersTest.java
@@ -39,6 +39,7 @@
 import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.auth.MockGoogleCredentials;
 import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.MultiRequestMockHttpTransport;
 import com.google.firebase.testing.ServiceAccount;
 import com.google.firebase.testing.TestResponseInterceptor;
@@ -87,6 +88,8 @@ public void testIAMCryptoSigner() throws Exception {
     final String url = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/"
         + "test-service-account@iam.gserviceaccount.com:signBlob";
     assertEquals(url, interceptor.getResponse().getRequest().getUrl().toString());
+    HttpRequest request = interceptor.getResponse().getRequest();
+    assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
   }
 
   @Test
@@ -173,6 +176,7 @@ public void testMetadataService() throws Exception {
     HttpRequest request = interceptor.getResponse().getRequest();
     assertEquals(url, request.getUrl().toString());
     assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
+    assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
   }
 
   @Test
@@ -203,6 +207,7 @@ public void testExplicitServiceAccountEmail() throws Exception {
     HttpRequest request = interceptor.getResponse().getRequest();
     assertEquals(url, request.getUrl().toString());
     assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
+    assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
   }
 
   @Test
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
index eca55ee66..cdb5852d0 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/FirebaseTenantClientTest.java
@@ -353,6 +353,7 @@ private static void checkRequestHeaders(TestResponseInterceptor interceptor) {
 
     String clientVersion = "Java/Admin/" + SdkUtils.getVersion();
     assertEquals(clientVersion, headers.getFirstHeaderStringValue("X-Client-Version"));
+    assertEquals(SdkUtils.getMetricsHeader(), headers.get("X-Goog-Api-Client"));
   }
 
   private static void checkUrl(TestResponseInterceptor interceptor, String method, String url) {
diff --git a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
index 68e35492e..4cf36a3d7 100644
--- a/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
+++ b/src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthTest.java
@@ -38,6 +38,7 @@
 import com.google.firebase.auth.MockTokenVerifier;
 import com.google.firebase.auth.SessionCookieOptions;
 import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
 import java.io.ByteArrayOutputStream;
@@ -85,6 +86,7 @@ public void testCreateSessionCookieAsync() throws Exception {
     assertEquals("testToken", parsed.get("idToken"));
     assertEquals(new BigDecimal(3600), parsed.get("validDuration"));
     checkUrl(interceptor, AUTH_BASE_URL + ":createSessionCookie");
+    checkHeaders(interceptor);
   }
 
   @Test
@@ -121,6 +123,7 @@ public void testCreateSessionCookie() throws Exception {
     assertEquals("testToken", parsed.get("idToken"));
     assertEquals(new BigDecimal(3600), parsed.get("validDuration"));
     checkUrl(interceptor, AUTH_BASE_URL + ":createSessionCookie");
+    checkHeaders(interceptor);
   }
 
   @Test
@@ -212,6 +215,7 @@ public void testVerifySessionCookieWithCheckRevoked() throws FirebaseAuthExcepti
     assertEquals("uid", token.getUid());
     assertEquals("cookie", tokenVerifier.getLastTokenString());
     checkUrl(interceptor, AUTH_BASE_URL + "/accounts:lookup");
+    checkHeaders(interceptor);
   }
 
   @Test
@@ -290,4 +294,9 @@ private static void checkUrl(TestResponseInterceptor interceptor, String url) {
     assertEquals(HttpMethods.POST, request.getRequestMethod());
     assertEquals(url, request.getUrl().getRawPath());
   }
+
+  private static void checkHeaders(TestResponseInterceptor interceptor) {
+    HttpRequest request = interceptor.getResponse().getRequest();
+    assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
+  }
 }
diff --git a/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java b/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java
index 27864d992..f563d87dd 100644
--- a/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java
+++ b/src/test/java/com/google/firebase/iid/FirebaseInstanceIdTest.java
@@ -38,6 +38,7 @@
 import com.google.firebase.OutgoingHttpRequest;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.GenericFunction;
 import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
@@ -174,6 +175,7 @@ public Void call(Object... args) throws Exception {
       assertEquals(HttpMethods.DELETE, request.getRequestMethod());
       assertEquals(TEST_URL, request.getUrl().toString());
       assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
+      assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
     }
   }
 
diff --git a/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java b/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java
index 8b3e75efd..6d7fb2a9e 100644
--- a/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java
+++ b/src/test/java/com/google/firebase/internal/ErrorHandlingHttpClientTest.java
@@ -127,6 +127,7 @@ public void testSuccessfulRequestWithHeadersAndBody() throws FirebaseException,
     assertEquals("v1", last.getHeaders().get("h1"));
     assertEquals("v2", last.getHeaders().get("h2"));
     assertEquals("v3", last.getHeaders().get("h3"));
+    assertEquals(SdkUtils.getMetricsHeader(), last.getHeaders().get("x-goog-api-client"));
 
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     last.getContent().writeTo(out);
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
index b75d9a3d6..805d409a0 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingClientImplTest.java
@@ -389,6 +389,7 @@ private void checkRequestHeader(HttpRequest request) {
     HttpHeaders headers = request.getHeaders();
     assertEquals("2", headers.get("X-GOOG-API-FORMAT-VERSION"));
     assertEquals("fire-admin-java/" + SdkUtils.getVersion(), headers.get("X-Firebase-Client"));
+    assertEquals(SdkUtils.getMetricsHeader(), headers.get("X-Goog-Api-Client"));
   }
 
   private void checkRequest(
diff --git a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
index 1a140680f..d0151bb94 100644
--- a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
@@ -41,6 +41,7 @@
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
 import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
 import java.io.ByteArrayOutputStream;
@@ -447,6 +448,8 @@ private void checkTopicManagementRequestHeader(
       HttpRequest request, String expectedUrl) {
     assertEquals("POST", request.getRequestMethod());
     assertEquals(expectedUrl, request.getUrl().toString());
+    assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
+
   }
 
   private void checkExceptionFromHttpResponse(
diff --git a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
index 853074e65..4221adc6c 100644
--- a/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
+++ b/src/test/java/com/google/firebase/projectmanagement/FirebaseProjectManagementServiceImplTest.java
@@ -1124,6 +1124,7 @@ private void checkRequestHeader(int index, String expectedUrl, HttpMethod httpMe
     assertEquals(expectedUrl, request.getUrl().toString());
     assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
     assertEquals(CLIENT_VERSION, request.getHeaders().get("X-Client-Version"));
+    assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
   }
 
   private void checkRequestPayload(Map<String, String> expected) throws IOException {
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
index 0a04809cf..edc52a19d 100644
--- a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
@@ -1185,6 +1185,7 @@ private void checkGetRequestHeader(HttpRequest request, String urlSuffix) {
     assertEquals(TEST_REMOTE_CONFIG_URL + urlSuffix, request.getUrl().toString());
     HttpHeaders headers = request.getHeaders();
     assertEquals("fire-admin-java/" + SdkUtils.getVersion(), headers.get("X-Firebase-Client"));
+    assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
     assertEquals("gzip", headers.getAcceptEncoding());
   }
 
@@ -1197,6 +1198,7 @@ private void checkPutRequestHeader(HttpRequest request, String urlSuffix, String
     assertEquals(TEST_REMOTE_CONFIG_URL + urlSuffix, request.getUrl().toString());
     HttpHeaders headers = request.getHeaders();
     assertEquals("fire-admin-java/" + SdkUtils.getVersion(), headers.get("X-Firebase-Client"));
+    assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
     assertEquals("gzip", headers.getAcceptEncoding());
     assertEquals(ifMatch, headers.getIfMatch());
   }
@@ -1206,6 +1208,7 @@ private void checkPostRequestHeader(HttpRequest request, String urlSuffix) {
     assertEquals(TEST_REMOTE_CONFIG_URL + urlSuffix, request.getUrl().toString());
     HttpHeaders headers = request.getHeaders();
     assertEquals("fire-admin-java/" + SdkUtils.getVersion(), headers.get("X-Firebase-Client"));
+    assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
     assertEquals("gzip", headers.getAcceptEncoding());
   }
 

From 724b9eee8d0541b2c984eee4b56eb7f6c1314944 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Dec 2024 15:27:59 +0000
Subject: [PATCH 294/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.49.0 to 26.50.0 (#1040)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e0340a794..02e1b5967 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.49.0</version>
+                <version>26.50.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 5e13dab4f1a602e057c944300468e1d3dc5a1b86 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Dec 2024 15:32:50 +0000
Subject: [PATCH 295/354] chore(deps): Bump
 org.apache.maven.plugins:maven-javadoc-plugin (#1041)

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 02e1b5967..ac9236309 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.10.1</version>
+                        <version>3.11.1</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.10.1</version>
+                <version>3.11.1</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 730f794611f2c737c8fe43701ca4d41e63b1fb62 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Wed, 4 Dec 2024 16:28:53 -0500
Subject: [PATCH 296/354] fix: Catch `StorageException` in IT to temporarily
 unblock release (#1043)

---
 src/test/java/com/google/firebase/cloud/StorageClientIT.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/test/java/com/google/firebase/cloud/StorageClientIT.java b/src/test/java/com/google/firebase/cloud/StorageClientIT.java
index 57fe58b82..4542e9735 100644
--- a/src/test/java/com/google/firebase/cloud/StorageClientIT.java
+++ b/src/test/java/com/google/firebase/cloud/StorageClientIT.java
@@ -23,6 +23,7 @@
 
 import com.google.cloud.storage.Blob;
 import com.google.cloud.storage.Bucket;
+import com.google.cloud.storage.StorageException;
 import com.google.common.io.CharStreams;
 import com.google.firebase.testing.IntegrationTestUtils;
 import java.io.IOException;
@@ -52,7 +53,7 @@ public void testCloudStorageNonExistingBucket() {
     try {
       storage.bucket("non-existing");
       fail("No error thrown for non-existing bucket");
-    } catch (IllegalArgumentException expected) {
+    } catch (IllegalArgumentException | StorageException expected) {
       // ignore
     }
   }

From c47d657da544a71376ce3189513d2fea627b1941 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Thu, 5 Dec 2024 12:21:10 -0500
Subject: [PATCH 297/354] [chore] Release 9.4.2 (#1042)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ac9236309..026f70b9d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.4.1</version>
+    <version>9.4.2</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From afea3c39b010e0424f1fe1e244ed7fe3eab9752b Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Fri, 20 Dec 2024 16:43:30 -0500
Subject: [PATCH 298/354] chore: Adding delayed response message for holidays
 (#1049)

* Adding delayed response message for holidays

* fix date
---
 .github/ISSUE_TEMPLATE/bug_report.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 36eea6edb..59ba833f5 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,6 +7,11 @@ assignees: ''
 
 ---
 
+---
+**Thank you for submitting your issue. We are operating at reduced capacity from Dec 23 2024 to Jan 6 2025. Please expect delayed responses. For more urgent requests please reach us via our support channels https://firebase.google.com/support**
+
+---
+
 ### [READ] Step 1: Are you in the right place?
 
   * For issues or feature requests related to __the code in this repository__

From d6d9b865650cec5457498a4b7ea620721fea8985 Mon Sep 17 00:00:00 2001
From: egilmorez <egilmore@google.com>
Date: Thu, 2 Jan 2025 08:52:09 -0800
Subject: [PATCH 299/354] Fix typo in FirebaseToken.java (#1051)

Fixing typo noted in b/181365473.
---
 src/main/java/com/google/firebase/auth/FirebaseToken.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/FirebaseToken.java b/src/main/java/com/google/firebase/auth/FirebaseToken.java
index 835fa41c9..6950bf16f 100644
--- a/src/main/java/com/google/firebase/auth/FirebaseToken.java
+++ b/src/main/java/com/google/firebase/auth/FirebaseToken.java
@@ -37,12 +37,12 @@ public final class FirebaseToken {
     this.claims = ImmutableMap.copyOf(claims);
   }
 
-  /** Returns the Uid for the this token. */
+  /** Returns the Uid for this token. */
   public String getUid() {
     return (String) claims.get("sub");
   }
 
-  /** Returns the tenant ID for the this token. */
+  /** Returns the tenant ID for this token. */
   public String getTenantId() {
     Map<String, Object> firebase = (Map<String, Object>) claims.get("firebase");
     if (firebase == null) {
@@ -51,7 +51,7 @@ public String getTenantId() {
     return (String) firebase.get("tenant");
   }
 
-  /** Returns the Issuer for the this token. */
+  /** Returns the Issuer for this token. */
   public String getIssuer() {
     return (String) claims.get("iss");
   }

From 71d324b229ebf6de4e0f45799b3c9a9751ab80d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Jan 2025 15:34:42 +0000
Subject: [PATCH 300/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.50.0 to 26.52.0 (#1050)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 026f70b9d..823cf3cb8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.50.0</version>
+                <version>26.52.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 338e8642d2796308fc109d0389d6db556397ec90 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Jan 2025 15:38:25 +0000
Subject: [PATCH 301/354] chore(deps): Bump
 org.apache.maven.plugins:maven-failsafe-plugin (#1047)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 823cf3cb8..68051551b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -337,7 +337,7 @@
             <!-- Verify Phase -->
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
-                <version>3.5.1</version>
+                <version>3.5.2</version>
                 <executions>
                     <execution>
                         <goals>

From 2c203e2b4f2276f7ebc02e2cedeeaa619fad16ff Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Mon, 6 Jan 2025 14:48:51 -0500
Subject: [PATCH 302/354] Revert "chore: Adding delayed response message for
 holidays (#1049)" (#1052)

This reverts commit afea3c39b010e0424f1fe1e244ed7fe3eab9752b.
---
 .github/ISSUE_TEMPLATE/bug_report.md | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 59ba833f5..36eea6edb 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,11 +7,6 @@ assignees: ''
 
 ---
 
----
-**Thank you for submitting your issue. We are operating at reduced capacity from Dec 23 2024 to Jan 6 2025. Please expect delayed responses. For more urgent requests please reach us via our support channels https://firebase.google.com/support**
-
----
-
 ### [READ] Step 1: Are you in the right place?
 
   * For issues or feature requests related to __the code in this repository__

From 6b73abaa1a311042a60937a19c66696f0ca4a7b2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Jan 2025 11:10:56 -0500
Subject: [PATCH 303/354] chore(deps): Bump
 org.apache.maven.plugins:maven-javadoc-plugin (#1054)

Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.11.1 to 3.11.2.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.11.1...maven-javadoc-plugin-3.11.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 68051551b..580cc8459 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.11.1</version>
+                        <version>3.11.2</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.11.1</version>
+                <version>3.11.2</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 4f4979dcccbf973b9821f9ec9d0414a6b5bcca37 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Jan 2025 18:19:31 +0000
Subject: [PATCH 304/354] chore(deps): Bump netty.version from 4.1.114.Final to
 4.1.116.Final (#1053)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 580cc8459..d265f63aa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.114.Final</netty.version>
+        <netty.version>4.1.116.Final</netty.version>
     </properties>
 
     <scm>

From fca419ed0c28f6777d455c5419f011fc54855689 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Thu, 9 Jan 2025 13:25:26 -0500
Subject: [PATCH 305/354] chore: Fix non-existing bucket test (#1056)

---
 src/test/java/com/google/firebase/cloud/StorageClientIT.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/test/java/com/google/firebase/cloud/StorageClientIT.java b/src/test/java/com/google/firebase/cloud/StorageClientIT.java
index 4542e9735..acbaa8e46 100644
--- a/src/test/java/com/google/firebase/cloud/StorageClientIT.java
+++ b/src/test/java/com/google/firebase/cloud/StorageClientIT.java
@@ -23,7 +23,6 @@
 
 import com.google.cloud.storage.Blob;
 import com.google.cloud.storage.Bucket;
-import com.google.cloud.storage.StorageException;
 import com.google.common.io.CharStreams;
 import com.google.firebase.testing.IntegrationTestUtils;
 import java.io.IOException;
@@ -51,9 +50,9 @@ public void testCloudStorageCustomBucket() {
   public void testCloudStorageNonExistingBucket() {
     StorageClient storage = StorageClient.getInstance(IntegrationTestUtils.ensureDefaultApp());
     try {
-      storage.bucket("non-existing");
+      storage.bucket("non.existing");
       fail("No error thrown for non-existing bucket");
-    } catch (IllegalArgumentException | StorageException expected) {
+    } catch (IllegalArgumentException expected) {
       // ignore
     }
   }

From d6c5112d29d6e01c48c9c5646ec4ac13ea9c6fb2 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Thu, 9 Jan 2025 16:12:06 -0500
Subject: [PATCH 306/354] [chore] Release 9.4.3 (#1057)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d265f63aa..b9ca166e4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.4.2</version>
+    <version>9.4.3</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 20e2b8bb6874d2cb03efecd6d4107499dc63b16c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 23 Jan 2025 12:37:58 -0500
Subject: [PATCH 307/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.52.0 to 26.53.0 (#1060)

Bumps [com.google.cloud:libraries-bom](https://github.com/googleapis/java-cloud-bom) from 26.52.0 to 26.53.0.
- [Release notes](https://github.com/googleapis/java-cloud-bom/releases)
- [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/release-please-config.json)
- [Commits](https://github.com/googleapis/java-cloud-bom/compare/v26.52.0...v26.53.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:libraries-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b9ca166e4..2842b4c7a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.52.0</version>
+                <version>26.53.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 7bc8c12270526a85b4a17783fd4aaef1cc711a8c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 23 Jan 2025 18:30:14 +0000
Subject: [PATCH 308/354] chore(deps): Bump
 com.google.api-client:google-api-client-bom (#1063)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2842b4c7a..96dfe66d8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -392,7 +392,7 @@
             <dependency>
                 <groupId>com.google.api-client</groupId>
                 <artifactId>google-api-client-bom</artifactId>
-                <version>2.7.0</version>
+                <version>2.7.2</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From af8eed95b3d49fc7b31d1462c86ecad924a2ffb7 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Thu, 23 Jan 2025 13:56:52 -0500
Subject: [PATCH 309/354] fix: `ApiClientUtils.getDefaultTransport()` should
 return a cached instance to an `ApacheHttp2Transport` (#1059)

* fix: `ApiClientUtils.getDefaultTransport()` should return cached instance to an `ApacheHttp2Transport`

* fix: lint

* reduce timeout time

* fix: use new transport to trigger writeTimeout
---
 .../firebase/internal/ApiClientUtils.java     |  6 +++++-
 .../internal/ApacheHttp2TransportIT.java      | 21 +++++++++++++++++++
 .../firebase/internal/ApiClientUtilsTest.java |  9 ++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/google/firebase/internal/ApiClientUtils.java b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
index 339726105..9d501fae3 100644
--- a/src/main/java/com/google/firebase/internal/ApiClientUtils.java
+++ b/src/main/java/com/google/firebase/internal/ApiClientUtils.java
@@ -88,6 +88,10 @@ public static JsonFactory getDefaultJsonFactory() {
   }
 
   public static HttpTransport getDefaultTransport() {
-    return new ApacheHttp2Transport();
+    return TransportInstanceHolder.INSTANCE;
+  }
+
+  private static class TransportInstanceHolder {
+    static final HttpTransport INSTANCE = new ApacheHttp2Transport();
   }
 }
diff --git a/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java b/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java
index 047e1de0b..0beb1b3b4 100644
--- a/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java
+++ b/src/test/java/com/google/firebase/internal/ApacheHttp2TransportIT.java
@@ -198,9 +198,12 @@ public void testReadTimeoutAuthorizedPost() throws FirebaseException {
 
   @Test(timeout = 10_000L)
   public void testWriteTimeoutAuthorizedGet() throws FirebaseException {
+    // Use a fresh transport so that writeTimeout triggers while waiting for the transport to
+    // be ready to receive data.
     app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(MOCK_CREDENTIALS)
         .setWriteTimeout(100)
+        .setHttpTransport(new ApacheHttp2Transport())
         .build(), "test-app");
     ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(true, app);
     HttpRequestInfo request = HttpRequestInfo.buildGetRequest(GET_URL);
@@ -217,9 +220,12 @@ public void testWriteTimeoutAuthorizedGet() throws FirebaseException {
 
   @Test(timeout = 10_000L)
   public void testWriteTimeoutAuthorizedPost() throws FirebaseException {
+    // Use a fresh transport so that writeTimeout triggers while waiting for the transport to
+    // be ready to receive data.
     app = FirebaseApp.initializeApp(FirebaseOptions.builder()
         .setCredentials(MOCK_CREDENTIALS)
         .setWriteTimeout(100)
+        .setHttpTransport(new ApacheHttp2Transport())
         .build(), "test-app");
     ErrorHandlingHttpClient<FirebaseException> httpClient = getHttpClient(true, app);
     HttpRequestInfo request = HttpRequestInfo.buildJsonPostRequest(POST_URL, payload);
@@ -292,6 +298,21 @@ public void testVerifyProxyIsRespected() {
     }
   }
 
+  @Test
+  public void testVerifyDefaultTransportReused() {
+    FirebaseOptions o1 = FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .build();
+    
+    FirebaseOptions o2 = FirebaseOptions.builder()
+        .setCredentials(MOCK_CREDENTIALS)
+        .build();
+
+    HttpTransport t1 = o1.getHttpTransport();
+    HttpTransport t2 = o2.getHttpTransport();
+    assertEquals(t1, t2);
+  }
+
   private static ErrorHandlingHttpClient<FirebaseException> getHttpClient(boolean authorized,
       FirebaseApp app) {
     HttpRequestFactory requestFactory;
diff --git a/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java b/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java
index f23c7a34d..e0e619f3c 100644
--- a/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java
+++ b/src/test/java/com/google/firebase/internal/ApiClientUtilsTest.java
@@ -25,6 +25,7 @@
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpResponse;
+import com.google.api.client.http.HttpTransport;
 import com.google.api.client.http.HttpUnsuccessfulResponseHandler;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
@@ -128,4 +129,12 @@ public void disconnect() throws IOException {
 
     assertTrue(lowLevelResponse.isDisconnected());
   }
+
+  @Test
+  public void testVerifyDefaultTransportReused() {
+    HttpTransport t1 = ApiClientUtils.getDefaultTransport();
+    HttpTransport t2 = ApiClientUtils.getDefaultTransport();
+    assertEquals(t1, t2);
+  }
+
 }

From dcd8b9ed276dbb7d02a5e3725c2ec7e0d258c3d9 Mon Sep 17 00:00:00 2001
From: Yani Kapitanov <yani.kapitanov@gmail.com>
Date: Tue, 28 Jan 2025 22:46:35 +0100
Subject: [PATCH 310/354] fix: use .equals() instead of == for strings (#1065)

---
 .../java/com/google/firebase/auth/AbstractFirebaseAuth.java  | 5 +++--
 src/main/java/com/google/firebase/auth/UserRecord.java       | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
index d1b4a513e..44fe9b7d2 100644
--- a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
+++ b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -600,9 +600,10 @@ private CallableOperation<UserRecord, FirebaseAuthException> getUserByProviderUi
     // Although we don't really advertise it, we want to also handle
     // non-federated idps with this call. So if we detect one of them, we'll
     // reroute this request appropriately.
-    if (providerId == "phone") {
+    if ("phone".equals(providerId)) {
       return this.getUserByPhoneNumberOp(uid);
-    } else if (providerId == "email") {
+    }
+    if ("email".equals(providerId)) {
       return this.getUserByEmailOp(uid);
     }
 
diff --git a/src/main/java/com/google/firebase/auth/UserRecord.java b/src/main/java/com/google/firebase/auth/UserRecord.java
index ac962c52d..33c5fbe74 100644
--- a/src/main/java/com/google/firebase/auth/UserRecord.java
+++ b/src/main/java/com/google/firebase/auth/UserRecord.java
@@ -487,7 +487,7 @@ public UpdateRequest setPhoneNumber(@Nullable String phone) {
           // *and* by setting providersToUnlink to include 'phone', then we'll reject that. Though
           // it might also be reasonable to relax this restriction and just unlink it.
           for (String dp : deleteProviderIterable) {
-            if (dp == "phone") {
+            if ("phone".equals(dp)) {
               throw new IllegalArgumentException(
                   "Both UpdateRequest.setPhoneNumber(null) and "
                   + "UpdateRequest.setProvidersToUnlink(['phone']) were set. To unlink from a "
@@ -601,7 +601,7 @@ public UpdateRequest setProvidersToUnlink(Iterable<String> providerIds) {
       for (String id : providerIds) {
         checkArgument(!Strings.isNullOrEmpty(id), "providerIds must not be null or empty");
 
-        if (id == "phone" && properties.containsKey("phoneNumber")
+        if ("phone".equals(id) && properties.containsKey("phoneNumber")
             && properties.get("phoneNumber") == null) {
           // If we've been told to unlink the phone provider both via setting phoneNumber to null
           // *and* by setting providersToUnlink to include 'phone', then we'll reject that. Though

From 7b360f2a01745186550c70bd830b50d7c6301dee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 31 Jan 2025 19:35:17 +0000
Subject: [PATCH 311/354] chore(deps): Bump netty.version from 4.1.116.Final to
 4.1.117.Final (#1067)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 96dfe66d8..6781d3c64 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.116.Final</netty.version>
+        <netty.version>4.1.117.Final</netty.version>
     </properties>
 
     <scm>

From c81173366c8491de64123ca848bd0d63ac062e08 Mon Sep 17 00:00:00 2001
From: Lawrence Qiu <lqiu96@gmail.com>
Date: Mon, 3 Feb 2025 09:53:54 -0500
Subject: [PATCH 312/354] chore: Rearrange firebase admin pom deps (#1066)

Co-authored-by: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
---
 pom.xml | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6781d3c64..ed3fa87ad 100644
--- a/pom.xml
+++ b/pom.xml
@@ -389,18 +389,15 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
-            <dependency>
-                <groupId>com.google.api-client</groupId>
-                <artifactId>google-api-client-bom</artifactId>
-                <version>2.7.2</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
         </dependencies>
     </dependencyManagement>
 
     <dependencies>
         <!-- Google Cloud Platform dependencies -->
+        <dependency>
+            <groupId>com.google.auth</groupId>
+            <artifactId>google-auth-library-oauth2-http</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.google.api-client</groupId>
             <artifactId>google-api-client</artifactId>
@@ -417,10 +414,6 @@
             <groupId>com.google.api</groupId>
             <artifactId>api-common</artifactId>
         </dependency>
-        <dependency>
-            <groupId>com.google.auth</groupId>
-            <artifactId>google-auth-library-oauth2-http</artifactId>
-        </dependency>
         <dependency>
             <groupId>com.google.cloud</groupId>
             <artifactId>google-cloud-storage</artifactId>

From 6e505832d0fed0288440b8ad657bd568fd36247f Mon Sep 17 00:00:00 2001
From: vitvvv1 <36170346+vitvvv1@users.noreply.github.com>
Date: Fri, 21 Mar 2025 16:08:37 +0200
Subject: [PATCH 313/354] feat(fcm): Support `proxy` field in FCM
 `AndroidNotification` (#1084)

* add 'proxy' to AndroidNotification

* fix: removed PROXY_UNSPECIFIED from AndroidNotification.Proxy

* Update src/main/java/com/google/firebase/messaging/AndroidNotification.java

fix comment AndroidNotification.setProxy

Co-authored-by: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>

---------

Co-authored-by: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
---
 .../messaging/AndroidNotification.java        | 29 ++++++++++++++++++-
 .../firebase/messaging/MessageTest.java       |  2 ++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/google/firebase/messaging/AndroidNotification.java b/src/main/java/com/google/firebase/messaging/AndroidNotification.java
index 05e680910..b509a9843 100644
--- a/src/main/java/com/google/firebase/messaging/AndroidNotification.java
+++ b/src/main/java/com/google/firebase/messaging/AndroidNotification.java
@@ -112,6 +112,9 @@ public class AndroidNotification {
   @Key("notification_count")
   private final Integer notificationCount;
 
+  @Key("proxy")
+  private final String proxy;
+
   private static final Map<Priority, String> PRIORITY_MAP = 
       ImmutableMap.<Priority, String>builder()
           .put(Priority.MIN, "PRIORITY_MIN")
@@ -179,6 +182,11 @@ private AndroidNotification(Builder builder) {
       checkArgument(builder.notificationCount >= 0, 
           "notificationCount if specified must be zero or positive valued");
     }
+    if (builder.proxy != null) {
+      this.proxy = builder.proxy.name();
+    } else {
+      this.proxy = null;
+    }
     this.notificationCount = builder.notificationCount;
   }
 
@@ -194,13 +202,19 @@ public String toString() {
       return PRIORITY_MAP.get(this);
     }
   }
-  
+
   public enum Visibility {
     PRIVATE,
     PUBLIC,
     SECRET,
   }
 
+  public enum Proxy {
+    ALLOW,
+    DENY,
+    IF_PRIORITY_LOWERED
+  }
+
   /**
    * Creates a new {@link AndroidNotification.Builder}.
    *
@@ -237,6 +251,7 @@ public static class Builder {
     private LightSettings lightSettings;
     private Boolean defaultLightSettings;
     private Visibility visibility;
+    private Proxy proxy;
 
     private Builder() {}
 
@@ -602,6 +617,18 @@ public Builder setNotificationCount(int notificationCount) {
       return this;
     }
 
+    /**
+     * Sets the proxy of this notification.
+     *
+     * @param proxy The proxy value, one of the values in {ALLOW, DENY, IF_PRIORITY_LOWERED}
+     *
+     * @return This builder.
+     */
+    public Builder setProxy(Proxy proxy) {
+      this.proxy = proxy;
+      return this;
+    }
+
     /**
      * Creates a new {@link AndroidNotification} instance from the parameters set on this builder.
      *
diff --git a/src/test/java/com/google/firebase/messaging/MessageTest.java b/src/test/java/com/google/firebase/messaging/MessageTest.java
index 992644b35..cea440cca 100644
--- a/src/test/java/com/google/firebase/messaging/MessageTest.java
+++ b/src/test/java/com/google/firebase/messaging/MessageTest.java
@@ -890,6 +890,7 @@ public void testExtendedAndroidNotificationParameters() throws IOException {
                 .setDefaultLightSettings(false)
                 .setVisibility(AndroidNotification.Visibility.PUBLIC)
                 .setNotificationCount(10)
+                .setProxy(AndroidNotification.Proxy.DENY)
                 .build())
             .build())
         .setTopic("test-topic")
@@ -923,6 +924,7 @@ public void testExtendedAndroidNotificationParameters() throws IOException {
             .put("default_light_settings", false)
             .put("visibility", "public")
             .put("notification_count", new BigDecimal(10))
+            .put("proxy", "DENY")
             .build())
         .build();
     assertJsonEquals(ImmutableMap.of(

From ca953d82a950c1113e2e312f79e132f4d0daedc0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Apr 2025 14:51:53 +0000
Subject: [PATCH 314/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.53.0 to 26.59.0 (#1087)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ed3fa87ad..0ae84529c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.53.0</version>
+                <version>26.59.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 1cf554545b6071e6e773b75398e32f4bf9700bd9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Apr 2025 14:54:48 +0000
Subject: [PATCH 315/354] chore(deps): Bump
 org.apache.maven.plugins:maven-compiler-plugin (#1079)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0ae84529c..4235f2462 100644
--- a/pom.xml
+++ b/pom.xml
@@ -270,7 +270,7 @@
             <!-- Compile Phase -->
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.13.0</version>
+                <version>3.14.0</version>
                 <configuration>
                     <source>1.8</source>
                     <target>1.8</target>

From 9ac395de94be9a03611e23cacd391d4b592667cc Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Tue, 22 Apr 2025 14:42:53 -0400
Subject: [PATCH 316/354] chore: Updated release GHA to have write permissions
 (#1088)

---
 .github/workflows/release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ca1f042c4..d6f744c69 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -78,6 +78,8 @@ jobs:
       startsWith(github.event.pull_request.title, '[chore] Release ')
 
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
 
     steps:
     - name: Checkout source for publish

From e64da06a7e55a08476a6aba8e191f0481e954c0b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 May 2025 21:57:37 +0000
Subject: [PATCH 317/354] chore(deps): Bump netty.version from 4.1.117.Final to
 4.1.118.Final (#1074)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4235f2462..81cce5d31 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.1.117.Final</netty.version>
+        <netty.version>4.2.0.Final</netty.version>
     </properties>
 
     <scm>

From f784855176d278f29b1d2e78a421c016bb07f994 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 May 2025 22:00:08 +0000
Subject: [PATCH 318/354] chore(deps): Bump
 org.apache.maven.plugins:maven-failsafe-plugin (#1090)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 81cce5d31..67eb4119c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -337,7 +337,7 @@
             <!-- Verify Phase -->
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
-                <version>3.5.2</version>
+                <version>3.5.3</version>
                 <executions>
                     <execution>
                         <goals>

From ac4a8ad337c37cc0b15f3d1154607681f6e4d9e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 May 2025 22:08:04 +0000
Subject: [PATCH 319/354] chore(deps): Bump org.slf4j:slf4j-api from 2.0.16 to
 2.0.17 (#1089)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 67eb4119c..c2290b86c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -431,7 +431,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.16</version>
+            <version>2.0.17</version>
         </dependency>
         <dependency>
             <groupId>io.netty</groupId>

From c6970a5312e54e1df29efaec537b0572bdbaaff3 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 28 May 2025 16:26:57 -0400
Subject: [PATCH 320/354] feat(fcm): Add `liveActivityToken` to `ApnsConfig`
 (#1094)

* feat: Add liveActivityToken to ApnsConfig

Adds a new `liveActivityToken` field to the `ApnsConfig` class, allowing you to specify a Live Activity token for APNS messages.

The changes include:
- Addition of the `liveActivityToken` field in `ApnsConfig.java` and its associated builder.
- Updates to unit tests in `MessageTest.java` to verify the correct serialization of the new field and to include it in existing test cases. A new test method `testApnsMessageWithOnlyLiveActivityToken` was added for specific testing.
- Update to the integration test in `FirebaseMessagingIT.java` to include the `liveActivityToken` in a test message.

An unrelated fix was also included in `MessageTest.java` to correctly use `new BigDecimal(long)` instead of `BigDecimal.valueOf(long)` for `notification_count`.

* fix: Correct ApnsConfig liveActivityToken JSON key

Corrects the `@Key` annotation for the `liveActivityToken` field in `ApnsConfig.java` from "live-activity-token" to "live_activity_token" to follow snake_case convention for JSON mapping.

Unit tests in `MessageTest.java` have been updated to reflect this change in the expected JSON output.

* remove unrelated changes

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
---
 .../google/firebase/messaging/ApnsConfig.java | 16 +++++++
 .../messaging/FirebaseMessagingIT.java        |  1 +
 .../firebase/messaging/MessageTest.java       | 46 +++++++++++++++++--
 3 files changed, 58 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/google/firebase/messaging/ApnsConfig.java b/src/main/java/com/google/firebase/messaging/ApnsConfig.java
index 0e5de8619..39092ac17 100644
--- a/src/main/java/com/google/firebase/messaging/ApnsConfig.java
+++ b/src/main/java/com/google/firebase/messaging/ApnsConfig.java
@@ -41,6 +41,9 @@ public class ApnsConfig {
   @Key("fcm_options")
   private final ApnsFcmOptions fcmOptions;
 
+  @Key("live_activity_token")
+  private final String liveActivityToken;
+
   private ApnsConfig(Builder builder) {
     checkArgument(builder.aps != null, "aps must be specified");
     checkArgument(!builder.customData.containsKey("aps"),
@@ -51,6 +54,7 @@ private ApnsConfig(Builder builder) {
         .put("aps", builder.aps.getFields())
         .build();
     this.fcmOptions = builder.fcmOptions;
+    this.liveActivityToken = builder.liveActivityToken;
   }
 
   /**
@@ -68,6 +72,7 @@ public static class Builder {
     private final Map<String, Object> customData = new HashMap<>();
     private Aps aps;
     private ApnsFcmOptions fcmOptions;
+    private String liveActivityToken;
 
     private Builder() {}
 
@@ -137,6 +142,17 @@ public Builder setFcmOptions(ApnsFcmOptions apnsFcmOptions) {
       return this;
     }
 
+    /**
+     * Sets the Live Activity token.
+     *
+     * @param liveActivityToken Live Activity token.
+     * @return This builder.
+     */
+    public Builder setLiveActivityToken(String liveActivityToken) {
+      this.liveActivityToken = liveActivityToken;
+      return this;
+    }
+
     /**
      * Creates a new {@link ApnsConfig} instance from the parameters set on this builder.
      *
diff --git a/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java b/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
index d9375781c..91bfc5b9b 100644
--- a/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
+++ b/src/test/java/com/google/firebase/messaging/FirebaseMessagingIT.java
@@ -63,6 +63,7 @@ public void testSend() throws Exception {
                     .setBody("Body")
                     .build())
                 .build())
+            .setLiveActivityToken("integration-test-live-activity-token")
             .build())
         .setWebpushConfig(WebpushConfig.builder()
             .putHeader("X-Custom-Val", "Foo")
diff --git a/src/test/java/com/google/firebase/messaging/MessageTest.java b/src/test/java/com/google/firebase/messaging/MessageTest.java
index cea440cca..4ac1782ba 100644
--- a/src/test/java/com/google/firebase/messaging/MessageTest.java
+++ b/src/test/java/com/google/firebase/messaging/MessageTest.java
@@ -411,6 +411,7 @@ public void testApnsMessageWithPayload() throws IOException {
             .putCustomData("cd1", "cd-v1")
             .putAllCustomData(ImmutableMap.<String, Object>of("cd2", "cd-v2", "cd3", true))
             .setAps(Aps.builder().build())
+            .setLiveActivityToken("test-live-activity-token")
             .build())
         .setTopic("test-topic")
         .build();
@@ -421,10 +422,11 @@ public void testApnsMessageWithPayload() throws IOException {
         .put("cd3", true)
         .put("aps", ImmutableMap.of())
         .build();
-    Map<String, Object> data = ImmutableMap.<String, Object>of(
-        "headers", ImmutableMap.of("k1", "v1", "k2", "v2", "k3", "v3"),
-        "payload", payload
-    );
+    Map<String, Object> data = ImmutableMap.<String, Object>builder()
+        .put("headers", ImmutableMap.of("k1", "v1", "k2", "v2", "k3", "v3"))
+        .put("payload", payload)
+        .put("live_activity_token", "test-live-activity-token")
+        .build();
     assertJsonEquals(ImmutableMap.of("topic", "test-topic", "apns", data), message);
   }
 
@@ -442,6 +444,7 @@ public void testApnsMessageWithPayloadAndAps() throws IOException {
                 .setSound("test-sound")
                 .setThreadId("test-thread-id")
                 .build())
+            .setLiveActivityToken("test-live-activity-token-aps")
             .build())
         .setTopic("test-topic")
         .build();
@@ -459,7 +462,10 @@ public void testApnsMessageWithPayloadAndAps() throws IOException {
     assertJsonEquals(
         ImmutableMap.of(
             "topic", "test-topic",
-            "apns", ImmutableMap.<String, Object>of("payload", payload)),
+            "apns", ImmutableMap.<String, Object>builder()
+                .put("payload", payload)
+                .put("live_activity_token", "test-live-activity-token-aps")
+                .build()),
         message);
 
     message = Message.builder()
@@ -825,6 +831,7 @@ public void testImageInApnsNotification() throws IOException {
         .setApnsConfig(
             ApnsConfig.builder().setAps(Aps.builder().build())
                 .setFcmOptions(ApnsFcmOptions.builder().setImage(TEST_IMAGE_URL_APNS).build())
+                .setLiveActivityToken("test-live-activity-token-image")
                 .build()).build();
 
     ImmutableMap<String, Object> notification =
@@ -837,6 +844,7 @@ public void testImageInApnsNotification() throws IOException {
         ImmutableMap.<String, Object>builder()
             .put("fcm_options", ImmutableMap.of("image", TEST_IMAGE_URL_APNS))
             .put("payload", ImmutableMap.of("aps", ImmutableMap.of()))
+            .put("live_activity_token", "test-live-activity-token-image")
             .build();
     ImmutableMap<String, Object> expected =
         ImmutableMap.<String, Object>builder()
@@ -847,6 +855,34 @@ public void testImageInApnsNotification() throws IOException {
     assertJsonEquals(expected, message);
   }
 
+  @Test
+  public void testApnsMessageWithOnlyLiveActivityToken() throws IOException {
+    Message message = Message.builder()
+        .setApnsConfig(ApnsConfig.builder()
+            .setAps(Aps.builder().build())
+            .setLiveActivityToken("only-live-activity")
+            .build())
+        .setTopic("test-topic")
+        .build();
+    Map<String, Object> expectedApns = ImmutableMap.<String, Object>builder()
+        .put("live_activity_token", "only-live-activity")
+        .put("payload", ImmutableMap.of("aps", ImmutableMap.of()))
+        .build();
+    assertJsonEquals(ImmutableMap.of("topic", "test-topic", "apns", expectedApns), message);
+
+    // Test without live activity token
+    message = Message.builder()
+        .setApnsConfig(ApnsConfig.builder()
+            .setAps(Aps.builder().build())
+            .build())
+        .setTopic("test-topic")
+        .build();
+    expectedApns = ImmutableMap.<String, Object>builder()
+        .put("payload", ImmutableMap.of("aps", ImmutableMap.of()))
+        .build();
+    assertJsonEquals(ImmutableMap.of("topic", "test-topic", "apns", expectedApns), message);
+  }
+
   @Test
   public void testInvalidColorInAndroidNotificationLightSettings() {
     try {

From 4f4476cf06c12bcbe1d831750c060e242d0dcef3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 May 2025 20:57:28 +0000
Subject: [PATCH 321/354] chore(deps): Bump org.jacoco:jacoco-maven-plugin from
 0.8.12 to 0.8.13 (#1096)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c2290b86c..b12609f6a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -189,7 +189,7 @@
                     <plugin>
                         <groupId>org.jacoco</groupId>
                         <artifactId>jacoco-maven-plugin</artifactId>
-                        <version>0.8.12</version>
+                        <version>0.8.13</version>
                         <executions>
                             <execution>
                                 <id>pre-unit-test</id>

From 817dba21bef7834efce7024dbd2234531345c0a2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 May 2025 21:01:42 +0000
Subject: [PATCH 322/354] chore(deps): Bump netty.version from 4.2.0.Final to
 4.2.1.Final (#1097)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b12609f6a..0310de19c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.2.0.Final</netty.version>
+        <netty.version>4.2.1.Final</netty.version>
     </properties>
 
     <scm>

From 4f73761203316c3d84b9993aebb960c784f561bb Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Thu, 29 May 2025 13:20:46 -0400
Subject: [PATCH 323/354] [chore] Release 9.5.0 (#1099)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0310de19c..96c5ec223 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.4.3</version>
+    <version>9.5.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From ac183c020a2fdbe253bea528aa685bfffde01f84 Mon Sep 17 00:00:00 2001
From: joefspiro <97258781+joefspiro@users.noreply.github.com>
Date: Fri, 13 Jun 2025 16:39:15 -0400
Subject: [PATCH 324/354] Adds sendEach based snippets for FCM. (#1104)

* Adds sendEach based snippets for FCM.

* Corrects getting the messaging instance.
---
 .../snippets/FirebaseMessagingSnippets.java   | 60 +++++++++++++++++++
 1 file changed, 60 insertions(+)

diff --git a/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java
index 4a4a25472..b17a5d58a 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseMessagingSnippets.java
@@ -149,6 +149,36 @@ public void sendAll() throws FirebaseMessagingException {
     // [END send_all]
   }
 
+  public void sendEach() throws FirebaseMessagingException {
+    String registrationToken = "YOUR_REGISTRATION_TOKEN";
+
+    // [START send_each]
+    // Create a list containing up to 500 messages.
+    List<Message> messages = Arrays.asList(
+        Message.builder()
+            .setNotification(Notification.builder()
+                .setTitle("Price drop")
+                .setBody("5% off all electronics")
+                .build())
+            .setToken(registrationToken)
+            .build(),
+        // ...
+        Message.builder()
+            .setNotification(Notification.builder()
+                .setTitle("Price drop")
+                .setBody("2% off all books")
+                .build())
+            .setTopic("readers-club")
+            .build()
+    );
+
+    BatchResponse response = FirebaseMessaging.getInstance().sendEach(messages);
+    // See the BatchResponse reference documentation
+    // for the contents of response.
+    System.out.println(response.getSuccessCount() + " messages were sent successfully");
+    // [END send_each]
+  }
+
   public void sendMulticast() throws FirebaseMessagingException {
     // [START send_multicast]
     // Create a list containing up to 500 registration tokens.
@@ -201,6 +231,36 @@ public void sendMulticastAndHandleErrors() throws FirebaseMessagingException {
     // [END send_multicast_error]
   }
 
+  public void sendEachForMulticastAndHandleErrors() throws FirebaseMessagingException {
+    // [START send_each_for_multicast_error]
+    // These registration tokens come from the client FCM SDKs.
+    List<String> registrationTokens = Arrays.asList(
+        "YOUR_REGISTRATION_TOKEN_1",
+        // ...
+        "YOUR_REGISTRATION_TOKEN_n"
+    );
+
+    MulticastMessage message = MulticastMessage.builder()
+        .putData("score", "850")
+        .putData("time", "2:45")
+        .addAllTokens(registrationTokens)
+        .build();
+    BatchResponse response = FirebaseMessaging.getInstance().sendEachForMulticast(message);
+    if (response.getFailureCount() > 0) {
+      List<SendResponse> responses = response.getResponses();
+      List<String> failedTokens = new ArrayList<>();
+      for (int i = 0; i < responses.size(); i++) {
+        if (!responses.get(i).isSuccessful()) {
+          // The order of responses corresponds to the order of the registration tokens.
+          failedTokens.add(registrationTokens.get(i));
+        }
+      }
+
+      System.out.println("List of tokens that caused failures: " + failedTokens);
+    }
+    // [END send_each_for_multicast_error]
+  }
+
   public Message androidMessage() {
     // [START android_message]
     Message message = Message.builder()

From 82b09a6bfd6d8f27c1991f31623f398439f311c9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Jun 2025 20:34:41 +0000
Subject: [PATCH 325/354] chore(deps): Bump
 org.apache.maven.plugins:maven-project-info-reports-plugin (#1102)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 96c5ec223..15bf121ba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -367,7 +367,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-project-info-reports-plugin</artifactId>
-                <version>3.8.0</version>
+                <version>3.9.0</version>
                 <reportSets>
                     <reportSet>
                         <configuration>

From 316082b9f3ccf5b97a053a581e79ca8f911c3e96 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Jun 2025 16:37:19 -0400
Subject: [PATCH 326/354] chore(deps): Bump
 org.apache.maven.plugins:maven-surefire-plugin (#1101)

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.2...surefire-3.5.3)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 15bf121ba..cec632146 100644
--- a/pom.xml
+++ b/pom.xml
@@ -280,7 +280,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.5.2</version>
+                <version>3.5.3</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From 4aba7f5be04ca54418caa9393621989ee585d549 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Jun 2025 14:05:59 +0000
Subject: [PATCH 327/354] chore(deps): Bump netty.version from 4.2.1.Final to
 4.2.2.Final (#1105)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index cec632146..f2ae9d1b4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.2.1.Final</netty.version>
+        <netty.version>4.2.2.Final</netty.version>
     </properties>
 
     <scm>

From 7611f56e8ff06b3f0871f551f6973916bccc0404 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Jun 2025 14:11:26 +0000
Subject: [PATCH 328/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.59.0 to 26.62.0 (#1106)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f2ae9d1b4..60b450481 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.59.0</version>
+                <version>26.62.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 46117439d7b81beb8bc1b61b6bb4d0068affe356 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Jul 2025 13:57:19 +0000
Subject: [PATCH 329/354] chore(deps): Bump org.codehaus.mojo:exec-maven-plugin
 (#1109)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 60b450481..8b1cef4b3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -215,7 +215,7 @@
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>exec-maven-plugin</artifactId>
-                        <version>3.5.0</version>
+                        <version>3.5.1</version>
                         <executions>
                             <execution>
                                 <phase>test</phase>

From 6b105cc065f2b0a8b863082900a14648f2921543 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Tue, 8 Jul 2025 12:48:51 -0400
Subject: [PATCH 330/354] chore: Update tests for getting and deleting provider
 uid via phone number and email. (#1068)

---
 .../firebase/auth/FirebaseUserManagerTest.java     | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
index c8c733ce4..9369eae8d 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java
@@ -402,9 +402,11 @@ public void testGetUserByProviderUidWithPhone() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForUserManagement(
         TestUtils.loadResource("getUser.json"));
     UserRecord userRecord = FirebaseAuth.getInstance()
-        .getUserByProviderUidAsync("phone", "+1234567890").get();
+        .getUserByProviderUidAsync(new String("phone"), "+1234567890").get();
     checkUserRecord(userRecord);
     checkRequestHeaders(interceptor);
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals(ImmutableList.of("+1234567890"), parsed.get("phoneNumber"));
   }
 
   @Test
@@ -412,9 +414,11 @@ public void testGetUserByProviderUidWithEmail() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForUserManagement(
         TestUtils.loadResource("getUser.json"));
     UserRecord userRecord = FirebaseAuth.getInstance()
-        .getUserByProviderUidAsync("email", "testuser@example.com").get();
+        .getUserByProviderUidAsync(new String("email"), "testuser@example.com").get();
     checkUserRecord(userRecord);
     checkRequestHeaders(interceptor);
+    GenericJson parsed = parseRequestContent(interceptor);
+    assertEquals(ImmutableList.of("testuser@example.com"), parsed.get("email"));
   }
 
   @Test
@@ -1248,11 +1252,12 @@ public void testDeleteProviderAndPhone() {
 
   @Test
   public void testDoubleDeletePhoneProvider() throws Exception {
+    String providerId = new String("phone");
     UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("uid")
         .setPhoneNumber(null);
 
     try {
-      update.setProvidersToUnlink(ImmutableList.of("phone"));
+      update.setProvidersToUnlink(ImmutableList.of(providerId));
       fail("No error thrown for double delete phone provider");
     } catch (IllegalArgumentException expected) {
     }
@@ -1260,8 +1265,9 @@ public void testDoubleDeletePhoneProvider() throws Exception {
 
   @Test
   public void testDoubleDeletePhoneProviderReverseOrder() throws Exception {
+    String providerId = new String("phone");
     UserRecord.UpdateRequest update = new UserRecord.UpdateRequest("uid")
-        .setProvidersToUnlink(ImmutableList.of("phone"));
+        .setProvidersToUnlink(ImmutableList.of(providerId));
 
     try {
       update.setPhoneNumber(null);

From 813585c970b27f9af718ee00b0e8a918a04459d2 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Wed, 9 Jul 2025 11:14:54 -0400
Subject: [PATCH 331/354] chore: fixed broken google cloud doc reference links
 (#1112)

---
 .../com/google/firebase/cloud/FirestoreClient.java     | 10 +++++-----
 .../java/com/google/firebase/cloud/StorageClient.java  |  4 ++--
 .../firebase/snippets/FirebaseStorageSnippets.java     |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/main/java/com/google/firebase/cloud/FirestoreClient.java b/src/main/java/com/google/firebase/cloud/FirestoreClient.java
index e55d5c7e9..682c39f07 100644
--- a/src/main/java/com/google/firebase/cloud/FirestoreClient.java
+++ b/src/main/java/com/google/firebase/cloud/FirestoreClient.java
@@ -19,7 +19,7 @@
 
 /**
  * {@code FirestoreClient} provides access to Google Cloud Firestore. Use this API to obtain a
- * <a href="https://googlecloudplatform.github.io/google-cloud-java/google-cloud-clients/apidocs/com/google/cloud/firestore/Firestore.html">{@code Firestore}</a>
+ * <a href="https://cloud.google.com/java/docs/reference/google-cloud-firestore/latest/com.google.cloud.firestore.Firestore">{@code Firestore}</a>
  * instance, which provides methods for updating and querying data in Firestore.
  *
  * <p>A Google Cloud project ID is required to access Firestore. FirestoreClient determines the
@@ -60,7 +60,7 @@ private FirestoreClient(FirebaseApp app, String databaseId) {
    * same instance for all invocations. The Firestore instance and all references obtained from it
    * becomes unusable, once the default app is deleted.
    *
-   * @return A non-null <a href="https://googlecloudplatform.github.io/google-cloud-java/google-cloud-clients/apidocs/com/google/cloud/firestore/Firestore.html">{@code Firestore}</a>
+   * @return A non-null <a href="https://cloud.google.com/java/docs/reference/google-cloud-firestore/latest/com.google.cloud.firestore.Firestore">{@code Firestore}</a>
    *     instance.
    */
   @NonNull
@@ -74,7 +74,7 @@ public static Firestore getFirestore() {
    * obtained from it becomes unusable, once the specified app is deleted.
    *
    * @param app A non-null {@link FirebaseApp}.
-   * @return A non-null <a href="https://googlecloudplatform.github.io/google-cloud-java/google-cloud-clients/apidocs/com/google/cloud/firestore/Firestore.html">{@code Firestore}</a>
+   * @return A non-null <a href="https://cloud.google.com/java/docs/reference/google-cloud-firestore/latest/com.google.cloud.firestore.Firestore">{@code Firestore}</a>
    *     instance.
    */
   @NonNull
@@ -90,7 +90,7 @@ public static Firestore getFirestore(FirebaseApp app) {
    *
    * @param app      A non-null {@link FirebaseApp}.
    * @param database - The name of database.
-   * @return A non-null <a href="https://googlecloudplatform.github.io/google-cloud-java/google-cloud-clients/apidocs/com/google/cloud/firestore/Firestore.html">{@code Firestore}</a>
+   * @return A non-null <a href="https://cloud.google.com/java/docs/reference/google-cloud-firestore/latest/com.google.cloud.firestore.Firestore">{@code Firestore}</a>
    *     instance.
    */
   @NonNull
@@ -104,7 +104,7 @@ public static Firestore getFirestore(FirebaseApp app, String database) {
    * references obtained from it becomes unusable, once the default app is deleted.
    *
    * @param database - The name of database.
-   * @return A non-null <a href="https://googlecloudplatform.github.io/google-cloud-java/google-cloud-clients/apidocs/com/google/cloud/firestore/Firestore.html">{@code Firestore}</a>
+   * @return A non-null <a href="https://cloud.google.com/java/docs/reference/google-cloud-firestore/latest/com.google.cloud.firestore.Firestore">{@code Firestore}</a>
    *     instance.
    */
   @NonNull
diff --git a/src/main/java/com/google/firebase/cloud/StorageClient.java b/src/main/java/com/google/firebase/cloud/StorageClient.java
index 955abd7e2..172279990 100644
--- a/src/main/java/com/google/firebase/cloud/StorageClient.java
+++ b/src/main/java/com/google/firebase/cloud/StorageClient.java
@@ -71,7 +71,7 @@ public static synchronized StorageClient getInstance(FirebaseApp app) {
    * configured via {@link com.google.firebase.FirebaseOptions} when initializing the app. If
    * no bucket was configured via options, this method throws an exception.
    *
-   * @return a cloud storage <a href="https://googlecloudplatform.github.io/google-cloud-java/google-cloud-clients/apidocs/com/google/cloud/storage/Bucket.html">{@code Bucket}</a>
+   * @return a cloud storage <a href="https://cloud.google.com/java/docs/reference/google-cloud-storage/latest/com.google.cloud.storage.Bucket">{@code Bucket}</a>
    *     instance.
    * @throws IllegalArgumentException If no bucket is configured via <code>FirebaseOptions</code>,
    *     or if the bucket does not exist.
@@ -84,7 +84,7 @@ public Bucket bucket() {
    * Returns a cloud storage Bucket instance for the specified bucket name.
    *
    * @param name a non-null, non-empty bucket name.
-   * @return a cloud storage <a href="https://googlecloudplatform.github.io/google-cloud-java/latest/google-cloud-clients/com/google/cloud/storage/Bucket.html">{@code Bucket}</a>
+   * @return a cloud storage <a href="https://cloud.google.com/java/docs/reference/google-cloud-storage/latest/com.google.cloud.storage.Bucket">{@code Bucket}</a>
    *     instance.
    * @throws IllegalArgumentException If the bucket name is null, empty, or if the specified
    *     bucket does not exist.
diff --git a/src/test/java/com/google/firebase/snippets/FirebaseStorageSnippets.java b/src/test/java/com/google/firebase/snippets/FirebaseStorageSnippets.java
index 706cc1b16..0c41dbd6a 100644
--- a/src/test/java/com/google/firebase/snippets/FirebaseStorageSnippets.java
+++ b/src/test/java/com/google/firebase/snippets/FirebaseStorageSnippets.java
@@ -42,7 +42,7 @@ public void initializeAppForStorage() throws IOException {
     Bucket bucket = StorageClient.getInstance().bucket();
 
     // 'bucket' is an object defined in the google-cloud-storage Java library.
-    // See http://googlecloudplatform.github.io/google-cloud-java/latest/apidocs/com/google/cloud/storage/Bucket.html
+    // See https://cloud.google.com/java/docs/reference/google-cloud-storage/latest/com.google.cloud.storage.Bucket
     // for more details.
     // [END init_admin_sdk_for_storage]
     System.out.println("Retrieved bucket: " + bucket.getName());

From df5cd667809e3eb33bdfb5a356c33adb7d93cd3b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Jul 2025 16:34:48 +0000
Subject: [PATCH 332/354] chore(deps): Bump
 org.apache.maven.plugins:maven-gpg-plugin (#1111)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8b1cef4b3..fac974972 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
                 <plugins>
                     <plugin>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.2.7</version>
+                        <version>3.2.8</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>

From 51258b524a7097cd183497e634e0cbfd20ee52f4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Jul 2025 16:41:55 +0000
Subject: [PATCH 333/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.62.0 to 26.63.0 (#1110)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index fac974972..d04209790 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.62.0</version>
+                <version>26.63.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 91c1400aa24995e61d22357cc26aebd0d48594e3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Aug 2025 20:25:57 +0000
Subject: [PATCH 334/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.63.0 to 26.65.0 (#1116)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d04209790..3861679f7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.63.0</version>
+                <version>26.65.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 212ecea4bcccf4f6a9df42d21f70f66ebefe809b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Aug 2025 20:29:22 +0000
Subject: [PATCH 335/354] chore(deps): Bump netty.version from 4.2.2.Final to
 4.2.3.Final (#1113)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3861679f7..8729a2b34 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.2.2.Final</netty.version>
+        <netty.version>4.2.3.Final</netty.version>
     </properties>
 
     <scm>

From e406aca8560f8509e3021075a66b34ac5167a667 Mon Sep 17 00:00:00 2001
From: Liubin Jiang <56564857+Xiaoshouzi-gh@users.noreply.github.com>
Date: Tue, 2 Sep 2025 08:05:15 -0700
Subject: [PATCH 336/354] feat(auth): Firebase Auth add link domain to
 actionCodeSetting (#1115)

* add link domain to actionCodeSetting

* fix: Correct deprecation tag

* fix(auth): Fix doc string and use correct error message

---------

Co-authored-by: jonathanedey <jedey@google.com>
Co-authored-by: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
---
 .../firebase/auth/ActionCodeSettings.java     | 20 +++++++++++++++++++
 .../google/firebase/auth/AuthErrorCode.java   |  5 +++++
 .../auth/internal/AuthErrorHandler.java       |  7 +++++++
 .../firebase/auth/ActionCodeSettingsTest.java |  2 ++
 4 files changed, 34 insertions(+)

diff --git a/src/main/java/com/google/firebase/auth/ActionCodeSettings.java b/src/main/java/com/google/firebase/auth/ActionCodeSettings.java
index 0b102b7a3..8ffccd542 100644
--- a/src/main/java/com/google/firebase/auth/ActionCodeSettings.java
+++ b/src/main/java/com/google/firebase/auth/ActionCodeSettings.java
@@ -51,6 +51,9 @@ private ActionCodeSettings(Builder builder) {
     if (!Strings.isNullOrEmpty(builder.dynamicLinkDomain)) {
       properties.put("dynamicLinkDomain", builder.dynamicLinkDomain);
     }
+    if (!Strings.isNullOrEmpty(builder.linkDomain)) {
+      properties.put("linkDomain", builder.linkDomain);
+    }
     if (!Strings.isNullOrEmpty(builder.iosBundleId)) {
       properties.put("iOSBundleId", builder.iosBundleId);
     }
@@ -84,6 +87,7 @@ public static final class Builder {
     private String url;
     private boolean handleCodeInApp;
     private String dynamicLinkDomain;
+    private String linkDomain;
     private String iosBundleId;
     private String androidPackageName;
     private String androidMinimumVersion;
@@ -135,12 +139,28 @@ public Builder setHandleCodeInApp(boolean handleCodeInApp) {
      *
      * @param dynamicLinkDomain Firebase Dynamic Link domain string.
      * @return This builder.
+     * @deprecated Use {@link #setLinkDomain(String)} instead.
      */
+    @Deprecated
     public Builder setDynamicLinkDomain(String dynamicLinkDomain) {
       this.dynamicLinkDomain = dynamicLinkDomain;
       return this;
     }
 
+    /**
+     * Sets the link domain to use for the current link if it is to be opened using
+     * {@code handleCodeInApp}, as multiple link domains can be configured per project. This
+     * setting provides the ability to explicitly choose one. If none is provided, the default
+     * Firebase Hosting domain will be used.
+     *
+     * @param linkDomain Link domain string.
+     * @return This builder.
+     */
+    public Builder setLinkDomain(String linkDomain) {
+      this.linkDomain = linkDomain;
+      return this;
+    }
+
     /**
      * Sets the bundle ID of the iOS app where the link should be handled if the
      * application is already installed on the device.
diff --git a/src/main/java/com/google/firebase/auth/AuthErrorCode.java b/src/main/java/com/google/firebase/auth/AuthErrorCode.java
index 90b5da1a2..9f7ecebf1 100644
--- a/src/main/java/com/google/firebase/auth/AuthErrorCode.java
+++ b/src/main/java/com/google/firebase/auth/AuthErrorCode.java
@@ -58,6 +58,11 @@ public enum AuthErrorCode {
    */
   INVALID_DYNAMIC_LINK_DOMAIN,
 
+  /**
+   * The provided hosting link domain is not configured or authorized for the current project.
+   */
+  INVALID_HOSTING_LINK_DOMAIN,
+
   /**
    * The specified ID token is invalid.
    */
diff --git a/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java b/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
index 4b9523c83..346bd6a84 100644
--- a/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
+++ b/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
@@ -73,6 +73,13 @@ final class AuthErrorHandler extends AbstractHttpErrorHandler<FirebaseAuthExcept
                   "The provided dynamic link domain is not "
                       + "configured or authorized for the current project",
                   AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN))
+          .put(
+              "INVALID_HOSTING_LINK_DOMAIN",
+              new AuthError(
+                  ErrorCode.INVALID_ARGUMENT,
+                  "The provided hosting link domain is not configured in Firebase Hosting or is "
+                      + "not owned by the current project",
+                  AuthErrorCode.INVALID_HOSTING_LINK_DOMAIN))
           .put(
               "PHONE_NUMBER_EXISTS",
               new AuthError(
diff --git a/src/test/java/com/google/firebase/auth/ActionCodeSettingsTest.java b/src/test/java/com/google/firebase/auth/ActionCodeSettingsTest.java
index 501aa53ba..f79d83ba4 100644
--- a/src/test/java/com/google/firebase/auth/ActionCodeSettingsTest.java
+++ b/src/test/java/com/google/firebase/auth/ActionCodeSettingsTest.java
@@ -68,6 +68,7 @@ public void testAllSettings() {
         .setUrl("https://example.com")
         .setHandleCodeInApp(true)
         .setDynamicLinkDomain("myapp.page.link")
+        .setLinkDomain("myapp.custom.link")
         .setIosBundleId("com.example.ios")
         .setAndroidPackageName("com.example.android")
         .setAndroidMinimumVersion("6.0")
@@ -77,6 +78,7 @@ public void testAllSettings() {
         .put("continueUrl", "https://example.com")
         .put("canHandleCodeInApp", true)
         .put("dynamicLinkDomain", "myapp.page.link")
+        .put("linkDomain", "myapp.custom.link")
         .put("iOSBundleId", "com.example.ios")
         .put("androidPackageName", "com.example.android")
         .put("androidMinimumVersion", "6.0")

From df6fc76b26c96093da207fec014292fb3d391d31 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 Sep 2025 15:23:53 +0000
Subject: [PATCH 337/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.65.0 to 26.66.0 (#1119)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8729a2b34..aa2c74f5c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,7 +385,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.65.0</version>
+                <version>26.67.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From ae5537ebe65536e73e6d93e0a42164205dedf9e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 Sep 2025 15:26:47 +0000
Subject: [PATCH 338/354] chore(deps): Bump
 org.apache.maven.plugins:maven-javadoc-plugin (#1118)

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index aa2c74f5c..1a7c778f2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.11.2</version>
+                        <version>3.11.3</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -301,7 +301,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.11.2</version>
+                <version>3.11.3</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 0406ed57ed17cd83030a50b43022622b684c2f66 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Tue, 2 Sep 2025 14:55:56 -0400
Subject: [PATCH 339/354] fix(auth): Fixed error code mapping for Auth errors
 (#1121)

---
 .../auth/internal/AuthErrorHandler.java       |  4 +--
 .../google/firebase/auth/FirebaseAuthIT.java  | 26 +++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java b/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
index 346bd6a84..cd570c64d 100644
--- a/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
+++ b/src/main/java/com/google/firebase/auth/internal/AuthErrorHandler.java
@@ -187,7 +187,7 @@ String buildMessage(AuthServiceErrorResponse response) {
 
   /**
    * JSON data binding for JSON error messages sent by Google identity toolkit service. These
-   * error messages take the form `{"error": {"message": "CODE: OPTIONAL DETAILS"}}`.
+   * error messages take the form `{"error": {"message": "CODE : OPTIONAL DETAILS"}}`.
    */
   private static class AuthServiceErrorResponse {
 
@@ -203,7 +203,7 @@ public String getCode() {
 
       int separator = message.indexOf(':');
       if (separator != -1) {
-        return message.substring(0, separator);
+        return message.substring(0, separator).trim();
       }
 
       return message;
diff --git a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
index 5862450ae..41ccc5c20 100644
--- a/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
+++ b/src/test/java/com/google/firebase/auth/FirebaseAuthIT.java
@@ -82,6 +82,7 @@ public class FirebaseAuthIT {
   private static final JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
   private static final HttpTransport transport = ApiClientUtils.getDefaultTransport();
   private static final String ACTION_LINK_CONTINUE_URL = "http://localhost/?a=1&b=2#c=3";
+  private static final String INVALID_ACTION_LINK_CONTINUE_URL = "http://www.localhost/?a=1&b=2#c=3";
 
   private static final FirebaseAuth auth = FirebaseAuth.getInstance(
       IntegrationTestUtils.ensureDefaultApp());
@@ -868,6 +869,31 @@ public void testGenerateSignInWithEmailLink() throws Exception {
     assertTrue(auth.getUser(user.getUid()).isEmailVerified());
   }
 
+  @Test
+  public void testAuthErrorCodeParse() throws Exception {
+    RandomUser user = UserTestUtils.generateRandomUserInfo();
+    temporaryUser.create(new UserRecord.CreateRequest()
+        .setUid(user.getUid())
+        .setEmail(user.getEmail())
+        .setEmailVerified(false)
+        .setPassword("password"));
+    try {
+      auth.generateSignInWithEmailLink(user.getEmail(), ActionCodeSettings.builder()
+          .setUrl(INVALID_ACTION_LINK_CONTINUE_URL)
+          .build());
+      fail("No error thrown for invlaid custom hosting domain");
+    } catch (FirebaseAuthException e) {
+      assertEquals(
+          "The domain of the continue URL is not whitelisted (UNAUTHORIZED_DOMAIN): Domain not "
+              + "allowlisted by project",
+          e.getMessage());
+      assertEquals(ErrorCode.INVALID_ARGUMENT, e.getErrorCode());
+      assertNotNull(e.getCause());
+      assertNotNull(e.getHttpResponse());
+      assertEquals(AuthErrorCode.UNAUTHORIZED_CONTINUE_URL, e.getAuthErrorCode());
+    }
+  }
+
   @Test
   public void testOidcProviderConfigLifecycle() throws Exception {
     // Create provider config

From 8fe1544372faa884058639d53a36744a04777832 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 Sep 2025 19:09:36 +0000
Subject: [PATCH 340/354] chore(deps): Bump netty.version from 4.2.3.Final to
 4.2.4.Final (#1123)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1a7c778f2..28a127857 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.2.3.Final</netty.version>
+        <netty.version>4.2.4.Final</netty.version>
     </properties>
 
     <scm>

From a9ff3f7332a731e5d63d6f2d33c7ddb0372583bb Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Wed, 3 Sep 2025 16:06:58 -0400
Subject: [PATCH 341/354] [chore] Release 9.6.0 (#1125)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 28a127857..b353743ee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.5.0</version>
+    <version>9.6.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 353fc53740244ffc5b3f3b496d4b6d351c3f805a Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Wed, 3 Sep 2025 17:18:16 -0400
Subject: [PATCH 342/354] Revert "[chore] Release 9.6.0 (#1125)" (#1126)

This reverts commit a9ff3f7332a731e5d63d6f2d33c7ddb0372583bb.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b353743ee..28a127857 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.6.0</version>
+    <version>9.5.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 1b5cf37f068fdb9778de54c44744e698235cfc5b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Sep 2025 13:39:39 -0400
Subject: [PATCH 343/354] chore(deps): Bump io.netty:netty-codec-http (#1127)

Bumps [io.netty:netty-codec-http](https://github.com/netty/netty) from 4.2.4.Final to 4.2.5.Final.
- [Commits](https://github.com/netty/netty/compare/netty-4.2.4.Final...netty-4.2.5.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-version: 4.2.5.Final
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 28a127857..990e4d6dc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.2.4.Final</netty.version>
+        <netty.version>4.2.5.Final</netty.version>
     </properties>
 
     <scm>

From 304a274fadf44792503e50bbbdd9774acc0e6026 Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Fri, 5 Sep 2025 12:25:44 -0400
Subject: [PATCH 344/354] feat: Migrate to Central Publisher Portal (#1128)

Updates the release process to use the new Central Publisher Portal for deploying artifacts to Maven Central.

- Replaces the nexus-staging-maven-plugin with the central-publishing-maven-plugin.
- Updates the distributionManagement repository URL in pom.xml.
- Modifies the publish script to use the central-publishing:publish goal.
- Updates the release workflow to use token-based authentication secrets (CENTRAL_USERNAME, CENTRAL_TOKEN).
- Adjusts settings.xml to use the new authentication tokens.
---
 .github/resources/settings.xml       |  6 +++---
 .github/scripts/publish_artifacts.sh |  2 +-
 .github/workflows/release.yml        |  4 ++--
 pom.xml                              | 19 ++++++-------------
 4 files changed, 12 insertions(+), 19 deletions(-)

diff --git a/.github/resources/settings.xml b/.github/resources/settings.xml
index f3bc754e2..da1d3057d 100644
--- a/.github/resources/settings.xml
+++ b/.github/resources/settings.xml
@@ -7,9 +7,9 @@
 
   <servers>
     <server>
-      <id>ossrh</id>
-      <username>${env.NEXUS_OSSRH_USERNAME}</username>
-      <password>${env.NEXUS_OSSRH_PASSWORD}</password>
+      <id>central</id>
+      <username>${env.CENTRAL_USERNAME}</username>
+      <password>${env.CENTRAL_TOKEN}</password>
     </server>
   </servers>
 
diff --git a/.github/scripts/publish_artifacts.sh b/.github/scripts/publish_artifacts.sh
index cd1a5b75c..8e20af88f 100755
--- a/.github/scripts/publish_artifacts.sh
+++ b/.github/scripts/publish_artifacts.sh
@@ -26,7 +26,7 @@ gpg --import --no-tty --batch --yes firebase.asc
 #  1. Compiles the source (compile phase)
 #  2. Packages the artifacts - src, bin, javadocs (package phase)
 #  3. Signs the artifacts (verify phase)
-#  4. Publishes artifacts via Nexus (deploy phase)
+#  4. Publishes artifacts via Central Publisher Portal (deploy phase)
 mvn -B clean deploy \
   -Dcheckstyle.skip \
   -DskipTests \
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d6f744c69..86774e50c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -100,8 +100,8 @@ jobs:
       env:
         GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
         GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-        NEXUS_OSSRH_USERNAME: ${{ secrets.NEXUS_OSSRH_USERNAME }}
-        NEXUS_OSSRH_PASSWORD: ${{ secrets.NEXUS_OSSRH_PASSWORD }}
+        CENTRAL_USERNAME: ${{ secrets.CENTRAL_USERNAME }}
+        CENTRAL_TOKEN: ${{ secrets.CENTRAL_TOKEN }}
 
     # See: https://cli.github.com/manual/gh_release_create
     - name: Create release tag
diff --git a/pom.xml b/pom.xml
index 990e4d6dc..ff3a085f3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -69,13 +69,6 @@
         <tag>HEAD</tag>
     </scm>
 
-    <distributionManagement>
-        <snapshotRepository>
-            <id>ossrh</id>
-            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
-        </snapshotRepository>
-    </distributionManagement>
-
     <profiles>
         <profile>
             <id>devsite-apidocs</id>
@@ -350,14 +343,14 @@
 
             <!-- Deploy Phase -->
             <plugin>
-                <groupId>org.sonatype.plugins</groupId>
-                <artifactId>nexus-staging-maven-plugin</artifactId>
-                <version>1.7.0</version>
+                <groupId>org.sonatype.central</groupId>
+                <artifactId>central-publishing-maven-plugin</artifactId>
+                <version>0.8.0</version>
                 <extensions>true</extensions>
                 <configuration>
-                    <serverId>ossrh</serverId>
-                    <nexusUrl>https://oss.sonatype.org/</nexusUrl>
-                    <autoReleaseAfterClose>true</autoReleaseAfterClose>
+                    <publishingServerId>central</publishingServerId>
+                    <autoPublish>true</autoPublish>
+                    <waitUntil>published</waitUntil>
                 </configuration>
             </plugin>
         </plugins>

From 450fe3cd979d60d067a8d89cbc2530f703ac77a5 Mon Sep 17 00:00:00 2001
From: Jonathan Edey <145066863+jonathanedey@users.noreply.github.com>
Date: Mon, 8 Sep 2025 14:03:19 -0400
Subject: [PATCH 345/354] [chore] Release 9.6.0 Take 2 (#1130)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ff3a085f3..91c203218 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.5.0</version>
+    <version>9.6.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 026db9fec98ca1f66a9b16be0a37ac4e127a024e Mon Sep 17 00:00:00 2001
From: varun rathore <35365856+rathovarun1032@users.noreply.github.com>
Date: Tue, 23 Sep 2025 20:48:26 +0530
Subject: [PATCH 346/354] feat(rc): Add support for Server-Side Remote Config
 (#1122)

* Implementation for Fetching and Caching Server Side Remote Config (#1107)009

* Implementation for Fetching and Caching Server Side Remote Config

* implementation of fetch , cache and load of template

---------

Co-authored-by: Varun Rathore <varunrathore@google.com>

* Implement custom signal targeting for server side RC (#1108)

Co-authored-by: Athira M <athiramanu@google.com>

* Implement percent evaluation for server side RC (#1114)

* [feat] Implement percent evaluation for server side RC

* Ssrc bugbash fix (#1117)

* Handle empty context

* fix issue related to update time

* fix string equality

* fix textcase

* Fix lint errors

* Add unit tests

* fix for [438426692](getDouble() logs a malformed warning on type conversion failure)

Using getDouble on a string parameter value, returns the appropriate default static value but logs a warning which looks incorrect ("%s" in the warning message?).

* Update ServerTemplateResponse.java to fix b/438607881

In the server template builder flow using cached template, evaluation using custom signals is not working as intended.

* Update getServerRemoteConfig.json to fix b/438607881

* Update getServerTemplateData.json to fix b/438607881

* fix for bugs

* Resolve comment related to revert of ServerVersion Class

* remove serverVersion

* Resolve comments related to Evaluator

* fix indentation

* fix indentation

* fix indentations

* fix multi line indent

* fix multi line indents

* Update ConditionEvaluator.java

* Update ConditionEvaluator.java

---------

Co-authored-by: Athira M <athiramanu@google.com>
Co-authored-by: Varun Rathore <varunrathore@google.com>

* Create ParameterValueTest.java

* Fix typo errors

* Change return type and cache regex

* Addressed comment to make cache atomic

* Trigger CI

---------

Co-authored-by: Varun Rathore <varunrathore@google.com>
Co-authored-by: Athira M <athiramanu9400@gmail.com>
Co-authored-by: Athira M <athiramanu@google.com>
---
 .../firebase/remoteconfig/AndCondition.java   |  61 ++
 .../remoteconfig/ConditionEvaluator.java      | 346 ++++++++
 .../remoteconfig/CustomSignalCondition.java   | 140 +++
 .../remoteconfig/CustomSignalOperator.java    |  54 ++
 .../remoteconfig/FirebaseRemoteConfig.java    |  68 ++
 .../FirebaseRemoteConfigClient.java           |   3 +
 .../FirebaseRemoteConfigClientImpl.java       |  24 +
 .../firebase/remoteconfig/KeysAndValues.java  | 135 +++
 .../remoteconfig/MicroPercentRange.java       |  46 +
 .../firebase/remoteconfig/OneOfCondition.java | 140 +++
 .../firebase/remoteconfig/OrCondition.java    |  58 ++
 .../remoteconfig/PercentCondition.java        | 163 ++++
 .../PercentConditionOperator.java             |  55 ++
 .../remoteconfig/ServerCondition.java         |  90 ++
 .../firebase/remoteconfig/ServerConfig.java   | 102 +++
 .../firebase/remoteconfig/ServerTemplate.java |  45 +
 .../remoteconfig/ServerTemplateData.java      | 215 +++++
 .../remoteconfig/ServerTemplateImpl.java      | 195 ++++
 .../google/firebase/remoteconfig/Value.java   | 135 +++
 .../firebase/remoteconfig/ValueSource.java    |  31 +
 .../internal/ServerTemplateResponse.java      | 322 +++++++
 .../remoteconfig/ConditionEvaluatorTest.java  | 832 ++++++++++++++++++
 .../FirebaseRemoteConfigClientImplTest.java   | 823 ++++++++++++-----
 .../FirebaseRemoteConfigTest.java             | 157 +++-
 .../remoteconfig/MockRemoteConfigClient.java  |  25 +-
 .../remoteconfig/ServerConditionTest.java     | 218 +++++
 .../remoteconfig/ServerTemplateImplTest.java  | 421 +++++++++
 .../firebase/remoteconfig/ValueTest.java      | 104 +++
 .../firebase/remoteconfig/VersionTest.java    |  12 +-
 src/test/resources/getServerRemoteConfig.json | 142 +++
 src/test/resources/getServerTemplateData.json | 181 ++++
 31 files changed, 5094 insertions(+), 249 deletions(-)
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/AndCondition.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ConditionEvaluator.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/CustomSignalCondition.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/CustomSignalOperator.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/KeysAndValues.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/MicroPercentRange.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/OneOfCondition.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/OrCondition.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/PercentCondition.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/PercentConditionOperator.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ServerCondition.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ServerConfig.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ServerTemplate.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ServerTemplateData.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ServerTemplateImpl.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/Value.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/ValueSource.java
 create mode 100644 src/main/java/com/google/firebase/remoteconfig/internal/ServerTemplateResponse.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/ConditionEvaluatorTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/ServerConditionTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/ServerTemplateImplTest.java
 create mode 100644 src/test/java/com/google/firebase/remoteconfig/ValueTest.java
 create mode 100644 src/test/resources/getServerRemoteConfig.json
 create mode 100644 src/test/resources/getServerTemplateData.json

diff --git a/src/main/java/com/google/firebase/remoteconfig/AndCondition.java b/src/main/java/com/google/firebase/remoteconfig/AndCondition.java
new file mode 100644
index 000000000..ec118cef2
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/AndCondition.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.AndConditionResponse;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.OneOfConditionResponse;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+final class AndCondition {
+  private final ImmutableList<OneOfCondition> conditions;
+
+  AndCondition(@NonNull List<OneOfCondition> conditions) {
+    checkNotNull(conditions, "List of conditions for AND operation must not be null.");
+    checkArgument(!conditions.isEmpty(), 
+        "List of conditions for AND operation must not be empty.");
+    this.conditions = ImmutableList.copyOf(conditions);
+  }
+
+  AndCondition(AndConditionResponse andConditionResponse) {
+    List<OneOfConditionResponse> conditionList = andConditionResponse.getConditions();
+    checkNotNull(conditionList, "List of conditions for AND operation must not be null.");
+    checkArgument(!conditionList.isEmpty(), 
+        "List of conditions for AND operation must not be empty");
+    this.conditions = conditionList.stream()
+                                  .map(OneOfCondition::new) 
+                                  .collect(ImmutableList.toImmutableList());
+  }
+
+  @NonNull
+  ImmutableList<OneOfCondition> getConditions() {
+    return conditions;
+  }
+
+  AndConditionResponse toAndConditionResponse() {
+    return new AndConditionResponse()
+                   .setConditions(this.conditions.stream()
+                                                 .map(OneOfCondition::toOneOfConditionResponse)
+                                                 .collect(Collectors.toList()));    
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/ConditionEvaluator.java b/src/main/java/com/google/firebase/remoteconfig/ConditionEvaluator.java
new file mode 100644
index 000000000..63718b32b
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ConditionEvaluator.java
@@ -0,0 +1,346 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.ImmutableMap.toImmutableMap;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import java.math.BigInteger;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.function.BiPredicate;
+import java.util.function.IntPredicate;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+import java.util.stream.Collectors;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+final class ConditionEvaluator {
+  private static final int MAX_CONDITION_RECURSION_DEPTH = 10;
+  private static final Logger logger = LoggerFactory.getLogger(ConditionEvaluator.class);
+  private static final BigInteger MICRO_PERCENT_MODULO = BigInteger.valueOf(100_000_000L);
+  private static final Pattern SEMVER_PATTERN =  Pattern.compile("^[0-9]+(?:\\.[0-9]+){0,4}$");
+
+  /**
+   * Evaluates server conditions and assigns a boolean value to each condition.
+   *
+   * @param conditions List of conditions which are to be evaluated.
+   * @param context A map with additional metadata used during evaluation.
+   * @return A map of condition to evaluated value.
+   */
+  @NonNull
+  Map<String, Boolean> evaluateConditions(
+      @NonNull List<ServerCondition> conditions, @Nullable KeysAndValues context) {
+    checkNotNull(conditions, "List of conditions must not be null.");
+    checkArgument(!conditions.isEmpty(), "List of conditions must not be empty.");
+    if (context == null || conditions.isEmpty()) {
+      return ImmutableMap.of();
+    }
+    KeysAndValues evaluationContext =
+        context != null ? context : new KeysAndValues.Builder().build();
+
+    Map<String, Boolean> evaluatedConditions =
+        conditions.stream()
+            .collect(
+                toImmutableMap(
+                    ServerCondition::getName,
+                    condition ->
+                        evaluateCondition(
+                            condition.getCondition(), evaluationContext, /* nestingLevel= */ 0)));
+
+    return evaluatedConditions;
+  }
+
+  private boolean evaluateCondition(
+      OneOfCondition condition, KeysAndValues context, int nestingLevel) {
+    if (nestingLevel > MAX_CONDITION_RECURSION_DEPTH) {
+      logger.warn("Maximum condition recursion depth exceeded.");
+      return false;
+    }
+
+    if (condition.getOrCondition() != null) {
+      return evaluateOrCondition(condition.getOrCondition(), context, nestingLevel + 1);
+    } else if (condition.getAndCondition() != null) {
+      return evaluateAndCondition(condition.getAndCondition(), context, nestingLevel + 1);
+    } else if (condition.isTrue() != null) {
+      return true;
+    } else if (condition.isFalse() != null) {
+      return false;
+    } else if (condition.getCustomSignal() != null) {
+      return evaluateCustomSignalCondition(condition.getCustomSignal(), context);
+    } else if (condition.getPercent() != null) {
+      return evaluatePercentCondition(condition.getPercent(), context);
+    }
+    logger.atWarn().log("Received invalid condition for evaluation.");
+    return false;
+  }
+
+  private boolean evaluateOrCondition(
+      OrCondition condition, KeysAndValues context, int nestingLevel) {
+    return condition.getConditions().stream()
+        .anyMatch(subCondition -> evaluateCondition(subCondition, context, nestingLevel + 1));
+  }
+
+  private boolean evaluateAndCondition(
+      AndCondition condition, KeysAndValues context, int nestingLevel) {
+    return condition.getConditions().stream()
+        .allMatch(subCondition -> evaluateCondition(subCondition, context, nestingLevel + 1));
+  }
+
+  private boolean evaluateCustomSignalCondition(
+      CustomSignalCondition condition, KeysAndValues context) {
+    CustomSignalOperator customSignalOperator = condition.getCustomSignalOperator();
+    String customSignalKey = condition.getCustomSignalKey();
+    ImmutableList<String> targetCustomSignalValues =
+        ImmutableList.copyOf(condition.getTargetCustomSignalValues());
+
+    if (targetCustomSignalValues.isEmpty()) {
+      logger.warn(
+          String.format(
+              "Values must be assigned to all custom signal fields. Operator:%s, Key:%s, Values:%s",
+              customSignalOperator, customSignalKey, targetCustomSignalValues));
+      return false;
+    }
+
+    String customSignalValue = context.get(customSignalKey);
+    if (customSignalValue == null) {
+      return false;
+    }
+
+    switch (customSignalOperator) {
+      // String operations.
+      case STRING_CONTAINS:
+        return compareStrings(
+            targetCustomSignalValues,
+            customSignalValue,
+            (customSignal, targetSignal) -> customSignal.contains(targetSignal));
+      case STRING_DOES_NOT_CONTAIN:
+        return !compareStrings(
+            targetCustomSignalValues,
+            customSignalValue,
+            (customSignal, targetSignal) -> customSignal.contains(targetSignal));
+      case STRING_EXACTLY_MATCHES:
+        return compareStrings(
+            targetCustomSignalValues,
+            customSignalValue,
+            (customSignal, targetSignal) -> customSignal.equals(targetSignal));
+      case STRING_CONTAINS_REGEX:
+        return compareStrings(
+            targetCustomSignalValues,
+            customSignalValue,
+            (customSignal, targetSignal) -> compareStringRegex(customSignal, targetSignal));
+
+      // Numeric operations.
+      case NUMERIC_LESS_THAN:
+        return compareNumbers(targetCustomSignalValues, customSignalValue, (result) -> result < 0);
+      case NUMERIC_LESS_EQUAL:
+        return compareNumbers(targetCustomSignalValues, customSignalValue, (result) -> result <= 0);
+      case NUMERIC_EQUAL:
+        return compareNumbers(targetCustomSignalValues, customSignalValue, (result) -> result == 0);
+      case NUMERIC_NOT_EQUAL:
+        return compareNumbers(targetCustomSignalValues, customSignalValue, (result) -> result != 0);
+      case NUMERIC_GREATER_THAN:
+        return compareNumbers(targetCustomSignalValues, customSignalValue, (result) -> result > 0);
+      case NUMERIC_GREATER_EQUAL:
+        return compareNumbers(targetCustomSignalValues, customSignalValue, (result) -> result >= 0);
+
+      // Semantic operations.
+      case SEMANTIC_VERSION_EQUAL:
+        return compareSemanticVersions(
+            targetCustomSignalValues, customSignalValue, (result) -> result == 0);
+      case SEMANTIC_VERSION_GREATER_EQUAL:
+        return compareSemanticVersions(
+            targetCustomSignalValues, customSignalValue, (result) -> result >= 0);
+      case SEMANTIC_VERSION_GREATER_THAN:
+        return compareSemanticVersions(
+            targetCustomSignalValues, customSignalValue, (result) -> result > 0);
+      case SEMANTIC_VERSION_LESS_EQUAL:
+        return compareSemanticVersions(
+            targetCustomSignalValues, customSignalValue, (result) -> result <= 0);
+      case SEMANTIC_VERSION_LESS_THAN:
+        return compareSemanticVersions(
+            targetCustomSignalValues, customSignalValue, (result) -> result < 0);
+      case SEMANTIC_VERSION_NOT_EQUAL:
+        return compareSemanticVersions(
+            targetCustomSignalValues, customSignalValue, (result) -> result != 0);
+      default:
+        return false;
+    }
+  }
+
+  private boolean evaluatePercentCondition(PercentCondition condition, KeysAndValues context) {
+    if (!context.containsKey("randomizationId")) {
+      logger.warn("Percentage operation must not be performed without randomizationId");
+      return false;
+    }
+
+    PercentConditionOperator operator = condition.getPercentConditionOperator();
+
+    // The micro-percent interval to be used with the BETWEEN operator.
+    MicroPercentRange microPercentRange = condition.getMicroPercentRange();
+    int microPercentUpperBound =
+        microPercentRange != null ? microPercentRange.getMicroPercentUpperBound() : 0;
+    int microPercentLowerBound =
+        microPercentRange != null ? microPercentRange.getMicroPercentLowerBound() : 0;
+    // The limit of percentiles to target in micro-percents when using the
+    // LESS_OR_EQUAL and GREATER_THAN operators. The value must be in the range [0
+    // and 100000000].
+    int microPercent = condition.getMicroPercent();
+    BigInteger microPercentile =
+        getMicroPercentile(condition.getSeed(), context.get("randomizationId"));
+    switch (operator) {
+      case LESS_OR_EQUAL:
+        return microPercentile.compareTo(BigInteger.valueOf(microPercent)) <= 0;
+      case GREATER_THAN:
+        return microPercentile.compareTo(BigInteger.valueOf(microPercent)) > 0;
+      case BETWEEN:
+        return microPercentile.compareTo(BigInteger.valueOf(microPercentLowerBound)) > 0
+            && microPercentile.compareTo(BigInteger.valueOf(microPercentUpperBound)) <= 0;
+      case UNSPECIFIED:
+      default:
+        return false;
+    }
+  }
+
+  private BigInteger getMicroPercentile(String seed, String randomizationId) {
+    String seedPrefix = seed != null && !seed.isEmpty() ? seed + "." : "";
+    String stringToHash = seedPrefix + randomizationId;
+    BigInteger hash = hashSeededRandomizationId(stringToHash);
+    BigInteger microPercentile = hash.mod(MICRO_PERCENT_MODULO);
+
+    return microPercentile;
+  }
+
+  private BigInteger hashSeededRandomizationId(String seededRandomizationId) {
+    try {
+      // Create a SHA-256 hash.
+      MessageDigest digest = MessageDigest.getInstance("SHA-256");
+      byte[] hashBytes = digest.digest(seededRandomizationId.getBytes(StandardCharsets.UTF_8));
+
+      // Convert the hash bytes to a BigInteger
+      return new BigInteger(1, hashBytes);
+    } catch (NoSuchAlgorithmException e) {
+      logger.error("SHA-256 algorithm not found", e);
+      throw new RuntimeException("SHA-256 algorithm not found", e);
+    }
+  }
+
+  private boolean compareStrings(
+      ImmutableList<String> targetValues,
+      String customSignal,
+      BiPredicate<String, String> compareFunction) {
+    return targetValues.stream()
+        .anyMatch(targetValue -> compareFunction.test(customSignal, targetValue));
+  }
+
+  private boolean compareStringRegex(String customSignal, String targetSignal) {
+    try {
+      return Pattern.compile(targetSignal).matcher(customSignal).matches();
+    } catch (PatternSyntaxException e) {
+      return false;
+    }
+  }
+
+  private boolean compareNumbers(
+      ImmutableList<String> targetValues, String customSignal, IntPredicate compareFunction) {
+    if (targetValues.size() != 1) {
+      logger.warn(
+          String.format(
+              "Target values must contain 1 element for numeric operations. Target Value: %s",
+              targetValues));
+      return false;
+    }
+
+    try {
+      double customSignalDouble = Double.parseDouble(customSignal);
+      double targetValue = Double.parseDouble(targetValues.get(0));
+      int comparisonResult = Double.compare(customSignalDouble, targetValue);
+      return compareFunction.test(comparisonResult);
+    } catch (NumberFormatException e) {
+      logger.warn(
+          "Error parsing numeric values: customSignal=%s, targetValue=%s",
+          customSignal, targetValues.get(0), e);
+      return false;
+    }
+  }
+
+  private boolean compareSemanticVersions(
+      ImmutableList<String> targetValues, String customSignal, IntPredicate compareFunction) {
+    if (targetValues.size() != 1) {
+      logger.warn(String.format("Target values must contain 1 element for semantic operation."));
+      return false;
+    }
+
+    String targetValueString = targetValues.get(0);
+    if (!validateSemanticVersion(targetValueString) || !validateSemanticVersion(customSignal)) {
+      return false;
+    }
+
+    List<Integer> targetVersion = parseSemanticVersion(targetValueString);
+    List<Integer> customSignalVersion = parseSemanticVersion(customSignal);
+
+    int maxLength = 5;
+    if (targetVersion.size() > maxLength || customSignalVersion.size() > maxLength) {
+      logger.warn(
+          "Semantic version max length(%s) exceeded. Target: %s, Custom Signal: %s",
+          maxLength, targetValueString, customSignal);
+      return false;
+    }
+
+    int comparison = compareSemanticVersions(customSignalVersion, targetVersion);
+    return compareFunction.test(comparison);
+  }
+
+  private int compareSemanticVersions(List<Integer> version1, List<Integer> version2) {
+    int maxLength = Math.max(version1.size(), version2.size());
+    int version1Size = version1.size();
+    int version2Size = version2.size();
+
+    for (int i = 0; i < maxLength; i++) {
+      // Default to 0 if segment is missing
+      int v1 = i < version1Size ? version1.get(i) : 0;
+      int v2 = i < version2Size ? version2.get(i) : 0;
+
+      int comparison = Integer.compare(v1, v2);
+      if (comparison != 0) {
+        return comparison;
+      }
+    }
+    // Versions are equal
+    return 0;
+  }
+
+  private List<Integer> parseSemanticVersion(String versionString) {
+    return Arrays.stream(versionString.split("\\."))
+        .map(Integer::parseInt)
+        .collect(Collectors.toList());
+  }
+
+  private boolean validateSemanticVersion(String version) {
+    return SEMVER_PATTERN.matcher(version).matches();
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/CustomSignalCondition.java b/src/main/java/com/google/firebase/remoteconfig/CustomSignalCondition.java
new file mode 100644
index 000000000..a8d96efdf
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/CustomSignalCondition.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.CustomSignalConditionResponse;
+
+import java.util.ArrayList;
+import java.util.List;
+
+final class CustomSignalCondition {
+  private final String customSignalKey;
+  private final CustomSignalOperator customSignalOperator;
+  private final ImmutableList<String> targetCustomSignalValues;
+
+  public CustomSignalCondition(
+      @NonNull String customSignalKey,
+      @NonNull CustomSignalOperator customSignalOperator,
+      @NonNull List<String> targetCustomSignalValues) {
+    checkArgument(
+        !Strings.isNullOrEmpty(customSignalKey), "Custom signal key must not be null or empty.");
+    checkNotNull(customSignalOperator);
+    checkNotNull(targetCustomSignalValues);
+    checkArgument(
+        !targetCustomSignalValues.isEmpty(), "Target custom signal values must not be empty.");
+    this.customSignalKey = customSignalKey.trim();
+    this.customSignalOperator = customSignalOperator;
+    this.targetCustomSignalValues = ImmutableList.copyOf(targetCustomSignalValues);
+  }
+
+  CustomSignalCondition(CustomSignalConditionResponse customSignalCondition) {
+    checkArgument(
+        !Strings.isNullOrEmpty(customSignalCondition.getKey()),
+        "Custom signal key must not be null or empty.");
+    checkArgument(
+        !customSignalCondition.getTargetValues().isEmpty(),
+        "Target custom signal values must not be empty.");
+    this.customSignalKey = customSignalCondition.getKey().trim();
+    List<String> targetCustomSignalValuesList = customSignalCondition.getTargetValues();
+    this.targetCustomSignalValues = ImmutableList.copyOf(targetCustomSignalValuesList);
+    switch (customSignalCondition.getOperator()) {
+      case "NUMERIC_EQUAL":
+        this.customSignalOperator = CustomSignalOperator.NUMERIC_EQUAL;
+        break;
+      case "NUMERIC_GREATER_EQUAL":
+        this.customSignalOperator = CustomSignalOperator.NUMERIC_GREATER_EQUAL;
+        break;
+      case "NUMERIC_GREATER_THAN":
+        this.customSignalOperator = CustomSignalOperator.NUMERIC_GREATER_THAN;
+        break;
+      case "NUMERIC_LESS_EQUAL":
+        this.customSignalOperator = CustomSignalOperator.NUMERIC_LESS_EQUAL;
+        break;
+      case "NUMERIC_LESS_THAN":
+        this.customSignalOperator = CustomSignalOperator.NUMERIC_LESS_THAN;
+        break;
+      case "NUMERIC_NOT_EQUAL":
+        this.customSignalOperator = CustomSignalOperator.NUMERIC_NOT_EQUAL;
+        break;
+      case "SEMANTIC_VERSION_EQUAL":
+        this.customSignalOperator = CustomSignalOperator.SEMANTIC_VERSION_EQUAL;
+        break;
+      case "SEMANTIC_VERSION_GREATER_EQUAL":
+        this.customSignalOperator = CustomSignalOperator.SEMANTIC_VERSION_GREATER_EQUAL;
+        break;
+      case "SEMANTIC_VERSION_GREATER_THAN":
+        this.customSignalOperator = CustomSignalOperator.SEMANTIC_VERSION_GREATER_THAN;
+        break;
+      case "SEMANTIC_VERSION_LESS_EQUAL":
+        this.customSignalOperator = CustomSignalOperator.SEMANTIC_VERSION_LESS_EQUAL;
+        break;
+      case "SEMANTIC_VERSION_LESS_THAN":
+        this.customSignalOperator = CustomSignalOperator.SEMANTIC_VERSION_LESS_THAN;
+        break;
+      case "SEMANTIC_VERSION_NOT_EQUAL":
+        this.customSignalOperator = CustomSignalOperator.SEMANTIC_VERSION_NOT_EQUAL;
+        break;
+      case "STRING_CONTAINS":
+        this.customSignalOperator = CustomSignalOperator.STRING_CONTAINS;
+        break;
+      case "STRING_CONTAINS_REGEX":
+        this.customSignalOperator = CustomSignalOperator.STRING_CONTAINS_REGEX;
+        break;
+      case "STRING_DOES_NOT_CONTAIN":
+        this.customSignalOperator = CustomSignalOperator.STRING_DOES_NOT_CONTAIN;
+        break;
+      case "STRING_EXACTLY_MATCHES":
+        this.customSignalOperator = CustomSignalOperator.STRING_EXACTLY_MATCHES;
+        break;
+      default:
+        this.customSignalOperator = CustomSignalOperator.UNSPECIFIED;
+    }
+    checkArgument(
+        this.customSignalOperator != CustomSignalOperator.UNSPECIFIED,
+        "Custom signal operator passed is invalid");
+  }
+
+  @NonNull
+  String getCustomSignalKey() {
+    return customSignalKey;
+  }
+
+  @NonNull
+  CustomSignalOperator getCustomSignalOperator() {
+    return customSignalOperator;
+  }
+
+  @NonNull
+  List<String> getTargetCustomSignalValues() {
+    return new ArrayList<>(targetCustomSignalValues);
+  }
+
+  CustomSignalConditionResponse toCustomConditonResponse() {
+    CustomSignalConditionResponse customSignalConditionResponse =
+        new CustomSignalConditionResponse();
+    customSignalConditionResponse.setKey(this.customSignalKey);
+    customSignalConditionResponse.setOperator(this.customSignalOperator.getOperator());
+    customSignalConditionResponse.setTargetValues(this.targetCustomSignalValues);
+    return customSignalConditionResponse;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/CustomSignalOperator.java b/src/main/java/com/google/firebase/remoteconfig/CustomSignalOperator.java
new file mode 100644
index 000000000..0c0924d62
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/CustomSignalOperator.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.common.base.Strings;
+import com.google.firebase.internal.NonNull;
+
+enum CustomSignalOperator {
+  NUMERIC_EQUAL("NUMERIC_EQUAL"),
+  NUMERIC_GREATER_EQUAL("NUMERIC_GREATER_EQUAL"),
+  NUMERIC_GREATER_THAN("NUMERIC_GREATER_THAN"),
+  NUMERIC_LESS_EQUAL("NUMERIC_LESS_EQUAL"),
+  NUMERIC_LESS_THAN("NUMERIC_LESS_THAN"),
+  NUMERIC_NOT_EQUAL("NUMERIC_NOT_EQUAL"),
+  SEMANTIC_VERSION_EQUAL("SEMANTIC_VERSION_EQUAL"),
+  SEMANTIC_VERSION_GREATER_EQUAL("SEMANTIC_VERSION_GREATER_EQUAL"),
+  SEMANTIC_VERSION_GREATER_THAN("SEMANTIC_VERSION_GREATER_THAN"),
+  SEMANTIC_VERSION_LESS_EQUAL("SEMANTIC_VERSION_LESS_EQUAL"),
+  SEMANTIC_VERSION_LESS_THAN("SEMANTIC_VERSION_LESS_THAN"),
+  SEMANTIC_VERSION_NOT_EQUAL("SEMANTIC_VERSION_NOT_EQUAL"),
+  STRING_CONTAINS("STRING_CONTAINS"),
+  STRING_CONTAINS_REGEX("STRING_CONTAINS_REGEX"),
+  STRING_DOES_NOT_CONTAIN("STRING_DOES_NOT_CONTAIN"),
+  STRING_EXACTLY_MATCHES("STRING_EXACTLY_MATCHES"),
+  UNSPECIFIED("CUSTOM_SIGNAL_OPERATOR_UNSPECIFIED");
+
+  private final String operator;
+
+  CustomSignalOperator(@NonNull String operator) {
+    checkArgument(!Strings.isNullOrEmpty(operator), "Operator must not be null or empty.");
+    this.operator = operator;
+  }
+
+  @NonNull
+  String getOperator() {
+    return operator;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfig.java b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfig.java
index 41a0afbe4..e3edce4e4 100644
--- a/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfig.java
+++ b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfig.java
@@ -101,6 +101,73 @@ protected Template execute() throws FirebaseRemoteConfigException {
     };
   }
 
+  /**
+   * Alternative to {@link #getServerTemplate} where developers can initialize with a pre-cached
+   * template or config.
+   */
+  public ServerTemplateImpl.Builder serverTemplateBuilder() {
+    return new ServerTemplateImpl.Builder(this.remoteConfigClient);
+  }
+
+  /**
+   * Initializes a template instance and loads the latest template data.
+   *
+   * @param defaultConfig Default parameter values to use if a getter references a parameter not
+   *     found in the template.
+   * @return A {@link Template} instance with the latest template data.
+   */
+  public ServerTemplate getServerTemplate(KeysAndValues defaultConfig)
+      throws FirebaseRemoteConfigException {
+    return getServerTemplateOp(defaultConfig).call();
+  }
+
+  /**
+   * Initializes a template instance without any defaults and loads the latest template data.
+   *
+   * @return A {@link Template} instance with the latest template data.
+   */
+  public ServerTemplate getServerTemplate() throws FirebaseRemoteConfigException {
+    return getServerTemplate(null);
+  }
+
+  /**
+   * Initializes a template instance and asynchronously loads the latest template data.
+   *
+   * @param defaultConfig Default parameter values to use if a getter references a parameter not
+   *     found in the template.
+   * @return A {@link Template} instance with the latest template data.
+   */
+  public ApiFuture<ServerTemplate> getServerTemplateAsync(KeysAndValues defaultConfig) {
+    return getServerTemplateOp(defaultConfig).callAsync(app);
+  }
+
+  /**
+   * Initializes a template instance without any defaults and asynchronously loads the latest
+   * template data.
+   *
+   * @return A {@link Template} instance with the latest template data.
+   */
+  public ApiFuture<ServerTemplate> getServerTemplateAsync() {
+    return getServerTemplateAsync(null);
+  }
+
+  private CallableOperation<ServerTemplate, FirebaseRemoteConfigException> getServerTemplateOp(
+      KeysAndValues defaultConfig) {
+    return new CallableOperation<ServerTemplate, FirebaseRemoteConfigException>() {
+      @Override
+      protected ServerTemplate execute() throws FirebaseRemoteConfigException {
+        String serverTemplateData = remoteConfigClient.getServerTemplate();
+        ServerTemplate template =
+                serverTemplateBuilder()
+                .defaultConfig(defaultConfig)
+                .cachedTemplate(serverTemplateData)
+                .build();
+        
+        return template;
+      }
+    };
+  }
+
   /**
    * Gets the requested version of the of the Remote Config template.
    *
@@ -413,3 +480,4 @@ public void destroy() {
     }
   }
 }
+
diff --git a/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClient.java b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClient.java
index 9fdb596d6..2143d07d1 100644
--- a/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClient.java
+++ b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClient.java
@@ -40,4 +40,7 @@ Template publishTemplate(Template template, boolean validateOnly,
 
   ListVersionsResponse listVersions(
           ListVersionsOptions options) throws FirebaseRemoteConfigException;
+  
+  String getServerTemplate() throws FirebaseRemoteConfigException;
 }
+
diff --git a/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImpl.java b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImpl.java
index 7425673fb..d84abae84 100644
--- a/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImpl.java
+++ b/src/main/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImpl.java
@@ -38,6 +38,7 @@
 import com.google.firebase.internal.NonNull;
 import com.google.firebase.internal.SdkUtils;
 import com.google.firebase.remoteconfig.internal.RemoteConfigServiceErrorResponse;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse;
 import com.google.firebase.remoteconfig.internal.TemplateResponse;
 
 import java.io.IOException;
@@ -51,6 +52,9 @@ final class FirebaseRemoteConfigClientImpl implements FirebaseRemoteConfigClient
 
   private static final String REMOTE_CONFIG_URL = "https://firebaseremoteconfig.googleapis.com/v1/projects/%s/remoteConfig";
 
+  private static final String SERVER_REMOTE_CONFIG_URL =
+      "https://firebaseremoteconfig.googleapis.com/v1/projects/%s/namespaces/firebase-server/serverRemoteConfig";
+
   private static final Map<String, String> COMMON_HEADERS =
           ImmutableMap.of(
                   "X-Firebase-Client", "fire-admin-java/" + SdkUtils.getVersion(),
@@ -62,6 +66,7 @@ final class FirebaseRemoteConfigClientImpl implements FirebaseRemoteConfigClient
           );
 
   private final String remoteConfigUrl;
+  private final String serverRemoteConfigUrl;
   private final HttpRequestFactory requestFactory;
   private final JsonFactory jsonFactory;
   private final ErrorHandlingHttpClient<FirebaseRemoteConfigException> httpClient;
@@ -69,6 +74,7 @@ final class FirebaseRemoteConfigClientImpl implements FirebaseRemoteConfigClient
   private FirebaseRemoteConfigClientImpl(Builder builder) {
     checkArgument(!Strings.isNullOrEmpty(builder.projectId));
     this.remoteConfigUrl = String.format(REMOTE_CONFIG_URL, builder.projectId);
+    this.serverRemoteConfigUrl = String.format(SERVER_REMOTE_CONFIG_URL, builder.projectId);
     this.requestFactory = checkNotNull(builder.requestFactory);
     this.jsonFactory = checkNotNull(builder.jsonFactory);
     HttpResponseInterceptor responseInterceptor = builder.responseInterceptor;
@@ -82,6 +88,11 @@ String getRemoteConfigUrl() {
     return remoteConfigUrl;
   }
 
+  @VisibleForTesting
+  String getServerRemoteConfigUrl() {
+    return serverRemoteConfigUrl;
+  }
+
   @VisibleForTesting
   HttpRequestFactory getRequestFactory() {
     return requestFactory;
@@ -102,6 +113,18 @@ public Template getTemplate() throws FirebaseRemoteConfigException {
     return template.setETag(getETag(response));
   }
 
+  @Override
+  public String getServerTemplate() throws FirebaseRemoteConfigException {
+    HttpRequestInfo request =
+        HttpRequestInfo.buildGetRequest(serverRemoteConfigUrl).addAllHeaders(COMMON_HEADERS);
+    IncomingHttpResponse response = httpClient.send(request);
+    ServerTemplateResponse templateResponse = httpClient.parse(response, 
+                                ServerTemplateResponse.class);
+    ServerTemplateData serverTemplateData = new ServerTemplateData(templateResponse);
+    serverTemplateData.setETag(getETag(response));
+    return serverTemplateData.toJSON(); 
+  }
+
   @Override
   public Template getTemplateAtVersion(
           @NonNull String versionNumber) throws FirebaseRemoteConfigException {
@@ -267,3 +290,4 @@ private RemoteConfigServiceErrorResponse safeParse(String response) {
     }
   }
 }
+
diff --git a/src/main/java/com/google/firebase/remoteconfig/KeysAndValues.java b/src/main/java/com/google/firebase/remoteconfig/KeysAndValues.java
new file mode 100644
index 000000000..47b159bf7
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/KeysAndValues.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.internal.NonNull;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Represents data stored in context passed to server-side Remote Config.
+ */
+public class KeysAndValues {
+  final ImmutableMap<String, String> keysAndValues;
+
+  private KeysAndValues(@NonNull Builder builder) {
+    keysAndValues = ImmutableMap.<String, String>builder().putAll(builder.keysAndValues).build(); 
+  }
+
+  /**
+   * Checks whether a key is present in the context.
+   * 
+   * @param key The key for data stored in context.
+   * @return Boolean representing whether the key passed is present in context.
+   */
+  public boolean containsKey(String key) {
+    return keysAndValues.containsKey(key);
+  }
+
+  /**
+   * Gets the value of the data stored in context.
+   * 
+   * @param key The key for data stored in context.
+   * @return Value assigned to the key in context.
+   */
+  public String get(String key) {
+    return keysAndValues.get(key);
+  }
+
+  /**
+   * Builder class for KeysAndValues using which values will be assigned to
+   * private variables.
+   */
+  public static class Builder {
+    // Holds the converted pairs of custom keys and values.
+    private final Map<String, String> keysAndValues = new HashMap<>();
+
+    /**
+     * Adds a context data with string value.
+     * 
+     * @param key   Identifies the value in context.
+     * @param value Value assigned to the context.
+     * @return Reference to class itself so that more data can be added.
+     */
+    @NonNull
+    public Builder put(@NonNull String key, @NonNull String value) {
+      checkArgument(!Strings.isNullOrEmpty(key), "Context key must not be null or empty.");
+      checkArgument(!Strings.isNullOrEmpty(value), "Context key must not be null or empty.");
+      keysAndValues.put(key, value);
+      return this;
+    }
+
+    /**
+     * Adds a context data with boolean value.
+     * 
+     * @param key   Identifies the value in context.
+     * @param value Value assigned to the context.
+     * @return Reference to class itself so that more data can be added.
+     */
+    @NonNull
+    public Builder put(@NonNull String key, boolean value) {
+      checkArgument(!Strings.isNullOrEmpty(key), "Context key must not be null or empty.");
+      keysAndValues.put(key, Boolean.toString(value));
+      return this;
+    }
+
+    /**
+     * Adds a context data with double value.
+     * 
+     * @param key   Identifies the value in context.
+     * @param value Value assigned to the context.
+     * @return Reference to class itself so that more data can be added.
+     */
+    @NonNull
+    public Builder put(@NonNull String key, double value) {
+      checkArgument(!Strings.isNullOrEmpty(key), "Context key must not be null or empty.");
+      keysAndValues.put(key, Double.toString(value));
+      return this;
+    }
+
+    /**
+     * Adds a context data with long value.
+     * 
+     * @param key   Identifies the value in context.
+     * @param value Value assigned to the context.
+     * @return Reference to class itself so that more data can be added.
+     */
+    @NonNull
+    public Builder put(@NonNull String key, long value) {
+      checkArgument(!Strings.isNullOrEmpty(key), "Context key must not be null or empty.");
+      keysAndValues.put(key, Long.toString(value));
+      return this;
+    }
+
+    /**
+     * Creates an instance of KeysAndValues with the values assigned through
+     * builder.
+     * 
+     * @return instance of KeysAndValues
+     */
+    @NonNull
+    public KeysAndValues build() {
+      return new KeysAndValues(this);
+    }
+  }
+}
+
diff --git a/src/main/java/com/google/firebase/remoteconfig/MicroPercentRange.java b/src/main/java/com/google/firebase/remoteconfig/MicroPercentRange.java
new file mode 100644
index 000000000..abd5711c6
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/MicroPercentRange.java
@@ -0,0 +1,46 @@
+/*
+* Copyright 2025 Google LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package com.google.firebase.remoteconfig;
+
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.MicroPercentRangeResponse;
+
+class MicroPercentRange {
+  private final int microPercentLowerBound;
+  private final int microPercentUpperBound;
+
+  public MicroPercentRange(@Nullable Integer microPercentLowerBound,
+      @Nullable Integer microPercentUpperBound) {
+    this.microPercentLowerBound = microPercentLowerBound != null ? microPercentLowerBound : 0;
+    this.microPercentUpperBound = microPercentUpperBound != null ? microPercentUpperBound : 0;
+  }
+
+  int getMicroPercentLowerBound() {
+    return microPercentLowerBound;
+  }
+
+  int getMicroPercentUpperBound() {
+    return microPercentUpperBound;
+  }
+
+  MicroPercentRangeResponse toMicroPercentRangeResponse() {
+    MicroPercentRangeResponse microPercentRangeResponse = new MicroPercentRangeResponse();
+    microPercentRangeResponse.setMicroPercentLowerBound(this.microPercentLowerBound);
+    microPercentRangeResponse.setMicroPercentUpperBound(this.microPercentUpperBound);
+    return microPercentRangeResponse;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/OneOfCondition.java b/src/main/java/com/google/firebase/remoteconfig/OneOfCondition.java
new file mode 100644
index 000000000..be3f5fd3e
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/OneOfCondition.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.OneOfConditionResponse;
+
+class OneOfCondition {
+  private OrCondition orCondition;
+  private AndCondition andCondition;
+  private PercentCondition percent;
+  private CustomSignalCondition customSignal;
+  private String trueValue;
+  private String falseValue;
+
+  OneOfCondition(OneOfConditionResponse oneOfconditionResponse) {
+    if (oneOfconditionResponse.getOrCondition() != null) {
+      this.orCondition = new OrCondition(oneOfconditionResponse.getOrCondition());
+    }
+    if (oneOfconditionResponse.getAndCondition() != null) {
+      this.andCondition = new AndCondition(oneOfconditionResponse.getAndCondition());
+    }
+    if (oneOfconditionResponse.getPercentCondition() != null) {
+      this.percent = new PercentCondition(oneOfconditionResponse.getPercentCondition());
+    }
+    if (oneOfconditionResponse.getCustomSignalCondition() != null) {
+      this.customSignal = 
+          new CustomSignalCondition(oneOfconditionResponse.getCustomSignalCondition());
+    }
+  }
+
+  @VisibleForTesting
+  OneOfCondition() {
+    this.orCondition = null;
+    this.andCondition = null;
+    this.percent = null;
+    this.trueValue = null;
+    this.falseValue = null;
+  }
+
+  @Nullable
+  OrCondition getOrCondition() {
+    return orCondition;
+  }
+
+  @Nullable
+  AndCondition getAndCondition() {
+    return andCondition;
+  }
+
+  @Nullable
+  String isTrue() {
+    return trueValue;
+  }
+
+  @Nullable
+  String isFalse() {
+    return falseValue;
+  }
+
+  @Nullable
+  PercentCondition getPercent() {
+    return percent;
+  }
+
+  @Nullable
+  CustomSignalCondition getCustomSignal() {
+    return customSignal;
+  }
+
+  OneOfCondition setOrCondition(@NonNull OrCondition orCondition) {
+    checkNotNull(orCondition, "`Or` condition cannot be set to null.");
+    this.orCondition = orCondition;
+    return this;
+  }
+
+  OneOfCondition setAndCondition(@NonNull AndCondition andCondition) {
+    checkNotNull(andCondition, "`And` condition cannot be set to null.");
+    this.andCondition = andCondition;
+    return this;
+  }
+
+  OneOfCondition setPercent(@NonNull PercentCondition percent) {
+    checkNotNull(percent, "`Percent` condition cannot be set to null.");
+    this.percent = percent;
+    return this;
+  }
+
+  OneOfCondition setCustomSignal(@NonNull CustomSignalCondition customSignal) {
+    checkNotNull(customSignal, "`Custom signal` condition cannot be set to null.");
+    this.customSignal = customSignal;
+    return this;
+  }
+
+  OneOfCondition setTrue() {
+    this.trueValue = "true";
+    return this;
+  }
+
+  OneOfCondition setFalse() {
+    this.falseValue = "false";
+    return this;
+  }
+
+  OneOfConditionResponse toOneOfConditionResponse() {
+    OneOfConditionResponse oneOfConditionResponse = new OneOfConditionResponse();
+    if (this.andCondition != null) {
+      oneOfConditionResponse.setAndCondition(this.andCondition.toAndConditionResponse());
+    }
+    if (this.orCondition != null) {
+      oneOfConditionResponse.setOrCondition(this.orCondition.toOrConditionResponse());
+    }
+    if (this.customSignal != null) {
+      oneOfConditionResponse.setCustomSignalCondition(this.customSignal.toCustomConditonResponse());
+    }
+    if (this.percent != null) {
+      oneOfConditionResponse.setPercentCondition(this.percent.toPercentConditionResponse());
+    }
+    return oneOfConditionResponse;
+  }
+}
+
diff --git a/src/main/java/com/google/firebase/remoteconfig/OrCondition.java b/src/main/java/com/google/firebase/remoteconfig/OrCondition.java
new file mode 100644
index 000000000..36a1c682a
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/OrCondition.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.OneOfConditionResponse;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.OrConditionResponse;
+import java.util.List;
+import java.util.stream.Collectors;
+
+final class OrCondition {
+  private final ImmutableList<OneOfCondition> conditions;
+
+  public OrCondition(@NonNull List<OneOfCondition> conditions) {
+    checkNotNull(conditions, "List of conditions for OR operation must not be null.");
+    checkArgument(!conditions.isEmpty(), "List of conditions for OR operation must not be empty.");
+    this.conditions = ImmutableList.copyOf(conditions);
+  }
+
+  OrCondition(OrConditionResponse orConditionResponse) {
+    List<OneOfConditionResponse> conditionList = orConditionResponse.getConditions();
+    checkNotNull(conditionList, "List of conditions for AND operation cannot be null.");
+    checkArgument(!conditionList.isEmpty(), "List of conditions for AND operation cannot be empty");
+    this.conditions = conditionList.stream()
+                                  .map(OneOfCondition::new) 
+                                  .collect(ImmutableList.toImmutableList());
+  }
+
+  @NonNull
+  ImmutableList<OneOfCondition> getConditions() {
+    return conditions;
+  }
+
+  OrConditionResponse toOrConditionResponse() {
+    return new OrConditionResponse()
+                   .setConditions(this.conditions.stream()
+                                                 .map(OneOfCondition::toOneOfConditionResponse)
+                                                 .collect(Collectors.toList()));    
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/PercentCondition.java b/src/main/java/com/google/firebase/remoteconfig/PercentCondition.java
new file mode 100644
index 000000000..c5763200b
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/PercentCondition.java
@@ -0,0 +1,163 @@
+/*
+* Copyright 2025 Google LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.base.Strings;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.PercentConditionResponse;
+
+/** Represents a condition that compares the instance pseudo-random percentile to a given limit. */
+public final class PercentCondition {
+  private int microPercent;
+  private MicroPercentRange microPercentRange;
+  private final PercentConditionOperator percentConditionOperator;
+  private final String seed;
+
+  /**
+  * Create a percent condition for operator BETWEEN.
+  *
+  * @param microPercent The limit of percentiles to target in micro-percents when using the
+  *     LESS_OR_EQUAL and GREATER_THAN operators. The value must be in the range [0 and 100000000].
+  * @param percentConditionOperator The choice of percent operator to determine how to compare
+  *     targets to percent(s).
+  * @param seed The seed used when evaluating the hash function to map an instance to a value in
+  *     the hash space. This is a string which can have 0 - 32 characters and can contain ASCII
+  *     characters [-_.0-9a-zA-Z].The string is case-sensitive.
+  */
+  PercentCondition(
+      @Nullable Integer microPercent,
+      @NonNull PercentConditionOperator percentConditionOperator,
+      @NonNull String seed) {
+    checkNotNull(percentConditionOperator, "Percentage operator must not be null.");
+    checkArgument(!Strings.isNullOrEmpty(seed), "Seed must not be null or empty.");
+    this.microPercent = microPercent != null ? microPercent : 0;
+    this.percentConditionOperator = percentConditionOperator;
+    this.seed = seed;
+  }
+
+  /**
+  * Create a percent condition for operators GREATER_THAN and LESS_OR_EQUAL.
+  *
+  * @param microPercentRange The micro-percent interval to be used with the BETWEEN operator.
+  * @param percentConditionOperator The choice of percent operator to determine how to compare
+  *     targets to percent(s).
+  * @param seed The seed used when evaluating the hash function to map an instance to a value in
+  *     the hash space. This is a string which can have 0 - 32 characters and can contain ASCII
+  *     characters [-_.0-9a-zA-Z].The string is case-sensitive.
+  */
+  PercentCondition(
+      @NonNull MicroPercentRange microPercentRange,
+      @NonNull PercentConditionOperator percentConditionOperator,
+      String seed) {
+    checkNotNull(microPercentRange, "Percent range must not be null.");
+    checkNotNull(percentConditionOperator, "Percentage operator must not be null.");
+    this.microPercentRange = microPercentRange;
+    this.percentConditionOperator = percentConditionOperator;
+    this.seed = seed;
+  }
+
+  /**
+  * Creates a new {@link PercentCondition} from API response.
+  *
+  * @param percentCondition the conditions obtained from server call.
+  */
+  PercentCondition(PercentConditionResponse percentCondition) {
+    checkArgument(
+        !Strings.isNullOrEmpty(percentCondition.getSeed()), "Seed must not be empty or null");
+    this.microPercent = percentCondition.getMicroPercent();
+    this.seed = percentCondition.getSeed();
+    switch (percentCondition.getPercentOperator()) {
+      case "BETWEEN":
+        this.percentConditionOperator = PercentConditionOperator.BETWEEN;
+        break;
+      case "GREATER_THAN":
+        this.percentConditionOperator = PercentConditionOperator.GREATER_THAN;
+        break;
+      case "LESS_OR_EQUAL":
+        this.percentConditionOperator = PercentConditionOperator.LESS_OR_EQUAL;
+        break;
+      default:
+        this.percentConditionOperator = PercentConditionOperator.UNSPECIFIED;
+    }
+    checkArgument(
+        this.percentConditionOperator != PercentConditionOperator.UNSPECIFIED,
+        "Percentage operator is invalid");
+    if (percentCondition.getMicroPercentRange() != null) {
+      this.microPercentRange =
+          new MicroPercentRange(
+              percentCondition.getMicroPercentRange().getMicroPercentLowerBound(),
+              percentCondition.getMicroPercentRange().getMicroPercentUpperBound());
+    }
+  }
+
+  /**
+  * Gets the limit of percentiles to target in micro-percents when using the LESS_OR_EQUAL and
+  * GREATER_THAN operators. The value must be in the range [0 and 100000000].
+  *
+  * @return micro percent.
+  */
+  @Nullable
+  public int getMicroPercent() {
+    return microPercent;
+  }
+
+  /**
+  * Gets micro-percent interval to be used with the BETWEEN operator.
+  *
+  * @return micro percent range.
+  */
+  @Nullable
+  public MicroPercentRange getMicroPercentRange() {
+    return microPercentRange;
+  }
+
+  /**
+  * Gets choice of percent operator to determine how to compare targets to percent(s).
+  *
+  * @return operator.
+  */
+  @NonNull
+  public PercentConditionOperator getPercentConditionOperator() {
+    return percentConditionOperator;
+  }
+
+  /**
+  * The seed used when evaluating the hash function to map an instance to a value in the hash
+  * space. This is a string which can have 0 - 32 characters and can contain ASCII characters
+  * [-_.0-9a-zA-Z].The string is case-sensitive.
+  *
+  * @return seed.
+  */
+  @NonNull
+  public String getSeed() {
+    return seed;
+  }
+
+  PercentConditionResponse toPercentConditionResponse() {
+    PercentConditionResponse percentConditionResponse = new PercentConditionResponse();
+    percentConditionResponse.setMicroPercent(this.microPercent);
+    percentConditionResponse.setMicroPercentRange(
+        this.microPercentRange.toMicroPercentRangeResponse());
+    percentConditionResponse.setPercentOperator(this.percentConditionOperator.getOperator());
+    percentConditionResponse.setSeed(this.seed);
+    return percentConditionResponse;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/PercentConditionOperator.java b/src/main/java/com/google/firebase/remoteconfig/PercentConditionOperator.java
new file mode 100644
index 000000000..478f13e4e
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/PercentConditionOperator.java
@@ -0,0 +1,55 @@
+/*
+* Copyright 2025 Google LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.common.base.Strings;
+import com.google.firebase.internal.NonNull;
+
+/**
+* Defines supported operators for percent conditions.
+*/
+public enum PercentConditionOperator {
+  BETWEEN("BETWEEN"),
+  GREATER_THAN("GREATER_THAN"),
+  LESS_OR_EQUAL("LESS_OR_EQUAL"),
+  UNSPECIFIED("PERCENT_OPERATOR_UNSPECIFIED");
+
+  private final String operator;
+
+  /**
+  * Creates percent condition operator.
+  * 
+  * @param operator The choice of percent operator to determine how to compare targets to
+  *        percent(s).
+  */
+  PercentConditionOperator(@NonNull String operator) {
+    checkArgument(!Strings.isNullOrEmpty(operator), "Operator must not be null or empty.");
+    this.operator = operator;
+  }
+
+  /**
+  * Gets percent condition operator.
+  * 
+  * @return operator.
+  */
+  @NonNull
+  public String getOperator() {
+    return operator;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/ServerCondition.java b/src/main/java/com/google/firebase/remoteconfig/ServerCondition.java
new file mode 100644
index 000000000..f16aeffc8
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ServerCondition.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.base.Strings;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.ServerConditionResponse;
+
+import java.util.Objects;
+
+final class ServerCondition {
+
+  private String name;
+  private OneOfCondition serverCondition;
+
+  ServerCondition(@NonNull String name, @NonNull OneOfCondition condition) {
+    checkArgument(!Strings.isNullOrEmpty(name), "condition name must not be null or empty");
+    this.name = name;
+    this.serverCondition = condition;
+  }
+
+  ServerCondition(@NonNull ServerConditionResponse serverConditionResponse) {
+    checkNotNull(serverConditionResponse);
+    this.name = serverConditionResponse.getName();
+    this.serverCondition = new OneOfCondition(serverConditionResponse.getServerCondition());
+  }
+
+  @NonNull
+  String getName() {
+    return name;
+  }
+
+  @NonNull
+  OneOfCondition getCondition() {
+    return serverCondition;
+  }
+
+  ServerCondition setName(@NonNull String name) {
+    checkArgument(!Strings.isNullOrEmpty(name), "condition name must not be null or empty");
+    this.name = name;
+    return this;
+  }
+
+  ServerCondition setServerCondition(@NonNull OneOfCondition condition) {
+    checkNotNull(condition, "condition must not be null or empty");
+    this.serverCondition = condition;
+    return this;
+  }
+
+  ServerConditionResponse toServerConditionResponse() {
+    return new ServerConditionResponse().setName(this.name)
+        .setServerCondition(this.serverCondition.toOneOfConditionResponse());
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    ServerCondition condition = (ServerCondition) o;
+    return Objects.equals(name, condition.name)
+        && Objects.equals(serverCondition, condition.serverCondition);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(name, serverCondition);
+  }
+}
+
diff --git a/src/main/java/com/google/firebase/remoteconfig/ServerConfig.java b/src/main/java/com/google/firebase/remoteconfig/ServerConfig.java
new file mode 100644
index 000000000..8540578b0
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ServerConfig.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.common.base.Strings;
+import com.google.firebase.internal.NonNull;
+
+import java.util.Map;
+
+/**
+ * Represents the configuration produced by evaluating a server template.
+ */
+public final class ServerConfig {
+  private final Map<String, Value> configValues;
+
+  ServerConfig(Map<String, Value> configValues) {
+    this.configValues = configValues;
+  }
+
+  /**
+   * Gets the value for the given key as a string. Convenience method for calling
+   * serverConfig.getValue(key).asString().
+   * 
+   * @param key The name of the parameter.
+   * @return config value for the given key as string.
+   */
+  @NonNull
+  public String getString(@NonNull String key) {
+    return this.getValue(key).asString();
+  }
+
+  /**
+   * Gets the value for the given key as a boolean.Convenience method for calling
+   * serverConfig.getValue(key).asBoolean().
+   * 
+   * @param key The name of the parameter.
+   * @return config value for the given key as boolean.
+   */
+  @NonNull
+  public boolean getBoolean(@NonNull String key) {
+    return this.getValue(key).asBoolean();
+  }
+
+  /**
+   * Gets the value for the given key as long.Convenience method for calling
+   * serverConfig.getValue(key).asLong().
+   * 
+   * @param key The name of the parameter.
+   * @return config value for the given key as long.
+   */
+  @NonNull
+  public long getLong(@NonNull String key) {
+    return this.getValue(key).asLong();
+  }
+
+  /**
+   * Gets the value for the given key as double.Convenience method for calling
+   * serverConfig.getValue(key).asDouble().
+   * 
+   * @param key The name of the parameter.
+   * @return config value for the given key as double.
+   */
+  @NonNull
+  public double getDouble(@NonNull String key) {
+    return this.getValue(key).asDouble();
+  }
+
+  /**
+   * Gets the {@link ValueSource} for the given key.
+   * 
+   * @param key The name of the parameter.
+   * @return config value source for the given key.
+   */
+  @NonNull
+  public ValueSource getValueSource(@NonNull String key) {
+    return this.getValue(key).getSource();
+  }
+
+  private Value getValue(String key) {
+    checkArgument(!Strings.isNullOrEmpty(key), "Server config key cannot be null or empty.");
+    if (configValues.containsKey(key)) {
+      return configValues.get(key);
+    }
+    return new Value(ValueSource.STATIC);
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/ServerTemplate.java b/src/main/java/com/google/firebase/remoteconfig/ServerTemplate.java
new file mode 100644
index 000000000..bd1a59940
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ServerTemplate.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import com.google.api.core.ApiFuture;
+
+public interface ServerTemplate {
+  public interface Builder {
+
+    Builder defaultConfig(KeysAndValues config);
+
+    Builder cachedTemplate(String templateJson);
+    
+    ServerTemplate build();
+  }
+  /**
+  * Process the template data with a condition evaluator 
+  * based on the provided context. 
+  */
+  ServerConfig evaluate(KeysAndValues context) throws FirebaseRemoteConfigException;
+  /**
+  * Process the template data without context.
+  */
+  ServerConfig evaluate() throws FirebaseRemoteConfigException;
+  /**
+  * Fetches and caches the current active version of the project.
+  */
+  ApiFuture<Void> load() throws FirebaseRemoteConfigException;
+
+  String toJson();
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/ServerTemplateData.java b/src/main/java/com/google/firebase/remoteconfig/ServerTemplateData.java
new file mode 100644
index 000000000..59d51b51a
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ServerTemplateData.java
@@ -0,0 +1,215 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.api.client.json.JsonFactory;
+import com.google.common.base.Strings;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.internal.ApiClientUtils;
+import com.google.firebase.internal.NonNull;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse;
+import com.google.firebase.remoteconfig.internal.TemplateResponse;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+final class ServerTemplateData {
+
+  private String etag;
+  private Map<String, Parameter> parameters;
+  private List<ServerCondition> serverConditions;
+  private Map<String, ParameterGroup> parameterGroups;
+  private Version version;
+
+
+  ServerTemplateData(String etag) {
+    this.parameters = new HashMap<>();
+    this.serverConditions = new ArrayList<>();
+    this.parameterGroups = new HashMap<>();
+    this.etag = etag;
+  }
+
+  ServerTemplateData() {
+    this((String) null);
+  }
+
+  ServerTemplateData(@NonNull ServerTemplateResponse serverTemplateResponse) {
+    checkNotNull(serverTemplateResponse);
+    this.parameters = new HashMap<>();
+    this.serverConditions = new ArrayList<>();
+    this.parameterGroups = new HashMap<>();
+    if (serverTemplateResponse.getParameters() != null) {
+      for (Map.Entry<String, TemplateResponse.ParameterResponse> entry :
+          serverTemplateResponse.getParameters().entrySet()) {
+        this.parameters.put(entry.getKey(), new Parameter(entry.getValue()));
+      }
+    }
+    if (serverTemplateResponse.getServerConditions() != null) {
+      for (ServerTemplateResponse.ServerConditionResponse conditionResponse :
+          serverTemplateResponse.getServerConditions()) {
+        this.serverConditions.add(new ServerCondition(conditionResponse));
+      }
+    }
+    if (serverTemplateResponse.getParameterGroups() != null) {
+      for (Map.Entry<String, TemplateResponse.ParameterGroupResponse> entry :
+          serverTemplateResponse.getParameterGroups().entrySet()) {
+        this.parameterGroups.put(entry.getKey(), new ParameterGroup(entry.getValue()));
+      }
+    }
+    if (serverTemplateResponse.getVersion() != null) {
+      this.version = new Version(serverTemplateResponse.getVersion());
+    }
+    this.etag = serverTemplateResponse.getEtag();
+  }
+
+
+  static ServerTemplateData fromJSON(@NonNull String json)
+      throws FirebaseRemoteConfigException {
+    checkArgument(!Strings.isNullOrEmpty(json), "JSON String must not be null or empty.");
+    // using the default json factory as no rpc calls are made here
+    JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
+    try {
+      ServerTemplateResponse serverTemplateResponse =
+          jsonFactory.createJsonParser(json).parseAndClose(ServerTemplateResponse.class);
+      return new ServerTemplateData(serverTemplateResponse);
+    } catch (IOException e) {
+      throw new FirebaseRemoteConfigException(
+          ErrorCode.INVALID_ARGUMENT, "Unable to parse JSON string.");
+    }
+  }
+
+
+  String getETag() {
+    return this.etag;
+  }
+
+
+  @NonNull
+  public Map<String, Parameter> getParameters() {
+    return this.parameters;
+  }
+
+  @NonNull
+  List<ServerCondition> getServerConditions() {
+    return serverConditions;
+  }
+
+  @NonNull
+  Map<String, ParameterGroup> getParameterGroups() {
+    return parameterGroups;
+  }
+
+  Version getVersion() {
+    return version;
+  }
+
+  ServerTemplateData setParameters(@NonNull Map<String, Parameter> parameters) {
+    checkNotNull(parameters, "parameters must not be null.");
+    this.parameters = parameters;
+    return this;
+  }
+
+
+  ServerTemplateData setServerConditions(@NonNull List<ServerCondition> conditions) {
+    checkNotNull(conditions, "conditions must not be null.");
+    this.serverConditions = conditions;
+    return this;
+  }
+
+  ServerTemplateData setParameterGroups(
+      @NonNull Map<String, ParameterGroup> parameterGroups) {
+    checkNotNull(parameterGroups, "parameter groups must not be null.");
+    this.parameterGroups = parameterGroups;
+    return this;
+  }
+
+  ServerTemplateData setVersion(Version version) {
+    this.version = version;
+    return this;
+  }
+
+  String toJSON() {
+    JsonFactory jsonFactory = ApiClientUtils.getDefaultJsonFactory();
+    try {
+      return jsonFactory.toString(this.toServerTemplateResponse(true));
+    } catch (IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  ServerTemplateData setETag(String etag) {
+    this.etag = etag;
+    return this;
+  }
+
+  ServerTemplateResponse toServerTemplateResponse(boolean includeAll) {
+    Map<String, TemplateResponse.ParameterResponse> parameterResponses = new HashMap<>();
+    for (Map.Entry<String, Parameter> entry : this.parameters.entrySet()) {
+      parameterResponses.put(entry.getKey(), entry.getValue().toParameterResponse());
+    }
+    List<ServerTemplateResponse.ServerConditionResponse> serverConditionResponses =
+        new ArrayList<>();
+    for (ServerCondition condition : this.serverConditions) {
+      serverConditionResponses.add(condition.toServerConditionResponse());
+    }
+    Map<String, TemplateResponse.ParameterGroupResponse> parameterGroupResponse = new HashMap<>();
+    for (Map.Entry<String, ParameterGroup> entry : this.parameterGroups.entrySet()) {
+      parameterGroupResponse.put(entry.getKey(), entry.getValue().toParameterGroupResponse());
+    }
+    TemplateResponse.VersionResponse versionResponse =
+        (this.version == null) ? null : this.version.toVersionResponse(includeAll);
+    ServerTemplateResponse serverTemplateResponse =
+        new ServerTemplateResponse()
+            .setParameters(parameterResponses)
+            .setServerConditions(serverConditionResponses)
+            .setParameterGroups(parameterGroupResponse)
+            .setVersion(versionResponse);
+    if (includeAll) {
+      return serverTemplateResponse.setEtag(this.etag);
+    }
+    return serverTemplateResponse;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
+    ServerTemplateData template = (ServerTemplateData) o;
+    return Objects.equals(etag, template.etag)
+        && Objects.equals(parameters, template.parameters)
+        && Objects.equals(serverConditions, template.serverConditions)
+        && Objects.equals(parameterGroups, template.parameterGroups)
+        && Objects.equals(version, template.version);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(etag, parameters, serverConditions, parameterGroups, version);
+  }
+}
+
diff --git a/src/main/java/com/google/firebase/remoteconfig/ServerTemplateImpl.java b/src/main/java/com/google/firebase/remoteconfig/ServerTemplateImpl.java
new file mode 100644
index 000000000..742c19803
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ServerTemplateImpl.java
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import com.google.api.core.ApiFuture;
+import com.google.api.core.ApiFutures;
+import com.google.common.collect.ImmutableMap;
+import com.google.firebase.ErrorCode;
+import com.google.firebase.internal.Nullable;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ParameterValueResponse;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.atomic.AtomicReference;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public final class ServerTemplateImpl implements ServerTemplate {
+
+  private final KeysAndValues defaultConfig;
+  private FirebaseRemoteConfigClient client;
+  private AtomicReference<ServerTemplateData> cache;
+  private final AtomicReference<String> cachedTemplate; 
+  private static final Logger logger = LoggerFactory.getLogger(ServerTemplate.class);
+
+  public static class Builder implements ServerTemplate.Builder {
+    private KeysAndValues defaultConfig;
+    private String cachedTemplate;
+    private FirebaseRemoteConfigClient client;
+
+    Builder(FirebaseRemoteConfigClient remoteConfigClient) {
+      this.client = remoteConfigClient;
+    }
+
+    @Override
+    public Builder defaultConfig(KeysAndValues config) {
+      this.defaultConfig = config;
+      return this;
+    }
+
+    @Override
+    public Builder cachedTemplate(String templateJson) {
+      this.cachedTemplate = templateJson;
+      return this;
+    }
+
+    @Override
+    public ServerTemplate build() {
+      return new ServerTemplateImpl(this);
+    }
+  }
+
+  private ServerTemplateImpl(Builder builder) {
+    this.defaultConfig = builder.defaultConfig;
+    this.cachedTemplate = new AtomicReference<>(builder.cachedTemplate);
+    this.client = builder.client;
+    this.cache = new AtomicReference<>(null); 
+
+    String initialTemplate = this.cachedTemplate.get();
+    try {
+      this.cache.set(ServerTemplateData.fromJSON(initialTemplate));
+    } catch (FirebaseRemoteConfigException e) {
+      e.printStackTrace();
+    }
+  }
+
+  @Override
+  public ServerConfig evaluate(@Nullable KeysAndValues context)
+      throws FirebaseRemoteConfigException {
+    ServerTemplateData cachedData = this.cache.get();
+    if (cachedData == null) {
+      throw new FirebaseRemoteConfigException(ErrorCode.FAILED_PRECONDITION,
+          "No Remote Config Server template in cache. Call load() before calling evaluate().");
+    }
+
+    Map<String, Value> configValues = new HashMap<>();
+    ImmutableMap<String, String> defaultConfigValues = defaultConfig.keysAndValues;
+    // Initializes configValue objects with default values.
+    for (String configName : defaultConfigValues.keySet()) {
+      configValues.put(configName, new Value(ValueSource.DEFAULT,
+          defaultConfigValues.get(configName)));
+    }
+
+    ConditionEvaluator conditionEvaluator = new ConditionEvaluator();
+    ImmutableMap<String, Boolean> evaluatedCondition = ImmutableMap.copyOf(
+        conditionEvaluator.evaluateConditions(cachedData.getServerConditions(), context));
+    ImmutableMap<String, Parameter> parameters = ImmutableMap.copyOf(cachedData.getParameters());
+    mergeDerivedConfigValues(evaluatedCondition, parameters, configValues);
+
+    return new ServerConfig(configValues);
+  }
+
+  @Override
+  public ServerConfig evaluate() throws FirebaseRemoteConfigException {
+    return evaluate(null);
+  }
+
+  @Override
+  public ApiFuture<Void> load() throws FirebaseRemoteConfigException {
+    String serverTemplate = client.getServerTemplate();
+    this.cachedTemplate.set(serverTemplate);
+    this.cache.set(ServerTemplateData.fromJSON(serverTemplate));
+    return ApiFutures.immediateFuture(null);
+  }
+
+  // Add getters or other methods as needed
+  public KeysAndValues getDefaultConfig() {
+    return defaultConfig;
+  }
+
+  public String getCachedTemplate() {
+    return cachedTemplate.get();
+  }
+
+  @Override
+  public String toJson() {
+    ServerTemplateData currentCache = this.cache.get();
+    if (currentCache == null) {
+      return "{}"; 
+    }
+    return currentCache.toJSON();
+  }
+
+  private void mergeDerivedConfigValues(ImmutableMap<String, Boolean> evaluatedCondition,
+      ImmutableMap<String, Parameter> parameters, Map<String, Value> configValues) {
+    for (String parameterName : parameters.keySet()) {
+      Parameter parameter = parameters.get(parameterName);
+      if (parameter == null) {
+        logger.warn(String.format("Parameter value is not assigned for %s", parameterName));
+        continue;
+      }
+
+      ImmutableMap<String, ParameterValue> conditionalValues = ImmutableMap.copyOf(
+          parameter.getConditionalValues());
+      ParameterValue derivedValue = null;
+
+      // Iterates in order over condition list. If there is a value associated
+      // with a condition, this checks if the condition is true.
+      for (String conditionName : evaluatedCondition.keySet()) {
+        boolean conditionEvaluation = evaluatedCondition.get(conditionName);
+        if (conditionalValues.containsKey(conditionName) && conditionEvaluation) {
+          derivedValue = conditionalValues.get(conditionName);
+          break;
+        }
+      }
+
+      if (derivedValue != null && derivedValue.toParameterValueResponse().isUseInAppDefault()) {
+        logger.warn(
+            String.format("Derived value found for %s but parameter is set to use in app default.",
+                parameterName));
+        continue;
+      }
+
+      if (derivedValue != null) {
+        String parameterValue = derivedValue.toParameterValueResponse().getValue();
+        Value value = new Value(ValueSource.REMOTE, parameterValue);
+        configValues.put(parameterName, value);
+        continue;
+      }
+
+      ParameterValue defaultValue = parameter.getDefaultValue();
+      if (defaultValue == null) {
+        logger.warn(String.format("Default parameter value for %s is not set.",
+            parameterName));
+        continue;
+      }
+
+      ParameterValueResponse defaultValueResponse = defaultValue.toParameterValueResponse();
+      if (defaultValueResponse != null && defaultValueResponse.isUseInAppDefault()) {
+        logger.info(String.format("Default value for %s is set to use in app default.",
+            parameterName));
+        continue;
+      }
+
+      String parameterDefaultValue = defaultValue.toParameterValueResponse().getValue();
+      Value value = new Value(ValueSource.REMOTE, parameterDefaultValue);
+      configValues.put(parameterName, value);
+    }
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/Value.java b/src/main/java/com/google/firebase/remoteconfig/Value.java
new file mode 100644
index 000000000..7935e8491
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/Value.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.internal.NonNull;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Wraps a parameter value with metadata and type-safe getters. Type-safe
+ * getters insulate application logic from remote changes to parameter names and
+ * types.
+ */
+class Value {
+  private static final Logger logger = LoggerFactory.getLogger(Value.class);
+  private static final boolean DEFAULT_VALUE_FOR_BOOLEAN = false;
+  private static final String DEFAULT_VALUE_FOR_STRING = "";
+  private static final long DEFAULT_VALUE_FOR_LONG = 0;
+  private static final double DEFAULT_VALUE_FOR_DOUBLE = 0;
+  private static final ImmutableList<String> BOOLEAN_TRUTHY_VALUES = ImmutableList.of("1", "true",
+      "t", "yes", "y", "on");
+
+  private final ValueSource source;
+  private final String value;
+
+  /**
+   * Creates a new {@link Value} object.
+   * 
+   * @param source Indicates the source of a value.
+   * @param value  Indicates a parameter value.
+   */
+  Value(@NonNull ValueSource source, String value) {
+    checkNotNull(source, "Value source cannot be null.");
+    this.source = source;
+    this.value = value;
+  }
+
+  /**
+   * Creates a new {@link Value} object with default value.
+   * 
+   * @param source Indicates the source of a value.
+   */
+  Value(@NonNull ValueSource source) {
+    this(source, DEFAULT_VALUE_FOR_STRING);
+  }
+
+  /**
+   * Gets the value as a string.
+   * 
+   * @return value as string
+   */
+  @NonNull
+  String asString() {
+    return this.value;
+  }
+
+  /**
+   * Gets the value as a boolean.The following values (case
+   * insensitive) are interpreted as true: "1", "true", "t", "yes", "y", "on".
+   * Other values are interpreted as false.
+   * 
+   * @return value as boolean
+   */
+  @NonNull
+  boolean asBoolean() {
+    if (source == ValueSource.STATIC) {
+      return DEFAULT_VALUE_FOR_BOOLEAN;
+    }
+    return BOOLEAN_TRUTHY_VALUES.contains(value.toLowerCase());
+  }
+
+  /**
+   * Gets the value as long. Comparable to calling Number(value) || 0.
+   * 
+   * @return value as long
+   */
+  @NonNull
+  long asLong() {
+    if (source == ValueSource.STATIC) {
+      return DEFAULT_VALUE_FOR_LONG;
+    }
+    try {
+      return Long.parseLong(value);
+    } catch (NumberFormatException e) {
+      logger.warn("Unable to convert {} to long type.", value);
+      return DEFAULT_VALUE_FOR_LONG;
+    }
+  }
+
+  /**
+   * Gets the value as double. Comparable to calling Number(value) || 0.
+   * 
+   * @return value as double
+   */
+  @NonNull
+  double asDouble() {
+    if (source == ValueSource.STATIC) {
+      return DEFAULT_VALUE_FOR_DOUBLE;
+    }
+    try {
+      return Double.parseDouble(this.value);
+    } catch (NumberFormatException e) {
+      logger.warn("Unable to convert {} to double type.", value);
+      return DEFAULT_VALUE_FOR_DOUBLE;
+    }
+  }
+
+  /**
+   * Gets the {@link ValueSource} for the given key.
+   * 
+   * @return source.
+   */
+  @NonNull
+  ValueSource getSource() {
+    return source;
+  }
+}
diff --git a/src/main/java/com/google/firebase/remoteconfig/ValueSource.java b/src/main/java/com/google/firebase/remoteconfig/ValueSource.java
new file mode 100644
index 000000000..c870e8514
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/ValueSource.java
@@ -0,0 +1,31 @@
+
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+/**
+ * Indicates the source of a value.
+ * "static" indicates the value was defined by a static constant.
+ * "default" indicates the value was defined by default config.
+ * "remote" indicates the value was defined by config produced by evaluating a template.
+ */
+public enum ValueSource {
+  STATIC,
+  REMOTE,
+  DEFAULT
+}
+
diff --git a/src/main/java/com/google/firebase/remoteconfig/internal/ServerTemplateResponse.java b/src/main/java/com/google/firebase/remoteconfig/internal/ServerTemplateResponse.java
new file mode 100644
index 000000000..db3785afe
--- /dev/null
+++ b/src/main/java/com/google/firebase/remoteconfig/internal/ServerTemplateResponse.java
@@ -0,0 +1,322 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig.internal;
+
+import com.google.api.client.util.Key;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ParameterGroupResponse;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.ParameterResponse;
+import com.google.firebase.remoteconfig.internal.TemplateResponse.VersionResponse;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * The Data Transfer Object for parsing Remote Config template responses from
+ * the Remote Config
+ * service.
+ */
+public final class ServerTemplateResponse {
+  @Key("parameters")
+  private Map<String, ParameterResponse> parameters;
+
+  @Key("conditions")
+  private List<ServerConditionResponse> serverConditions;
+
+  @Key("parameterGroups")
+  private Map<String, ParameterGroupResponse> parameterGroups;
+
+  @Key("version")
+  private VersionResponse version;
+
+  // For local JSON serialization and deserialization purposes only.
+  // ETag in response type is never set by the HTTP response.
+  @Key("etag")
+  private String etag;
+
+  public Map<String, ParameterResponse> getParameters() {
+    return parameters;
+  }
+
+  public List<ServerConditionResponse> getServerConditions() {
+    return serverConditions;
+  }
+
+  public Map<String, ParameterGroupResponse> getParameterGroups() {
+    return parameterGroups;
+  }
+
+  public VersionResponse getVersion() {
+    return version;
+  }
+
+  public String getEtag() {
+    return etag;
+  }
+
+  public ServerTemplateResponse setParameters(Map<String, ParameterResponse> parameters) {
+    this.parameters = parameters;
+    return this;
+  }
+
+  public ServerTemplateResponse setServerConditions(
+      List<ServerConditionResponse> serverConditions) {
+    this.serverConditions = serverConditions;
+    return this;
+  }
+
+  public ServerTemplateResponse setParameterGroups(
+      Map<String, ParameterGroupResponse> parameterGroups) {
+    this.parameterGroups = parameterGroups;
+    return this;
+  }
+
+  public ServerTemplateResponse setVersion(VersionResponse version) {
+    this.version = version;
+    return this;
+  }
+
+  public ServerTemplateResponse setEtag(String etag) {
+    this.etag = etag;
+    return this;
+  }
+
+  /**
+   * The Data Transfer Object for parsing Remote Config condition responses from
+   * the Remote Config
+   * service.
+   */
+  public static final class ServerConditionResponse {
+
+    @Key("name")
+    private String name;
+
+    @Key("condition")
+    private OneOfConditionResponse condition;
+
+    public String getName() {
+      return name;
+    }
+
+    public OneOfConditionResponse getServerCondition() {
+      return condition;
+    }
+
+    public ServerConditionResponse setName(String name) {
+      this.name = name;
+      return this;
+    }
+
+    public ServerConditionResponse setServerCondition(OneOfConditionResponse condition) {
+      this.condition = condition;
+      return this;
+    }
+  }
+
+  public static final class OneOfConditionResponse {
+    @Key("orCondition")
+    private OrConditionResponse orCondition;
+
+    @Key("andCondition")
+    private AndConditionResponse andCondition;
+
+    @Key("customSignal")
+    private CustomSignalConditionResponse customSignalCondition;
+
+    @Key("percent")
+    private PercentConditionResponse percentCondition;
+
+    public OrConditionResponse getOrCondition() {
+      return orCondition;
+    }
+
+    public AndConditionResponse getAndCondition() {
+      return andCondition;
+    }
+
+    public PercentConditionResponse getPercentCondition() {
+      return percentCondition;
+    }
+
+    public CustomSignalConditionResponse getCustomSignalCondition() {
+      return customSignalCondition;
+    }
+
+    public OneOfConditionResponse setOrCondition(OrConditionResponse orCondition) {
+      this.orCondition = orCondition;
+      return this;
+    }
+
+    public OneOfConditionResponse setAndCondition(AndConditionResponse andCondition) {
+      this.andCondition = andCondition;
+      return this;
+    }
+
+    public OneOfConditionResponse setCustomSignalCondition(
+        CustomSignalConditionResponse customSignalCondition) {
+      this.customSignalCondition = customSignalCondition;
+      return this;
+    }
+
+    public OneOfConditionResponse setPercentCondition(PercentConditionResponse percentCondition) {
+      this.percentCondition = percentCondition;
+      return this;
+    }
+  }
+
+  public static final class OrConditionResponse {
+    @Key("conditions")
+    private List<OneOfConditionResponse> conditions;
+
+    public List<OneOfConditionResponse> getConditions() {
+      return conditions;
+    }
+
+    public OrConditionResponse setConditions(List<OneOfConditionResponse> conditions) {
+      this.conditions = conditions;
+      return this;
+    }
+  }
+
+  public static final class AndConditionResponse {
+    @Key("conditions")
+    private List<OneOfConditionResponse> conditions;
+
+    public List<OneOfConditionResponse> getConditions() {
+      return conditions;
+    }
+
+    public AndConditionResponse setConditions(List<OneOfConditionResponse> conditions) {
+      this.conditions = conditions;
+      return this;
+    }
+  }
+
+  public static final class CustomSignalConditionResponse {
+    @Key("customSignalOperator")
+    private String operator;
+
+    @Key("customSignalKey")
+    private String key;
+
+    @Key("targetCustomSignalValues")
+    private List<String> targetValues;
+
+    public String getOperator() {
+      return operator;
+    }
+
+    public String getKey() {
+      return key;
+    }
+
+    public List<String> getTargetValues() {
+      return targetValues;
+    }
+
+    public CustomSignalConditionResponse setOperator(String operator) {
+      this.operator = operator;
+      return this;
+    }
+
+    public CustomSignalConditionResponse setKey(String key) {
+      this.key = key;
+      return this;
+    }
+
+    public CustomSignalConditionResponse setTargetValues(List<String> targetValues) {
+      this.targetValues = targetValues;
+      return this;
+    }
+  }
+
+  public static final class PercentConditionResponse {
+    @Key("microPercent")
+    private int microPercent;
+
+    @Key("microPercentRange")
+    private MicroPercentRangeResponse microPercentRange;
+
+    @Key("percentOperator")
+    private String percentOperator;
+
+    @Key("seed")
+    private String seed;
+
+    public int getMicroPercent() {
+      return microPercent;
+    }
+
+    public MicroPercentRangeResponse getMicroPercentRange() {
+      return microPercentRange;
+    }
+
+    public String getPercentOperator() {
+      return percentOperator;
+    }
+
+    public String getSeed() {
+      return seed;
+    }
+
+    public PercentConditionResponse setMicroPercent(int microPercent) {
+      this.microPercent = microPercent;
+      return this;
+    }
+
+    public PercentConditionResponse setMicroPercentRange(
+        MicroPercentRangeResponse microPercentRange) {
+      this.microPercentRange = microPercentRange;
+      return this;
+    }
+
+    public PercentConditionResponse setPercentOperator(String percentOperator) {
+      this.percentOperator = percentOperator;
+      return this;
+    }
+
+    public PercentConditionResponse setSeed(String seed) {
+      this.seed = seed;
+      return this;
+    }
+  }
+
+  public static final class MicroPercentRangeResponse {
+    @Key("microPercentLowerBound")
+    private int microPercentLowerBound;
+
+    @Key("microPercentUpperBound")
+    private int microPercentUpperBound;
+
+    public int getMicroPercentLowerBound() {
+      return microPercentLowerBound;
+    }
+
+    public int getMicroPercentUpperBound() {
+      return microPercentUpperBound;
+    }
+
+    public MicroPercentRangeResponse setMicroPercentLowerBound(int microPercentLowerBound) {
+      this.microPercentLowerBound = microPercentLowerBound;
+      return this;
+    }
+
+    public MicroPercentRangeResponse setMicroPercentUpperBound(int microPercentUpperBound) {
+      this.microPercentUpperBound = microPercentUpperBound;
+      return this;
+    }
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/ConditionEvaluatorTest.java b/src/test/java/com/google/firebase/remoteconfig/ConditionEvaluatorTest.java
new file mode 100644
index 000000000..0cd6e4528
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/ConditionEvaluatorTest.java
@@ -0,0 +1,832 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+
+import com.google.common.collect.ImmutableList;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.UUID;
+
+import org.junit.Test;
+
+public class ConditionEvaluatorTest {
+
+  private final ConditionEvaluator conditionEvaluator = new ConditionEvaluator();
+
+  @Test
+  public void testEvaluateConditionsEmptyOrConditionThrowsException() {
+    IllegalArgumentException error = assertThrows(IllegalArgumentException.class,
+        () -> createOneOfOrCondition(null));
+    assertEquals("List of conditions for OR operation must not be empty.", error.getMessage());
+  }
+
+  @Test
+  public void testEvaluateConditionsEmptyOrAndConditionThrowsException() {
+    IllegalArgumentException error = assertThrows(IllegalArgumentException.class,
+        () -> createOneOfAndCondition(null));
+    assertEquals("List of conditions for AND operation must not be empty.", error.getMessage());
+  }
+
+  @Test
+  public void testEvaluateConditionsOrAndTrueToTrue() {
+    OneOfCondition oneOfConditionTrue = createOneOfTrueCondition();
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionTrue);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues context = new KeysAndValues.Builder().build();
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        context);
+
+    assertTrue(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluateConditionsOrAndFalseToFalse() {
+    OneOfCondition oneOfConditionFalse = createOneOfFalseCondition();
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionFalse);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues context = new KeysAndValues.Builder().build();
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        context);
+
+    assertFalse(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluateConditionsNonOrTopConditionToTrue() {
+    OneOfCondition oneOfConditionTrue = createOneOfTrueCondition();
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionTrue);
+    KeysAndValues context = new KeysAndValues.Builder().build();
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        context);
+
+    assertTrue(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluateConditionsPercentConditionWithInvalidOperatorToFalse() {
+    OneOfCondition oneOfConditionPercent = createPercentCondition(0,
+        PercentConditionOperator.UNSPECIFIED, "seed");
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionPercent);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "abc");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluateConditionsPercentConditionLessOrEqualMaxToTrue() {
+    OneOfCondition oneOfConditionPercent = createPercentCondition(10_000_0000,
+        PercentConditionOperator.LESS_OR_EQUAL, "seed");
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionPercent);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "123");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluateConditionsPercentConditionLessOrEqualMinToFalse() {
+    OneOfCondition oneOfConditionPercent = createPercentCondition(0,
+        PercentConditionOperator.LESS_OR_EQUAL, "seed");
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionPercent);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "123");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluateConditionsPercentConditionUndefinedMicroPercentToFalse() {
+    OneOfCondition oneOfConditionPercent = createPercentCondition(null,
+        PercentConditionOperator.LESS_OR_EQUAL, "seed");
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionPercent);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "123");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluateConditionsUseZeroForUndefinedPercentRange() {
+    OneOfCondition oneOfConditionPercent = createBetweenPercentCondition(null, null, "seed");
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionPercent);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "123");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluateConditionsUseZeroForUndefinedUpperBound() {
+    OneOfCondition oneOfConditionPercent = createBetweenPercentCondition(0, null, "seed");
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionPercent);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "123");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluateConditionsUseZeroForUndefinedLowerBound() {
+    OneOfCondition oneOfConditionPercent = createBetweenPercentCondition(null, 10_000_0000, "seed");
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionPercent);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "123");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluatedConditionsGreaterThanMinToTrue() {
+    OneOfCondition oneOfConditionPercent = createPercentCondition(0,
+        PercentConditionOperator.GREATER_THAN, "seed");
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionPercent);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "123");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluatedConditionsGreaterThanMaxToFalse() {
+    OneOfCondition oneOfConditionPercent = createPercentCondition(10_000_0000,
+        PercentConditionOperator.GREATER_THAN, "seed");
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionPercent);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "123");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluatedConditionsBetweenMinAndMaxToTrue() {
+    OneOfCondition oneOfConditionPercent = createBetweenPercentCondition(0, 10_000_0000, "seed");
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionPercent);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "123");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluatedConditionsBetweenEqualBoundsToFalse() {
+    OneOfCondition oneOfConditionPercent = createBetweenPercentCondition(5_000_000,
+        5_000_000, "seed");
+    OneOfCondition oneOfConditionAnd = createOneOfAndCondition(oneOfConditionPercent);
+    OneOfCondition oneOfConditionOr = createOneOfOrCondition(oneOfConditionAnd);
+    ServerCondition condition = new ServerCondition("is_enabled", oneOfConditionOr);
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("randomizationId", "123");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("is_enabled"));
+  }
+
+  @Test
+  public void testEvaluateConditionsLessOrEqualToApprox() {
+    OneOfCondition oneOfConditionPerCondition = createPercentCondition(10_000_000,
+        PercentConditionOperator.LESS_OR_EQUAL, "seed");
+    // 284 is 3 standard deviations for 100k trials with 10% probability.
+    int tolerance = 284;
+
+    int truthyAssignments = evaluateRandomAssignments(oneOfConditionPerCondition, 100000);
+
+    // Evaluate less than or equal 10% to approx 10%
+    assertTrue(truthyAssignments >= 10_000 - tolerance);
+    assertTrue(truthyAssignments <= 10_000 + tolerance);
+  }
+
+  @Test
+  public void testEvaluateConditionsBetweenApproximateToTrue() {
+    // Micropercent range is 40% to 60%.
+    OneOfCondition oneOfConditionPerCondition = createBetweenPercentCondition(40_000_000,
+        60_000_000, "seed");
+    // 379 is 3 standard deviations for 100k trials with 20% probability.
+    int tolerance = 379;
+
+    int truthyAssignments = evaluateRandomAssignments(oneOfConditionPerCondition, 100000);
+
+    // Evaluate between 40% to 60% to approx 20%
+    assertTrue(truthyAssignments >= 20_000 - tolerance);
+    assertTrue(truthyAssignments <= 20_000 + tolerance);
+  }
+
+  @Test
+  public void testEvaluateConditionsInterquartileToFiftyPercent() {
+    // Micropercent range is 25% to 75%.
+    OneOfCondition oneOfConditionPerCondition = createBetweenPercentCondition(25_000_000,
+        75_000_000, "seed");
+    // 474 is 3 standard deviations for 100k trials with 50% probability.
+    int tolerance = 474;
+
+    int truthyAssignments = evaluateRandomAssignments(oneOfConditionPerCondition, 100000);
+
+    // Evaluate between 25% to 75 to approx 50%
+    assertTrue(truthyAssignments >= 50_000 - tolerance);
+    assertTrue(truthyAssignments <= 50_000 + tolerance);
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericLessThanToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_LESS_THAN, ImmutableList.of("-50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "-50.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericLessThanToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_LESS_THAN, ImmutableList.of("-50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "-50.01");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalInvalidValueNumericOperationToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_LESS_THAN, ImmutableList.of("non-numeric"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "-50.01");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericLessEqualToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_LESS_EQUAL, ImmutableList.of("-50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "-50.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericLessEqualToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_LESS_EQUAL, ImmutableList.of("-50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "-49.9");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericEqualsToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_EQUAL, ImmutableList.of("50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericEqualsToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_EQUAL, ImmutableList.of("50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.000001");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericNotEqualsToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_NOT_EQUAL, ImmutableList.of("50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericNotEqualsToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_NOT_EQUAL, ImmutableList.of("50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.000001");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericGreaterEqualToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_GREATER_EQUAL, ImmutableList.of("-50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "-50.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericGreaterEqualToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_GREATER_EQUAL, ImmutableList.of("-50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "-50.01");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericgreaterThanToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_GREATER_THAN, ImmutableList.of("-50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "-50.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalNumericGreaterThanToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.NUMERIC_GREATER_THAN, ImmutableList.of("-50.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "-49.09");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalStringContainsToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.STRING_CONTAINS, ImmutableList.of("One", "hundred"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "Two hundred");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalStringContainsToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.STRING_CONTAINS, ImmutableList.of("One", "hundred"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "Two hudred");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalStringDoesNotContainToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.STRING_DOES_NOT_CONTAIN, ImmutableList.of("One", "hundred"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "Two hudred");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalStringDoesNotContainToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.STRING_DOES_NOT_CONTAIN, ImmutableList.of("One", "hundred"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "Two hundred");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalStringExactlyMatchesToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.STRING_EXACTLY_MATCHES, ImmutableList.of("hundred"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "hundred");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalStringExactlyMatchesToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.STRING_EXACTLY_MATCHES, ImmutableList.of("hundred"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "Two hundred");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalStringContainsRegexToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.STRING_CONTAINS_REGEX, ImmutableList.of(".*hund.*"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "hundred");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalStringContainsRegexToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.STRING_CONTAINS_REGEX, ImmutableList.of("$hund.*"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "Two ahundred");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionsCustomSignalStringContainsInvalidRegexToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.STRING_CONTAINS_REGEX, ImmutableList.of("abc)"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "Two ahundred");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticLessThanToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_LESS_THAN, ImmutableList.of("50.0.20"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.2.0.1");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticLessThanToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_LESS_THAN, ImmutableList.of("50.0.20"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.20.0.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticLessThanInvalidVersionToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_LESS_THAN, ImmutableList.of("50.0.-20"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.2.0.1");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticLessEqualToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_LESS_EQUAL, ImmutableList.of("50.0.20.0.0"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.20.0.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticLessEqualToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_LESS_EQUAL, ImmutableList.of("50.0.2"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.2.1.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticGreaterThanToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_GREATER_THAN, ImmutableList.of("50.0.2"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.20.0.1");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticGreaterThanToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_GREATER_THAN, ImmutableList.of("50.0.20"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.20.0.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticGreaterEqualToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_GREATER_EQUAL, ImmutableList.of("50.0.20"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.20.0.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticGreaterEqualToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_GREATER_EQUAL, ImmutableList.of("50.0.20.1"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.20.0.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticEqualToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_EQUAL, ImmutableList.of("50.0.20"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.20.0.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticEqualToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_EQUAL, ImmutableList.of("50.0.20.1"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.20.0.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticNotEqualToTrue() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_NOT_EQUAL, ImmutableList.of("50.0.20.1"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.20.0.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertTrue(result.get("signal_key"));
+  }
+
+  @Test
+  public void testEvaluateConditionCustomSignalSemanticNotEqualToFalse() {
+    ServerCondition condition = createCustomSignalServerCondition(
+        CustomSignalOperator.SEMANTIC_VERSION_NOT_EQUAL, ImmutableList.of("50.0.20"));
+    KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+    contextBuilder.put("signal_key", "50.0.20.0.0");
+
+    Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+        contextBuilder.build());
+
+    assertFalse(result.get("signal_key"));
+  }
+
+  private ServerCondition createCustomSignalServerCondition(
+      CustomSignalOperator operator,
+      ImmutableList<String> targetCustomSignalValues) {
+    CustomSignalCondition condition = new CustomSignalCondition("signal_key", operator,
+        targetCustomSignalValues);
+    OneOfCondition oneOfConditionCustomSignal = new OneOfCondition();
+    oneOfConditionCustomSignal.setCustomSignal(condition);
+    return new ServerCondition("signal_key", oneOfConditionCustomSignal);
+  }
+
+  private int evaluateRandomAssignments(OneOfCondition percentCondition, int numOfAssignments) {
+    int evalTrueCount = 0;
+    ServerCondition condition = new ServerCondition("is_enabled", percentCondition);
+    for (int i = 0; i < numOfAssignments; i++) {
+      UUID randomizationId = UUID.randomUUID();
+      KeysAndValues.Builder contextBuilder = new KeysAndValues.Builder();
+      contextBuilder.put("randomizationId", randomizationId.toString());
+
+      Map<String, Boolean> result = conditionEvaluator.evaluateConditions(Arrays.asList(condition),
+          contextBuilder.build());
+
+      if (result.get("is_enabled")) {
+        evalTrueCount++;
+      }
+    }
+    return evalTrueCount;
+  }
+
+  private OneOfCondition createPercentCondition(Integer microPercent,
+      PercentConditionOperator operator, String seed) {
+    PercentCondition percentCondition = new PercentCondition(microPercent, operator, seed);
+    OneOfCondition oneOfCondition = new OneOfCondition();
+    oneOfCondition.setPercent(percentCondition);
+    return oneOfCondition;
+  }
+
+  private OneOfCondition createBetweenPercentCondition(Integer lowerBound, Integer upperBound,
+      String seed) {
+    MicroPercentRange microPercentRange = new MicroPercentRange(lowerBound, upperBound);
+    PercentCondition percentCondition = new PercentCondition(microPercentRange,
+        PercentConditionOperator.BETWEEN, seed);
+    OneOfCondition oneOfCondition = new OneOfCondition();
+    oneOfCondition.setPercent(percentCondition);
+    return oneOfCondition;
+  }
+
+  private OneOfCondition createOneOfOrCondition(OneOfCondition condition) {
+    OrCondition orCondition = condition != null ? new OrCondition(ImmutableList.of(condition))
+        : new OrCondition(ImmutableList.of());
+    OneOfCondition oneOfCondition = new OneOfCondition();
+    oneOfCondition.setOrCondition(orCondition);
+    return oneOfCondition;
+  }
+
+  private OneOfCondition createOneOfAndCondition(OneOfCondition condition) {
+    AndCondition andCondition = condition != null ? new AndCondition(ImmutableList.of(condition))
+        : new AndCondition(ImmutableList.of());
+    OneOfCondition oneOfCondition = new OneOfCondition();
+    oneOfCondition.setAndCondition(andCondition);
+    return oneOfCondition;
+  }
+
+  private OneOfCondition createOneOfTrueCondition() {
+    OneOfCondition oneOfCondition = new OneOfCondition();
+    oneOfCondition.setTrue();
+    return oneOfCondition;
+  }
+
+  private OneOfCondition createOneOfFalseCondition() {
+    OneOfCondition oneOfCondition = new OneOfCondition();
+    oneOfCondition.setFalse();
+    return oneOfCondition;
+  }
+}
\ No newline at end of file
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
index edc52a19d..78a5c276a 100644
--- a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigClientImplTest.java
@@ -25,7 +25,6 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import com.google.api.client.googleapis.util.Utils;
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpHeaders;
 import com.google.api.client.http.HttpMethods;
@@ -48,82 +47,165 @@
 import com.google.firebase.remoteconfig.internal.TemplateResponse;
 import com.google.firebase.testing.TestResponseInterceptor;
 import com.google.firebase.testing.TestUtils;
-
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.net.URLDecoder;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
 import org.junit.Before;
 import org.junit.Test;
 
 public class FirebaseRemoteConfigClientImplTest {
 
   private static final String TEST_REMOTE_CONFIG_URL =
-          "https://firebaseremoteconfig.googleapis.com/v1/projects/test-project/remoteConfig";
+      "https://firebaseremoteconfig.googleapis.com/v1/projects/test-project/remoteConfig";
+  private static final String TEST_SERVER_REMOTE_CONFIG_URL =
+      "https://firebaseremoteconfig.googleapis.com/v1/projects/test-project/namespaces/firebase-server/serverRemoteConfig";
 
   private static final List<Integer> HTTP_STATUS_CODES = ImmutableList.of(401, 404, 500);
 
-  private static final Map<Integer, ErrorCode> HTTP_STATUS_TO_ERROR_CODE = ImmutableMap.of(
+  private static final Map<Integer, ErrorCode> HTTP_STATUS_TO_ERROR_CODE =
+      ImmutableMap.of(
           401, ErrorCode.UNAUTHENTICATED,
           404, ErrorCode.NOT_FOUND,
           500, ErrorCode.INTERNAL);
 
-  private static final String MOCK_TEMPLATE_RESPONSE = TestUtils
-          .loadResource("getRemoteConfig.json");
+  private static final String MOCK_TEMPLATE_RESPONSE =
+      TestUtils.loadResource("getRemoteConfig.json");
+
+  private static final String MOCK_SERVER_TEMPLATE_RESPONSE =
+      TestUtils.loadResource("getServerRemoteConfig.json");
 
-  private static final String MOCK_LIST_VERSIONS_RESPONSE = TestUtils
-          .loadResource("listRemoteConfigVersions.json");
+  private static final String MOCK_LIST_VERSIONS_RESPONSE =
+      TestUtils.loadResource("listRemoteConfigVersions.json");
 
   private static final String TEST_ETAG = "etag-123456789012-1";
 
-  private static final Map<String, Parameter> EXPECTED_PARAMETERS = ImmutableMap.of(
-          "welcome_message_text", new Parameter()
-                  .setDefaultValue(ParameterValue.of("welcome to app"))
-                  .setConditionalValues(ImmutableMap.<String, ParameterValue>of(
-                          "ios_en", ParameterValue.of("welcome to app en")
-                  ))
-                  .setDescription("text for welcome message!")
-                  .setValueType(ParameterValueType.STRING),
-          "header_text", new Parameter()
-                  .setDefaultValue(ParameterValue.inAppDefault())
-                  .setValueType(ParameterValueType.STRING)
-  );
-
-  private static final Map<String, ParameterGroup> EXPECTED_PARAMETER_GROUPS = ImmutableMap.of(
-          "new menu", new ParameterGroup()
-                  .setDescription("New Menu")
-                  .setParameters(ImmutableMap.of(
-                          "pumpkin_spice_season", new Parameter()
-                                  .setDefaultValue(ParameterValue.of("true"))
-                                  .setDescription("Whether it's currently pumpkin spice season.")
-                                  .setValueType(ParameterValueType.BOOLEAN)
-                          )
-                  )
-  );
-
-  private static final List<Condition> EXPECTED_CONDITIONS = ImmutableList.of(
+  private static final Map<String, Parameter> EXPECTED_PARAMETERS =
+      ImmutableMap.of(
+          "welcome_message_text",
+          new Parameter()
+              .setDefaultValue(ParameterValue.of("welcome to app"))
+              .setConditionalValues(
+                  ImmutableMap.<String, ParameterValue>of(
+                      "ios_en", ParameterValue.of("welcome to app en")))
+              .setDescription("text for welcome message!")
+              .setValueType(ParameterValueType.STRING),
+          "header_text",
+          new Parameter()
+              .setDefaultValue(ParameterValue.inAppDefault())
+              .setValueType(ParameterValueType.STRING));
+
+  private static final Map<String, ParameterGroup> EXPECTED_PARAMETER_GROUPS =
+      ImmutableMap.of(
+          "new menu",
+          new ParameterGroup()
+              .setDescription("New Menu")
+              .setParameters(
+                  ImmutableMap.of(
+                      "pumpkin_spice_season",
+                      new Parameter()
+                          .setDefaultValue(ParameterValue.of("true"))
+                          .setDescription("Whether it's currently pumpkin spice season.")
+                          .setValueType(ParameterValueType.BOOLEAN))));
+
+  private static final List<Condition> EXPECTED_CONDITIONS =
+      ImmutableList.of(
           new Condition("ios_en", "device.os == 'ios' && device.country in ['us', 'uk']")
-                  .setTagColor(TagColor.INDIGO),
-          new Condition("android_en",
-                  "device.os == 'android' && device.country in ['us', 'uk']")
-  );
-
-  private static final Version EXPECTED_VERSION = new Version(new TemplateResponse.VersionResponse()
-          .setVersionNumber("17")
-          .setUpdateOrigin("ADMIN_SDK_NODE")
-          .setUpdateType("INCREMENTAL_UPDATE")
-          .setUpdateUser(new TemplateResponse.UserResponse()
-                  .setEmail("firebase-user@account.com")
-                  .setName("dev-admin")
-                  .setImageUrl("http://image.jpg"))
-          .setUpdateTime("2020-11-15T06:57:26.342763941Z")
-          .setDescription("promo config")
-  );
-
-  private static final Template EXPECTED_TEMPLATE = new Template()
+              .setTagColor(TagColor.INDIGO),
+          new Condition("android_en", "device.os == 'android' && device.country in ['us', 'uk']"));
+
+  private static final List<ServerCondition> EXPECTED_SERVER_CONDITIONS =
+      ImmutableList.of(
+          new ServerCondition("custom_signal", null)
+              .setServerCondition(
+                  new OneOfCondition()
+                      .setOrCondition(
+                          new OrCondition(
+                              ImmutableList.of(
+                                  new OneOfCondition()
+                                      .setAndCondition(
+                                          new AndCondition(
+                                              ImmutableList.of(
+                                                  new OneOfCondition()
+                                                      .setCustomSignal(
+                                                          new CustomSignalCondition(
+                                                              "users",
+                                                              CustomSignalOperator
+                                                                  .NUMERIC_LESS_THAN,
+                                                              new ArrayList<>(
+                                                                  ImmutableList.of("100"))))))))))),
+          new ServerCondition("percent", null)
+              .setServerCondition(
+                  new OneOfCondition()
+                      .setOrCondition(
+                          new OrCondition(
+                              ImmutableList.of(
+                                  new OneOfCondition()
+                                      .setAndCondition(
+                                          new AndCondition(
+                                              ImmutableList.of(
+                                                  new OneOfCondition()
+                                                      .setPercent(
+                                                          new PercentCondition(
+                                                              new MicroPercentRange(
+                                                                  12000000, 100000000),
+                                                              PercentConditionOperator.BETWEEN,
+                                                              "3maarirs9xzs"))))))))),
+          new ServerCondition("chained_conditions", null)
+              .setServerCondition(
+                  new OneOfCondition()
+                      .setOrCondition(
+                          new OrCondition(
+                              ImmutableList.of(
+                                  new OneOfCondition()
+                                      .setAndCondition(
+                                          new AndCondition(
+                                              ImmutableList.of(
+                                                  new OneOfCondition()
+                                                      .setCustomSignal(
+                                                          new CustomSignalCondition(
+                                                              "users",
+                                                              CustomSignalOperator
+                                                                  .NUMERIC_LESS_THAN,
+                                                              new ArrayList<>(
+                                                                  ImmutableList.of("100")))),
+                                                  new OneOfCondition()
+                                                      .setCustomSignal(
+                                                          new CustomSignalCondition(
+                                                              "premium users",
+                                                              CustomSignalOperator
+                                                                  .NUMERIC_GREATER_THAN,
+                                                              new ArrayList<>(
+                                                                  ImmutableList.of("20")))),
+                                                  new OneOfCondition()
+                                                      .setPercent(
+                                                          new PercentCondition(
+                                                              new MicroPercentRange(
+                                                                  25000000, 100000000),
+                                                              PercentConditionOperator.BETWEEN,
+                                                              "cla24qoibb61"))))))))));
+
+  private static final Version EXPECTED_VERSION =
+      new Version(
+          new TemplateResponse.VersionResponse()
+              .setVersionNumber("17")
+              .setUpdateOrigin("ADMIN_SDK_NODE")
+              .setUpdateType("INCREMENTAL_UPDATE")
+              .setUpdateUser(
+                  new TemplateResponse.UserResponse()
+                      .setEmail("firebase-user@account.com")
+                      .setName("dev-admin")
+                      .setImageUrl("http://image.jpg"))
+              .setUpdateTime("2020-11-15T06:57:26.342763941Z")
+              .setDescription("promo config"));
+
+  private static final Template EXPECTED_TEMPLATE =
+      new Template()
           .setETag(TEST_ETAG)
           .setParameters(EXPECTED_PARAMETERS)
           .setConditions(EXPECTED_CONDITIONS)
@@ -158,16 +240,19 @@ public void testGetTemplate() throws Exception {
 
   @Test
   public void testGetTemplateWithTimestampUpToNanosecondPrecision() throws Exception {
-    List<String> timestamps = ImmutableList.of(
+    List<String> timestamps =
+        ImmutableList.of(
             "2020-11-15T06:57:26.342Z",
             "2020-11-15T06:57:26.342763Z",
-            "2020-11-15T06:57:26.342763941Z"
-    );
+            "2020-11-15T06:57:26.342763941Z");
     for (String timestamp : timestamps) {
       response.addHeader("etag", TEST_ETAG);
-      String templateResponse = "{\"version\": {"
+      String templateResponse =
+          "{\"version\": {"
               + "    \"versionNumber\": \"17\","
-              + "    \"updateTime\": \"" + timestamp + "\""
+              + "    \"updateTime\": \""
+              + timestamp
+              + "\""
               + "  }}";
       response.setContent(templateResponse);
 
@@ -221,8 +306,12 @@ public void testGetTemplateHttpError() {
         client.getTemplate();
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\n{}", HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\n{}",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest());
     }
@@ -237,8 +326,8 @@ public void testGetTemplateTransportError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseRemoteConfigException error) {
       assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
-      assertEquals("Unknown error while making a remote service call: transport error",
-              error.getMessage());
+      assertEquals(
+          "Unknown error while making a remote service call: transport error", error.getMessage());
       assertTrue(error.getCause() instanceof IOException);
       assertNull(error.getHttpResponse());
       assertNull(error.getRemoteConfigErrorCode());
@@ -271,8 +360,12 @@ public void testGetTemplateErrorWithZeroContentResponse() {
         client.getTemplate();
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\nnull", HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnull",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest());
     }
@@ -287,8 +380,12 @@ public void testGetTemplateErrorWithMalformedResponse() {
         client.getTemplate();
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\nnot json", HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnot json",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest());
     }
@@ -297,15 +394,17 @@ public void testGetTemplateErrorWithMalformedResponse() {
   @Test
   public void testGetTemplateErrorWithDetails() {
     for (int code : HTTP_STATUS_CODES) {
-      response.setStatusCode(code).setContent(
+      response
+          .setStatusCode(code)
+          .setContent(
               "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
 
       try {
         client.getTemplate();
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null, "test error",
-                HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error, ErrorCode.INVALID_ARGUMENT, null, "test error", HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest());
     }
@@ -314,17 +413,22 @@ public void testGetTemplateErrorWithDetails() {
   @Test
   public void testGetTemplateErrorWithRcError() {
     for (int code : HTTP_STATUS_CODES) {
-      response.setStatusCode(code).setContent(
+      response
+          .setStatusCode(code)
+          .setContent(
               "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
-                      + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+                  + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
 
       try {
         client.getTemplate();
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
-                RemoteConfigErrorCode.INVALID_ARGUMENT, "[INVALID_ARGUMENT]: test error",
-                HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            ErrorCode.INVALID_ARGUMENT,
+            RemoteConfigErrorCode.INVALID_ARGUMENT,
+            "[INVALID_ARGUMENT]: test error",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest());
     }
@@ -339,8 +443,9 @@ public void testGetTemplateAtVersionWithNullString() throws Exception {
 
   @Test
   public void testGetTemplateAtVersionWithInvalidString() throws Exception {
-    List<String> invalidVersionStrings = ImmutableList
-            .of("", " ", "abc", "t123", "123t", "t123t", "12t3", "#$*&^", "-123", "+123", "123.4");
+    List<String> invalidVersionStrings =
+        ImmutableList.of(
+            "", " ", "abc", "t123", "123t", "t123t", "12t3", "#$*&^", "-123", "+123", "123.4");
 
     for (String version : invalidVersionStrings) {
       try {
@@ -407,8 +512,12 @@ public void testGetTemplateAtVersionHttpError() {
         client.getTemplateAtVersion("24");
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\n{}", HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\n{}",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
     }
@@ -423,8 +532,8 @@ public void testGetTemplateAtVersionTransportError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseRemoteConfigException error) {
       assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
-      assertEquals("Unknown error while making a remote service call: transport error",
-              error.getMessage());
+      assertEquals(
+          "Unknown error while making a remote service call: transport error", error.getMessage());
       assertTrue(error.getCause() instanceof IOException);
       assertNull(error.getHttpResponse());
       assertNull(error.getRemoteConfigErrorCode());
@@ -457,8 +566,12 @@ public void testGetTemplateAtVersionErrorWithZeroContentResponse() {
         client.getTemplateAtVersion("24");
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\nnull", HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnull",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
     }
@@ -473,8 +586,12 @@ public void testGetTemplateAtVersionErrorWithMalformedResponse() {
         client.getTemplateAtVersion("24");
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\nnot json", HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnot json",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
     }
@@ -483,15 +600,17 @@ public void testGetTemplateAtVersionErrorWithMalformedResponse() {
   @Test
   public void testGetTemplateAtVersionErrorWithDetails() {
     for (int code : HTTP_STATUS_CODES) {
-      response.setStatusCode(code).setContent(
+      response
+          .setStatusCode(code)
+          .setContent(
               "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
 
       try {
         client.getTemplateAtVersion("24");
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null, "test error",
-                HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error, ErrorCode.INVALID_ARGUMENT, null, "test error", HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
     }
@@ -500,17 +619,22 @@ public void testGetTemplateAtVersionErrorWithDetails() {
   @Test
   public void testGetTemplateAtVersionErrorWithRcError() {
     for (int code : HTTP_STATUS_CODES) {
-      response.setStatusCode(code).setContent(
+      response
+          .setStatusCode(code)
+          .setContent(
               "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
-                      + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+                  + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
 
       try {
         client.getTemplateAtVersion("24");
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
-                RemoteConfigErrorCode.INVALID_ARGUMENT, "[INVALID_ARGUMENT]: test error",
-                HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            ErrorCode.INVALID_ARGUMENT,
+            RemoteConfigErrorCode.INVALID_ARGUMENT,
+            "[INVALID_ARGUMENT]: test error",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest(), "?versionNumber=24");
     }
@@ -553,7 +677,8 @@ public void testPublishTemplateWithValidTemplateAndForceTrue() throws Exception
   public void testPublishTemplateWithValidTemplateAndValidateOnlyTrue() throws Exception {
     response.addHeader("etag", TEST_ETAG);
     response.setContent(MOCK_TEMPLATE_RESPONSE);
-    Template expectedTemplate = new Template()
+    Template expectedTemplate =
+        new Template()
             .setETag("etag-123456789012-45")
             .setParameters(EXPECTED_PARAMETERS)
             .setConditions(EXPECTED_CONDITIONS)
@@ -562,12 +687,13 @@ public void testPublishTemplateWithValidTemplateAndValidateOnlyTrue() throws Exc
 
     Template validatedTemplate = client.publishTemplate(expectedTemplate, true, false);
 
-    // check if the etag matches the input template's etag and not the etag from the server response
+    // check if the etag matches the input template's etag and not the etag from the
+    // server response
     assertNotEquals(TEST_ETAG, validatedTemplate.getETag());
     assertEquals("etag-123456789012-45", validatedTemplate.getETag());
     assertEquals(expectedTemplate, validatedTemplate);
-    checkPutRequestHeader(interceptor.getLastRequest(), "?validateOnly=true",
-            "etag-123456789012-45");
+    checkPutRequestHeader(
+        interceptor.getLastRequest(), "?validateOnly=true", "etag-123456789012-45");
   }
 
   @Test
@@ -611,8 +737,12 @@ public void testPublishTemplateHttpError() {
         client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\n{}", HttpMethods.PUT);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\n{}",
+            HttpMethods.PUT);
       }
       checkPutRequestHeader(interceptor.getLastRequest());
     }
@@ -627,8 +757,8 @@ public void testPublishTemplateTransportError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseRemoteConfigException error) {
       assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
-      assertEquals("Unknown error while making a remote service call: transport error",
-              error.getMessage());
+      assertEquals(
+          "Unknown error while making a remote service call: transport error", error.getMessage());
       assertTrue(error.getCause() instanceof IOException);
       assertNull(error.getHttpResponse());
       assertNull(error.getRemoteConfigErrorCode());
@@ -661,8 +791,12 @@ public void testPublishTemplateErrorWithZeroContentResponse() {
         client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\nnull", HttpMethods.PUT);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnull",
+            HttpMethods.PUT);
       }
       checkPutRequestHeader(interceptor.getLastRequest());
     }
@@ -677,8 +811,12 @@ public void testPublishTemplateErrorWithMalformedResponse() {
         client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\nnot json", HttpMethods.PUT);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnot json",
+            HttpMethods.PUT);
       }
       checkPutRequestHeader(interceptor.getLastRequest());
     }
@@ -687,15 +825,17 @@ public void testPublishTemplateErrorWithMalformedResponse() {
   @Test
   public void testPublishTemplateErrorWithDetails() {
     for (int code : HTTP_STATUS_CODES) {
-      response.setStatusCode(code).setContent(
+      response
+          .setStatusCode(code)
+          .setContent(
               "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
 
       try {
         client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null, "test error",
-                HttpMethods.PUT);
+        checkExceptionFromHttpResponse(
+            error, ErrorCode.INVALID_ARGUMENT, null, "test error", HttpMethods.PUT);
       }
       checkPutRequestHeader(interceptor.getLastRequest());
     }
@@ -704,17 +844,22 @@ public void testPublishTemplateErrorWithDetails() {
   @Test
   public void testPublishTemplateErrorWithRcError() {
     for (int code : HTTP_STATUS_CODES) {
-      response.setStatusCode(code).setContent(
+      response
+          .setStatusCode(code)
+          .setContent(
               "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
-                      + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+                  + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
 
       try {
         client.publishTemplate(new Template().setETag(TEST_ETAG), false, false);
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
-                RemoteConfigErrorCode.INVALID_ARGUMENT, "[INVALID_ARGUMENT]: test error",
-                HttpMethods.PUT);
+        checkExceptionFromHttpResponse(
+            error,
+            ErrorCode.INVALID_ARGUMENT,
+            RemoteConfigErrorCode.INVALID_ARGUMENT,
+            "[INVALID_ARGUMENT]: test error",
+            HttpMethods.PUT);
       }
       checkPutRequestHeader(interceptor.getLastRequest());
     }
@@ -729,8 +874,9 @@ public void testRollbackWithNullString() throws Exception {
 
   @Test
   public void testRollbackWithInvalidString() throws Exception {
-    List<String> invalidVersionStrings = ImmutableList
-            .of("", " ", "abc", "t123", "123t", "t123t", "12t3", "#$*&^", "-123", "+123", "123.4");
+    List<String> invalidVersionStrings =
+        ImmutableList.of(
+            "", " ", "abc", "t123", "123t", "t123t", "12t3", "#$*&^", "-123", "+123", "123.4");
 
     for (String version : invalidVersionStrings) {
       try {
@@ -754,8 +900,8 @@ public void testRollbackWithValidString() throws Exception {
     assertEquals(EXPECTED_TEMPLATE, rolledBackTemplate);
     assertEquals(1605423446000L, rolledBackTemplate.getVersion().getUpdateTime());
     checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
-    checkRequestContent(interceptor.getLastRequest(),
-            ImmutableMap.<String, Object>of("versionNumber", "24"));
+    checkRequestContent(
+        interceptor.getLastRequest(), ImmutableMap.<String, Object>of("versionNumber", "24"));
   }
 
   @Test
@@ -771,8 +917,8 @@ public void testRollbackWithEmptyTemplateResponse() throws Exception {
     assertEquals(0, template.getParameterGroups().size());
     assertNull(template.getVersion());
     checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
-    checkRequestContent(interceptor.getLastRequest(),
-            ImmutableMap.<String, Object>of("versionNumber", "24"));
+    checkRequestContent(
+        interceptor.getLastRequest(), ImmutableMap.<String, Object>of("versionNumber", "24"));
   }
 
   @Test(expected = IllegalStateException.class)
@@ -801,12 +947,16 @@ public void testRollbackHttpError() throws IOException {
         client.rollback("24");
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\n{}", HttpMethods.POST);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\n{}",
+            HttpMethods.POST);
       }
       checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
-      checkRequestContent(interceptor.getLastRequest(),
-              ImmutableMap.<String, Object>of("versionNumber", "24"));
+      checkRequestContent(
+          interceptor.getLastRequest(), ImmutableMap.<String, Object>of("versionNumber", "24"));
     }
   }
 
@@ -819,8 +969,8 @@ public void testRollbackTransportError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseRemoteConfigException error) {
       assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
-      assertEquals("Unknown error while making a remote service call: transport error",
-              error.getMessage());
+      assertEquals(
+          "Unknown error while making a remote service call: transport error", error.getMessage());
       assertTrue(error.getCause() instanceof IOException);
       assertNull(error.getHttpResponse());
       assertNull(error.getRemoteConfigErrorCode());
@@ -842,8 +992,8 @@ public void testRollbackSuccessResponseWithUnexpectedPayload() throws IOExceptio
       assertNull(error.getRemoteConfigErrorCode());
     }
     checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
-    checkRequestContent(interceptor.getLastRequest(),
-            ImmutableMap.<String, Object>of("versionNumber", "24"));
+    checkRequestContent(
+        interceptor.getLastRequest(), ImmutableMap.<String, Object>of("versionNumber", "24"));
   }
 
   @Test
@@ -855,12 +1005,16 @@ public void testRollbackErrorWithZeroContentResponse() throws IOException {
         client.rollback("24");
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\nnull", HttpMethods.POST);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnull",
+            HttpMethods.POST);
       }
       checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
-      checkRequestContent(interceptor.getLastRequest(),
-              ImmutableMap.<String, Object>of("versionNumber", "24"));
+      checkRequestContent(
+          interceptor.getLastRequest(), ImmutableMap.<String, Object>of("versionNumber", "24"));
     }
   }
 
@@ -873,52 +1027,63 @@ public void testRollbackErrorWithMalformedResponse() throws IOException {
         client.rollback("24");
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\nnot json", HttpMethods.POST);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnot json",
+            HttpMethods.POST);
       }
       checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
-      checkRequestContent(interceptor.getLastRequest(),
-              ImmutableMap.<String, Object>of("versionNumber", "24"));
+      checkRequestContent(
+          interceptor.getLastRequest(), ImmutableMap.<String, Object>of("versionNumber", "24"));
     }
   }
 
   @Test
   public void testRollbackErrorWithDetails() throws IOException {
     for (int code : HTTP_STATUS_CODES) {
-      response.setStatusCode(code).setContent(
+      response
+          .setStatusCode(code)
+          .setContent(
               "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
 
       try {
         client.rollback("24");
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null, "test error",
-                HttpMethods.POST);
+        checkExceptionFromHttpResponse(
+            error, ErrorCode.INVALID_ARGUMENT, null, "test error", HttpMethods.POST);
       }
       checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
-      checkRequestContent(interceptor.getLastRequest(),
-              ImmutableMap.<String, Object>of("versionNumber", "24"));
+      checkRequestContent(
+          interceptor.getLastRequest(), ImmutableMap.<String, Object>of("versionNumber", "24"));
     }
   }
 
   @Test
   public void testRollbackErrorWithRcError() throws IOException {
     for (int code : HTTP_STATUS_CODES) {
-      response.setStatusCode(code).setContent(
+      response
+          .setStatusCode(code)
+          .setContent(
               "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
-                      + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+                  + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
 
       try {
         client.rollback("24");
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
-                RemoteConfigErrorCode.INVALID_ARGUMENT, "[INVALID_ARGUMENT]: test error",
-                HttpMethods.POST);
+        checkExceptionFromHttpResponse(
+            error,
+            ErrorCode.INVALID_ARGUMENT,
+            RemoteConfigErrorCode.INVALID_ARGUMENT,
+            "[INVALID_ARGUMENT]: test error",
+            HttpMethods.POST);
       }
       checkPostRequestHeader(interceptor.getLastRequest(), ":rollback");
-      checkRequestContent(interceptor.getLastRequest(),
-              ImmutableMap.<String, Object>of("versionNumber", "24"));
+      checkRequestContent(
+          interceptor.getLastRequest(), ImmutableMap.<String, Object>of("versionNumber", "24"));
     }
   }
 
@@ -940,33 +1105,36 @@ public void testListVersionsWithNullOptions() throws Exception {
   public void testListVersionsWithOptions() throws Exception {
     response.setContent(MOCK_LIST_VERSIONS_RESPONSE);
 
-    TemplateResponse.ListVersionsResponse versionsList = client.listVersions(
+    TemplateResponse.ListVersionsResponse versionsList =
+        client.listVersions(
             ListVersionsOptions.builder()
-                    .setPageSize(10)
-                    .setPageToken("token")
-                    .setStartTimeMillis(1605219122000L)
-                    .setEndTimeMillis(1606245035000L)
-                    .setEndVersionNumber("29").build());
+                .setPageSize(10)
+                .setPageToken("token")
+                .setStartTimeMillis(1605219122000L)
+                .setEndTimeMillis(1606245035000L)
+                .setEndVersionNumber("29")
+                .build());
 
     assertTrue(versionsList.hasVersions());
 
     HttpRequest request = interceptor.getLastRequest();
-    String urlWithoutParameters = request.getUrl().toString()
-            .substring(0, request.getUrl().toString().lastIndexOf('?'));
-    final Map<String, String> expectedQuery = ImmutableMap.of(
+    String urlWithoutParameters =
+        request.getUrl().toString().substring(0, request.getUrl().toString().lastIndexOf('?'));
+    final Map<String, String> expectedQuery =
+        ImmutableMap.of(
             "endVersionNumber", "29",
             "pageSize", "10",
             "pageToken", "token",
             "startTime", "2020-11-12T22:12:02.000000000Z",
-            "endTime", "2020-11-24T19:10:35.000000000Z"
-    );
+            "endTime", "2020-11-24T19:10:35.000000000Z");
     Map<String, String> actualQuery = new HashMap<>();
     String query = request.getUrl().toURI().getQuery();
     String[] pairs = query.split("&");
     for (String pair : pairs) {
       int idx = pair.indexOf("=");
-      actualQuery.put(URLDecoder.decode(pair.substring(0, idx), "UTF-8"),
-              URLDecoder.decode(pair.substring(idx + 1), "UTF-8"));
+      actualQuery.put(
+          URLDecoder.decode(pair.substring(0, idx), "UTF-8"),
+          URLDecoder.decode(pair.substring(idx + 1), "UTF-8"));
     }
 
     assertEquals("GET", request.getRequestMethod());
@@ -998,8 +1166,12 @@ public void testListVersionsHttpError() {
         client.listVersions(null);
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\n{}", HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\n{}",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
     }
@@ -1014,8 +1186,8 @@ public void testListVersionsTransportError() {
       fail("No error thrown for HTTP error");
     } catch (FirebaseRemoteConfigException error) {
       assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
-      assertEquals("Unknown error while making a remote service call: transport error",
-              error.getMessage());
+      assertEquals(
+          "Unknown error while making a remote service call: transport error", error.getMessage());
       assertTrue(error.getCause() instanceof IOException);
       assertNull(error.getHttpResponse());
       assertNull(error.getRemoteConfigErrorCode());
@@ -1048,8 +1220,12 @@ public void testListVersionsErrorWithZeroContentResponse() {
         client.listVersions(null);
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\nnull", HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnull",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
     }
@@ -1064,8 +1240,12 @@ public void testListVersionsErrorWithMalformedResponse() {
         client.listVersions(null);
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, HTTP_STATUS_TO_ERROR_CODE.get(code), null,
-                "Unexpected HTTP response with status: " + code + "\nnot json", HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnot json",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
     }
@@ -1074,15 +1254,17 @@ public void testListVersionsErrorWithMalformedResponse() {
   @Test
   public void testListVersionsErrorWithDetails() {
     for (int code : HTTP_STATUS_CODES) {
-      response.setStatusCode(code).setContent(
+      response
+          .setStatusCode(code)
+          .setContent(
               "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
 
       try {
         client.listVersions(null);
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT, null, "test error",
-                HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error, ErrorCode.INVALID_ARGUMENT, null, "test error", HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
     }
@@ -1091,17 +1273,22 @@ public void testListVersionsErrorWithDetails() {
   @Test
   public void testListVersionsErrorWithRcError() {
     for (int code : HTTP_STATUS_CODES) {
-      response.setStatusCode(code).setContent(
+      response
+          .setStatusCode(code)
+          .setContent(
               "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
-                      + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+                  + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
 
       try {
         client.listVersions(null);
         fail("No error thrown for HTTP error");
       } catch (FirebaseRemoteConfigException error) {
-        checkExceptionFromHttpResponse(error, ErrorCode.INVALID_ARGUMENT,
-                RemoteConfigErrorCode.INVALID_ARGUMENT, "[INVALID_ARGUMENT]: test error",
-                HttpMethods.GET);
+        checkExceptionFromHttpResponse(
+            error,
+            ErrorCode.INVALID_ARGUMENT,
+            RemoteConfigErrorCode.INVALID_ARGUMENT,
+            "[INVALID_ARGUMENT]: test error",
+            HttpMethods.GET);
       }
       checkGetRequestHeader(interceptor.getLastRequest(), ":listVersions");
     }
@@ -1126,7 +1313,8 @@ public void testBuilderNullRequestFactory() {
 
   @Test
   public void testFromApp() throws IOException {
-    FirebaseOptions options = FirebaseOptions.builder()
+    FirebaseOptions options =
+        FirebaseOptions.builder()
             .setCredentials(new MockGoogleCredentials("test-token"))
             .setProjectId("test-project")
             .build();
@@ -1138,8 +1326,8 @@ public void testFromApp() throws IOException {
       assertEquals(TEST_REMOTE_CONFIG_URL, client.getRemoteConfigUrl());
       assertSame(options.getJsonFactory(), client.getJsonFactory());
 
-      HttpRequest request = client.getRequestFactory().buildGetRequest(
-              new GenericUrl("https://example.com"));
+      HttpRequest request =
+          client.getRequestFactory().buildGetRequest(new GenericUrl("https://example.com"));
       assertEquals("Bearer test-token", request.getHeaders().getAuthorization());
     } finally {
       app.delete();
@@ -1147,33 +1335,32 @@ public void testFromApp() throws IOException {
   }
 
   private FirebaseRemoteConfigClientImpl initRemoteConfigClient(
-          MockLowLevelHttpResponse mockResponse, HttpResponseInterceptor interceptor) {
-    MockHttpTransport transport = new MockHttpTransport.Builder()
-            .setLowLevelHttpResponse(mockResponse)
-            .build();
+      MockLowLevelHttpResponse mockResponse, HttpResponseInterceptor interceptor) {
+    MockHttpTransport transport =
+        new MockHttpTransport.Builder().setLowLevelHttpResponse(mockResponse).build();
 
     return FirebaseRemoteConfigClientImpl.builder()
-            .setProjectId("test-project")
-            .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
-            .setRequestFactory(transport.createRequestFactory())
-            .setResponseInterceptor(interceptor)
-            .build();
+        .setProjectId("test-project")
+        .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
+        .setRequestFactory(transport.createRequestFactory())
+        .setResponseInterceptor(interceptor)
+        .build();
   }
 
   private FirebaseRemoteConfigClientImpl initClientWithFaultyTransport() {
     HttpTransport transport = TestUtils.createFaultyHttpTransport();
     return FirebaseRemoteConfigClientImpl.builder()
-            .setProjectId("test-project")
-            .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
-            .setRequestFactory(transport.createRequestFactory())
-            .build();
+        .setProjectId("test-project")
+        .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
+        .setRequestFactory(transport.createRequestFactory())
+        .build();
   }
 
   private FirebaseRemoteConfigClientImpl.Builder fullyPopulatedBuilder() {
     return FirebaseRemoteConfigClientImpl.builder()
-            .setProjectId("test-project")
-            .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
-            .setRequestFactory(ApiClientUtils.getDefaultTransport().createRequestFactory());
+        .setProjectId("test-project")
+        .setJsonFactory(ApiClientUtils.getDefaultJsonFactory())
+        .setRequestFactory(ApiClientUtils.getDefaultTransport().createRequestFactory());
   }
 
   private void checkGetRequestHeader(HttpRequest request) {
@@ -1189,6 +1376,19 @@ private void checkGetRequestHeader(HttpRequest request, String urlSuffix) {
     assertEquals("gzip", headers.getAcceptEncoding());
   }
 
+  private void checkGetRequestHeaderForServer(HttpRequest request) {
+    checkGetRequestHeaderForServer(request, "");
+  }
+
+  private void checkGetRequestHeaderForServer(HttpRequest request, String urlSuffix) {
+    assertEquals("GET", request.getRequestMethod());
+    assertEquals(TEST_SERVER_REMOTE_CONFIG_URL + urlSuffix, request.getUrl().toString());
+    HttpHeaders headers = request.getHeaders();
+    assertEquals("fire-admin-java/" + SdkUtils.getVersion(), headers.get("X-Firebase-Client"));
+    assertEquals(SdkUtils.getMetricsHeader(), request.getHeaders().get("X-Goog-Api-Client"));
+    assertEquals("gzip", headers.getAcceptEncoding());
+  }
+
   private void checkPutRequestHeader(HttpRequest request) {
     checkPutRequestHeader(request, "", TEST_ETAG);
   }
@@ -1212,8 +1412,8 @@ private void checkPostRequestHeader(HttpRequest request, String urlSuffix) {
     assertEquals("gzip", headers.getAcceptEncoding());
   }
 
-  private void checkRequestContent(
-          HttpRequest request, Map<String, Object> expected) throws IOException {
+  private void checkRequestContent(HttpRequest request, Map<String, Object> expected)
+      throws IOException {
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     request.getContent().writeTo(out);
     JsonParser parser = ApiClientUtils.getDefaultJsonFactory().createJsonParser(out.toString());
@@ -1223,11 +1423,11 @@ private void checkRequestContent(
   }
 
   private void checkExceptionFromHttpResponse(
-          FirebaseRemoteConfigException error,
-          ErrorCode expectedCode,
-          RemoteConfigErrorCode expectedRemoteConfigCode,
-          String expectedMessage,
-          String httpMethod) {
+      FirebaseRemoteConfigException error,
+      ErrorCode expectedCode,
+      RemoteConfigErrorCode expectedRemoteConfigCode,
+      String expectedMessage,
+      String httpMethod) {
     assertEquals(expectedCode, error.getErrorCode());
     assertEquals(expectedMessage, error.getMessage());
     assertTrue(error.getCause() instanceof HttpResponseException);
@@ -1238,4 +1438,225 @@ private void checkExceptionFromHttpResponse(
     assertEquals(httpMethod, request.getMethod());
     assertTrue(request.getUrl().startsWith("https://firebaseremoteconfig.googleapis.com"));
   }
+
+  // Get server template tests
+
+  @Test
+  public void testGetServerTemplate() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent(MOCK_SERVER_TEMPLATE_RESPONSE);
+
+    String receivedTemplate = client.getServerTemplate();
+    ServerTemplateData serverTemplateData = ServerTemplateData.fromJSON(receivedTemplate);
+
+    assertEquals(EXPECTED_PARAMETERS, serverTemplateData.getParameters());
+    assertEquals(TEST_ETAG, serverTemplateData.getETag());
+    assertEquals(
+        convertObjectToString(EXPECTED_SERVER_CONDITIONS),
+        convertObjectToString(serverTemplateData.getServerConditions()));
+    assertEquals(1605423446000L, serverTemplateData.getVersion().getUpdateTime());
+    checkGetRequestHeaderForServer(interceptor.getLastRequest());
+  }
+
+  @Test
+  public void testGetServerTemplateWithTimestampUpToNanosecondPrecision() throws Exception {
+    List<String> timestamps =
+        ImmutableList.of(
+            "2020-11-15T06:57:26.342Z",
+            "2020-11-15T06:57:26.342763Z",
+            "2020-11-15T06:57:26.342763941Z");
+    for (String timestamp : timestamps) {
+      response.addHeader("etag", TEST_ETAG);
+      String templateResponse =
+          "{\"version\": {"
+              + "    \"versionNumber\": \"17\","
+              + "    \"updateTime\": \""
+              + timestamp
+              + "\""
+              + "  }}";
+      response.setContent(templateResponse);
+
+      String receivedTemplate = client.getServerTemplate();
+      ServerTemplateData serverTemplateData = ServerTemplateData.fromJSON(receivedTemplate);
+      assertEquals(TEST_ETAG, serverTemplateData.getETag());
+      assertEquals("17", serverTemplateData.getVersion().getVersionNumber());
+      assertEquals(1605423446000L, serverTemplateData.getVersion().getUpdateTime());
+      checkGetRequestHeaderForServer(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testGetServerTemplateWithEmptyTemplateResponse() throws Exception {
+    response.addHeader("etag", TEST_ETAG);
+    response.setContent("{}");
+
+    String receivedTemplate = client.getServerTemplate();
+    ServerTemplateData serverTemplateData = ServerTemplateData.fromJSON(receivedTemplate);
+
+    assertEquals(TEST_ETAG, serverTemplateData.getETag());
+    assertEquals(0, serverTemplateData.getParameters().size());
+    assertEquals(0, serverTemplateData.getServerConditions().size());
+    assertEquals(0, serverTemplateData.getParameterGroups().size());
+    assertNull(serverTemplateData.getVersion());
+    checkGetRequestHeaderForServer(interceptor.getLastRequest());
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testGetServerTemplateWithNoEtag() throws FirebaseRemoteConfigException {
+    // ETag does not exist
+    response.setContent(MOCK_SERVER_TEMPLATE_RESPONSE);
+
+    client.getServerTemplate();
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void testGetServerTemplateWithEmptyEtag() throws FirebaseRemoteConfigException {
+    // Empty ETag
+    response.addHeader("etag", "");
+    response.setContent(MOCK_SERVER_TEMPLATE_RESPONSE);
+
+    client.getServerTemplate();
+  }
+
+  @Test
+  public void testGetServerTemplateHttpError() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("{}");
+
+      try {
+        client.getServerTemplate();
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\n{}",
+            HttpMethods.GET);
+      }
+      checkGetRequestHeaderForServer(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testGetServerTemplateTransportError() {
+    client = initClientWithFaultyTransport();
+
+    try {
+      client.getServerTemplate();
+      fail("No error thrown for HTTP error");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertEquals(
+          "Unknown error while making a remote service call: transport error", error.getMessage());
+      assertTrue(error.getCause() instanceof IOException);
+      assertNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+  }
+
+  @Test
+  public void testGetServerTemplateSuccessResponseWithUnexpectedPayload() {
+    response.setContent("not valid json");
+
+    try {
+      client.getServerTemplate();
+      fail("No error thrown for malformed response");
+    } catch (FirebaseRemoteConfigException error) {
+      assertEquals(ErrorCode.UNKNOWN, error.getErrorCode());
+      assertTrue(error.getMessage().startsWith("Error while parsing HTTP response: "));
+      assertNotNull(error.getCause());
+      assertNotNull(error.getHttpResponse());
+      assertNull(error.getRemoteConfigErrorCode());
+    }
+    checkGetRequestHeaderForServer(interceptor.getLastRequest());
+  }
+
+  @Test
+  public void testGetServerTemplateErrorWithZeroContentResponse() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setZeroContent();
+
+      try {
+        client.getServerTemplate();
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnull",
+            HttpMethods.GET);
+      }
+      checkGetRequestHeaderForServer(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testGetServerTemplateErrorWithMalformedResponse() {
+    for (int code : HTTP_STATUS_CODES) {
+      response.setStatusCode(code).setContent("not json");
+
+      try {
+        client.getServerTemplate();
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(
+            error,
+            HTTP_STATUS_TO_ERROR_CODE.get(code),
+            null,
+            "Unexpected HTTP response with status: " + code + "\nnot json",
+            HttpMethods.GET);
+      }
+      checkGetRequestHeaderForServer(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testGetServerTemplateErrorWithDetails() {
+    for (int code : HTTP_STATUS_CODES) {
+      response
+          .setStatusCode(code)
+          .setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", \"message\": \"test error\"}}");
+
+      try {
+        client.getServerTemplate();
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(
+            error, ErrorCode.INVALID_ARGUMENT, null, "test error", HttpMethods.GET);
+      }
+      checkGetRequestHeaderForServer(interceptor.getLastRequest());
+    }
+  }
+
+  @Test
+  public void testGetServerTemplateErrorWithRcError() {
+    for (int code : HTTP_STATUS_CODES) {
+      response
+          .setStatusCode(code)
+          .setContent(
+              "{\"error\": {\"status\": \"INVALID_ARGUMENT\", "
+                  + "\"message\": \"[INVALID_ARGUMENT]: test error\"}}");
+
+      try {
+        client.getServerTemplate();
+        fail("No error thrown for HTTP error");
+      } catch (FirebaseRemoteConfigException error) {
+        checkExceptionFromHttpResponse(
+            error,
+            ErrorCode.INVALID_ARGUMENT,
+            RemoteConfigErrorCode.INVALID_ARGUMENT,
+            "[INVALID_ARGUMENT]: test error",
+            HttpMethods.GET);
+      }
+      checkGetRequestHeaderForServer(interceptor.getLastRequest());
+    }
+  }
+
+  public static String convertObjectToString(Object object) {
+    Gson gson = new GsonBuilder().setPrettyPrinting().create(); // Optional: pretty printing
+    return gson.toJson(object);
+  }
 }
diff --git a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigTest.java b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigTest.java
index d3e7fbff2..8b416b67b 100644
--- a/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigTest.java
+++ b/src/test/java/com/google/firebase/remoteconfig/FirebaseRemoteConfigTest.java
@@ -27,22 +27,26 @@
 import com.google.firebase.FirebaseOptions;
 import com.google.firebase.TestOnlyImplFirebaseTrampolines;
 import com.google.firebase.auth.MockGoogleCredentials;
-
 import com.google.firebase.remoteconfig.internal.TemplateResponse;
-
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParser;
 import java.util.concurrent.ExecutionException;
-
 import org.junit.After;
 import org.junit.Test;
 
+
+/** Tests 
+* for {@link FirebaseRemoteConfig}. 
+* */
 public class FirebaseRemoteConfigTest {
 
-  private static final FirebaseOptions TEST_OPTIONS = FirebaseOptions.builder()
+  private static final FirebaseOptions TEST_OPTIONS =
+      FirebaseOptions.builder()
           .setCredentials(new MockGoogleCredentials("test-token"))
           .setProjectId("test-project")
           .build();
   private static final FirebaseRemoteConfigException TEST_EXCEPTION =
-          new FirebaseRemoteConfigException(ErrorCode.INTERNAL, "Test error message");
+      new FirebaseRemoteConfigException(ErrorCode.INTERNAL, "Test error message");
 
   @After
   public void tearDown() {
@@ -76,10 +80,25 @@ public void testDefaultRemoteConfigClient() {
 
     assertTrue(client instanceof FirebaseRemoteConfigClientImpl);
     assertSame(client, remoteConfig.getRemoteConfigClient());
-    String expectedUrl = "https://firebaseremoteconfig.googleapis.com/v1/projects/test-project/remoteConfig";
+    String expectedUrl =
+        "https://firebaseremoteconfig.googleapis.com/v1/projects/test-project/remoteConfig";
     assertEquals(expectedUrl, ((FirebaseRemoteConfigClientImpl) client).getRemoteConfigUrl());
   }
 
+  @Test
+  public void testDefaultServerRemoteConfigClient() {
+    FirebaseApp app = FirebaseApp.initializeApp(TEST_OPTIONS, "custom-app");
+    FirebaseRemoteConfig remoteConfig = FirebaseRemoteConfig.getInstance(app);
+
+    FirebaseRemoteConfigClient client = remoteConfig.getRemoteConfigClient();
+
+    assertTrue(client instanceof FirebaseRemoteConfigClientImpl);
+    assertSame(client, remoteConfig.getRemoteConfigClient());
+    String expectedUrl =
+        "https://firebaseremoteconfig.googleapis.com/v1/projects/test-project/namespaces/firebase-server/serverRemoteConfig";
+    assertEquals(expectedUrl, ((FirebaseRemoteConfigClientImpl) client).getServerRemoteConfigUrl());
+  }
+
   @Test
   public void testAppDelete() {
     FirebaseApp app = FirebaseApp.initializeApp(TEST_OPTIONS, "custom-app");
@@ -98,16 +117,16 @@ public void testAppDelete() {
 
   @Test
   public void testRemoteConfigClientWithoutProjectId() {
-    FirebaseOptions options = FirebaseOptions.builder()
-            .setCredentials(new MockGoogleCredentials("test-token"))
-            .build();
+    FirebaseOptions options =
+        FirebaseOptions.builder().setCredentials(new MockGoogleCredentials("test-token")).build();
     FirebaseApp.initializeApp(options);
 
     try {
       FirebaseRemoteConfig.getInstance();
       fail("No error thrown for missing project ID");
     } catch (IllegalArgumentException expected) {
-      String message = "Project ID is required to access Remote Config service. Use a service "
+      String message =
+          "Project ID is required to access Remote Config service. Use a service "
               + "account credential or set the project ID explicitly via FirebaseOptions. "
               + "Alternatively you can also set the project ID via the GOOGLE_CLOUD_PROJECT "
               + "environment variable.";
@@ -121,8 +140,8 @@ public void testRemoteConfigClientWithoutProjectId() {
 
   @Test
   public void testGetTemplate() throws FirebaseRemoteConfigException {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
-            new Template().setETag(TEST_ETAG));
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromTemplate(new Template().setETag(TEST_ETAG));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
     Template template = remoteConfig.getTemplate();
@@ -144,8 +163,8 @@ public void testGetTemplateFailure() {
 
   @Test
   public void testGetTemplateAsync() throws Exception {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
-            new Template().setETag(TEST_ETAG));
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromTemplate(new Template().setETag(TEST_ETAG));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
     Template template = remoteConfig.getTemplateAsync().get();
@@ -169,8 +188,8 @@ public void testGetTemplateAsyncFailure() throws InterruptedException {
 
   @Test
   public void testGetTemplateAtVersionWithStringValue() throws FirebaseRemoteConfigException {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
-            new Template().setETag(TEST_ETAG));
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromTemplate(new Template().setETag(TEST_ETAG));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
     Template template = remoteConfig.getTemplateAtVersion("64");
@@ -192,8 +211,8 @@ public void testGetTemplateAtVersionWithStringValueFailure() {
 
   @Test
   public void testGetTemplateAtVersionAsyncWithStringValue() throws Exception {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
-            new Template().setETag(TEST_ETAG));
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromTemplate(new Template().setETag(TEST_ETAG));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
     Template template = remoteConfig.getTemplateAtVersionAsync("55").get();
@@ -215,8 +234,8 @@ public void testGetTemplateAtVersionAsyncWithStringValueFailure() throws Interru
 
   @Test
   public void testGetTemplateAtVersionWithLongValue() throws FirebaseRemoteConfigException {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
-            new Template().setETag(TEST_ETAG));
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromTemplate(new Template().setETag(TEST_ETAG));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
     Template template = remoteConfig.getTemplateAtVersion(64L);
@@ -238,8 +257,8 @@ public void testGetTemplateAtVersionWithLongValueFailure() {
 
   @Test
   public void testGetTemplateAtVersionAsyncWithLongValue() throws Exception {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
-            new Template().setETag(TEST_ETAG));
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromTemplate(new Template().setETag(TEST_ETAG));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
     Template template = remoteConfig.getTemplateAtVersionAsync(55L).get();
@@ -407,8 +426,8 @@ public void testForcePublishTemplateAsyncFailure() throws InterruptedException {
 
   @Test
   public void testRollbackWithStringValue() throws FirebaseRemoteConfigException {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
-            new Template().setETag(TEST_ETAG));
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromTemplate(new Template().setETag(TEST_ETAG));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
     Template template = remoteConfig.rollback("64");
@@ -430,8 +449,8 @@ public void testRollbackWithStringValueFailure() {
 
   @Test
   public void testRollbackAsyncWithStringValue() throws Exception {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
-            new Template().setETag(TEST_ETAG));
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromTemplate(new Template().setETag(TEST_ETAG));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
     Template template = remoteConfig.rollbackAsync("55").get();
@@ -453,8 +472,8 @@ public void testRollbackAsyncWithStringValueFailure() throws InterruptedExceptio
 
   @Test
   public void testRollbackWithLongValue() throws FirebaseRemoteConfigException {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
-            new Template().setETag(TEST_ETAG));
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromTemplate(new Template().setETag(TEST_ETAG));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
     Template template = remoteConfig.rollback(64L);
@@ -476,8 +495,8 @@ public void testRollbackWithLongValueFailure() {
 
   @Test
   public void testRollbackAsyncWithLongValue() throws Exception {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromTemplate(
-            new Template().setETag(TEST_ETAG));
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromTemplate(new Template().setETag(TEST_ETAG));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
     Template template = remoteConfig.rollbackAsync(55L).get();
@@ -501,7 +520,8 @@ public void testRollbackAsyncWithLongValueFailure() throws InterruptedException
 
   @Test
   public void testListVersionsWithNoOptions() throws FirebaseRemoteConfigException {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromListVersionsResponse(
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromListVersionsResponse(
             new TemplateResponse.ListVersionsResponse().setNextPageToken("token"));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
@@ -524,7 +544,8 @@ public void testListVersionsWithNoOptionsFailure() {
 
   @Test
   public void testListVersionsAsyncWithNoOptions() throws Exception {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromListVersionsResponse(
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromListVersionsResponse(
             new TemplateResponse.ListVersionsResponse().setNextPageToken("token"));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
@@ -547,12 +568,13 @@ public void testListVersionsAsyncWithNoOptionsFailure() throws InterruptedExcept
 
   @Test
   public void testListVersionsWithOptions() throws FirebaseRemoteConfigException {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromListVersionsResponse(
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromListVersionsResponse(
             new TemplateResponse.ListVersionsResponse().setNextPageToken("token"));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
-    ListVersionsPage listVersionsPage = remoteConfig.listVersions(
-            ListVersionsOptions.builder().build());
+    ListVersionsPage listVersionsPage =
+        remoteConfig.listVersions(ListVersionsOptions.builder().build());
 
     assertEquals("token", listVersionsPage.getNextPageToken());
   }
@@ -571,12 +593,13 @@ public void testListVersionsWithOptionsFailure() {
 
   @Test
   public void testListVersionsAsyncWithOptions() throws Exception {
-    MockRemoteConfigClient client = MockRemoteConfigClient.fromListVersionsResponse(
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromListVersionsResponse(
             new TemplateResponse.ListVersionsResponse().setNextPageToken("token"));
     FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
 
-    ListVersionsPage listVersionsPage = remoteConfig.listVersionsAsync(
-            ListVersionsOptions.builder().build()).get();
+    ListVersionsPage listVersionsPage =
+        remoteConfig.listVersionsAsync(ListVersionsOptions.builder().build()).get();
 
     assertEquals("token", listVersionsPage.getNextPageToken());
   }
@@ -597,4 +620,62 @@ private FirebaseRemoteConfig getRemoteConfig(FirebaseRemoteConfigClient client)
     FirebaseApp app = FirebaseApp.initializeApp(TEST_OPTIONS);
     return new FirebaseRemoteConfig(app, client);
   }
+
+  // Get Server template tests
+
+  @Test
+  public void testGetServerTemplate() throws FirebaseRemoteConfigException {
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromServerTemplate(
+            new ServerTemplateData().setETag(TEST_ETAG).toJSON());
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    ServerTemplate template = remoteConfig.getServerTemplate();
+    String templateData = template.toJson();
+    JsonElement expectedJson =
+        JsonParser.parseString(new ServerTemplateData().setETag(TEST_ETAG).toJSON());
+    JsonElement actualJson = JsonParser.parseString(templateData);
+
+    assertEquals(expectedJson, actualJson);
+  }
+
+  @Test
+  public void testGetServerTemplateFailure() {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.getServerTemplate();
+    } catch (FirebaseRemoteConfigException e) {
+      assertSame(TEST_EXCEPTION, e);
+    }
+  }
+
+  @Test
+  public void testGetServerTemplateAsync() throws Exception {
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromServerTemplate(
+            new ServerTemplateData().setETag(TEST_ETAG).toJSON());
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    ServerTemplate template = remoteConfig.getServerTemplateAsync().get();
+    String templateData = template.toJson();
+    JsonElement expectedJson =
+        JsonParser.parseString(new ServerTemplateData().setETag(TEST_ETAG).toJSON());
+    JsonElement actualJson = JsonParser.parseString(templateData);
+
+    assertEquals(expectedJson, actualJson);
+  }
+
+  @Test
+  public void testGetServerTemplateAsyncFailure() throws InterruptedException {
+    MockRemoteConfigClient client = MockRemoteConfigClient.fromException(TEST_EXCEPTION);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    try {
+      remoteConfig.getServerTemplateAsync().get();
+    } catch (ExecutionException e) {
+      assertSame(TEST_EXCEPTION, e.getCause());
+    }
+  }
 }
diff --git a/src/test/java/com/google/firebase/remoteconfig/MockRemoteConfigClient.java b/src/test/java/com/google/firebase/remoteconfig/MockRemoteConfigClient.java
index 9ca58508d..3ac7f6b1c 100644
--- a/src/test/java/com/google/firebase/remoteconfig/MockRemoteConfigClient.java
+++ b/src/test/java/com/google/firebase/remoteconfig/MockRemoteConfigClient.java
@@ -21,28 +21,35 @@
 public class MockRemoteConfigClient implements FirebaseRemoteConfigClient{
 
   private final Template resultTemplate;
+  private final String resultServerTemplate;
   private final FirebaseRemoteConfigException exception;
   private final ListVersionsResponse listVersionsResponse;
 
   private MockRemoteConfigClient(Template resultTemplate,
-                                 ListVersionsResponse listVersionsResponse,
-                                 FirebaseRemoteConfigException exception) {
+                                String resultServerTemplate,
+                                ListVersionsResponse listVersionsResponse,
+                                FirebaseRemoteConfigException exception) {
     this.resultTemplate = resultTemplate;
+    this.resultServerTemplate = resultServerTemplate;
     this.listVersionsResponse = listVersionsResponse;
     this.exception = exception;
   }
 
   static MockRemoteConfigClient fromTemplate(Template resultTemplate) {
-    return new MockRemoteConfigClient(resultTemplate, null, null);
+    return new MockRemoteConfigClient(resultTemplate,null, null, null);
+  }
+
+  static MockRemoteConfigClient fromServerTemplate(String resultServerTemplate) {
+    return new MockRemoteConfigClient(null, resultServerTemplate,null, null);
   }
 
   static MockRemoteConfigClient fromListVersionsResponse(
           ListVersionsResponse listVersionsResponse) {
-    return new MockRemoteConfigClient(null, listVersionsResponse, null);
+    return new MockRemoteConfigClient(null,null, listVersionsResponse, null);
   }
 
   static MockRemoteConfigClient fromException(FirebaseRemoteConfigException exception) {
-    return new MockRemoteConfigClient(null, null, exception);
+    return new MockRemoteConfigClient(null,null, null, exception);
   }
 
   @Override
@@ -53,6 +60,14 @@ public Template getTemplate() throws FirebaseRemoteConfigException {
     return resultTemplate;
   }
 
+  @Override
+  public String getServerTemplate() throws FirebaseRemoteConfigException {
+    if (exception != null) {
+      throw exception;
+    }
+    return resultServerTemplate;
+  }
+
   @Override
   public Template getTemplateAtVersion(String versionNumber) throws FirebaseRemoteConfigException {
     if (exception != null) {
diff --git a/src/test/java/com/google/firebase/remoteconfig/ServerConditionTest.java b/src/test/java/com/google/firebase/remoteconfig/ServerConditionTest.java
new file mode 100644
index 000000000..6cbece1c0
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/ServerConditionTest.java
@@ -0,0 +1,218 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.CustomSignalConditionResponse;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.OneOfConditionResponse;
+import com.google.firebase.remoteconfig.internal.ServerTemplateResponse.ServerConditionResponse;
+import java.util.ArrayList;
+import org.junit.Test;
+
+/** Tests 
+* for {@link ServerCondition}. 
+* */
+public class ServerConditionTest {
+
+  @Test
+  public void testConstructor() {
+    OneOfCondition conditions =
+        new OneOfCondition()
+            .setOrCondition(
+                new OrCondition(
+                    ImmutableList.of(
+                        new OneOfCondition()
+                            .setAndCondition(
+                                new AndCondition(
+                                    ImmutableList.of(
+                                        new OneOfCondition()
+                                            .setCustomSignal(
+                                                new CustomSignalCondition(
+                                                    "users",
+                                                    CustomSignalOperator.NUMERIC_LESS_THAN,
+                                                    new ArrayList<>(
+                                                        ImmutableList.of("100"))))))))));
+    ServerCondition serverCondition = new ServerCondition("ios_en_1", conditions);
+
+    assertEquals("ios_en_1", serverCondition.getName());
+    assertEquals(conditions, serverCondition.getCondition());
+  }
+
+  @Test
+  public void testConstructorWithResponse() {
+    CustomSignalConditionResponse customResponse =
+        new CustomSignalConditionResponse()
+            .setKey("test_key")
+            .setOperator("NUMERIC_EQUAL")
+            .setTargetValues(ImmutableList.of("1"));
+    OneOfConditionResponse conditionResponse =
+        new OneOfConditionResponse().setCustomSignalCondition(customResponse);
+    ServerConditionResponse response =
+        new ServerConditionResponse().setName("ios_en_2").setServerCondition(conditionResponse);
+    ServerCondition serverCondition = new ServerCondition(response);
+
+    assertEquals("ios_en_2", serverCondition.getName());
+    assertEquals("test_key", serverCondition.getCondition().getCustomSignal().getCustomSignalKey());
+  }
+
+  @Test
+  public void testIllegalConstructor() {
+    IllegalArgumentException error =
+        assertThrows(IllegalArgumentException.class, () -> new ServerCondition(null, null));
+
+    assertEquals("condition name must not be null or empty", error.getMessage());
+  }
+
+  @Test
+  public void testConstructorWithNullServerConditionResponse() {
+    assertThrows(NullPointerException.class, () -> new ServerCondition(null));
+  }
+
+  @Test
+  public void testSetNullName() {
+    OneOfCondition conditions =
+        new OneOfCondition()
+            .setOrCondition(
+                new OrCondition(
+                    ImmutableList.of(
+                        new OneOfCondition()
+                            .setAndCondition(
+                                new AndCondition(
+                                    ImmutableList.of(
+                                        new OneOfCondition()
+                                            .setCustomSignal(
+                                                new CustomSignalCondition(
+                                                    "users",
+                                                    CustomSignalOperator.NUMERIC_LESS_THAN,
+                                                    new ArrayList<>(
+                                                        ImmutableList.of("100"))))))))));
+    ServerCondition condition = new ServerCondition("ios", conditions);
+    
+    IllegalArgumentException error = assertThrows(IllegalArgumentException.class,
+        () -> condition.setName(null));
+
+    assertEquals("condition name must not be null or empty", error.getMessage());
+  }
+
+  @Test
+  public void testSetEmptyName() {
+    OneOfCondition conditions =
+        new OneOfCondition()
+            .setOrCondition(
+                new OrCondition(
+                    ImmutableList.of(
+                        new OneOfCondition()
+                            .setAndCondition(
+                                new AndCondition(
+                                    ImmutableList.of(
+                                        new OneOfCondition()
+                                            .setCustomSignal(
+                                                new CustomSignalCondition(
+                                                    "users",
+                                                    CustomSignalOperator.NUMERIC_LESS_THAN,
+                                                    new ArrayList<>(
+                                                        ImmutableList.of("100"))))))))));
+    ServerCondition condition = new ServerCondition("ios", conditions);
+    
+    IllegalArgumentException error = assertThrows(IllegalArgumentException.class,
+        () -> condition.setName(""));
+
+    assertEquals("condition name must not be null or empty", error.getMessage());
+  }
+
+  @Test
+  public void testSetNullServerCondition() {
+    OneOfCondition conditions =
+        new OneOfCondition()
+            .setOrCondition(
+                new OrCondition(
+                    ImmutableList.of(
+                        new OneOfCondition()
+                            .setAndCondition(
+                                new AndCondition(
+                                    ImmutableList.of(
+                                        new OneOfCondition()
+                                            .setCustomSignal(
+                                                new CustomSignalCondition(
+                                                    "users",
+                                                    CustomSignalOperator.NUMERIC_LESS_THAN,
+                                                    new ArrayList<>(
+                                                        ImmutableList.of("100"))))))))));
+    ServerCondition condition = new ServerCondition("ios", conditions);
+    
+    assertThrows(NullPointerException.class, () -> condition.setServerCondition(null));
+  }
+
+  @Test
+  public void testEquality() {
+    OneOfCondition conditionOne =
+        new OneOfCondition()
+            .setOrCondition(
+                new OrCondition(
+                    ImmutableList.of(
+                        new OneOfCondition()
+                            .setAndCondition(
+                                new AndCondition(
+                                    ImmutableList.of(
+                                        new OneOfCondition()
+                                            .setCustomSignal(
+                                                new CustomSignalCondition(
+                                                    "users",
+                                                    CustomSignalOperator.NUMERIC_LESS_THAN,
+                                                    new ArrayList<>(
+                                                        ImmutableList.of("100"))))))))));
+    OneOfCondition conditionTwo =
+        new OneOfCondition()
+            .setOrCondition(
+                new OrCondition(
+                    ImmutableList.of(
+                        new OneOfCondition()
+                            .setAndCondition(
+                                new AndCondition(
+                                    ImmutableList.of(
+                                        new OneOfCondition()
+                                            .setCustomSignal(
+                                                new CustomSignalCondition(
+                                                    "users",
+                                                    CustomSignalOperator.NUMERIC_LESS_THAN,
+                                                    new ArrayList<>(ImmutableList.of("100")))),
+                                        new OneOfCondition()
+                                            .setCustomSignal(
+                                                new CustomSignalCondition(
+                                                            "users",
+                                                    CustomSignalOperator
+                                                        .NUMERIC_GREATER_THAN,
+                                                    new ArrayList<>(ImmutableList.of("20")))),
+                                        new OneOfCondition()
+                                            .setPercent(
+                                                new PercentCondition(
+                                                    new MicroPercentRange(25000000, 100000000),
+                                                    PercentConditionOperator.BETWEEN,
+                                                    "cla24qoibb61"))))))));
+
+    final ServerCondition serverConditionOne = new ServerCondition("ios", conditionOne);
+    final ServerCondition serverConditionTwo = new ServerCondition("ios", conditionOne);
+    final ServerCondition serverConditionThree = new ServerCondition("android", conditionTwo);
+    final ServerCondition serverConditionFour = new ServerCondition("android", conditionTwo);
+
+    assertEquals(serverConditionOne, serverConditionTwo);
+    assertEquals(serverConditionThree, serverConditionFour);
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/ServerTemplateImplTest.java b/src/test/java/com/google/firebase/remoteconfig/ServerTemplateImplTest.java
new file mode 100644
index 000000000..bafe84331
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/ServerTemplateImplTest.java
@@ -0,0 +1,421 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+
+import com.google.api.core.ApiFuture;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.FirebaseOptions;
+import com.google.firebase.auth.MockGoogleCredentials;
+import com.google.firebase.testing.TestUtils;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParser;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/** Tests 
+* for {@link ServerTemplateImpl}. 
+* */
+public class ServerTemplateImplTest {
+
+  private static final FirebaseOptions TEST_OPTIONS =
+      FirebaseOptions.builder()
+          .setCredentials(new MockGoogleCredentials("test-token"))
+          .setProjectId("test-project")
+          .build();
+
+  private static String cacheTemplate;
+
+  @BeforeClass
+  public static void setUpClass() {
+    cacheTemplate = TestUtils.loadResource("getServerTemplateData.json");
+  }
+
+  @Test
+  public void testServerTemplateWithoutCacheValueThrowsException()
+      throws FirebaseRemoteConfigException {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+
+    IllegalArgumentException error =
+        assertThrows(
+            IllegalArgumentException.class,
+            () -> new ServerTemplateImpl.Builder(null).defaultConfig(defaultConfig).build());
+
+    assertEquals("JSON String must not be null or empty.", error.getMessage());
+  }
+
+  @Test
+  public void testEvaluateWithoutContextReturnsDefaultValue() throws FirebaseRemoteConfigException {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate();
+
+    assertEquals("Default value", evaluatedConfig.getString("Custom"));
+  }
+
+  @Test
+  public void testEvaluateCustomSignalReturnsDefaultValue() throws FirebaseRemoteConfigException {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().put("users", "100").build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("Default value", evaluatedConfig.getString("Custom"));
+  }
+
+  @Test
+  public void testEvaluateCustomSignalReturnsConditionalValue()
+      throws FirebaseRemoteConfigException {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().put("users", "99").build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("Conditional value", evaluatedConfig.getString("Custom"));
+  }
+
+  @Test
+  public void testEvaluateCustomSignalWithoutContextReturnsDefaultValue()
+      throws FirebaseRemoteConfigException {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("Default value", evaluatedConfig.getString("Custom"));
+  }
+
+  @Test
+  public void testEvaluateCustomSignalWithInvalidContextReturnsDefaultValue()
+      throws FirebaseRemoteConfigException {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().put("users", "abc").build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("Default value", evaluatedConfig.getString("Custom"));
+  }
+
+  @Test
+  public void testEvaluatePercentWithoutRandomizationIdReturnsDefaultValue()
+      throws FirebaseRemoteConfigException {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("Default value", evaluatedConfig.getString("Percent"));
+  }
+
+  @Test
+  public void testEvaluatePercentReturnsConditionalValue() throws FirebaseRemoteConfigException {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().put("randomizationId", "user").build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("Conditional value", evaluatedConfig.getString("Percent"));
+  }
+
+  @Test
+  public void testEvaluateWithoutDefaultValueReturnsEmptyString()
+      throws FirebaseRemoteConfigException {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("", evaluatedConfig.getString("Unset default value"));
+  }
+
+  @Test
+  public void testEvaluateWithInvalidCacheValueThrowsException()
+      throws FirebaseRemoteConfigException {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().build();
+    String invalidJsonString = "abc";
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(invalidJsonString)
+            .build();
+
+    FirebaseRemoteConfigException error =
+        assertThrows(FirebaseRemoteConfigException.class, () -> template.evaluate(context));
+
+    assertEquals(
+        "No Remote Config Server template in cache. Call load() before " + "calling evaluate().",
+        error.getMessage());
+  }
+
+  @Test
+  public void testEvaluateWithInAppDefaultReturnsEmptyString() throws Exception {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("", evaluatedConfig.getString("In-app default"));
+  }
+
+  @Test
+  public void testEvaluateWithDerivedInAppDefaultReturnsDefaultValue() throws Exception {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("Default value", evaluatedConfig.getString("Derived in-app default"));
+  }
+
+  @Test
+  public void testEvaluateWithMultipleConditionReturnsConditionalValue() throws Exception {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().put("users", "99").build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("Conditional value 1", evaluatedConfig.getString("Multiple conditions"));
+  }
+
+  @Test
+  public void testEvaluateWithChainedAndConditionReturnsDefaultValue() throws Exception {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context =
+        new KeysAndValues.Builder()
+            .put("users", "100")
+            .put("premium users", 20)
+            .put("randomizationId", "user")
+            .build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("Default value", evaluatedConfig.getString("Chained conditions"));
+  }
+
+  @Test
+  public void testEvaluateWithChainedAndConditionReturnsConditionalValue() throws Exception {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context =
+        new KeysAndValues.Builder().put("users", "99").put("premium users", "30").build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals("Conditional value", evaluatedConfig.getString("Chained conditions"));
+  }
+
+  @Test
+  public void testGetEvaluateConfigOnInvalidTypeReturnsDefaultValue() throws Exception {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().put("randomizationId", "user").build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals(0L, evaluatedConfig.getLong("Percent"));
+  }
+
+  @Test
+  public void testGetEvaluateConfigInvalidKeyReturnsStaticValueSource() throws Exception {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().build();
+    KeysAndValues context = new KeysAndValues.Builder().build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals(ValueSource.STATIC, evaluatedConfig.getValueSource("invalid"));
+  }
+
+  @Test
+  public void testGetEvaluateConfigInAppDefaultConfigReturnsDefaultValueSource() throws Exception {
+    KeysAndValues defaultConfig = new KeysAndValues.Builder().put("In-app default", "abc").build();
+    KeysAndValues context = new KeysAndValues.Builder().build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals(ValueSource.DEFAULT, evaluatedConfig.getValueSource("In-app default"));
+  }
+
+  @Test
+  public void testGetEvaluateConfigUnsetDefaultConfigReturnsDefaultValueSource() throws Exception {
+    KeysAndValues defaultConfig =
+        new KeysAndValues.Builder().put("Unset default config", "abc").build();
+    KeysAndValues context = new KeysAndValues.Builder().build();
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null)
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate)
+            .build();
+
+    ServerConfig evaluatedConfig = template.evaluate(context);
+
+    assertEquals(ValueSource.DEFAULT, evaluatedConfig.getValueSource("Unset default config"));
+  }
+
+  private static final String TEST_ETAG = "etag-123456789012-1";
+
+  private FirebaseRemoteConfig getRemoteConfig(FirebaseRemoteConfigClient client) {
+    FirebaseApp app = FirebaseApp.initializeApp(TEST_OPTIONS, "test-app");
+    return new FirebaseRemoteConfig(app, client);
+  }
+
+  @Test
+  public void testLoad() throws Exception {
+    // 1. Define the template data that the mock client will return.
+    // This is the EXPECTED state after `load()` is called.
+    final String expectedTemplateJsonAfterLoad =
+        new ServerTemplateData().setETag(TEST_ETAG).toJSON();
+
+    // 2. Mock the HTTP client to return the predefined response.
+    MockRemoteConfigClient client =
+        MockRemoteConfigClient.fromServerTemplate(expectedTemplateJsonAfterLoad);
+    FirebaseRemoteConfig remoteConfig = getRemoteConfig(client);
+
+    // 3. Build the template instance.
+    // It's initialized with a complex `cacheTemplate` to ensure `load()` properly
+    // overwrites it.
+    KeysAndValues defaultConfig =
+        new KeysAndValues.Builder().put("Unset default config", "abc").build();
+    ServerTemplate template =
+        remoteConfig
+            .serverTemplateBuilder()
+            .defaultConfig(defaultConfig)
+            .cachedTemplate(cacheTemplate) // This is the initial state before `load()`
+            .build();
+
+    // 4. Call the load method, which fetches the new template from the mock client.
+    ApiFuture<Void> loadFuture = template.load();
+    loadFuture.get(); // Wait for the async operation to complete.
+
+    // 5. Get the ACTUAL state of the template after `load()` has executed.
+    String actualJsonAfterLoad = template.toJson();
+
+    // 6. Assert that the template's state has been updated to match what the mock
+    // client returned.
+    // Parsing to JsonElement performs a deep, order-insensitive comparison.
+    JsonElement expectedJson = JsonParser.parseString(expectedTemplateJsonAfterLoad);
+    JsonElement actualJson = JsonParser.parseString(actualJsonAfterLoad);
+
+    assertEquals(expectedJson, actualJson);
+  }
+
+  @Test
+  public void testBuilderParsesCachedTemplateCorrectly() throws FirebaseRemoteConfigException {
+    // Arrange:
+    // 1. Create a canonical JSON string by parsing the input file and then
+    // re-serializing it. This gives us the precise expected output format,
+    // accounting for any formatting or default value differences.
+    ServerTemplateData canonicalData = ServerTemplateData.fromJSON(cacheTemplate);
+    String expectedJsonString = canonicalData.toJSON();
+
+    // Act:
+    // 2. Build a ServerTemplate instance from the original cached JSON string,
+    // which triggers the parsing logic we want to test.
+    ServerTemplate template =
+        new ServerTemplateImpl.Builder(null).cachedTemplate(cacheTemplate).build();
+
+    // Assert:
+    // 3. Compare the JSON from the newly built template against the canonical
+    // version.
+    // This verifies that the internal state was parsed and stored correctly.
+    // Using JsonElement ensures the comparison is not affected by key order.
+    JsonElement expectedJsonTree = JsonParser.parseString(expectedJsonString);
+    JsonElement actualJsonTree = JsonParser.parseString(template.toJson());
+
+    assertEquals(expectedJsonTree, actualJsonTree);
+  }
+}
diff --git a/src/test/java/com/google/firebase/remoteconfig/ValueTest.java b/src/test/java/com/google/firebase/remoteconfig/ValueTest.java
new file mode 100644
index 000000000..c1822b063
--- /dev/null
+++ b/src/test/java/com/google/firebase/remoteconfig/ValueTest.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.remoteconfig;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+public class ValueTest {
+  @Test
+  public void testGetSourceReturnsValueSource() {
+    Value value = new Value(ValueSource.STATIC);
+    assertEquals(value.getSource(), ValueSource.STATIC);
+  }
+
+  @Test
+  public void testAsStringReturnsValueAsString() {
+    Value value = new Value(ValueSource.STATIC, "sample-string");
+    assertEquals(value.asString(), "sample-string");
+  }
+
+  @Test
+  public void testAsStringReturnsDefaultEmptyString() {
+    Value value = new Value(ValueSource.STATIC);
+    assertEquals(value.asString(), "");
+  }
+
+  @Test
+  public void testAsLongReturnsDefaultValueForStaticSource() {
+    Value value = new Value(ValueSource.STATIC);
+    assertEquals(value.asLong(), 0L);
+  }
+
+  @Test
+  public void testAsLongReturnsDefaultValueForInvalidSourceValue() {
+    Value value = new Value(ValueSource.REMOTE, "sample-string");
+    assertEquals(value.asLong(), 0L);
+  }
+
+  @Test
+  public void testAsLongReturnsSourceValueAsLong() {
+    Value value = new Value(ValueSource.REMOTE, "123");
+    assertEquals(value.asLong(), 123L);
+  }
+
+  @Test
+  public void testAsDoubleReturnsDefaultValueForStaticSource() {
+    Value value = new Value(ValueSource.STATIC);
+    assertEquals(value.asDouble(), 0, 0);
+  }
+
+  @Test
+  public void testAsDoubleReturnsDefaultValueForInvalidSourceValue() {
+    Value value = new Value(ValueSource.REMOTE, "sample-string");
+    assertEquals(value.asDouble(), 0, 0);
+  }
+
+  @Test
+  public void testAsDoubleReturnsSourceValueAsDouble() {
+    Value value = new Value(ValueSource.REMOTE, "123.34");
+    assertEquals(value.asDouble(), 123.34, 0);
+  }
+  
+  @Test
+  public void testAsBooleanReturnsDefaultValueForStaticSource() {
+    Value value = new Value(ValueSource.STATIC);
+    assertFalse(value.asBoolean());
+  }
+
+  @Test
+  public void testAsBooleanReturnsDefaultValueForInvalidSourceValue() {
+    Value value = new Value(ValueSource.REMOTE, "sample-string");
+    assertFalse(value.asBoolean());
+  }
+
+  @Test
+  public void testAsBooleanReturnsSourceValueAsBoolean() {
+    Value value = new Value(ValueSource.REMOTE, "1");
+    assertTrue(value.asBoolean());
+  }
+
+  @Test
+  public void testAsBooleanReturnsSourceValueYesAsBoolean() {
+    Value value = new Value(ValueSource.REMOTE, "YeS");
+    assertTrue(value.asBoolean());
+  }
+}
+ 
\ No newline at end of file
diff --git a/src/test/java/com/google/firebase/remoteconfig/VersionTest.java b/src/test/java/com/google/firebase/remoteconfig/VersionTest.java
index 515629660..1e524195f 100644
--- a/src/test/java/com/google/firebase/remoteconfig/VersionTest.java
+++ b/src/test/java/com/google/firebase/remoteconfig/VersionTest.java
@@ -20,6 +20,7 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
 
 import com.google.firebase.remoteconfig.internal.TemplateResponse;
 import com.google.firebase.remoteconfig.internal.TemplateResponse.VersionResponse;
@@ -27,15 +28,16 @@
 
 public class VersionTest {
 
-  @Test(expected = NullPointerException.class)
+  @Test
   public void testConstructorWithNullVersionResponse() {
-    new Version(null);
+    assertThrows(NullPointerException.class, () -> new Version(null));
   }
 
-  @Test(expected = IllegalStateException.class)
+  @Test
   public void testConstructorWithInvalidUpdateTime() {
-    new Version(new VersionResponse()
-            .setUpdateTime("sunday,26th"));
+    assertThrows(IllegalStateException.class, () -> 
+        new Version(new VersionResponse().setUpdateTime("sunday,26th")));
+
   }
 
   @Test
diff --git a/src/test/resources/getServerRemoteConfig.json b/src/test/resources/getServerRemoteConfig.json
new file mode 100644
index 000000000..e5cb1a9eb
--- /dev/null
+++ b/src/test/resources/getServerRemoteConfig.json
@@ -0,0 +1,142 @@
+{
+  "conditions": [
+    {
+      "name": "custom_signal",
+      "condition": {
+        "orCondition": {
+          "conditions": [
+            {
+              "andCondition": {
+                "conditions": [
+                  {
+                    "customSignal": {
+                      "customSignalOperator": "NUMERIC_LESS_THAN",
+                      "customSignalKey": "users",
+                      "targetCustomSignalValues": [
+                        "100"
+                      ]
+                    }
+                  }
+                ]
+              }
+            }
+          ]
+        }
+      }
+    },
+    {
+      "name": "percent",
+      "condition": {
+        "orCondition": {
+          "conditions": [
+            {
+              "andCondition": {
+                "conditions": [
+                  {
+                    "percent": {
+                      "percentOperator": "BETWEEN",
+                      "seed": "3maarirs9xzs",
+                      "microPercentRange": {
+                        "microPercentLowerBound": 12000000,
+                        "microPercentUpperBound": 100000000
+                      }
+                    }
+                  }
+                ]
+              }
+            }
+          ]
+        }
+      }
+    },
+    {
+      "name": "chained_conditions",
+      "condition": {
+        "orCondition": {
+          "conditions": [
+            {
+              "andCondition": {
+                "conditions": [
+                  {
+                    "customSignal": {
+                      "customSignalOperator": "NUMERIC_LESS_THAN",
+                      "customSignalKey": "users",
+                      "targetCustomSignalValues": [
+                        "100"
+                      ]
+                    }
+                  },
+                  {
+                    "customSignal": {
+                      "customSignalOperator": "NUMERIC_GREATER_THAN",
+                      "customSignalKey": "premium users",
+                      "targetCustomSignalValues": [
+                        "20"
+                      ]
+                    }
+                  },
+                  {
+                    "percent": {
+                      "percentOperator": "BETWEEN",
+                      "seed": "cla24qoibb61",
+                      "microPercentRange": {
+                        "microPercentLowerBound": 25000000,
+                        "microPercentUpperBound": 100000000
+                      }
+                    }
+                  }
+                ]
+              }
+            }
+          ]
+        }
+      }
+    }
+  ],
+  "parameters": {
+    "welcome_message_text": {
+      "defaultValue": {
+        "value": "welcome to app"
+      },
+      "conditionalValues": {
+        "ios_en": {
+          "value": "welcome to app en"
+        }
+      },
+      "description": "text for welcome message!",
+      "valueType": "STRING"
+    },
+    "header_text": {
+      "defaultValue": {
+        "useInAppDefault": true
+      },
+      "valueType": "STRING"
+    }
+  },
+  "parameterGroups": {
+    "new menu": {
+      "description": "New Menu",
+      "parameters": {
+        "pumpkin_spice_season": {
+          "defaultValue": {
+            "value": "true"
+          },
+          "description": "Whether it's currently pumpkin spice season.",
+          "valueType": "BOOLEAN"
+        }
+      }
+    }
+  },
+  "version": {
+    "versionNumber": "17",
+    "updateOrigin": "ADMIN_SDK_NODE",
+    "updateType": "INCREMENTAL_UPDATE",
+    "updateUser": {
+      "email": "firebase-user@account.com",
+      "name": "dev-admin",
+      "imageUrl": "http://image.jpg"
+    },
+    "updateTime": "2020-11-15T06:57:26.342763941Z",
+    "description": "promo config"
+  }
+}
\ No newline at end of file
diff --git a/src/test/resources/getServerTemplateData.json b/src/test/resources/getServerTemplateData.json
new file mode 100644
index 000000000..c26f74185
--- /dev/null
+++ b/src/test/resources/getServerTemplateData.json
@@ -0,0 +1,181 @@
+{
+  "conditions": [
+    {
+      "name": "custom_signal",
+      "condition": {
+        "orCondition": {
+          "conditions": [
+            {
+              "andCondition": {
+                "conditions": [
+                  {
+                    "customSignal": {
+                      "customSignalOperator": "NUMERIC_LESS_THAN",
+                      "customSignalKey": "users",
+                      "targetCustomSignalValues": [
+                        "100"
+                      ]
+                    }
+                  }
+                ]
+              }
+            }
+          ]
+        }
+      }
+    },
+    {
+      "name": "percent",
+      "condition": {
+        "orCondition": {
+          "conditions": [
+            {
+              "andCondition": {
+                "conditions": [
+                  {
+                    "percent": {
+                      "percentOperator": "BETWEEN",
+                      "seed": "3maarirs9xzs",
+                      "microPercentRange": {
+                        "microPercentLowerBound": 12000000,
+                        "microPercentUpperBound": 100000000
+                      }
+                    }
+                  }
+                ]
+              }
+            }
+          ]
+        }
+      }
+    },
+    {
+      "name": "chained_conditions",
+      "condition": {
+        "orCondition": {
+          "conditions": [
+            {
+              "andCondition": {
+                "conditions": [
+                  {
+                    "customSignal": {
+                      "customSignalOperator": "NUMERIC_LESS_THAN",
+                      "customSignalKey": "users",
+                      "targetCustomSignalValues": [
+                        "100"
+                      ]
+                    }
+                  },
+                  {
+                    "customSignal": {
+                      "customSignalOperator": "NUMERIC_GREATER_THAN",
+                      "customSignalKey": "premium users",
+                      "targetCustomSignalValues": [
+                        "20"
+                      ]
+                    },
+                    "percent": {
+                      "percentOperator": "BETWEEN",
+                      "seed": "cla24qoibb61",
+                      "microPercentRange": {
+                        "microPercentLowerBound": 25000000,
+                        "microPercentUpperBound": 100000000
+                      }
+                    }
+                  }
+                ]
+              }
+            }
+          ]
+        }
+      }
+    }
+  ],
+  "parameters": {
+    "Percent": {
+      "defaultValue": {
+        "value": "Default value"
+      },
+      "conditionalValues": {
+        "percent": {
+          "value": "Conditional value"
+        }
+      }
+    },
+    "Custom": {
+      "defaultValue": {
+        "value": "Default value"
+      },
+      "conditionalValues": {
+        "custom_signal": {
+          "value": "Conditional value"
+        }
+      }
+    },
+    "Welcome Message": {
+      "defaultValue": {
+        "value": "Welcome"
+      }
+    },
+    "Unset default value": {
+      "defaultValue": {
+        "value": ""
+      }
+    },
+    "In-app default": {
+      "defaultValue": {
+        "useInAppDefault": true
+      },
+      "conditionalValues": {
+        "percent": {
+          "value": "Conditional value"
+        }
+      }
+    },
+    "Derived in-app default": {
+      "defaultValue": {
+        "value": "Default value"
+      },
+      "conditionalValues": {
+        "percent": {
+          "useInAppDefault": true
+        }
+      }
+    },
+    "Multiple conditions": {
+      "defaultValue": {
+        "value": "Default value"
+      },
+      "conditionalValues": {
+        "custom_signal": {
+          "value": "Conditional value 1"
+        },
+        "percent": {
+          "value": "Conditional value 2"
+        }
+      }
+    },
+    "Chained conditions": {
+      "defaultValue": {
+        "value": "Default value"
+      },
+      "conditionalValues": {
+        "chained_conditions": {
+          "value": "Conditional value"
+        }
+      }
+    }
+  },
+  "version": {
+    "versionNumber": "17",
+    "updateOrigin": "ADMIN_SDK_NODE",
+    "updateType": "INCREMENTAL_UPDATE",
+    "updateUser": {
+      "email": "firebase-user@account.com",
+      "name": "dev-admin",
+      "imageUrl": "http://image.jpg"
+    },
+    "updateTime": "2020-11-15T06:57:26.342763941Z",
+    "description": "promo config"
+  }
+}
\ No newline at end of file

From c141def8c6803021e50ec473934d5aa34f187c36 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Sep 2025 15:18:41 -0400
Subject: [PATCH 347/354] chore(deps): Bump
 org.apache.maven.plugins:maven-surefire-plugin (#1133)

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.3 to 3.5.4.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.3...surefire-3.5.4)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lahiru Maramba <llahiru@gmail.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 91c203218..30a898622 100644
--- a/pom.xml
+++ b/pom.xml
@@ -273,7 +273,7 @@
             <!-- Test Phase -->
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.5.3</version>
+                <version>3.5.4</version>
                 <configuration>
                     <skipTests>${skipUTs}</skipTests>
                 </configuration>

From 3737fe2fe9cee4190d97bcf5f628787dfd1308c6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Sep 2025 16:54:15 -0400
Subject: [PATCH 348/354] chore(deps): Bump netty.version from 4.2.5.Final to
 4.2.6.Final (#1131)

Bumps `netty.version` from 4.2.5.Final to 4.2.6.Final.

Updates `io.netty:netty-codec-http` from 4.2.5.Final to 4.2.6.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.2.5.Final...netty-4.2.6.Final)

Updates `io.netty:netty-handler` from 4.2.5.Final to 4.2.6.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.2.5.Final...netty-4.2.6.Final)

Updates `io.netty:netty-transport` from 4.2.5.Final to 4.2.6.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.2.5.Final...netty-4.2.6.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-codec-http
  dependency-version: 4.2.6.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-handler
  dependency-version: 4.2.6.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-version: 4.2.6.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lahiru Maramba <llahiru@gmail.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 30a898622..d4a8e3db8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.2.5.Final</netty.version>
+        <netty.version>4.2.6.Final</netty.version>
     </properties>
 
     <scm>

From 800298c46df2d77eaa089e0cfcfcf48c1b3b19fa Mon Sep 17 00:00:00 2001
From: Lahiru Maramba <llahiru@gmail.com>
Date: Wed, 24 Sep 2025 11:40:55 -0400
Subject: [PATCH 349/354] [chore] Release 9.7.0 (#1136)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d4a8e3db8..e6fdd2baa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
     <groupId>com.google.firebase</groupId>
     <artifactId>firebase-admin</artifactId>
-    <version>9.6.0</version>
+    <version>9.7.0</version>
     <packaging>jar</packaging>
 
     <name>firebase-admin</name>

From 27af418713393604fd82d8022246bf3a3a0944b3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Nov 2025 20:30:38 +0000
Subject: [PATCH 350/354] chore(deps): Bump com.google.cloud:libraries-bom from
 26.67.0 to 26.71.0 (#1146)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e6fdd2baa..c4998f31b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -378,7 +378,7 @@
             <dependency>
                 <groupId>com.google.cloud</groupId>
                 <artifactId>libraries-bom</artifactId>
-                <version>26.67.0</version>
+                <version>26.71.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 1e3bddc2fedcab9cf9b02918b88200097c99648a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Nov 2025 20:35:14 +0000
Subject: [PATCH 351/354] chore(deps): Bump
 org.apache.maven.plugins:maven-javadoc-plugin (#1141)

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index c4998f31b..1c0d9a40a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -82,7 +82,7 @@
                     <plugin>
                         <!-- Generate API docs using Doclava for the developer site -->
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.11.3</version>
+                        <version>3.12.0</version>
                         <executions>
                             <execution>
                                 <phase>site</phase>
@@ -294,7 +294,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.11.3</version>
+                <version>3.12.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

From 88381d8517e7a847b723a3f401cbe01017891abe Mon Sep 17 00:00:00 2001
From: Jos <josroseboom@gmail.com>
Date: Wed, 19 Nov 2025 16:53:05 +0100
Subject: [PATCH 352/354] fix(fcm): Preserve unmapped `TopicManagementResponse`
 error reasons (#1073)

* RESOURCE_EXHAUSTED is a possible error code as well, given https://developers.google.com/instance-id/reference/server

* If the reason is not in the predefined ERROR_CODES it would be more helpful to use the reason String that came in as an parameter than UNKNOWN_ERROR. UNKNOWN_ERROR could be used for null or empty Strings.

* For consistency with the current format of the error reasons, logic is added to map them from UPPER_SNAKE_CASE to lower-kebab-case. Entries from the ERROR_CODES that can be computed this way are removed from the map. Extra tests are added for those 3 cases.
---
 .../messaging/TopicManagementResponse.java    |  9 ++--
 .../messaging/InstanceIdClientImplTest.java   | 50 ++++++++++++++++++-
 2 files changed, 53 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/google/firebase/messaging/TopicManagementResponse.java b/src/main/java/com/google/firebase/messaging/TopicManagementResponse.java
index bbf4c944a..9f75f5871 100644
--- a/src/main/java/com/google/firebase/messaging/TopicManagementResponse.java
+++ b/src/main/java/com/google/firebase/messaging/TopicManagementResponse.java
@@ -37,10 +37,8 @@ public class TopicManagementResponse {
   // Server error codes as defined in https://developers.google.com/instance-id/reference/server
   // TODO: Should we handle other error codes here (e.g. PERMISSION_DENIED)?
   private static final Map<String, String> ERROR_CODES = ImmutableMap.<String, String>builder()
-      .put("INVALID_ARGUMENT", "invalid-argument")
       .put("NOT_FOUND", "registration-token-not-registered")
       .put("INTERNAL", "internal-error")
-      .put("TOO_MANY_TOPICS", "too-many-topics")
       .build();
 
   private final int successCount;
@@ -101,8 +99,11 @@ public static class Error {
 
     private Error(int index, String reason) {
       this.index = index;
-      this.reason = ERROR_CODES.containsKey(reason)
-        ? ERROR_CODES.get(reason) : UNKNOWN_ERROR;
+      if (reason == null || reason.trim().isEmpty()) {
+        this.reason = UNKNOWN_ERROR;
+      } else {
+        this.reason = ERROR_CODES.getOrDefault(reason, reason.toLowerCase().replace('_', '-'));
+      }
     }
 
     /**
diff --git a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
index d0151bb94..a6f1c7543 100644
--- a/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
+++ b/src/test/java/com/google/firebase/messaging/InstanceIdClientImplTest.java
@@ -404,7 +404,30 @@ public void testTopicManagementResponseWithEmptyList() {
 
   @Test
   public void testTopicManagementResponseErrorToString() {
-    GenericJson json = new GenericJson().set("error", "test error");
+    GenericJson json = new GenericJson().set("error", "INVALID_ARGUMENT");
+    ImmutableList<GenericJson> jsonList = ImmutableList.of(json);
+
+    TopicManagementResponse topicManagementResponse = new TopicManagementResponse(jsonList);
+
+    String expected = "[Error{index=0, reason=invalid-argument}]";
+    assertEquals(expected, topicManagementResponse.getErrors().toString());
+  }
+
+  @Test
+  public void testTopicManagementResponseErrorNotInErrorCodes() {
+    String myError = "MY_ERROR";
+    GenericJson json = new GenericJson().set("error", myError);
+    ImmutableList<GenericJson> jsonList = ImmutableList.of(json);
+
+    TopicManagementResponse topicManagementResponse = new TopicManagementResponse(jsonList);
+
+    String expected = "[Error{index=0, reason=my-error}]";
+    assertEquals(expected, topicManagementResponse.getErrors().toString());
+  }
+
+  @Test
+  public void testTopicManagementResponseErrorUnknown() {
+    GenericJson json = new GenericJson().set("error", "");
     ImmutableList<GenericJson> jsonList = ImmutableList.of(json);
 
     TopicManagementResponse topicManagementResponse = new TopicManagementResponse(jsonList);
@@ -413,6 +436,29 @@ public void testTopicManagementResponseErrorToString() {
     assertEquals(expected, topicManagementResponse.getErrors().toString());
   }
 
+  @Test
+  public void testTopicManagementResponseErrorResourceExhausted() {
+    GenericJson json = new GenericJson().set("error", "RESOURCE_EXHAUSTED");
+    ImmutableList<GenericJson> jsonList = ImmutableList.of(json);
+
+    TopicManagementResponse topicManagementResponse = new TopicManagementResponse(jsonList);
+
+    String expected = "[Error{index=0, reason=resource-exhausted}]";
+    assertEquals(expected, topicManagementResponse.getErrors().toString());
+  }
+
+  @Test
+  public void testTopicManagementResponseErrorTooManyTopics() {
+    GenericJson json = new GenericJson().set("error", "TOO_MANY_TOPICS");
+    ImmutableList<GenericJson> jsonList = ImmutableList.of(json);
+
+    TopicManagementResponse topicManagementResponse = new TopicManagementResponse(jsonList);
+
+    String expected = "[Error{index=0, reason=too-many-topics}]";
+    assertEquals(expected, topicManagementResponse.getErrors().toString());
+  }
+
+
   private static InstanceIdClientImpl initInstanceIdClient(
       final MockLowLevelHttpResponse mockResponse,
       final HttpResponseInterceptor interceptor) {
@@ -432,7 +478,7 @@ private void checkTopicManagementRequest(
     assertEquals(1, result.getFailureCount());
     assertEquals(1, result.getErrors().size());
     assertEquals(1, result.getErrors().get(0).getIndex());
-    assertEquals("unknown-error", result.getErrors().get(0).getReason());
+    assertEquals("error-reason", result.getErrors().get(0).getReason());
 
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     request.getContent().writeTo(out);

From 029185574a0028cc4080df607d3f4c2254875979 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Nov 2025 17:42:37 +0000
Subject: [PATCH 353/354] chore(deps): Bump netty.version from 4.2.6.Final to
 4.2.7.Final (#1147)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1c0d9a40a..324dbd935 100644
--- a/pom.xml
+++ b/pom.xml
@@ -59,7 +59,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <skipUTs>${skipTests}</skipUTs>
-        <netty.version>4.2.6.Final</netty.version>
+        <netty.version>4.2.7.Final</netty.version>
     </properties>
 
     <scm>

From eee14b47ffb7bba7aeb4dafed85f77677f98e937 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Nov 2025 17:51:37 +0000
Subject: [PATCH 354/354] chore(deps): Bump org.codehaus.mojo:exec-maven-plugin
 (#1148)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 324dbd935..275a7830d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -208,7 +208,7 @@
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>exec-maven-plugin</artifactId>
-                        <version>3.5.1</version>
+                        <version>3.6.2</version>
                         <executions>
                             <execution>
                                 <phase>test</phase>