SHavanonda
diff --git a/‎firebase_admin/_auth_utils.py
Lines changed: 6 additions & 0 deletions b/‎firebase_admin/_auth_utils.py
Lines changed: 6 additions & 0 deletions
diff --git a/‎firebase_admin/_token_gen.py
Lines changed: 13 additions & 7 deletions b/‎firebase_admin/_token_gen.py
Lines changed: 13 additions & 7 deletions
diff --git a/‎firebase_admin/auth.py
Lines changed: 5 additions & 0 deletions b/‎firebase_admin/auth.py
Lines changed: 5 additions & 0 deletions
diff --git a/‎tests/test_token_gen.py
Lines changed: 27 additions & 23 deletions b/‎tests/test_token_gen.py
Lines changed: 27 additions & 23 deletions
@@ -30,6 +30,12 @@
 ])
 VALID_EMAIL_ACTION_TYPES = set(['VERIFY_EMAIL', 'EMAIL_SIGNIN', 'PASSWORD_RESET'])
 
+# Error codes
+INVALID_ID_TOKEN = 'INVALID_ID_TOKEN'
+INVALID_SESSION_COOKIE = 'INVALID_SESSION_COOKIE'
+TOKEN_SIGN_FAILED = 'TOKEN_SIGN_FAILED'
+CERTIFICATE_FETCH_FAILED = 'CERTIFICATE_FETCH_FAILED'
+
 
 def validate_uid(uid, required=False):
     if uid is None and not required:
 
@@ -54,10 +54,6 @@
 METADATA_SERVICE_URL = ('http://metadata/computeMetadata/v1/instance/service-accounts/'
                         'default/email')
 
-# Error codes
-TOKEN_SIGN_FAILED = 'TOKEN_SIGN_FAILED'
-CERTIFICATE_FETCH_FAILED = 'CERTIFICATE_FETCH_FAILED'
-
 
 class _SigningProvider(object):
     """Stores a reference to a google.auth.crypto.Signer."""
@@ -176,7 +172,7 @@ def create_custom_token(self, uid, developer_claims=None):
                 exceptions.UNKNOWN,
                 'Failed to sign custom token. {0}'.format(error),
                 cause=error,
-                auth_error_code=TOKEN_SIGN_FAILED)
+                auth_error_code=_auth_utils.TOKEN_SIGN_FAILED)
 
 
     def create_session_cookie(self, id_token, expires_in):
@@ -227,11 +223,13 @@ def __init__(self, app):
             project_id=app.project_id, short_name='ID token',
             operation='verify_id_token()',
             doc_url='https://firebase.google.com/docs/auth/admin/verify-id-tokens',
+            error_code=_auth_utils.INVALID_ID_TOKEN,
             cert_url=ID_TOKEN_CERT_URI, issuer=ID_TOKEN_ISSUER_PREFIX)
         self.cookie_verifier = _JWTVerifier(
             project_id=app.project_id, short_name='session cookie',
             operation='verify_session_cookie()',
             doc_url='https://firebase.google.com/docs/auth/admin/verify-id-tokens',
+            error_code=_auth_utils.INVALID_SESSION_COOKIE,
             cert_url=COOKIE_CERT_URI, issuer=COOKIE_ISSUER_PREFIX)
 
     def verify_id_token(self, id_token):
@@ -251,6 +249,7 @@ def __init__(self, **kwargs):
         self.url = kwargs.pop('doc_url')
         self.cert_url = kwargs.pop('cert_url')
         self.issuer = kwargs.pop('issuer')
+        self.error_code = kwargs.pop('error_code')
         if self.short_name[0].lower() in 'aeiou':
             self.articled_short_name = 'an {0}'.format(self.short_name)
         else:
@@ -325,7 +324,8 @@ def verify(self, token, request):
                 '{1}'.format(self.short_name, verify_id_token_msg))
 
         if error_message:
-            raise ValueError(error_message)
+            raise _auth_utils.FirebaseAuthError(
+                exceptions.INVALID_ARGUMENT, error_message, auth_error_code=self.error_code)
 
         try:
             verified_claims = google.oauth2.id_token.verify_token(
@@ -340,4 +340,10 @@ def verify(self, token, request):
                 exceptions.UNKNOWN,
                 'Failed to fetch public key certificates. {0}'.format(error),
                 cause=error,
-                auth_error_code=CERTIFICATE_FETCH_FAILED)
+                auth_error_code=_auth_utils.CERTIFICATE_FETCH_FAILED)
+        except ValueError as error:
+            raise _auth_utils.FirebaseAuthError(
+                exceptions.INVALID_ARGUMENT,
+                'Invalid Firebase {0}: {1}'.format(self.short_name, error),
+                cause=error,
+                auth_error_code=self.error_code)
@@ -32,8 +32,13 @@
 
 
 _AUTH_ATTRIBUTE = '_auth'
+
+CERTIFICATE_FETCH_FAILED = _auth_utils.CERTIFICATE_FETCH_FAILED
 ID_TOKEN_REVOKED = 'ID_TOKEN_REVOKED'
+INVALID_ID_TOKEN = _auth_utils.INVALID_ID_TOKEN
+INVALID_SESSION_COOKIE = _auth_utils.INVALID_SESSION_COOKIE
+TOKEN_SIGN_FAILED = _auth_utils.TOKEN_SIGN_FAILED
 UNEXPECTED_RESPONSE = _user_mgt.UNEXPECTED_RESPONSE
 USER_NOT_FOUND = _user_mgt.USER_NOT_FOUND
 
 
@@ -222,7 +222,7 @@ def test_sign_with_iam_error(self):
             with pytest.raises(auth.FirebaseAuthError) as excinfo:
                 auth.create_custom_token(MOCK_UID, app=app)
             assert excinfo.value.code == exceptions.UNKNOWN
-            assert excinfo.value._auth_error_code == _token_gen.TOKEN_SIGN_FAILED
+            assert excinfo.value._auth_error_code == auth.TOKEN_SIGN_FAILED
             assert iam_resp in str(excinfo.value)
         finally:
             firebase_admin.delete_app(app)
@@ -341,14 +341,6 @@ class TestVerifyIdToken(object):
             'iat': int(time.time()) - 10000,
             'exp': int(time.time()) - 3600
         }),
-        'NoneToken': None,
-        'EmptyToken': '',
-        'BoolToken': True,
-        'IntToken': 1,
-        'ListToken': [],
-        'EmptyDictToken': {},
-        'NonEmptyDictToken': {'a': 1},
-        'BadFormatToken': 'foobar'
     }
 
     @pytest.mark.parametrize('id_token', valid_tokens.values(), ids=list(valid_tokens))
@@ -390,11 +382,19 @@ def test_revoked_token_do_not_check_revoked(self, user_mgt_app, revoked_tokens,
         assert claims['admin'] is True
         assert claims['uid'] == claims['sub']
 
+    @pytest.mark.parametrize('id_token', [None, '', 'foobar', True, 1, [], {}, {'a': 1}])
+    def test_invalid_jwt(self, user_mgt_app, id_token):
+        _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
+        with pytest.raises(ValueError):
+            auth.verify_id_token(id_token, app=user_mgt_app)
+
     @pytest.mark.parametrize('id_token', invalid_tokens.values(), ids=list(invalid_tokens))
     def test_invalid_token(self, user_mgt_app, id_token):
         _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
-        with pytest.raises(ValueError):
+        with pytest.raises(auth.FirebaseAuthError) as excinfo:
             auth.verify_id_token(id_token, app=user_mgt_app)
+        assert excinfo.value.code == exceptions.INVALID_ARGUMENT
+        assert excinfo.value.auth_error_code == auth.INVALID_ID_TOKEN
 
     def test_project_id_option(self):
         app = firebase_admin.initialize_app(
@@ -419,15 +419,17 @@ def test_project_id_env_var(self, env_var_app):
     def test_custom_token(self, auth_app):
         id_token = auth.create_custom_token(MOCK_UID, app=auth_app)
         _overwrite_cert_request(auth_app, MOCK_REQUEST)
-        with pytest.raises(ValueError):
+        with pytest.raises(auth.FirebaseAuthError) as excinfo:
             auth.verify_id_token(id_token, app=auth_app)
+        assert excinfo.value.code == exceptions.INVALID_ARGUMENT
+        assert excinfo.value.auth_error_code == auth.INVALID_ID_TOKEN
 
     def test_certificate_request_failure(self, user_mgt_app):
         _overwrite_cert_request(user_mgt_app, testutils.MockRequest(404, 'not found'))
         with pytest.raises(auth.FirebaseAuthError) as excinfo:
             auth.verify_id_token(TEST_ID_TOKEN, app=user_mgt_app)
         assert excinfo.value.code == exceptions.UNKNOWN
-        assert excinfo.value.auth_error_code == 'CERTIFICATE_FETCH_FAILED'
+        assert excinfo.value.auth_error_code == auth.CERTIFICATE_FETCH_FAILED
 
 
 class TestVerifySessionCookie(object):
@@ -452,14 +454,6 @@ class TestVerifySessionCookie(object):
             'iat': int(time.time()) - 10000,
             'exp': int(time.time()) - 3600
         }),
-        'NoneCookie': None,
-        'EmptyCookie': '',
-        'BoolCookie': True,
-        'IntCookie': 1,
-        'ListCookie': [],
-        'EmptyDictCookie': {},
-        'NonEmptyDictCookie': {'a': 1},
-        'BadFormatCookie': 'foobar',
         'IDToken': TEST_ID_TOKEN,
     }
 
@@ -496,11 +490,19 @@ def test_revoked_cookie_does_not_check_revoked(self, user_mgt_app, revoked_token
         assert claims['admin'] is True
         assert claims['uid'] == claims['sub']
 
+    @pytest.mark.parametrize('cookie', [None, '', 'foobar', True, 1, [], {}, {'a': 1}])
+    def test_invalid_jwt(self, user_mgt_app, cookie):
+        _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
+        with pytest.raises(ValueError):
+            auth.verify_session_cookie(cookie, app=user_mgt_app)
+
     @pytest.mark.parametrize('cookie', invalid_cookies.values(), ids=list(invalid_cookies))
     def test_invalid_cookie(self, user_mgt_app, cookie):
         _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
-        with pytest.raises(ValueError):
+        with pytest.raises(auth.FirebaseAuthError) as excinfo:
             auth.verify_session_cookie(cookie, app=user_mgt_app)
+        assert excinfo.value.code == exceptions.INVALID_ARGUMENT
+        assert excinfo.value.auth_error_code == auth.INVALID_SESSION_COOKIE
 
     def test_project_id_option(self):
         app = firebase_admin.initialize_app(
@@ -522,15 +524,17 @@ def test_project_id_env_var(self, env_var_app):
     def test_custom_token(self, auth_app):
         custom_token = auth.create_custom_token(MOCK_UID, app=auth_app)
-        with pytest.raises(ValueError):
+        with pytest.raises(auth.FirebaseAuthError) as excinfo:
             auth.verify_session_cookie(custom_token, app=auth_app)
+        assert excinfo.value.code == exceptions.INVALID_ARGUMENT
+        assert excinfo.value.auth_error_code == auth.INVALID_SESSION_COOKIE
 
     def test_certificate_request_failure(self, user_mgt_app):
         _overwrite_cert_request(user_mgt_app, testutils.MockRequest(404, 'not found'))
         with pytest.raises(auth.FirebaseAuthError) as excinfo:
             auth.verify_session_cookie(TEST_SESSION_COOKIE, app=user_mgt_app)
         assert excinfo.value.code == exceptions.UNKNOWN
-        assert excinfo.value.auth_error_code == 'CERTIFICATE_FETCH_FAILED'
+        assert excinfo.value.auth_error_code == auth.CERTIFICATE_FETCH_FAILED
 
 
 class TestCertificateCaching(object):