@firebase/auth 0.21.5-canary.480d7d560 → 0.21.5-canary.58bae8757

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/README.md +20 -0
  2. package/dist/auth-public.d.ts +136 -4
  3. package/dist/auth.d.ts +147 -4
  4. package/dist/browser-cjs/{index-917f5393.js → index-7463f803.js} +173 -3
  5. package/dist/browser-cjs/index-7463f803.js.map +1 -0
  6. package/dist/browser-cjs/index.d.ts +2 -1
  7. package/dist/browser-cjs/index.js +3 -1
  8. package/dist/browser-cjs/index.js.map +1 -1
  9. package/dist/browser-cjs/internal.js +3 -1
  10. package/dist/browser-cjs/internal.js.map +1 -1
  11. package/dist/browser-cjs/src/api/account_management/mfa.d.ts +38 -4
  12. package/dist/browser-cjs/src/api/authentication/mfa.d.ts +11 -0
  13. package/dist/browser-cjs/src/mfa/assertions/totp.d.ts +124 -0
  14. package/dist/browser-cjs/src/mfa/assertions/totp.test.d.ts +17 -0
  15. package/dist/browser-cjs/src/mfa/mfa_info.d.ts +5 -1
  16. package/dist/browser-cjs/src/model/enum_maps.d.ts +1 -0
  17. package/dist/browser-cjs/src/model/public_types.d.ts +18 -1
  18. package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +3 -0
  19. package/dist/browser-cjs/test/integration/flows/totp.test.d.ts +17 -0
  20. package/dist/cordova/index.d.ts +2 -1
  21. package/dist/cordova/index.js +2 -2
  22. package/dist/cordova/internal.js +179 -3
  23. package/dist/cordova/internal.js.map +1 -1
  24. package/dist/cordova/{popup_redirect-7933fd1c.js → popup_redirect-0a0e595d.js} +24 -4
  25. package/dist/cordova/popup_redirect-0a0e595d.js.map +1 -0
  26. package/dist/cordova/src/api/account_management/mfa.d.ts +38 -4
  27. package/dist/cordova/src/api/authentication/mfa.d.ts +11 -0
  28. package/dist/cordova/src/mfa/assertions/totp.d.ts +124 -0
  29. package/dist/cordova/src/mfa/assertions/totp.test.d.ts +17 -0
  30. package/dist/cordova/src/mfa/mfa_info.d.ts +5 -1
  31. package/dist/cordova/src/model/enum_maps.d.ts +1 -0
  32. package/dist/cordova/src/model/public_types.d.ts +18 -1
  33. package/dist/cordova/test/helpers/integration/helpers.d.ts +3 -0
  34. package/dist/cordova/test/integration/flows/totp.test.d.ts +17 -0
  35. package/dist/esm2017/{index-b9543c31.js → index-b377381f.js} +172 -4
  36. package/dist/esm2017/index-b377381f.js.map +1 -0
  37. package/dist/esm2017/index.d.ts +2 -1
  38. package/dist/esm2017/index.js +1 -1
  39. package/dist/esm2017/internal.js +2 -2
  40. package/dist/esm2017/src/api/account_management/mfa.d.ts +38 -4
  41. package/dist/esm2017/src/api/authentication/mfa.d.ts +11 -0
  42. package/dist/esm2017/src/mfa/assertions/totp.d.ts +124 -0
  43. package/dist/esm2017/src/mfa/assertions/totp.test.d.ts +17 -0
  44. package/dist/esm2017/src/mfa/mfa_info.d.ts +5 -1
  45. package/dist/esm2017/src/model/enum_maps.d.ts +1 -0
  46. package/dist/esm2017/src/model/public_types.d.ts +18 -1
  47. package/dist/esm2017/test/helpers/integration/helpers.d.ts +3 -0
  48. package/dist/esm2017/test/integration/flows/totp.test.d.ts +17 -0
  49. package/dist/esm5/{index-4a97373c.js → index-0e9255c9.js} +200 -4
  50. package/dist/esm5/index-0e9255c9.js.map +1 -0
  51. package/dist/esm5/index.d.ts +2 -1
  52. package/dist/esm5/index.js +1 -1
  53. package/dist/esm5/internal.js +2 -2
  54. package/dist/esm5/src/api/account_management/mfa.d.ts +38 -4
  55. package/dist/esm5/src/api/authentication/mfa.d.ts +11 -0
  56. package/dist/esm5/src/mfa/assertions/totp.d.ts +124 -0
  57. package/dist/esm5/src/mfa/assertions/totp.test.d.ts +17 -0
  58. package/dist/esm5/src/mfa/mfa_info.d.ts +5 -1
  59. package/dist/esm5/src/model/enum_maps.d.ts +1 -0
  60. package/dist/esm5/src/model/public_types.d.ts +18 -1
  61. package/dist/esm5/test/helpers/integration/helpers.d.ts +3 -0
  62. package/dist/esm5/test/integration/flows/totp.test.d.ts +17 -0
  63. package/dist/index.d.ts +2 -1
  64. package/dist/index.webworker.esm5.js +16 -2
  65. package/dist/index.webworker.esm5.js.map +1 -1
  66. package/dist/node/index.d.ts +2 -1
  67. package/dist/node/index.js +83 -81
  68. package/dist/node/index.js.map +1 -1
  69. package/dist/node/internal.js +144 -142
  70. package/dist/node/internal.js.map +1 -1
  71. package/dist/node/src/api/account_management/mfa.d.ts +38 -4
  72. package/dist/node/src/api/authentication/mfa.d.ts +11 -0
  73. package/dist/node/src/mfa/assertions/totp.d.ts +124 -0
  74. package/dist/node/src/mfa/assertions/totp.test.d.ts +17 -0
  75. package/dist/node/src/mfa/mfa_info.d.ts +5 -1
  76. package/dist/node/src/model/enum_maps.d.ts +1 -0
  77. package/dist/node/src/model/public_types.d.ts +18 -1
  78. package/dist/node/test/helpers/integration/helpers.d.ts +3 -0
  79. package/dist/node/test/integration/flows/totp.test.d.ts +17 -0
  80. package/dist/node/{index-685991a8.js → totp-cd45a549.js} +236 -4
  81. package/dist/node/totp-cd45a549.js.map +1 -0
  82. package/dist/node-esm/index.d.ts +2 -1
  83. package/dist/node-esm/index.js +2 -2
  84. package/dist/node-esm/internal.js +3 -3
  85. package/dist/node-esm/src/api/account_management/mfa.d.ts +38 -4
  86. package/dist/node-esm/src/api/authentication/mfa.d.ts +11 -0
  87. package/dist/node-esm/src/mfa/assertions/totp.d.ts +124 -0
  88. package/dist/node-esm/src/mfa/assertions/totp.test.d.ts +17 -0
  89. package/dist/node-esm/src/mfa/mfa_info.d.ts +5 -1
  90. package/dist/node-esm/src/model/enum_maps.d.ts +1 -0
  91. package/dist/node-esm/src/model/public_types.d.ts +18 -1
  92. package/dist/node-esm/test/helpers/integration/helpers.d.ts +3 -0
  93. package/dist/node-esm/test/integration/flows/totp.test.d.ts +17 -0
  94. package/dist/node-esm/{index-2d47bc93.js → totp-a0b210d1.js} +206 -5
  95. package/dist/node-esm/totp-a0b210d1.js.map +1 -0
  96. package/dist/rn/index.d.ts +2 -1
  97. package/dist/rn/index.js +1 -1
  98. package/dist/rn/internal.js +176 -1
  99. package/dist/rn/internal.js.map +1 -1
  100. package/dist/rn/{phone-40db3012.js → phone-0907ac80.js} +30 -3
  101. package/dist/rn/phone-0907ac80.js.map +1 -0
  102. package/dist/rn/src/api/account_management/mfa.d.ts +38 -4
  103. package/dist/rn/src/api/authentication/mfa.d.ts +11 -0
  104. package/dist/rn/src/mfa/assertions/totp.d.ts +124 -0
  105. package/dist/rn/src/mfa/assertions/totp.test.d.ts +17 -0
  106. package/dist/rn/src/mfa/mfa_info.d.ts +5 -1
  107. package/dist/rn/src/model/enum_maps.d.ts +1 -0
  108. package/dist/rn/src/model/public_types.d.ts +18 -1
  109. package/dist/rn/test/helpers/integration/helpers.d.ts +3 -0
  110. package/dist/rn/test/integration/flows/totp.test.d.ts +17 -0
  111. package/dist/src/api/account_management/mfa.d.ts +38 -4
  112. package/dist/src/api/authentication/mfa.d.ts +11 -0
  113. package/dist/src/mfa/assertions/totp.d.ts +124 -0
  114. package/dist/src/mfa/assertions/totp.test.d.ts +17 -0
  115. package/dist/src/mfa/mfa_info.d.ts +5 -1
  116. package/dist/src/model/enum_maps.d.ts +1 -0
  117. package/dist/src/model/public_types.d.ts +18 -1
  118. package/dist/test/helpers/integration/helpers.d.ts +3 -0
  119. package/dist/test/integration/flows/totp.test.d.ts +17 -0
  120. package/package.json +10 -8
  121. package/dist/browser-cjs/index-917f5393.js.map +0 -1
  122. package/dist/cordova/popup_redirect-7933fd1c.js.map +0 -1
  123. package/dist/esm2017/index-b9543c31.js.map +0 -1
  124. package/dist/esm5/index-4a97373c.js.map +0 -1
  125. package/dist/node/index-685991a8.js.map +0 -1
  126. package/dist/node-esm/index-2d47bc93.js.map +0 -1
  127. package/dist/rn/phone-40db3012.js.map +0 -1
package/README.md CHANGED
@@ -17,6 +17,7 @@ host of npm scripts to run these tests. The most important commands are:
17
17
  | `yarn test:<platform>:unit:debug` | Runs \<platform> unit tests, auto-watching for file system changes |
18
18
  | `yarn test:<platform>:integration` | Runs only integration tests against the live environment |
19
19
  | `yarn test:<platform>:integration:local` | Runs all headless \<platform> integration tests against the emulator (more below) |
20
+ | `yarn test:browser:integration:prodbackend` | Runs TOTP MFA integration tests against the backend (more below) |
20
21
 
21
22
  Where \<platform> is "browser" or "node". There are also cordova tests, but they
22
23
  are not broken into such granular details. Check out `package.json` for more.
@@ -46,6 +47,25 @@ you would simply execute the following command:
46
47
  firebase emulators:exec --project foo-bar --only auth "yarn test:integration:local"
47
48
  ```
48
49
 
50
+ ### Integration testing with the production backend
51
+
52
+ Currently, MFA TOTP tests only run against the production backend (since they are not supported on the emulator yet).
53
+ Running against the backend also makes it a more reliable end-to-end test.
54
+
55
+ The TOTP tests require the following email/password combination to exist in the project, so if you are running this test against your test project, please create this user:
56
+
57
+ 'totpuser-donotdelete@test.com', 'password'
58
+
59
+ You also need to verify this email address, in order to use MFA. This can be done with a curl command like this:
60
+
61
+ ```
62
+ curl -H "Authorization: Bearer $(gcloud auth print-access-token)" -H "Content-Type: application/json" -H "X-Goog-User-Project: ${PROJECT_ID}" -X POST https://identitytoolkit.googleapis.com/v1/accounts:sendOobCode -d '{
63
+ "email": "totpuser-donotdelete@test.com",
64
+ "requestType": "VERIFY_EMAIL",
65
+ "returnOobLink": true,
66
+ }'
67
+ ```
68
+
49
69
  ### Selenium Webdriver tests
50
70
 
51
71
  These tests assume that you have both Firefox and Chrome installed on your
@@ -670,7 +670,7 @@ export declare interface AuthSettings {
670
670
  }
671
671
 
672
672
  /**
673
- * MFA Info as returned by the API
673
+ * MFA Info as returned by the API.
674
674
  */
675
675
  declare interface BaseMfaEnrollment {
676
676
  mfaEnrollmentId: string;
@@ -1154,8 +1154,11 @@ export declare class FacebookAuthProvider extends BaseOAuthProvider {
1154
1154
  export declare const FactorId: {
1155
1155
  /** Phone as second factor */
1156
1156
  readonly PHONE: "phone";
1157
+ readonly TOTP: "totp";
1157
1158
  };
1158
1159
 
1160
+ /* Excluded from this release type: FactorId_2 */
1161
+
1159
1162
  /**
1160
1163
  * The base class for all Federated providers (OAuth (including OIDC), SAML).
1161
1164
  *
@@ -1657,9 +1660,9 @@ export declare function linkWithPopup(user: User, provider: AuthProvider, resolv
1657
1660
  export declare function linkWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
1658
1661
 
1659
1662
  /**
1660
- * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment is supported
1663
+ * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment and TotpMfaEnrollment are supported.
1661
1664
  */
1662
- declare type MfaEnrollment = PhoneMfaEnrollment;
1665
+ declare type MfaEnrollment = PhoneMfaEnrollment | TotpMfaEnrollment;
1663
1666
 
1664
1667
  /**
1665
1668
  * The {@link MultiFactorUser} corresponding to the user.
@@ -2371,7 +2374,7 @@ export declare class PhoneAuthProvider {
2371
2374
  export declare type PhoneInfoOptions = PhoneSingleFactorInfoOptions | PhoneMultiFactorEnrollInfoOptions | PhoneMultiFactorSignInInfoOptions;
2372
2375
 
2373
2376
  /**
2374
- * An MFA provided by SMS verification
2377
+ * An MFA provided by SMS verification.
2375
2378
  */
2376
2379
  declare interface PhoneMfaEnrollment extends BaseMfaEnrollment {
2377
2380
  phoneInfo: string;
@@ -3148,10 +3151,139 @@ export declare function signInWithRedirect(auth: Auth, provider: AuthProvider, r
3148
3151
  */
3149
3152
  export declare function signOut(auth: Auth): Promise<void>;
3150
3153
 
3154
+ declare interface StartTotpMfaEnrollmentResponse {
3155
+ totpSessionInfo: {
3156
+ sharedSecretKey: string;
3157
+ verificationCodeLength: number;
3158
+ hashingAlgorithm: string;
3159
+ periodSec: number;
3160
+ sessionInfo: string;
3161
+ finalizeEnrollmentTime: number;
3162
+ };
3163
+ }
3164
+
3151
3165
  /* Excluded from this release type: StsTokenManager */
3152
3166
 
3153
3167
  /* Excluded from this release type: TaggedWithTokenResponse */
3154
3168
 
3169
+ /**
3170
+ * An MFA provided by TOTP (Time-based One Time Password).
3171
+ */
3172
+ declare interface TotpMfaEnrollment extends BaseMfaEnrollment {
3173
+ }
3174
+
3175
+ /**
3176
+ * The class for asserting ownership of a TOTP second factor. Provided by
3177
+ * {@link TotpMultiFactorGenerator.assertionForEnrollment} and
3178
+ * {@link TotpMultiFactorGenerator.assertionForSignIn}.
3179
+ *
3180
+ * @public
3181
+ */
3182
+ export declare interface TotpMultiFactorAssertion extends MultiFactorAssertion {
3183
+ }
3184
+
3185
+ /**
3186
+ * Provider for generating a {@link TotpMultiFactorAssertion}.
3187
+ *
3188
+ * @public
3189
+ */
3190
+ export declare class TotpMultiFactorGenerator {
3191
+ /**
3192
+ * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of
3193
+ * the TOTP (time-based one-time password) second factor.
3194
+ * This assertion is used to complete enrollment in TOTP second factor.
3195
+ *
3196
+ * @param secret A {@link TotpSecret} containing the shared secret key and other TOTP parameters.
3197
+ * @param oneTimePassword One-time password from TOTP App.
3198
+ * @returns A {@link TotpMultiFactorAssertion} which can be used with
3199
+ * {@link MultiFactorUser.enroll}.
3200
+ */
3201
+ static assertionForEnrollment(secret: TotpSecret, oneTimePassword: string): TotpMultiFactorAssertion;
3202
+ /**
3203
+ * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of the TOTP second factor.
3204
+ * This assertion is used to complete signIn with TOTP as the second factor.
3205
+ *
3206
+ * @param enrollmentId identifies the enrolled TOTP second factor.
3207
+ * @param oneTimePassword One-time password from TOTP App.
3208
+ * @returns A {@link TotpMultiFactorAssertion} which can be used with
3209
+ * {@link MultiFactorResolver.resolveSignIn}.
3210
+ */
3211
+ static assertionForSignIn(enrollmentId: string, oneTimePassword: string): TotpMultiFactorAssertion;
3212
+ /**
3213
+ * Returns a promise to {@link TotpSecret} which contains the TOTP shared secret key and other parameters.
3214
+ * Creates a TOTP secret as part of enrolling a TOTP second factor.
3215
+ * Used for generating a QR code URL or inputting into a TOTP app.
3216
+ * This method uses the auth instance corresponding to the user in the multiFactorSession.
3217
+ *
3218
+ * @param session The {@link MultiFactorSession} that the user is part of.
3219
+ * @returns A promise to {@link TotpSecret}.
3220
+ */
3221
+ static generateSecret(session: MultiFactorSession): Promise<TotpSecret>;
3222
+ /**
3223
+ * The identifier of the TOTP second factor: `totp`.
3224
+ */
3225
+ static FACTOR_ID: FactorId_2;
3226
+ }
3227
+
3228
+ /**
3229
+ * The subclass of the {@link MultiFactorInfo} interface for TOTP
3230
+ * second factors. The `factorId` of this second factor is {@link FactorId}.TOTP.
3231
+ * @public
3232
+ */
3233
+ export declare interface TotpMultiFactorInfo extends MultiFactorInfo {
3234
+ }
3235
+
3236
+ /**
3237
+ * Provider for generating a {@link TotpMultiFactorAssertion}.
3238
+ *
3239
+ * Stores the shared secret key and other parameters to generate time-based OTPs.
3240
+ * Implements methods to retrieve the shared secret key and generate a QR code URL.
3241
+ * @public
3242
+ */
3243
+ export declare class TotpSecret {
3244
+ private readonly sessionInfo;
3245
+ private readonly auth;
3246
+ /**
3247
+ * Shared secret key/seed used for enrolling in TOTP MFA and generating OTPs.
3248
+ */
3249
+ readonly secretKey: string;
3250
+ /**
3251
+ * Hashing algorithm used.
3252
+ */
3253
+ readonly hashingAlgorithm: string;
3254
+ /**
3255
+ * Length of the one-time passwords to be generated.
3256
+ */
3257
+ readonly codeLength: number;
3258
+ /**
3259
+ * The interval (in seconds) when the OTP codes should change.
3260
+ */
3261
+ readonly codeIntervalSeconds: number;
3262
+ /**
3263
+ * The timestamp (UTC string) by which TOTP enrollment should be completed.
3264
+ */
3265
+ readonly enrollmentCompletionDeadline: string;
3266
+ private constructor();
3267
+ /* Excluded from this release type: _fromStartTotpMfaEnrollmentResponse */
3268
+ /* Excluded from this release type: _makeTotpVerificationInfo */
3269
+ /**
3270
+ * Returns a QR code URL as described in
3271
+ * https://github.com/google/google-authenticator/wiki/Key-Uri-Format
3272
+ * This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator.
3273
+ * If the optional parameters are unspecified, an accountName of <userEmail> and issuer of <firebaseAppName> are used.
3274
+ *
3275
+ * @param accountName the name of the account/app along with a user identifier.
3276
+ * @param issuer issuer of the TOTP (likely the app name).
3277
+ * @returns A QR code URL string.
3278
+ */
3279
+ generateQrCodeUrl(accountName?: string, issuer?: string): string;
3280
+ }
3281
+
3282
+ declare interface TotpVerificationInfo {
3283
+ sessionInfo: string;
3284
+ verificationCode: string;
3285
+ }
3286
+
3155
3287
  /**
3156
3288
  * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.TWITTER.
3157
3289
  *
package/dist/auth.d.ts CHANGED
@@ -897,7 +897,7 @@ export declare interface AuthSettings {
897
897
  }
898
898
 
899
899
  /**
900
- * MFA Info as returned by the API
900
+ * MFA Info as returned by the API.
901
901
  */
902
902
  declare interface BaseMfaEnrollment {
903
903
  mfaEnrollmentId: string;
@@ -1420,8 +1420,20 @@ export declare class FacebookAuthProvider extends BaseOAuthProvider {
1420
1420
  export declare const FactorId: {
1421
1421
  /** Phone as second factor */
1422
1422
  readonly PHONE: "phone";
1423
+ readonly TOTP: "totp";
1423
1424
  };
1424
1425
 
1426
+ /**
1427
+ * An enum of factors that may be used for multifactor authentication.
1428
+ *
1429
+ * @internal
1430
+ */
1431
+ declare const enum FactorId_2 {
1432
+ /** Phone as second factor */
1433
+ PHONE = "phone",
1434
+ TOTP = "totp"
1435
+ }
1436
+
1425
1437
  /**
1426
1438
  * The base class for all Federated providers (OAuth (including OIDC), SAML).
1427
1439
  *
@@ -1978,9 +1990,9 @@ export declare function linkWithPopup(user: User, provider: AuthProvider, resolv
1978
1990
  export declare function linkWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
1979
1991
 
1980
1992
  /**
1981
- * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment is supported
1993
+ * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment and TotpMfaEnrollment are supported.
1982
1994
  */
1983
- declare type MfaEnrollment = PhoneMfaEnrollment;
1995
+ declare type MfaEnrollment = PhoneMfaEnrollment | TotpMfaEnrollment;
1984
1996
 
1985
1997
  /**
1986
1998
  * The {@link MultiFactorUser} corresponding to the user.
@@ -2702,7 +2714,7 @@ export declare class PhoneAuthProvider {
2702
2714
  export declare type PhoneInfoOptions = PhoneSingleFactorInfoOptions | PhoneMultiFactorEnrollInfoOptions | PhoneMultiFactorSignInInfoOptions;
2703
2715
 
2704
2716
  /**
2705
- * An MFA provided by SMS verification
2717
+ * An MFA provided by SMS verification.
2706
2718
  */
2707
2719
  declare interface PhoneMfaEnrollment extends BaseMfaEnrollment {
2708
2720
  phoneInfo: string;
@@ -3572,6 +3584,17 @@ export declare function signInWithRedirect(auth: Auth, provider: AuthProvider, r
3572
3584
  */
3573
3585
  export declare function signOut(auth: Auth): Promise<void>;
3574
3586
 
3587
+ declare interface StartTotpMfaEnrollmentResponse {
3588
+ totpSessionInfo: {
3589
+ sharedSecretKey: string;
3590
+ verificationCodeLength: number;
3591
+ hashingAlgorithm: string;
3592
+ periodSec: number;
3593
+ sessionInfo: string;
3594
+ finalizeEnrollmentTime: number;
3595
+ };
3596
+ }
3597
+
3575
3598
  /**
3576
3599
  * We need to mark this class as internal explicitly to exclude it in the public typings, because
3577
3600
  * it references AuthInternal which has a circular dependency with UserInternal.
@@ -3602,6 +3625,126 @@ declare interface TaggedWithTokenResponse {
3602
3625
  _tokenResponse?: PhoneOrOauthTokenResponse;
3603
3626
  }
3604
3627
 
3628
+ /**
3629
+ * An MFA provided by TOTP (Time-based One Time Password).
3630
+ */
3631
+ declare interface TotpMfaEnrollment extends BaseMfaEnrollment {
3632
+ }
3633
+
3634
+ /**
3635
+ * The class for asserting ownership of a TOTP second factor. Provided by
3636
+ * {@link TotpMultiFactorGenerator.assertionForEnrollment} and
3637
+ * {@link TotpMultiFactorGenerator.assertionForSignIn}.
3638
+ *
3639
+ * @public
3640
+ */
3641
+ export declare interface TotpMultiFactorAssertion extends MultiFactorAssertion {
3642
+ }
3643
+
3644
+ /**
3645
+ * Provider for generating a {@link TotpMultiFactorAssertion}.
3646
+ *
3647
+ * @public
3648
+ */
3649
+ export declare class TotpMultiFactorGenerator {
3650
+ /**
3651
+ * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of
3652
+ * the TOTP (time-based one-time password) second factor.
3653
+ * This assertion is used to complete enrollment in TOTP second factor.
3654
+ *
3655
+ * @param secret A {@link TotpSecret} containing the shared secret key and other TOTP parameters.
3656
+ * @param oneTimePassword One-time password from TOTP App.
3657
+ * @returns A {@link TotpMultiFactorAssertion} which can be used with
3658
+ * {@link MultiFactorUser.enroll}.
3659
+ */
3660
+ static assertionForEnrollment(secret: TotpSecret, oneTimePassword: string): TotpMultiFactorAssertion;
3661
+ /**
3662
+ * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of the TOTP second factor.
3663
+ * This assertion is used to complete signIn with TOTP as the second factor.
3664
+ *
3665
+ * @param enrollmentId identifies the enrolled TOTP second factor.
3666
+ * @param oneTimePassword One-time password from TOTP App.
3667
+ * @returns A {@link TotpMultiFactorAssertion} which can be used with
3668
+ * {@link MultiFactorResolver.resolveSignIn}.
3669
+ */
3670
+ static assertionForSignIn(enrollmentId: string, oneTimePassword: string): TotpMultiFactorAssertion;
3671
+ /**
3672
+ * Returns a promise to {@link TotpSecret} which contains the TOTP shared secret key and other parameters.
3673
+ * Creates a TOTP secret as part of enrolling a TOTP second factor.
3674
+ * Used for generating a QR code URL or inputting into a TOTP app.
3675
+ * This method uses the auth instance corresponding to the user in the multiFactorSession.
3676
+ *
3677
+ * @param session The {@link MultiFactorSession} that the user is part of.
3678
+ * @returns A promise to {@link TotpSecret}.
3679
+ */
3680
+ static generateSecret(session: MultiFactorSession): Promise<TotpSecret>;
3681
+ /**
3682
+ * The identifier of the TOTP second factor: `totp`.
3683
+ */
3684
+ static FACTOR_ID: FactorId_2;
3685
+ }
3686
+
3687
+ /**
3688
+ * The subclass of the {@link MultiFactorInfo} interface for TOTP
3689
+ * second factors. The `factorId` of this second factor is {@link FactorId}.TOTP.
3690
+ * @public
3691
+ */
3692
+ export declare interface TotpMultiFactorInfo extends MultiFactorInfo {
3693
+ }
3694
+
3695
+ /**
3696
+ * Provider for generating a {@link TotpMultiFactorAssertion}.
3697
+ *
3698
+ * Stores the shared secret key and other parameters to generate time-based OTPs.
3699
+ * Implements methods to retrieve the shared secret key and generate a QR code URL.
3700
+ * @public
3701
+ */
3702
+ export declare class TotpSecret {
3703
+ private readonly sessionInfo;
3704
+ private readonly auth;
3705
+ /**
3706
+ * Shared secret key/seed used for enrolling in TOTP MFA and generating OTPs.
3707
+ */
3708
+ readonly secretKey: string;
3709
+ /**
3710
+ * Hashing algorithm used.
3711
+ */
3712
+ readonly hashingAlgorithm: string;
3713
+ /**
3714
+ * Length of the one-time passwords to be generated.
3715
+ */
3716
+ readonly codeLength: number;
3717
+ /**
3718
+ * The interval (in seconds) when the OTP codes should change.
3719
+ */
3720
+ readonly codeIntervalSeconds: number;
3721
+ /**
3722
+ * The timestamp (UTC string) by which TOTP enrollment should be completed.
3723
+ */
3724
+ readonly enrollmentCompletionDeadline: string;
3725
+ private constructor();
3726
+ /** @internal */
3727
+ static _fromStartTotpMfaEnrollmentResponse(response: StartTotpMfaEnrollmentResponse, auth: AuthInternal): TotpSecret;
3728
+ /** @internal */
3729
+ _makeTotpVerificationInfo(otp: string): TotpVerificationInfo;
3730
+ /**
3731
+ * Returns a QR code URL as described in
3732
+ * https://github.com/google/google-authenticator/wiki/Key-Uri-Format
3733
+ * This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator.
3734
+ * If the optional parameters are unspecified, an accountName of <userEmail> and issuer of <firebaseAppName> are used.
3735
+ *
3736
+ * @param accountName the name of the account/app along with a user identifier.
3737
+ * @param issuer issuer of the TOTP (likely the app name).
3738
+ * @returns A QR code URL string.
3739
+ */
3740
+ generateQrCodeUrl(accountName?: string, issuer?: string): string;
3741
+ }
3742
+
3743
+ declare interface TotpVerificationInfo {
3744
+ sessionInfo: string;
3745
+ verificationCode: string;
3746
+ }
3747
+
3605
3748
  /**
3606
3749
  * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.TWITTER.
3607
3750
  *
@@ -29,7 +29,8 @@ var component = require('@firebase/component');
29
29
  */
30
30
  const FactorId = {
31
31
  /** Phone as second factor */
32
- PHONE: 'phone'
32
+ PHONE: 'phone',
33
+ TOTP: 'totp'
33
34
  };
34
35
  /**
35
36
  * Enumeration of supported providers.
@@ -4864,6 +4865,9 @@ class MultiFactorInfoImpl {
4864
4865
  if ('phoneInfo' in enrollment) {
4865
4866
  return PhoneMultiFactorInfoImpl._fromServerResponse(auth, enrollment);
4866
4867
  }
4868
+ else if ('totpInfo' in enrollment) {
4869
+ return TotpMultiFactorInfoImpl._fromServerResponse(auth, enrollment);
4870
+ }
4867
4871
  return _fail(auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
4868
4872
  }
4869
4873
  }
@@ -4875,6 +4879,14 @@ class PhoneMultiFactorInfoImpl extends MultiFactorInfoImpl {
4875
4879
  static _fromServerResponse(_auth, enrollment) {
4876
4880
  return new PhoneMultiFactorInfoImpl(enrollment);
4877
4881
  }
4882
+ }
4883
+ class TotpMultiFactorInfoImpl extends MultiFactorInfoImpl {
4884
+ constructor(response) {
4885
+ super("totp" /* FactorId.TOTP */, response);
4886
+ }
4887
+ static _fromServerResponse(_auth, enrollment) {
4888
+ return new TotpMultiFactorInfoImpl(enrollment);
4889
+ }
4878
4890
  }
4879
4891
 
4880
4892
  /**
@@ -5911,6 +5923,12 @@ function startEnrollPhoneMfa(auth, request) {
5911
5923
  function finalizeEnrollPhoneMfa(auth, request) {
5912
5924
  return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts/mfaEnrollment:finalize" /* Endpoint.FINALIZE_MFA_ENROLLMENT */, _addTidIfNecessary(auth, request));
5913
5925
  }
5926
+ function startEnrollTotpMfa(auth, request) {
5927
+ return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts/mfaEnrollment:start" /* Endpoint.START_MFA_ENROLLMENT */, _addTidIfNecessary(auth, request));
5928
+ }
5929
+ function finalizeEnrollTotpMfa(auth, request) {
5930
+ return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts/mfaEnrollment:finalize" /* Endpoint.FINALIZE_MFA_ENROLLMENT */, _addTidIfNecessary(auth, request));
5931
+ }
5914
5932
  function withdrawMfa(auth, request) {
5915
5933
  return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts/mfaEnrollment:withdraw" /* Endpoint.WITHDRAW_MFA */, _addTidIfNecessary(auth, request));
5916
5934
  }
@@ -7006,6 +7024,9 @@ function startSignInPhoneMfa(auth, request) {
7006
7024
  }
7007
7025
  function finalizeSignInPhoneMfa(auth, request) {
7008
7026
  return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts/mfaSignIn:finalize" /* Endpoint.FINALIZE_MFA_SIGN_IN */, _addTidIfNecessary(auth, request));
7027
+ }
7028
+ function finalizeSignInTotpMfa(auth, request) {
7029
+ return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts/mfaSignIn:finalize" /* Endpoint.FINALIZE_MFA_SIGN_IN */, _addTidIfNecessary(auth, request));
7009
7030
  }
7010
7031
 
7011
7032
  /**
@@ -9316,8 +9337,155 @@ class PhoneMultiFactorGenerator {
9316
9337
  */
9317
9338
  PhoneMultiFactorGenerator.FACTOR_ID = 'phone';
9318
9339
 
9340
+ /**
9341
+ * Provider for generating a {@link TotpMultiFactorAssertion}.
9342
+ *
9343
+ * @public
9344
+ */
9345
+ class TotpMultiFactorGenerator {
9346
+ /**
9347
+ * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of
9348
+ * the TOTP (time-based one-time password) second factor.
9349
+ * This assertion is used to complete enrollment in TOTP second factor.
9350
+ *
9351
+ * @param secret A {@link TotpSecret} containing the shared secret key and other TOTP parameters.
9352
+ * @param oneTimePassword One-time password from TOTP App.
9353
+ * @returns A {@link TotpMultiFactorAssertion} which can be used with
9354
+ * {@link MultiFactorUser.enroll}.
9355
+ */
9356
+ static assertionForEnrollment(secret, oneTimePassword) {
9357
+ return TotpMultiFactorAssertionImpl._fromSecret(secret, oneTimePassword);
9358
+ }
9359
+ /**
9360
+ * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of the TOTP second factor.
9361
+ * This assertion is used to complete signIn with TOTP as the second factor.
9362
+ *
9363
+ * @param enrollmentId identifies the enrolled TOTP second factor.
9364
+ * @param oneTimePassword One-time password from TOTP App.
9365
+ * @returns A {@link TotpMultiFactorAssertion} which can be used with
9366
+ * {@link MultiFactorResolver.resolveSignIn}.
9367
+ */
9368
+ static assertionForSignIn(enrollmentId, oneTimePassword) {
9369
+ return TotpMultiFactorAssertionImpl._fromEnrollmentId(enrollmentId, oneTimePassword);
9370
+ }
9371
+ /**
9372
+ * Returns a promise to {@link TotpSecret} which contains the TOTP shared secret key and other parameters.
9373
+ * Creates a TOTP secret as part of enrolling a TOTP second factor.
9374
+ * Used for generating a QR code URL or inputting into a TOTP app.
9375
+ * This method uses the auth instance corresponding to the user in the multiFactorSession.
9376
+ *
9377
+ * @param session The {@link MultiFactorSession} that the user is part of.
9378
+ * @returns A promise to {@link TotpSecret}.
9379
+ */
9380
+ static async generateSecret(session) {
9381
+ const mfaSession = session;
9382
+ _assert(typeof mfaSession.auth !== 'undefined', "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
9383
+ const response = await startEnrollTotpMfa(mfaSession.auth, {
9384
+ idToken: mfaSession.credential,
9385
+ totpEnrollmentInfo: {}
9386
+ });
9387
+ return TotpSecret._fromStartTotpMfaEnrollmentResponse(response, mfaSession.auth);
9388
+ }
9389
+ }
9390
+ /**
9391
+ * The identifier of the TOTP second factor: `totp`.
9392
+ */
9393
+ TotpMultiFactorGenerator.FACTOR_ID = "totp" /* FactorId.TOTP */;
9394
+ class TotpMultiFactorAssertionImpl extends MultiFactorAssertionImpl {
9395
+ constructor(otp, enrollmentId, secret) {
9396
+ super("totp" /* FactorId.TOTP */);
9397
+ this.otp = otp;
9398
+ this.enrollmentId = enrollmentId;
9399
+ this.secret = secret;
9400
+ }
9401
+ /** @internal */
9402
+ static _fromSecret(secret, otp) {
9403
+ return new TotpMultiFactorAssertionImpl(otp, undefined, secret);
9404
+ }
9405
+ /** @internal */
9406
+ static _fromEnrollmentId(enrollmentId, otp) {
9407
+ return new TotpMultiFactorAssertionImpl(otp, enrollmentId);
9408
+ }
9409
+ /** @internal */
9410
+ async _finalizeEnroll(auth, idToken, displayName) {
9411
+ _assert(typeof this.secret !== 'undefined', auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
9412
+ return finalizeEnrollTotpMfa(auth, {
9413
+ idToken,
9414
+ displayName,
9415
+ totpVerificationInfo: this.secret._makeTotpVerificationInfo(this.otp)
9416
+ });
9417
+ }
9418
+ /** @internal */
9419
+ async _finalizeSignIn(auth, mfaPendingCredential) {
9420
+ _assert(this.enrollmentId !== undefined && this.otp !== undefined, auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
9421
+ const totpVerificationInfo = { verificationCode: this.otp };
9422
+ return finalizeSignInTotpMfa(auth, {
9423
+ mfaPendingCredential,
9424
+ mfaEnrollmentId: this.enrollmentId,
9425
+ totpVerificationInfo
9426
+ });
9427
+ }
9428
+ }
9429
+ /**
9430
+ * Provider for generating a {@link TotpMultiFactorAssertion}.
9431
+ *
9432
+ * Stores the shared secret key and other parameters to generate time-based OTPs.
9433
+ * Implements methods to retrieve the shared secret key and generate a QR code URL.
9434
+ * @public
9435
+ */
9436
+ class TotpSecret {
9437
+ // The public members are declared outside the constructor so the docs can be generated.
9438
+ constructor(secretKey, hashingAlgorithm, codeLength, codeIntervalSeconds, enrollmentCompletionDeadline, sessionInfo, auth) {
9439
+ this.sessionInfo = sessionInfo;
9440
+ this.auth = auth;
9441
+ this.secretKey = secretKey;
9442
+ this.hashingAlgorithm = hashingAlgorithm;
9443
+ this.codeLength = codeLength;
9444
+ this.codeIntervalSeconds = codeIntervalSeconds;
9445
+ this.enrollmentCompletionDeadline = enrollmentCompletionDeadline;
9446
+ }
9447
+ /** @internal */
9448
+ static _fromStartTotpMfaEnrollmentResponse(response, auth) {
9449
+ return new TotpSecret(response.totpSessionInfo.sharedSecretKey, response.totpSessionInfo.hashingAlgorithm, response.totpSessionInfo.verificationCodeLength, response.totpSessionInfo.periodSec, new Date(response.totpSessionInfo.finalizeEnrollmentTime).toUTCString(), response.totpSessionInfo.sessionInfo, auth);
9450
+ }
9451
+ /** @internal */
9452
+ _makeTotpVerificationInfo(otp) {
9453
+ return { sessionInfo: this.sessionInfo, verificationCode: otp };
9454
+ }
9455
+ /**
9456
+ * Returns a QR code URL as described in
9457
+ * https://github.com/google/google-authenticator/wiki/Key-Uri-Format
9458
+ * This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator.
9459
+ * If the optional parameters are unspecified, an accountName of <userEmail> and issuer of <firebaseAppName> are used.
9460
+ *
9461
+ * @param accountName the name of the account/app along with a user identifier.
9462
+ * @param issuer issuer of the TOTP (likely the app name).
9463
+ * @returns A QR code URL string.
9464
+ */
9465
+ generateQrCodeUrl(accountName, issuer) {
9466
+ var _a;
9467
+ let useDefaults = false;
9468
+ if (_isEmptyString(accountName) || _isEmptyString(issuer)) {
9469
+ useDefaults = true;
9470
+ }
9471
+ if (useDefaults) {
9472
+ if (_isEmptyString(accountName)) {
9473
+ accountName = ((_a = this.auth.currentUser) === null || _a === void 0 ? void 0 : _a.email) || 'unknownuser';
9474
+ }
9475
+ if (_isEmptyString(issuer)) {
9476
+ issuer = this.auth.name;
9477
+ }
9478
+ }
9479
+ return `otpauth://totp/${issuer}:${accountName}?secret=${this.secretKey}&issuer=${issuer}&algorithm=${this.hashingAlgorithm}&digits=${this.codeLength}`;
9480
+ }
9481
+ }
9482
+ /** @internal */
9483
+ function _isEmptyString(input) {
9484
+ return typeof input === 'undefined' || (input === null || input === void 0 ? void 0 : input.length) === 0;
9485
+ }
9486
+
9319
9487
  var name = "@firebase/auth";
9320
- var version = "0.21.5-canary.480d7d560";
9488
+ var version = "0.21.5-canary.58bae8757";
9321
9489
 
9322
9490
  /**
9323
9491
  * @license
@@ -9567,6 +9735,8 @@ exports.RecaptchaVerifier = RecaptchaVerifier;
9567
9735
  exports.SAMLAuthCredential = SAMLAuthCredential;
9568
9736
  exports.SAMLAuthProvider = SAMLAuthProvider;
9569
9737
  exports.SignInMethod = SignInMethod;
9738
+ exports.TotpMultiFactorGenerator = TotpMultiFactorGenerator;
9739
+ exports.TotpSecret = TotpSecret;
9570
9740
  exports.TwitterAuthProvider = TwitterAuthProvider;
9571
9741
  exports.UserImpl = UserImpl;
9572
9742
  exports._assert = _assert;
@@ -9644,4 +9814,4 @@ exports.updateProfile = updateProfile;
9644
9814
  exports.useDeviceLanguage = useDeviceLanguage;
9645
9815
  exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
9646
9816
  exports.verifyPasswordResetCode = verifyPasswordResetCode;
9647
- //# sourceMappingURL=index-917f5393.js.map
9817
+ //# sourceMappingURL=index-7463f803.js.map