@firebase/auth 0.21.5 → 0.21.6-canary.a8d6499b1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/README.md +25 -0
- package/dist/auth-public.d.ts +137 -4
- package/dist/auth.d.ts +149 -4
- package/dist/browser-cjs/{index-ff477525.js → index-a031a7c0.js} +180 -5
- package/dist/browser-cjs/index-a031a7c0.js.map +1 -0
- package/dist/browser-cjs/index.d.ts +2 -1
- package/dist/browser-cjs/index.js +3 -1
- package/dist/browser-cjs/index.js.map +1 -1
- package/dist/browser-cjs/internal.js +3 -1
- package/dist/browser-cjs/internal.js.map +1 -1
- package/dist/browser-cjs/src/api/account_management/mfa.d.ts +38 -4
- package/dist/browser-cjs/src/api/authentication/mfa.d.ts +11 -0
- package/dist/browser-cjs/src/core/errors.d.ts +1 -0
- package/dist/browser-cjs/src/core/index.d.ts +1 -0
- package/dist/browser-cjs/src/mfa/assertions/totp.d.ts +124 -0
- package/dist/browser-cjs/src/mfa/assertions/totp.test.d.ts +17 -0
- package/dist/browser-cjs/src/mfa/mfa_info.d.ts +5 -1
- package/dist/browser-cjs/src/model/enum_maps.d.ts +1 -0
- package/dist/browser-cjs/src/model/public_types.d.ts +18 -1
- package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +3 -0
- package/dist/browser-cjs/test/integration/flows/totp.test.d.ts +17 -0
- package/dist/cordova/index.d.ts +2 -1
- package/dist/cordova/index.js +2 -2
- package/dist/cordova/internal.js +179 -3
- package/dist/cordova/internal.js.map +1 -1
- package/dist/cordova/{popup_redirect-a4d3c436.js → popup_redirect-69cff576.js} +31 -6
- package/dist/cordova/popup_redirect-69cff576.js.map +1 -0
- package/dist/cordova/src/api/account_management/mfa.d.ts +38 -4
- package/dist/cordova/src/api/authentication/mfa.d.ts +11 -0
- package/dist/cordova/src/core/errors.d.ts +1 -0
- package/dist/cordova/src/core/index.d.ts +1 -0
- package/dist/cordova/src/mfa/assertions/totp.d.ts +124 -0
- package/dist/cordova/src/mfa/assertions/totp.test.d.ts +17 -0
- package/dist/cordova/src/mfa/mfa_info.d.ts +5 -1
- package/dist/cordova/src/model/enum_maps.d.ts +1 -0
- package/dist/cordova/src/model/public_types.d.ts +18 -1
- package/dist/cordova/test/helpers/integration/helpers.d.ts +3 -0
- package/dist/cordova/test/integration/flows/totp.test.d.ts +17 -0
- package/dist/esm2017/{index-3363a72a.js → index-33f309f3.js} +179 -6
- package/dist/esm2017/index-33f309f3.js.map +1 -0
- package/dist/esm2017/index.d.ts +2 -1
- package/dist/esm2017/index.js +1 -1
- package/dist/esm2017/internal.js +2 -2
- package/dist/esm2017/src/api/account_management/mfa.d.ts +38 -4
- package/dist/esm2017/src/api/authentication/mfa.d.ts +11 -0
- package/dist/esm2017/src/core/errors.d.ts +1 -0
- package/dist/esm2017/src/core/index.d.ts +1 -0
- package/dist/esm2017/src/mfa/assertions/totp.d.ts +124 -0
- package/dist/esm2017/src/mfa/assertions/totp.test.d.ts +17 -0
- package/dist/esm2017/src/mfa/mfa_info.d.ts +5 -1
- package/dist/esm2017/src/model/enum_maps.d.ts +1 -0
- package/dist/esm2017/src/model/public_types.d.ts +18 -1
- package/dist/esm2017/test/helpers/integration/helpers.d.ts +3 -0
- package/dist/esm2017/test/integration/flows/totp.test.d.ts +17 -0
- package/dist/esm5/{index-3f05dc7b.js → index-588c4d42.js} +207 -6
- package/dist/esm5/index-588c4d42.js.map +1 -0
- package/dist/esm5/index.d.ts +2 -1
- package/dist/esm5/index.js +1 -1
- package/dist/esm5/internal.js +2 -2
- package/dist/esm5/src/api/account_management/mfa.d.ts +38 -4
- package/dist/esm5/src/api/authentication/mfa.d.ts +11 -0
- package/dist/esm5/src/core/errors.d.ts +1 -0
- package/dist/esm5/src/core/index.d.ts +1 -0
- package/dist/esm5/src/mfa/assertions/totp.d.ts +124 -0
- package/dist/esm5/src/mfa/assertions/totp.test.d.ts +17 -0
- package/dist/esm5/src/mfa/mfa_info.d.ts +5 -1
- package/dist/esm5/src/model/enum_maps.d.ts +1 -0
- package/dist/esm5/src/model/public_types.d.ts +18 -1
- package/dist/esm5/test/helpers/integration/helpers.d.ts +3 -0
- package/dist/esm5/test/integration/flows/totp.test.d.ts +17 -0
- package/dist/index.d.ts +2 -1
- package/dist/index.webworker.esm5.js +23 -4
- package/dist/index.webworker.esm5.js.map +1 -1
- package/dist/node/index.d.ts +2 -1
- package/dist/node/index.js +83 -81
- package/dist/node/index.js.map +1 -1
- package/dist/node/internal.js +144 -142
- package/dist/node/internal.js.map +1 -1
- package/dist/node/src/api/account_management/mfa.d.ts +38 -4
- package/dist/node/src/api/authentication/mfa.d.ts +11 -0
- package/dist/node/src/core/errors.d.ts +1 -0
- package/dist/node/src/core/index.d.ts +1 -0
- package/dist/node/src/mfa/assertions/totp.d.ts +124 -0
- package/dist/node/src/mfa/assertions/totp.test.d.ts +17 -0
- package/dist/node/src/mfa/mfa_info.d.ts +5 -1
- package/dist/node/src/model/enum_maps.d.ts +1 -0
- package/dist/node/src/model/public_types.d.ts +18 -1
- package/dist/node/test/helpers/integration/helpers.d.ts +3 -0
- package/dist/node/test/integration/flows/totp.test.d.ts +17 -0
- package/dist/node/{index-45468d80.js → totp-4f539e73.js} +243 -6
- package/dist/node/totp-4f539e73.js.map +1 -0
- package/dist/node-esm/index.d.ts +2 -1
- package/dist/node-esm/index.js +2 -2
- package/dist/node-esm/internal.js +3 -3
- package/dist/node-esm/src/api/account_management/mfa.d.ts +38 -4
- package/dist/node-esm/src/api/authentication/mfa.d.ts +11 -0
- package/dist/node-esm/src/core/errors.d.ts +1 -0
- package/dist/node-esm/src/core/index.d.ts +1 -0
- package/dist/node-esm/src/mfa/assertions/totp.d.ts +124 -0
- package/dist/node-esm/src/mfa/assertions/totp.test.d.ts +17 -0
- package/dist/node-esm/src/mfa/mfa_info.d.ts +5 -1
- package/dist/node-esm/src/model/enum_maps.d.ts +1 -0
- package/dist/node-esm/src/model/public_types.d.ts +18 -1
- package/dist/node-esm/test/helpers/integration/helpers.d.ts +3 -0
- package/dist/node-esm/test/integration/flows/totp.test.d.ts +17 -0
- package/dist/node-esm/{index-1f9492de.js → totp-aec70fa2.js} +213 -7
- package/dist/node-esm/totp-aec70fa2.js.map +1 -0
- package/dist/rn/index.d.ts +2 -1
- package/dist/rn/index.js +1 -1
- package/dist/rn/internal.js +176 -1
- package/dist/rn/internal.js.map +1 -1
- package/dist/rn/{phone-e7bf48a1.js → phone-a38a417c.js} +37 -5
- package/dist/rn/phone-a38a417c.js.map +1 -0
- package/dist/rn/src/api/account_management/mfa.d.ts +38 -4
- package/dist/rn/src/api/authentication/mfa.d.ts +11 -0
- package/dist/rn/src/core/errors.d.ts +1 -0
- package/dist/rn/src/core/index.d.ts +1 -0
- package/dist/rn/src/mfa/assertions/totp.d.ts +124 -0
- package/dist/rn/src/mfa/assertions/totp.test.d.ts +17 -0
- package/dist/rn/src/mfa/mfa_info.d.ts +5 -1
- package/dist/rn/src/model/enum_maps.d.ts +1 -0
- package/dist/rn/src/model/public_types.d.ts +18 -1
- package/dist/rn/test/helpers/integration/helpers.d.ts +3 -0
- package/dist/rn/test/integration/flows/totp.test.d.ts +17 -0
- package/dist/src/api/account_management/mfa.d.ts +38 -4
- package/dist/src/api/authentication/mfa.d.ts +11 -0
- package/dist/src/core/errors.d.ts +1 -0
- package/dist/src/core/index.d.ts +1 -0
- package/dist/src/mfa/assertions/totp.d.ts +124 -0
- package/dist/src/mfa/assertions/totp.test.d.ts +17 -0
- package/dist/src/mfa/mfa_info.d.ts +5 -1
- package/dist/src/model/enum_maps.d.ts +1 -0
- package/dist/src/model/public_types.d.ts +18 -1
- package/dist/test/helpers/integration/helpers.d.ts +3 -0
- package/dist/test/integration/flows/totp.test.d.ts +17 -0
- package/package.json +10 -8
- package/dist/browser-cjs/index-ff477525.js.map +0 -1
- package/dist/cordova/popup_redirect-a4d3c436.js.map +0 -1
- package/dist/esm2017/index-3363a72a.js.map +0 -1
- package/dist/esm5/index-3f05dc7b.js.map +0 -1
- package/dist/node/index-45468d80.js.map +0 -1
- package/dist/node-esm/index-1f9492de.js.map +0 -1
- package/dist/rn/phone-e7bf48a1.js.map +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# @firebase/auth
|
|
2
2
|
|
|
3
|
+
## 0.21.6
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [`58bae8757`](https://github.com/firebase/firebase-js-sdk/commit/58bae875799ed2ace8232f5d9e7aaaaa7a84d064) [#7146](https://github.com/firebase/firebase-js-sdk/pull/7146) - Support TOTP as a multi-factor option in Firebase Auth/GCIP.
|
|
8
|
+
|
|
9
|
+
- [`00737a1ab`](https://github.com/firebase/firebase-js-sdk/commit/00737a1abd469f3deb041d8ff482165cc16bc34e) [#7125](https://github.com/firebase/firebase-js-sdk/pull/7125) (fixes [#7118](https://github.com/firebase/firebase-js-sdk/issues/7118)) - Modify \_fail to use AuthErrorCode.NETWORK_REQUEST_FAILED
|
|
10
|
+
|
|
3
11
|
## 0.21.5
|
|
4
12
|
|
|
5
13
|
### Patch Changes
|
package/README.md
CHANGED
|
@@ -17,6 +17,7 @@ host of npm scripts to run these tests. The most important commands are:
|
|
|
17
17
|
| `yarn test:<platform>:unit:debug` | Runs \<platform> unit tests, auto-watching for file system changes |
|
|
18
18
|
| `yarn test:<platform>:integration` | Runs only integration tests against the live environment |
|
|
19
19
|
| `yarn test:<platform>:integration:local` | Runs all headless \<platform> integration tests against the emulator (more below) |
|
|
20
|
+
| `yarn test:browser:integration:prodbackend` | Runs TOTP MFA integration tests against the backend (more below) |
|
|
20
21
|
|
|
21
22
|
Where \<platform> is "browser" or "node". There are also cordova tests, but they
|
|
22
23
|
are not broken into such granular details. Check out `package.json` for more.
|
|
@@ -39,6 +40,11 @@ commands also run various tests:
|
|
|
39
40
|
* `yarn test:webdriver` — Executes only the Selenium WebDriver
|
|
40
41
|
integration tests
|
|
41
42
|
|
|
43
|
+
Note - The webdriver tests require the Chrome webdriver to match the version of Chrome running locally.
|
|
44
|
+
In the CI environment, this is ensured using the environment variable [here.](https://github.com/firebase/firebase-js-sdk/blob/6e80a678fe0c31046860554cec0459a2be34d22b/.github/workflows/test-changed-auth.yml#L7)
|
|
45
|
+
When running locally, change the chromedriver version in [package.json](https://github.com/firebase/firebase-js-sdk/blob/6e80a678fe0c31046860554cec0459a2be34d22b/packages/auth/package.json#L124) to match your local Chrome version and run `yarn install`.
|
|
46
|
+
|
|
47
|
+
|
|
42
48
|
For example, to run all integration and WebDriver tests against the emulator,
|
|
43
49
|
you would simply execute the following command:
|
|
44
50
|
|
|
@@ -46,6 +52,25 @@ you would simply execute the following command:
|
|
|
46
52
|
firebase emulators:exec --project foo-bar --only auth "yarn test:integration:local"
|
|
47
53
|
```
|
|
48
54
|
|
|
55
|
+
### Integration testing with the production backend
|
|
56
|
+
|
|
57
|
+
Currently, MFA TOTP tests only run against the production backend (since they are not supported on the emulator yet).
|
|
58
|
+
Running against the backend also makes it a more reliable end-to-end test.
|
|
59
|
+
|
|
60
|
+
The TOTP tests require the following email/password combination to exist in the project, so if you are running this test against your test project, please create this user:
|
|
61
|
+
|
|
62
|
+
'totpuser-donotdelete@test.com', 'password'
|
|
63
|
+
|
|
64
|
+
You also need to verify this email address, in order to use MFA. This can be done with a curl command like this:
|
|
65
|
+
|
|
66
|
+
```
|
|
67
|
+
curl -H "Authorization: Bearer $(gcloud auth print-access-token)" -H "Content-Type: application/json" -H "X-Goog-User-Project: ${PROJECT_ID}" -X POST https://identitytoolkit.googleapis.com/v1/accounts:sendOobCode -d '{
|
|
68
|
+
"email": "totpuser-donotdelete@test.com",
|
|
69
|
+
"requestType": "VERIFY_EMAIL",
|
|
70
|
+
"returnOobLink": true,
|
|
71
|
+
}'
|
|
72
|
+
```
|
|
73
|
+
|
|
49
74
|
### Selenium Webdriver tests
|
|
50
75
|
|
|
51
76
|
These tests assume that you have both Firefox and Chrome installed on your
|
package/dist/auth-public.d.ts
CHANGED
|
@@ -670,7 +670,7 @@ export declare interface AuthSettings {
|
|
|
670
670
|
}
|
|
671
671
|
|
|
672
672
|
/**
|
|
673
|
-
* MFA Info as returned by the API
|
|
673
|
+
* MFA Info as returned by the API.
|
|
674
674
|
*/
|
|
675
675
|
declare interface BaseMfaEnrollment {
|
|
676
676
|
mfaEnrollmentId: string;
|
|
@@ -1154,8 +1154,11 @@ export declare class FacebookAuthProvider extends BaseOAuthProvider {
|
|
|
1154
1154
|
export declare const FactorId: {
|
|
1155
1155
|
/** Phone as second factor */
|
|
1156
1156
|
readonly PHONE: "phone";
|
|
1157
|
+
readonly TOTP: "totp";
|
|
1157
1158
|
};
|
|
1158
1159
|
|
|
1160
|
+
/* Excluded from this release type: FactorId_2 */
|
|
1161
|
+
|
|
1159
1162
|
/**
|
|
1160
1163
|
* The base class for all Federated providers (OAuth (including OIDC), SAML).
|
|
1161
1164
|
*
|
|
@@ -1657,9 +1660,9 @@ export declare function linkWithPopup(user: User, provider: AuthProvider, resolv
|
|
|
1657
1660
|
export declare function linkWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
|
|
1658
1661
|
|
|
1659
1662
|
/**
|
|
1660
|
-
* MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment
|
|
1663
|
+
* MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment and TotpMfaEnrollment are supported.
|
|
1661
1664
|
*/
|
|
1662
|
-
declare type MfaEnrollment = PhoneMfaEnrollment;
|
|
1665
|
+
declare type MfaEnrollment = PhoneMfaEnrollment | TotpMfaEnrollment;
|
|
1663
1666
|
|
|
1664
1667
|
/**
|
|
1665
1668
|
* The {@link MultiFactorUser} corresponding to the user.
|
|
@@ -2132,6 +2135,7 @@ export declare function onAuthStateChanged(auth: Auth, nextOrObserver: NextOrObs
|
|
|
2132
2135
|
*
|
|
2133
2136
|
* @remarks
|
|
2134
2137
|
* This includes sign-in, sign-out, and token refresh events.
|
|
2138
|
+
* This will not be triggered automatically upon ID token expiration. Use {@link User.getIdToken} to refresh the ID token.
|
|
2135
2139
|
*
|
|
2136
2140
|
* @param auth - The {@link Auth} instance.
|
|
2137
2141
|
* @param nextOrObserver - callback triggered on change.
|
|
@@ -2371,7 +2375,7 @@ export declare class PhoneAuthProvider {
|
|
|
2371
2375
|
export declare type PhoneInfoOptions = PhoneSingleFactorInfoOptions | PhoneMultiFactorEnrollInfoOptions | PhoneMultiFactorSignInInfoOptions;
|
|
2372
2376
|
|
|
2373
2377
|
/**
|
|
2374
|
-
* An MFA provided by SMS verification
|
|
2378
|
+
* An MFA provided by SMS verification.
|
|
2375
2379
|
*/
|
|
2376
2380
|
declare interface PhoneMfaEnrollment extends BaseMfaEnrollment {
|
|
2377
2381
|
phoneInfo: string;
|
|
@@ -3148,10 +3152,139 @@ export declare function signInWithRedirect(auth: Auth, provider: AuthProvider, r
|
|
|
3148
3152
|
*/
|
|
3149
3153
|
export declare function signOut(auth: Auth): Promise<void>;
|
|
3150
3154
|
|
|
3155
|
+
declare interface StartTotpMfaEnrollmentResponse {
|
|
3156
|
+
totpSessionInfo: {
|
|
3157
|
+
sharedSecretKey: string;
|
|
3158
|
+
verificationCodeLength: number;
|
|
3159
|
+
hashingAlgorithm: string;
|
|
3160
|
+
periodSec: number;
|
|
3161
|
+
sessionInfo: string;
|
|
3162
|
+
finalizeEnrollmentTime: number;
|
|
3163
|
+
};
|
|
3164
|
+
}
|
|
3165
|
+
|
|
3151
3166
|
/* Excluded from this release type: StsTokenManager */
|
|
3152
3167
|
|
|
3153
3168
|
/* Excluded from this release type: TaggedWithTokenResponse */
|
|
3154
3169
|
|
|
3170
|
+
/**
|
|
3171
|
+
* An MFA provided by TOTP (Time-based One Time Password).
|
|
3172
|
+
*/
|
|
3173
|
+
declare interface TotpMfaEnrollment extends BaseMfaEnrollment {
|
|
3174
|
+
}
|
|
3175
|
+
|
|
3176
|
+
/**
|
|
3177
|
+
* The class for asserting ownership of a TOTP second factor. Provided by
|
|
3178
|
+
* {@link TotpMultiFactorGenerator.assertionForEnrollment} and
|
|
3179
|
+
* {@link TotpMultiFactorGenerator.assertionForSignIn}.
|
|
3180
|
+
*
|
|
3181
|
+
* @public
|
|
3182
|
+
*/
|
|
3183
|
+
export declare interface TotpMultiFactorAssertion extends MultiFactorAssertion {
|
|
3184
|
+
}
|
|
3185
|
+
|
|
3186
|
+
/**
|
|
3187
|
+
* Provider for generating a {@link TotpMultiFactorAssertion}.
|
|
3188
|
+
*
|
|
3189
|
+
* @public
|
|
3190
|
+
*/
|
|
3191
|
+
export declare class TotpMultiFactorGenerator {
|
|
3192
|
+
/**
|
|
3193
|
+
* Provides a {@link TotpMultiFactorAssertion} to confirm ownership of
|
|
3194
|
+
* the TOTP (time-based one-time password) second factor.
|
|
3195
|
+
* This assertion is used to complete enrollment in TOTP second factor.
|
|
3196
|
+
*
|
|
3197
|
+
* @param secret A {@link TotpSecret} containing the shared secret key and other TOTP parameters.
|
|
3198
|
+
* @param oneTimePassword One-time password from TOTP App.
|
|
3199
|
+
* @returns A {@link TotpMultiFactorAssertion} which can be used with
|
|
3200
|
+
* {@link MultiFactorUser.enroll}.
|
|
3201
|
+
*/
|
|
3202
|
+
static assertionForEnrollment(secret: TotpSecret, oneTimePassword: string): TotpMultiFactorAssertion;
|
|
3203
|
+
/**
|
|
3204
|
+
* Provides a {@link TotpMultiFactorAssertion} to confirm ownership of the TOTP second factor.
|
|
3205
|
+
* This assertion is used to complete signIn with TOTP as the second factor.
|
|
3206
|
+
*
|
|
3207
|
+
* @param enrollmentId identifies the enrolled TOTP second factor.
|
|
3208
|
+
* @param oneTimePassword One-time password from TOTP App.
|
|
3209
|
+
* @returns A {@link TotpMultiFactorAssertion} which can be used with
|
|
3210
|
+
* {@link MultiFactorResolver.resolveSignIn}.
|
|
3211
|
+
*/
|
|
3212
|
+
static assertionForSignIn(enrollmentId: string, oneTimePassword: string): TotpMultiFactorAssertion;
|
|
3213
|
+
/**
|
|
3214
|
+
* Returns a promise to {@link TotpSecret} which contains the TOTP shared secret key and other parameters.
|
|
3215
|
+
* Creates a TOTP secret as part of enrolling a TOTP second factor.
|
|
3216
|
+
* Used for generating a QR code URL or inputting into a TOTP app.
|
|
3217
|
+
* This method uses the auth instance corresponding to the user in the multiFactorSession.
|
|
3218
|
+
*
|
|
3219
|
+
* @param session The {@link MultiFactorSession} that the user is part of.
|
|
3220
|
+
* @returns A promise to {@link TotpSecret}.
|
|
3221
|
+
*/
|
|
3222
|
+
static generateSecret(session: MultiFactorSession): Promise<TotpSecret>;
|
|
3223
|
+
/**
|
|
3224
|
+
* The identifier of the TOTP second factor: `totp`.
|
|
3225
|
+
*/
|
|
3226
|
+
static FACTOR_ID: FactorId_2;
|
|
3227
|
+
}
|
|
3228
|
+
|
|
3229
|
+
/**
|
|
3230
|
+
* The subclass of the {@link MultiFactorInfo} interface for TOTP
|
|
3231
|
+
* second factors. The `factorId` of this second factor is {@link FactorId}.TOTP.
|
|
3232
|
+
* @public
|
|
3233
|
+
*/
|
|
3234
|
+
export declare interface TotpMultiFactorInfo extends MultiFactorInfo {
|
|
3235
|
+
}
|
|
3236
|
+
|
|
3237
|
+
/**
|
|
3238
|
+
* Provider for generating a {@link TotpMultiFactorAssertion}.
|
|
3239
|
+
*
|
|
3240
|
+
* Stores the shared secret key and other parameters to generate time-based OTPs.
|
|
3241
|
+
* Implements methods to retrieve the shared secret key and generate a QR code URL.
|
|
3242
|
+
* @public
|
|
3243
|
+
*/
|
|
3244
|
+
export declare class TotpSecret {
|
|
3245
|
+
private readonly sessionInfo;
|
|
3246
|
+
private readonly auth;
|
|
3247
|
+
/**
|
|
3248
|
+
* Shared secret key/seed used for enrolling in TOTP MFA and generating OTPs.
|
|
3249
|
+
*/
|
|
3250
|
+
readonly secretKey: string;
|
|
3251
|
+
/**
|
|
3252
|
+
* Hashing algorithm used.
|
|
3253
|
+
*/
|
|
3254
|
+
readonly hashingAlgorithm: string;
|
|
3255
|
+
/**
|
|
3256
|
+
* Length of the one-time passwords to be generated.
|
|
3257
|
+
*/
|
|
3258
|
+
readonly codeLength: number;
|
|
3259
|
+
/**
|
|
3260
|
+
* The interval (in seconds) when the OTP codes should change.
|
|
3261
|
+
*/
|
|
3262
|
+
readonly codeIntervalSeconds: number;
|
|
3263
|
+
/**
|
|
3264
|
+
* The timestamp (UTC string) by which TOTP enrollment should be completed.
|
|
3265
|
+
*/
|
|
3266
|
+
readonly enrollmentCompletionDeadline: string;
|
|
3267
|
+
private constructor();
|
|
3268
|
+
/* Excluded from this release type: _fromStartTotpMfaEnrollmentResponse */
|
|
3269
|
+
/* Excluded from this release type: _makeTotpVerificationInfo */
|
|
3270
|
+
/**
|
|
3271
|
+
* Returns a QR code URL as described in
|
|
3272
|
+
* https://github.com/google/google-authenticator/wiki/Key-Uri-Format
|
|
3273
|
+
* This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator.
|
|
3274
|
+
* If the optional parameters are unspecified, an accountName of <userEmail> and issuer of <firebaseAppName> are used.
|
|
3275
|
+
*
|
|
3276
|
+
* @param accountName the name of the account/app along with a user identifier.
|
|
3277
|
+
* @param issuer issuer of the TOTP (likely the app name).
|
|
3278
|
+
* @returns A QR code URL string.
|
|
3279
|
+
*/
|
|
3280
|
+
generateQrCodeUrl(accountName?: string, issuer?: string): string;
|
|
3281
|
+
}
|
|
3282
|
+
|
|
3283
|
+
declare interface TotpVerificationInfo {
|
|
3284
|
+
sessionInfo: string;
|
|
3285
|
+
verificationCode: string;
|
|
3286
|
+
}
|
|
3287
|
+
|
|
3155
3288
|
/**
|
|
3156
3289
|
* Provider for generating an {@link OAuthCredential} for {@link ProviderId}.TWITTER.
|
|
3157
3290
|
*
|
package/dist/auth.d.ts
CHANGED
|
@@ -575,6 +575,7 @@ declare const enum AuthErrorCode {
|
|
|
575
575
|
MISSING_MFA_INFO = "missing-multi-factor-info",
|
|
576
576
|
MISSING_MFA_SESSION = "missing-multi-factor-session",
|
|
577
577
|
MISSING_PHONE_NUMBER = "missing-phone-number",
|
|
578
|
+
MISSING_PASSWORD = "missing-password",
|
|
578
579
|
MISSING_SESSION_INFO = "missing-verification-id",
|
|
579
580
|
MODULE_DESTROYED = "app-deleted",
|
|
580
581
|
NEED_CONFIRMATION = "account-exists-with-different-credential",
|
|
@@ -897,7 +898,7 @@ export declare interface AuthSettings {
|
|
|
897
898
|
}
|
|
898
899
|
|
|
899
900
|
/**
|
|
900
|
-
* MFA Info as returned by the API
|
|
901
|
+
* MFA Info as returned by the API.
|
|
901
902
|
*/
|
|
902
903
|
declare interface BaseMfaEnrollment {
|
|
903
904
|
mfaEnrollmentId: string;
|
|
@@ -1420,8 +1421,20 @@ export declare class FacebookAuthProvider extends BaseOAuthProvider {
|
|
|
1420
1421
|
export declare const FactorId: {
|
|
1421
1422
|
/** Phone as second factor */
|
|
1422
1423
|
readonly PHONE: "phone";
|
|
1424
|
+
readonly TOTP: "totp";
|
|
1423
1425
|
};
|
|
1424
1426
|
|
|
1427
|
+
/**
|
|
1428
|
+
* An enum of factors that may be used for multifactor authentication.
|
|
1429
|
+
*
|
|
1430
|
+
* @internal
|
|
1431
|
+
*/
|
|
1432
|
+
declare const enum FactorId_2 {
|
|
1433
|
+
/** Phone as second factor */
|
|
1434
|
+
PHONE = "phone",
|
|
1435
|
+
TOTP = "totp"
|
|
1436
|
+
}
|
|
1437
|
+
|
|
1425
1438
|
/**
|
|
1426
1439
|
* The base class for all Federated providers (OAuth (including OIDC), SAML).
|
|
1427
1440
|
*
|
|
@@ -1978,9 +1991,9 @@ export declare function linkWithPopup(user: User, provider: AuthProvider, resolv
|
|
|
1978
1991
|
export declare function linkWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
|
|
1979
1992
|
|
|
1980
1993
|
/**
|
|
1981
|
-
* MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment
|
|
1994
|
+
* MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment and TotpMfaEnrollment are supported.
|
|
1982
1995
|
*/
|
|
1983
|
-
declare type MfaEnrollment = PhoneMfaEnrollment;
|
|
1996
|
+
declare type MfaEnrollment = PhoneMfaEnrollment | TotpMfaEnrollment;
|
|
1984
1997
|
|
|
1985
1998
|
/**
|
|
1986
1999
|
* The {@link MultiFactorUser} corresponding to the user.
|
|
@@ -2457,6 +2470,7 @@ export declare function onAuthStateChanged(auth: Auth, nextOrObserver: NextOrObs
|
|
|
2457
2470
|
*
|
|
2458
2471
|
* @remarks
|
|
2459
2472
|
* This includes sign-in, sign-out, and token refresh events.
|
|
2473
|
+
* This will not be triggered automatically upon ID token expiration. Use {@link User.getIdToken} to refresh the ID token.
|
|
2460
2474
|
*
|
|
2461
2475
|
* @param auth - The {@link Auth} instance.
|
|
2462
2476
|
* @param nextOrObserver - callback triggered on change.
|
|
@@ -2702,7 +2716,7 @@ export declare class PhoneAuthProvider {
|
|
|
2702
2716
|
export declare type PhoneInfoOptions = PhoneSingleFactorInfoOptions | PhoneMultiFactorEnrollInfoOptions | PhoneMultiFactorSignInInfoOptions;
|
|
2703
2717
|
|
|
2704
2718
|
/**
|
|
2705
|
-
* An MFA provided by SMS verification
|
|
2719
|
+
* An MFA provided by SMS verification.
|
|
2706
2720
|
*/
|
|
2707
2721
|
declare interface PhoneMfaEnrollment extends BaseMfaEnrollment {
|
|
2708
2722
|
phoneInfo: string;
|
|
@@ -3572,6 +3586,17 @@ export declare function signInWithRedirect(auth: Auth, provider: AuthProvider, r
|
|
|
3572
3586
|
*/
|
|
3573
3587
|
export declare function signOut(auth: Auth): Promise<void>;
|
|
3574
3588
|
|
|
3589
|
+
declare interface StartTotpMfaEnrollmentResponse {
|
|
3590
|
+
totpSessionInfo: {
|
|
3591
|
+
sharedSecretKey: string;
|
|
3592
|
+
verificationCodeLength: number;
|
|
3593
|
+
hashingAlgorithm: string;
|
|
3594
|
+
periodSec: number;
|
|
3595
|
+
sessionInfo: string;
|
|
3596
|
+
finalizeEnrollmentTime: number;
|
|
3597
|
+
};
|
|
3598
|
+
}
|
|
3599
|
+
|
|
3575
3600
|
/**
|
|
3576
3601
|
* We need to mark this class as internal explicitly to exclude it in the public typings, because
|
|
3577
3602
|
* it references AuthInternal which has a circular dependency with UserInternal.
|
|
@@ -3602,6 +3627,126 @@ declare interface TaggedWithTokenResponse {
|
|
|
3602
3627
|
_tokenResponse?: PhoneOrOauthTokenResponse;
|
|
3603
3628
|
}
|
|
3604
3629
|
|
|
3630
|
+
/**
|
|
3631
|
+
* An MFA provided by TOTP (Time-based One Time Password).
|
|
3632
|
+
*/
|
|
3633
|
+
declare interface TotpMfaEnrollment extends BaseMfaEnrollment {
|
|
3634
|
+
}
|
|
3635
|
+
|
|
3636
|
+
/**
|
|
3637
|
+
* The class for asserting ownership of a TOTP second factor. Provided by
|
|
3638
|
+
* {@link TotpMultiFactorGenerator.assertionForEnrollment} and
|
|
3639
|
+
* {@link TotpMultiFactorGenerator.assertionForSignIn}.
|
|
3640
|
+
*
|
|
3641
|
+
* @public
|
|
3642
|
+
*/
|
|
3643
|
+
export declare interface TotpMultiFactorAssertion extends MultiFactorAssertion {
|
|
3644
|
+
}
|
|
3645
|
+
|
|
3646
|
+
/**
|
|
3647
|
+
* Provider for generating a {@link TotpMultiFactorAssertion}.
|
|
3648
|
+
*
|
|
3649
|
+
* @public
|
|
3650
|
+
*/
|
|
3651
|
+
export declare class TotpMultiFactorGenerator {
|
|
3652
|
+
/**
|
|
3653
|
+
* Provides a {@link TotpMultiFactorAssertion} to confirm ownership of
|
|
3654
|
+
* the TOTP (time-based one-time password) second factor.
|
|
3655
|
+
* This assertion is used to complete enrollment in TOTP second factor.
|
|
3656
|
+
*
|
|
3657
|
+
* @param secret A {@link TotpSecret} containing the shared secret key and other TOTP parameters.
|
|
3658
|
+
* @param oneTimePassword One-time password from TOTP App.
|
|
3659
|
+
* @returns A {@link TotpMultiFactorAssertion} which can be used with
|
|
3660
|
+
* {@link MultiFactorUser.enroll}.
|
|
3661
|
+
*/
|
|
3662
|
+
static assertionForEnrollment(secret: TotpSecret, oneTimePassword: string): TotpMultiFactorAssertion;
|
|
3663
|
+
/**
|
|
3664
|
+
* Provides a {@link TotpMultiFactorAssertion} to confirm ownership of the TOTP second factor.
|
|
3665
|
+
* This assertion is used to complete signIn with TOTP as the second factor.
|
|
3666
|
+
*
|
|
3667
|
+
* @param enrollmentId identifies the enrolled TOTP second factor.
|
|
3668
|
+
* @param oneTimePassword One-time password from TOTP App.
|
|
3669
|
+
* @returns A {@link TotpMultiFactorAssertion} which can be used with
|
|
3670
|
+
* {@link MultiFactorResolver.resolveSignIn}.
|
|
3671
|
+
*/
|
|
3672
|
+
static assertionForSignIn(enrollmentId: string, oneTimePassword: string): TotpMultiFactorAssertion;
|
|
3673
|
+
/**
|
|
3674
|
+
* Returns a promise to {@link TotpSecret} which contains the TOTP shared secret key and other parameters.
|
|
3675
|
+
* Creates a TOTP secret as part of enrolling a TOTP second factor.
|
|
3676
|
+
* Used for generating a QR code URL or inputting into a TOTP app.
|
|
3677
|
+
* This method uses the auth instance corresponding to the user in the multiFactorSession.
|
|
3678
|
+
*
|
|
3679
|
+
* @param session The {@link MultiFactorSession} that the user is part of.
|
|
3680
|
+
* @returns A promise to {@link TotpSecret}.
|
|
3681
|
+
*/
|
|
3682
|
+
static generateSecret(session: MultiFactorSession): Promise<TotpSecret>;
|
|
3683
|
+
/**
|
|
3684
|
+
* The identifier of the TOTP second factor: `totp`.
|
|
3685
|
+
*/
|
|
3686
|
+
static FACTOR_ID: FactorId_2;
|
|
3687
|
+
}
|
|
3688
|
+
|
|
3689
|
+
/**
|
|
3690
|
+
* The subclass of the {@link MultiFactorInfo} interface for TOTP
|
|
3691
|
+
* second factors. The `factorId` of this second factor is {@link FactorId}.TOTP.
|
|
3692
|
+
* @public
|
|
3693
|
+
*/
|
|
3694
|
+
export declare interface TotpMultiFactorInfo extends MultiFactorInfo {
|
|
3695
|
+
}
|
|
3696
|
+
|
|
3697
|
+
/**
|
|
3698
|
+
* Provider for generating a {@link TotpMultiFactorAssertion}.
|
|
3699
|
+
*
|
|
3700
|
+
* Stores the shared secret key and other parameters to generate time-based OTPs.
|
|
3701
|
+
* Implements methods to retrieve the shared secret key and generate a QR code URL.
|
|
3702
|
+
* @public
|
|
3703
|
+
*/
|
|
3704
|
+
export declare class TotpSecret {
|
|
3705
|
+
private readonly sessionInfo;
|
|
3706
|
+
private readonly auth;
|
|
3707
|
+
/**
|
|
3708
|
+
* Shared secret key/seed used for enrolling in TOTP MFA and generating OTPs.
|
|
3709
|
+
*/
|
|
3710
|
+
readonly secretKey: string;
|
|
3711
|
+
/**
|
|
3712
|
+
* Hashing algorithm used.
|
|
3713
|
+
*/
|
|
3714
|
+
readonly hashingAlgorithm: string;
|
|
3715
|
+
/**
|
|
3716
|
+
* Length of the one-time passwords to be generated.
|
|
3717
|
+
*/
|
|
3718
|
+
readonly codeLength: number;
|
|
3719
|
+
/**
|
|
3720
|
+
* The interval (in seconds) when the OTP codes should change.
|
|
3721
|
+
*/
|
|
3722
|
+
readonly codeIntervalSeconds: number;
|
|
3723
|
+
/**
|
|
3724
|
+
* The timestamp (UTC string) by which TOTP enrollment should be completed.
|
|
3725
|
+
*/
|
|
3726
|
+
readonly enrollmentCompletionDeadline: string;
|
|
3727
|
+
private constructor();
|
|
3728
|
+
/** @internal */
|
|
3729
|
+
static _fromStartTotpMfaEnrollmentResponse(response: StartTotpMfaEnrollmentResponse, auth: AuthInternal): TotpSecret;
|
|
3730
|
+
/** @internal */
|
|
3731
|
+
_makeTotpVerificationInfo(otp: string): TotpVerificationInfo;
|
|
3732
|
+
/**
|
|
3733
|
+
* Returns a QR code URL as described in
|
|
3734
|
+
* https://github.com/google/google-authenticator/wiki/Key-Uri-Format
|
|
3735
|
+
* This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator.
|
|
3736
|
+
* If the optional parameters are unspecified, an accountName of <userEmail> and issuer of <firebaseAppName> are used.
|
|
3737
|
+
*
|
|
3738
|
+
* @param accountName the name of the account/app along with a user identifier.
|
|
3739
|
+
* @param issuer issuer of the TOTP (likely the app name).
|
|
3740
|
+
* @returns A QR code URL string.
|
|
3741
|
+
*/
|
|
3742
|
+
generateQrCodeUrl(accountName?: string, issuer?: string): string;
|
|
3743
|
+
}
|
|
3744
|
+
|
|
3745
|
+
declare interface TotpVerificationInfo {
|
|
3746
|
+
sessionInfo: string;
|
|
3747
|
+
verificationCode: string;
|
|
3748
|
+
}
|
|
3749
|
+
|
|
3605
3750
|
/**
|
|
3606
3751
|
* Provider for generating an {@link OAuthCredential} for {@link ProviderId}.TWITTER.
|
|
3607
3752
|
*
|