@firebase/auth 0.21.6 → 0.22.0-canary.1d6771eb3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (218) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/README.md +5 -0
  3. package/dist/auth-public.d.ts +59 -3
  4. package/dist/auth.d.ts +74 -13
  5. package/dist/browser-cjs/{index-39443020.js → index-7393ca6a.js} +593 -208
  6. package/dist/browser-cjs/index-7393ca6a.js.map +1 -0
  7. package/dist/browser-cjs/index.js +3 -2
  8. package/dist/browser-cjs/index.js.map +1 -1
  9. package/dist/browser-cjs/internal.js +3 -2
  10. package/dist/browser-cjs/internal.js.map +1 -1
  11. package/dist/browser-cjs/src/api/authentication/email_and_password.d.ts +9 -0
  12. package/dist/browser-cjs/src/api/authentication/recaptcha.d.ts +16 -0
  13. package/dist/browser-cjs/src/api/authentication/sign_up.d.ts +4 -0
  14. package/dist/browser-cjs/src/api/errors.d.ts +9 -1
  15. package/dist/browser-cjs/src/api/index.d.ts +17 -2
  16. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +9 -1
  17. package/dist/browser-cjs/src/core/errors.d.ts +18 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +27 -0
  19. package/dist/browser-cjs/src/core/util/handler.d.ts +1 -1
  20. package/dist/browser-cjs/src/core/util/log.d.ts +1 -0
  21. package/dist/browser-cjs/src/mfa/assertions/totp.d.ts +2 -2
  22. package/dist/browser-cjs/src/model/auth.d.ts +6 -0
  23. package/dist/browser-cjs/src/platform_browser/auth_window.d.ts +2 -2
  24. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  25. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  26. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  27. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  28. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  29. package/dist/browser-cjs/src/platform_browser/strategies/popup.d.ts +1 -1
  30. package/dist/browser-cjs/test/helpers/api/helper.d.ts +2 -0
  31. package/dist/browser-cjs/test/helpers/mock_auth.d.ts +5 -0
  32. package/dist/cordova/index.js +2 -2
  33. package/dist/cordova/internal.js +21 -77
  34. package/dist/cordova/internal.js.map +1 -1
  35. package/dist/cordova/{popup_redirect-8b388294.js → popup_redirect-eae95465.js} +781 -215
  36. package/dist/cordova/popup_redirect-eae95465.js.map +1 -0
  37. package/dist/cordova/src/api/authentication/email_and_password.d.ts +9 -0
  38. package/dist/cordova/src/api/authentication/recaptcha.d.ts +16 -0
  39. package/dist/cordova/src/api/authentication/sign_up.d.ts +4 -0
  40. package/dist/cordova/src/api/errors.d.ts +9 -1
  41. package/dist/cordova/src/api/index.d.ts +17 -2
  42. package/dist/cordova/src/core/auth/auth_impl.d.ts +9 -1
  43. package/dist/cordova/src/core/errors.d.ts +18 -1
  44. package/dist/cordova/src/core/index.d.ts +27 -0
  45. package/dist/cordova/src/core/util/handler.d.ts +1 -1
  46. package/dist/cordova/src/core/util/log.d.ts +1 -0
  47. package/dist/cordova/src/mfa/assertions/totp.d.ts +2 -2
  48. package/dist/cordova/src/model/auth.d.ts +6 -0
  49. package/dist/cordova/src/platform_browser/auth_window.d.ts +2 -2
  50. package/dist/cordova/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  51. package/dist/cordova/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  52. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  53. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  54. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  55. package/dist/cordova/src/platform_browser/strategies/popup.d.ts +1 -1
  56. package/dist/cordova/test/helpers/api/helper.d.ts +2 -0
  57. package/dist/cordova/test/helpers/mock_auth.d.ts +5 -0
  58. package/dist/esm2017/{index-2d01563f.js → index-1124980d.js} +594 -210
  59. package/dist/esm2017/index-1124980d.js.map +1 -0
  60. package/dist/esm2017/index.js +2 -2
  61. package/dist/esm2017/internal.js +3 -3
  62. package/dist/esm2017/src/api/authentication/email_and_password.d.ts +9 -0
  63. package/dist/esm2017/src/api/authentication/recaptcha.d.ts +16 -0
  64. package/dist/esm2017/src/api/authentication/sign_up.d.ts +4 -0
  65. package/dist/esm2017/src/api/errors.d.ts +9 -1
  66. package/dist/esm2017/src/api/index.d.ts +17 -2
  67. package/dist/esm2017/src/core/auth/auth_impl.d.ts +9 -1
  68. package/dist/esm2017/src/core/errors.d.ts +18 -1
  69. package/dist/esm2017/src/core/index.d.ts +27 -0
  70. package/dist/esm2017/src/core/util/handler.d.ts +1 -1
  71. package/dist/esm2017/src/core/util/log.d.ts +1 -0
  72. package/dist/esm2017/src/mfa/assertions/totp.d.ts +2 -2
  73. package/dist/esm2017/src/model/auth.d.ts +6 -0
  74. package/dist/esm2017/src/platform_browser/auth_window.d.ts +2 -2
  75. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  76. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  77. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  78. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  79. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  80. package/dist/esm2017/src/platform_browser/strategies/popup.d.ts +1 -1
  81. package/dist/esm2017/test/helpers/api/helper.d.ts +2 -0
  82. package/dist/esm2017/test/helpers/mock_auth.d.ts +5 -0
  83. package/dist/esm5/{index-44fc929c.js → index-169fb84f.js} +800 -290
  84. package/dist/esm5/index-169fb84f.js.map +1 -0
  85. package/dist/esm5/index.js +1 -1
  86. package/dist/esm5/internal.js +2 -2
  87. package/dist/esm5/src/api/authentication/email_and_password.d.ts +9 -0
  88. package/dist/esm5/src/api/authentication/recaptcha.d.ts +16 -0
  89. package/dist/esm5/src/api/authentication/sign_up.d.ts +4 -0
  90. package/dist/esm5/src/api/errors.d.ts +9 -1
  91. package/dist/esm5/src/api/index.d.ts +17 -2
  92. package/dist/esm5/src/core/auth/auth_impl.d.ts +9 -1
  93. package/dist/esm5/src/core/errors.d.ts +18 -1
  94. package/dist/esm5/src/core/index.d.ts +27 -0
  95. package/dist/esm5/src/core/util/handler.d.ts +1 -1
  96. package/dist/esm5/src/core/util/log.d.ts +1 -0
  97. package/dist/esm5/src/mfa/assertions/totp.d.ts +2 -2
  98. package/dist/esm5/src/model/auth.d.ts +6 -0
  99. package/dist/esm5/src/platform_browser/auth_window.d.ts +2 -2
  100. package/dist/esm5/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  101. package/dist/esm5/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  102. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  103. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  104. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  105. package/dist/esm5/src/platform_browser/strategies/popup.d.ts +1 -1
  106. package/dist/esm5/test/helpers/api/helper.d.ts +2 -0
  107. package/dist/esm5/test/helpers/mock_auth.d.ts +5 -0
  108. package/dist/index.webworker.esm5.js +605 -75
  109. package/dist/index.webworker.esm5.js.map +1 -1
  110. package/dist/node/index.js +2 -1
  111. package/dist/node/index.js.map +1 -1
  112. package/dist/node/internal.js +62 -42
  113. package/dist/node/internal.js.map +1 -1
  114. package/dist/node/src/api/authentication/email_and_password.d.ts +9 -0
  115. package/dist/node/src/api/authentication/recaptcha.d.ts +16 -0
  116. package/dist/node/src/api/authentication/sign_up.d.ts +4 -0
  117. package/dist/node/src/api/errors.d.ts +9 -1
  118. package/dist/node/src/api/index.d.ts +17 -2
  119. package/dist/node/src/core/auth/auth_impl.d.ts +9 -1
  120. package/dist/node/src/core/errors.d.ts +18 -1
  121. package/dist/node/src/core/index.d.ts +27 -0
  122. package/dist/node/src/core/util/handler.d.ts +1 -1
  123. package/dist/node/src/core/util/log.d.ts +1 -0
  124. package/dist/node/src/mfa/assertions/totp.d.ts +2 -2
  125. package/dist/node/src/model/auth.d.ts +6 -0
  126. package/dist/node/src/platform_browser/auth_window.d.ts +2 -2
  127. package/dist/node/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  128. package/dist/node/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  129. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  130. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  131. package/dist/node/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  132. package/dist/node/src/platform_browser/strategies/popup.d.ts +1 -1
  133. package/dist/node/test/helpers/api/helper.d.ts +2 -0
  134. package/dist/node/test/helpers/mock_auth.d.ts +5 -0
  135. package/dist/node/{totp-5e73d8e7.js → totp-13fce87f.js} +703 -172
  136. package/dist/node/totp-13fce87f.js.map +1 -0
  137. package/dist/node-esm/index.js +1 -1
  138. package/dist/node-esm/internal.js +16 -4
  139. package/dist/node-esm/internal.js.map +1 -1
  140. package/dist/node-esm/src/api/authentication/email_and_password.d.ts +9 -0
  141. package/dist/node-esm/src/api/authentication/recaptcha.d.ts +16 -0
  142. package/dist/node-esm/src/api/authentication/sign_up.d.ts +4 -0
  143. package/dist/node-esm/src/api/errors.d.ts +9 -1
  144. package/dist/node-esm/src/api/index.d.ts +17 -2
  145. package/dist/node-esm/src/core/auth/auth_impl.d.ts +9 -1
  146. package/dist/node-esm/src/core/errors.d.ts +18 -1
  147. package/dist/node-esm/src/core/index.d.ts +27 -0
  148. package/dist/node-esm/src/core/util/handler.d.ts +1 -1
  149. package/dist/node-esm/src/core/util/log.d.ts +1 -0
  150. package/dist/node-esm/src/mfa/assertions/totp.d.ts +2 -2
  151. package/dist/node-esm/src/model/auth.d.ts +6 -0
  152. package/dist/node-esm/src/platform_browser/auth_window.d.ts +2 -2
  153. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  154. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  155. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  156. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  157. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  158. package/dist/node-esm/src/platform_browser/strategies/popup.d.ts +1 -1
  159. package/dist/node-esm/test/helpers/api/helper.d.ts +2 -0
  160. package/dist/node-esm/test/helpers/mock_auth.d.ts +5 -0
  161. package/dist/node-esm/{totp-7b645f19.js → totp-aee19ee4.js} +560 -141
  162. package/dist/node-esm/totp-aee19ee4.js.map +1 -0
  163. package/dist/rn/index.js +2 -1
  164. package/dist/rn/index.js.map +1 -1
  165. package/dist/rn/internal.js +79 -48
  166. package/dist/rn/internal.js.map +1 -1
  167. package/dist/rn/{phone-ec210006.js → phone-26700494.js} +741 -260
  168. package/dist/rn/phone-26700494.js.map +1 -0
  169. package/dist/rn/src/api/authentication/email_and_password.d.ts +9 -0
  170. package/dist/rn/src/api/authentication/recaptcha.d.ts +16 -0
  171. package/dist/rn/src/api/authentication/sign_up.d.ts +4 -0
  172. package/dist/rn/src/api/errors.d.ts +9 -1
  173. package/dist/rn/src/api/index.d.ts +17 -2
  174. package/dist/rn/src/core/auth/auth_impl.d.ts +9 -1
  175. package/dist/rn/src/core/errors.d.ts +18 -1
  176. package/dist/rn/src/core/index.d.ts +27 -0
  177. package/dist/rn/src/core/util/handler.d.ts +1 -1
  178. package/dist/rn/src/core/util/log.d.ts +1 -0
  179. package/dist/rn/src/mfa/assertions/totp.d.ts +2 -2
  180. package/dist/rn/src/model/auth.d.ts +6 -0
  181. package/dist/rn/src/platform_browser/auth_window.d.ts +2 -2
  182. package/dist/rn/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  183. package/dist/rn/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  184. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  185. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  186. package/dist/rn/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  187. package/dist/rn/src/platform_browser/strategies/popup.d.ts +1 -1
  188. package/dist/rn/test/helpers/api/helper.d.ts +2 -0
  189. package/dist/rn/test/helpers/mock_auth.d.ts +5 -0
  190. package/dist/src/api/authentication/email_and_password.d.ts +9 -0
  191. package/dist/src/api/authentication/recaptcha.d.ts +16 -0
  192. package/dist/src/api/authentication/sign_up.d.ts +4 -0
  193. package/dist/src/api/errors.d.ts +9 -1
  194. package/dist/src/api/index.d.ts +17 -2
  195. package/dist/src/core/auth/auth_impl.d.ts +9 -1
  196. package/dist/src/core/errors.d.ts +18 -1
  197. package/dist/src/core/index.d.ts +27 -0
  198. package/dist/src/core/util/handler.d.ts +1 -1
  199. package/dist/src/core/util/log.d.ts +1 -0
  200. package/dist/src/mfa/assertions/totp.d.ts +2 -2
  201. package/dist/src/model/auth.d.ts +6 -0
  202. package/dist/src/platform_browser/auth_window.d.ts +2 -2
  203. package/dist/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  204. package/dist/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  205. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  206. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  207. package/dist/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  208. package/dist/src/platform_browser/strategies/popup.d.ts +1 -1
  209. package/dist/test/helpers/api/helper.d.ts +2 -0
  210. package/dist/test/helpers/mock_auth.d.ts +5 -0
  211. package/package.json +6 -6
  212. package/dist/browser-cjs/index-39443020.js.map +0 -1
  213. package/dist/cordova/popup_redirect-8b388294.js.map +0 -1
  214. package/dist/esm2017/index-2d01563f.js.map +0 -1
  215. package/dist/esm5/index-44fc929c.js.map +0 -1
  216. package/dist/node/totp-5e73d8e7.js.map +0 -1
  217. package/dist/node-esm/totp-7b645f19.js.map +0 -1
  218. package/dist/rn/phone-ec210006.js.map +0 -1
@@ -1,5 +1,5 @@
1
1
  import { __spreadArray, __assign, __awaiter, __generator, __rest, __extends } from 'tslib';
2
- import { ErrorFactory, deepEqual, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, isIE, getUA, createSubscribe, querystringDecode, extractQuerystring, isEmpty, getExperimentalSetting, getDefaultEmulatorHost } from '@firebase/util';
2
+ import { ErrorFactory, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, isIE, getUA, createSubscribe, deepEqual, querystringDecode, extractQuerystring, isEmpty, getExperimentalSetting, getDefaultEmulatorHost } from '@firebase/util';
3
3
  import { SDK_VERSION, _getProvider, _registerComponent, registerVersion, getApp } from '@firebase/app';
4
4
  import { Logger, LogLevel } from '@firebase/logger';
5
5
  import { Component } from '@firebase/component';
@@ -213,6 +213,7 @@ function _debugErrorMap() {
213
213
  _a["missing-or-invalid-nonce" /* AuthErrorCode.MISSING_OR_INVALID_NONCE */] = 'The request does not contain a valid nonce. This can occur if the ' +
214
214
  'SHA-256 hash of the provided raw nonce does not match the hashed nonce ' +
215
215
  'in the ID token payload.',
216
+ _a["missing-password" /* AuthErrorCode.MISSING_PASSWORD */] = 'A non-empty password must be provided',
216
217
  _a["missing-multi-factor-info" /* AuthErrorCode.MISSING_MFA_INFO */] = 'No second factor identifier is provided.',
217
218
  _a["missing-multi-factor-session" /* AuthErrorCode.MISSING_MFA_SESSION */] = 'The request is missing proof of first factor successful sign-in.',
218
219
  _a["missing-phone-number" /* AuthErrorCode.MISSING_PHONE_NUMBER */] = 'To send verification codes, provide a phone number for the recipient.',
@@ -266,6 +267,14 @@ function _debugErrorMap() {
266
267
  'different options. To avoid this error, call initializeAuth() with the ' +
267
268
  'same options as when it was originally called, or call getAuth() to return the' +
268
269
  ' already initialized instance.',
270
+ _a["missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */] = 'The reCAPTCHA token is missing when sending request to the backend.',
271
+ _a["invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */] = 'The reCAPTCHA token is invalid when sending request to the backend.',
272
+ _a["invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */] = 'The reCAPTCHA action is invalid when sending request to the backend.',
273
+ _a["recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */] = 'reCAPTCHA Enterprise integration is not enabled for this project.',
274
+ _a["missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */] = 'The reCAPTCHA client type is missing when sending request to the backend.',
275
+ _a["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is missing when sending request to the backend.',
276
+ _a["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */] = 'Invalid request parameters.',
277
+ _a["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is invalid when sending request to the backend.',
269
278
  _a;
270
279
  }
271
280
  function _prodErrorMap() {
@@ -402,7 +411,15 @@ var AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
402
411
  USER_SIGNED_OUT: 'auth/user-signed-out',
403
412
  WEAK_PASSWORD: 'auth/weak-password',
404
413
  WEB_STORAGE_UNSUPPORTED: 'auth/web-storage-unsupported',
405
- ALREADY_INITIALIZED: 'auth/already-initialized'
414
+ ALREADY_INITIALIZED: 'auth/already-initialized',
415
+ RECAPTCHA_NOT_ENABLED: 'auth/recaptcha-not-enabled',
416
+ MISSING_RECAPTCHA_TOKEN: 'auth/missing-recaptcha-token',
417
+ INVALID_RECAPTCHA_TOKEN: 'auth/invalid-recaptcha-token',
418
+ INVALID_RECAPTCHA_ACTION: 'auth/invalid-recaptcha-action',
419
+ MISSING_CLIENT_TYPE: 'auth/missing-client-type',
420
+ MISSING_RECAPTCHA_VERSION: 'auth/missing-recaptcha-version',
421
+ INVALID_RECAPTCHA_VERSION: 'auth/invalid-recaptcha-version',
422
+ INVALID_REQ_TYPE: 'auth/invalid-req-type'
406
423
  };
407
424
 
408
425
  /**
@@ -422,6 +439,15 @@ var AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
422
439
  * limitations under the License.
423
440
  */
424
441
  var logClient = new Logger('@firebase/auth');
442
+ function _logWarn(msg) {
443
+ var args = [];
444
+ for (var _i = 1; _i < arguments.length; _i++) {
445
+ args[_i - 1] = arguments[_i];
446
+ }
447
+ if (logClient.logLevel <= LogLevel.WARN) {
448
+ logClient.warn.apply(logClient, __spreadArray(["Auth (".concat(SDK_VERSION, "): ").concat(msg)], args, false));
449
+ }
450
+ }
425
451
  function _logError(msg) {
426
452
  var args = [];
427
453
  for (var _i = 1; _i < arguments.length; _i++) {
@@ -534,103 +560,6 @@ function debugAssert(assertion, message) {
534
560
  }
535
561
  }
536
562
 
537
- /**
538
- * @license
539
- * Copyright 2020 Google LLC
540
- *
541
- * Licensed under the Apache License, Version 2.0 (the "License");
542
- * you may not use this file except in compliance with the License.
543
- * You may obtain a copy of the License at
544
- *
545
- * http://www.apache.org/licenses/LICENSE-2.0
546
- *
547
- * Unless required by applicable law or agreed to in writing, software
548
- * distributed under the License is distributed on an "AS IS" BASIS,
549
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
550
- * See the License for the specific language governing permissions and
551
- * limitations under the License.
552
- */
553
- var instanceCache = new Map();
554
- function _getInstance(cls) {
555
- debugAssert(cls instanceof Function, 'Expected a class definition');
556
- var instance = instanceCache.get(cls);
557
- if (instance) {
558
- debugAssert(instance instanceof cls, 'Instance stored in cache mismatched with class');
559
- return instance;
560
- }
561
- instance = new cls();
562
- instanceCache.set(cls, instance);
563
- return instance;
564
- }
565
-
566
- /**
567
- * @license
568
- * Copyright 2020 Google LLC
569
- *
570
- * Licensed under the Apache License, Version 2.0 (the "License");
571
- * you may not use this file except in compliance with the License.
572
- * You may obtain a copy of the License at
573
- *
574
- * http://www.apache.org/licenses/LICENSE-2.0
575
- *
576
- * Unless required by applicable law or agreed to in writing, software
577
- * distributed under the License is distributed on an "AS IS" BASIS,
578
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
579
- * See the License for the specific language governing permissions and
580
- * limitations under the License.
581
- */
582
- /**
583
- * Initializes an {@link Auth} instance with fine-grained control over
584
- * {@link Dependencies}.
585
- *
586
- * @remarks
587
- *
588
- * This function allows more control over the {@link Auth} instance than
589
- * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
590
- * the {@link Dependencies}. In general, `getAuth` is the easiest way to
591
- * initialize Auth and works for most use cases. Use `initializeAuth` if you
592
- * need control over which persistence layer is used, or to minimize bundle
593
- * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
594
- *
595
- * For example, if your app only uses anonymous accounts and you only want
596
- * accounts saved for the current session, initialize `Auth` with:
597
- *
598
- * ```js
599
- * const auth = initializeAuth(app, {
600
- * persistence: browserSessionPersistence,
601
- * popupRedirectResolver: undefined,
602
- * });
603
- * ```
604
- *
605
- * @public
606
- */
607
- function initializeAuth(app, deps) {
608
- var provider = _getProvider(app, 'auth');
609
- if (provider.isInitialized()) {
610
- var auth_1 = provider.getImmediate();
611
- var initialOptions = provider.getOptions();
612
- if (deepEqual(initialOptions, deps !== null && deps !== void 0 ? deps : {})) {
613
- return auth_1;
614
- }
615
- else {
616
- _fail(auth_1, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */);
617
- }
618
- }
619
- var auth = provider.initialize({ options: deps });
620
- return auth;
621
- }
622
- function _initializeAuthInstance(auth, deps) {
623
- var persistence = (deps === null || deps === void 0 ? void 0 : deps.persistence) || [];
624
- var hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance);
625
- if (deps === null || deps === void 0 ? void 0 : deps.errorMap) {
626
- auth._updateErrorMap(deps.errorMap);
627
- }
628
- // This promise is intended to float; auth initialization happens in the
629
- // background, meanwhile the auth object may be used by the app.
630
- // eslint-disable-next-line @typescript-eslint/no-floating-promises
631
- auth._initializeWithPersistence(hierarchy, deps === null || deps === void 0 ? void 0 : deps.popupRedirectResolver);
632
- }
633
-
634
563
  /**
635
564
  * @license
636
565
  * Copyright 2020 Google LLC
@@ -867,7 +796,7 @@ var SERVER_ERROR_MAP = (_a$1 = {},
867
796
  // Sign in with email and password errors (some apply to sign up too).
868
797
  _a$1["INVALID_PASSWORD" /* ServerError.INVALID_PASSWORD */] = "wrong-password" /* AuthErrorCode.INVALID_PASSWORD */,
869
798
  // This can only happen if the SDK sends a bad request.
870
- _a$1["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */] = "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
799
+ _a$1["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */] = "missing-password" /* AuthErrorCode.MISSING_PASSWORD */,
871
800
  // Sign up with email and password errors.
872
801
  _a$1["EMAIL_EXISTS" /* ServerError.EMAIL_EXISTS */] = "email-already-in-use" /* AuthErrorCode.EMAIL_EXISTS */,
873
802
  _a$1["PASSWORD_LOGIN_DISABLED" /* ServerError.PASSWORD_LOGIN_DISABLED */] = "operation-not-allowed" /* AuthErrorCode.OPERATION_NOT_ALLOWED */,
@@ -915,6 +844,15 @@ var SERVER_ERROR_MAP = (_a$1 = {},
915
844
  _a$1["SECOND_FACTOR_LIMIT_EXCEEDED" /* ServerError.SECOND_FACTOR_LIMIT_EXCEEDED */] = "maximum-second-factor-count-exceeded" /* AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED */,
916
845
  // Blocking functions related errors.
917
846
  _a$1["BLOCKING_FUNCTION_ERROR_RESPONSE" /* ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE */] = "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
847
+ // Recaptcha related errors.
848
+ _a$1["RECAPTCHA_NOT_ENABLED" /* ServerError.RECAPTCHA_NOT_ENABLED */] = "recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */,
849
+ _a$1["MISSING_RECAPTCHA_TOKEN" /* ServerError.MISSING_RECAPTCHA_TOKEN */] = "missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */,
850
+ _a$1["INVALID_RECAPTCHA_TOKEN" /* ServerError.INVALID_RECAPTCHA_TOKEN */] = "invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */,
851
+ _a$1["INVALID_RECAPTCHA_ACTION" /* ServerError.INVALID_RECAPTCHA_ACTION */] = "invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */,
852
+ _a$1["MISSING_CLIENT_TYPE" /* ServerError.MISSING_CLIENT_TYPE */] = "missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */,
853
+ _a$1["MISSING_RECAPTCHA_VERSION" /* ServerError.MISSING_RECAPTCHA_VERSION */] = "missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */,
854
+ _a$1["INVALID_RECAPTCHA_VERSION" /* ServerError.INVALID_RECAPTCHA_VERSION */] = "invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */,
855
+ _a$1["INVALID_REQ_TYPE" /* ServerError.INVALID_REQ_TYPE */] = "invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */,
918
856
  _a$1);
919
857
 
920
858
  /**
@@ -2036,6 +1974,35 @@ var UserImpl = /** @class */ (function () {
2036
1974
  return UserImpl;
2037
1975
  }());
2038
1976
 
1977
+ /**
1978
+ * @license
1979
+ * Copyright 2020 Google LLC
1980
+ *
1981
+ * Licensed under the Apache License, Version 2.0 (the "License");
1982
+ * you may not use this file except in compliance with the License.
1983
+ * You may obtain a copy of the License at
1984
+ *
1985
+ * http://www.apache.org/licenses/LICENSE-2.0
1986
+ *
1987
+ * Unless required by applicable law or agreed to in writing, software
1988
+ * distributed under the License is distributed on an "AS IS" BASIS,
1989
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1990
+ * See the License for the specific language governing permissions and
1991
+ * limitations under the License.
1992
+ */
1993
+ var instanceCache = new Map();
1994
+ function _getInstance(cls) {
1995
+ debugAssert(cls instanceof Function, 'Expected a class definition');
1996
+ var instance = instanceCache.get(cls);
1997
+ if (instance) {
1998
+ debugAssert(instance instanceof cls, 'Instance stored in cache mismatched with class');
1999
+ return instance;
2000
+ }
2001
+ instance = new cls();
2002
+ instanceCache.set(cls, instance);
2003
+ return instance;
2004
+ }
2005
+
2039
2006
  /**
2040
2007
  * @license
2041
2008
  * Copyright 2019 Google LLC
@@ -2474,6 +2441,288 @@ function _getClientVersion(clientPlatform, frameworks) {
2474
2441
  return "".concat(reportedPlatform, "/").concat("JsCore" /* ClientImplementation.CORE */, "/").concat(SDK_VERSION, "/").concat(reportedFrameworks);
2475
2442
  }
2476
2443
 
2444
+ /**
2445
+ * @license
2446
+ * Copyright 2020 Google LLC
2447
+ *
2448
+ * Licensed under the Apache License, Version 2.0 (the "License");
2449
+ * you may not use this file except in compliance with the License.
2450
+ * You may obtain a copy of the License at
2451
+ *
2452
+ * http://www.apache.org/licenses/LICENSE-2.0
2453
+ *
2454
+ * Unless required by applicable law or agreed to in writing, software
2455
+ * distributed under the License is distributed on an "AS IS" BASIS,
2456
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2457
+ * See the License for the specific language governing permissions and
2458
+ * limitations under the License.
2459
+ */
2460
+ function getRecaptchaParams(auth) {
2461
+ return __awaiter(this, void 0, void 0, function () {
2462
+ return __generator(this, function (_a) {
2463
+ switch (_a.label) {
2464
+ case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
2465
+ case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
2466
+ }
2467
+ });
2468
+ });
2469
+ }
2470
+ function getRecaptchaConfig(auth, request) {
2471
+ return __awaiter(this, void 0, void 0, function () {
2472
+ return __generator(this, function (_a) {
2473
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
2474
+ });
2475
+ });
2476
+ }
2477
+
2478
+ /**
2479
+ * @license
2480
+ * Copyright 2020 Google LLC
2481
+ *
2482
+ * Licensed under the Apache License, Version 2.0 (the "License");
2483
+ * you may not use this file except in compliance with the License.
2484
+ * You may obtain a copy of the License at
2485
+ *
2486
+ * http://www.apache.org/licenses/LICENSE-2.0
2487
+ *
2488
+ * Unless required by applicable law or agreed to in writing, software
2489
+ * distributed under the License is distributed on an "AS IS" BASIS,
2490
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2491
+ * See the License for the specific language governing permissions and
2492
+ * limitations under the License.
2493
+ */
2494
+ function isV2(grecaptcha) {
2495
+ return (grecaptcha !== undefined &&
2496
+ grecaptcha.getResponse !== undefined);
2497
+ }
2498
+ function isEnterprise(grecaptcha) {
2499
+ return (grecaptcha !== undefined &&
2500
+ grecaptcha.enterprise !== undefined);
2501
+ }
2502
+ var RecaptchaConfig = /** @class */ (function () {
2503
+ function RecaptchaConfig(response) {
2504
+ /**
2505
+ * The reCAPTCHA site key.
2506
+ */
2507
+ this.siteKey = '';
2508
+ /**
2509
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2510
+ */
2511
+ this.emailPasswordEnabled = false;
2512
+ if (response.recaptchaKey === undefined) {
2513
+ throw new Error('recaptchaKey undefined');
2514
+ }
2515
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2516
+ this.siteKey = response.recaptchaKey.split('/')[3];
2517
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
2518
+ return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2519
+ enforcementState.enforcementState !== 'OFF';
2520
+ });
2521
+ }
2522
+ return RecaptchaConfig;
2523
+ }());
2524
+
2525
+ /**
2526
+ * @license
2527
+ * Copyright 2020 Google LLC
2528
+ *
2529
+ * Licensed under the Apache License, Version 2.0 (the "License");
2530
+ * you may not use this file except in compliance with the License.
2531
+ * You may obtain a copy of the License at
2532
+ *
2533
+ * http://www.apache.org/licenses/LICENSE-2.0
2534
+ *
2535
+ * Unless required by applicable law or agreed to in writing, software
2536
+ * distributed under the License is distributed on an "AS IS" BASIS,
2537
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2538
+ * See the License for the specific language governing permissions and
2539
+ * limitations under the License.
2540
+ */
2541
+ function getScriptParentElement() {
2542
+ var _a, _b;
2543
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2544
+ }
2545
+ function _loadJS(url) {
2546
+ // TODO: consider adding timeout support & cancellation
2547
+ return new Promise(function (resolve, reject) {
2548
+ var el = document.createElement('script');
2549
+ el.setAttribute('src', url);
2550
+ el.onload = resolve;
2551
+ el.onerror = function (e) {
2552
+ var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2553
+ error.customData = e;
2554
+ reject(error);
2555
+ };
2556
+ el.type = 'text/javascript';
2557
+ el.charset = 'UTF-8';
2558
+ getScriptParentElement().appendChild(el);
2559
+ });
2560
+ }
2561
+ function _generateCallbackName(prefix) {
2562
+ return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
2563
+ }
2564
+
2565
+ /* eslint-disable @typescript-eslint/no-require-imports */
2566
+ var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2567
+ var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2568
+ var RecaptchaEnterpriseVerifier = /** @class */ (function () {
2569
+ /**
2570
+ *
2571
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
2572
+ *
2573
+ */
2574
+ function RecaptchaEnterpriseVerifier(authExtern) {
2575
+ /**
2576
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2577
+ */
2578
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2579
+ this.auth = _castAuth(authExtern);
2580
+ }
2581
+ /**
2582
+ * Executes the verification process.
2583
+ *
2584
+ * @returns A Promise for a token that can be used to assert the validity of a request.
2585
+ */
2586
+ RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
2587
+ if (action === void 0) { action = 'verify'; }
2588
+ if (forceRefresh === void 0) { forceRefresh = false; }
2589
+ return __awaiter(this, void 0, void 0, function () {
2590
+ function retrieveSiteKey(auth) {
2591
+ return __awaiter(this, void 0, void 0, function () {
2592
+ var _this = this;
2593
+ return __generator(this, function (_a) {
2594
+ if (!forceRefresh) {
2595
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2596
+ return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
2597
+ }
2598
+ if (auth.tenantId != null &&
2599
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2600
+ return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
2601
+ }
2602
+ }
2603
+ return [2 /*return*/, new Promise(function (resolve, reject) { return __awaiter(_this, void 0, void 0, function () {
2604
+ return __generator(this, function (_a) {
2605
+ getRecaptchaConfig(auth, {
2606
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2607
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2608
+ })
2609
+ .then(function (response) {
2610
+ if (response.recaptchaKey === undefined) {
2611
+ reject(new Error('recaptcha Enterprise site key undefined'));
2612
+ }
2613
+ else {
2614
+ var config = new RecaptchaConfig(response);
2615
+ if (auth.tenantId == null) {
2616
+ auth._agentRecaptchaConfig = config;
2617
+ }
2618
+ else {
2619
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2620
+ }
2621
+ return resolve(config.siteKey);
2622
+ }
2623
+ })
2624
+ .catch(function (error) {
2625
+ reject(error);
2626
+ });
2627
+ return [2 /*return*/];
2628
+ });
2629
+ }); })];
2630
+ });
2631
+ });
2632
+ }
2633
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
2634
+ var grecaptcha = window.grecaptcha;
2635
+ if (isEnterprise(grecaptcha)) {
2636
+ grecaptcha.enterprise.ready(function () {
2637
+ try {
2638
+ grecaptcha.enterprise
2639
+ .execute(siteKey, { action: action })
2640
+ .then(function (token) {
2641
+ resolve(token);
2642
+ })
2643
+ .catch(function (error) {
2644
+ reject(error);
2645
+ });
2646
+ }
2647
+ catch (error) {
2648
+ reject(error);
2649
+ }
2650
+ });
2651
+ }
2652
+ else {
2653
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
2654
+ }
2655
+ }
2656
+ var _this = this;
2657
+ return __generator(this, function (_a) {
2658
+ return [2 /*return*/, new Promise(function (resolve, reject) {
2659
+ retrieveSiteKey(_this.auth)
2660
+ .then(function (siteKey) {
2661
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2662
+ retrieveRecaptchaToken(siteKey, resolve, reject);
2663
+ }
2664
+ else {
2665
+ if (typeof window === 'undefined') {
2666
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
2667
+ return;
2668
+ }
2669
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2670
+ .then(function () {
2671
+ retrieveRecaptchaToken(siteKey, resolve, reject);
2672
+ })
2673
+ .catch(function (error) {
2674
+ reject(error);
2675
+ });
2676
+ }
2677
+ })
2678
+ .catch(function (error) {
2679
+ reject(error);
2680
+ });
2681
+ })];
2682
+ });
2683
+ });
2684
+ };
2685
+ return RecaptchaEnterpriseVerifier;
2686
+ }());
2687
+ function injectRecaptchaFields(auth, request, action, captchaResp) {
2688
+ if (captchaResp === void 0) { captchaResp = false; }
2689
+ return __awaiter(this, void 0, void 0, function () {
2690
+ var verifier, captchaResponse, newRequest;
2691
+ return __generator(this, function (_a) {
2692
+ switch (_a.label) {
2693
+ case 0:
2694
+ verifier = new RecaptchaEnterpriseVerifier(auth);
2695
+ _a.label = 1;
2696
+ case 1:
2697
+ _a.trys.push([1, 3, , 5]);
2698
+ return [4 /*yield*/, verifier.verify(action)];
2699
+ case 2:
2700
+ captchaResponse = _a.sent();
2701
+ return [3 /*break*/, 5];
2702
+ case 3:
2703
+ _a.sent();
2704
+ return [4 /*yield*/, verifier.verify(action, true)];
2705
+ case 4:
2706
+ captchaResponse = _a.sent();
2707
+ return [3 /*break*/, 5];
2708
+ case 5:
2709
+ newRequest = __assign({}, request);
2710
+ if (!captchaResp) {
2711
+ Object.assign(newRequest, { captchaResponse: captchaResponse });
2712
+ }
2713
+ else {
2714
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
2715
+ }
2716
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2717
+ Object.assign(newRequest, {
2718
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2719
+ });
2720
+ return [2 /*return*/, newRequest];
2721
+ }
2722
+ });
2723
+ });
2724
+ }
2725
+
2477
2726
  /**
2478
2727
  * @license
2479
2728
  * Copyright 2022 Google LLC
@@ -2595,9 +2844,10 @@ var AuthMiddlewareQueue = /** @class */ (function () {
2595
2844
  * limitations under the License.
2596
2845
  */
2597
2846
  var AuthImpl = /** @class */ (function () {
2598
- function AuthImpl(app, heartbeatServiceProvider, config) {
2847
+ function AuthImpl(app, heartbeatServiceProvider, appCheckServiceProvider, config) {
2599
2848
  this.app = app;
2600
2849
  this.heartbeatServiceProvider = heartbeatServiceProvider;
2850
+ this.appCheckServiceProvider = appCheckServiceProvider;
2601
2851
  this.config = config;
2602
2852
  this.currentUser = null;
2603
2853
  this.emulatorConfig = null;
@@ -2615,6 +2865,8 @@ var AuthImpl = /** @class */ (function () {
2615
2865
  this._initializationPromise = null;
2616
2866
  this._popupRedirectResolver = null;
2617
2867
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2868
+ this._agentRecaptchaConfig = null;
2869
+ this._tenantRecaptchaConfigs = {};
2618
2870
  // Tracks the last notified UID for state change listeners to prevent
2619
2871
  // repeated calls to the callbacks. Undefined means it's never been
2620
2872
  // called, whereas null means it's been called with a signed out user
@@ -2944,6 +3196,41 @@ var AuthImpl = /** @class */ (function () {
2944
3196
  });
2945
3197
  }); });
2946
3198
  };
3199
+ AuthImpl.prototype.initializeRecaptchaConfig = function () {
3200
+ return __awaiter(this, void 0, void 0, function () {
3201
+ var response, config, verifier;
3202
+ return __generator(this, function (_a) {
3203
+ switch (_a.label) {
3204
+ case 0: return [4 /*yield*/, getRecaptchaConfig(this, {
3205
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3206
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3207
+ })];
3208
+ case 1:
3209
+ response = _a.sent();
3210
+ config = new RecaptchaConfig(response);
3211
+ if (this.tenantId == null) {
3212
+ this._agentRecaptchaConfig = config;
3213
+ }
3214
+ else {
3215
+ this._tenantRecaptchaConfigs[this.tenantId] = config;
3216
+ }
3217
+ if (config.emailPasswordEnabled) {
3218
+ verifier = new RecaptchaEnterpriseVerifier(this);
3219
+ void verifier.verify();
3220
+ }
3221
+ return [2 /*return*/];
3222
+ }
3223
+ });
3224
+ });
3225
+ };
3226
+ AuthImpl.prototype._getRecaptchaConfig = function () {
3227
+ if (this.tenantId == null) {
3228
+ return this._agentRecaptchaConfig;
3229
+ }
3230
+ else {
3231
+ return this._tenantRecaptchaConfigs[this.tenantId];
3232
+ }
3233
+ };
2947
3234
  AuthImpl.prototype._getPersistence = function () {
2948
3235
  return this.assertedPersistence.persistence.type;
2949
3236
  };
@@ -3171,7 +3458,7 @@ var AuthImpl = /** @class */ (function () {
3171
3458
  AuthImpl.prototype._getAdditionalHeaders = function () {
3172
3459
  var _a;
3173
3460
  return __awaiter(this, void 0, void 0, function () {
3174
- var headers, heartbeatsHeader;
3461
+ var headers, heartbeatsHeader, appCheckToken;
3175
3462
  var _b;
3176
3463
  return __generator(this, function (_c) {
3177
3464
  switch (_c.label) {
@@ -3191,11 +3478,39 @@ var AuthImpl = /** @class */ (function () {
3191
3478
  if (heartbeatsHeader) {
3192
3479
  headers["X-Firebase-Client" /* HttpHeader.X_FIREBASE_CLIENT */] = heartbeatsHeader;
3193
3480
  }
3481
+ return [4 /*yield*/, this._getAppCheckToken()];
3482
+ case 2:
3483
+ appCheckToken = _c.sent();
3484
+ if (appCheckToken) {
3485
+ headers["X-Firebase-AppCheck" /* HttpHeader.X_FIREBASE_APP_CHECK */] = appCheckToken;
3486
+ }
3194
3487
  return [2 /*return*/, headers];
3195
3488
  }
3196
3489
  });
3197
3490
  });
3198
3491
  };
3492
+ AuthImpl.prototype._getAppCheckToken = function () {
3493
+ var _a;
3494
+ return __awaiter(this, void 0, void 0, function () {
3495
+ var appCheckTokenResult;
3496
+ return __generator(this, function (_b) {
3497
+ switch (_b.label) {
3498
+ case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
3499
+ .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
3500
+ case 1:
3501
+ appCheckTokenResult = _b.sent();
3502
+ if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
3503
+ // Context: appCheck.getToken() will never throw even if an error happened.
3504
+ // In the error case, a dummy token will be returned along with an error field describing
3505
+ // the error. In general, we shouldn't care about the error condition and just use
3506
+ // the token (actual or dummy) to send requests.
3507
+ _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
3508
+ }
3509
+ return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
3510
+ }
3511
+ });
3512
+ });
3513
+ };
3199
3514
  return AuthImpl;
3200
3515
  }());
3201
3516
  /**
@@ -3226,6 +3541,74 @@ var Subscription = /** @class */ (function () {
3226
3541
  return Subscription;
3227
3542
  }());
3228
3543
 
3544
+ /**
3545
+ * @license
3546
+ * Copyright 2020 Google LLC
3547
+ *
3548
+ * Licensed under the Apache License, Version 2.0 (the "License");
3549
+ * you may not use this file except in compliance with the License.
3550
+ * You may obtain a copy of the License at
3551
+ *
3552
+ * http://www.apache.org/licenses/LICENSE-2.0
3553
+ *
3554
+ * Unless required by applicable law or agreed to in writing, software
3555
+ * distributed under the License is distributed on an "AS IS" BASIS,
3556
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3557
+ * See the License for the specific language governing permissions and
3558
+ * limitations under the License.
3559
+ */
3560
+ /**
3561
+ * Initializes an {@link Auth} instance with fine-grained control over
3562
+ * {@link Dependencies}.
3563
+ *
3564
+ * @remarks
3565
+ *
3566
+ * This function allows more control over the {@link Auth} instance than
3567
+ * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
3568
+ * the {@link Dependencies}. In general, `getAuth` is the easiest way to
3569
+ * initialize Auth and works for most use cases. Use `initializeAuth` if you
3570
+ * need control over which persistence layer is used, or to minimize bundle
3571
+ * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
3572
+ *
3573
+ * For example, if your app only uses anonymous accounts and you only want
3574
+ * accounts saved for the current session, initialize `Auth` with:
3575
+ *
3576
+ * ```js
3577
+ * const auth = initializeAuth(app, {
3578
+ * persistence: browserSessionPersistence,
3579
+ * popupRedirectResolver: undefined,
3580
+ * });
3581
+ * ```
3582
+ *
3583
+ * @public
3584
+ */
3585
+ function initializeAuth(app, deps) {
3586
+ var provider = _getProvider(app, 'auth');
3587
+ if (provider.isInitialized()) {
3588
+ var auth_1 = provider.getImmediate();
3589
+ var initialOptions = provider.getOptions();
3590
+ if (deepEqual(initialOptions, deps !== null && deps !== void 0 ? deps : {})) {
3591
+ return auth_1;
3592
+ }
3593
+ else {
3594
+ _fail(auth_1, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */);
3595
+ }
3596
+ }
3597
+ var auth = provider.initialize({ options: deps });
3598
+ return auth;
3599
+ }
3600
+ function _initializeAuthInstance(auth, deps) {
3601
+ var persistence = (deps === null || deps === void 0 ? void 0 : deps.persistence) || [];
3602
+ var hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance);
3603
+ if (deps === null || deps === void 0 ? void 0 : deps.errorMap) {
3604
+ auth._updateErrorMap(deps.errorMap);
3605
+ }
3606
+ // This promise is intended to float; auth initialization happens in the
3607
+ // background, meanwhile the auth object may be used by the app.
3608
+ // eslint-disable-next-line @typescript-eslint/no-floating-promises
3609
+ auth._initializeWithPersistence(hierarchy, deps === null || deps === void 0 ? void 0 : deps.popupRedirectResolver);
3610
+ }
3611
+
3229
3612
  /**
3230
3613
  * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
3231
3614
  * Firebase Auth services.
@@ -3614,24 +3997,55 @@ var EmailAuthCredential = /** @class */ (function (_super) {
3614
3997
  };
3615
3998
  /** @internal */
3616
3999
  EmailAuthCredential.prototype._getIdTokenResponse = function (auth) {
4000
+ var _a;
3617
4001
  return __awaiter(this, void 0, void 0, function () {
3618
- return __generator(this, function (_a) {
3619
- switch (this.signInMethod) {
3620
- case "password" /* SignInMethod.EMAIL_PASSWORD */:
3621
- return [2 /*return*/, signInWithPassword(auth, {
3622
- returnSecureToken: true,
3623
- email: this._email,
3624
- password: this._password
3625
- })];
3626
- case "emailLink" /* SignInMethod.EMAIL_LINK */:
3627
- return [2 /*return*/, signInWithEmailLink$1(auth, {
3628
- email: this._email,
3629
- oobCode: this._password
3630
- })];
3631
- default:
4002
+ var _b, request_1, requestWithRecaptcha;
4003
+ var _this = this;
4004
+ return __generator(this, function (_c) {
4005
+ switch (_c.label) {
4006
+ case 0:
4007
+ _b = this.signInMethod;
4008
+ switch (_b) {
4009
+ case "password" /* SignInMethod.EMAIL_PASSWORD */: return [3 /*break*/, 1];
4010
+ case "emailLink" /* SignInMethod.EMAIL_LINK */: return [3 /*break*/, 4];
4011
+ }
4012
+ return [3 /*break*/, 5];
4013
+ case 1:
4014
+ request_1 = {
4015
+ returnSecureToken: true,
4016
+ email: this._email,
4017
+ password: this._password,
4018
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
4019
+ };
4020
+ if (!((_a = auth._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 3];
4021
+ return [4 /*yield*/, injectRecaptchaFields(auth, request_1, "signInWithPassword" /* RecaptchaActionName.SIGN_IN_WITH_PASSWORD */)];
4022
+ case 2:
4023
+ requestWithRecaptcha = _c.sent();
4024
+ return [2 /*return*/, signInWithPassword(auth, requestWithRecaptcha)];
4025
+ case 3: return [2 /*return*/, signInWithPassword(auth, request_1).catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
4026
+ var requestWithRecaptcha;
4027
+ return __generator(this, function (_a) {
4028
+ switch (_a.label) {
4029
+ case 0:
4030
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 2];
4031
+ console.log('Sign-in with email address and password is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.');
4032
+ return [4 /*yield*/, injectRecaptchaFields(auth, request_1, "signInWithPassword" /* RecaptchaActionName.SIGN_IN_WITH_PASSWORD */)];
4033
+ case 1:
4034
+ requestWithRecaptcha = _a.sent();
4035
+ return [2 /*return*/, signInWithPassword(auth, requestWithRecaptcha)];
4036
+ case 2: return [2 /*return*/, Promise.reject(error)];
4037
+ }
4038
+ });
4039
+ }); })];
4040
+ case 4: return [2 /*return*/, signInWithEmailLink$1(auth, {
4041
+ email: this._email,
4042
+ oobCode: this._password
4043
+ })];
4044
+ case 5:
3632
4045
  _fail(auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
4046
+ _c.label = 6;
4047
+ case 6: return [2 /*return*/];
3633
4048
  }
3634
- return [2 /*return*/];
3635
4049
  });
3636
4050
  });
3637
4051
  };
@@ -5818,23 +6232,61 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
5818
6232
  * @public
5819
6233
  */
5820
6234
  function sendPasswordResetEmail(auth, email, actionCodeSettings) {
6235
+ var _a;
5821
6236
  return __awaiter(this, void 0, void 0, function () {
5822
- var authModular, request;
5823
- return __generator(this, function (_a) {
5824
- switch (_a.label) {
6237
+ var authInternal, request, requestWithRecaptcha;
6238
+ var _this = this;
6239
+ return __generator(this, function (_b) {
6240
+ switch (_b.label) {
5825
6241
  case 0:
5826
- authModular = getModularInstance(auth);
6242
+ authInternal = _castAuth(auth);
5827
6243
  request = {
5828
6244
  requestType: "PASSWORD_RESET" /* ActionCodeOperation.PASSWORD_RESET */,
5829
- email: email
6245
+ email: email,
6246
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
5830
6247
  };
6248
+ if (!((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 3];
6249
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
6250
+ case 1:
6251
+ requestWithRecaptcha = _b.sent();
5831
6252
  if (actionCodeSettings) {
5832
- _setActionCodeSettingsOnRequest(authModular, request, actionCodeSettings);
6253
+ _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
5833
6254
  }
5834
- return [4 /*yield*/, sendPasswordResetEmail$1(authModular, request)];
5835
- case 1:
5836
- _a.sent();
5837
- return [2 /*return*/];
6255
+ return [4 /*yield*/, sendPasswordResetEmail$1(authInternal, requestWithRecaptcha)];
6256
+ case 2:
6257
+ _b.sent();
6258
+ return [3 /*break*/, 5];
6259
+ case 3:
6260
+ if (actionCodeSettings) {
6261
+ _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);
6262
+ }
6263
+ return [4 /*yield*/, sendPasswordResetEmail$1(authInternal, request)
6264
+ .catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
6265
+ var requestWithRecaptcha;
6266
+ return __generator(this, function (_a) {
6267
+ switch (_a.label) {
6268
+ case 0:
6269
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 3];
6270
+ console.log('Password resets are protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the password reset flow.');
6271
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
6272
+ case 1:
6273
+ requestWithRecaptcha = _a.sent();
6274
+ if (actionCodeSettings) {
6275
+ _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
6276
+ }
6277
+ return [4 /*yield*/, sendPasswordResetEmail$1(authInternal, requestWithRecaptcha)];
6278
+ case 2:
6279
+ _a.sent();
6280
+ return [3 /*break*/, 4];
6281
+ case 3: return [2 /*return*/, Promise.reject(error)];
6282
+ case 4: return [2 /*return*/];
6283
+ }
6284
+ });
6285
+ }); })];
6286
+ case 4:
6287
+ _b.sent();
6288
+ _b.label = 5;
6289
+ case 5: return [2 /*return*/];
5838
6290
  }
5839
6291
  });
5840
6292
  });
@@ -5979,25 +6431,54 @@ function verifyPasswordResetCode(auth, code) {
5979
6431
  * @public
5980
6432
  */
5981
6433
  function createUserWithEmailAndPassword(auth, email, password) {
6434
+ var _a;
5982
6435
  return __awaiter(this, void 0, void 0, function () {
5983
- var authInternal, response, userCredential;
5984
- return __generator(this, function (_a) {
5985
- switch (_a.label) {
6436
+ var authInternal, request, signUpResponse, requestWithRecaptcha, response, userCredential;
6437
+ var _this = this;
6438
+ return __generator(this, function (_b) {
6439
+ switch (_b.label) {
5986
6440
  case 0:
5987
6441
  authInternal = _castAuth(auth);
5988
- return [4 /*yield*/, signUp(authInternal, {
5989
- returnSecureToken: true,
5990
- email: email,
5991
- password: password
5992
- })];
6442
+ request = {
6443
+ returnSecureToken: true,
6444
+ email: email,
6445
+ password: password,
6446
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
6447
+ };
6448
+ if (!((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 2];
6449
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */)];
5993
6450
  case 1:
5994
- response = _a.sent();
5995
- return [4 /*yield*/, UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response)];
6451
+ requestWithRecaptcha = _b.sent();
6452
+ signUpResponse = signUp(authInternal, requestWithRecaptcha);
6453
+ return [3 /*break*/, 3];
5996
6454
  case 2:
5997
- userCredential = _a.sent();
6455
+ signUpResponse = signUp(authInternal, request).catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
6456
+ var requestWithRecaptcha;
6457
+ return __generator(this, function (_a) {
6458
+ switch (_a.label) {
6459
+ case 0:
6460
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 2];
6461
+ console.log('Sign-up is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-up flow.');
6462
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */)];
6463
+ case 1:
6464
+ requestWithRecaptcha = _a.sent();
6465
+ return [2 /*return*/, signUp(authInternal, requestWithRecaptcha)];
6466
+ case 2: return [2 /*return*/, Promise.reject(error)];
6467
+ }
6468
+ });
6469
+ }); });
6470
+ _b.label = 3;
6471
+ case 3: return [4 /*yield*/, signUpResponse.catch(function (error) {
6472
+ return Promise.reject(error);
6473
+ })];
6474
+ case 4:
6475
+ response = _b.sent();
6476
+ return [4 /*yield*/, UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response)];
6477
+ case 5:
6478
+ userCredential = _b.sent();
5998
6479
  return [4 /*yield*/, authInternal._updateCurrentUser(userCredential.user)];
5999
- case 3:
6000
- _a.sent();
6480
+ case 6:
6481
+ _b.sent();
6001
6482
  return [2 /*return*/, userCredential];
6002
6483
  }
6003
6484
  });
@@ -6078,24 +6559,61 @@ function signInWithEmailAndPassword(auth, email, password) {
6078
6559
  * @public
6079
6560
  */
6080
6561
  function sendSignInLinkToEmail(auth, email, actionCodeSettings) {
6562
+ var _a;
6081
6563
  return __awaiter(this, void 0, void 0, function () {
6082
- var authModular, request;
6083
- return __generator(this, function (_a) {
6084
- switch (_a.label) {
6564
+ function setActionCodeSettings(request, actionCodeSettings) {
6565
+ _assert(actionCodeSettings.handleCodeInApp, authInternal, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
6566
+ if (actionCodeSettings) {
6567
+ _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);
6568
+ }
6569
+ }
6570
+ var authInternal, request, requestWithRecaptcha;
6571
+ var _this = this;
6572
+ return __generator(this, function (_b) {
6573
+ switch (_b.label) {
6085
6574
  case 0:
6086
- authModular = getModularInstance(auth);
6575
+ authInternal = _castAuth(auth);
6087
6576
  request = {
6088
6577
  requestType: "EMAIL_SIGNIN" /* ActionCodeOperation.EMAIL_SIGNIN */,
6089
- email: email
6578
+ email: email,
6579
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
6090
6580
  };
6091
- _assert(actionCodeSettings.handleCodeInApp, authModular, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
6092
- if (actionCodeSettings) {
6093
- _setActionCodeSettingsOnRequest(authModular, request, actionCodeSettings);
6094
- }
6095
- return [4 /*yield*/, sendSignInLinkToEmail$1(authModular, request)];
6581
+ if (!((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 3];
6582
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
6096
6583
  case 1:
6097
- _a.sent();
6098
- return [2 /*return*/];
6584
+ requestWithRecaptcha = _b.sent();
6585
+ setActionCodeSettings(requestWithRecaptcha, actionCodeSettings);
6586
+ return [4 /*yield*/, sendSignInLinkToEmail$1(authInternal, requestWithRecaptcha)];
6587
+ case 2:
6588
+ _b.sent();
6589
+ return [3 /*break*/, 5];
6590
+ case 3:
6591
+ setActionCodeSettings(request, actionCodeSettings);
6592
+ return [4 /*yield*/, sendSignInLinkToEmail$1(authInternal, request)
6593
+ .catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
6594
+ var requestWithRecaptcha;
6595
+ return __generator(this, function (_a) {
6596
+ switch (_a.label) {
6597
+ case 0:
6598
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 3];
6599
+ console.log('Email link sign-in is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.');
6600
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
6601
+ case 1:
6602
+ requestWithRecaptcha = _a.sent();
6603
+ setActionCodeSettings(requestWithRecaptcha, actionCodeSettings);
6604
+ return [4 /*yield*/, sendSignInLinkToEmail$1(authInternal, requestWithRecaptcha)];
6605
+ case 2:
6606
+ _a.sent();
6607
+ return [3 /*break*/, 4];
6608
+ case 3: return [2 /*return*/, Promise.reject(error)];
6609
+ case 4: return [2 /*return*/];
6610
+ }
6611
+ });
6612
+ }); })];
6613
+ case 4:
6614
+ _b.sent();
6615
+ _b.label = 5;
6616
+ case 5: return [2 /*return*/];
6099
6617
  }
6100
6618
  });
6101
6619
  });
@@ -6691,11 +7209,41 @@ function getAdditionalUserInfo(userCredential) {
6691
7209
  function setPersistence(auth, persistence) {
6692
7210
  return getModularInstance(auth).setPersistence(persistence);
6693
7211
  }
7212
+ /**
7213
+ * Loads the reCAPTCHA configuration into the `Auth` instance.
7214
+ *
7215
+ * @remarks
7216
+ * This will load the reCAPTCHA config, which indicates whether the reCAPTCHA
7217
+ * verification flow should be triggered for each auth provider, into the
7218
+ * current Auth session.
7219
+ *
7220
+ * If initializeRecaptchaConfig() is not invoked, the auth flow will always start
7221
+ * without reCAPTCHA verification. If the provider is configured to require reCAPTCHA
7222
+ * verification, the SDK will transparently load the reCAPTCHA config and restart the
7223
+ * auth flows.
7224
+ *
7225
+ * Thus, by calling this optional method, you will reduce the latency of future auth flows.
7226
+ * Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.
7227
+ *
7228
+ * @example
7229
+ * ```javascript
7230
+ * initializeRecaptchaConfig(auth);
7231
+ * ```
7232
+ *
7233
+ * @param auth - The {@link Auth} instance.
7234
+ *
7235
+ * @public
7236
+ */
7237
+ function initializeRecaptchaConfig(auth) {
7238
+ var authInternal = _castAuth(auth);
7239
+ return authInternal.initializeRecaptchaConfig();
7240
+ }
6694
7241
  /**
6695
7242
  * Adds an observer for changes to the signed-in user's ID token.
6696
7243
  *
6697
7244
  * @remarks
6698
7245
  * This includes sign-in, sign-out, and token refresh events.
7246
+ * This will not be triggered automatically upon ID token expiration. Use {@link User.getIdToken} to refresh the ID token.
6699
7247
  *
6700
7248
  * @param auth - The {@link Auth} instance.
6701
7249
  * @param nextOrObserver - callback triggered on change.
@@ -8376,73 +8924,6 @@ function finalizeSignInTotpMfa(auth, request) {
8376
8924
  return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts/mfaSignIn:finalize" /* Endpoint.FINALIZE_MFA_SIGN_IN */, _addTidIfNecessary(auth, request));
8377
8925
  }
8378
8926
 
8379
- /**
8380
- * @license
8381
- * Copyright 2020 Google LLC
8382
- *
8383
- * Licensed under the Apache License, Version 2.0 (the "License");
8384
- * you may not use this file except in compliance with the License.
8385
- * You may obtain a copy of the License at
8386
- *
8387
- * http://www.apache.org/licenses/LICENSE-2.0
8388
- *
8389
- * Unless required by applicable law or agreed to in writing, software
8390
- * distributed under the License is distributed on an "AS IS" BASIS,
8391
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
8392
- * See the License for the specific language governing permissions and
8393
- * limitations under the License.
8394
- */
8395
- function getRecaptchaParams(auth) {
8396
- return __awaiter(this, void 0, void 0, function () {
8397
- return __generator(this, function (_a) {
8398
- switch (_a.label) {
8399
- case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
8400
- case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
8401
- }
8402
- });
8403
- });
8404
- }
8405
-
8406
- /**
8407
- * @license
8408
- * Copyright 2020 Google LLC
8409
- *
8410
- * Licensed under the Apache License, Version 2.0 (the "License");
8411
- * you may not use this file except in compliance with the License.
8412
- * You may obtain a copy of the License at
8413
- *
8414
- * http://www.apache.org/licenses/LICENSE-2.0
8415
- *
8416
- * Unless required by applicable law or agreed to in writing, software
8417
- * distributed under the License is distributed on an "AS IS" BASIS,
8418
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
8419
- * See the License for the specific language governing permissions and
8420
- * limitations under the License.
8421
- */
8422
- function getScriptParentElement() {
8423
- var _a, _b;
8424
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
8425
- }
8426
- function _loadJS(url) {
8427
- // TODO: consider adding timeout support & cancellation
8428
- return new Promise(function (resolve, reject) {
8429
- var el = document.createElement('script');
8430
- el.setAttribute('src', url);
8431
- el.onload = resolve;
8432
- el.onerror = function (e) {
8433
- var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
8434
- error.customData = e;
8435
- reject(error);
8436
- };
8437
- el.type = 'text/javascript';
8438
- el.charset = 'UTF-8';
8439
- getScriptParentElement().appendChild(el);
8440
- });
8441
- }
8442
- function _generateCallbackName(prefix) {
8443
- return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
8444
- }
8445
-
8446
8927
  /**
8447
8928
  * @license
8448
8929
  * Copyright 2020 Google LLC
@@ -8620,7 +9101,7 @@ var ReCaptchaLoaderImpl = /** @class */ (function () {
8620
9101
  var _this = this;
8621
9102
  if (hl === void 0) { hl = ''; }
8622
9103
  _assert(isHostLanguageValid(hl), auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
8623
- if (this.shouldResolveImmediately(hl)) {
9104
+ if (this.shouldResolveImmediately(hl) && isV2(_window().grecaptcha)) {
8624
9105
  return Promise.resolve(_window().grecaptcha);
8625
9106
  }
8626
9107
  return new Promise(function (resolve, reject) {
@@ -8631,7 +9112,7 @@ var ReCaptchaLoaderImpl = /** @class */ (function () {
8631
9112
  _window().clearTimeout(networkTimeout);
8632
9113
  delete _window()[_JSLOAD_CALLBACK];
8633
9114
  var recaptcha = _window().grecaptcha;
8634
- if (!recaptcha) {
9115
+ if (!recaptcha || !isV2(recaptcha)) {
8635
9116
  reject(_createError(auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */));
8636
9117
  return;
8637
9118
  }
@@ -9813,11 +10294,13 @@ var PopupOperation = /** @class */ (function (_super) {
9813
10294
  if ((_b = (_a = _this.authWindow) === null || _a === void 0 ? void 0 : _a.window) === null || _b === void 0 ? void 0 : _b.closed) {
9814
10295
  // Make sure that there is sufficient time for whatever action to
9815
10296
  // complete. The window could have closed but the sign in network
9816
- // call could still be in flight.
10297
+ // call could still be in flight. This is specifically true for
10298
+ // Firefox or if the opener is in an iframe, in which case the oauth
10299
+ // helper closes the popup.
9817
10300
  _this.pollId = window.setTimeout(function () {
9818
10301
  _this.pollId = null;
9819
10302
  _this.reject(_createError(_this.auth, "popup-closed-by-user" /* AuthErrorCode.POPUP_CLOSED_BY_USER */));
9820
- }, 2000 /* _Timeout.AUTH_EVENT */);
10303
+ }, 8000 /* _Timeout.AUTH_EVENT */);
9821
10304
  return;
9822
10305
  }
9823
10306
  _this.pollId = window.setTimeout(poll, _POLL_WINDOW_CLOSE_TIMEOUT.get());
@@ -10865,48 +11348,67 @@ var WIDGET_PATH = '__/auth/handler';
10865
11348
  * @internal
10866
11349
  */
10867
11350
  var EMULATOR_WIDGET_PATH = 'emulator/auth/handler';
11351
+ /**
11352
+ * Fragment name for the App Check token that gets passed to the widget
11353
+ *
11354
+ * @internal
11355
+ */
11356
+ var FIREBASE_APP_CHECK_FRAGMENT_ID = encodeURIComponent('fac');
10868
11357
  function _getRedirectUrl(auth, provider, authType, redirectUrl, eventId, additionalParams) {
10869
- _assert(auth.config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */);
10870
- _assert(auth.config.apiKey, auth, "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */);
10871
- var params = {
10872
- apiKey: auth.config.apiKey,
10873
- appName: auth.name,
10874
- authType: authType,
10875
- redirectUrl: redirectUrl,
10876
- v: SDK_VERSION,
10877
- eventId: eventId
10878
- };
10879
- if (provider instanceof FederatedAuthProvider) {
10880
- provider.setDefaultLanguage(auth.languageCode);
10881
- params.providerId = provider.providerId || '';
10882
- if (!isEmpty(provider.getCustomParameters())) {
10883
- params.customParameters = JSON.stringify(provider.getCustomParameters());
10884
- }
10885
- // TODO set additionalParams from the provider as well?
10886
- for (var _i = 0, _a = Object.entries(additionalParams || {}); _i < _a.length; _i++) {
10887
- var _b = _a[_i], key = _b[0], value = _b[1];
10888
- params[key] = value;
10889
- }
10890
- }
10891
- if (provider instanceof BaseOAuthProvider) {
10892
- var scopes = provider.getScopes().filter(function (scope) { return scope !== ''; });
10893
- if (scopes.length > 0) {
10894
- params.scopes = scopes.join(',');
10895
- }
10896
- }
10897
- if (auth.tenantId) {
10898
- params.tid = auth.tenantId;
10899
- }
10900
- // TODO: maybe set eid as endipointId
10901
- // TODO: maybe set fw as Frameworks.join(",")
10902
- var paramsDict = params;
10903
- for (var _c = 0, _d = Object.keys(paramsDict); _c < _d.length; _c++) {
10904
- var key = _d[_c];
10905
- if (paramsDict[key] === undefined) {
10906
- delete paramsDict[key];
10907
- }
10908
- }
10909
- return "".concat(getHandlerBase(auth), "?").concat(querystring(paramsDict).slice(1));
11358
+ return __awaiter(this, void 0, void 0, function () {
11359
+ var params, _i, _a, _b, key, value, scopes, paramsDict, _c, _d, key, appCheckToken, appCheckTokenFragment;
11360
+ return __generator(this, function (_e) {
11361
+ switch (_e.label) {
11362
+ case 0:
11363
+ _assert(auth.config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */);
11364
+ _assert(auth.config.apiKey, auth, "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */);
11365
+ params = {
11366
+ apiKey: auth.config.apiKey,
11367
+ appName: auth.name,
11368
+ authType: authType,
11369
+ redirectUrl: redirectUrl,
11370
+ v: SDK_VERSION,
11371
+ eventId: eventId
11372
+ };
11373
+ if (provider instanceof FederatedAuthProvider) {
11374
+ provider.setDefaultLanguage(auth.languageCode);
11375
+ params.providerId = provider.providerId || '';
11376
+ if (!isEmpty(provider.getCustomParameters())) {
11377
+ params.customParameters = JSON.stringify(provider.getCustomParameters());
11378
+ }
11379
+ // TODO set additionalParams from the provider as well?
11380
+ for (_i = 0, _a = Object.entries(additionalParams || {}); _i < _a.length; _i++) {
11381
+ _b = _a[_i], key = _b[0], value = _b[1];
11382
+ params[key] = value;
11383
+ }
11384
+ }
11385
+ if (provider instanceof BaseOAuthProvider) {
11386
+ scopes = provider.getScopes().filter(function (scope) { return scope !== ''; });
11387
+ if (scopes.length > 0) {
11388
+ params.scopes = scopes.join(',');
11389
+ }
11390
+ }
11391
+ if (auth.tenantId) {
11392
+ params.tid = auth.tenantId;
11393
+ }
11394
+ paramsDict = params;
11395
+ for (_c = 0, _d = Object.keys(paramsDict); _c < _d.length; _c++) {
11396
+ key = _d[_c];
11397
+ if (paramsDict[key] === undefined) {
11398
+ delete paramsDict[key];
11399
+ }
11400
+ }
11401
+ return [4 /*yield*/, auth._getAppCheckToken()];
11402
+ case 1:
11403
+ appCheckToken = _e.sent();
11404
+ appCheckTokenFragment = appCheckToken
11405
+ ? "#".concat(FIREBASE_APP_CHECK_FRAGMENT_ID, "=").concat(encodeURIComponent(appCheckToken))
11406
+ : '';
11407
+ // Start at index 1 to skip the leading '&' in the query string
11408
+ return [2 /*return*/, "".concat(getHandlerBase(auth), "?").concat(querystring(paramsDict).slice(1)).concat(appCheckTokenFragment)];
11409
+ }
11410
+ });
11411
+ });
10910
11412
  }
10911
11413
  function getHandlerBase(_a) {
10912
11414
  var config = _a.config;
@@ -10953,20 +11455,29 @@ var BrowserPopupRedirectResolver = /** @class */ (function () {
10953
11455
  return __awaiter(this, void 0, void 0, function () {
10954
11456
  var url;
10955
11457
  return __generator(this, function (_b) {
10956
- debugAssert((_a = this.eventManagers[auth._key()]) === null || _a === void 0 ? void 0 : _a.manager, '_initialize() not called before _openPopup()');
10957
- url = _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId);
10958
- return [2 /*return*/, _open(auth, url, _generateEventId())];
11458
+ switch (_b.label) {
11459
+ case 0:
11460
+ debugAssert((_a = this.eventManagers[auth._key()]) === null || _a === void 0 ? void 0 : _a.manager, '_initialize() not called before _openPopup()');
11461
+ return [4 /*yield*/, _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId)];
11462
+ case 1:
11463
+ url = _b.sent();
11464
+ return [2 /*return*/, _open(auth, url, _generateEventId())];
11465
+ }
10959
11466
  });
10960
11467
  });
10961
11468
  };
10962
11469
  BrowserPopupRedirectResolver.prototype._openRedirect = function (auth, provider, authType, eventId) {
10963
11470
  return __awaiter(this, void 0, void 0, function () {
11471
+ var url;
10964
11472
  return __generator(this, function (_a) {
10965
11473
  switch (_a.label) {
10966
11474
  case 0: return [4 /*yield*/, this._originValidation(auth)];
10967
11475
  case 1:
10968
11476
  _a.sent();
10969
- _setWindowLocation(_getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId));
11477
+ return [4 /*yield*/, _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId)];
11478
+ case 2:
11479
+ url = _a.sent();
11480
+ _setWindowLocation(url);
10970
11481
  return [2 /*return*/, new Promise(function () { })];
10971
11482
  }
10972
11483
  });
@@ -11301,7 +11812,7 @@ function _isEmptyString(input) {
11301
11812
  }
11302
11813
 
11303
11814
  var name = "@firebase/auth";
11304
- var version = "0.21.6";
11815
+ var version = "0.22.0-canary.1d6771eb3";
11305
11816
 
11306
11817
  /**
11307
11818
  * @license
@@ -11421,26 +11932,25 @@ function registerAuth(clientPlatform) {
11421
11932
  var deps = _a.options;
11422
11933
  var app = container.getProvider('app').getImmediate();
11423
11934
  var heartbeatServiceProvider = container.getProvider('heartbeat');
11935
+ var appCheckServiceProvider = container.getProvider('app-check-internal');
11424
11936
  var _b = app.options, apiKey = _b.apiKey, authDomain = _b.authDomain;
11425
- return (function (app, heartbeatServiceProvider) {
11426
- _assert(apiKey && !apiKey.includes(':'), "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */, { appName: app.name });
11427
- // Auth domain is optional if IdP sign in isn't being used
11428
- _assert(!(authDomain === null || authDomain === void 0 ? void 0 : authDomain.includes(':')), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, {
11429
- appName: app.name
11430
- });
11431
- var config = {
11432
- apiKey: apiKey,
11433
- authDomain: authDomain,
11434
- clientPlatform: clientPlatform,
11435
- apiHost: "identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */,
11436
- tokenApiHost: "securetoken.googleapis.com" /* DefaultConfig.TOKEN_API_HOST */,
11437
- apiScheme: "https" /* DefaultConfig.API_SCHEME */,
11438
- sdkClientVersion: _getClientVersion(clientPlatform)
11439
- };
11440
- var authInstance = new AuthImpl(app, heartbeatServiceProvider, config);
11441
- _initializeAuthInstance(authInstance, deps);
11442
- return authInstance;
11443
- })(app, heartbeatServiceProvider);
11937
+ _assert(apiKey && !apiKey.includes(':'), "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */, { appName: app.name });
11938
+ // Auth domain is optional if IdP sign in isn't being used
11939
+ _assert(!(authDomain === null || authDomain === void 0 ? void 0 : authDomain.includes(':')), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, {
11940
+ appName: app.name
11941
+ });
11942
+ var config = {
11943
+ apiKey: apiKey,
11944
+ authDomain: authDomain,
11945
+ clientPlatform: clientPlatform,
11946
+ apiHost: "identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */,
11947
+ tokenApiHost: "securetoken.googleapis.com" /* DefaultConfig.TOKEN_API_HOST */,
11948
+ apiScheme: "https" /* DefaultConfig.API_SCHEME */,
11949
+ sdkClientVersion: _getClientVersion(clientPlatform)
11950
+ };
11951
+ var authInstance = new AuthImpl(app, heartbeatServiceProvider, appCheckServiceProvider, config);
11952
+ _initializeAuthInstance(authInstance, deps);
11953
+ return authInstance;
11444
11954
  }, "PUBLIC" /* ComponentType.PUBLIC */)
11445
11955
  /**
11446
11956
  * Auth can only be initialized by explicitly calling getAuth() or initializeAuth()
@@ -11558,5 +12068,5 @@ function getAuth(app) {
11558
12068
  }
11559
12069
  registerAuth("Browser" /* ClientPlatform.BROWSER */);
11560
12070
 
11561
- export { linkWithCredential as $, ActionCodeOperation as A, deleteUser as B, debugErrorMap as C, prodErrorMap as D, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as E, FactorId as F, initializeAuth as G, connectAuthEmulator as H, AuthCredential as I, EmailAuthCredential as J, OAuthCredential as K, PhoneAuthCredential as L, inMemoryPersistence as M, EmailAuthProvider as N, OperationType as O, PhoneAuthProvider as P, FacebookAuthProvider as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, GoogleAuthProvider as U, GithubAuthProvider as V, OAuthProvider as W, SAMLAuthProvider as X, TwitterAuthProvider as Y, signInAnonymously as Z, signInWithCredential as _, browserSessionPersistence as a, reauthenticateWithCredential as a0, signInWithCustomToken as a1, sendPasswordResetEmail as a2, confirmPasswordReset as a3, applyActionCode as a4, checkActionCode as a5, verifyPasswordResetCode as a6, createUserWithEmailAndPassword as a7, signInWithEmailAndPassword as a8, sendSignInLinkToEmail as a9, AuthEventManager as aA, _getInstance as aB, _persistenceKeyName as aC, _clearRedirectOutcomes as aD, _getRedirectResult as aE, _overrideRedirectResult as aF, _castAuth as aG, UserImpl as aH, AuthImpl as aI, _getClientVersion as aJ, _generateEventId as aK, AuthPopup as aL, FetchProvider as aM, SAMLAuthCredential as aN, isSignInWithEmailLink as aa, signInWithEmailLink as ab, fetchSignInMethodsForEmail as ac, sendEmailVerification as ad, verifyBeforeUpdateEmail as ae, ActionCodeURL as af, parseActionCodeURL as ag, updateProfile as ah, updateEmail as ai, updatePassword as aj, getIdToken as ak, getIdTokenResult as al, unlink as am, getAdditionalUserInfo as an, reload as ao, getMultiFactorResolver as ap, multiFactor as aq, _isIOS as ar, _isAndroid as as, _fail as at, _getRedirectUrl as au, debugAssert as av, _getProjectConfig as aw, _isIOS7Or8 as ax, _assert as ay, _createError as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, onIdTokenChanged as t, updatePhoneNumber as u, beforeAuthStateChanged as v, onAuthStateChanged as w, useDeviceLanguage as x, updateCurrentUser as y, signOut as z };
11562
- //# sourceMappingURL=index-44fc929c.js.map
12071
+ export { signInWithCredential as $, ActionCodeOperation as A, signOut as B, deleteUser as C, debugErrorMap as D, prodErrorMap as E, FactorId as F, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as G, initializeAuth as H, connectAuthEmulator as I, AuthCredential as J, EmailAuthCredential as K, OAuthCredential as L, PhoneAuthCredential as M, inMemoryPersistence as N, OperationType as O, PhoneAuthProvider as P, EmailAuthProvider as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, FacebookAuthProvider as U, GoogleAuthProvider as V, GithubAuthProvider as W, OAuthProvider as X, SAMLAuthProvider as Y, TwitterAuthProvider as Z, signInAnonymously as _, browserSessionPersistence as a, linkWithCredential as a0, reauthenticateWithCredential as a1, signInWithCustomToken as a2, sendPasswordResetEmail as a3, confirmPasswordReset as a4, applyActionCode as a5, checkActionCode as a6, verifyPasswordResetCode as a7, createUserWithEmailAndPassword as a8, signInWithEmailAndPassword as a9, _createError as aA, AuthEventManager as aB, _getInstance as aC, _persistenceKeyName as aD, _clearRedirectOutcomes as aE, _getRedirectResult as aF, _overrideRedirectResult as aG, _castAuth as aH, UserImpl as aI, AuthImpl as aJ, _getClientVersion as aK, _generateEventId as aL, AuthPopup as aM, FetchProvider as aN, SAMLAuthCredential as aO, sendSignInLinkToEmail as aa, isSignInWithEmailLink as ab, signInWithEmailLink as ac, fetchSignInMethodsForEmail as ad, sendEmailVerification as ae, verifyBeforeUpdateEmail as af, ActionCodeURL as ag, parseActionCodeURL as ah, updateProfile as ai, updateEmail as aj, updatePassword as ak, getIdToken as al, getIdTokenResult as am, unlink as an, getAdditionalUserInfo as ao, reload as ap, getMultiFactorResolver as aq, multiFactor as ar, _isIOS as as, _isAndroid as at, _fail as au, _getRedirectUrl as av, debugAssert as aw, _getProjectConfig as ax, _isIOS7Or8 as ay, _assert as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, initializeRecaptchaConfig as t, updatePhoneNumber as u, onIdTokenChanged as v, beforeAuthStateChanged as w, onAuthStateChanged as x, useDeviceLanguage as y, updateCurrentUser as z };
12072
+ //# sourceMappingURL=index-169fb84f.js.map