@firebase/auth 0.21.6 → 0.22.0-canary.1d6771eb3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (218) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/README.md +5 -0
  3. package/dist/auth-public.d.ts +59 -3
  4. package/dist/auth.d.ts +74 -13
  5. package/dist/browser-cjs/{index-39443020.js → index-7393ca6a.js} +593 -208
  6. package/dist/browser-cjs/index-7393ca6a.js.map +1 -0
  7. package/dist/browser-cjs/index.js +3 -2
  8. package/dist/browser-cjs/index.js.map +1 -1
  9. package/dist/browser-cjs/internal.js +3 -2
  10. package/dist/browser-cjs/internal.js.map +1 -1
  11. package/dist/browser-cjs/src/api/authentication/email_and_password.d.ts +9 -0
  12. package/dist/browser-cjs/src/api/authentication/recaptcha.d.ts +16 -0
  13. package/dist/browser-cjs/src/api/authentication/sign_up.d.ts +4 -0
  14. package/dist/browser-cjs/src/api/errors.d.ts +9 -1
  15. package/dist/browser-cjs/src/api/index.d.ts +17 -2
  16. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +9 -1
  17. package/dist/browser-cjs/src/core/errors.d.ts +18 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +27 -0
  19. package/dist/browser-cjs/src/core/util/handler.d.ts +1 -1
  20. package/dist/browser-cjs/src/core/util/log.d.ts +1 -0
  21. package/dist/browser-cjs/src/mfa/assertions/totp.d.ts +2 -2
  22. package/dist/browser-cjs/src/model/auth.d.ts +6 -0
  23. package/dist/browser-cjs/src/platform_browser/auth_window.d.ts +2 -2
  24. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  25. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  26. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  27. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  28. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  29. package/dist/browser-cjs/src/platform_browser/strategies/popup.d.ts +1 -1
  30. package/dist/browser-cjs/test/helpers/api/helper.d.ts +2 -0
  31. package/dist/browser-cjs/test/helpers/mock_auth.d.ts +5 -0
  32. package/dist/cordova/index.js +2 -2
  33. package/dist/cordova/internal.js +21 -77
  34. package/dist/cordova/internal.js.map +1 -1
  35. package/dist/cordova/{popup_redirect-8b388294.js → popup_redirect-eae95465.js} +781 -215
  36. package/dist/cordova/popup_redirect-eae95465.js.map +1 -0
  37. package/dist/cordova/src/api/authentication/email_and_password.d.ts +9 -0
  38. package/dist/cordova/src/api/authentication/recaptcha.d.ts +16 -0
  39. package/dist/cordova/src/api/authentication/sign_up.d.ts +4 -0
  40. package/dist/cordova/src/api/errors.d.ts +9 -1
  41. package/dist/cordova/src/api/index.d.ts +17 -2
  42. package/dist/cordova/src/core/auth/auth_impl.d.ts +9 -1
  43. package/dist/cordova/src/core/errors.d.ts +18 -1
  44. package/dist/cordova/src/core/index.d.ts +27 -0
  45. package/dist/cordova/src/core/util/handler.d.ts +1 -1
  46. package/dist/cordova/src/core/util/log.d.ts +1 -0
  47. package/dist/cordova/src/mfa/assertions/totp.d.ts +2 -2
  48. package/dist/cordova/src/model/auth.d.ts +6 -0
  49. package/dist/cordova/src/platform_browser/auth_window.d.ts +2 -2
  50. package/dist/cordova/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  51. package/dist/cordova/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  52. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  53. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  54. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  55. package/dist/cordova/src/platform_browser/strategies/popup.d.ts +1 -1
  56. package/dist/cordova/test/helpers/api/helper.d.ts +2 -0
  57. package/dist/cordova/test/helpers/mock_auth.d.ts +5 -0
  58. package/dist/esm2017/{index-2d01563f.js → index-1124980d.js} +594 -210
  59. package/dist/esm2017/index-1124980d.js.map +1 -0
  60. package/dist/esm2017/index.js +2 -2
  61. package/dist/esm2017/internal.js +3 -3
  62. package/dist/esm2017/src/api/authentication/email_and_password.d.ts +9 -0
  63. package/dist/esm2017/src/api/authentication/recaptcha.d.ts +16 -0
  64. package/dist/esm2017/src/api/authentication/sign_up.d.ts +4 -0
  65. package/dist/esm2017/src/api/errors.d.ts +9 -1
  66. package/dist/esm2017/src/api/index.d.ts +17 -2
  67. package/dist/esm2017/src/core/auth/auth_impl.d.ts +9 -1
  68. package/dist/esm2017/src/core/errors.d.ts +18 -1
  69. package/dist/esm2017/src/core/index.d.ts +27 -0
  70. package/dist/esm2017/src/core/util/handler.d.ts +1 -1
  71. package/dist/esm2017/src/core/util/log.d.ts +1 -0
  72. package/dist/esm2017/src/mfa/assertions/totp.d.ts +2 -2
  73. package/dist/esm2017/src/model/auth.d.ts +6 -0
  74. package/dist/esm2017/src/platform_browser/auth_window.d.ts +2 -2
  75. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  76. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  77. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  78. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  79. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  80. package/dist/esm2017/src/platform_browser/strategies/popup.d.ts +1 -1
  81. package/dist/esm2017/test/helpers/api/helper.d.ts +2 -0
  82. package/dist/esm2017/test/helpers/mock_auth.d.ts +5 -0
  83. package/dist/esm5/{index-44fc929c.js → index-169fb84f.js} +800 -290
  84. package/dist/esm5/index-169fb84f.js.map +1 -0
  85. package/dist/esm5/index.js +1 -1
  86. package/dist/esm5/internal.js +2 -2
  87. package/dist/esm5/src/api/authentication/email_and_password.d.ts +9 -0
  88. package/dist/esm5/src/api/authentication/recaptcha.d.ts +16 -0
  89. package/dist/esm5/src/api/authentication/sign_up.d.ts +4 -0
  90. package/dist/esm5/src/api/errors.d.ts +9 -1
  91. package/dist/esm5/src/api/index.d.ts +17 -2
  92. package/dist/esm5/src/core/auth/auth_impl.d.ts +9 -1
  93. package/dist/esm5/src/core/errors.d.ts +18 -1
  94. package/dist/esm5/src/core/index.d.ts +27 -0
  95. package/dist/esm5/src/core/util/handler.d.ts +1 -1
  96. package/dist/esm5/src/core/util/log.d.ts +1 -0
  97. package/dist/esm5/src/mfa/assertions/totp.d.ts +2 -2
  98. package/dist/esm5/src/model/auth.d.ts +6 -0
  99. package/dist/esm5/src/platform_browser/auth_window.d.ts +2 -2
  100. package/dist/esm5/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  101. package/dist/esm5/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  102. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  103. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  104. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  105. package/dist/esm5/src/platform_browser/strategies/popup.d.ts +1 -1
  106. package/dist/esm5/test/helpers/api/helper.d.ts +2 -0
  107. package/dist/esm5/test/helpers/mock_auth.d.ts +5 -0
  108. package/dist/index.webworker.esm5.js +605 -75
  109. package/dist/index.webworker.esm5.js.map +1 -1
  110. package/dist/node/index.js +2 -1
  111. package/dist/node/index.js.map +1 -1
  112. package/dist/node/internal.js +62 -42
  113. package/dist/node/internal.js.map +1 -1
  114. package/dist/node/src/api/authentication/email_and_password.d.ts +9 -0
  115. package/dist/node/src/api/authentication/recaptcha.d.ts +16 -0
  116. package/dist/node/src/api/authentication/sign_up.d.ts +4 -0
  117. package/dist/node/src/api/errors.d.ts +9 -1
  118. package/dist/node/src/api/index.d.ts +17 -2
  119. package/dist/node/src/core/auth/auth_impl.d.ts +9 -1
  120. package/dist/node/src/core/errors.d.ts +18 -1
  121. package/dist/node/src/core/index.d.ts +27 -0
  122. package/dist/node/src/core/util/handler.d.ts +1 -1
  123. package/dist/node/src/core/util/log.d.ts +1 -0
  124. package/dist/node/src/mfa/assertions/totp.d.ts +2 -2
  125. package/dist/node/src/model/auth.d.ts +6 -0
  126. package/dist/node/src/platform_browser/auth_window.d.ts +2 -2
  127. package/dist/node/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  128. package/dist/node/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  129. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  130. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  131. package/dist/node/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  132. package/dist/node/src/platform_browser/strategies/popup.d.ts +1 -1
  133. package/dist/node/test/helpers/api/helper.d.ts +2 -0
  134. package/dist/node/test/helpers/mock_auth.d.ts +5 -0
  135. package/dist/node/{totp-5e73d8e7.js → totp-13fce87f.js} +703 -172
  136. package/dist/node/totp-13fce87f.js.map +1 -0
  137. package/dist/node-esm/index.js +1 -1
  138. package/dist/node-esm/internal.js +16 -4
  139. package/dist/node-esm/internal.js.map +1 -1
  140. package/dist/node-esm/src/api/authentication/email_and_password.d.ts +9 -0
  141. package/dist/node-esm/src/api/authentication/recaptcha.d.ts +16 -0
  142. package/dist/node-esm/src/api/authentication/sign_up.d.ts +4 -0
  143. package/dist/node-esm/src/api/errors.d.ts +9 -1
  144. package/dist/node-esm/src/api/index.d.ts +17 -2
  145. package/dist/node-esm/src/core/auth/auth_impl.d.ts +9 -1
  146. package/dist/node-esm/src/core/errors.d.ts +18 -1
  147. package/dist/node-esm/src/core/index.d.ts +27 -0
  148. package/dist/node-esm/src/core/util/handler.d.ts +1 -1
  149. package/dist/node-esm/src/core/util/log.d.ts +1 -0
  150. package/dist/node-esm/src/mfa/assertions/totp.d.ts +2 -2
  151. package/dist/node-esm/src/model/auth.d.ts +6 -0
  152. package/dist/node-esm/src/platform_browser/auth_window.d.ts +2 -2
  153. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  154. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  155. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  156. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  157. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  158. package/dist/node-esm/src/platform_browser/strategies/popup.d.ts +1 -1
  159. package/dist/node-esm/test/helpers/api/helper.d.ts +2 -0
  160. package/dist/node-esm/test/helpers/mock_auth.d.ts +5 -0
  161. package/dist/node-esm/{totp-7b645f19.js → totp-aee19ee4.js} +560 -141
  162. package/dist/node-esm/totp-aee19ee4.js.map +1 -0
  163. package/dist/rn/index.js +2 -1
  164. package/dist/rn/index.js.map +1 -1
  165. package/dist/rn/internal.js +79 -48
  166. package/dist/rn/internal.js.map +1 -1
  167. package/dist/rn/{phone-ec210006.js → phone-26700494.js} +741 -260
  168. package/dist/rn/phone-26700494.js.map +1 -0
  169. package/dist/rn/src/api/authentication/email_and_password.d.ts +9 -0
  170. package/dist/rn/src/api/authentication/recaptcha.d.ts +16 -0
  171. package/dist/rn/src/api/authentication/sign_up.d.ts +4 -0
  172. package/dist/rn/src/api/errors.d.ts +9 -1
  173. package/dist/rn/src/api/index.d.ts +17 -2
  174. package/dist/rn/src/core/auth/auth_impl.d.ts +9 -1
  175. package/dist/rn/src/core/errors.d.ts +18 -1
  176. package/dist/rn/src/core/index.d.ts +27 -0
  177. package/dist/rn/src/core/util/handler.d.ts +1 -1
  178. package/dist/rn/src/core/util/log.d.ts +1 -0
  179. package/dist/rn/src/mfa/assertions/totp.d.ts +2 -2
  180. package/dist/rn/src/model/auth.d.ts +6 -0
  181. package/dist/rn/src/platform_browser/auth_window.d.ts +2 -2
  182. package/dist/rn/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  183. package/dist/rn/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  184. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  185. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  186. package/dist/rn/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  187. package/dist/rn/src/platform_browser/strategies/popup.d.ts +1 -1
  188. package/dist/rn/test/helpers/api/helper.d.ts +2 -0
  189. package/dist/rn/test/helpers/mock_auth.d.ts +5 -0
  190. package/dist/src/api/authentication/email_and_password.d.ts +9 -0
  191. package/dist/src/api/authentication/recaptcha.d.ts +16 -0
  192. package/dist/src/api/authentication/sign_up.d.ts +4 -0
  193. package/dist/src/api/errors.d.ts +9 -1
  194. package/dist/src/api/index.d.ts +17 -2
  195. package/dist/src/core/auth/auth_impl.d.ts +9 -1
  196. package/dist/src/core/errors.d.ts +18 -1
  197. package/dist/src/core/index.d.ts +27 -0
  198. package/dist/src/core/util/handler.d.ts +1 -1
  199. package/dist/src/core/util/log.d.ts +1 -0
  200. package/dist/src/mfa/assertions/totp.d.ts +2 -2
  201. package/dist/src/model/auth.d.ts +6 -0
  202. package/dist/src/platform_browser/auth_window.d.ts +2 -2
  203. package/dist/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  204. package/dist/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  205. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  206. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  207. package/dist/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  208. package/dist/src/platform_browser/strategies/popup.d.ts +1 -1
  209. package/dist/test/helpers/api/helper.d.ts +2 -0
  210. package/dist/test/helpers/mock_auth.d.ts +5 -0
  211. package/package.json +6 -6
  212. package/dist/browser-cjs/index-39443020.js.map +0 -1
  213. package/dist/cordova/popup_redirect-8b388294.js.map +0 -1
  214. package/dist/esm2017/index-2d01563f.js.map +0 -1
  215. package/dist/esm5/index-44fc929c.js.map +0 -1
  216. package/dist/node/totp-5e73d8e7.js.map +0 -1
  217. package/dist/node-esm/totp-7b645f19.js.map +0 -1
  218. package/dist/rn/phone-ec210006.js.map +0 -1
@@ -1,4 +1,4 @@
1
- import { ErrorFactory, deepEqual, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, getUA, isIE, createSubscribe, querystringDecode, extractQuerystring, getDefaultEmulatorHost } from '@firebase/util';
1
+ import { ErrorFactory, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, getUA, isIE, createSubscribe, deepEqual, querystringDecode, extractQuerystring, getDefaultEmulatorHost } from '@firebase/util';
2
2
  import { SDK_VERSION, _getProvider, _registerComponent, registerVersion, getApp } from '@firebase/app';
3
3
  import { __rest } from 'tslib';
4
4
  import { Component } from '@firebase/component';
@@ -213,6 +213,7 @@ function _debugErrorMap() {
213
213
  ["missing-or-invalid-nonce" /* AuthErrorCode.MISSING_OR_INVALID_NONCE */]: 'The request does not contain a valid nonce. This can occur if the ' +
214
214
  'SHA-256 hash of the provided raw nonce does not match the hashed nonce ' +
215
215
  'in the ID token payload.',
216
+ ["missing-password" /* AuthErrorCode.MISSING_PASSWORD */]: 'A non-empty password must be provided',
216
217
  ["missing-multi-factor-info" /* AuthErrorCode.MISSING_MFA_INFO */]: 'No second factor identifier is provided.',
217
218
  ["missing-multi-factor-session" /* AuthErrorCode.MISSING_MFA_SESSION */]: 'The request is missing proof of first factor successful sign-in.',
218
219
  ["missing-phone-number" /* AuthErrorCode.MISSING_PHONE_NUMBER */]: 'To send verification codes, provide a phone number for the recipient.',
@@ -265,7 +266,15 @@ function _debugErrorMap() {
265
266
  ["already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */]: 'initializeAuth() has already been called with ' +
266
267
  'different options. To avoid this error, call initializeAuth() with the ' +
267
268
  'same options as when it was originally called, or call getAuth() to return the' +
268
- ' already initialized instance.'
269
+ ' already initialized instance.',
270
+ ["missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */]: 'The reCAPTCHA token is missing when sending request to the backend.',
271
+ ["invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */]: 'The reCAPTCHA token is invalid when sending request to the backend.',
272
+ ["invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */]: 'The reCAPTCHA action is invalid when sending request to the backend.',
273
+ ["recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */]: 'reCAPTCHA Enterprise integration is not enabled for this project.',
274
+ ["missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */]: 'The reCAPTCHA client type is missing when sending request to the backend.',
275
+ ["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is missing when sending request to the backend.',
276
+ ["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */]: 'Invalid request parameters.',
277
+ ["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is invalid when sending request to the backend.'
269
278
  };
270
279
  }
271
280
  function _prodErrorMap() {
@@ -401,7 +410,15 @@ const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
401
410
  USER_SIGNED_OUT: 'auth/user-signed-out',
402
411
  WEAK_PASSWORD: 'auth/weak-password',
403
412
  WEB_STORAGE_UNSUPPORTED: 'auth/web-storage-unsupported',
404
- ALREADY_INITIALIZED: 'auth/already-initialized'
413
+ ALREADY_INITIALIZED: 'auth/already-initialized',
414
+ RECAPTCHA_NOT_ENABLED: 'auth/recaptcha-not-enabled',
415
+ MISSING_RECAPTCHA_TOKEN: 'auth/missing-recaptcha-token',
416
+ INVALID_RECAPTCHA_TOKEN: 'auth/invalid-recaptcha-token',
417
+ INVALID_RECAPTCHA_ACTION: 'auth/invalid-recaptcha-action',
418
+ MISSING_CLIENT_TYPE: 'auth/missing-client-type',
419
+ MISSING_RECAPTCHA_VERSION: 'auth/missing-recaptcha-version',
420
+ INVALID_RECAPTCHA_VERSION: 'auth/invalid-recaptcha-version',
421
+ INVALID_REQ_TYPE: 'auth/invalid-req-type'
405
422
  };
406
423
 
407
424
  /**
@@ -421,6 +438,11 @@ const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
421
438
  * limitations under the License.
422
439
  */
423
440
  const logClient = new Logger('@firebase/auth');
441
+ function _logWarn(msg, ...args) {
442
+ if (logClient.logLevel <= LogLevel.WARN) {
443
+ logClient.warn(`Auth (${SDK_VERSION}): ${msg}`, ...args);
444
+ }
445
+ }
424
446
  function _logError(msg, ...args) {
425
447
  if (logClient.logLevel <= LogLevel.ERROR) {
426
448
  logClient.error(`Auth (${SDK_VERSION}): ${msg}`, ...args);
@@ -501,103 +523,6 @@ function debugAssert(assertion, message) {
501
523
  }
502
524
  }
503
525
 
504
- /**
505
- * @license
506
- * Copyright 2020 Google LLC
507
- *
508
- * Licensed under the Apache License, Version 2.0 (the "License");
509
- * you may not use this file except in compliance with the License.
510
- * You may obtain a copy of the License at
511
- *
512
- * http://www.apache.org/licenses/LICENSE-2.0
513
- *
514
- * Unless required by applicable law or agreed to in writing, software
515
- * distributed under the License is distributed on an "AS IS" BASIS,
516
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
517
- * See the License for the specific language governing permissions and
518
- * limitations under the License.
519
- */
520
- const instanceCache = new Map();
521
- function _getInstance(cls) {
522
- debugAssert(cls instanceof Function, 'Expected a class definition');
523
- let instance = instanceCache.get(cls);
524
- if (instance) {
525
- debugAssert(instance instanceof cls, 'Instance stored in cache mismatched with class');
526
- return instance;
527
- }
528
- instance = new cls();
529
- instanceCache.set(cls, instance);
530
- return instance;
531
- }
532
-
533
- /**
534
- * @license
535
- * Copyright 2020 Google LLC
536
- *
537
- * Licensed under the Apache License, Version 2.0 (the "License");
538
- * you may not use this file except in compliance with the License.
539
- * You may obtain a copy of the License at
540
- *
541
- * http://www.apache.org/licenses/LICENSE-2.0
542
- *
543
- * Unless required by applicable law or agreed to in writing, software
544
- * distributed under the License is distributed on an "AS IS" BASIS,
545
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
546
- * See the License for the specific language governing permissions and
547
- * limitations under the License.
548
- */
549
- /**
550
- * Initializes an {@link Auth} instance with fine-grained control over
551
- * {@link Dependencies}.
552
- *
553
- * @remarks
554
- *
555
- * This function allows more control over the {@link Auth} instance than
556
- * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
557
- * the {@link Dependencies}. In general, `getAuth` is the easiest way to
558
- * initialize Auth and works for most use cases. Use `initializeAuth` if you
559
- * need control over which persistence layer is used, or to minimize bundle
560
- * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
561
- *
562
- * For example, if your app only uses anonymous accounts and you only want
563
- * accounts saved for the current session, initialize `Auth` with:
564
- *
565
- * ```js
566
- * const auth = initializeAuth(app, {
567
- * persistence: browserSessionPersistence,
568
- * popupRedirectResolver: undefined,
569
- * });
570
- * ```
571
- *
572
- * @public
573
- */
574
- function initializeAuth(app, deps) {
575
- const provider = _getProvider(app, 'auth');
576
- if (provider.isInitialized()) {
577
- const auth = provider.getImmediate();
578
- const initialOptions = provider.getOptions();
579
- if (deepEqual(initialOptions, deps !== null && deps !== void 0 ? deps : {})) {
580
- return auth;
581
- }
582
- else {
583
- _fail(auth, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */);
584
- }
585
- }
586
- const auth = provider.initialize({ options: deps });
587
- return auth;
588
- }
589
- function _initializeAuthInstance(auth, deps) {
590
- const persistence = (deps === null || deps === void 0 ? void 0 : deps.persistence) || [];
591
- const hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance);
592
- if (deps === null || deps === void 0 ? void 0 : deps.errorMap) {
593
- auth._updateErrorMap(deps.errorMap);
594
- }
595
- // This promise is intended to float; auth initialization happens in the
596
- // background, meanwhile the auth object may be used by the app.
597
- // eslint-disable-next-line @typescript-eslint/no-floating-promises
598
- auth._initializeWithPersistence(hierarchy, deps === null || deps === void 0 ? void 0 : deps.popupRedirectResolver);
599
- }
600
-
601
526
  /**
602
527
  * @license
603
528
  * Copyright 2020 Google LLC
@@ -829,7 +754,7 @@ const SERVER_ERROR_MAP = {
829
754
  // Sign in with email and password errors (some apply to sign up too).
830
755
  ["INVALID_PASSWORD" /* ServerError.INVALID_PASSWORD */]: "wrong-password" /* AuthErrorCode.INVALID_PASSWORD */,
831
756
  // This can only happen if the SDK sends a bad request.
832
- ["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */]: "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
757
+ ["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */]: "missing-password" /* AuthErrorCode.MISSING_PASSWORD */,
833
758
  // Sign up with email and password errors.
834
759
  ["EMAIL_EXISTS" /* ServerError.EMAIL_EXISTS */]: "email-already-in-use" /* AuthErrorCode.EMAIL_EXISTS */,
835
760
  ["PASSWORD_LOGIN_DISABLED" /* ServerError.PASSWORD_LOGIN_DISABLED */]: "operation-not-allowed" /* AuthErrorCode.OPERATION_NOT_ALLOWED */,
@@ -876,7 +801,16 @@ const SERVER_ERROR_MAP = {
876
801
  ["SECOND_FACTOR_EXISTS" /* ServerError.SECOND_FACTOR_EXISTS */]: "second-factor-already-in-use" /* AuthErrorCode.SECOND_FACTOR_ALREADY_ENROLLED */,
877
802
  ["SECOND_FACTOR_LIMIT_EXCEEDED" /* ServerError.SECOND_FACTOR_LIMIT_EXCEEDED */]: "maximum-second-factor-count-exceeded" /* AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED */,
878
803
  // Blocking functions related errors.
879
- ["BLOCKING_FUNCTION_ERROR_RESPONSE" /* ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE */]: "internal-error" /* AuthErrorCode.INTERNAL_ERROR */
804
+ ["BLOCKING_FUNCTION_ERROR_RESPONSE" /* ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE */]: "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
805
+ // Recaptcha related errors.
806
+ ["RECAPTCHA_NOT_ENABLED" /* ServerError.RECAPTCHA_NOT_ENABLED */]: "recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */,
807
+ ["MISSING_RECAPTCHA_TOKEN" /* ServerError.MISSING_RECAPTCHA_TOKEN */]: "missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */,
808
+ ["INVALID_RECAPTCHA_TOKEN" /* ServerError.INVALID_RECAPTCHA_TOKEN */]: "invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */,
809
+ ["INVALID_RECAPTCHA_ACTION" /* ServerError.INVALID_RECAPTCHA_ACTION */]: "invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */,
810
+ ["MISSING_CLIENT_TYPE" /* ServerError.MISSING_CLIENT_TYPE */]: "missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */,
811
+ ["MISSING_RECAPTCHA_VERSION" /* ServerError.MISSING_RECAPTCHA_VERSION */]: "missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */,
812
+ ["INVALID_RECAPTCHA_VERSION" /* ServerError.INVALID_RECAPTCHA_VERSION */]: "invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */,
813
+ ["INVALID_REQ_TYPE" /* ServerError.INVALID_REQ_TYPE */]: "invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */
880
814
  };
881
815
 
882
816
  /**
@@ -1778,6 +1712,35 @@ class UserImpl {
1778
1712
  }
1779
1713
  }
1780
1714
 
1715
+ /**
1716
+ * @license
1717
+ * Copyright 2020 Google LLC
1718
+ *
1719
+ * Licensed under the Apache License, Version 2.0 (the "License");
1720
+ * you may not use this file except in compliance with the License.
1721
+ * You may obtain a copy of the License at
1722
+ *
1723
+ * http://www.apache.org/licenses/LICENSE-2.0
1724
+ *
1725
+ * Unless required by applicable law or agreed to in writing, software
1726
+ * distributed under the License is distributed on an "AS IS" BASIS,
1727
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1728
+ * See the License for the specific language governing permissions and
1729
+ * limitations under the License.
1730
+ */
1731
+ const instanceCache = new Map();
1732
+ function _getInstance(cls) {
1733
+ debugAssert(cls instanceof Function, 'Expected a class definition');
1734
+ let instance = instanceCache.get(cls);
1735
+ if (instance) {
1736
+ debugAssert(instance instanceof cls, 'Instance stored in cache mismatched with class');
1737
+ return instance;
1738
+ }
1739
+ instance = new cls();
1740
+ instanceCache.set(cls, instance);
1741
+ return instance;
1742
+ }
1743
+
1781
1744
  /**
1782
1745
  * @license
1783
1746
  * Copyright 2019 Google LLC
@@ -2115,6 +2078,232 @@ function _getClientVersion(clientPlatform, frameworks = []) {
2115
2078
  return `${reportedPlatform}/${"JsCore" /* ClientImplementation.CORE */}/${SDK_VERSION}/${reportedFrameworks}`;
2116
2079
  }
2117
2080
 
2081
+ /**
2082
+ * @license
2083
+ * Copyright 2020 Google LLC
2084
+ *
2085
+ * Licensed under the Apache License, Version 2.0 (the "License");
2086
+ * you may not use this file except in compliance with the License.
2087
+ * You may obtain a copy of the License at
2088
+ *
2089
+ * http://www.apache.org/licenses/LICENSE-2.0
2090
+ *
2091
+ * Unless required by applicable law or agreed to in writing, software
2092
+ * distributed under the License is distributed on an "AS IS" BASIS,
2093
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2094
+ * See the License for the specific language governing permissions and
2095
+ * limitations under the License.
2096
+ */
2097
+ async function getRecaptchaConfig(auth, request) {
2098
+ return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request));
2099
+ }
2100
+
2101
+ /**
2102
+ * @license
2103
+ * Copyright 2020 Google LLC
2104
+ *
2105
+ * Licensed under the Apache License, Version 2.0 (the "License");
2106
+ * you may not use this file except in compliance with the License.
2107
+ * You may obtain a copy of the License at
2108
+ *
2109
+ * http://www.apache.org/licenses/LICENSE-2.0
2110
+ *
2111
+ * Unless required by applicable law or agreed to in writing, software
2112
+ * distributed under the License is distributed on an "AS IS" BASIS,
2113
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2114
+ * See the License for the specific language governing permissions and
2115
+ * limitations under the License.
2116
+ */
2117
+ function isEnterprise(grecaptcha) {
2118
+ return (grecaptcha !== undefined &&
2119
+ grecaptcha.enterprise !== undefined);
2120
+ }
2121
+ class RecaptchaConfig {
2122
+ constructor(response) {
2123
+ /**
2124
+ * The reCAPTCHA site key.
2125
+ */
2126
+ this.siteKey = '';
2127
+ /**
2128
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2129
+ */
2130
+ this.emailPasswordEnabled = false;
2131
+ if (response.recaptchaKey === undefined) {
2132
+ throw new Error('recaptchaKey undefined');
2133
+ }
2134
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2135
+ this.siteKey = response.recaptchaKey.split('/')[3];
2136
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(enforcementState => enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2137
+ enforcementState.enforcementState !== 'OFF');
2138
+ }
2139
+ }
2140
+
2141
+ /**
2142
+ * @license
2143
+ * Copyright 2020 Google LLC
2144
+ *
2145
+ * Licensed under the Apache License, Version 2.0 (the "License");
2146
+ * you may not use this file except in compliance with the License.
2147
+ * You may obtain a copy of the License at
2148
+ *
2149
+ * http://www.apache.org/licenses/LICENSE-2.0
2150
+ *
2151
+ * Unless required by applicable law or agreed to in writing, software
2152
+ * distributed under the License is distributed on an "AS IS" BASIS,
2153
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2154
+ * See the License for the specific language governing permissions and
2155
+ * limitations under the License.
2156
+ */
2157
+ function getScriptParentElement() {
2158
+ var _a, _b;
2159
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2160
+ }
2161
+ function _loadJS(url) {
2162
+ // TODO: consider adding timeout support & cancellation
2163
+ return new Promise((resolve, reject) => {
2164
+ const el = document.createElement('script');
2165
+ el.setAttribute('src', url);
2166
+ el.onload = resolve;
2167
+ el.onerror = e => {
2168
+ const error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2169
+ error.customData = e;
2170
+ reject(error);
2171
+ };
2172
+ el.type = 'text/javascript';
2173
+ el.charset = 'UTF-8';
2174
+ getScriptParentElement().appendChild(el);
2175
+ });
2176
+ }
2177
+
2178
+ /* eslint-disable @typescript-eslint/no-require-imports */
2179
+ const RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2180
+ const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2181
+ class RecaptchaEnterpriseVerifier {
2182
+ /**
2183
+ *
2184
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
2185
+ *
2186
+ */
2187
+ constructor(authExtern) {
2188
+ /**
2189
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2190
+ */
2191
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2192
+ this.auth = _castAuth(authExtern);
2193
+ }
2194
+ /**
2195
+ * Executes the verification process.
2196
+ *
2197
+ * @returns A Promise for a token that can be used to assert the validity of a request.
2198
+ */
2199
+ async verify(action = 'verify', forceRefresh = false) {
2200
+ async function retrieveSiteKey(auth) {
2201
+ if (!forceRefresh) {
2202
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2203
+ return auth._agentRecaptchaConfig.siteKey;
2204
+ }
2205
+ if (auth.tenantId != null &&
2206
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2207
+ return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;
2208
+ }
2209
+ }
2210
+ return new Promise(async (resolve, reject) => {
2211
+ getRecaptchaConfig(auth, {
2212
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2213
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2214
+ })
2215
+ .then(response => {
2216
+ if (response.recaptchaKey === undefined) {
2217
+ reject(new Error('recaptcha Enterprise site key undefined'));
2218
+ }
2219
+ else {
2220
+ const config = new RecaptchaConfig(response);
2221
+ if (auth.tenantId == null) {
2222
+ auth._agentRecaptchaConfig = config;
2223
+ }
2224
+ else {
2225
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2226
+ }
2227
+ return resolve(config.siteKey);
2228
+ }
2229
+ })
2230
+ .catch(error => {
2231
+ reject(error);
2232
+ });
2233
+ });
2234
+ }
2235
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
2236
+ const grecaptcha = window.grecaptcha;
2237
+ if (isEnterprise(grecaptcha)) {
2238
+ grecaptcha.enterprise.ready(() => {
2239
+ try {
2240
+ grecaptcha.enterprise
2241
+ .execute(siteKey, { action })
2242
+ .then(token => {
2243
+ resolve(token);
2244
+ })
2245
+ .catch(error => {
2246
+ reject(error);
2247
+ });
2248
+ }
2249
+ catch (error) {
2250
+ reject(error);
2251
+ }
2252
+ });
2253
+ }
2254
+ else {
2255
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
2256
+ }
2257
+ }
2258
+ return new Promise((resolve, reject) => {
2259
+ retrieveSiteKey(this.auth)
2260
+ .then(siteKey => {
2261
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2262
+ retrieveRecaptchaToken(siteKey, resolve, reject);
2263
+ }
2264
+ else {
2265
+ if (typeof window === 'undefined') {
2266
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
2267
+ return;
2268
+ }
2269
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2270
+ .then(() => {
2271
+ retrieveRecaptchaToken(siteKey, resolve, reject);
2272
+ })
2273
+ .catch(error => {
2274
+ reject(error);
2275
+ });
2276
+ }
2277
+ })
2278
+ .catch(error => {
2279
+ reject(error);
2280
+ });
2281
+ });
2282
+ }
2283
+ }
2284
+ async function injectRecaptchaFields(auth, request, action, captchaResp = false) {
2285
+ const verifier = new RecaptchaEnterpriseVerifier(auth);
2286
+ let captchaResponse;
2287
+ try {
2288
+ captchaResponse = await verifier.verify(action);
2289
+ }
2290
+ catch (error) {
2291
+ captchaResponse = await verifier.verify(action, true);
2292
+ }
2293
+ const newRequest = Object.assign({}, request);
2294
+ if (!captchaResp) {
2295
+ Object.assign(newRequest, { captchaResponse });
2296
+ }
2297
+ else {
2298
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
2299
+ }
2300
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2301
+ Object.assign(newRequest, {
2302
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2303
+ });
2304
+ return newRequest;
2305
+ }
2306
+
2118
2307
  /**
2119
2308
  * @license
2120
2309
  * Copyright 2022 Google LLC
@@ -2213,9 +2402,10 @@ class AuthMiddlewareQueue {
2213
2402
  * limitations under the License.
2214
2403
  */
2215
2404
  class AuthImpl {
2216
- constructor(app, heartbeatServiceProvider, config) {
2405
+ constructor(app, heartbeatServiceProvider, appCheckServiceProvider, config) {
2217
2406
  this.app = app;
2218
2407
  this.heartbeatServiceProvider = heartbeatServiceProvider;
2408
+ this.appCheckServiceProvider = appCheckServiceProvider;
2219
2409
  this.config = config;
2220
2410
  this.currentUser = null;
2221
2411
  this.emulatorConfig = null;
@@ -2233,6 +2423,8 @@ class AuthImpl {
2233
2423
  this._initializationPromise = null;
2234
2424
  this._popupRedirectResolver = null;
2235
2425
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2426
+ this._agentRecaptchaConfig = null;
2427
+ this._tenantRecaptchaConfigs = {};
2236
2428
  // Tracks the last notified UID for state change listeners to prevent
2237
2429
  // repeated calls to the callbacks. Undefined means it's never been
2238
2430
  // called, whereas null means it's been called with a signed out user
@@ -2452,6 +2644,31 @@ class AuthImpl {
2452
2644
  await this.assertedPersistence.setPersistence(_getInstance(persistence));
2453
2645
  });
2454
2646
  }
2647
+ async initializeRecaptchaConfig() {
2648
+ const response = await getRecaptchaConfig(this, {
2649
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2650
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2651
+ });
2652
+ const config = new RecaptchaConfig(response);
2653
+ if (this.tenantId == null) {
2654
+ this._agentRecaptchaConfig = config;
2655
+ }
2656
+ else {
2657
+ this._tenantRecaptchaConfigs[this.tenantId] = config;
2658
+ }
2659
+ if (config.emailPasswordEnabled) {
2660
+ const verifier = new RecaptchaEnterpriseVerifier(this);
2661
+ void verifier.verify();
2662
+ }
2663
+ }
2664
+ _getRecaptchaConfig() {
2665
+ if (this.tenantId == null) {
2666
+ return this._agentRecaptchaConfig;
2667
+ }
2668
+ else {
2669
+ return this._tenantRecaptchaConfigs[this.tenantId];
2670
+ }
2671
+ }
2455
2672
  _getPersistence() {
2456
2673
  return this.assertedPersistence.persistence.type;
2457
2674
  }
@@ -2631,8 +2848,26 @@ class AuthImpl {
2631
2848
  if (heartbeatsHeader) {
2632
2849
  headers["X-Firebase-Client" /* HttpHeader.X_FIREBASE_CLIENT */] = heartbeatsHeader;
2633
2850
  }
2851
+ // If the App Check service exists, add the App Check token in the headers
2852
+ const appCheckToken = await this._getAppCheckToken();
2853
+ if (appCheckToken) {
2854
+ headers["X-Firebase-AppCheck" /* HttpHeader.X_FIREBASE_APP_CHECK */] = appCheckToken;
2855
+ }
2634
2856
  return headers;
2635
2857
  }
2858
+ async _getAppCheckToken() {
2859
+ var _a;
2860
+ const appCheckTokenResult = await ((_a = this.appCheckServiceProvider
2861
+ .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken());
2862
+ if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
2863
+ // Context: appCheck.getToken() will never throw even if an error happened.
2864
+ // In the error case, a dummy token will be returned along with an error field describing
2865
+ // the error. In general, we shouldn't care about the error condition and just use
2866
+ // the token (actual or dummy) to send requests.
2867
+ _logWarn(`Error while retrieving App Check token: ${appCheckTokenResult.error}`);
2868
+ }
2869
+ return appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token;
2870
+ }
2636
2871
  }
2637
2872
  /**
2638
2873
  * Method to be used to cast down to our private implmentation of Auth.
@@ -2656,6 +2891,74 @@ class Subscription {
2656
2891
  }
2657
2892
  }
2658
2893
 
2894
+ /**
2895
+ * @license
2896
+ * Copyright 2020 Google LLC
2897
+ *
2898
+ * Licensed under the Apache License, Version 2.0 (the "License");
2899
+ * you may not use this file except in compliance with the License.
2900
+ * You may obtain a copy of the License at
2901
+ *
2902
+ * http://www.apache.org/licenses/LICENSE-2.0
2903
+ *
2904
+ * Unless required by applicable law or agreed to in writing, software
2905
+ * distributed under the License is distributed on an "AS IS" BASIS,
2906
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2907
+ * See the License for the specific language governing permissions and
2908
+ * limitations under the License.
2909
+ */
2910
+ /**
2911
+ * Initializes an {@link Auth} instance with fine-grained control over
2912
+ * {@link Dependencies}.
2913
+ *
2914
+ * @remarks
2915
+ *
2916
+ * This function allows more control over the {@link Auth} instance than
2917
+ * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
2918
+ * the {@link Dependencies}. In general, `getAuth` is the easiest way to
2919
+ * initialize Auth and works for most use cases. Use `initializeAuth` if you
2920
+ * need control over which persistence layer is used, or to minimize bundle
2921
+ * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
2922
+ *
2923
+ * For example, if your app only uses anonymous accounts and you only want
2924
+ * accounts saved for the current session, initialize `Auth` with:
2925
+ *
2926
+ * ```js
2927
+ * const auth = initializeAuth(app, {
2928
+ * persistence: browserSessionPersistence,
2929
+ * popupRedirectResolver: undefined,
2930
+ * });
2931
+ * ```
2932
+ *
2933
+ * @public
2934
+ */
2935
+ function initializeAuth(app, deps) {
2936
+ const provider = _getProvider(app, 'auth');
2937
+ if (provider.isInitialized()) {
2938
+ const auth = provider.getImmediate();
2939
+ const initialOptions = provider.getOptions();
2940
+ if (deepEqual(initialOptions, deps !== null && deps !== void 0 ? deps : {})) {
2941
+ return auth;
2942
+ }
2943
+ else {
2944
+ _fail(auth, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */);
2945
+ }
2946
+ }
2947
+ const auth = provider.initialize({ options: deps });
2948
+ return auth;
2949
+ }
2950
+ function _initializeAuthInstance(auth, deps) {
2951
+ const persistence = (deps === null || deps === void 0 ? void 0 : deps.persistence) || [];
2952
+ const hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance);
2953
+ if (deps === null || deps === void 0 ? void 0 : deps.errorMap) {
2954
+ auth._updateErrorMap(deps.errorMap);
2955
+ }
2956
+ // This promise is intended to float; auth initialization happens in the
2957
+ // background, meanwhile the auth object may be used by the app.
2958
+ // eslint-disable-next-line @typescript-eslint/no-floating-promises
2959
+ auth._initializeWithPersistence(hierarchy, deps === null || deps === void 0 ? void 0 : deps.popupRedirectResolver);
2960
+ }
2961
+
2659
2962
  /**
2660
2963
  * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
2661
2964
  * Firebase Auth services.
@@ -2995,13 +3298,31 @@ class EmailAuthCredential extends AuthCredential {
2995
3298
  }
2996
3299
  /** @internal */
2997
3300
  async _getIdTokenResponse(auth) {
3301
+ var _a;
2998
3302
  switch (this.signInMethod) {
2999
3303
  case "password" /* SignInMethod.EMAIL_PASSWORD */:
3000
- return signInWithPassword(auth, {
3304
+ const request = {
3001
3305
  returnSecureToken: true,
3002
3306
  email: this._email,
3003
- password: this._password
3004
- });
3307
+ password: this._password,
3308
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
3309
+ };
3310
+ if ((_a = auth._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled) {
3311
+ const requestWithRecaptcha = await injectRecaptchaFields(auth, request, "signInWithPassword" /* RecaptchaActionName.SIGN_IN_WITH_PASSWORD */);
3312
+ return signInWithPassword(auth, requestWithRecaptcha);
3313
+ }
3314
+ else {
3315
+ return signInWithPassword(auth, request).catch(async (error) => {
3316
+ if (error.code === `auth/${"missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */}`) {
3317
+ console.log('Sign-in with email address and password is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.');
3318
+ const requestWithRecaptcha = await injectRecaptchaFields(auth, request, "signInWithPassword" /* RecaptchaActionName.SIGN_IN_WITH_PASSWORD */);
3319
+ return signInWithPassword(auth, requestWithRecaptcha);
3320
+ }
3321
+ else {
3322
+ return Promise.reject(error);
3323
+ }
3324
+ });
3325
+ }
3005
3326
  case "emailLink" /* SignInMethod.EMAIL_LINK */:
3006
3327
  return signInWithEmailLink$1(auth, {
3007
3328
  email: this._email,
@@ -4957,15 +5278,39 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
4957
5278
  * @public
4958
5279
  */
4959
5280
  async function sendPasswordResetEmail(auth, email, actionCodeSettings) {
4960
- const authModular = getModularInstance(auth);
5281
+ var _a;
5282
+ const authInternal = _castAuth(auth);
4961
5283
  const request = {
4962
5284
  requestType: "PASSWORD_RESET" /* ActionCodeOperation.PASSWORD_RESET */,
4963
- email
5285
+ email,
5286
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
4964
5287
  };
4965
- if (actionCodeSettings) {
4966
- _setActionCodeSettingsOnRequest(authModular, request, actionCodeSettings);
5288
+ if ((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled) {
5289
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true);
5290
+ if (actionCodeSettings) {
5291
+ _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
5292
+ }
5293
+ await sendPasswordResetEmail$1(authInternal, requestWithRecaptcha);
5294
+ }
5295
+ else {
5296
+ if (actionCodeSettings) {
5297
+ _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);
5298
+ }
5299
+ await sendPasswordResetEmail$1(authInternal, request)
5300
+ .catch(async (error) => {
5301
+ if (error.code === `auth/${"missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */}`) {
5302
+ console.log('Password resets are protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the password reset flow.');
5303
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true);
5304
+ if (actionCodeSettings) {
5305
+ _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
5306
+ }
5307
+ await sendPasswordResetEmail$1(authInternal, requestWithRecaptcha);
5308
+ }
5309
+ else {
5310
+ return Promise.reject(error);
5311
+ }
5312
+ });
4967
5313
  }
4968
- await sendPasswordResetEmail$1(authModular, request);
4969
5314
  }
4970
5315
  /**
4971
5316
  * Completes the password reset process, given a confirmation code and new password.
@@ -5078,11 +5423,33 @@ async function verifyPasswordResetCode(auth, code) {
5078
5423
  * @public
5079
5424
  */
5080
5425
  async function createUserWithEmailAndPassword(auth, email, password) {
5426
+ var _a;
5081
5427
  const authInternal = _castAuth(auth);
5082
- const response = await signUp(authInternal, {
5428
+ const request = {
5083
5429
  returnSecureToken: true,
5084
5430
  email,
5085
- password
5431
+ password,
5432
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
5433
+ };
5434
+ let signUpResponse;
5435
+ if ((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled) {
5436
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */);
5437
+ signUpResponse = signUp(authInternal, requestWithRecaptcha);
5438
+ }
5439
+ else {
5440
+ signUpResponse = signUp(authInternal, request).catch(async (error) => {
5441
+ if (error.code === `auth/${"missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */}`) {
5442
+ console.log('Sign-up is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-up flow.');
5443
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */);
5444
+ return signUp(authInternal, requestWithRecaptcha);
5445
+ }
5446
+ else {
5447
+ return Promise.reject(error);
5448
+ }
5449
+ });
5450
+ }
5451
+ const response = await signUpResponse.catch(error => {
5452
+ return Promise.reject(error);
5086
5453
  });
5087
5454
  const userCredential = await UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response);
5088
5455
  await authInternal._updateCurrentUser(userCredential.user);
@@ -5163,16 +5530,39 @@ function signInWithEmailAndPassword(auth, email, password) {
5163
5530
  * @public
5164
5531
  */
5165
5532
  async function sendSignInLinkToEmail(auth, email, actionCodeSettings) {
5166
- const authModular = getModularInstance(auth);
5533
+ var _a;
5534
+ const authInternal = _castAuth(auth);
5167
5535
  const request = {
5168
5536
  requestType: "EMAIL_SIGNIN" /* ActionCodeOperation.EMAIL_SIGNIN */,
5169
- email
5537
+ email,
5538
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
5170
5539
  };
5171
- _assert(actionCodeSettings.handleCodeInApp, authModular, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
5172
- if (actionCodeSettings) {
5173
- _setActionCodeSettingsOnRequest(authModular, request, actionCodeSettings);
5540
+ function setActionCodeSettings(request, actionCodeSettings) {
5541
+ _assert(actionCodeSettings.handleCodeInApp, authInternal, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
5542
+ if (actionCodeSettings) {
5543
+ _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);
5544
+ }
5545
+ }
5546
+ if ((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled) {
5547
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true);
5548
+ setActionCodeSettings(requestWithRecaptcha, actionCodeSettings);
5549
+ await sendSignInLinkToEmail$1(authInternal, requestWithRecaptcha);
5550
+ }
5551
+ else {
5552
+ setActionCodeSettings(request, actionCodeSettings);
5553
+ await sendSignInLinkToEmail$1(authInternal, request)
5554
+ .catch(async (error) => {
5555
+ if (error.code === `auth/${"missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */}`) {
5556
+ console.log('Email link sign-in is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.');
5557
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true);
5558
+ setActionCodeSettings(requestWithRecaptcha, actionCodeSettings);
5559
+ await sendSignInLinkToEmail$1(authInternal, requestWithRecaptcha);
5560
+ }
5561
+ else {
5562
+ return Promise.reject(error);
5563
+ }
5564
+ });
5174
5565
  }
5175
- await sendSignInLinkToEmail$1(authModular, request);
5176
5566
  }
5177
5567
  /**
5178
5568
  * Checks if an incoming link is a sign-in with email link suitable for {@link signInWithEmailLink}.
@@ -5667,11 +6057,41 @@ function getAdditionalUserInfo(userCredential) {
5667
6057
  function setPersistence(auth, persistence) {
5668
6058
  return getModularInstance(auth).setPersistence(persistence);
5669
6059
  }
6060
+ /**
6061
+ * Loads the reCAPTCHA configuration into the `Auth` instance.
6062
+ *
6063
+ * @remarks
6064
+ * This will load the reCAPTCHA config, which indicates whether the reCAPTCHA
6065
+ * verification flow should be triggered for each auth provider, into the
6066
+ * current Auth session.
6067
+ *
6068
+ * If initializeRecaptchaConfig() is not invoked, the auth flow will always start
6069
+ * without reCAPTCHA verification. If the provider is configured to require reCAPTCHA
6070
+ * verification, the SDK will transparently load the reCAPTCHA config and restart the
6071
+ * auth flows.
6072
+ *
6073
+ * Thus, by calling this optional method, you will reduce the latency of future auth flows.
6074
+ * Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.
6075
+ *
6076
+ * @example
6077
+ * ```javascript
6078
+ * initializeRecaptchaConfig(auth);
6079
+ * ```
6080
+ *
6081
+ * @param auth - The {@link Auth} instance.
6082
+ *
6083
+ * @public
6084
+ */
6085
+ function initializeRecaptchaConfig(auth) {
6086
+ const authInternal = _castAuth(auth);
6087
+ return authInternal.initializeRecaptchaConfig();
6088
+ }
5670
6089
  /**
5671
6090
  * Adds an observer for changes to the signed-in user's ID token.
5672
6091
  *
5673
6092
  * @remarks
5674
6093
  * This includes sign-in, sign-out, and token refresh events.
6094
+ * This will not be triggered automatically upon ID token expiration. Use {@link User.getIdToken} to refresh the ID token.
5675
6095
  *
5676
6096
  * @param auth - The {@link Auth} instance.
5677
6097
  * @param nextOrObserver - callback triggered on change.
@@ -5979,7 +6399,7 @@ function multiFactor(user) {
5979
6399
  }
5980
6400
 
5981
6401
  var name = "@firebase/auth";
5982
- var version = "0.21.6";
6402
+ var version = "0.22.0-canary.1d6771eb3";
5983
6403
 
5984
6404
  /**
5985
6405
  * @license
@@ -6085,26 +6505,25 @@ function registerAuth(clientPlatform) {
6085
6505
  _registerComponent(new Component("auth" /* _ComponentName.AUTH */, (container, { options: deps }) => {
6086
6506
  const app = container.getProvider('app').getImmediate();
6087
6507
  const heartbeatServiceProvider = container.getProvider('heartbeat');
6508
+ const appCheckServiceProvider = container.getProvider('app-check-internal');
6088
6509
  const { apiKey, authDomain } = app.options;
6089
- return ((app, heartbeatServiceProvider) => {
6090
- _assert(apiKey && !apiKey.includes(':'), "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */, { appName: app.name });
6091
- // Auth domain is optional if IdP sign in isn't being used
6092
- _assert(!(authDomain === null || authDomain === void 0 ? void 0 : authDomain.includes(':')), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, {
6093
- appName: app.name
6094
- });
6095
- const config = {
6096
- apiKey,
6097
- authDomain,
6098
- clientPlatform,
6099
- apiHost: "identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */,
6100
- tokenApiHost: "securetoken.googleapis.com" /* DefaultConfig.TOKEN_API_HOST */,
6101
- apiScheme: "https" /* DefaultConfig.API_SCHEME */,
6102
- sdkClientVersion: _getClientVersion(clientPlatform)
6103
- };
6104
- const authInstance = new AuthImpl(app, heartbeatServiceProvider, config);
6105
- _initializeAuthInstance(authInstance, deps);
6106
- return authInstance;
6107
- })(app, heartbeatServiceProvider);
6510
+ _assert(apiKey && !apiKey.includes(':'), "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */, { appName: app.name });
6511
+ // Auth domain is optional if IdP sign in isn't being used
6512
+ _assert(!(authDomain === null || authDomain === void 0 ? void 0 : authDomain.includes(':')), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, {
6513
+ appName: app.name
6514
+ });
6515
+ const config = {
6516
+ apiKey,
6517
+ authDomain,
6518
+ clientPlatform,
6519
+ apiHost: "identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */,
6520
+ tokenApiHost: "securetoken.googleapis.com" /* DefaultConfig.TOKEN_API_HOST */,
6521
+ apiScheme: "https" /* DefaultConfig.API_SCHEME */,
6522
+ sdkClientVersion: _getClientVersion(clientPlatform)
6523
+ };
6524
+ const authInstance = new AuthImpl(app, heartbeatServiceProvider, appCheckServiceProvider, config);
6525
+ _initializeAuthInstance(authInstance, deps);
6526
+ return authInstance;
6108
6527
  }, "PUBLIC" /* ComponentType.PUBLIC */)
6109
6528
  /**
6110
6529
  * Auth can only be initialized by explicitly calling getAuth() or initializeAuth()
@@ -6392,5 +6811,5 @@ function _isEmptyString(input) {
6392
6811
  return typeof input === 'undefined' || (input === null || input === void 0 ? void 0 : input.length) === 0;
6393
6812
  }
6394
6813
 
6395
- export { linkWithCredential as $, ActionCodeOperation as A, deleteUser as B, debugErrorMap as C, prodErrorMap as D, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as E, FactorId as F, initializeAuth as G, connectAuthEmulator as H, AuthCredential as I, EmailAuthCredential as J, OAuthCredential as K, PhoneAuthCredential as L, inMemoryPersistence as M, EmailAuthProvider as N, OperationType as O, PhoneAuthProvider as P, FacebookAuthProvider as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, GoogleAuthProvider as U, GithubAuthProvider as V, OAuthProvider as W, SAMLAuthProvider as X, TwitterAuthProvider as Y, signInAnonymously as Z, signInWithCredential as _, browserSessionPersistence as a, reauthenticateWithCredential as a0, signInWithCustomToken as a1, sendPasswordResetEmail as a2, confirmPasswordReset as a3, applyActionCode as a4, checkActionCode as a5, verifyPasswordResetCode as a6, createUserWithEmailAndPassword as a7, signInWithEmailAndPassword as a8, sendSignInLinkToEmail as a9, _castAuth as aA, FederatedAuthProvider as aB, BaseOAuthProvider as aC, _emulatorUrl as aD, _performApiRequest as aE, _isIOS as aF, _isAndroid as aG, _isIOS7Or8 as aH, _createError as aI, _isIframe as aJ, _isMobileBrowser as aK, _isIE10 as aL, _isSafari as aM, UserImpl as aN, AuthImpl as aO, _getClientVersion as aP, FetchProvider as aQ, SAMLAuthCredential as aR, isSignInWithEmailLink as aa, signInWithEmailLink as ab, fetchSignInMethodsForEmail as ac, sendEmailVerification as ad, verifyBeforeUpdateEmail as ae, ActionCodeURL as af, parseActionCodeURL as ag, updateProfile as ah, updateEmail as ai, updatePassword as aj, getIdToken as ak, getIdTokenResult as al, unlink as am, getAdditionalUserInfo as an, reload as ao, getMultiFactorResolver as ap, multiFactor as aq, _getInstance as ar, _assert as as, _signInWithCredential as at, _reauthenticate as au, _link as av, signInWithIdp as aw, _fail as ax, debugAssert as ay, _persistenceKeyName as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, onIdTokenChanged as t, updatePhoneNumber as u, beforeAuthStateChanged as v, onAuthStateChanged as w, useDeviceLanguage as x, updateCurrentUser as y, signOut as z };
6396
- //# sourceMappingURL=totp-7b645f19.js.map
6814
+ export { signInWithCredential as $, ActionCodeOperation as A, signOut as B, deleteUser as C, debugErrorMap as D, prodErrorMap as E, FactorId as F, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as G, initializeAuth as H, connectAuthEmulator as I, AuthCredential as J, EmailAuthCredential as K, OAuthCredential as L, PhoneAuthCredential as M, inMemoryPersistence as N, OperationType as O, PhoneAuthProvider as P, EmailAuthProvider as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, FacebookAuthProvider as U, GoogleAuthProvider as V, GithubAuthProvider as W, OAuthProvider as X, SAMLAuthProvider as Y, TwitterAuthProvider as Z, signInAnonymously as _, browserSessionPersistence as a, linkWithCredential as a0, reauthenticateWithCredential as a1, signInWithCustomToken as a2, sendPasswordResetEmail as a3, confirmPasswordReset as a4, applyActionCode as a5, checkActionCode as a6, verifyPasswordResetCode as a7, createUserWithEmailAndPassword as a8, signInWithEmailAndPassword as a9, _persistenceKeyName as aA, _castAuth as aB, FederatedAuthProvider as aC, BaseOAuthProvider as aD, _emulatorUrl as aE, _performApiRequest as aF, _isIOS as aG, _isAndroid as aH, _isIOS7Or8 as aI, _createError as aJ, _isIframe as aK, _isMobileBrowser as aL, _isIE10 as aM, _isSafari as aN, UserImpl as aO, AuthImpl as aP, _getClientVersion as aQ, FetchProvider as aR, SAMLAuthCredential as aS, sendSignInLinkToEmail as aa, isSignInWithEmailLink as ab, signInWithEmailLink as ac, fetchSignInMethodsForEmail as ad, sendEmailVerification as ae, verifyBeforeUpdateEmail as af, ActionCodeURL as ag, parseActionCodeURL as ah, updateProfile as ai, updateEmail as aj, updatePassword as ak, getIdToken as al, getIdTokenResult as am, unlink as an, getAdditionalUserInfo as ao, reload as ap, getMultiFactorResolver as aq, multiFactor as ar, _getInstance as as, _assert as at, _signInWithCredential as au, _reauthenticate as av, _link as aw, signInWithIdp as ax, _fail as ay, debugAssert as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, initializeRecaptchaConfig as t, updatePhoneNumber as u, onIdTokenChanged as v, beforeAuthStateChanged as w, onAuthStateChanged as x, useDeviceLanguage as y, updateCurrentUser as z };
6815
+ //# sourceMappingURL=totp-aee19ee4.js.map