@firebase/auth 0.21.6 → 0.22.0-canary.1d6771eb3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (218) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/README.md +5 -0
  3. package/dist/auth-public.d.ts +59 -3
  4. package/dist/auth.d.ts +74 -13
  5. package/dist/browser-cjs/{index-39443020.js → index-7393ca6a.js} +593 -208
  6. package/dist/browser-cjs/index-7393ca6a.js.map +1 -0
  7. package/dist/browser-cjs/index.js +3 -2
  8. package/dist/browser-cjs/index.js.map +1 -1
  9. package/dist/browser-cjs/internal.js +3 -2
  10. package/dist/browser-cjs/internal.js.map +1 -1
  11. package/dist/browser-cjs/src/api/authentication/email_and_password.d.ts +9 -0
  12. package/dist/browser-cjs/src/api/authentication/recaptcha.d.ts +16 -0
  13. package/dist/browser-cjs/src/api/authentication/sign_up.d.ts +4 -0
  14. package/dist/browser-cjs/src/api/errors.d.ts +9 -1
  15. package/dist/browser-cjs/src/api/index.d.ts +17 -2
  16. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +9 -1
  17. package/dist/browser-cjs/src/core/errors.d.ts +18 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +27 -0
  19. package/dist/browser-cjs/src/core/util/handler.d.ts +1 -1
  20. package/dist/browser-cjs/src/core/util/log.d.ts +1 -0
  21. package/dist/browser-cjs/src/mfa/assertions/totp.d.ts +2 -2
  22. package/dist/browser-cjs/src/model/auth.d.ts +6 -0
  23. package/dist/browser-cjs/src/platform_browser/auth_window.d.ts +2 -2
  24. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  25. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  26. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  27. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  28. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  29. package/dist/browser-cjs/src/platform_browser/strategies/popup.d.ts +1 -1
  30. package/dist/browser-cjs/test/helpers/api/helper.d.ts +2 -0
  31. package/dist/browser-cjs/test/helpers/mock_auth.d.ts +5 -0
  32. package/dist/cordova/index.js +2 -2
  33. package/dist/cordova/internal.js +21 -77
  34. package/dist/cordova/internal.js.map +1 -1
  35. package/dist/cordova/{popup_redirect-8b388294.js → popup_redirect-eae95465.js} +781 -215
  36. package/dist/cordova/popup_redirect-eae95465.js.map +1 -0
  37. package/dist/cordova/src/api/authentication/email_and_password.d.ts +9 -0
  38. package/dist/cordova/src/api/authentication/recaptcha.d.ts +16 -0
  39. package/dist/cordova/src/api/authentication/sign_up.d.ts +4 -0
  40. package/dist/cordova/src/api/errors.d.ts +9 -1
  41. package/dist/cordova/src/api/index.d.ts +17 -2
  42. package/dist/cordova/src/core/auth/auth_impl.d.ts +9 -1
  43. package/dist/cordova/src/core/errors.d.ts +18 -1
  44. package/dist/cordova/src/core/index.d.ts +27 -0
  45. package/dist/cordova/src/core/util/handler.d.ts +1 -1
  46. package/dist/cordova/src/core/util/log.d.ts +1 -0
  47. package/dist/cordova/src/mfa/assertions/totp.d.ts +2 -2
  48. package/dist/cordova/src/model/auth.d.ts +6 -0
  49. package/dist/cordova/src/platform_browser/auth_window.d.ts +2 -2
  50. package/dist/cordova/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  51. package/dist/cordova/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  52. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  53. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  54. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  55. package/dist/cordova/src/platform_browser/strategies/popup.d.ts +1 -1
  56. package/dist/cordova/test/helpers/api/helper.d.ts +2 -0
  57. package/dist/cordova/test/helpers/mock_auth.d.ts +5 -0
  58. package/dist/esm2017/{index-2d01563f.js → index-1124980d.js} +594 -210
  59. package/dist/esm2017/index-1124980d.js.map +1 -0
  60. package/dist/esm2017/index.js +2 -2
  61. package/dist/esm2017/internal.js +3 -3
  62. package/dist/esm2017/src/api/authentication/email_and_password.d.ts +9 -0
  63. package/dist/esm2017/src/api/authentication/recaptcha.d.ts +16 -0
  64. package/dist/esm2017/src/api/authentication/sign_up.d.ts +4 -0
  65. package/dist/esm2017/src/api/errors.d.ts +9 -1
  66. package/dist/esm2017/src/api/index.d.ts +17 -2
  67. package/dist/esm2017/src/core/auth/auth_impl.d.ts +9 -1
  68. package/dist/esm2017/src/core/errors.d.ts +18 -1
  69. package/dist/esm2017/src/core/index.d.ts +27 -0
  70. package/dist/esm2017/src/core/util/handler.d.ts +1 -1
  71. package/dist/esm2017/src/core/util/log.d.ts +1 -0
  72. package/dist/esm2017/src/mfa/assertions/totp.d.ts +2 -2
  73. package/dist/esm2017/src/model/auth.d.ts +6 -0
  74. package/dist/esm2017/src/platform_browser/auth_window.d.ts +2 -2
  75. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  76. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  77. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  78. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  79. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  80. package/dist/esm2017/src/platform_browser/strategies/popup.d.ts +1 -1
  81. package/dist/esm2017/test/helpers/api/helper.d.ts +2 -0
  82. package/dist/esm2017/test/helpers/mock_auth.d.ts +5 -0
  83. package/dist/esm5/{index-44fc929c.js → index-169fb84f.js} +800 -290
  84. package/dist/esm5/index-169fb84f.js.map +1 -0
  85. package/dist/esm5/index.js +1 -1
  86. package/dist/esm5/internal.js +2 -2
  87. package/dist/esm5/src/api/authentication/email_and_password.d.ts +9 -0
  88. package/dist/esm5/src/api/authentication/recaptcha.d.ts +16 -0
  89. package/dist/esm5/src/api/authentication/sign_up.d.ts +4 -0
  90. package/dist/esm5/src/api/errors.d.ts +9 -1
  91. package/dist/esm5/src/api/index.d.ts +17 -2
  92. package/dist/esm5/src/core/auth/auth_impl.d.ts +9 -1
  93. package/dist/esm5/src/core/errors.d.ts +18 -1
  94. package/dist/esm5/src/core/index.d.ts +27 -0
  95. package/dist/esm5/src/core/util/handler.d.ts +1 -1
  96. package/dist/esm5/src/core/util/log.d.ts +1 -0
  97. package/dist/esm5/src/mfa/assertions/totp.d.ts +2 -2
  98. package/dist/esm5/src/model/auth.d.ts +6 -0
  99. package/dist/esm5/src/platform_browser/auth_window.d.ts +2 -2
  100. package/dist/esm5/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  101. package/dist/esm5/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  102. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  103. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  104. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  105. package/dist/esm5/src/platform_browser/strategies/popup.d.ts +1 -1
  106. package/dist/esm5/test/helpers/api/helper.d.ts +2 -0
  107. package/dist/esm5/test/helpers/mock_auth.d.ts +5 -0
  108. package/dist/index.webworker.esm5.js +605 -75
  109. package/dist/index.webworker.esm5.js.map +1 -1
  110. package/dist/node/index.js +2 -1
  111. package/dist/node/index.js.map +1 -1
  112. package/dist/node/internal.js +62 -42
  113. package/dist/node/internal.js.map +1 -1
  114. package/dist/node/src/api/authentication/email_and_password.d.ts +9 -0
  115. package/dist/node/src/api/authentication/recaptcha.d.ts +16 -0
  116. package/dist/node/src/api/authentication/sign_up.d.ts +4 -0
  117. package/dist/node/src/api/errors.d.ts +9 -1
  118. package/dist/node/src/api/index.d.ts +17 -2
  119. package/dist/node/src/core/auth/auth_impl.d.ts +9 -1
  120. package/dist/node/src/core/errors.d.ts +18 -1
  121. package/dist/node/src/core/index.d.ts +27 -0
  122. package/dist/node/src/core/util/handler.d.ts +1 -1
  123. package/dist/node/src/core/util/log.d.ts +1 -0
  124. package/dist/node/src/mfa/assertions/totp.d.ts +2 -2
  125. package/dist/node/src/model/auth.d.ts +6 -0
  126. package/dist/node/src/platform_browser/auth_window.d.ts +2 -2
  127. package/dist/node/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  128. package/dist/node/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  129. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  130. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  131. package/dist/node/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  132. package/dist/node/src/platform_browser/strategies/popup.d.ts +1 -1
  133. package/dist/node/test/helpers/api/helper.d.ts +2 -0
  134. package/dist/node/test/helpers/mock_auth.d.ts +5 -0
  135. package/dist/node/{totp-5e73d8e7.js → totp-13fce87f.js} +703 -172
  136. package/dist/node/totp-13fce87f.js.map +1 -0
  137. package/dist/node-esm/index.js +1 -1
  138. package/dist/node-esm/internal.js +16 -4
  139. package/dist/node-esm/internal.js.map +1 -1
  140. package/dist/node-esm/src/api/authentication/email_and_password.d.ts +9 -0
  141. package/dist/node-esm/src/api/authentication/recaptcha.d.ts +16 -0
  142. package/dist/node-esm/src/api/authentication/sign_up.d.ts +4 -0
  143. package/dist/node-esm/src/api/errors.d.ts +9 -1
  144. package/dist/node-esm/src/api/index.d.ts +17 -2
  145. package/dist/node-esm/src/core/auth/auth_impl.d.ts +9 -1
  146. package/dist/node-esm/src/core/errors.d.ts +18 -1
  147. package/dist/node-esm/src/core/index.d.ts +27 -0
  148. package/dist/node-esm/src/core/util/handler.d.ts +1 -1
  149. package/dist/node-esm/src/core/util/log.d.ts +1 -0
  150. package/dist/node-esm/src/mfa/assertions/totp.d.ts +2 -2
  151. package/dist/node-esm/src/model/auth.d.ts +6 -0
  152. package/dist/node-esm/src/platform_browser/auth_window.d.ts +2 -2
  153. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  154. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  155. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  156. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  157. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  158. package/dist/node-esm/src/platform_browser/strategies/popup.d.ts +1 -1
  159. package/dist/node-esm/test/helpers/api/helper.d.ts +2 -0
  160. package/dist/node-esm/test/helpers/mock_auth.d.ts +5 -0
  161. package/dist/node-esm/{totp-7b645f19.js → totp-aee19ee4.js} +560 -141
  162. package/dist/node-esm/totp-aee19ee4.js.map +1 -0
  163. package/dist/rn/index.js +2 -1
  164. package/dist/rn/index.js.map +1 -1
  165. package/dist/rn/internal.js +79 -48
  166. package/dist/rn/internal.js.map +1 -1
  167. package/dist/rn/{phone-ec210006.js → phone-26700494.js} +741 -260
  168. package/dist/rn/phone-26700494.js.map +1 -0
  169. package/dist/rn/src/api/authentication/email_and_password.d.ts +9 -0
  170. package/dist/rn/src/api/authentication/recaptcha.d.ts +16 -0
  171. package/dist/rn/src/api/authentication/sign_up.d.ts +4 -0
  172. package/dist/rn/src/api/errors.d.ts +9 -1
  173. package/dist/rn/src/api/index.d.ts +17 -2
  174. package/dist/rn/src/core/auth/auth_impl.d.ts +9 -1
  175. package/dist/rn/src/core/errors.d.ts +18 -1
  176. package/dist/rn/src/core/index.d.ts +27 -0
  177. package/dist/rn/src/core/util/handler.d.ts +1 -1
  178. package/dist/rn/src/core/util/log.d.ts +1 -0
  179. package/dist/rn/src/mfa/assertions/totp.d.ts +2 -2
  180. package/dist/rn/src/model/auth.d.ts +6 -0
  181. package/dist/rn/src/platform_browser/auth_window.d.ts +2 -2
  182. package/dist/rn/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  183. package/dist/rn/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  184. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  185. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  186. package/dist/rn/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  187. package/dist/rn/src/platform_browser/strategies/popup.d.ts +1 -1
  188. package/dist/rn/test/helpers/api/helper.d.ts +2 -0
  189. package/dist/rn/test/helpers/mock_auth.d.ts +5 -0
  190. package/dist/src/api/authentication/email_and_password.d.ts +9 -0
  191. package/dist/src/api/authentication/recaptcha.d.ts +16 -0
  192. package/dist/src/api/authentication/sign_up.d.ts +4 -0
  193. package/dist/src/api/errors.d.ts +9 -1
  194. package/dist/src/api/index.d.ts +17 -2
  195. package/dist/src/core/auth/auth_impl.d.ts +9 -1
  196. package/dist/src/core/errors.d.ts +18 -1
  197. package/dist/src/core/index.d.ts +27 -0
  198. package/dist/src/core/util/handler.d.ts +1 -1
  199. package/dist/src/core/util/log.d.ts +1 -0
  200. package/dist/src/mfa/assertions/totp.d.ts +2 -2
  201. package/dist/src/model/auth.d.ts +6 -0
  202. package/dist/src/platform_browser/auth_window.d.ts +2 -2
  203. package/dist/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  204. package/dist/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  205. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  206. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  207. package/dist/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  208. package/dist/src/platform_browser/strategies/popup.d.ts +1 -1
  209. package/dist/test/helpers/api/helper.d.ts +2 -0
  210. package/dist/test/helpers/mock_auth.d.ts +5 -0
  211. package/package.json +6 -6
  212. package/dist/browser-cjs/index-39443020.js.map +0 -1
  213. package/dist/cordova/popup_redirect-8b388294.js.map +0 -1
  214. package/dist/esm2017/index-2d01563f.js.map +0 -1
  215. package/dist/esm5/index-44fc929c.js.map +0 -1
  216. package/dist/node/totp-5e73d8e7.js.map +0 -1
  217. package/dist/node-esm/totp-7b645f19.js.map +0 -1
  218. package/dist/rn/phone-ec210006.js.map +0 -1
@@ -1,5 +1,5 @@
1
1
  import { __awaiter, __generator, __spreadArray, __assign, __rest, __extends } from 'tslib';
2
- import { ErrorFactory, deepEqual, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, isIE, getUA, createSubscribe, querystringDecode, extractQuerystring, isEmpty } from '@firebase/util';
2
+ import { ErrorFactory, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, isIE, getUA, createSubscribe, deepEqual, querystringDecode, extractQuerystring, isEmpty } from '@firebase/util';
3
3
  import { SDK_VERSION, _getProvider, _registerComponent, registerVersion } from '@firebase/app';
4
4
  import { Component } from '@firebase/component';
5
5
  import { Logger, LogLevel } from '@firebase/logger';
@@ -1028,6 +1028,7 @@ function _debugErrorMap() {
1028
1028
  _a["missing-or-invalid-nonce" /* AuthErrorCode.MISSING_OR_INVALID_NONCE */] = 'The request does not contain a valid nonce. This can occur if the ' +
1029
1029
  'SHA-256 hash of the provided raw nonce does not match the hashed nonce ' +
1030
1030
  'in the ID token payload.',
1031
+ _a["missing-password" /* AuthErrorCode.MISSING_PASSWORD */] = 'A non-empty password must be provided',
1031
1032
  _a["missing-multi-factor-info" /* AuthErrorCode.MISSING_MFA_INFO */] = 'No second factor identifier is provided.',
1032
1033
  _a["missing-multi-factor-session" /* AuthErrorCode.MISSING_MFA_SESSION */] = 'The request is missing proof of first factor successful sign-in.',
1033
1034
  _a["missing-phone-number" /* AuthErrorCode.MISSING_PHONE_NUMBER */] = 'To send verification codes, provide a phone number for the recipient.',
@@ -1081,6 +1082,14 @@ function _debugErrorMap() {
1081
1082
  'different options. To avoid this error, call initializeAuth() with the ' +
1082
1083
  'same options as when it was originally called, or call getAuth() to return the' +
1083
1084
  ' already initialized instance.',
1085
+ _a["missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */] = 'The reCAPTCHA token is missing when sending request to the backend.',
1086
+ _a["invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */] = 'The reCAPTCHA token is invalid when sending request to the backend.',
1087
+ _a["invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */] = 'The reCAPTCHA action is invalid when sending request to the backend.',
1088
+ _a["recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */] = 'reCAPTCHA Enterprise integration is not enabled for this project.',
1089
+ _a["missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */] = 'The reCAPTCHA client type is missing when sending request to the backend.',
1090
+ _a["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is missing when sending request to the backend.',
1091
+ _a["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */] = 'Invalid request parameters.',
1092
+ _a["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is invalid when sending request to the backend.',
1084
1093
  _a;
1085
1094
  }
1086
1095
  function _prodErrorMap() {
@@ -1217,7 +1226,15 @@ var AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
1217
1226
  USER_SIGNED_OUT: 'auth/user-signed-out',
1218
1227
  WEAK_PASSWORD: 'auth/weak-password',
1219
1228
  WEB_STORAGE_UNSUPPORTED: 'auth/web-storage-unsupported',
1220
- ALREADY_INITIALIZED: 'auth/already-initialized'
1229
+ ALREADY_INITIALIZED: 'auth/already-initialized',
1230
+ RECAPTCHA_NOT_ENABLED: 'auth/recaptcha-not-enabled',
1231
+ MISSING_RECAPTCHA_TOKEN: 'auth/missing-recaptcha-token',
1232
+ INVALID_RECAPTCHA_TOKEN: 'auth/invalid-recaptcha-token',
1233
+ INVALID_RECAPTCHA_ACTION: 'auth/invalid-recaptcha-action',
1234
+ MISSING_CLIENT_TYPE: 'auth/missing-client-type',
1235
+ MISSING_RECAPTCHA_VERSION: 'auth/missing-recaptcha-version',
1236
+ INVALID_RECAPTCHA_VERSION: 'auth/invalid-recaptcha-version',
1237
+ INVALID_REQ_TYPE: 'auth/invalid-req-type'
1221
1238
  };
1222
1239
 
1223
1240
  /**
@@ -1237,6 +1254,15 @@ var AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
1237
1254
  * limitations under the License.
1238
1255
  */
1239
1256
  var logClient = new Logger('@firebase/auth');
1257
+ function _logWarn(msg) {
1258
+ var args = [];
1259
+ for (var _i = 1; _i < arguments.length; _i++) {
1260
+ args[_i - 1] = arguments[_i];
1261
+ }
1262
+ if (logClient.logLevel <= LogLevel.WARN) {
1263
+ logClient.warn.apply(logClient, __spreadArray(["Auth (".concat(SDK_VERSION, "): ").concat(msg)], args, false));
1264
+ }
1265
+ }
1240
1266
  function _logError(msg) {
1241
1267
  var args = [];
1242
1268
  for (var _i = 1; _i < arguments.length; _i++) {
@@ -1349,103 +1375,6 @@ function debugAssert(assertion, message) {
1349
1375
  }
1350
1376
  }
1351
1377
 
1352
- /**
1353
- * @license
1354
- * Copyright 2020 Google LLC
1355
- *
1356
- * Licensed under the Apache License, Version 2.0 (the "License");
1357
- * you may not use this file except in compliance with the License.
1358
- * You may obtain a copy of the License at
1359
- *
1360
- * http://www.apache.org/licenses/LICENSE-2.0
1361
- *
1362
- * Unless required by applicable law or agreed to in writing, software
1363
- * distributed under the License is distributed on an "AS IS" BASIS,
1364
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1365
- * See the License for the specific language governing permissions and
1366
- * limitations under the License.
1367
- */
1368
- var instanceCache = new Map();
1369
- function _getInstance(cls) {
1370
- debugAssert(cls instanceof Function, 'Expected a class definition');
1371
- var instance = instanceCache.get(cls);
1372
- if (instance) {
1373
- debugAssert(instance instanceof cls, 'Instance stored in cache mismatched with class');
1374
- return instance;
1375
- }
1376
- instance = new cls();
1377
- instanceCache.set(cls, instance);
1378
- return instance;
1379
- }
1380
-
1381
- /**
1382
- * @license
1383
- * Copyright 2020 Google LLC
1384
- *
1385
- * Licensed under the Apache License, Version 2.0 (the "License");
1386
- * you may not use this file except in compliance with the License.
1387
- * You may obtain a copy of the License at
1388
- *
1389
- * http://www.apache.org/licenses/LICENSE-2.0
1390
- *
1391
- * Unless required by applicable law or agreed to in writing, software
1392
- * distributed under the License is distributed on an "AS IS" BASIS,
1393
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1394
- * See the License for the specific language governing permissions and
1395
- * limitations under the License.
1396
- */
1397
- /**
1398
- * Initializes an {@link Auth} instance with fine-grained control over
1399
- * {@link Dependencies}.
1400
- *
1401
- * @remarks
1402
- *
1403
- * This function allows more control over the {@link Auth} instance than
1404
- * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
1405
- * the {@link Dependencies}. In general, `getAuth` is the easiest way to
1406
- * initialize Auth and works for most use cases. Use `initializeAuth` if you
1407
- * need control over which persistence layer is used, or to minimize bundle
1408
- * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
1409
- *
1410
- * For example, if your app only uses anonymous accounts and you only want
1411
- * accounts saved for the current session, initialize `Auth` with:
1412
- *
1413
- * ```js
1414
- * const auth = initializeAuth(app, {
1415
- * persistence: browserSessionPersistence,
1416
- * popupRedirectResolver: undefined,
1417
- * });
1418
- * ```
1419
- *
1420
- * @public
1421
- */
1422
- function initializeAuth(app, deps) {
1423
- var provider = _getProvider(app, 'auth');
1424
- if (provider.isInitialized()) {
1425
- var auth_1 = provider.getImmediate();
1426
- var initialOptions = provider.getOptions();
1427
- if (deepEqual(initialOptions, deps !== null && deps !== void 0 ? deps : {})) {
1428
- return auth_1;
1429
- }
1430
- else {
1431
- _fail(auth_1, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */);
1432
- }
1433
- }
1434
- var auth = provider.initialize({ options: deps });
1435
- return auth;
1436
- }
1437
- function _initializeAuthInstance(auth, deps) {
1438
- var persistence = (deps === null || deps === void 0 ? void 0 : deps.persistence) || [];
1439
- var hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance);
1440
- if (deps === null || deps === void 0 ? void 0 : deps.errorMap) {
1441
- auth._updateErrorMap(deps.errorMap);
1442
- }
1443
- // This promise is intended to float; auth initialization happens in the
1444
- // background, meanwhile the auth object may be used by the app.
1445
- // eslint-disable-next-line @typescript-eslint/no-floating-promises
1446
- auth._initializeWithPersistence(hierarchy, deps === null || deps === void 0 ? void 0 : deps.popupRedirectResolver);
1447
- }
1448
-
1449
1378
  /**
1450
1379
  * @license
1451
1380
  * Copyright 2020 Google LLC
@@ -1682,7 +1611,7 @@ var SERVER_ERROR_MAP = (_a$1 = {},
1682
1611
  // Sign in with email and password errors (some apply to sign up too).
1683
1612
  _a$1["INVALID_PASSWORD" /* ServerError.INVALID_PASSWORD */] = "wrong-password" /* AuthErrorCode.INVALID_PASSWORD */,
1684
1613
  // This can only happen if the SDK sends a bad request.
1685
- _a$1["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */] = "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
1614
+ _a$1["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */] = "missing-password" /* AuthErrorCode.MISSING_PASSWORD */,
1686
1615
  // Sign up with email and password errors.
1687
1616
  _a$1["EMAIL_EXISTS" /* ServerError.EMAIL_EXISTS */] = "email-already-in-use" /* AuthErrorCode.EMAIL_EXISTS */,
1688
1617
  _a$1["PASSWORD_LOGIN_DISABLED" /* ServerError.PASSWORD_LOGIN_DISABLED */] = "operation-not-allowed" /* AuthErrorCode.OPERATION_NOT_ALLOWED */,
@@ -1730,6 +1659,15 @@ var SERVER_ERROR_MAP = (_a$1 = {},
1730
1659
  _a$1["SECOND_FACTOR_LIMIT_EXCEEDED" /* ServerError.SECOND_FACTOR_LIMIT_EXCEEDED */] = "maximum-second-factor-count-exceeded" /* AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED */,
1731
1660
  // Blocking functions related errors.
1732
1661
  _a$1["BLOCKING_FUNCTION_ERROR_RESPONSE" /* ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE */] = "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
1662
+ // Recaptcha related errors.
1663
+ _a$1["RECAPTCHA_NOT_ENABLED" /* ServerError.RECAPTCHA_NOT_ENABLED */] = "recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */,
1664
+ _a$1["MISSING_RECAPTCHA_TOKEN" /* ServerError.MISSING_RECAPTCHA_TOKEN */] = "missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */,
1665
+ _a$1["INVALID_RECAPTCHA_TOKEN" /* ServerError.INVALID_RECAPTCHA_TOKEN */] = "invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */,
1666
+ _a$1["INVALID_RECAPTCHA_ACTION" /* ServerError.INVALID_RECAPTCHA_ACTION */] = "invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */,
1667
+ _a$1["MISSING_CLIENT_TYPE" /* ServerError.MISSING_CLIENT_TYPE */] = "missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */,
1668
+ _a$1["MISSING_RECAPTCHA_VERSION" /* ServerError.MISSING_RECAPTCHA_VERSION */] = "missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */,
1669
+ _a$1["INVALID_RECAPTCHA_VERSION" /* ServerError.INVALID_RECAPTCHA_VERSION */] = "invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */,
1670
+ _a$1["INVALID_REQ_TYPE" /* ServerError.INVALID_REQ_TYPE */] = "invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */,
1733
1671
  _a$1);
1734
1672
 
1735
1673
  /**
@@ -2851,6 +2789,35 @@ var UserImpl = /** @class */ (function () {
2851
2789
  return UserImpl;
2852
2790
  }());
2853
2791
 
2792
+ /**
2793
+ * @license
2794
+ * Copyright 2020 Google LLC
2795
+ *
2796
+ * Licensed under the Apache License, Version 2.0 (the "License");
2797
+ * you may not use this file except in compliance with the License.
2798
+ * You may obtain a copy of the License at
2799
+ *
2800
+ * http://www.apache.org/licenses/LICENSE-2.0
2801
+ *
2802
+ * Unless required by applicable law or agreed to in writing, software
2803
+ * distributed under the License is distributed on an "AS IS" BASIS,
2804
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2805
+ * See the License for the specific language governing permissions and
2806
+ * limitations under the License.
2807
+ */
2808
+ var instanceCache = new Map();
2809
+ function _getInstance(cls) {
2810
+ debugAssert(cls instanceof Function, 'Expected a class definition');
2811
+ var instance = instanceCache.get(cls);
2812
+ if (instance) {
2813
+ debugAssert(instance instanceof cls, 'Instance stored in cache mismatched with class');
2814
+ return instance;
2815
+ }
2816
+ instance = new cls();
2817
+ instanceCache.set(cls, instance);
2818
+ return instance;
2819
+ }
2820
+
2854
2821
  /**
2855
2822
  * @license
2856
2823
  * Copyright 2019 Google LLC
@@ -3289,6 +3256,288 @@ function _getClientVersion(clientPlatform, frameworks) {
3289
3256
  return "".concat(reportedPlatform, "/").concat("JsCore" /* ClientImplementation.CORE */, "/").concat(SDK_VERSION, "/").concat(reportedFrameworks);
3290
3257
  }
3291
3258
 
3259
+ /**
3260
+ * @license
3261
+ * Copyright 2020 Google LLC
3262
+ *
3263
+ * Licensed under the Apache License, Version 2.0 (the "License");
3264
+ * you may not use this file except in compliance with the License.
3265
+ * You may obtain a copy of the License at
3266
+ *
3267
+ * http://www.apache.org/licenses/LICENSE-2.0
3268
+ *
3269
+ * Unless required by applicable law or agreed to in writing, software
3270
+ * distributed under the License is distributed on an "AS IS" BASIS,
3271
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3272
+ * See the License for the specific language governing permissions and
3273
+ * limitations under the License.
3274
+ */
3275
+ function getRecaptchaParams(auth) {
3276
+ return __awaiter(this, void 0, void 0, function () {
3277
+ return __generator(this, function (_a) {
3278
+ switch (_a.label) {
3279
+ case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
3280
+ case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
3281
+ }
3282
+ });
3283
+ });
3284
+ }
3285
+ function getRecaptchaConfig(auth, request) {
3286
+ return __awaiter(this, void 0, void 0, function () {
3287
+ return __generator(this, function (_a) {
3288
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
3289
+ });
3290
+ });
3291
+ }
3292
+
3293
+ /**
3294
+ * @license
3295
+ * Copyright 2020 Google LLC
3296
+ *
3297
+ * Licensed under the Apache License, Version 2.0 (the "License");
3298
+ * you may not use this file except in compliance with the License.
3299
+ * You may obtain a copy of the License at
3300
+ *
3301
+ * http://www.apache.org/licenses/LICENSE-2.0
3302
+ *
3303
+ * Unless required by applicable law or agreed to in writing, software
3304
+ * distributed under the License is distributed on an "AS IS" BASIS,
3305
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3306
+ * See the License for the specific language governing permissions and
3307
+ * limitations under the License.
3308
+ */
3309
+ function isV2(grecaptcha) {
3310
+ return (grecaptcha !== undefined &&
3311
+ grecaptcha.getResponse !== undefined);
3312
+ }
3313
+ function isEnterprise(grecaptcha) {
3314
+ return (grecaptcha !== undefined &&
3315
+ grecaptcha.enterprise !== undefined);
3316
+ }
3317
+ var RecaptchaConfig = /** @class */ (function () {
3318
+ function RecaptchaConfig(response) {
3319
+ /**
3320
+ * The reCAPTCHA site key.
3321
+ */
3322
+ this.siteKey = '';
3323
+ /**
3324
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
3325
+ */
3326
+ this.emailPasswordEnabled = false;
3327
+ if (response.recaptchaKey === undefined) {
3328
+ throw new Error('recaptchaKey undefined');
3329
+ }
3330
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
3331
+ this.siteKey = response.recaptchaKey.split('/')[3];
3332
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
3333
+ return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
3334
+ enforcementState.enforcementState !== 'OFF';
3335
+ });
3336
+ }
3337
+ return RecaptchaConfig;
3338
+ }());
3339
+
3340
+ /**
3341
+ * @license
3342
+ * Copyright 2020 Google LLC
3343
+ *
3344
+ * Licensed under the Apache License, Version 2.0 (the "License");
3345
+ * you may not use this file except in compliance with the License.
3346
+ * You may obtain a copy of the License at
3347
+ *
3348
+ * http://www.apache.org/licenses/LICENSE-2.0
3349
+ *
3350
+ * Unless required by applicable law or agreed to in writing, software
3351
+ * distributed under the License is distributed on an "AS IS" BASIS,
3352
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3353
+ * See the License for the specific language governing permissions and
3354
+ * limitations under the License.
3355
+ */
3356
+ function getScriptParentElement() {
3357
+ var _a, _b;
3358
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
3359
+ }
3360
+ function _loadJS(url) {
3361
+ // TODO: consider adding timeout support & cancellation
3362
+ return new Promise(function (resolve, reject) {
3363
+ var el = document.createElement('script');
3364
+ el.setAttribute('src', url);
3365
+ el.onload = resolve;
3366
+ el.onerror = function (e) {
3367
+ var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3368
+ error.customData = e;
3369
+ reject(error);
3370
+ };
3371
+ el.type = 'text/javascript';
3372
+ el.charset = 'UTF-8';
3373
+ getScriptParentElement().appendChild(el);
3374
+ });
3375
+ }
3376
+ function _generateCallbackName(prefix) {
3377
+ return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
3378
+ }
3379
+
3380
+ /* eslint-disable @typescript-eslint/no-require-imports */
3381
+ var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
3382
+ var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
3383
+ var RecaptchaEnterpriseVerifier = /** @class */ (function () {
3384
+ /**
3385
+ *
3386
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
3387
+ *
3388
+ */
3389
+ function RecaptchaEnterpriseVerifier(authExtern) {
3390
+ /**
3391
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
3392
+ */
3393
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
3394
+ this.auth = _castAuth(authExtern);
3395
+ }
3396
+ /**
3397
+ * Executes the verification process.
3398
+ *
3399
+ * @returns A Promise for a token that can be used to assert the validity of a request.
3400
+ */
3401
+ RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
3402
+ if (action === void 0) { action = 'verify'; }
3403
+ if (forceRefresh === void 0) { forceRefresh = false; }
3404
+ return __awaiter(this, void 0, void 0, function () {
3405
+ function retrieveSiteKey(auth) {
3406
+ return __awaiter(this, void 0, void 0, function () {
3407
+ var _this = this;
3408
+ return __generator(this, function (_a) {
3409
+ if (!forceRefresh) {
3410
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
3411
+ return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
3412
+ }
3413
+ if (auth.tenantId != null &&
3414
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
3415
+ return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
3416
+ }
3417
+ }
3418
+ return [2 /*return*/, new Promise(function (resolve, reject) { return __awaiter(_this, void 0, void 0, function () {
3419
+ return __generator(this, function (_a) {
3420
+ getRecaptchaConfig(auth, {
3421
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3422
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3423
+ })
3424
+ .then(function (response) {
3425
+ if (response.recaptchaKey === undefined) {
3426
+ reject(new Error('recaptcha Enterprise site key undefined'));
3427
+ }
3428
+ else {
3429
+ var config = new RecaptchaConfig(response);
3430
+ if (auth.tenantId == null) {
3431
+ auth._agentRecaptchaConfig = config;
3432
+ }
3433
+ else {
3434
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
3435
+ }
3436
+ return resolve(config.siteKey);
3437
+ }
3438
+ })
3439
+ .catch(function (error) {
3440
+ reject(error);
3441
+ });
3442
+ return [2 /*return*/];
3443
+ });
3444
+ }); })];
3445
+ });
3446
+ });
3447
+ }
3448
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
3449
+ var grecaptcha = window.grecaptcha;
3450
+ if (isEnterprise(grecaptcha)) {
3451
+ grecaptcha.enterprise.ready(function () {
3452
+ try {
3453
+ grecaptcha.enterprise
3454
+ .execute(siteKey, { action: action })
3455
+ .then(function (token) {
3456
+ resolve(token);
3457
+ })
3458
+ .catch(function (error) {
3459
+ reject(error);
3460
+ });
3461
+ }
3462
+ catch (error) {
3463
+ reject(error);
3464
+ }
3465
+ });
3466
+ }
3467
+ else {
3468
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
3469
+ }
3470
+ }
3471
+ var _this = this;
3472
+ return __generator(this, function (_a) {
3473
+ return [2 /*return*/, new Promise(function (resolve, reject) {
3474
+ retrieveSiteKey(_this.auth)
3475
+ .then(function (siteKey) {
3476
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
3477
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3478
+ }
3479
+ else {
3480
+ if (typeof window === 'undefined') {
3481
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
3482
+ return;
3483
+ }
3484
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
3485
+ .then(function () {
3486
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3487
+ })
3488
+ .catch(function (error) {
3489
+ reject(error);
3490
+ });
3491
+ }
3492
+ })
3493
+ .catch(function (error) {
3494
+ reject(error);
3495
+ });
3496
+ })];
3497
+ });
3498
+ });
3499
+ };
3500
+ return RecaptchaEnterpriseVerifier;
3501
+ }());
3502
+ function injectRecaptchaFields(auth, request, action, captchaResp) {
3503
+ if (captchaResp === void 0) { captchaResp = false; }
3504
+ return __awaiter(this, void 0, void 0, function () {
3505
+ var verifier, captchaResponse, newRequest;
3506
+ return __generator(this, function (_a) {
3507
+ switch (_a.label) {
3508
+ case 0:
3509
+ verifier = new RecaptchaEnterpriseVerifier(auth);
3510
+ _a.label = 1;
3511
+ case 1:
3512
+ _a.trys.push([1, 3, , 5]);
3513
+ return [4 /*yield*/, verifier.verify(action)];
3514
+ case 2:
3515
+ captchaResponse = _a.sent();
3516
+ return [3 /*break*/, 5];
3517
+ case 3:
3518
+ _a.sent();
3519
+ return [4 /*yield*/, verifier.verify(action, true)];
3520
+ case 4:
3521
+ captchaResponse = _a.sent();
3522
+ return [3 /*break*/, 5];
3523
+ case 5:
3524
+ newRequest = __assign({}, request);
3525
+ if (!captchaResp) {
3526
+ Object.assign(newRequest, { captchaResponse: captchaResponse });
3527
+ }
3528
+ else {
3529
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
3530
+ }
3531
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
3532
+ Object.assign(newRequest, {
3533
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3534
+ });
3535
+ return [2 /*return*/, newRequest];
3536
+ }
3537
+ });
3538
+ });
3539
+ }
3540
+
3292
3541
  /**
3293
3542
  * @license
3294
3543
  * Copyright 2022 Google LLC
@@ -3410,9 +3659,10 @@ var AuthMiddlewareQueue = /** @class */ (function () {
3410
3659
  * limitations under the License.
3411
3660
  */
3412
3661
  var AuthImpl = /** @class */ (function () {
3413
- function AuthImpl(app, heartbeatServiceProvider, config) {
3662
+ function AuthImpl(app, heartbeatServiceProvider, appCheckServiceProvider, config) {
3414
3663
  this.app = app;
3415
3664
  this.heartbeatServiceProvider = heartbeatServiceProvider;
3665
+ this.appCheckServiceProvider = appCheckServiceProvider;
3416
3666
  this.config = config;
3417
3667
  this.currentUser = null;
3418
3668
  this.emulatorConfig = null;
@@ -3430,6 +3680,8 @@ var AuthImpl = /** @class */ (function () {
3430
3680
  this._initializationPromise = null;
3431
3681
  this._popupRedirectResolver = null;
3432
3682
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
3683
+ this._agentRecaptchaConfig = null;
3684
+ this._tenantRecaptchaConfigs = {};
3433
3685
  // Tracks the last notified UID for state change listeners to prevent
3434
3686
  // repeated calls to the callbacks. Undefined means it's never been
3435
3687
  // called, whereas null means it's been called with a signed out user
@@ -3759,6 +4011,41 @@ var AuthImpl = /** @class */ (function () {
3759
4011
  });
3760
4012
  }); });
3761
4013
  };
4014
+ AuthImpl.prototype.initializeRecaptchaConfig = function () {
4015
+ return __awaiter(this, void 0, void 0, function () {
4016
+ var response, config, verifier;
4017
+ return __generator(this, function (_a) {
4018
+ switch (_a.label) {
4019
+ case 0: return [4 /*yield*/, getRecaptchaConfig(this, {
4020
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
4021
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
4022
+ })];
4023
+ case 1:
4024
+ response = _a.sent();
4025
+ config = new RecaptchaConfig(response);
4026
+ if (this.tenantId == null) {
4027
+ this._agentRecaptchaConfig = config;
4028
+ }
4029
+ else {
4030
+ this._tenantRecaptchaConfigs[this.tenantId] = config;
4031
+ }
4032
+ if (config.emailPasswordEnabled) {
4033
+ verifier = new RecaptchaEnterpriseVerifier(this);
4034
+ void verifier.verify();
4035
+ }
4036
+ return [2 /*return*/];
4037
+ }
4038
+ });
4039
+ });
4040
+ };
4041
+ AuthImpl.prototype._getRecaptchaConfig = function () {
4042
+ if (this.tenantId == null) {
4043
+ return this._agentRecaptchaConfig;
4044
+ }
4045
+ else {
4046
+ return this._tenantRecaptchaConfigs[this.tenantId];
4047
+ }
4048
+ };
3762
4049
  AuthImpl.prototype._getPersistence = function () {
3763
4050
  return this.assertedPersistence.persistence.type;
3764
4051
  };
@@ -3986,7 +4273,7 @@ var AuthImpl = /** @class */ (function () {
3986
4273
  AuthImpl.prototype._getAdditionalHeaders = function () {
3987
4274
  var _a;
3988
4275
  return __awaiter(this, void 0, void 0, function () {
3989
- var headers, heartbeatsHeader;
4276
+ var headers, heartbeatsHeader, appCheckToken;
3990
4277
  var _b;
3991
4278
  return __generator(this, function (_c) {
3992
4279
  switch (_c.label) {
@@ -4006,11 +4293,39 @@ var AuthImpl = /** @class */ (function () {
4006
4293
  if (heartbeatsHeader) {
4007
4294
  headers["X-Firebase-Client" /* HttpHeader.X_FIREBASE_CLIENT */] = heartbeatsHeader;
4008
4295
  }
4296
+ return [4 /*yield*/, this._getAppCheckToken()];
4297
+ case 2:
4298
+ appCheckToken = _c.sent();
4299
+ if (appCheckToken) {
4300
+ headers["X-Firebase-AppCheck" /* HttpHeader.X_FIREBASE_APP_CHECK */] = appCheckToken;
4301
+ }
4009
4302
  return [2 /*return*/, headers];
4010
4303
  }
4011
4304
  });
4012
4305
  });
4013
4306
  };
4307
+ AuthImpl.prototype._getAppCheckToken = function () {
4308
+ var _a;
4309
+ return __awaiter(this, void 0, void 0, function () {
4310
+ var appCheckTokenResult;
4311
+ return __generator(this, function (_b) {
4312
+ switch (_b.label) {
4313
+ case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
4314
+ .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
4315
+ case 1:
4316
+ appCheckTokenResult = _b.sent();
4317
+ if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
4318
+ // Context: appCheck.getToken() will never throw even if an error happened.
4319
+ // In the error case, a dummy token will be returned along with an error field describing
4320
+ // the error. In general, we shouldn't care about the error condition and just use
4321
+ // the token (actual or dummy) to send requests.
4322
+ _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
4323
+ }
4324
+ return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
4325
+ }
4326
+ });
4327
+ });
4328
+ };
4014
4329
  return AuthImpl;
4015
4330
  }());
4016
4331
  /**
@@ -4041,6 +4356,74 @@ var Subscription = /** @class */ (function () {
4041
4356
  return Subscription;
4042
4357
  }());
4043
4358
 
4359
+ /**
4360
+ * @license
4361
+ * Copyright 2020 Google LLC
4362
+ *
4363
+ * Licensed under the Apache License, Version 2.0 (the "License");
4364
+ * you may not use this file except in compliance with the License.
4365
+ * You may obtain a copy of the License at
4366
+ *
4367
+ * http://www.apache.org/licenses/LICENSE-2.0
4368
+ *
4369
+ * Unless required by applicable law or agreed to in writing, software
4370
+ * distributed under the License is distributed on an "AS IS" BASIS,
4371
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
4372
+ * See the License for the specific language governing permissions and
4373
+ * limitations under the License.
4374
+ */
4375
+ /**
4376
+ * Initializes an {@link Auth} instance with fine-grained control over
4377
+ * {@link Dependencies}.
4378
+ *
4379
+ * @remarks
4380
+ *
4381
+ * This function allows more control over the {@link Auth} instance than
4382
+ * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
4383
+ * the {@link Dependencies}. In general, `getAuth` is the easiest way to
4384
+ * initialize Auth and works for most use cases. Use `initializeAuth` if you
4385
+ * need control over which persistence layer is used, or to minimize bundle
4386
+ * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
4387
+ *
4388
+ * For example, if your app only uses anonymous accounts and you only want
4389
+ * accounts saved for the current session, initialize `Auth` with:
4390
+ *
4391
+ * ```js
4392
+ * const auth = initializeAuth(app, {
4393
+ * persistence: browserSessionPersistence,
4394
+ * popupRedirectResolver: undefined,
4395
+ * });
4396
+ * ```
4397
+ *
4398
+ * @public
4399
+ */
4400
+ function initializeAuth(app, deps) {
4401
+ var provider = _getProvider(app, 'auth');
4402
+ if (provider.isInitialized()) {
4403
+ var auth_1 = provider.getImmediate();
4404
+ var initialOptions = provider.getOptions();
4405
+ if (deepEqual(initialOptions, deps !== null && deps !== void 0 ? deps : {})) {
4406
+ return auth_1;
4407
+ }
4408
+ else {
4409
+ _fail(auth_1, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */);
4410
+ }
4411
+ }
4412
+ var auth = provider.initialize({ options: deps });
4413
+ return auth;
4414
+ }
4415
+ function _initializeAuthInstance(auth, deps) {
4416
+ var persistence = (deps === null || deps === void 0 ? void 0 : deps.persistence) || [];
4417
+ var hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance);
4418
+ if (deps === null || deps === void 0 ? void 0 : deps.errorMap) {
4419
+ auth._updateErrorMap(deps.errorMap);
4420
+ }
4421
+ // This promise is intended to float; auth initialization happens in the
4422
+ // background, meanwhile the auth object may be used by the app.
4423
+ // eslint-disable-next-line @typescript-eslint/no-floating-promises
4424
+ auth._initializeWithPersistence(hierarchy, deps === null || deps === void 0 ? void 0 : deps.popupRedirectResolver);
4425
+ }
4426
+
4044
4427
  /**
4045
4428
  * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
4046
4429
  * Firebase Auth services.
@@ -4429,24 +4812,55 @@ var EmailAuthCredential = /** @class */ (function (_super) {
4429
4812
  };
4430
4813
  /** @internal */
4431
4814
  EmailAuthCredential.prototype._getIdTokenResponse = function (auth) {
4815
+ var _a;
4432
4816
  return __awaiter(this, void 0, void 0, function () {
4433
- return __generator(this, function (_a) {
4434
- switch (this.signInMethod) {
4435
- case "password" /* SignInMethod.EMAIL_PASSWORD */:
4436
- return [2 /*return*/, signInWithPassword(auth, {
4437
- returnSecureToken: true,
4438
- email: this._email,
4439
- password: this._password
4440
- })];
4441
- case "emailLink" /* SignInMethod.EMAIL_LINK */:
4442
- return [2 /*return*/, signInWithEmailLink$1(auth, {
4443
- email: this._email,
4444
- oobCode: this._password
4445
- })];
4446
- default:
4817
+ var _b, request_1, requestWithRecaptcha;
4818
+ var _this = this;
4819
+ return __generator(this, function (_c) {
4820
+ switch (_c.label) {
4821
+ case 0:
4822
+ _b = this.signInMethod;
4823
+ switch (_b) {
4824
+ case "password" /* SignInMethod.EMAIL_PASSWORD */: return [3 /*break*/, 1];
4825
+ case "emailLink" /* SignInMethod.EMAIL_LINK */: return [3 /*break*/, 4];
4826
+ }
4827
+ return [3 /*break*/, 5];
4828
+ case 1:
4829
+ request_1 = {
4830
+ returnSecureToken: true,
4831
+ email: this._email,
4832
+ password: this._password,
4833
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
4834
+ };
4835
+ if (!((_a = auth._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 3];
4836
+ return [4 /*yield*/, injectRecaptchaFields(auth, request_1, "signInWithPassword" /* RecaptchaActionName.SIGN_IN_WITH_PASSWORD */)];
4837
+ case 2:
4838
+ requestWithRecaptcha = _c.sent();
4839
+ return [2 /*return*/, signInWithPassword(auth, requestWithRecaptcha)];
4840
+ case 3: return [2 /*return*/, signInWithPassword(auth, request_1).catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
4841
+ var requestWithRecaptcha;
4842
+ return __generator(this, function (_a) {
4843
+ switch (_a.label) {
4844
+ case 0:
4845
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 2];
4846
+ console.log('Sign-in with email address and password is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.');
4847
+ return [4 /*yield*/, injectRecaptchaFields(auth, request_1, "signInWithPassword" /* RecaptchaActionName.SIGN_IN_WITH_PASSWORD */)];
4848
+ case 1:
4849
+ requestWithRecaptcha = _a.sent();
4850
+ return [2 /*return*/, signInWithPassword(auth, requestWithRecaptcha)];
4851
+ case 2: return [2 /*return*/, Promise.reject(error)];
4852
+ }
4853
+ });
4854
+ }); })];
4855
+ case 4: return [2 /*return*/, signInWithEmailLink$1(auth, {
4856
+ email: this._email,
4857
+ oobCode: this._password
4858
+ })];
4859
+ case 5:
4447
4860
  _fail(auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
4861
+ _c.label = 6;
4862
+ case 6: return [2 /*return*/];
4448
4863
  }
4449
- return [2 /*return*/];
4450
4864
  });
4451
4865
  });
4452
4866
  };
@@ -6633,23 +7047,61 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
6633
7047
  * @public
6634
7048
  */
6635
7049
  function sendPasswordResetEmail(auth, email, actionCodeSettings) {
7050
+ var _a;
6636
7051
  return __awaiter(this, void 0, void 0, function () {
6637
- var authModular, request;
6638
- return __generator(this, function (_a) {
6639
- switch (_a.label) {
7052
+ var authInternal, request, requestWithRecaptcha;
7053
+ var _this = this;
7054
+ return __generator(this, function (_b) {
7055
+ switch (_b.label) {
6640
7056
  case 0:
6641
- authModular = getModularInstance(auth);
7057
+ authInternal = _castAuth(auth);
6642
7058
  request = {
6643
7059
  requestType: "PASSWORD_RESET" /* ActionCodeOperation.PASSWORD_RESET */,
6644
- email: email
7060
+ email: email,
7061
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
6645
7062
  };
7063
+ if (!((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 3];
7064
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
7065
+ case 1:
7066
+ requestWithRecaptcha = _b.sent();
6646
7067
  if (actionCodeSettings) {
6647
- _setActionCodeSettingsOnRequest(authModular, request, actionCodeSettings);
7068
+ _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
6648
7069
  }
6649
- return [4 /*yield*/, sendPasswordResetEmail$1(authModular, request)];
6650
- case 1:
6651
- _a.sent();
6652
- return [2 /*return*/];
7070
+ return [4 /*yield*/, sendPasswordResetEmail$1(authInternal, requestWithRecaptcha)];
7071
+ case 2:
7072
+ _b.sent();
7073
+ return [3 /*break*/, 5];
7074
+ case 3:
7075
+ if (actionCodeSettings) {
7076
+ _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);
7077
+ }
7078
+ return [4 /*yield*/, sendPasswordResetEmail$1(authInternal, request)
7079
+ .catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
7080
+ var requestWithRecaptcha;
7081
+ return __generator(this, function (_a) {
7082
+ switch (_a.label) {
7083
+ case 0:
7084
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 3];
7085
+ console.log('Password resets are protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the password reset flow.');
7086
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
7087
+ case 1:
7088
+ requestWithRecaptcha = _a.sent();
7089
+ if (actionCodeSettings) {
7090
+ _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
7091
+ }
7092
+ return [4 /*yield*/, sendPasswordResetEmail$1(authInternal, requestWithRecaptcha)];
7093
+ case 2:
7094
+ _a.sent();
7095
+ return [3 /*break*/, 4];
7096
+ case 3: return [2 /*return*/, Promise.reject(error)];
7097
+ case 4: return [2 /*return*/];
7098
+ }
7099
+ });
7100
+ }); })];
7101
+ case 4:
7102
+ _b.sent();
7103
+ _b.label = 5;
7104
+ case 5: return [2 /*return*/];
6653
7105
  }
6654
7106
  });
6655
7107
  });
@@ -6794,25 +7246,54 @@ function verifyPasswordResetCode(auth, code) {
6794
7246
  * @public
6795
7247
  */
6796
7248
  function createUserWithEmailAndPassword(auth, email, password) {
7249
+ var _a;
6797
7250
  return __awaiter(this, void 0, void 0, function () {
6798
- var authInternal, response, userCredential;
6799
- return __generator(this, function (_a) {
6800
- switch (_a.label) {
7251
+ var authInternal, request, signUpResponse, requestWithRecaptcha, response, userCredential;
7252
+ var _this = this;
7253
+ return __generator(this, function (_b) {
7254
+ switch (_b.label) {
6801
7255
  case 0:
6802
7256
  authInternal = _castAuth(auth);
6803
- return [4 /*yield*/, signUp(authInternal, {
6804
- returnSecureToken: true,
6805
- email: email,
6806
- password: password
6807
- })];
7257
+ request = {
7258
+ returnSecureToken: true,
7259
+ email: email,
7260
+ password: password,
7261
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
7262
+ };
7263
+ if (!((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 2];
7264
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */)];
6808
7265
  case 1:
6809
- response = _a.sent();
6810
- return [4 /*yield*/, UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response)];
7266
+ requestWithRecaptcha = _b.sent();
7267
+ signUpResponse = signUp(authInternal, requestWithRecaptcha);
7268
+ return [3 /*break*/, 3];
6811
7269
  case 2:
6812
- userCredential = _a.sent();
7270
+ signUpResponse = signUp(authInternal, request).catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
7271
+ var requestWithRecaptcha;
7272
+ return __generator(this, function (_a) {
7273
+ switch (_a.label) {
7274
+ case 0:
7275
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 2];
7276
+ console.log('Sign-up is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-up flow.');
7277
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */)];
7278
+ case 1:
7279
+ requestWithRecaptcha = _a.sent();
7280
+ return [2 /*return*/, signUp(authInternal, requestWithRecaptcha)];
7281
+ case 2: return [2 /*return*/, Promise.reject(error)];
7282
+ }
7283
+ });
7284
+ }); });
7285
+ _b.label = 3;
7286
+ case 3: return [4 /*yield*/, signUpResponse.catch(function (error) {
7287
+ return Promise.reject(error);
7288
+ })];
7289
+ case 4:
7290
+ response = _b.sent();
7291
+ return [4 /*yield*/, UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response)];
7292
+ case 5:
7293
+ userCredential = _b.sent();
6813
7294
  return [4 /*yield*/, authInternal._updateCurrentUser(userCredential.user)];
6814
- case 3:
6815
- _a.sent();
7295
+ case 6:
7296
+ _b.sent();
6816
7297
  return [2 /*return*/, userCredential];
6817
7298
  }
6818
7299
  });
@@ -6893,24 +7374,61 @@ function signInWithEmailAndPassword(auth, email, password) {
6893
7374
  * @public
6894
7375
  */
6895
7376
  function sendSignInLinkToEmail(auth, email, actionCodeSettings) {
7377
+ var _a;
6896
7378
  return __awaiter(this, void 0, void 0, function () {
6897
- var authModular, request;
6898
- return __generator(this, function (_a) {
6899
- switch (_a.label) {
7379
+ function setActionCodeSettings(request, actionCodeSettings) {
7380
+ _assert(actionCodeSettings.handleCodeInApp, authInternal, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
7381
+ if (actionCodeSettings) {
7382
+ _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);
7383
+ }
7384
+ }
7385
+ var authInternal, request, requestWithRecaptcha;
7386
+ var _this = this;
7387
+ return __generator(this, function (_b) {
7388
+ switch (_b.label) {
6900
7389
  case 0:
6901
- authModular = getModularInstance(auth);
7390
+ authInternal = _castAuth(auth);
6902
7391
  request = {
6903
7392
  requestType: "EMAIL_SIGNIN" /* ActionCodeOperation.EMAIL_SIGNIN */,
6904
- email: email
7393
+ email: email,
7394
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
6905
7395
  };
6906
- _assert(actionCodeSettings.handleCodeInApp, authModular, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
6907
- if (actionCodeSettings) {
6908
- _setActionCodeSettingsOnRequest(authModular, request, actionCodeSettings);
6909
- }
6910
- return [4 /*yield*/, sendSignInLinkToEmail$1(authModular, request)];
7396
+ if (!((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 3];
7397
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
6911
7398
  case 1:
6912
- _a.sent();
6913
- return [2 /*return*/];
7399
+ requestWithRecaptcha = _b.sent();
7400
+ setActionCodeSettings(requestWithRecaptcha, actionCodeSettings);
7401
+ return [4 /*yield*/, sendSignInLinkToEmail$1(authInternal, requestWithRecaptcha)];
7402
+ case 2:
7403
+ _b.sent();
7404
+ return [3 /*break*/, 5];
7405
+ case 3:
7406
+ setActionCodeSettings(request, actionCodeSettings);
7407
+ return [4 /*yield*/, sendSignInLinkToEmail$1(authInternal, request)
7408
+ .catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
7409
+ var requestWithRecaptcha;
7410
+ return __generator(this, function (_a) {
7411
+ switch (_a.label) {
7412
+ case 0:
7413
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 3];
7414
+ console.log('Email link sign-in is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.');
7415
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
7416
+ case 1:
7417
+ requestWithRecaptcha = _a.sent();
7418
+ setActionCodeSettings(requestWithRecaptcha, actionCodeSettings);
7419
+ return [4 /*yield*/, sendSignInLinkToEmail$1(authInternal, requestWithRecaptcha)];
7420
+ case 2:
7421
+ _a.sent();
7422
+ return [3 /*break*/, 4];
7423
+ case 3: return [2 /*return*/, Promise.reject(error)];
7424
+ case 4: return [2 /*return*/];
7425
+ }
7426
+ });
7427
+ }); })];
7428
+ case 4:
7429
+ _b.sent();
7430
+ _b.label = 5;
7431
+ case 5: return [2 /*return*/];
6914
7432
  }
6915
7433
  });
6916
7434
  });
@@ -7506,11 +8024,41 @@ function getAdditionalUserInfo(userCredential) {
7506
8024
  function setPersistence(auth, persistence) {
7507
8025
  return getModularInstance(auth).setPersistence(persistence);
7508
8026
  }
8027
+ /**
8028
+ * Loads the reCAPTCHA configuration into the `Auth` instance.
8029
+ *
8030
+ * @remarks
8031
+ * This will load the reCAPTCHA config, which indicates whether the reCAPTCHA
8032
+ * verification flow should be triggered for each auth provider, into the
8033
+ * current Auth session.
8034
+ *
8035
+ * If initializeRecaptchaConfig() is not invoked, the auth flow will always start
8036
+ * without reCAPTCHA verification. If the provider is configured to require reCAPTCHA
8037
+ * verification, the SDK will transparently load the reCAPTCHA config and restart the
8038
+ * auth flows.
8039
+ *
8040
+ * Thus, by calling this optional method, you will reduce the latency of future auth flows.
8041
+ * Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.
8042
+ *
8043
+ * @example
8044
+ * ```javascript
8045
+ * initializeRecaptchaConfig(auth);
8046
+ * ```
8047
+ *
8048
+ * @param auth - The {@link Auth} instance.
8049
+ *
8050
+ * @public
8051
+ */
8052
+ function initializeRecaptchaConfig(auth) {
8053
+ var authInternal = _castAuth(auth);
8054
+ return authInternal.initializeRecaptchaConfig();
8055
+ }
7509
8056
  /**
7510
8057
  * Adds an observer for changes to the signed-in user's ID token.
7511
8058
  *
7512
8059
  * @remarks
7513
8060
  * This includes sign-in, sign-out, and token refresh events.
8061
+ * This will not be triggered automatically upon ID token expiration. Use {@link User.getIdToken} to refresh the ID token.
7514
8062
  *
7515
8063
  * @param auth - The {@link Auth} instance.
7516
8064
  * @param nextOrObserver - callback triggered on change.
@@ -7909,7 +8457,7 @@ function multiFactor(user) {
7909
8457
  }
7910
8458
 
7911
8459
  var name = "@firebase/auth";
7912
- var version = "0.21.6";
8460
+ var version = "0.22.0-canary.1d6771eb3";
7913
8461
 
7914
8462
  /**
7915
8463
  * @license
@@ -8029,26 +8577,25 @@ function registerAuth(clientPlatform) {
8029
8577
  var deps = _a.options;
8030
8578
  var app = container.getProvider('app').getImmediate();
8031
8579
  var heartbeatServiceProvider = container.getProvider('heartbeat');
8580
+ var appCheckServiceProvider = container.getProvider('app-check-internal');
8032
8581
  var _b = app.options, apiKey = _b.apiKey, authDomain = _b.authDomain;
8033
- return (function (app, heartbeatServiceProvider) {
8034
- _assert(apiKey && !apiKey.includes(':'), "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */, { appName: app.name });
8035
- // Auth domain is optional if IdP sign in isn't being used
8036
- _assert(!(authDomain === null || authDomain === void 0 ? void 0 : authDomain.includes(':')), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, {
8037
- appName: app.name
8038
- });
8039
- var config = {
8040
- apiKey: apiKey,
8041
- authDomain: authDomain,
8042
- clientPlatform: clientPlatform,
8043
- apiHost: "identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */,
8044
- tokenApiHost: "securetoken.googleapis.com" /* DefaultConfig.TOKEN_API_HOST */,
8045
- apiScheme: "https" /* DefaultConfig.API_SCHEME */,
8046
- sdkClientVersion: _getClientVersion(clientPlatform)
8047
- };
8048
- var authInstance = new AuthImpl(app, heartbeatServiceProvider, config);
8049
- _initializeAuthInstance(authInstance, deps);
8050
- return authInstance;
8051
- })(app, heartbeatServiceProvider);
8582
+ _assert(apiKey && !apiKey.includes(':'), "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */, { appName: app.name });
8583
+ // Auth domain is optional if IdP sign in isn't being used
8584
+ _assert(!(authDomain === null || authDomain === void 0 ? void 0 : authDomain.includes(':')), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, {
8585
+ appName: app.name
8586
+ });
8587
+ var config = {
8588
+ apiKey: apiKey,
8589
+ authDomain: authDomain,
8590
+ clientPlatform: clientPlatform,
8591
+ apiHost: "identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */,
8592
+ tokenApiHost: "securetoken.googleapis.com" /* DefaultConfig.TOKEN_API_HOST */,
8593
+ apiScheme: "https" /* DefaultConfig.API_SCHEME */,
8594
+ sdkClientVersion: _getClientVersion(clientPlatform)
8595
+ };
8596
+ var authInstance = new AuthImpl(app, heartbeatServiceProvider, appCheckServiceProvider, config);
8597
+ _initializeAuthInstance(authInstance, deps);
8598
+ return authInstance;
8052
8599
  }, "PUBLIC" /* ComponentType.PUBLIC */)
8053
8600
  /**
8054
8601
  * Auth can only be initialized by explicitly calling getAuth() or initializeAuth()
@@ -9249,48 +9796,67 @@ var WIDGET_PATH = '__/auth/handler';
9249
9796
  * @internal
9250
9797
  */
9251
9798
  var EMULATOR_WIDGET_PATH = 'emulator/auth/handler';
9799
+ /**
9800
+ * Fragment name for the App Check token that gets passed to the widget
9801
+ *
9802
+ * @internal
9803
+ */
9804
+ var FIREBASE_APP_CHECK_FRAGMENT_ID = encodeURIComponent('fac');
9252
9805
  function _getRedirectUrl(auth, provider, authType, redirectUrl, eventId, additionalParams) {
9253
- _assert(auth.config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */);
9254
- _assert(auth.config.apiKey, auth, "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */);
9255
- var params = {
9256
- apiKey: auth.config.apiKey,
9257
- appName: auth.name,
9258
- authType: authType,
9259
- redirectUrl: redirectUrl,
9260
- v: SDK_VERSION,
9261
- eventId: eventId
9262
- };
9263
- if (provider instanceof FederatedAuthProvider) {
9264
- provider.setDefaultLanguage(auth.languageCode);
9265
- params.providerId = provider.providerId || '';
9266
- if (!isEmpty(provider.getCustomParameters())) {
9267
- params.customParameters = JSON.stringify(provider.getCustomParameters());
9268
- }
9269
- // TODO set additionalParams from the provider as well?
9270
- for (var _i = 0, _a = Object.entries(additionalParams || {}); _i < _a.length; _i++) {
9271
- var _b = _a[_i], key = _b[0], value = _b[1];
9272
- params[key] = value;
9273
- }
9274
- }
9275
- if (provider instanceof BaseOAuthProvider) {
9276
- var scopes = provider.getScopes().filter(function (scope) { return scope !== ''; });
9277
- if (scopes.length > 0) {
9278
- params.scopes = scopes.join(',');
9279
- }
9280
- }
9281
- if (auth.tenantId) {
9282
- params.tid = auth.tenantId;
9283
- }
9284
- // TODO: maybe set eid as endipointId
9285
- // TODO: maybe set fw as Frameworks.join(",")
9286
- var paramsDict = params;
9287
- for (var _c = 0, _d = Object.keys(paramsDict); _c < _d.length; _c++) {
9288
- var key = _d[_c];
9289
- if (paramsDict[key] === undefined) {
9290
- delete paramsDict[key];
9291
- }
9292
- }
9293
- return "".concat(getHandlerBase(auth), "?").concat(querystring(paramsDict).slice(1));
9806
+ return __awaiter(this, void 0, void 0, function () {
9807
+ var params, _i, _a, _b, key, value, scopes, paramsDict, _c, _d, key, appCheckToken, appCheckTokenFragment;
9808
+ return __generator(this, function (_e) {
9809
+ switch (_e.label) {
9810
+ case 0:
9811
+ _assert(auth.config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */);
9812
+ _assert(auth.config.apiKey, auth, "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */);
9813
+ params = {
9814
+ apiKey: auth.config.apiKey,
9815
+ appName: auth.name,
9816
+ authType: authType,
9817
+ redirectUrl: redirectUrl,
9818
+ v: SDK_VERSION,
9819
+ eventId: eventId
9820
+ };
9821
+ if (provider instanceof FederatedAuthProvider) {
9822
+ provider.setDefaultLanguage(auth.languageCode);
9823
+ params.providerId = provider.providerId || '';
9824
+ if (!isEmpty(provider.getCustomParameters())) {
9825
+ params.customParameters = JSON.stringify(provider.getCustomParameters());
9826
+ }
9827
+ // TODO set additionalParams from the provider as well?
9828
+ for (_i = 0, _a = Object.entries(additionalParams || {}); _i < _a.length; _i++) {
9829
+ _b = _a[_i], key = _b[0], value = _b[1];
9830
+ params[key] = value;
9831
+ }
9832
+ }
9833
+ if (provider instanceof BaseOAuthProvider) {
9834
+ scopes = provider.getScopes().filter(function (scope) { return scope !== ''; });
9835
+ if (scopes.length > 0) {
9836
+ params.scopes = scopes.join(',');
9837
+ }
9838
+ }
9839
+ if (auth.tenantId) {
9840
+ params.tid = auth.tenantId;
9841
+ }
9842
+ paramsDict = params;
9843
+ for (_c = 0, _d = Object.keys(paramsDict); _c < _d.length; _c++) {
9844
+ key = _d[_c];
9845
+ if (paramsDict[key] === undefined) {
9846
+ delete paramsDict[key];
9847
+ }
9848
+ }
9849
+ return [4 /*yield*/, auth._getAppCheckToken()];
9850
+ case 1:
9851
+ appCheckToken = _e.sent();
9852
+ appCheckTokenFragment = appCheckToken
9853
+ ? "#".concat(FIREBASE_APP_CHECK_FRAGMENT_ID, "=").concat(encodeURIComponent(appCheckToken))
9854
+ : '';
9855
+ // Start at index 1 to skip the leading '&' in the query string
9856
+ return [2 /*return*/, "".concat(getHandlerBase(auth), "?").concat(querystring(paramsDict).slice(1)).concat(appCheckTokenFragment)];
9857
+ }
9858
+ });
9859
+ });
9294
9860
  }
9295
9861
  function getHandlerBase(_a) {
9296
9862
  var config = _a.config;
@@ -10091,5 +10657,5 @@ function generateNoEvent() {
10091
10657
  };
10092
10658
  }
10093
10659
 
10094
- export { signInWithEmailLink as $, ActionCodeOperation as A, FacebookAuthProvider as B, GithubAuthProvider as C, OAuthProvider as D, EmailAuthCredential as E, FactorId as F, GoogleAuthProvider as G, SAMLAuthProvider as H, signInAnonymously as I, signInWithCredential as J, linkWithCredential as K, reauthenticateWithCredential as L, signInWithCustomToken as M, sendPasswordResetEmail as N, OperationType as O, ProviderId as P, confirmPasswordReset as Q, applyActionCode as R, SignInMethod as S, TwitterAuthProvider as T, checkActionCode as U, verifyPasswordResetCode as V, createUserWithEmailAndPassword as W, signInWithEmailAndPassword as X, sendSignInLinkToEmail as Y, isSignInWithEmailLink as Z, _signInWithRedirect as _, _reauthenticateWithRedirect as a, fetchSignInMethodsForEmail as a0, sendEmailVerification as a1, verifyBeforeUpdateEmail as a2, ActionCodeURL as a3, parseActionCodeURL as a4, updateProfile as a5, updateEmail as a6, updatePassword as a7, getIdToken as a8, getIdTokenResult as a9, _getCurrentUrl as aA, _emulatorUrl as aB, _isChromeIOS as aC, _isFirefox as aD, _isIOSStandalone as aE, _getRedirectUrl as aF, _setWindowLocation as aG, _isMobileBrowser as aH, _isSafari as aI, _isIOS as aJ, _getRedirectResult as aK, _overrideRedirectResult as aL, AuthEventManager as aM, debugFail as aN, finalizeEnrollPhoneMfa as aO, finalizeEnrollTotpMfa as aP, startEnrollTotpMfa as aQ, _persistenceKeyName as aR, UserImpl as aS, _getInstance as aT, AuthImpl as aU, _getClientVersion as aV, FetchProvider as aW, SAMLAuthCredential as aX, signInWithRedirect as aY, linkWithRedirect as aZ, reauthenticateWithRedirect as a_, unlink as aa, getAdditionalUserInfo as ab, reload as ac, getMultiFactorResolver as ad, multiFactor as ae, _performApiRequest as af, _addTidIfNecessary as ag, _createError as ah, _assert as ai, Delay as aj, _window as ak, _isHttpOrHttps as al, _isWorker as am, _castAuth as an, _assertLinkedStatus as ao, sendPhoneVerificationCode as ap, startEnrollPhoneMfa as aq, _link$1 as ar, debugAssert as as, _generateEventId as at, AbstractPopupRedirectOperation as au, _assertInstanceOf as av, _withDefaultResolver as aw, FederatedAuthProvider as ax, _fail as ay, _getProjectConfig as az, _linkWithRedirect as b, indexedDBLocalPersistence as c, cordovaPopupRedirectResolver as d, browserLocalPersistence as e, browserSessionPersistence as f, getRedirectResult as g, beforeAuthStateChanged as h, initializeAuth as i, onAuthStateChanged as j, updateCurrentUser as k, signOut as l, deleteUser as m, debugErrorMap as n, onIdTokenChanged as o, prodErrorMap as p, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as q, registerAuth as r, setPersistence as s, connectAuthEmulator as t, useDeviceLanguage as u, AuthCredential as v, OAuthCredential as w, PhoneAuthCredential as x, inMemoryPersistence as y, EmailAuthProvider as z };
10095
- //# sourceMappingURL=popup_redirect-8b388294.js.map
10660
+ export { isSignInWithEmailLink as $, ActionCodeOperation as A, EmailAuthProvider as B, FacebookAuthProvider as C, GithubAuthProvider as D, EmailAuthCredential as E, FactorId as F, GoogleAuthProvider as G, OAuthProvider as H, SAMLAuthProvider as I, signInAnonymously as J, signInWithCredential as K, linkWithCredential as L, reauthenticateWithCredential as M, signInWithCustomToken as N, OperationType as O, ProviderId as P, sendPasswordResetEmail as Q, confirmPasswordReset as R, SignInMethod as S, TwitterAuthProvider as T, applyActionCode as U, checkActionCode as V, verifyPasswordResetCode as W, createUserWithEmailAndPassword as X, signInWithEmailAndPassword as Y, sendSignInLinkToEmail as Z, _signInWithRedirect as _, _reauthenticateWithRedirect as a, FetchProvider as a$, signInWithEmailLink as a0, fetchSignInMethodsForEmail as a1, sendEmailVerification as a2, verifyBeforeUpdateEmail as a3, ActionCodeURL as a4, parseActionCodeURL as a5, updateProfile as a6, updateEmail as a7, updatePassword as a8, getIdToken as a9, _assertInstanceOf as aA, _withDefaultResolver as aB, FederatedAuthProvider as aC, _fail as aD, _getProjectConfig as aE, _getCurrentUrl as aF, _emulatorUrl as aG, _isChromeIOS as aH, _isFirefox as aI, _isIOSStandalone as aJ, _getRedirectUrl as aK, _setWindowLocation as aL, _isMobileBrowser as aM, _isSafari as aN, _isIOS as aO, _getRedirectResult as aP, _overrideRedirectResult as aQ, AuthEventManager as aR, debugFail as aS, finalizeEnrollPhoneMfa as aT, finalizeEnrollTotpMfa as aU, startEnrollTotpMfa as aV, _persistenceKeyName as aW, UserImpl as aX, _getInstance as aY, AuthImpl as aZ, _getClientVersion as a_, getIdTokenResult as aa, unlink as ab, getAdditionalUserInfo as ac, reload as ad, getMultiFactorResolver as ae, multiFactor as af, _performApiRequest as ag, _addTidIfNecessary as ah, _assert as ai, Delay as aj, _window as ak, isV2 as al, _createError as am, _loadJS as an, _generateCallbackName as ao, getRecaptchaParams as ap, _isHttpOrHttps as aq, _isWorker as ar, _castAuth as as, _assertLinkedStatus as at, sendPhoneVerificationCode as au, startEnrollPhoneMfa as av, _link$1 as aw, debugAssert as ax, _generateEventId as ay, AbstractPopupRedirectOperation as az, _linkWithRedirect as b, SAMLAuthCredential as b0, signInWithRedirect as b1, linkWithRedirect as b2, reauthenticateWithRedirect as b3, indexedDBLocalPersistence as c, cordovaPopupRedirectResolver as d, browserLocalPersistence as e, browserSessionPersistence as f, getRedirectResult as g, initializeRecaptchaConfig as h, initializeAuth as i, beforeAuthStateChanged as j, onAuthStateChanged as k, updateCurrentUser as l, signOut as m, deleteUser as n, onIdTokenChanged as o, debugErrorMap as p, prodErrorMap as q, registerAuth as r, setPersistence as s, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as t, useDeviceLanguage as u, connectAuthEmulator as v, AuthCredential as w, OAuthCredential as x, PhoneAuthCredential as y, inMemoryPersistence as z };
10661
+ //# sourceMappingURL=popup_redirect-eae95465.js.map