@firebase/auth 0.22.0 → 0.23.0-canary.0832dcac2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (209) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/dist/auth-public.d.ts +57 -0
  3. package/dist/auth.d.ts +71 -1
  4. package/dist/browser-cjs/{index-5859881d.js → index-67779ffd.js} +590 -207
  5. package/dist/browser-cjs/index-67779ffd.js.map +1 -0
  6. package/dist/browser-cjs/index.js +3 -2
  7. package/dist/browser-cjs/index.js.map +1 -1
  8. package/dist/browser-cjs/internal.js +3 -2
  9. package/dist/browser-cjs/internal.js.map +1 -1
  10. package/dist/browser-cjs/src/api/authentication/email_and_password.d.ts +9 -0
  11. package/dist/browser-cjs/src/api/authentication/recaptcha.d.ts +16 -0
  12. package/dist/browser-cjs/src/api/authentication/sign_up.d.ts +4 -0
  13. package/dist/browser-cjs/src/api/errors.d.ts +9 -1
  14. package/dist/browser-cjs/src/api/index.d.ts +17 -2
  15. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +9 -1
  16. package/dist/browser-cjs/src/core/errors.d.ts +17 -1
  17. package/dist/browser-cjs/src/core/index.d.ts +26 -0
  18. package/dist/browser-cjs/src/core/util/handler.d.ts +1 -1
  19. package/dist/browser-cjs/src/core/util/log.d.ts +1 -0
  20. package/dist/browser-cjs/src/model/auth.d.ts +6 -0
  21. package/dist/browser-cjs/src/platform_browser/auth_window.d.ts +2 -2
  22. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  23. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  24. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  25. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  26. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  27. package/dist/browser-cjs/src/platform_browser/strategies/popup.d.ts +1 -1
  28. package/dist/browser-cjs/test/helpers/api/helper.d.ts +2 -0
  29. package/dist/browser-cjs/test/helpers/mock_auth.d.ts +5 -0
  30. package/dist/cordova/index.js +2 -2
  31. package/dist/cordova/internal.js +21 -77
  32. package/dist/cordova/internal.js.map +1 -1
  33. package/dist/cordova/{popup_redirect-3519667a.js → popup_redirect-cc44b4cd.js} +778 -214
  34. package/dist/cordova/popup_redirect-cc44b4cd.js.map +1 -0
  35. package/dist/cordova/src/api/authentication/email_and_password.d.ts +9 -0
  36. package/dist/cordova/src/api/authentication/recaptcha.d.ts +16 -0
  37. package/dist/cordova/src/api/authentication/sign_up.d.ts +4 -0
  38. package/dist/cordova/src/api/errors.d.ts +9 -1
  39. package/dist/cordova/src/api/index.d.ts +17 -2
  40. package/dist/cordova/src/core/auth/auth_impl.d.ts +9 -1
  41. package/dist/cordova/src/core/errors.d.ts +17 -1
  42. package/dist/cordova/src/core/index.d.ts +26 -0
  43. package/dist/cordova/src/core/util/handler.d.ts +1 -1
  44. package/dist/cordova/src/core/util/log.d.ts +1 -0
  45. package/dist/cordova/src/model/auth.d.ts +6 -0
  46. package/dist/cordova/src/platform_browser/auth_window.d.ts +2 -2
  47. package/dist/cordova/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  48. package/dist/cordova/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  49. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  50. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  51. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  52. package/dist/cordova/src/platform_browser/strategies/popup.d.ts +1 -1
  53. package/dist/cordova/test/helpers/api/helper.d.ts +2 -0
  54. package/dist/cordova/test/helpers/mock_auth.d.ts +5 -0
  55. package/dist/esm2017/{index-680e2b70.js → index-55c8f96e.js} +591 -209
  56. package/dist/esm2017/index-55c8f96e.js.map +1 -0
  57. package/dist/esm2017/index.js +2 -2
  58. package/dist/esm2017/internal.js +3 -3
  59. package/dist/esm2017/src/api/authentication/email_and_password.d.ts +9 -0
  60. package/dist/esm2017/src/api/authentication/recaptcha.d.ts +16 -0
  61. package/dist/esm2017/src/api/authentication/sign_up.d.ts +4 -0
  62. package/dist/esm2017/src/api/errors.d.ts +9 -1
  63. package/dist/esm2017/src/api/index.d.ts +17 -2
  64. package/dist/esm2017/src/core/auth/auth_impl.d.ts +9 -1
  65. package/dist/esm2017/src/core/errors.d.ts +17 -1
  66. package/dist/esm2017/src/core/index.d.ts +26 -0
  67. package/dist/esm2017/src/core/util/handler.d.ts +1 -1
  68. package/dist/esm2017/src/core/util/log.d.ts +1 -0
  69. package/dist/esm2017/src/model/auth.d.ts +6 -0
  70. package/dist/esm2017/src/platform_browser/auth_window.d.ts +2 -2
  71. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  72. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  73. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  74. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  75. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  76. package/dist/esm2017/src/platform_browser/strategies/popup.d.ts +1 -1
  77. package/dist/esm2017/test/helpers/api/helper.d.ts +2 -0
  78. package/dist/esm2017/test/helpers/mock_auth.d.ts +5 -0
  79. package/dist/esm5/{index-714e827f.js → index-ce1e2136.js} +797 -289
  80. package/dist/esm5/index-ce1e2136.js.map +1 -0
  81. package/dist/esm5/index.js +1 -1
  82. package/dist/esm5/internal.js +2 -2
  83. package/dist/esm5/src/api/authentication/email_and_password.d.ts +9 -0
  84. package/dist/esm5/src/api/authentication/recaptcha.d.ts +16 -0
  85. package/dist/esm5/src/api/authentication/sign_up.d.ts +4 -0
  86. package/dist/esm5/src/api/errors.d.ts +9 -1
  87. package/dist/esm5/src/api/index.d.ts +17 -2
  88. package/dist/esm5/src/core/auth/auth_impl.d.ts +9 -1
  89. package/dist/esm5/src/core/errors.d.ts +17 -1
  90. package/dist/esm5/src/core/index.d.ts +26 -0
  91. package/dist/esm5/src/core/util/handler.d.ts +1 -1
  92. package/dist/esm5/src/core/util/log.d.ts +1 -0
  93. package/dist/esm5/src/model/auth.d.ts +6 -0
  94. package/dist/esm5/src/platform_browser/auth_window.d.ts +2 -2
  95. package/dist/esm5/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  96. package/dist/esm5/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  97. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  98. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  99. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  100. package/dist/esm5/src/platform_browser/strategies/popup.d.ts +1 -1
  101. package/dist/esm5/test/helpers/api/helper.d.ts +2 -0
  102. package/dist/esm5/test/helpers/mock_auth.d.ts +5 -0
  103. package/dist/index.webworker.esm5.js +602 -74
  104. package/dist/index.webworker.esm5.js.map +1 -1
  105. package/dist/node/index.js +2 -1
  106. package/dist/node/index.js.map +1 -1
  107. package/dist/node/internal.js +62 -42
  108. package/dist/node/internal.js.map +1 -1
  109. package/dist/node/src/api/authentication/email_and_password.d.ts +9 -0
  110. package/dist/node/src/api/authentication/recaptcha.d.ts +16 -0
  111. package/dist/node/src/api/authentication/sign_up.d.ts +4 -0
  112. package/dist/node/src/api/errors.d.ts +9 -1
  113. package/dist/node/src/api/index.d.ts +17 -2
  114. package/dist/node/src/core/auth/auth_impl.d.ts +9 -1
  115. package/dist/node/src/core/errors.d.ts +17 -1
  116. package/dist/node/src/core/index.d.ts +26 -0
  117. package/dist/node/src/core/util/handler.d.ts +1 -1
  118. package/dist/node/src/core/util/log.d.ts +1 -0
  119. package/dist/node/src/model/auth.d.ts +6 -0
  120. package/dist/node/src/platform_browser/auth_window.d.ts +2 -2
  121. package/dist/node/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  122. package/dist/node/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  123. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  124. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  125. package/dist/node/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  126. package/dist/node/src/platform_browser/strategies/popup.d.ts +1 -1
  127. package/dist/node/test/helpers/api/helper.d.ts +2 -0
  128. package/dist/node/test/helpers/mock_auth.d.ts +5 -0
  129. package/dist/node/{totp-416a2adc.js → totp-a3dac803.js} +700 -171
  130. package/dist/node/totp-a3dac803.js.map +1 -0
  131. package/dist/node-esm/index.js +1 -1
  132. package/dist/node-esm/internal.js +16 -4
  133. package/dist/node-esm/internal.js.map +1 -1
  134. package/dist/node-esm/src/api/authentication/email_and_password.d.ts +9 -0
  135. package/dist/node-esm/src/api/authentication/recaptcha.d.ts +16 -0
  136. package/dist/node-esm/src/api/authentication/sign_up.d.ts +4 -0
  137. package/dist/node-esm/src/api/errors.d.ts +9 -1
  138. package/dist/node-esm/src/api/index.d.ts +17 -2
  139. package/dist/node-esm/src/core/auth/auth_impl.d.ts +9 -1
  140. package/dist/node-esm/src/core/errors.d.ts +17 -1
  141. package/dist/node-esm/src/core/index.d.ts +26 -0
  142. package/dist/node-esm/src/core/util/handler.d.ts +1 -1
  143. package/dist/node-esm/src/core/util/log.d.ts +1 -0
  144. package/dist/node-esm/src/model/auth.d.ts +6 -0
  145. package/dist/node-esm/src/platform_browser/auth_window.d.ts +2 -2
  146. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  147. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  148. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  149. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  150. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  151. package/dist/node-esm/src/platform_browser/strategies/popup.d.ts +1 -1
  152. package/dist/node-esm/test/helpers/api/helper.d.ts +2 -0
  153. package/dist/node-esm/test/helpers/mock_auth.d.ts +5 -0
  154. package/dist/node-esm/{totp-c3bf2a20.js → totp-65fbfdbe.js} +557 -140
  155. package/dist/node-esm/totp-65fbfdbe.js.map +1 -0
  156. package/dist/rn/index.js +2 -1
  157. package/dist/rn/index.js.map +1 -1
  158. package/dist/rn/internal.js +79 -48
  159. package/dist/rn/internal.js.map +1 -1
  160. package/dist/rn/{phone-2ec1815d.js → phone-97108d6a.js} +738 -259
  161. package/dist/rn/phone-97108d6a.js.map +1 -0
  162. package/dist/rn/src/api/authentication/email_and_password.d.ts +9 -0
  163. package/dist/rn/src/api/authentication/recaptcha.d.ts +16 -0
  164. package/dist/rn/src/api/authentication/sign_up.d.ts +4 -0
  165. package/dist/rn/src/api/errors.d.ts +9 -1
  166. package/dist/rn/src/api/index.d.ts +17 -2
  167. package/dist/rn/src/core/auth/auth_impl.d.ts +9 -1
  168. package/dist/rn/src/core/errors.d.ts +17 -1
  169. package/dist/rn/src/core/index.d.ts +26 -0
  170. package/dist/rn/src/core/util/handler.d.ts +1 -1
  171. package/dist/rn/src/core/util/log.d.ts +1 -0
  172. package/dist/rn/src/model/auth.d.ts +6 -0
  173. package/dist/rn/src/platform_browser/auth_window.d.ts +2 -2
  174. package/dist/rn/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  175. package/dist/rn/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  176. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  177. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  178. package/dist/rn/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  179. package/dist/rn/src/platform_browser/strategies/popup.d.ts +1 -1
  180. package/dist/rn/test/helpers/api/helper.d.ts +2 -0
  181. package/dist/rn/test/helpers/mock_auth.d.ts +5 -0
  182. package/dist/src/api/authentication/email_and_password.d.ts +9 -0
  183. package/dist/src/api/authentication/recaptcha.d.ts +16 -0
  184. package/dist/src/api/authentication/sign_up.d.ts +4 -0
  185. package/dist/src/api/errors.d.ts +9 -1
  186. package/dist/src/api/index.d.ts +17 -2
  187. package/dist/src/core/auth/auth_impl.d.ts +9 -1
  188. package/dist/src/core/errors.d.ts +17 -1
  189. package/dist/src/core/index.d.ts +26 -0
  190. package/dist/src/core/util/handler.d.ts +1 -1
  191. package/dist/src/core/util/log.d.ts +1 -0
  192. package/dist/src/model/auth.d.ts +6 -0
  193. package/dist/src/platform_browser/auth_window.d.ts +2 -2
  194. package/dist/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  195. package/dist/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  196. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  197. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  198. package/dist/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  199. package/dist/src/platform_browser/strategies/popup.d.ts +1 -1
  200. package/dist/test/helpers/api/helper.d.ts +2 -0
  201. package/dist/test/helpers/mock_auth.d.ts +5 -0
  202. package/package.json +6 -6
  203. package/dist/browser-cjs/index-5859881d.js.map +0 -1
  204. package/dist/cordova/popup_redirect-3519667a.js.map +0 -1
  205. package/dist/esm2017/index-680e2b70.js.map +0 -1
  206. package/dist/esm5/index-714e827f.js.map +0 -1
  207. package/dist/node/totp-416a2adc.js.map +0 -1
  208. package/dist/node-esm/totp-c3bf2a20.js.map +0 -1
  209. package/dist/rn/phone-2ec1815d.js.map +0 -1
@@ -1,5 +1,5 @@
1
1
  import { __spreadArray, __assign, __awaiter, __generator, __rest, __extends } from 'tslib';
2
- import { ErrorFactory, deepEqual, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, isIE, getUA, createSubscribe, querystringDecode, extractQuerystring, isEmpty, getExperimentalSetting, getDefaultEmulatorHost } from '@firebase/util';
2
+ import { ErrorFactory, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, isIE, getUA, createSubscribe, deepEqual, querystringDecode, extractQuerystring, isEmpty, getExperimentalSetting, getDefaultEmulatorHost } from '@firebase/util';
3
3
  import { SDK_VERSION, _getProvider, _registerComponent, registerVersion, getApp } from '@firebase/app';
4
4
  import { Logger, LogLevel } from '@firebase/logger';
5
5
  import { Component } from '@firebase/component';
@@ -267,6 +267,14 @@ function _debugErrorMap() {
267
267
  'different options. To avoid this error, call initializeAuth() with the ' +
268
268
  'same options as when it was originally called, or call getAuth() to return the' +
269
269
  ' already initialized instance.',
270
+ _a["missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */] = 'The reCAPTCHA token is missing when sending request to the backend.',
271
+ _a["invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */] = 'The reCAPTCHA token is invalid when sending request to the backend.',
272
+ _a["invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */] = 'The reCAPTCHA action is invalid when sending request to the backend.',
273
+ _a["recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */] = 'reCAPTCHA Enterprise integration is not enabled for this project.',
274
+ _a["missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */] = 'The reCAPTCHA client type is missing when sending request to the backend.',
275
+ _a["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is missing when sending request to the backend.',
276
+ _a["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */] = 'Invalid request parameters.',
277
+ _a["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is invalid when sending request to the backend.',
270
278
  _a;
271
279
  }
272
280
  function _prodErrorMap() {
@@ -403,7 +411,15 @@ var AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
403
411
  USER_SIGNED_OUT: 'auth/user-signed-out',
404
412
  WEAK_PASSWORD: 'auth/weak-password',
405
413
  WEB_STORAGE_UNSUPPORTED: 'auth/web-storage-unsupported',
406
- ALREADY_INITIALIZED: 'auth/already-initialized'
414
+ ALREADY_INITIALIZED: 'auth/already-initialized',
415
+ RECAPTCHA_NOT_ENABLED: 'auth/recaptcha-not-enabled',
416
+ MISSING_RECAPTCHA_TOKEN: 'auth/missing-recaptcha-token',
417
+ INVALID_RECAPTCHA_TOKEN: 'auth/invalid-recaptcha-token',
418
+ INVALID_RECAPTCHA_ACTION: 'auth/invalid-recaptcha-action',
419
+ MISSING_CLIENT_TYPE: 'auth/missing-client-type',
420
+ MISSING_RECAPTCHA_VERSION: 'auth/missing-recaptcha-version',
421
+ INVALID_RECAPTCHA_VERSION: 'auth/invalid-recaptcha-version',
422
+ INVALID_REQ_TYPE: 'auth/invalid-req-type'
407
423
  };
408
424
 
409
425
  /**
@@ -423,6 +439,15 @@ var AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
423
439
  * limitations under the License.
424
440
  */
425
441
  var logClient = new Logger('@firebase/auth');
442
+ function _logWarn(msg) {
443
+ var args = [];
444
+ for (var _i = 1; _i < arguments.length; _i++) {
445
+ args[_i - 1] = arguments[_i];
446
+ }
447
+ if (logClient.logLevel <= LogLevel.WARN) {
448
+ logClient.warn.apply(logClient, __spreadArray(["Auth (".concat(SDK_VERSION, "): ").concat(msg)], args, false));
449
+ }
450
+ }
426
451
  function _logError(msg) {
427
452
  var args = [];
428
453
  for (var _i = 1; _i < arguments.length; _i++) {
@@ -535,103 +560,6 @@ function debugAssert(assertion, message) {
535
560
  }
536
561
  }
537
562
 
538
- /**
539
- * @license
540
- * Copyright 2020 Google LLC
541
- *
542
- * Licensed under the Apache License, Version 2.0 (the "License");
543
- * you may not use this file except in compliance with the License.
544
- * You may obtain a copy of the License at
545
- *
546
- * http://www.apache.org/licenses/LICENSE-2.0
547
- *
548
- * Unless required by applicable law or agreed to in writing, software
549
- * distributed under the License is distributed on an "AS IS" BASIS,
550
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
551
- * See the License for the specific language governing permissions and
552
- * limitations under the License.
553
- */
554
- var instanceCache = new Map();
555
- function _getInstance(cls) {
556
- debugAssert(cls instanceof Function, 'Expected a class definition');
557
- var instance = instanceCache.get(cls);
558
- if (instance) {
559
- debugAssert(instance instanceof cls, 'Instance stored in cache mismatched with class');
560
- return instance;
561
- }
562
- instance = new cls();
563
- instanceCache.set(cls, instance);
564
- return instance;
565
- }
566
-
567
- /**
568
- * @license
569
- * Copyright 2020 Google LLC
570
- *
571
- * Licensed under the Apache License, Version 2.0 (the "License");
572
- * you may not use this file except in compliance with the License.
573
- * You may obtain a copy of the License at
574
- *
575
- * http://www.apache.org/licenses/LICENSE-2.0
576
- *
577
- * Unless required by applicable law or agreed to in writing, software
578
- * distributed under the License is distributed on an "AS IS" BASIS,
579
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
580
- * See the License for the specific language governing permissions and
581
- * limitations under the License.
582
- */
583
- /**
584
- * Initializes an {@link Auth} instance with fine-grained control over
585
- * {@link Dependencies}.
586
- *
587
- * @remarks
588
- *
589
- * This function allows more control over the {@link Auth} instance than
590
- * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
591
- * the {@link Dependencies}. In general, `getAuth` is the easiest way to
592
- * initialize Auth and works for most use cases. Use `initializeAuth` if you
593
- * need control over which persistence layer is used, or to minimize bundle
594
- * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
595
- *
596
- * For example, if your app only uses anonymous accounts and you only want
597
- * accounts saved for the current session, initialize `Auth` with:
598
- *
599
- * ```js
600
- * const auth = initializeAuth(app, {
601
- * persistence: browserSessionPersistence,
602
- * popupRedirectResolver: undefined,
603
- * });
604
- * ```
605
- *
606
- * @public
607
- */
608
- function initializeAuth(app, deps) {
609
- var provider = _getProvider(app, 'auth');
610
- if (provider.isInitialized()) {
611
- var auth_1 = provider.getImmediate();
612
- var initialOptions = provider.getOptions();
613
- if (deepEqual(initialOptions, deps !== null && deps !== void 0 ? deps : {})) {
614
- return auth_1;
615
- }
616
- else {
617
- _fail(auth_1, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */);
618
- }
619
- }
620
- var auth = provider.initialize({ options: deps });
621
- return auth;
622
- }
623
- function _initializeAuthInstance(auth, deps) {
624
- var persistence = (deps === null || deps === void 0 ? void 0 : deps.persistence) || [];
625
- var hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance);
626
- if (deps === null || deps === void 0 ? void 0 : deps.errorMap) {
627
- auth._updateErrorMap(deps.errorMap);
628
- }
629
- // This promise is intended to float; auth initialization happens in the
630
- // background, meanwhile the auth object may be used by the app.
631
- // eslint-disable-next-line @typescript-eslint/no-floating-promises
632
- auth._initializeWithPersistence(hierarchy, deps === null || deps === void 0 ? void 0 : deps.popupRedirectResolver);
633
- }
634
-
635
563
  /**
636
564
  * @license
637
565
  * Copyright 2020 Google LLC
@@ -916,6 +844,15 @@ var SERVER_ERROR_MAP = (_a$1 = {},
916
844
  _a$1["SECOND_FACTOR_LIMIT_EXCEEDED" /* ServerError.SECOND_FACTOR_LIMIT_EXCEEDED */] = "maximum-second-factor-count-exceeded" /* AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED */,
917
845
  // Blocking functions related errors.
918
846
  _a$1["BLOCKING_FUNCTION_ERROR_RESPONSE" /* ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE */] = "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
847
+ // Recaptcha related errors.
848
+ _a$1["RECAPTCHA_NOT_ENABLED" /* ServerError.RECAPTCHA_NOT_ENABLED */] = "recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */,
849
+ _a$1["MISSING_RECAPTCHA_TOKEN" /* ServerError.MISSING_RECAPTCHA_TOKEN */] = "missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */,
850
+ _a$1["INVALID_RECAPTCHA_TOKEN" /* ServerError.INVALID_RECAPTCHA_TOKEN */] = "invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */,
851
+ _a$1["INVALID_RECAPTCHA_ACTION" /* ServerError.INVALID_RECAPTCHA_ACTION */] = "invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */,
852
+ _a$1["MISSING_CLIENT_TYPE" /* ServerError.MISSING_CLIENT_TYPE */] = "missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */,
853
+ _a$1["MISSING_RECAPTCHA_VERSION" /* ServerError.MISSING_RECAPTCHA_VERSION */] = "missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */,
854
+ _a$1["INVALID_RECAPTCHA_VERSION" /* ServerError.INVALID_RECAPTCHA_VERSION */] = "invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */,
855
+ _a$1["INVALID_REQ_TYPE" /* ServerError.INVALID_REQ_TYPE */] = "invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */,
919
856
  _a$1);
920
857
 
921
858
  /**
@@ -2037,6 +1974,35 @@ var UserImpl = /** @class */ (function () {
2037
1974
  return UserImpl;
2038
1975
  }());
2039
1976
 
1977
+ /**
1978
+ * @license
1979
+ * Copyright 2020 Google LLC
1980
+ *
1981
+ * Licensed under the Apache License, Version 2.0 (the "License");
1982
+ * you may not use this file except in compliance with the License.
1983
+ * You may obtain a copy of the License at
1984
+ *
1985
+ * http://www.apache.org/licenses/LICENSE-2.0
1986
+ *
1987
+ * Unless required by applicable law or agreed to in writing, software
1988
+ * distributed under the License is distributed on an "AS IS" BASIS,
1989
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1990
+ * See the License for the specific language governing permissions and
1991
+ * limitations under the License.
1992
+ */
1993
+ var instanceCache = new Map();
1994
+ function _getInstance(cls) {
1995
+ debugAssert(cls instanceof Function, 'Expected a class definition');
1996
+ var instance = instanceCache.get(cls);
1997
+ if (instance) {
1998
+ debugAssert(instance instanceof cls, 'Instance stored in cache mismatched with class');
1999
+ return instance;
2000
+ }
2001
+ instance = new cls();
2002
+ instanceCache.set(cls, instance);
2003
+ return instance;
2004
+ }
2005
+
2040
2006
  /**
2041
2007
  * @license
2042
2008
  * Copyright 2019 Google LLC
@@ -2475,6 +2441,288 @@ function _getClientVersion(clientPlatform, frameworks) {
2475
2441
  return "".concat(reportedPlatform, "/").concat("JsCore" /* ClientImplementation.CORE */, "/").concat(SDK_VERSION, "/").concat(reportedFrameworks);
2476
2442
  }
2477
2443
 
2444
+ /**
2445
+ * @license
2446
+ * Copyright 2020 Google LLC
2447
+ *
2448
+ * Licensed under the Apache License, Version 2.0 (the "License");
2449
+ * you may not use this file except in compliance with the License.
2450
+ * You may obtain a copy of the License at
2451
+ *
2452
+ * http://www.apache.org/licenses/LICENSE-2.0
2453
+ *
2454
+ * Unless required by applicable law or agreed to in writing, software
2455
+ * distributed under the License is distributed on an "AS IS" BASIS,
2456
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2457
+ * See the License for the specific language governing permissions and
2458
+ * limitations under the License.
2459
+ */
2460
+ function getRecaptchaParams(auth) {
2461
+ return __awaiter(this, void 0, void 0, function () {
2462
+ return __generator(this, function (_a) {
2463
+ switch (_a.label) {
2464
+ case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
2465
+ case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
2466
+ }
2467
+ });
2468
+ });
2469
+ }
2470
+ function getRecaptchaConfig(auth, request) {
2471
+ return __awaiter(this, void 0, void 0, function () {
2472
+ return __generator(this, function (_a) {
2473
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
2474
+ });
2475
+ });
2476
+ }
2477
+
2478
+ /**
2479
+ * @license
2480
+ * Copyright 2020 Google LLC
2481
+ *
2482
+ * Licensed under the Apache License, Version 2.0 (the "License");
2483
+ * you may not use this file except in compliance with the License.
2484
+ * You may obtain a copy of the License at
2485
+ *
2486
+ * http://www.apache.org/licenses/LICENSE-2.0
2487
+ *
2488
+ * Unless required by applicable law or agreed to in writing, software
2489
+ * distributed under the License is distributed on an "AS IS" BASIS,
2490
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2491
+ * See the License for the specific language governing permissions and
2492
+ * limitations under the License.
2493
+ */
2494
+ function isV2(grecaptcha) {
2495
+ return (grecaptcha !== undefined &&
2496
+ grecaptcha.getResponse !== undefined);
2497
+ }
2498
+ function isEnterprise(grecaptcha) {
2499
+ return (grecaptcha !== undefined &&
2500
+ grecaptcha.enterprise !== undefined);
2501
+ }
2502
+ var RecaptchaConfig = /** @class */ (function () {
2503
+ function RecaptchaConfig(response) {
2504
+ /**
2505
+ * The reCAPTCHA site key.
2506
+ */
2507
+ this.siteKey = '';
2508
+ /**
2509
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2510
+ */
2511
+ this.emailPasswordEnabled = false;
2512
+ if (response.recaptchaKey === undefined) {
2513
+ throw new Error('recaptchaKey undefined');
2514
+ }
2515
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2516
+ this.siteKey = response.recaptchaKey.split('/')[3];
2517
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
2518
+ return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2519
+ enforcementState.enforcementState !== 'OFF';
2520
+ });
2521
+ }
2522
+ return RecaptchaConfig;
2523
+ }());
2524
+
2525
+ /**
2526
+ * @license
2527
+ * Copyright 2020 Google LLC
2528
+ *
2529
+ * Licensed under the Apache License, Version 2.0 (the "License");
2530
+ * you may not use this file except in compliance with the License.
2531
+ * You may obtain a copy of the License at
2532
+ *
2533
+ * http://www.apache.org/licenses/LICENSE-2.0
2534
+ *
2535
+ * Unless required by applicable law or agreed to in writing, software
2536
+ * distributed under the License is distributed on an "AS IS" BASIS,
2537
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2538
+ * See the License for the specific language governing permissions and
2539
+ * limitations under the License.
2540
+ */
2541
+ function getScriptParentElement() {
2542
+ var _a, _b;
2543
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2544
+ }
2545
+ function _loadJS(url) {
2546
+ // TODO: consider adding timeout support & cancellation
2547
+ return new Promise(function (resolve, reject) {
2548
+ var el = document.createElement('script');
2549
+ el.setAttribute('src', url);
2550
+ el.onload = resolve;
2551
+ el.onerror = function (e) {
2552
+ var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2553
+ error.customData = e;
2554
+ reject(error);
2555
+ };
2556
+ el.type = 'text/javascript';
2557
+ el.charset = 'UTF-8';
2558
+ getScriptParentElement().appendChild(el);
2559
+ });
2560
+ }
2561
+ function _generateCallbackName(prefix) {
2562
+ return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
2563
+ }
2564
+
2565
+ /* eslint-disable @typescript-eslint/no-require-imports */
2566
+ var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2567
+ var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2568
+ var RecaptchaEnterpriseVerifier = /** @class */ (function () {
2569
+ /**
2570
+ *
2571
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
2572
+ *
2573
+ */
2574
+ function RecaptchaEnterpriseVerifier(authExtern) {
2575
+ /**
2576
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2577
+ */
2578
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2579
+ this.auth = _castAuth(authExtern);
2580
+ }
2581
+ /**
2582
+ * Executes the verification process.
2583
+ *
2584
+ * @returns A Promise for a token that can be used to assert the validity of a request.
2585
+ */
2586
+ RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
2587
+ if (action === void 0) { action = 'verify'; }
2588
+ if (forceRefresh === void 0) { forceRefresh = false; }
2589
+ return __awaiter(this, void 0, void 0, function () {
2590
+ function retrieveSiteKey(auth) {
2591
+ return __awaiter(this, void 0, void 0, function () {
2592
+ var _this = this;
2593
+ return __generator(this, function (_a) {
2594
+ if (!forceRefresh) {
2595
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2596
+ return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
2597
+ }
2598
+ if (auth.tenantId != null &&
2599
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2600
+ return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
2601
+ }
2602
+ }
2603
+ return [2 /*return*/, new Promise(function (resolve, reject) { return __awaiter(_this, void 0, void 0, function () {
2604
+ return __generator(this, function (_a) {
2605
+ getRecaptchaConfig(auth, {
2606
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2607
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2608
+ })
2609
+ .then(function (response) {
2610
+ if (response.recaptchaKey === undefined) {
2611
+ reject(new Error('recaptcha Enterprise site key undefined'));
2612
+ }
2613
+ else {
2614
+ var config = new RecaptchaConfig(response);
2615
+ if (auth.tenantId == null) {
2616
+ auth._agentRecaptchaConfig = config;
2617
+ }
2618
+ else {
2619
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2620
+ }
2621
+ return resolve(config.siteKey);
2622
+ }
2623
+ })
2624
+ .catch(function (error) {
2625
+ reject(error);
2626
+ });
2627
+ return [2 /*return*/];
2628
+ });
2629
+ }); })];
2630
+ });
2631
+ });
2632
+ }
2633
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
2634
+ var grecaptcha = window.grecaptcha;
2635
+ if (isEnterprise(grecaptcha)) {
2636
+ grecaptcha.enterprise.ready(function () {
2637
+ try {
2638
+ grecaptcha.enterprise
2639
+ .execute(siteKey, { action: action })
2640
+ .then(function (token) {
2641
+ resolve(token);
2642
+ })
2643
+ .catch(function (error) {
2644
+ reject(error);
2645
+ });
2646
+ }
2647
+ catch (error) {
2648
+ reject(error);
2649
+ }
2650
+ });
2651
+ }
2652
+ else {
2653
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
2654
+ }
2655
+ }
2656
+ var _this = this;
2657
+ return __generator(this, function (_a) {
2658
+ return [2 /*return*/, new Promise(function (resolve, reject) {
2659
+ retrieveSiteKey(_this.auth)
2660
+ .then(function (siteKey) {
2661
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2662
+ retrieveRecaptchaToken(siteKey, resolve, reject);
2663
+ }
2664
+ else {
2665
+ if (typeof window === 'undefined') {
2666
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
2667
+ return;
2668
+ }
2669
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2670
+ .then(function () {
2671
+ retrieveRecaptchaToken(siteKey, resolve, reject);
2672
+ })
2673
+ .catch(function (error) {
2674
+ reject(error);
2675
+ });
2676
+ }
2677
+ })
2678
+ .catch(function (error) {
2679
+ reject(error);
2680
+ });
2681
+ })];
2682
+ });
2683
+ });
2684
+ };
2685
+ return RecaptchaEnterpriseVerifier;
2686
+ }());
2687
+ function injectRecaptchaFields(auth, request, action, captchaResp) {
2688
+ if (captchaResp === void 0) { captchaResp = false; }
2689
+ return __awaiter(this, void 0, void 0, function () {
2690
+ var verifier, captchaResponse, newRequest;
2691
+ return __generator(this, function (_a) {
2692
+ switch (_a.label) {
2693
+ case 0:
2694
+ verifier = new RecaptchaEnterpriseVerifier(auth);
2695
+ _a.label = 1;
2696
+ case 1:
2697
+ _a.trys.push([1, 3, , 5]);
2698
+ return [4 /*yield*/, verifier.verify(action)];
2699
+ case 2:
2700
+ captchaResponse = _a.sent();
2701
+ return [3 /*break*/, 5];
2702
+ case 3:
2703
+ _a.sent();
2704
+ return [4 /*yield*/, verifier.verify(action, true)];
2705
+ case 4:
2706
+ captchaResponse = _a.sent();
2707
+ return [3 /*break*/, 5];
2708
+ case 5:
2709
+ newRequest = __assign({}, request);
2710
+ if (!captchaResp) {
2711
+ Object.assign(newRequest, { captchaResponse: captchaResponse });
2712
+ }
2713
+ else {
2714
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
2715
+ }
2716
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2717
+ Object.assign(newRequest, {
2718
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2719
+ });
2720
+ return [2 /*return*/, newRequest];
2721
+ }
2722
+ });
2723
+ });
2724
+ }
2725
+
2478
2726
  /**
2479
2727
  * @license
2480
2728
  * Copyright 2022 Google LLC
@@ -2596,9 +2844,10 @@ var AuthMiddlewareQueue = /** @class */ (function () {
2596
2844
  * limitations under the License.
2597
2845
  */
2598
2846
  var AuthImpl = /** @class */ (function () {
2599
- function AuthImpl(app, heartbeatServiceProvider, config) {
2847
+ function AuthImpl(app, heartbeatServiceProvider, appCheckServiceProvider, config) {
2600
2848
  this.app = app;
2601
2849
  this.heartbeatServiceProvider = heartbeatServiceProvider;
2850
+ this.appCheckServiceProvider = appCheckServiceProvider;
2602
2851
  this.config = config;
2603
2852
  this.currentUser = null;
2604
2853
  this.emulatorConfig = null;
@@ -2616,6 +2865,8 @@ var AuthImpl = /** @class */ (function () {
2616
2865
  this._initializationPromise = null;
2617
2866
  this._popupRedirectResolver = null;
2618
2867
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2868
+ this._agentRecaptchaConfig = null;
2869
+ this._tenantRecaptchaConfigs = {};
2619
2870
  // Tracks the last notified UID for state change listeners to prevent
2620
2871
  // repeated calls to the callbacks. Undefined means it's never been
2621
2872
  // called, whereas null means it's been called with a signed out user
@@ -2945,6 +3196,41 @@ var AuthImpl = /** @class */ (function () {
2945
3196
  });
2946
3197
  }); });
2947
3198
  };
3199
+ AuthImpl.prototype.initializeRecaptchaConfig = function () {
3200
+ return __awaiter(this, void 0, void 0, function () {
3201
+ var response, config, verifier;
3202
+ return __generator(this, function (_a) {
3203
+ switch (_a.label) {
3204
+ case 0: return [4 /*yield*/, getRecaptchaConfig(this, {
3205
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3206
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3207
+ })];
3208
+ case 1:
3209
+ response = _a.sent();
3210
+ config = new RecaptchaConfig(response);
3211
+ if (this.tenantId == null) {
3212
+ this._agentRecaptchaConfig = config;
3213
+ }
3214
+ else {
3215
+ this._tenantRecaptchaConfigs[this.tenantId] = config;
3216
+ }
3217
+ if (config.emailPasswordEnabled) {
3218
+ verifier = new RecaptchaEnterpriseVerifier(this);
3219
+ void verifier.verify();
3220
+ }
3221
+ return [2 /*return*/];
3222
+ }
3223
+ });
3224
+ });
3225
+ };
3226
+ AuthImpl.prototype._getRecaptchaConfig = function () {
3227
+ if (this.tenantId == null) {
3228
+ return this._agentRecaptchaConfig;
3229
+ }
3230
+ else {
3231
+ return this._tenantRecaptchaConfigs[this.tenantId];
3232
+ }
3233
+ };
2948
3234
  AuthImpl.prototype._getPersistence = function () {
2949
3235
  return this.assertedPersistence.persistence.type;
2950
3236
  };
@@ -3172,7 +3458,7 @@ var AuthImpl = /** @class */ (function () {
3172
3458
  AuthImpl.prototype._getAdditionalHeaders = function () {
3173
3459
  var _a;
3174
3460
  return __awaiter(this, void 0, void 0, function () {
3175
- var headers, heartbeatsHeader;
3461
+ var headers, heartbeatsHeader, appCheckToken;
3176
3462
  var _b;
3177
3463
  return __generator(this, function (_c) {
3178
3464
  switch (_c.label) {
@@ -3192,11 +3478,39 @@ var AuthImpl = /** @class */ (function () {
3192
3478
  if (heartbeatsHeader) {
3193
3479
  headers["X-Firebase-Client" /* HttpHeader.X_FIREBASE_CLIENT */] = heartbeatsHeader;
3194
3480
  }
3481
+ return [4 /*yield*/, this._getAppCheckToken()];
3482
+ case 2:
3483
+ appCheckToken = _c.sent();
3484
+ if (appCheckToken) {
3485
+ headers["X-Firebase-AppCheck" /* HttpHeader.X_FIREBASE_APP_CHECK */] = appCheckToken;
3486
+ }
3195
3487
  return [2 /*return*/, headers];
3196
3488
  }
3197
3489
  });
3198
3490
  });
3199
3491
  };
3492
+ AuthImpl.prototype._getAppCheckToken = function () {
3493
+ var _a;
3494
+ return __awaiter(this, void 0, void 0, function () {
3495
+ var appCheckTokenResult;
3496
+ return __generator(this, function (_b) {
3497
+ switch (_b.label) {
3498
+ case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
3499
+ .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
3500
+ case 1:
3501
+ appCheckTokenResult = _b.sent();
3502
+ if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
3503
+ // Context: appCheck.getToken() will never throw even if an error happened.
3504
+ // In the error case, a dummy token will be returned along with an error field describing
3505
+ // the error. In general, we shouldn't care about the error condition and just use
3506
+ // the token (actual or dummy) to send requests.
3507
+ _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
3508
+ }
3509
+ return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
3510
+ }
3511
+ });
3512
+ });
3513
+ };
3200
3514
  return AuthImpl;
3201
3515
  }());
3202
3516
  /**
@@ -3227,6 +3541,74 @@ var Subscription = /** @class */ (function () {
3227
3541
  return Subscription;
3228
3542
  }());
3229
3543
 
3544
+ /**
3545
+ * @license
3546
+ * Copyright 2020 Google LLC
3547
+ *
3548
+ * Licensed under the Apache License, Version 2.0 (the "License");
3549
+ * you may not use this file except in compliance with the License.
3550
+ * You may obtain a copy of the License at
3551
+ *
3552
+ * http://www.apache.org/licenses/LICENSE-2.0
3553
+ *
3554
+ * Unless required by applicable law or agreed to in writing, software
3555
+ * distributed under the License is distributed on an "AS IS" BASIS,
3556
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3557
+ * See the License for the specific language governing permissions and
3558
+ * limitations under the License.
3559
+ */
3560
+ /**
3561
+ * Initializes an {@link Auth} instance with fine-grained control over
3562
+ * {@link Dependencies}.
3563
+ *
3564
+ * @remarks
3565
+ *
3566
+ * This function allows more control over the {@link Auth} instance than
3567
+ * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
3568
+ * the {@link Dependencies}. In general, `getAuth` is the easiest way to
3569
+ * initialize Auth and works for most use cases. Use `initializeAuth` if you
3570
+ * need control over which persistence layer is used, or to minimize bundle
3571
+ * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
3572
+ *
3573
+ * For example, if your app only uses anonymous accounts and you only want
3574
+ * accounts saved for the current session, initialize `Auth` with:
3575
+ *
3576
+ * ```js
3577
+ * const auth = initializeAuth(app, {
3578
+ * persistence: browserSessionPersistence,
3579
+ * popupRedirectResolver: undefined,
3580
+ * });
3581
+ * ```
3582
+ *
3583
+ * @public
3584
+ */
3585
+ function initializeAuth(app, deps) {
3586
+ var provider = _getProvider(app, 'auth');
3587
+ if (provider.isInitialized()) {
3588
+ var auth_1 = provider.getImmediate();
3589
+ var initialOptions = provider.getOptions();
3590
+ if (deepEqual(initialOptions, deps !== null && deps !== void 0 ? deps : {})) {
3591
+ return auth_1;
3592
+ }
3593
+ else {
3594
+ _fail(auth_1, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */);
3595
+ }
3596
+ }
3597
+ var auth = provider.initialize({ options: deps });
3598
+ return auth;
3599
+ }
3600
+ function _initializeAuthInstance(auth, deps) {
3601
+ var persistence = (deps === null || deps === void 0 ? void 0 : deps.persistence) || [];
3602
+ var hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance);
3603
+ if (deps === null || deps === void 0 ? void 0 : deps.errorMap) {
3604
+ auth._updateErrorMap(deps.errorMap);
3605
+ }
3606
+ // This promise is intended to float; auth initialization happens in the
3607
+ // background, meanwhile the auth object may be used by the app.
3608
+ // eslint-disable-next-line @typescript-eslint/no-floating-promises
3609
+ auth._initializeWithPersistence(hierarchy, deps === null || deps === void 0 ? void 0 : deps.popupRedirectResolver);
3610
+ }
3611
+
3230
3612
  /**
3231
3613
  * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
3232
3614
  * Firebase Auth services.
@@ -3615,24 +3997,55 @@ var EmailAuthCredential = /** @class */ (function (_super) {
3615
3997
  };
3616
3998
  /** @internal */
3617
3999
  EmailAuthCredential.prototype._getIdTokenResponse = function (auth) {
4000
+ var _a;
3618
4001
  return __awaiter(this, void 0, void 0, function () {
3619
- return __generator(this, function (_a) {
3620
- switch (this.signInMethod) {
3621
- case "password" /* SignInMethod.EMAIL_PASSWORD */:
3622
- return [2 /*return*/, signInWithPassword(auth, {
3623
- returnSecureToken: true,
3624
- email: this._email,
3625
- password: this._password
3626
- })];
3627
- case "emailLink" /* SignInMethod.EMAIL_LINK */:
3628
- return [2 /*return*/, signInWithEmailLink$1(auth, {
3629
- email: this._email,
3630
- oobCode: this._password
3631
- })];
3632
- default:
4002
+ var _b, request_1, requestWithRecaptcha;
4003
+ var _this = this;
4004
+ return __generator(this, function (_c) {
4005
+ switch (_c.label) {
4006
+ case 0:
4007
+ _b = this.signInMethod;
4008
+ switch (_b) {
4009
+ case "password" /* SignInMethod.EMAIL_PASSWORD */: return [3 /*break*/, 1];
4010
+ case "emailLink" /* SignInMethod.EMAIL_LINK */: return [3 /*break*/, 4];
4011
+ }
4012
+ return [3 /*break*/, 5];
4013
+ case 1:
4014
+ request_1 = {
4015
+ returnSecureToken: true,
4016
+ email: this._email,
4017
+ password: this._password,
4018
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
4019
+ };
4020
+ if (!((_a = auth._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 3];
4021
+ return [4 /*yield*/, injectRecaptchaFields(auth, request_1, "signInWithPassword" /* RecaptchaActionName.SIGN_IN_WITH_PASSWORD */)];
4022
+ case 2:
4023
+ requestWithRecaptcha = _c.sent();
4024
+ return [2 /*return*/, signInWithPassword(auth, requestWithRecaptcha)];
4025
+ case 3: return [2 /*return*/, signInWithPassword(auth, request_1).catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
4026
+ var requestWithRecaptcha;
4027
+ return __generator(this, function (_a) {
4028
+ switch (_a.label) {
4029
+ case 0:
4030
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 2];
4031
+ console.log('Sign-in with email address and password is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.');
4032
+ return [4 /*yield*/, injectRecaptchaFields(auth, request_1, "signInWithPassword" /* RecaptchaActionName.SIGN_IN_WITH_PASSWORD */)];
4033
+ case 1:
4034
+ requestWithRecaptcha = _a.sent();
4035
+ return [2 /*return*/, signInWithPassword(auth, requestWithRecaptcha)];
4036
+ case 2: return [2 /*return*/, Promise.reject(error)];
4037
+ }
4038
+ });
4039
+ }); })];
4040
+ case 4: return [2 /*return*/, signInWithEmailLink$1(auth, {
4041
+ email: this._email,
4042
+ oobCode: this._password
4043
+ })];
4044
+ case 5:
3633
4045
  _fail(auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
4046
+ _c.label = 6;
4047
+ case 6: return [2 /*return*/];
3634
4048
  }
3635
- return [2 /*return*/];
3636
4049
  });
3637
4050
  });
3638
4051
  };
@@ -5819,23 +6232,61 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
5819
6232
  * @public
5820
6233
  */
5821
6234
  function sendPasswordResetEmail(auth, email, actionCodeSettings) {
6235
+ var _a;
5822
6236
  return __awaiter(this, void 0, void 0, function () {
5823
- var authModular, request;
5824
- return __generator(this, function (_a) {
5825
- switch (_a.label) {
6237
+ var authInternal, request, requestWithRecaptcha;
6238
+ var _this = this;
6239
+ return __generator(this, function (_b) {
6240
+ switch (_b.label) {
5826
6241
  case 0:
5827
- authModular = getModularInstance(auth);
6242
+ authInternal = _castAuth(auth);
5828
6243
  request = {
5829
6244
  requestType: "PASSWORD_RESET" /* ActionCodeOperation.PASSWORD_RESET */,
5830
- email: email
6245
+ email: email,
6246
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
5831
6247
  };
6248
+ if (!((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 3];
6249
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
6250
+ case 1:
6251
+ requestWithRecaptcha = _b.sent();
5832
6252
  if (actionCodeSettings) {
5833
- _setActionCodeSettingsOnRequest(authModular, request, actionCodeSettings);
6253
+ _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
5834
6254
  }
5835
- return [4 /*yield*/, sendPasswordResetEmail$1(authModular, request)];
5836
- case 1:
5837
- _a.sent();
5838
- return [2 /*return*/];
6255
+ return [4 /*yield*/, sendPasswordResetEmail$1(authInternal, requestWithRecaptcha)];
6256
+ case 2:
6257
+ _b.sent();
6258
+ return [3 /*break*/, 5];
6259
+ case 3:
6260
+ if (actionCodeSettings) {
6261
+ _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);
6262
+ }
6263
+ return [4 /*yield*/, sendPasswordResetEmail$1(authInternal, request)
6264
+ .catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
6265
+ var requestWithRecaptcha;
6266
+ return __generator(this, function (_a) {
6267
+ switch (_a.label) {
6268
+ case 0:
6269
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 3];
6270
+ console.log('Password resets are protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the password reset flow.');
6271
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
6272
+ case 1:
6273
+ requestWithRecaptcha = _a.sent();
6274
+ if (actionCodeSettings) {
6275
+ _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
6276
+ }
6277
+ return [4 /*yield*/, sendPasswordResetEmail$1(authInternal, requestWithRecaptcha)];
6278
+ case 2:
6279
+ _a.sent();
6280
+ return [3 /*break*/, 4];
6281
+ case 3: return [2 /*return*/, Promise.reject(error)];
6282
+ case 4: return [2 /*return*/];
6283
+ }
6284
+ });
6285
+ }); })];
6286
+ case 4:
6287
+ _b.sent();
6288
+ _b.label = 5;
6289
+ case 5: return [2 /*return*/];
5839
6290
  }
5840
6291
  });
5841
6292
  });
@@ -5980,25 +6431,54 @@ function verifyPasswordResetCode(auth, code) {
5980
6431
  * @public
5981
6432
  */
5982
6433
  function createUserWithEmailAndPassword(auth, email, password) {
6434
+ var _a;
5983
6435
  return __awaiter(this, void 0, void 0, function () {
5984
- var authInternal, response, userCredential;
5985
- return __generator(this, function (_a) {
5986
- switch (_a.label) {
6436
+ var authInternal, request, signUpResponse, requestWithRecaptcha, response, userCredential;
6437
+ var _this = this;
6438
+ return __generator(this, function (_b) {
6439
+ switch (_b.label) {
5987
6440
  case 0:
5988
6441
  authInternal = _castAuth(auth);
5989
- return [4 /*yield*/, signUp(authInternal, {
5990
- returnSecureToken: true,
5991
- email: email,
5992
- password: password
5993
- })];
6442
+ request = {
6443
+ returnSecureToken: true,
6444
+ email: email,
6445
+ password: password,
6446
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
6447
+ };
6448
+ if (!((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 2];
6449
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */)];
5994
6450
  case 1:
5995
- response = _a.sent();
5996
- return [4 /*yield*/, UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response)];
6451
+ requestWithRecaptcha = _b.sent();
6452
+ signUpResponse = signUp(authInternal, requestWithRecaptcha);
6453
+ return [3 /*break*/, 3];
5997
6454
  case 2:
5998
- userCredential = _a.sent();
6455
+ signUpResponse = signUp(authInternal, request).catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
6456
+ var requestWithRecaptcha;
6457
+ return __generator(this, function (_a) {
6458
+ switch (_a.label) {
6459
+ case 0:
6460
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 2];
6461
+ console.log('Sign-up is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-up flow.');
6462
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */)];
6463
+ case 1:
6464
+ requestWithRecaptcha = _a.sent();
6465
+ return [2 /*return*/, signUp(authInternal, requestWithRecaptcha)];
6466
+ case 2: return [2 /*return*/, Promise.reject(error)];
6467
+ }
6468
+ });
6469
+ }); });
6470
+ _b.label = 3;
6471
+ case 3: return [4 /*yield*/, signUpResponse.catch(function (error) {
6472
+ return Promise.reject(error);
6473
+ })];
6474
+ case 4:
6475
+ response = _b.sent();
6476
+ return [4 /*yield*/, UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response)];
6477
+ case 5:
6478
+ userCredential = _b.sent();
5999
6479
  return [4 /*yield*/, authInternal._updateCurrentUser(userCredential.user)];
6000
- case 3:
6001
- _a.sent();
6480
+ case 6:
6481
+ _b.sent();
6002
6482
  return [2 /*return*/, userCredential];
6003
6483
  }
6004
6484
  });
@@ -6079,24 +6559,61 @@ function signInWithEmailAndPassword(auth, email, password) {
6079
6559
  * @public
6080
6560
  */
6081
6561
  function sendSignInLinkToEmail(auth, email, actionCodeSettings) {
6562
+ var _a;
6082
6563
  return __awaiter(this, void 0, void 0, function () {
6083
- var authModular, request;
6084
- return __generator(this, function (_a) {
6085
- switch (_a.label) {
6564
+ function setActionCodeSettings(request, actionCodeSettings) {
6565
+ _assert(actionCodeSettings.handleCodeInApp, authInternal, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
6566
+ if (actionCodeSettings) {
6567
+ _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);
6568
+ }
6569
+ }
6570
+ var authInternal, request, requestWithRecaptcha;
6571
+ var _this = this;
6572
+ return __generator(this, function (_b) {
6573
+ switch (_b.label) {
6086
6574
  case 0:
6087
- authModular = getModularInstance(auth);
6575
+ authInternal = _castAuth(auth);
6088
6576
  request = {
6089
6577
  requestType: "EMAIL_SIGNIN" /* ActionCodeOperation.EMAIL_SIGNIN */,
6090
- email: email
6578
+ email: email,
6579
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
6091
6580
  };
6092
- _assert(actionCodeSettings.handleCodeInApp, authModular, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
6093
- if (actionCodeSettings) {
6094
- _setActionCodeSettingsOnRequest(authModular, request, actionCodeSettings);
6095
- }
6096
- return [4 /*yield*/, sendSignInLinkToEmail$1(authModular, request)];
6581
+ if (!((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled)) return [3 /*break*/, 3];
6582
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
6097
6583
  case 1:
6098
- _a.sent();
6099
- return [2 /*return*/];
6584
+ requestWithRecaptcha = _b.sent();
6585
+ setActionCodeSettings(requestWithRecaptcha, actionCodeSettings);
6586
+ return [4 /*yield*/, sendSignInLinkToEmail$1(authInternal, requestWithRecaptcha)];
6587
+ case 2:
6588
+ _b.sent();
6589
+ return [3 /*break*/, 5];
6590
+ case 3:
6591
+ setActionCodeSettings(request, actionCodeSettings);
6592
+ return [4 /*yield*/, sendSignInLinkToEmail$1(authInternal, request)
6593
+ .catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
6594
+ var requestWithRecaptcha;
6595
+ return __generator(this, function (_a) {
6596
+ switch (_a.label) {
6597
+ case 0:
6598
+ if (!(error.code === "auth/".concat("missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */))) return [3 /*break*/, 3];
6599
+ console.log('Email link sign-in is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.');
6600
+ return [4 /*yield*/, injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true)];
6601
+ case 1:
6602
+ requestWithRecaptcha = _a.sent();
6603
+ setActionCodeSettings(requestWithRecaptcha, actionCodeSettings);
6604
+ return [4 /*yield*/, sendSignInLinkToEmail$1(authInternal, requestWithRecaptcha)];
6605
+ case 2:
6606
+ _a.sent();
6607
+ return [3 /*break*/, 4];
6608
+ case 3: return [2 /*return*/, Promise.reject(error)];
6609
+ case 4: return [2 /*return*/];
6610
+ }
6611
+ });
6612
+ }); })];
6613
+ case 4:
6614
+ _b.sent();
6615
+ _b.label = 5;
6616
+ case 5: return [2 /*return*/];
6100
6617
  }
6101
6618
  });
6102
6619
  });
@@ -6692,6 +7209,35 @@ function getAdditionalUserInfo(userCredential) {
6692
7209
  function setPersistence(auth, persistence) {
6693
7210
  return getModularInstance(auth).setPersistence(persistence);
6694
7211
  }
7212
+ /**
7213
+ * Loads the reCAPTCHA configuration into the `Auth` instance.
7214
+ *
7215
+ * @remarks
7216
+ * This will load the reCAPTCHA config, which indicates whether the reCAPTCHA
7217
+ * verification flow should be triggered for each auth provider, into the
7218
+ * current Auth session.
7219
+ *
7220
+ * If initializeRecaptchaConfig() is not invoked, the auth flow will always start
7221
+ * without reCAPTCHA verification. If the provider is configured to require reCAPTCHA
7222
+ * verification, the SDK will transparently load the reCAPTCHA config and restart the
7223
+ * auth flows.
7224
+ *
7225
+ * Thus, by calling this optional method, you will reduce the latency of future auth flows.
7226
+ * Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.
7227
+ *
7228
+ * @example
7229
+ * ```javascript
7230
+ * initializeRecaptchaConfig(auth);
7231
+ * ```
7232
+ *
7233
+ * @param auth - The {@link Auth} instance.
7234
+ *
7235
+ * @public
7236
+ */
7237
+ function initializeRecaptchaConfig(auth) {
7238
+ var authInternal = _castAuth(auth);
7239
+ return authInternal.initializeRecaptchaConfig();
7240
+ }
6695
7241
  /**
6696
7242
  * Adds an observer for changes to the signed-in user's ID token.
6697
7243
  *
@@ -8378,73 +8924,6 @@ function finalizeSignInTotpMfa(auth, request) {
8378
8924
  return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts/mfaSignIn:finalize" /* Endpoint.FINALIZE_MFA_SIGN_IN */, _addTidIfNecessary(auth, request));
8379
8925
  }
8380
8926
 
8381
- /**
8382
- * @license
8383
- * Copyright 2020 Google LLC
8384
- *
8385
- * Licensed under the Apache License, Version 2.0 (the "License");
8386
- * you may not use this file except in compliance with the License.
8387
- * You may obtain a copy of the License at
8388
- *
8389
- * http://www.apache.org/licenses/LICENSE-2.0
8390
- *
8391
- * Unless required by applicable law or agreed to in writing, software
8392
- * distributed under the License is distributed on an "AS IS" BASIS,
8393
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
8394
- * See the License for the specific language governing permissions and
8395
- * limitations under the License.
8396
- */
8397
- function getRecaptchaParams(auth) {
8398
- return __awaiter(this, void 0, void 0, function () {
8399
- return __generator(this, function (_a) {
8400
- switch (_a.label) {
8401
- case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
8402
- case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
8403
- }
8404
- });
8405
- });
8406
- }
8407
-
8408
- /**
8409
- * @license
8410
- * Copyright 2020 Google LLC
8411
- *
8412
- * Licensed under the Apache License, Version 2.0 (the "License");
8413
- * you may not use this file except in compliance with the License.
8414
- * You may obtain a copy of the License at
8415
- *
8416
- * http://www.apache.org/licenses/LICENSE-2.0
8417
- *
8418
- * Unless required by applicable law or agreed to in writing, software
8419
- * distributed under the License is distributed on an "AS IS" BASIS,
8420
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
8421
- * See the License for the specific language governing permissions and
8422
- * limitations under the License.
8423
- */
8424
- function getScriptParentElement() {
8425
- var _a, _b;
8426
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
8427
- }
8428
- function _loadJS(url) {
8429
- // TODO: consider adding timeout support & cancellation
8430
- return new Promise(function (resolve, reject) {
8431
- var el = document.createElement('script');
8432
- el.setAttribute('src', url);
8433
- el.onload = resolve;
8434
- el.onerror = function (e) {
8435
- var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
8436
- error.customData = e;
8437
- reject(error);
8438
- };
8439
- el.type = 'text/javascript';
8440
- el.charset = 'UTF-8';
8441
- getScriptParentElement().appendChild(el);
8442
- });
8443
- }
8444
- function _generateCallbackName(prefix) {
8445
- return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
8446
- }
8447
-
8448
8927
  /**
8449
8928
  * @license
8450
8929
  * Copyright 2020 Google LLC
@@ -8622,7 +9101,7 @@ var ReCaptchaLoaderImpl = /** @class */ (function () {
8622
9101
  var _this = this;
8623
9102
  if (hl === void 0) { hl = ''; }
8624
9103
  _assert(isHostLanguageValid(hl), auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
8625
- if (this.shouldResolveImmediately(hl)) {
9104
+ if (this.shouldResolveImmediately(hl) && isV2(_window().grecaptcha)) {
8626
9105
  return Promise.resolve(_window().grecaptcha);
8627
9106
  }
8628
9107
  return new Promise(function (resolve, reject) {
@@ -8633,7 +9112,7 @@ var ReCaptchaLoaderImpl = /** @class */ (function () {
8633
9112
  _window().clearTimeout(networkTimeout);
8634
9113
  delete _window()[_JSLOAD_CALLBACK];
8635
9114
  var recaptcha = _window().grecaptcha;
8636
- if (!recaptcha) {
9115
+ if (!recaptcha || !isV2(recaptcha)) {
8637
9116
  reject(_createError(auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */));
8638
9117
  return;
8639
9118
  }
@@ -9815,11 +10294,13 @@ var PopupOperation = /** @class */ (function (_super) {
9815
10294
  if ((_b = (_a = _this.authWindow) === null || _a === void 0 ? void 0 : _a.window) === null || _b === void 0 ? void 0 : _b.closed) {
9816
10295
  // Make sure that there is sufficient time for whatever action to
9817
10296
  // complete. The window could have closed but the sign in network
9818
- // call could still be in flight.
10297
+ // call could still be in flight. This is specifically true for
10298
+ // Firefox or if the opener is in an iframe, in which case the oauth
10299
+ // helper closes the popup.
9819
10300
  _this.pollId = window.setTimeout(function () {
9820
10301
  _this.pollId = null;
9821
10302
  _this.reject(_createError(_this.auth, "popup-closed-by-user" /* AuthErrorCode.POPUP_CLOSED_BY_USER */));
9822
- }, 2000 /* _Timeout.AUTH_EVENT */);
10303
+ }, 8000 /* _Timeout.AUTH_EVENT */);
9823
10304
  return;
9824
10305
  }
9825
10306
  _this.pollId = window.setTimeout(poll, _POLL_WINDOW_CLOSE_TIMEOUT.get());
@@ -10867,48 +11348,67 @@ var WIDGET_PATH = '__/auth/handler';
10867
11348
  * @internal
10868
11349
  */
10869
11350
  var EMULATOR_WIDGET_PATH = 'emulator/auth/handler';
11351
+ /**
11352
+ * Fragment name for the App Check token that gets passed to the widget
11353
+ *
11354
+ * @internal
11355
+ */
11356
+ var FIREBASE_APP_CHECK_FRAGMENT_ID = encodeURIComponent('fac');
10870
11357
  function _getRedirectUrl(auth, provider, authType, redirectUrl, eventId, additionalParams) {
10871
- _assert(auth.config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */);
10872
- _assert(auth.config.apiKey, auth, "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */);
10873
- var params = {
10874
- apiKey: auth.config.apiKey,
10875
- appName: auth.name,
10876
- authType: authType,
10877
- redirectUrl: redirectUrl,
10878
- v: SDK_VERSION,
10879
- eventId: eventId
10880
- };
10881
- if (provider instanceof FederatedAuthProvider) {
10882
- provider.setDefaultLanguage(auth.languageCode);
10883
- params.providerId = provider.providerId || '';
10884
- if (!isEmpty(provider.getCustomParameters())) {
10885
- params.customParameters = JSON.stringify(provider.getCustomParameters());
10886
- }
10887
- // TODO set additionalParams from the provider as well?
10888
- for (var _i = 0, _a = Object.entries(additionalParams || {}); _i < _a.length; _i++) {
10889
- var _b = _a[_i], key = _b[0], value = _b[1];
10890
- params[key] = value;
10891
- }
10892
- }
10893
- if (provider instanceof BaseOAuthProvider) {
10894
- var scopes = provider.getScopes().filter(function (scope) { return scope !== ''; });
10895
- if (scopes.length > 0) {
10896
- params.scopes = scopes.join(',');
10897
- }
10898
- }
10899
- if (auth.tenantId) {
10900
- params.tid = auth.tenantId;
10901
- }
10902
- // TODO: maybe set eid as endipointId
10903
- // TODO: maybe set fw as Frameworks.join(",")
10904
- var paramsDict = params;
10905
- for (var _c = 0, _d = Object.keys(paramsDict); _c < _d.length; _c++) {
10906
- var key = _d[_c];
10907
- if (paramsDict[key] === undefined) {
10908
- delete paramsDict[key];
10909
- }
10910
- }
10911
- return "".concat(getHandlerBase(auth), "?").concat(querystring(paramsDict).slice(1));
11358
+ return __awaiter(this, void 0, void 0, function () {
11359
+ var params, _i, _a, _b, key, value, scopes, paramsDict, _c, _d, key, appCheckToken, appCheckTokenFragment;
11360
+ return __generator(this, function (_e) {
11361
+ switch (_e.label) {
11362
+ case 0:
11363
+ _assert(auth.config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */);
11364
+ _assert(auth.config.apiKey, auth, "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */);
11365
+ params = {
11366
+ apiKey: auth.config.apiKey,
11367
+ appName: auth.name,
11368
+ authType: authType,
11369
+ redirectUrl: redirectUrl,
11370
+ v: SDK_VERSION,
11371
+ eventId: eventId
11372
+ };
11373
+ if (provider instanceof FederatedAuthProvider) {
11374
+ provider.setDefaultLanguage(auth.languageCode);
11375
+ params.providerId = provider.providerId || '';
11376
+ if (!isEmpty(provider.getCustomParameters())) {
11377
+ params.customParameters = JSON.stringify(provider.getCustomParameters());
11378
+ }
11379
+ // TODO set additionalParams from the provider as well?
11380
+ for (_i = 0, _a = Object.entries(additionalParams || {}); _i < _a.length; _i++) {
11381
+ _b = _a[_i], key = _b[0], value = _b[1];
11382
+ params[key] = value;
11383
+ }
11384
+ }
11385
+ if (provider instanceof BaseOAuthProvider) {
11386
+ scopes = provider.getScopes().filter(function (scope) { return scope !== ''; });
11387
+ if (scopes.length > 0) {
11388
+ params.scopes = scopes.join(',');
11389
+ }
11390
+ }
11391
+ if (auth.tenantId) {
11392
+ params.tid = auth.tenantId;
11393
+ }
11394
+ paramsDict = params;
11395
+ for (_c = 0, _d = Object.keys(paramsDict); _c < _d.length; _c++) {
11396
+ key = _d[_c];
11397
+ if (paramsDict[key] === undefined) {
11398
+ delete paramsDict[key];
11399
+ }
11400
+ }
11401
+ return [4 /*yield*/, auth._getAppCheckToken()];
11402
+ case 1:
11403
+ appCheckToken = _e.sent();
11404
+ appCheckTokenFragment = appCheckToken
11405
+ ? "#".concat(FIREBASE_APP_CHECK_FRAGMENT_ID, "=").concat(encodeURIComponent(appCheckToken))
11406
+ : '';
11407
+ // Start at index 1 to skip the leading '&' in the query string
11408
+ return [2 /*return*/, "".concat(getHandlerBase(auth), "?").concat(querystring(paramsDict).slice(1)).concat(appCheckTokenFragment)];
11409
+ }
11410
+ });
11411
+ });
10912
11412
  }
10913
11413
  function getHandlerBase(_a) {
10914
11414
  var config = _a.config;
@@ -10955,20 +11455,29 @@ var BrowserPopupRedirectResolver = /** @class */ (function () {
10955
11455
  return __awaiter(this, void 0, void 0, function () {
10956
11456
  var url;
10957
11457
  return __generator(this, function (_b) {
10958
- debugAssert((_a = this.eventManagers[auth._key()]) === null || _a === void 0 ? void 0 : _a.manager, '_initialize() not called before _openPopup()');
10959
- url = _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId);
10960
- return [2 /*return*/, _open(auth, url, _generateEventId())];
11458
+ switch (_b.label) {
11459
+ case 0:
11460
+ debugAssert((_a = this.eventManagers[auth._key()]) === null || _a === void 0 ? void 0 : _a.manager, '_initialize() not called before _openPopup()');
11461
+ return [4 /*yield*/, _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId)];
11462
+ case 1:
11463
+ url = _b.sent();
11464
+ return [2 /*return*/, _open(auth, url, _generateEventId())];
11465
+ }
10961
11466
  });
10962
11467
  });
10963
11468
  };
10964
11469
  BrowserPopupRedirectResolver.prototype._openRedirect = function (auth, provider, authType, eventId) {
10965
11470
  return __awaiter(this, void 0, void 0, function () {
11471
+ var url;
10966
11472
  return __generator(this, function (_a) {
10967
11473
  switch (_a.label) {
10968
11474
  case 0: return [4 /*yield*/, this._originValidation(auth)];
10969
11475
  case 1:
10970
11476
  _a.sent();
10971
- _setWindowLocation(_getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId));
11477
+ return [4 /*yield*/, _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId)];
11478
+ case 2:
11479
+ url = _a.sent();
11480
+ _setWindowLocation(url);
10972
11481
  return [2 /*return*/, new Promise(function () { })];
10973
11482
  }
10974
11483
  });
@@ -11303,7 +11812,7 @@ function _isEmptyString(input) {
11303
11812
  }
11304
11813
 
11305
11814
  var name = "@firebase/auth";
11306
- var version = "0.22.0";
11815
+ var version = "0.23.0-canary.0832dcac2";
11307
11816
 
11308
11817
  /**
11309
11818
  * @license
@@ -11423,26 +11932,25 @@ function registerAuth(clientPlatform) {
11423
11932
  var deps = _a.options;
11424
11933
  var app = container.getProvider('app').getImmediate();
11425
11934
  var heartbeatServiceProvider = container.getProvider('heartbeat');
11935
+ var appCheckServiceProvider = container.getProvider('app-check-internal');
11426
11936
  var _b = app.options, apiKey = _b.apiKey, authDomain = _b.authDomain;
11427
- return (function (app, heartbeatServiceProvider) {
11428
- _assert(apiKey && !apiKey.includes(':'), "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */, { appName: app.name });
11429
- // Auth domain is optional if IdP sign in isn't being used
11430
- _assert(!(authDomain === null || authDomain === void 0 ? void 0 : authDomain.includes(':')), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, {
11431
- appName: app.name
11432
- });
11433
- var config = {
11434
- apiKey: apiKey,
11435
- authDomain: authDomain,
11436
- clientPlatform: clientPlatform,
11437
- apiHost: "identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */,
11438
- tokenApiHost: "securetoken.googleapis.com" /* DefaultConfig.TOKEN_API_HOST */,
11439
- apiScheme: "https" /* DefaultConfig.API_SCHEME */,
11440
- sdkClientVersion: _getClientVersion(clientPlatform)
11441
- };
11442
- var authInstance = new AuthImpl(app, heartbeatServiceProvider, config);
11443
- _initializeAuthInstance(authInstance, deps);
11444
- return authInstance;
11445
- })(app, heartbeatServiceProvider);
11937
+ _assert(apiKey && !apiKey.includes(':'), "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */, { appName: app.name });
11938
+ // Auth domain is optional if IdP sign in isn't being used
11939
+ _assert(!(authDomain === null || authDomain === void 0 ? void 0 : authDomain.includes(':')), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, {
11940
+ appName: app.name
11941
+ });
11942
+ var config = {
11943
+ apiKey: apiKey,
11944
+ authDomain: authDomain,
11945
+ clientPlatform: clientPlatform,
11946
+ apiHost: "identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */,
11947
+ tokenApiHost: "securetoken.googleapis.com" /* DefaultConfig.TOKEN_API_HOST */,
11948
+ apiScheme: "https" /* DefaultConfig.API_SCHEME */,
11949
+ sdkClientVersion: _getClientVersion(clientPlatform)
11950
+ };
11951
+ var authInstance = new AuthImpl(app, heartbeatServiceProvider, appCheckServiceProvider, config);
11952
+ _initializeAuthInstance(authInstance, deps);
11953
+ return authInstance;
11446
11954
  }, "PUBLIC" /* ComponentType.PUBLIC */)
11447
11955
  /**
11448
11956
  * Auth can only be initialized by explicitly calling getAuth() or initializeAuth()
@@ -11560,5 +12068,5 @@ function getAuth(app) {
11560
12068
  }
11561
12069
  registerAuth("Browser" /* ClientPlatform.BROWSER */);
11562
12070
 
11563
- export { linkWithCredential as $, ActionCodeOperation as A, deleteUser as B, debugErrorMap as C, prodErrorMap as D, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as E, FactorId as F, initializeAuth as G, connectAuthEmulator as H, AuthCredential as I, EmailAuthCredential as J, OAuthCredential as K, PhoneAuthCredential as L, inMemoryPersistence as M, EmailAuthProvider as N, OperationType as O, PhoneAuthProvider as P, FacebookAuthProvider as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, GoogleAuthProvider as U, GithubAuthProvider as V, OAuthProvider as W, SAMLAuthProvider as X, TwitterAuthProvider as Y, signInAnonymously as Z, signInWithCredential as _, browserSessionPersistence as a, reauthenticateWithCredential as a0, signInWithCustomToken as a1, sendPasswordResetEmail as a2, confirmPasswordReset as a3, applyActionCode as a4, checkActionCode as a5, verifyPasswordResetCode as a6, createUserWithEmailAndPassword as a7, signInWithEmailAndPassword as a8, sendSignInLinkToEmail as a9, AuthEventManager as aA, _getInstance as aB, _persistenceKeyName as aC, _clearRedirectOutcomes as aD, _getRedirectResult as aE, _overrideRedirectResult as aF, _castAuth as aG, UserImpl as aH, AuthImpl as aI, _getClientVersion as aJ, _generateEventId as aK, AuthPopup as aL, FetchProvider as aM, SAMLAuthCredential as aN, isSignInWithEmailLink as aa, signInWithEmailLink as ab, fetchSignInMethodsForEmail as ac, sendEmailVerification as ad, verifyBeforeUpdateEmail as ae, ActionCodeURL as af, parseActionCodeURL as ag, updateProfile as ah, updateEmail as ai, updatePassword as aj, getIdToken as ak, getIdTokenResult as al, unlink as am, getAdditionalUserInfo as an, reload as ao, getMultiFactorResolver as ap, multiFactor as aq, _isIOS as ar, _isAndroid as as, _fail as at, _getRedirectUrl as au, debugAssert as av, _getProjectConfig as aw, _isIOS7Or8 as ax, _assert as ay, _createError as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, onIdTokenChanged as t, updatePhoneNumber as u, beforeAuthStateChanged as v, onAuthStateChanged as w, useDeviceLanguage as x, updateCurrentUser as y, signOut as z };
11564
- //# sourceMappingURL=index-714e827f.js.map
12071
+ export { signInWithCredential as $, ActionCodeOperation as A, signOut as B, deleteUser as C, debugErrorMap as D, prodErrorMap as E, FactorId as F, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as G, initializeAuth as H, connectAuthEmulator as I, AuthCredential as J, EmailAuthCredential as K, OAuthCredential as L, PhoneAuthCredential as M, inMemoryPersistence as N, OperationType as O, PhoneAuthProvider as P, EmailAuthProvider as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, FacebookAuthProvider as U, GoogleAuthProvider as V, GithubAuthProvider as W, OAuthProvider as X, SAMLAuthProvider as Y, TwitterAuthProvider as Z, signInAnonymously as _, browserSessionPersistence as a, linkWithCredential as a0, reauthenticateWithCredential as a1, signInWithCustomToken as a2, sendPasswordResetEmail as a3, confirmPasswordReset as a4, applyActionCode as a5, checkActionCode as a6, verifyPasswordResetCode as a7, createUserWithEmailAndPassword as a8, signInWithEmailAndPassword as a9, _createError as aA, AuthEventManager as aB, _getInstance as aC, _persistenceKeyName as aD, _clearRedirectOutcomes as aE, _getRedirectResult as aF, _overrideRedirectResult as aG, _castAuth as aH, UserImpl as aI, AuthImpl as aJ, _getClientVersion as aK, _generateEventId as aL, AuthPopup as aM, FetchProvider as aN, SAMLAuthCredential as aO, sendSignInLinkToEmail as aa, isSignInWithEmailLink as ab, signInWithEmailLink as ac, fetchSignInMethodsForEmail as ad, sendEmailVerification as ae, verifyBeforeUpdateEmail as af, ActionCodeURL as ag, parseActionCodeURL as ah, updateProfile as ai, updateEmail as aj, updatePassword as ak, getIdToken as al, getIdTokenResult as am, unlink as an, getAdditionalUserInfo as ao, reload as ap, getMultiFactorResolver as aq, multiFactor as ar, _isIOS as as, _isAndroid as at, _fail as au, _getRedirectUrl as av, debugAssert as aw, _getProjectConfig as ax, _isIOS7Or8 as ay, _assert as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, initializeRecaptchaConfig as t, updatePhoneNumber as u, onIdTokenChanged as v, beforeAuthStateChanged as w, onAuthStateChanged as x, useDeviceLanguage as y, updateCurrentUser as z };
12072
+ //# sourceMappingURL=index-ce1e2136.js.map