@firebase/auth 1.3.2 → 1.4.0-canary.00235ba68
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-public.d.ts +24 -2
- package/dist/auth.d.ts +26 -3
- package/dist/browser-cjs/{index-770706ba.js → index-d50ad728.js} +68 -11
- package/dist/browser-cjs/index-d50ad728.js.map +1 -0
- package/dist/browser-cjs/index.js +2 -1
- package/dist/browser-cjs/index.js.map +1 -1
- package/dist/browser-cjs/internal.js +2 -1
- package/dist/browser-cjs/internal.js.map +1 -1
- package/dist/browser-cjs/src/api/account_management/email_and_password.d.ts +2 -0
- package/dist/browser-cjs/src/api/authentication/sign_up.d.ts +1 -0
- package/dist/browser-cjs/src/api/authentication/token.d.ts +13 -2
- package/dist/browser-cjs/src/api/errors.d.ts +1 -0
- package/dist/browser-cjs/src/api/index.d.ts +3 -1
- package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +4 -0
- package/dist/browser-cjs/src/core/errors.d.ts +2 -1
- package/dist/browser-cjs/src/core/index.d.ts +9 -0
- package/dist/browser-cjs/src/core/strategies/email.d.ts +5 -1
- package/dist/browser-cjs/src/core/strategies/email_and_password.d.ts +5 -1
- package/dist/browser-cjs/src/core/user/account_info.d.ts +3 -0
- package/dist/browser-cjs/src/model/auth.d.ts +1 -0
- package/dist/cordova/index.js +2 -2
- package/dist/cordova/internal.js +2 -2
- package/dist/cordova/{popup_redirect-a9365a6c.js → popup_redirect-599b3914.js} +92 -15
- package/dist/cordova/popup_redirect-599b3914.js.map +1 -0
- package/dist/cordova/src/api/account_management/email_and_password.d.ts +2 -0
- package/dist/cordova/src/api/authentication/sign_up.d.ts +1 -0
- package/dist/cordova/src/api/authentication/token.d.ts +13 -2
- package/dist/cordova/src/api/errors.d.ts +1 -0
- package/dist/cordova/src/api/index.d.ts +3 -1
- package/dist/cordova/src/core/auth/auth_impl.d.ts +4 -0
- package/dist/cordova/src/core/errors.d.ts +2 -1
- package/dist/cordova/src/core/index.d.ts +9 -0
- package/dist/cordova/src/core/strategies/email.d.ts +5 -1
- package/dist/cordova/src/core/strategies/email_and_password.d.ts +5 -1
- package/dist/cordova/src/core/user/account_info.d.ts +3 -0
- package/dist/cordova/src/model/auth.d.ts +1 -0
- package/dist/esm2017/{index-94e5f531.js → index-2b54b271.js} +68 -12
- package/dist/esm2017/index-2b54b271.js.map +1 -0
- package/dist/esm2017/index.js +1 -1
- package/dist/esm2017/internal.js +2 -2
- package/dist/esm2017/src/api/account_management/email_and_password.d.ts +2 -0
- package/dist/esm2017/src/api/authentication/sign_up.d.ts +1 -0
- package/dist/esm2017/src/api/authentication/token.d.ts +13 -2
- package/dist/esm2017/src/api/errors.d.ts +1 -0
- package/dist/esm2017/src/api/index.d.ts +3 -1
- package/dist/esm2017/src/core/auth/auth_impl.d.ts +4 -0
- package/dist/esm2017/src/core/errors.d.ts +2 -1
- package/dist/esm2017/src/core/index.d.ts +9 -0
- package/dist/esm2017/src/core/strategies/email.d.ts +5 -1
- package/dist/esm2017/src/core/strategies/email_and_password.d.ts +5 -1
- package/dist/esm2017/src/core/user/account_info.d.ts +3 -0
- package/dist/esm2017/src/model/auth.d.ts +1 -0
- package/dist/esm5/{index-7b6c682b.js → index-ab0a3e4e.js} +92 -15
- package/dist/esm5/index-ab0a3e4e.js.map +1 -0
- package/dist/esm5/index.js +1 -1
- package/dist/esm5/internal.js +2 -2
- package/dist/esm5/src/api/account_management/email_and_password.d.ts +2 -0
- package/dist/esm5/src/api/authentication/sign_up.d.ts +1 -0
- package/dist/esm5/src/api/authentication/token.d.ts +13 -2
- package/dist/esm5/src/api/errors.d.ts +1 -0
- package/dist/esm5/src/api/index.d.ts +3 -1
- package/dist/esm5/src/core/auth/auth_impl.d.ts +4 -0
- package/dist/esm5/src/core/errors.d.ts +2 -1
- package/dist/esm5/src/core/index.d.ts +9 -0
- package/dist/esm5/src/core/strategies/email.d.ts +5 -1
- package/dist/esm5/src/core/strategies/email_and_password.d.ts +5 -1
- package/dist/esm5/src/core/user/account_info.d.ts +3 -0
- package/dist/esm5/src/model/auth.d.ts +1 -0
- package/dist/index.webworker.esm5.js +91 -14
- package/dist/index.webworker.esm5.js.map +1 -1
- package/dist/node/index.js +3 -2
- package/dist/node/index.js.map +1 -1
- package/dist/node/internal.js +3 -2
- package/dist/node/internal.js.map +1 -1
- package/dist/node/src/api/account_management/email_and_password.d.ts +2 -0
- package/dist/node/src/api/authentication/sign_up.d.ts +1 -0
- package/dist/node/src/api/authentication/token.d.ts +13 -2
- package/dist/node/src/api/errors.d.ts +1 -0
- package/dist/node/src/api/index.d.ts +3 -1
- package/dist/node/src/core/auth/auth_impl.d.ts +4 -0
- package/dist/node/src/core/errors.d.ts +2 -1
- package/dist/node/src/core/index.d.ts +9 -0
- package/dist/node/src/core/strategies/email.d.ts +5 -1
- package/dist/node/src/core/strategies/email_and_password.d.ts +5 -1
- package/dist/node/src/core/user/account_info.d.ts +3 -0
- package/dist/node/src/model/auth.d.ts +1 -0
- package/dist/node/{totp-24a79064.js → totp-b6ed1d9d.js} +94 -36
- package/dist/node/totp-b6ed1d9d.js.map +1 -0
- package/dist/node-esm/index.js +2 -2
- package/dist/node-esm/internal.js +3 -3
- package/dist/node-esm/src/api/account_management/email_and_password.d.ts +2 -0
- package/dist/node-esm/src/api/authentication/sign_up.d.ts +1 -0
- package/dist/node-esm/src/api/authentication/token.d.ts +13 -2
- package/dist/node-esm/src/api/errors.d.ts +1 -0
- package/dist/node-esm/src/api/index.d.ts +3 -1
- package/dist/node-esm/src/core/auth/auth_impl.d.ts +4 -0
- package/dist/node-esm/src/core/errors.d.ts +2 -1
- package/dist/node-esm/src/core/index.d.ts +9 -0
- package/dist/node-esm/src/core/strategies/email.d.ts +5 -1
- package/dist/node-esm/src/core/strategies/email_and_password.d.ts +5 -1
- package/dist/node-esm/src/core/user/account_info.d.ts +3 -0
- package/dist/node-esm/src/model/auth.d.ts +1 -0
- package/dist/node-esm/{totp-a0f18007.js → totp-aa0a9277.js} +70 -14
- package/dist/node-esm/totp-aa0a9277.js.map +1 -0
- package/dist/rn/{index-3d9ec48b.js → index-943ed676.js} +92 -14
- package/dist/rn/index-943ed676.js.map +1 -0
- package/dist/rn/index.js +2 -1
- package/dist/rn/index.js.map +1 -1
- package/dist/rn/internal.js +2 -1
- package/dist/rn/internal.js.map +1 -1
- package/dist/rn/src/api/account_management/email_and_password.d.ts +2 -0
- package/dist/rn/src/api/authentication/sign_up.d.ts +1 -0
- package/dist/rn/src/api/authentication/token.d.ts +13 -2
- package/dist/rn/src/api/errors.d.ts +1 -0
- package/dist/rn/src/api/index.d.ts +3 -1
- package/dist/rn/src/core/auth/auth_impl.d.ts +4 -0
- package/dist/rn/src/core/errors.d.ts +2 -1
- package/dist/rn/src/core/index.d.ts +9 -0
- package/dist/rn/src/core/strategies/email.d.ts +5 -1
- package/dist/rn/src/core/strategies/email_and_password.d.ts +5 -1
- package/dist/rn/src/core/user/account_info.d.ts +3 -0
- package/dist/rn/src/model/auth.d.ts +1 -0
- package/dist/src/api/account_management/email_and_password.d.ts +2 -0
- package/dist/src/api/authentication/sign_up.d.ts +1 -0
- package/dist/src/api/authentication/token.d.ts +13 -2
- package/dist/src/api/errors.d.ts +1 -0
- package/dist/src/api/index.d.ts +3 -1
- package/dist/src/core/auth/auth_impl.d.ts +4 -0
- package/dist/src/core/errors.d.ts +2 -1
- package/dist/src/core/index.d.ts +9 -0
- package/dist/src/core/strategies/email.d.ts +5 -1
- package/dist/src/core/strategies/email_and_password.d.ts +5 -1
- package/dist/src/core/user/account_info.d.ts +3 -0
- package/dist/src/model/auth.d.ts +1 -0
- package/package.json +7 -7
- package/dist/browser-cjs/index-770706ba.js.map +0 -1
- package/dist/cordova/popup_redirect-a9365a6c.js.map +0 -1
- package/dist/esm2017/index-94e5f531.js.map +0 -1
- package/dist/esm5/index-7b6c682b.js.map +0 -1
- package/dist/node/totp-24a79064.js.map +0 -1
- package/dist/node-esm/totp-a0f18007.js.map +0 -1
- package/dist/rn/index-3d9ec48b.js.map +0 -1
package/dist/auth-public.d.ts
CHANGED
|
@@ -534,6 +534,7 @@ export declare const AuthErrorCodes: {
|
|
|
534
534
|
readonly INVALID_EMAIL: "auth/invalid-email";
|
|
535
535
|
readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
|
|
536
536
|
readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
|
|
537
|
+
readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential";
|
|
537
538
|
readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
|
|
538
539
|
readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
|
|
539
540
|
readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
|
|
@@ -1224,7 +1225,9 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
|
|
|
1224
1225
|
}
|
|
1225
1226
|
|
|
1226
1227
|
/**
|
|
1227
|
-
* Gets the list of possible sign in methods for the given email address.
|
|
1228
|
+
* Gets the list of possible sign in methods for the given email address. This method returns an
|
|
1229
|
+
* empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
|
|
1230
|
+
* authentication methods available for the given email.
|
|
1228
1231
|
*
|
|
1229
1232
|
* @remarks
|
|
1230
1233
|
* This is useful to differentiate methods of sign-in for the same provider, eg.
|
|
@@ -1235,6 +1238,8 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
|
|
|
1235
1238
|
* @param auth - The {@link Auth} instance.
|
|
1236
1239
|
* @param email - The user's email address.
|
|
1237
1240
|
*
|
|
1241
|
+
* Deprecated. Migrating off of this method is recommended as a security best-practice.
|
|
1242
|
+
* Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
|
|
1238
1243
|
* @public
|
|
1239
1244
|
*/
|
|
1240
1245
|
export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
|
|
@@ -2941,6 +2946,16 @@ export declare class RecaptchaVerifier implements ApplicationVerifierInternal {
|
|
|
2941
2946
|
*/
|
|
2942
2947
|
export declare function reload(user: User): Promise<void>;
|
|
2943
2948
|
|
|
2949
|
+
/**
|
|
2950
|
+
* Revokes the given access token. Currently only supports Apple OAuth access tokens.
|
|
2951
|
+
*
|
|
2952
|
+
* @param auth - The {@link Auth} instance.
|
|
2953
|
+
* @param token - The Apple OAuth access token.
|
|
2954
|
+
*
|
|
2955
|
+
* @public
|
|
2956
|
+
*/
|
|
2957
|
+
export declare function revokeAccessToken(auth: Auth, token: string): Promise<void>;
|
|
2958
|
+
|
|
2944
2959
|
/**
|
|
2945
2960
|
* An {@link AuthProvider} for SAML.
|
|
2946
2961
|
*
|
|
@@ -3017,7 +3032,9 @@ export declare class SAMLAuthProvider extends FederatedAuthProvider {
|
|
|
3017
3032
|
export declare function sendEmailVerification(user: User, actionCodeSettings?: ActionCodeSettings | null): Promise<void>;
|
|
3018
3033
|
|
|
3019
3034
|
/**
|
|
3020
|
-
* Sends a password reset email to the given email address.
|
|
3035
|
+
* Sends a password reset email to the given email address. This method does not throw an error when
|
|
3036
|
+
* there's no user account with the given email address and
|
|
3037
|
+
* [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
|
|
3021
3038
|
*
|
|
3022
3039
|
* @remarks
|
|
3023
3040
|
* To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
|
|
@@ -3186,6 +3203,8 @@ export declare function signInWithCustomToken(auth: Auth, customToken: string):
|
|
|
3186
3203
|
*
|
|
3187
3204
|
* @remarks
|
|
3188
3205
|
* Fails with an error if the email address and password do not match.
|
|
3206
|
+
* When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
|
|
3207
|
+
* this method fails with "auth/invalid-credential" in case of an invalid email/password.
|
|
3189
3208
|
*
|
|
3190
3209
|
* Note: The user's password is NOT the password used to access the user's email account. The
|
|
3191
3210
|
* email address serves as a unique identifier for the user, and the password is used to access
|
|
@@ -3610,6 +3629,9 @@ export declare function updateCurrentUser(auth: Auth, user: User | null): Promis
|
|
|
3610
3629
|
* @param user - The user.
|
|
3611
3630
|
* @param newEmail - The new email address.
|
|
3612
3631
|
*
|
|
3632
|
+
* Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
|
|
3633
|
+
* Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
|
|
3634
|
+
*
|
|
3613
3635
|
* @public
|
|
3614
3636
|
*/
|
|
3615
3637
|
export declare function updateEmail(user: User, newEmail: string): Promise<void>;
|
package/dist/auth.d.ts
CHANGED
|
@@ -554,7 +554,7 @@ declare const enum AuthErrorCode {
|
|
|
554
554
|
INVALID_DYNAMIC_LINK_DOMAIN = "invalid-dynamic-link-domain",
|
|
555
555
|
INVALID_EMAIL = "invalid-email",
|
|
556
556
|
INVALID_EMULATOR_SCHEME = "invalid-emulator-scheme",
|
|
557
|
-
|
|
557
|
+
INVALID_CREDENTIAL = "invalid-credential",
|
|
558
558
|
INVALID_MESSAGE_PAYLOAD = "invalid-message-payload",
|
|
559
559
|
INVALID_MFA_SESSION = "invalid-multi-factor-session",
|
|
560
560
|
INVALID_OAUTH_CLIENT_ID = "invalid-oauth-client-id",
|
|
@@ -676,6 +676,7 @@ export declare const AuthErrorCodes: {
|
|
|
676
676
|
readonly INVALID_EMAIL: "auth/invalid-email";
|
|
677
677
|
readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
|
|
678
678
|
readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
|
|
679
|
+
readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential";
|
|
679
680
|
readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
|
|
680
681
|
readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
|
|
681
682
|
readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
|
|
@@ -888,6 +889,7 @@ declare interface AuthInternal extends Auth {
|
|
|
888
889
|
useDeviceLanguage(): void;
|
|
889
890
|
signOut(): Promise<void>;
|
|
890
891
|
validatePassword(password: string): Promise<PasswordValidationStatus>;
|
|
892
|
+
revokeAccessToken(token: string): Promise<void>;
|
|
891
893
|
}
|
|
892
894
|
|
|
893
895
|
declare class AuthPopup {
|
|
@@ -1512,7 +1514,9 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
|
|
|
1512
1514
|
}
|
|
1513
1515
|
|
|
1514
1516
|
/**
|
|
1515
|
-
* Gets the list of possible sign in methods for the given email address.
|
|
1517
|
+
* Gets the list of possible sign in methods for the given email address. This method returns an
|
|
1518
|
+
* empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
|
|
1519
|
+
* authentication methods available for the given email.
|
|
1516
1520
|
*
|
|
1517
1521
|
* @remarks
|
|
1518
1522
|
* This is useful to differentiate methods of sign-in for the same provider, eg.
|
|
@@ -1523,6 +1527,8 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
|
|
|
1523
1527
|
* @param auth - The {@link Auth} instance.
|
|
1524
1528
|
* @param email - The user's email address.
|
|
1525
1529
|
*
|
|
1530
|
+
* Deprecated. Migrating off of this method is recommended as a security best-practice.
|
|
1531
|
+
* Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
|
|
1526
1532
|
* @public
|
|
1527
1533
|
*/
|
|
1528
1534
|
export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
|
|
@@ -3413,6 +3419,16 @@ export declare class RecaptchaVerifier implements ApplicationVerifierInternal {
|
|
|
3413
3419
|
*/
|
|
3414
3420
|
export declare function reload(user: User): Promise<void>;
|
|
3415
3421
|
|
|
3422
|
+
/**
|
|
3423
|
+
* Revokes the given access token. Currently only supports Apple OAuth access tokens.
|
|
3424
|
+
*
|
|
3425
|
+
* @param auth - The {@link Auth} instance.
|
|
3426
|
+
* @param token - The Apple OAuth access token.
|
|
3427
|
+
*
|
|
3428
|
+
* @public
|
|
3429
|
+
*/
|
|
3430
|
+
export declare function revokeAccessToken(auth: Auth, token: string): Promise<void>;
|
|
3431
|
+
|
|
3416
3432
|
/**
|
|
3417
3433
|
* An {@link AuthProvider} for SAML.
|
|
3418
3434
|
*
|
|
@@ -3489,7 +3505,9 @@ export declare class SAMLAuthProvider extends FederatedAuthProvider {
|
|
|
3489
3505
|
export declare function sendEmailVerification(user: User, actionCodeSettings?: ActionCodeSettings | null): Promise<void>;
|
|
3490
3506
|
|
|
3491
3507
|
/**
|
|
3492
|
-
* Sends a password reset email to the given email address.
|
|
3508
|
+
* Sends a password reset email to the given email address. This method does not throw an error when
|
|
3509
|
+
* there's no user account with the given email address and
|
|
3510
|
+
* [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
|
|
3493
3511
|
*
|
|
3494
3512
|
* @remarks
|
|
3495
3513
|
* To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
|
|
@@ -3658,6 +3676,8 @@ export declare function signInWithCustomToken(auth: Auth, customToken: string):
|
|
|
3658
3676
|
*
|
|
3659
3677
|
* @remarks
|
|
3660
3678
|
* Fails with an error if the email address and password do not match.
|
|
3679
|
+
* When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
|
|
3680
|
+
* this method fails with "auth/invalid-credential" in case of an invalid email/password.
|
|
3661
3681
|
*
|
|
3662
3682
|
* Note: The user's password is NOT the password used to access the user's email account. The
|
|
3663
3683
|
* email address serves as a unique identifier for the user, and the password is used to access
|
|
@@ -4134,6 +4154,9 @@ export declare function updateCurrentUser(auth: Auth, user: User | null): Promis
|
|
|
4134
4154
|
* @param user - The user.
|
|
4135
4155
|
* @param newEmail - The new email address.
|
|
4136
4156
|
*
|
|
4157
|
+
* Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
|
|
4158
|
+
* Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
|
|
4159
|
+
*
|
|
4137
4160
|
* @public
|
|
4138
4161
|
*/
|
|
4139
4162
|
export declare function updateEmail(user: User, newEmail: string): Promise<void>;
|
|
@@ -176,7 +176,7 @@ function _debugErrorMap() {
|
|
|
176
176
|
["invalid-emulator-scheme" /* AuthErrorCode.INVALID_EMULATOR_SCHEME */]: 'Emulator URL must start with a valid scheme (http:// or https://).',
|
|
177
177
|
["invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */]: 'Your API key is invalid, please check you have copied it correctly.',
|
|
178
178
|
["invalid-cert-hash" /* AuthErrorCode.INVALID_CERT_HASH */]: 'The SHA-1 certificate hash provided is invalid.',
|
|
179
|
-
["invalid-credential" /* AuthErrorCode.
|
|
179
|
+
["invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */]: 'The supplied auth credential is incorrect, malformed or has expired.',
|
|
180
180
|
["invalid-message-payload" /* AuthErrorCode.INVALID_MESSAGE_PAYLOAD */]: 'The email template corresponding to this action contains invalid characters in its message. ' +
|
|
181
181
|
'Please fix by going to the Auth email templates section in the Firebase Console.',
|
|
182
182
|
["invalid-multi-factor-session" /* AuthErrorCode.INVALID_MFA_SESSION */]: 'The request does not contain a valid proof of first factor successful sign-in.',
|
|
@@ -352,6 +352,7 @@ const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
|
|
|
352
352
|
INVALID_EMAIL: 'auth/invalid-email',
|
|
353
353
|
INVALID_EMULATOR_SCHEME: 'auth/invalid-emulator-scheme',
|
|
354
354
|
INVALID_IDP_RESPONSE: 'auth/invalid-credential',
|
|
355
|
+
INVALID_LOGIN_CREDENTIALS: 'auth/invalid-credential',
|
|
355
356
|
INVALID_MESSAGE_PAYLOAD: 'auth/invalid-message-payload',
|
|
356
357
|
INVALID_MFA_SESSION: 'auth/invalid-multi-factor-session',
|
|
357
358
|
INVALID_OAUTH_CLIENT_ID: 'auth/invalid-oauth-client-id',
|
|
@@ -786,12 +787,15 @@ const SERVER_ERROR_MAP = {
|
|
|
786
787
|
["INVALID_PASSWORD" /* ServerError.INVALID_PASSWORD */]: "wrong-password" /* AuthErrorCode.INVALID_PASSWORD */,
|
|
787
788
|
// This can only happen if the SDK sends a bad request.
|
|
788
789
|
["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */]: "missing-password" /* AuthErrorCode.MISSING_PASSWORD */,
|
|
790
|
+
// Thrown if Email Enumeration Protection is enabled in the project and the email or password is
|
|
791
|
+
// invalid.
|
|
792
|
+
["INVALID_LOGIN_CREDENTIALS" /* ServerError.INVALID_LOGIN_CREDENTIALS */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
|
|
789
793
|
// Sign up with email and password errors.
|
|
790
794
|
["EMAIL_EXISTS" /* ServerError.EMAIL_EXISTS */]: "email-already-in-use" /* AuthErrorCode.EMAIL_EXISTS */,
|
|
791
795
|
["PASSWORD_LOGIN_DISABLED" /* ServerError.PASSWORD_LOGIN_DISABLED */]: "operation-not-allowed" /* AuthErrorCode.OPERATION_NOT_ALLOWED */,
|
|
792
796
|
// Verify assertion for sign in with credential errors:
|
|
793
|
-
["INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */]: "invalid-credential" /* AuthErrorCode.
|
|
794
|
-
["INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */]: "invalid-credential" /* AuthErrorCode.
|
|
797
|
+
["INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
|
|
798
|
+
["INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
|
|
795
799
|
["FEDERATED_USER_ID_ALREADY_LINKED" /* ServerError.FEDERATED_USER_ID_ALREADY_LINKED */]: "credential-already-in-use" /* AuthErrorCode.CREDENTIAL_ALREADY_IN_USE */,
|
|
796
800
|
// This can only happen if the SDK sends a bad request.
|
|
797
801
|
["MISSING_REQ_TYPE" /* ServerError.MISSING_REQ_TYPE */]: "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
|
|
@@ -813,7 +817,7 @@ const SERVER_ERROR_MAP = {
|
|
|
813
817
|
// Phone Auth related errors.
|
|
814
818
|
["INVALID_CODE" /* ServerError.INVALID_CODE */]: "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
|
|
815
819
|
["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */]: "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
|
|
816
|
-
["INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */]: "invalid-credential" /* AuthErrorCode.
|
|
820
|
+
["INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
|
|
817
821
|
["MISSING_SESSION_INFO" /* ServerError.MISSING_SESSION_INFO */]: "missing-verification-id" /* AuthErrorCode.MISSING_SESSION_INFO */,
|
|
818
822
|
["SESSION_EXPIRED" /* ServerError.SESSION_EXPIRED */]: "code-expired" /* AuthErrorCode.CODE_EXPIRED */,
|
|
819
823
|
// Other action code errors when additional settings passed.
|
|
@@ -1540,6 +1544,9 @@ async function requestStsToken(auth, refreshToken) {
|
|
|
1540
1544
|
expiresIn: response.expires_in,
|
|
1541
1545
|
refreshToken: response.refresh_token
|
|
1542
1546
|
};
|
|
1547
|
+
}
|
|
1548
|
+
async function revokeToken(auth, request) {
|
|
1549
|
+
return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts:revokeToken" /* Endpoint.REVOKE_TOKEN */, _addTidIfNecessary(auth, request));
|
|
1543
1550
|
}
|
|
1544
1551
|
|
|
1545
1552
|
/**
|
|
@@ -2809,6 +2816,25 @@ class AuthImpl {
|
|
|
2809
2816
|
}
|
|
2810
2817
|
});
|
|
2811
2818
|
}
|
|
2819
|
+
/**
|
|
2820
|
+
* Revokes the given access token. Currently only supports Apple OAuth access tokens.
|
|
2821
|
+
*/
|
|
2822
|
+
async revokeAccessToken(token) {
|
|
2823
|
+
if (this.currentUser) {
|
|
2824
|
+
const idToken = await this.currentUser.getIdToken();
|
|
2825
|
+
// Generalize this to accept other providers once supported.
|
|
2826
|
+
const request = {
|
|
2827
|
+
providerId: 'apple.com',
|
|
2828
|
+
tokenType: "ACCESS_TOKEN" /* TokenType.ACCESS_TOKEN */,
|
|
2829
|
+
token,
|
|
2830
|
+
idToken
|
|
2831
|
+
};
|
|
2832
|
+
if (this.tenantId != null) {
|
|
2833
|
+
request.tenantId = this.tenantId;
|
|
2834
|
+
}
|
|
2835
|
+
await revokeToken(this, request);
|
|
2836
|
+
}
|
|
2837
|
+
}
|
|
2812
2838
|
toJSON() {
|
|
2813
2839
|
var _a;
|
|
2814
2840
|
return {
|
|
@@ -3499,6 +3525,11 @@ async function resetPassword(auth, request) {
|
|
|
3499
3525
|
async function updateEmailPassword(auth, request) {
|
|
3500
3526
|
return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v1/accounts:update" /* Endpoint.SET_ACCOUNT_INFO */, request);
|
|
3501
3527
|
}
|
|
3528
|
+
// Used for linking an email/password account to an existing idToken. Uses the same request/response
|
|
3529
|
+
// format as updateEmailPassword.
|
|
3530
|
+
async function linkEmailPassword(auth, request) {
|
|
3531
|
+
return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v1/accounts:signUp" /* Endpoint.SIGN_UP */, request);
|
|
3532
|
+
}
|
|
3502
3533
|
async function applyActionCode$1(auth, request) {
|
|
3503
3534
|
return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v1/accounts:update" /* Endpoint.SET_ACCOUNT_INFO */, _addTidIfNecessary(auth, request));
|
|
3504
3535
|
}
|
|
@@ -3662,12 +3693,14 @@ class EmailAuthCredential extends AuthCredential {
|
|
|
3662
3693
|
async _linkToIdToken(auth, idToken) {
|
|
3663
3694
|
switch (this.signInMethod) {
|
|
3664
3695
|
case "password" /* SignInMethod.EMAIL_PASSWORD */:
|
|
3665
|
-
|
|
3696
|
+
const request = {
|
|
3666
3697
|
idToken,
|
|
3667
3698
|
returnSecureToken: true,
|
|
3668
3699
|
email: this._email,
|
|
3669
|
-
password: this._password
|
|
3670
|
-
|
|
3700
|
+
password: this._password,
|
|
3701
|
+
clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
|
|
3702
|
+
};
|
|
3703
|
+
return handleRecaptchaFlow(auth, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */, linkEmailPassword);
|
|
3671
3704
|
case "emailLink" /* SignInMethod.EMAIL_LINK */:
|
|
3672
3705
|
return signInWithEmailLinkForLinking(auth, {
|
|
3673
3706
|
idToken,
|
|
@@ -5594,7 +5627,9 @@ async function recachePasswordPolicy(auth) {
|
|
|
5594
5627
|
}
|
|
5595
5628
|
}
|
|
5596
5629
|
/**
|
|
5597
|
-
* Sends a password reset email to the given email address.
|
|
5630
|
+
* Sends a password reset email to the given email address. This method does not throw an error when
|
|
5631
|
+
* there's no user account with the given email address and
|
|
5632
|
+
* [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
|
|
5598
5633
|
*
|
|
5599
5634
|
* @remarks
|
|
5600
5635
|
* To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
|
|
@@ -5778,6 +5813,8 @@ async function createUserWithEmailAndPassword(auth, email, password) {
|
|
|
5778
5813
|
*
|
|
5779
5814
|
* @remarks
|
|
5780
5815
|
* Fails with an error if the email address and password do not match.
|
|
5816
|
+
* When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
|
|
5817
|
+
* this method fails with "auth/invalid-credential" in case of an invalid email/password.
|
|
5781
5818
|
*
|
|
5782
5819
|
* Note: The user's password is NOT the password used to access the user's email account. The
|
|
5783
5820
|
* email address serves as a unique identifier for the user, and the password is used to access
|
|
@@ -5963,7 +6000,9 @@ async function createAuthUri(auth, request) {
|
|
|
5963
6000
|
* limitations under the License.
|
|
5964
6001
|
*/
|
|
5965
6002
|
/**
|
|
5966
|
-
* Gets the list of possible sign in methods for the given email address.
|
|
6003
|
+
* Gets the list of possible sign in methods for the given email address. This method returns an
|
|
6004
|
+
* empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
|
|
6005
|
+
* authentication methods available for the given email.
|
|
5967
6006
|
*
|
|
5968
6007
|
* @remarks
|
|
5969
6008
|
* This is useful to differentiate methods of sign-in for the same provider, eg.
|
|
@@ -5974,6 +6013,8 @@ async function createAuthUri(auth, request) {
|
|
|
5974
6013
|
* @param auth - The {@link Auth} instance.
|
|
5975
6014
|
* @param email - The user's email address.
|
|
5976
6015
|
*
|
|
6016
|
+
* Deprecated. Migrating off of this method is recommended as a security best-practice.
|
|
6017
|
+
* Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
|
|
5977
6018
|
* @public
|
|
5978
6019
|
*/
|
|
5979
6020
|
async function fetchSignInMethodsForEmail(auth, email) {
|
|
@@ -6167,6 +6208,9 @@ async function updateProfile(user, { displayName, photoURL: photoUrl }) {
|
|
|
6167
6208
|
* @param user - The user.
|
|
6168
6209
|
* @param newEmail - The new email address.
|
|
6169
6210
|
*
|
|
6211
|
+
* Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
|
|
6212
|
+
* Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
|
|
6213
|
+
*
|
|
6170
6214
|
* @public
|
|
6171
6215
|
*/
|
|
6172
6216
|
function updateEmail(user, newEmail) {
|
|
@@ -6511,6 +6555,18 @@ function updateCurrentUser(auth, user) {
|
|
|
6511
6555
|
function signOut(auth) {
|
|
6512
6556
|
return util.getModularInstance(auth).signOut();
|
|
6513
6557
|
}
|
|
6558
|
+
/**
|
|
6559
|
+
* Revokes the given access token. Currently only supports Apple OAuth access tokens.
|
|
6560
|
+
*
|
|
6561
|
+
* @param auth - The {@link Auth} instance.
|
|
6562
|
+
* @param token - The Apple OAuth access token.
|
|
6563
|
+
*
|
|
6564
|
+
* @public
|
|
6565
|
+
*/
|
|
6566
|
+
function revokeAccessToken(auth, token) {
|
|
6567
|
+
const authInternal = _castAuth(auth);
|
|
6568
|
+
return authInternal.revokeAccessToken(token);
|
|
6569
|
+
}
|
|
6514
6570
|
/**
|
|
6515
6571
|
* Deletes and signs out the user.
|
|
6516
6572
|
*
|
|
@@ -10226,7 +10282,7 @@ function _isEmptyString(input) {
|
|
|
10226
10282
|
}
|
|
10227
10283
|
|
|
10228
10284
|
var name = "@firebase/auth";
|
|
10229
|
-
var version = "1.
|
|
10285
|
+
var version = "1.4.0-canary.00235ba68";
|
|
10230
10286
|
|
|
10231
10287
|
/**
|
|
10232
10288
|
* @license
|
|
@@ -10529,6 +10585,7 @@ exports.reauthenticateWithPhoneNumber = reauthenticateWithPhoneNumber;
|
|
|
10529
10585
|
exports.reauthenticateWithPopup = reauthenticateWithPopup;
|
|
10530
10586
|
exports.reauthenticateWithRedirect = reauthenticateWithRedirect;
|
|
10531
10587
|
exports.reload = reload;
|
|
10588
|
+
exports.revokeAccessToken = revokeAccessToken;
|
|
10532
10589
|
exports.sendEmailVerification = sendEmailVerification;
|
|
10533
10590
|
exports.sendPasswordResetEmail = sendPasswordResetEmail;
|
|
10534
10591
|
exports.sendSignInLinkToEmail = sendSignInLinkToEmail;
|
|
@@ -10552,4 +10609,4 @@ exports.useDeviceLanguage = useDeviceLanguage;
|
|
|
10552
10609
|
exports.validatePassword = validatePassword;
|
|
10553
10610
|
exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
|
|
10554
10611
|
exports.verifyPasswordResetCode = verifyPasswordResetCode;
|
|
10555
|
-
//# sourceMappingURL=index-
|
|
10612
|
+
//# sourceMappingURL=index-d50ad728.js.map
|