@firebase/auth 1.3.2 → 1.4.0-canary.00235ba68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (142) hide show
  1. package/dist/auth-public.d.ts +24 -2
  2. package/dist/auth.d.ts +26 -3
  3. package/dist/browser-cjs/{index-770706ba.js → index-d50ad728.js} +68 -11
  4. package/dist/browser-cjs/index-d50ad728.js.map +1 -0
  5. package/dist/browser-cjs/index.js +2 -1
  6. package/dist/browser-cjs/index.js.map +1 -1
  7. package/dist/browser-cjs/internal.js +2 -1
  8. package/dist/browser-cjs/internal.js.map +1 -1
  9. package/dist/browser-cjs/src/api/account_management/email_and_password.d.ts +2 -0
  10. package/dist/browser-cjs/src/api/authentication/sign_up.d.ts +1 -0
  11. package/dist/browser-cjs/src/api/authentication/token.d.ts +13 -2
  12. package/dist/browser-cjs/src/api/errors.d.ts +1 -0
  13. package/dist/browser-cjs/src/api/index.d.ts +3 -1
  14. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +4 -0
  15. package/dist/browser-cjs/src/core/errors.d.ts +2 -1
  16. package/dist/browser-cjs/src/core/index.d.ts +9 -0
  17. package/dist/browser-cjs/src/core/strategies/email.d.ts +5 -1
  18. package/dist/browser-cjs/src/core/strategies/email_and_password.d.ts +5 -1
  19. package/dist/browser-cjs/src/core/user/account_info.d.ts +3 -0
  20. package/dist/browser-cjs/src/model/auth.d.ts +1 -0
  21. package/dist/cordova/index.js +2 -2
  22. package/dist/cordova/internal.js +2 -2
  23. package/dist/cordova/{popup_redirect-a9365a6c.js → popup_redirect-599b3914.js} +92 -15
  24. package/dist/cordova/popup_redirect-599b3914.js.map +1 -0
  25. package/dist/cordova/src/api/account_management/email_and_password.d.ts +2 -0
  26. package/dist/cordova/src/api/authentication/sign_up.d.ts +1 -0
  27. package/dist/cordova/src/api/authentication/token.d.ts +13 -2
  28. package/dist/cordova/src/api/errors.d.ts +1 -0
  29. package/dist/cordova/src/api/index.d.ts +3 -1
  30. package/dist/cordova/src/core/auth/auth_impl.d.ts +4 -0
  31. package/dist/cordova/src/core/errors.d.ts +2 -1
  32. package/dist/cordova/src/core/index.d.ts +9 -0
  33. package/dist/cordova/src/core/strategies/email.d.ts +5 -1
  34. package/dist/cordova/src/core/strategies/email_and_password.d.ts +5 -1
  35. package/dist/cordova/src/core/user/account_info.d.ts +3 -0
  36. package/dist/cordova/src/model/auth.d.ts +1 -0
  37. package/dist/esm2017/{index-94e5f531.js → index-2b54b271.js} +68 -12
  38. package/dist/esm2017/index-2b54b271.js.map +1 -0
  39. package/dist/esm2017/index.js +1 -1
  40. package/dist/esm2017/internal.js +2 -2
  41. package/dist/esm2017/src/api/account_management/email_and_password.d.ts +2 -0
  42. package/dist/esm2017/src/api/authentication/sign_up.d.ts +1 -0
  43. package/dist/esm2017/src/api/authentication/token.d.ts +13 -2
  44. package/dist/esm2017/src/api/errors.d.ts +1 -0
  45. package/dist/esm2017/src/api/index.d.ts +3 -1
  46. package/dist/esm2017/src/core/auth/auth_impl.d.ts +4 -0
  47. package/dist/esm2017/src/core/errors.d.ts +2 -1
  48. package/dist/esm2017/src/core/index.d.ts +9 -0
  49. package/dist/esm2017/src/core/strategies/email.d.ts +5 -1
  50. package/dist/esm2017/src/core/strategies/email_and_password.d.ts +5 -1
  51. package/dist/esm2017/src/core/user/account_info.d.ts +3 -0
  52. package/dist/esm2017/src/model/auth.d.ts +1 -0
  53. package/dist/esm5/{index-7b6c682b.js → index-ab0a3e4e.js} +92 -15
  54. package/dist/esm5/index-ab0a3e4e.js.map +1 -0
  55. package/dist/esm5/index.js +1 -1
  56. package/dist/esm5/internal.js +2 -2
  57. package/dist/esm5/src/api/account_management/email_and_password.d.ts +2 -0
  58. package/dist/esm5/src/api/authentication/sign_up.d.ts +1 -0
  59. package/dist/esm5/src/api/authentication/token.d.ts +13 -2
  60. package/dist/esm5/src/api/errors.d.ts +1 -0
  61. package/dist/esm5/src/api/index.d.ts +3 -1
  62. package/dist/esm5/src/core/auth/auth_impl.d.ts +4 -0
  63. package/dist/esm5/src/core/errors.d.ts +2 -1
  64. package/dist/esm5/src/core/index.d.ts +9 -0
  65. package/dist/esm5/src/core/strategies/email.d.ts +5 -1
  66. package/dist/esm5/src/core/strategies/email_and_password.d.ts +5 -1
  67. package/dist/esm5/src/core/user/account_info.d.ts +3 -0
  68. package/dist/esm5/src/model/auth.d.ts +1 -0
  69. package/dist/index.webworker.esm5.js +91 -14
  70. package/dist/index.webworker.esm5.js.map +1 -1
  71. package/dist/node/index.js +3 -2
  72. package/dist/node/index.js.map +1 -1
  73. package/dist/node/internal.js +3 -2
  74. package/dist/node/internal.js.map +1 -1
  75. package/dist/node/src/api/account_management/email_and_password.d.ts +2 -0
  76. package/dist/node/src/api/authentication/sign_up.d.ts +1 -0
  77. package/dist/node/src/api/authentication/token.d.ts +13 -2
  78. package/dist/node/src/api/errors.d.ts +1 -0
  79. package/dist/node/src/api/index.d.ts +3 -1
  80. package/dist/node/src/core/auth/auth_impl.d.ts +4 -0
  81. package/dist/node/src/core/errors.d.ts +2 -1
  82. package/dist/node/src/core/index.d.ts +9 -0
  83. package/dist/node/src/core/strategies/email.d.ts +5 -1
  84. package/dist/node/src/core/strategies/email_and_password.d.ts +5 -1
  85. package/dist/node/src/core/user/account_info.d.ts +3 -0
  86. package/dist/node/src/model/auth.d.ts +1 -0
  87. package/dist/node/{totp-24a79064.js → totp-b6ed1d9d.js} +94 -36
  88. package/dist/node/totp-b6ed1d9d.js.map +1 -0
  89. package/dist/node-esm/index.js +2 -2
  90. package/dist/node-esm/internal.js +3 -3
  91. package/dist/node-esm/src/api/account_management/email_and_password.d.ts +2 -0
  92. package/dist/node-esm/src/api/authentication/sign_up.d.ts +1 -0
  93. package/dist/node-esm/src/api/authentication/token.d.ts +13 -2
  94. package/dist/node-esm/src/api/errors.d.ts +1 -0
  95. package/dist/node-esm/src/api/index.d.ts +3 -1
  96. package/dist/node-esm/src/core/auth/auth_impl.d.ts +4 -0
  97. package/dist/node-esm/src/core/errors.d.ts +2 -1
  98. package/dist/node-esm/src/core/index.d.ts +9 -0
  99. package/dist/node-esm/src/core/strategies/email.d.ts +5 -1
  100. package/dist/node-esm/src/core/strategies/email_and_password.d.ts +5 -1
  101. package/dist/node-esm/src/core/user/account_info.d.ts +3 -0
  102. package/dist/node-esm/src/model/auth.d.ts +1 -0
  103. package/dist/node-esm/{totp-a0f18007.js → totp-aa0a9277.js} +70 -14
  104. package/dist/node-esm/totp-aa0a9277.js.map +1 -0
  105. package/dist/rn/{index-3d9ec48b.js → index-943ed676.js} +92 -14
  106. package/dist/rn/index-943ed676.js.map +1 -0
  107. package/dist/rn/index.js +2 -1
  108. package/dist/rn/index.js.map +1 -1
  109. package/dist/rn/internal.js +2 -1
  110. package/dist/rn/internal.js.map +1 -1
  111. package/dist/rn/src/api/account_management/email_and_password.d.ts +2 -0
  112. package/dist/rn/src/api/authentication/sign_up.d.ts +1 -0
  113. package/dist/rn/src/api/authentication/token.d.ts +13 -2
  114. package/dist/rn/src/api/errors.d.ts +1 -0
  115. package/dist/rn/src/api/index.d.ts +3 -1
  116. package/dist/rn/src/core/auth/auth_impl.d.ts +4 -0
  117. package/dist/rn/src/core/errors.d.ts +2 -1
  118. package/dist/rn/src/core/index.d.ts +9 -0
  119. package/dist/rn/src/core/strategies/email.d.ts +5 -1
  120. package/dist/rn/src/core/strategies/email_and_password.d.ts +5 -1
  121. package/dist/rn/src/core/user/account_info.d.ts +3 -0
  122. package/dist/rn/src/model/auth.d.ts +1 -0
  123. package/dist/src/api/account_management/email_and_password.d.ts +2 -0
  124. package/dist/src/api/authentication/sign_up.d.ts +1 -0
  125. package/dist/src/api/authentication/token.d.ts +13 -2
  126. package/dist/src/api/errors.d.ts +1 -0
  127. package/dist/src/api/index.d.ts +3 -1
  128. package/dist/src/core/auth/auth_impl.d.ts +4 -0
  129. package/dist/src/core/errors.d.ts +2 -1
  130. package/dist/src/core/index.d.ts +9 -0
  131. package/dist/src/core/strategies/email.d.ts +5 -1
  132. package/dist/src/core/strategies/email_and_password.d.ts +5 -1
  133. package/dist/src/core/user/account_info.d.ts +3 -0
  134. package/dist/src/model/auth.d.ts +1 -0
  135. package/package.json +7 -7
  136. package/dist/browser-cjs/index-770706ba.js.map +0 -1
  137. package/dist/cordova/popup_redirect-a9365a6c.js.map +0 -1
  138. package/dist/esm2017/index-94e5f531.js.map +0 -1
  139. package/dist/esm5/index-7b6c682b.js.map +0 -1
  140. package/dist/node/totp-24a79064.js.map +0 -1
  141. package/dist/node-esm/totp-a0f18007.js.map +0 -1
  142. package/dist/rn/index-3d9ec48b.js.map +0 -1
@@ -534,6 +534,7 @@ export declare const AuthErrorCodes: {
534
534
  readonly INVALID_EMAIL: "auth/invalid-email";
535
535
  readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
536
536
  readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
537
+ readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential";
537
538
  readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
538
539
  readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
539
540
  readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
@@ -1224,7 +1225,9 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
1224
1225
  }
1225
1226
 
1226
1227
  /**
1227
- * Gets the list of possible sign in methods for the given email address.
1228
+ * Gets the list of possible sign in methods for the given email address. This method returns an
1229
+ * empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
1230
+ * authentication methods available for the given email.
1228
1231
  *
1229
1232
  * @remarks
1230
1233
  * This is useful to differentiate methods of sign-in for the same provider, eg.
@@ -1235,6 +1238,8 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
1235
1238
  * @param auth - The {@link Auth} instance.
1236
1239
  * @param email - The user's email address.
1237
1240
  *
1241
+ * Deprecated. Migrating off of this method is recommended as a security best-practice.
1242
+ * Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
1238
1243
  * @public
1239
1244
  */
1240
1245
  export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
@@ -2941,6 +2946,16 @@ export declare class RecaptchaVerifier implements ApplicationVerifierInternal {
2941
2946
  */
2942
2947
  export declare function reload(user: User): Promise<void>;
2943
2948
 
2949
+ /**
2950
+ * Revokes the given access token. Currently only supports Apple OAuth access tokens.
2951
+ *
2952
+ * @param auth - The {@link Auth} instance.
2953
+ * @param token - The Apple OAuth access token.
2954
+ *
2955
+ * @public
2956
+ */
2957
+ export declare function revokeAccessToken(auth: Auth, token: string): Promise<void>;
2958
+
2944
2959
  /**
2945
2960
  * An {@link AuthProvider} for SAML.
2946
2961
  *
@@ -3017,7 +3032,9 @@ export declare class SAMLAuthProvider extends FederatedAuthProvider {
3017
3032
  export declare function sendEmailVerification(user: User, actionCodeSettings?: ActionCodeSettings | null): Promise<void>;
3018
3033
 
3019
3034
  /**
3020
- * Sends a password reset email to the given email address.
3035
+ * Sends a password reset email to the given email address. This method does not throw an error when
3036
+ * there's no user account with the given email address and
3037
+ * [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
3021
3038
  *
3022
3039
  * @remarks
3023
3040
  * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
@@ -3186,6 +3203,8 @@ export declare function signInWithCustomToken(auth: Auth, customToken: string):
3186
3203
  *
3187
3204
  * @remarks
3188
3205
  * Fails with an error if the email address and password do not match.
3206
+ * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
3207
+ * this method fails with "auth/invalid-credential" in case of an invalid email/password.
3189
3208
  *
3190
3209
  * Note: The user's password is NOT the password used to access the user's email account. The
3191
3210
  * email address serves as a unique identifier for the user, and the password is used to access
@@ -3610,6 +3629,9 @@ export declare function updateCurrentUser(auth: Auth, user: User | null): Promis
3610
3629
  * @param user - The user.
3611
3630
  * @param newEmail - The new email address.
3612
3631
  *
3632
+ * Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
3633
+ * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
3634
+ *
3613
3635
  * @public
3614
3636
  */
3615
3637
  export declare function updateEmail(user: User, newEmail: string): Promise<void>;
package/dist/auth.d.ts CHANGED
@@ -554,7 +554,7 @@ declare const enum AuthErrorCode {
554
554
  INVALID_DYNAMIC_LINK_DOMAIN = "invalid-dynamic-link-domain",
555
555
  INVALID_EMAIL = "invalid-email",
556
556
  INVALID_EMULATOR_SCHEME = "invalid-emulator-scheme",
557
- INVALID_IDP_RESPONSE = "invalid-credential",
557
+ INVALID_CREDENTIAL = "invalid-credential",
558
558
  INVALID_MESSAGE_PAYLOAD = "invalid-message-payload",
559
559
  INVALID_MFA_SESSION = "invalid-multi-factor-session",
560
560
  INVALID_OAUTH_CLIENT_ID = "invalid-oauth-client-id",
@@ -676,6 +676,7 @@ export declare const AuthErrorCodes: {
676
676
  readonly INVALID_EMAIL: "auth/invalid-email";
677
677
  readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
678
678
  readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
679
+ readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential";
679
680
  readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
680
681
  readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
681
682
  readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
@@ -888,6 +889,7 @@ declare interface AuthInternal extends Auth {
888
889
  useDeviceLanguage(): void;
889
890
  signOut(): Promise<void>;
890
891
  validatePassword(password: string): Promise<PasswordValidationStatus>;
892
+ revokeAccessToken(token: string): Promise<void>;
891
893
  }
892
894
 
893
895
  declare class AuthPopup {
@@ -1512,7 +1514,9 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
1512
1514
  }
1513
1515
 
1514
1516
  /**
1515
- * Gets the list of possible sign in methods for the given email address.
1517
+ * Gets the list of possible sign in methods for the given email address. This method returns an
1518
+ * empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
1519
+ * authentication methods available for the given email.
1516
1520
  *
1517
1521
  * @remarks
1518
1522
  * This is useful to differentiate methods of sign-in for the same provider, eg.
@@ -1523,6 +1527,8 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
1523
1527
  * @param auth - The {@link Auth} instance.
1524
1528
  * @param email - The user's email address.
1525
1529
  *
1530
+ * Deprecated. Migrating off of this method is recommended as a security best-practice.
1531
+ * Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
1526
1532
  * @public
1527
1533
  */
1528
1534
  export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
@@ -3413,6 +3419,16 @@ export declare class RecaptchaVerifier implements ApplicationVerifierInternal {
3413
3419
  */
3414
3420
  export declare function reload(user: User): Promise<void>;
3415
3421
 
3422
+ /**
3423
+ * Revokes the given access token. Currently only supports Apple OAuth access tokens.
3424
+ *
3425
+ * @param auth - The {@link Auth} instance.
3426
+ * @param token - The Apple OAuth access token.
3427
+ *
3428
+ * @public
3429
+ */
3430
+ export declare function revokeAccessToken(auth: Auth, token: string): Promise<void>;
3431
+
3416
3432
  /**
3417
3433
  * An {@link AuthProvider} for SAML.
3418
3434
  *
@@ -3489,7 +3505,9 @@ export declare class SAMLAuthProvider extends FederatedAuthProvider {
3489
3505
  export declare function sendEmailVerification(user: User, actionCodeSettings?: ActionCodeSettings | null): Promise<void>;
3490
3506
 
3491
3507
  /**
3492
- * Sends a password reset email to the given email address.
3508
+ * Sends a password reset email to the given email address. This method does not throw an error when
3509
+ * there's no user account with the given email address and
3510
+ * [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
3493
3511
  *
3494
3512
  * @remarks
3495
3513
  * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
@@ -3658,6 +3676,8 @@ export declare function signInWithCustomToken(auth: Auth, customToken: string):
3658
3676
  *
3659
3677
  * @remarks
3660
3678
  * Fails with an error if the email address and password do not match.
3679
+ * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
3680
+ * this method fails with "auth/invalid-credential" in case of an invalid email/password.
3661
3681
  *
3662
3682
  * Note: The user's password is NOT the password used to access the user's email account. The
3663
3683
  * email address serves as a unique identifier for the user, and the password is used to access
@@ -4134,6 +4154,9 @@ export declare function updateCurrentUser(auth: Auth, user: User | null): Promis
4134
4154
  * @param user - The user.
4135
4155
  * @param newEmail - The new email address.
4136
4156
  *
4157
+ * Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
4158
+ * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
4159
+ *
4137
4160
  * @public
4138
4161
  */
4139
4162
  export declare function updateEmail(user: User, newEmail: string): Promise<void>;
@@ -176,7 +176,7 @@ function _debugErrorMap() {
176
176
  ["invalid-emulator-scheme" /* AuthErrorCode.INVALID_EMULATOR_SCHEME */]: 'Emulator URL must start with a valid scheme (http:// or https://).',
177
177
  ["invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */]: 'Your API key is invalid, please check you have copied it correctly.',
178
178
  ["invalid-cert-hash" /* AuthErrorCode.INVALID_CERT_HASH */]: 'The SHA-1 certificate hash provided is invalid.',
179
- ["invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */]: 'The supplied auth credential is malformed or has expired.',
179
+ ["invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */]: 'The supplied auth credential is incorrect, malformed or has expired.',
180
180
  ["invalid-message-payload" /* AuthErrorCode.INVALID_MESSAGE_PAYLOAD */]: 'The email template corresponding to this action contains invalid characters in its message. ' +
181
181
  'Please fix by going to the Auth email templates section in the Firebase Console.',
182
182
  ["invalid-multi-factor-session" /* AuthErrorCode.INVALID_MFA_SESSION */]: 'The request does not contain a valid proof of first factor successful sign-in.',
@@ -352,6 +352,7 @@ const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
352
352
  INVALID_EMAIL: 'auth/invalid-email',
353
353
  INVALID_EMULATOR_SCHEME: 'auth/invalid-emulator-scheme',
354
354
  INVALID_IDP_RESPONSE: 'auth/invalid-credential',
355
+ INVALID_LOGIN_CREDENTIALS: 'auth/invalid-credential',
355
356
  INVALID_MESSAGE_PAYLOAD: 'auth/invalid-message-payload',
356
357
  INVALID_MFA_SESSION: 'auth/invalid-multi-factor-session',
357
358
  INVALID_OAUTH_CLIENT_ID: 'auth/invalid-oauth-client-id',
@@ -786,12 +787,15 @@ const SERVER_ERROR_MAP = {
786
787
  ["INVALID_PASSWORD" /* ServerError.INVALID_PASSWORD */]: "wrong-password" /* AuthErrorCode.INVALID_PASSWORD */,
787
788
  // This can only happen if the SDK sends a bad request.
788
789
  ["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */]: "missing-password" /* AuthErrorCode.MISSING_PASSWORD */,
790
+ // Thrown if Email Enumeration Protection is enabled in the project and the email or password is
791
+ // invalid.
792
+ ["INVALID_LOGIN_CREDENTIALS" /* ServerError.INVALID_LOGIN_CREDENTIALS */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
789
793
  // Sign up with email and password errors.
790
794
  ["EMAIL_EXISTS" /* ServerError.EMAIL_EXISTS */]: "email-already-in-use" /* AuthErrorCode.EMAIL_EXISTS */,
791
795
  ["PASSWORD_LOGIN_DISABLED" /* ServerError.PASSWORD_LOGIN_DISABLED */]: "operation-not-allowed" /* AuthErrorCode.OPERATION_NOT_ALLOWED */,
792
796
  // Verify assertion for sign in with credential errors:
793
- ["INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */]: "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
794
- ["INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */]: "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
797
+ ["INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
798
+ ["INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
795
799
  ["FEDERATED_USER_ID_ALREADY_LINKED" /* ServerError.FEDERATED_USER_ID_ALREADY_LINKED */]: "credential-already-in-use" /* AuthErrorCode.CREDENTIAL_ALREADY_IN_USE */,
796
800
  // This can only happen if the SDK sends a bad request.
797
801
  ["MISSING_REQ_TYPE" /* ServerError.MISSING_REQ_TYPE */]: "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
@@ -813,7 +817,7 @@ const SERVER_ERROR_MAP = {
813
817
  // Phone Auth related errors.
814
818
  ["INVALID_CODE" /* ServerError.INVALID_CODE */]: "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
815
819
  ["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */]: "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
816
- ["INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */]: "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
820
+ ["INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
817
821
  ["MISSING_SESSION_INFO" /* ServerError.MISSING_SESSION_INFO */]: "missing-verification-id" /* AuthErrorCode.MISSING_SESSION_INFO */,
818
822
  ["SESSION_EXPIRED" /* ServerError.SESSION_EXPIRED */]: "code-expired" /* AuthErrorCode.CODE_EXPIRED */,
819
823
  // Other action code errors when additional settings passed.
@@ -1540,6 +1544,9 @@ async function requestStsToken(auth, refreshToken) {
1540
1544
  expiresIn: response.expires_in,
1541
1545
  refreshToken: response.refresh_token
1542
1546
  };
1547
+ }
1548
+ async function revokeToken(auth, request) {
1549
+ return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts:revokeToken" /* Endpoint.REVOKE_TOKEN */, _addTidIfNecessary(auth, request));
1543
1550
  }
1544
1551
 
1545
1552
  /**
@@ -2809,6 +2816,25 @@ class AuthImpl {
2809
2816
  }
2810
2817
  });
2811
2818
  }
2819
+ /**
2820
+ * Revokes the given access token. Currently only supports Apple OAuth access tokens.
2821
+ */
2822
+ async revokeAccessToken(token) {
2823
+ if (this.currentUser) {
2824
+ const idToken = await this.currentUser.getIdToken();
2825
+ // Generalize this to accept other providers once supported.
2826
+ const request = {
2827
+ providerId: 'apple.com',
2828
+ tokenType: "ACCESS_TOKEN" /* TokenType.ACCESS_TOKEN */,
2829
+ token,
2830
+ idToken
2831
+ };
2832
+ if (this.tenantId != null) {
2833
+ request.tenantId = this.tenantId;
2834
+ }
2835
+ await revokeToken(this, request);
2836
+ }
2837
+ }
2812
2838
  toJSON() {
2813
2839
  var _a;
2814
2840
  return {
@@ -3499,6 +3525,11 @@ async function resetPassword(auth, request) {
3499
3525
  async function updateEmailPassword(auth, request) {
3500
3526
  return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v1/accounts:update" /* Endpoint.SET_ACCOUNT_INFO */, request);
3501
3527
  }
3528
+ // Used for linking an email/password account to an existing idToken. Uses the same request/response
3529
+ // format as updateEmailPassword.
3530
+ async function linkEmailPassword(auth, request) {
3531
+ return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v1/accounts:signUp" /* Endpoint.SIGN_UP */, request);
3532
+ }
3502
3533
  async function applyActionCode$1(auth, request) {
3503
3534
  return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v1/accounts:update" /* Endpoint.SET_ACCOUNT_INFO */, _addTidIfNecessary(auth, request));
3504
3535
  }
@@ -3662,12 +3693,14 @@ class EmailAuthCredential extends AuthCredential {
3662
3693
  async _linkToIdToken(auth, idToken) {
3663
3694
  switch (this.signInMethod) {
3664
3695
  case "password" /* SignInMethod.EMAIL_PASSWORD */:
3665
- return updateEmailPassword(auth, {
3696
+ const request = {
3666
3697
  idToken,
3667
3698
  returnSecureToken: true,
3668
3699
  email: this._email,
3669
- password: this._password
3670
- });
3700
+ password: this._password,
3701
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
3702
+ };
3703
+ return handleRecaptchaFlow(auth, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */, linkEmailPassword);
3671
3704
  case "emailLink" /* SignInMethod.EMAIL_LINK */:
3672
3705
  return signInWithEmailLinkForLinking(auth, {
3673
3706
  idToken,
@@ -5594,7 +5627,9 @@ async function recachePasswordPolicy(auth) {
5594
5627
  }
5595
5628
  }
5596
5629
  /**
5597
- * Sends a password reset email to the given email address.
5630
+ * Sends a password reset email to the given email address. This method does not throw an error when
5631
+ * there's no user account with the given email address and
5632
+ * [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
5598
5633
  *
5599
5634
  * @remarks
5600
5635
  * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
@@ -5778,6 +5813,8 @@ async function createUserWithEmailAndPassword(auth, email, password) {
5778
5813
  *
5779
5814
  * @remarks
5780
5815
  * Fails with an error if the email address and password do not match.
5816
+ * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
5817
+ * this method fails with "auth/invalid-credential" in case of an invalid email/password.
5781
5818
  *
5782
5819
  * Note: The user's password is NOT the password used to access the user's email account. The
5783
5820
  * email address serves as a unique identifier for the user, and the password is used to access
@@ -5963,7 +6000,9 @@ async function createAuthUri(auth, request) {
5963
6000
  * limitations under the License.
5964
6001
  */
5965
6002
  /**
5966
- * Gets the list of possible sign in methods for the given email address.
6003
+ * Gets the list of possible sign in methods for the given email address. This method returns an
6004
+ * empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
6005
+ * authentication methods available for the given email.
5967
6006
  *
5968
6007
  * @remarks
5969
6008
  * This is useful to differentiate methods of sign-in for the same provider, eg.
@@ -5974,6 +6013,8 @@ async function createAuthUri(auth, request) {
5974
6013
  * @param auth - The {@link Auth} instance.
5975
6014
  * @param email - The user's email address.
5976
6015
  *
6016
+ * Deprecated. Migrating off of this method is recommended as a security best-practice.
6017
+ * Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
5977
6018
  * @public
5978
6019
  */
5979
6020
  async function fetchSignInMethodsForEmail(auth, email) {
@@ -6167,6 +6208,9 @@ async function updateProfile(user, { displayName, photoURL: photoUrl }) {
6167
6208
  * @param user - The user.
6168
6209
  * @param newEmail - The new email address.
6169
6210
  *
6211
+ * Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
6212
+ * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
6213
+ *
6170
6214
  * @public
6171
6215
  */
6172
6216
  function updateEmail(user, newEmail) {
@@ -6511,6 +6555,18 @@ function updateCurrentUser(auth, user) {
6511
6555
  function signOut(auth) {
6512
6556
  return util.getModularInstance(auth).signOut();
6513
6557
  }
6558
+ /**
6559
+ * Revokes the given access token. Currently only supports Apple OAuth access tokens.
6560
+ *
6561
+ * @param auth - The {@link Auth} instance.
6562
+ * @param token - The Apple OAuth access token.
6563
+ *
6564
+ * @public
6565
+ */
6566
+ function revokeAccessToken(auth, token) {
6567
+ const authInternal = _castAuth(auth);
6568
+ return authInternal.revokeAccessToken(token);
6569
+ }
6514
6570
  /**
6515
6571
  * Deletes and signs out the user.
6516
6572
  *
@@ -10226,7 +10282,7 @@ function _isEmptyString(input) {
10226
10282
  }
10227
10283
 
10228
10284
  var name = "@firebase/auth";
10229
- var version = "1.3.2";
10285
+ var version = "1.4.0-canary.00235ba68";
10230
10286
 
10231
10287
  /**
10232
10288
  * @license
@@ -10529,6 +10585,7 @@ exports.reauthenticateWithPhoneNumber = reauthenticateWithPhoneNumber;
10529
10585
  exports.reauthenticateWithPopup = reauthenticateWithPopup;
10530
10586
  exports.reauthenticateWithRedirect = reauthenticateWithRedirect;
10531
10587
  exports.reload = reload;
10588
+ exports.revokeAccessToken = revokeAccessToken;
10532
10589
  exports.sendEmailVerification = sendEmailVerification;
10533
10590
  exports.sendPasswordResetEmail = sendPasswordResetEmail;
10534
10591
  exports.sendSignInLinkToEmail = sendSignInLinkToEmail;
@@ -10552,4 +10609,4 @@ exports.useDeviceLanguage = useDeviceLanguage;
10552
10609
  exports.validatePassword = validatePassword;
10553
10610
  exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
10554
10611
  exports.verifyPasswordResetCode = verifyPasswordResetCode;
10555
- //# sourceMappingURL=index-770706ba.js.map
10612
+ //# sourceMappingURL=index-d50ad728.js.map