@firebase/auth 1.4.0-canary.a89e05bfc → 1.4.0-canary.b782bb270

package/dist/node-esm/index.js

@@ -1,8 +1,8 @@
-export { A as ActionCodeOperation, ai as ActionCodeURL, L as AuthCredential, I as AuthErrorCodes, M as EmailAuthCredential, V as EmailAuthProvider, W as FacebookAuthProvider, F as FactorId, Y as GithubAuthProvider, X as GoogleAuthProvider, N as OAuthCredential, Z as OAuthProvider, O as OperationType, Q as PhoneAuthCredential, P as PhoneAuthProvider, m as PhoneMultiFactorGenerator, p as ProviderId, R as RecaptchaVerifier, _ as SAMLAuthProvider, S as SignInMethod, T as TotpMultiFactorGenerator, n as TotpSecret, $ as TwitterAuthProvider, a7 as applyActionCode, x as beforeAuthStateChanged, b as browserLocalPersistence, k as browserPopupRedirectResolver, a as browserSessionPersistence, a8 as checkActionCode, a6 as confirmPasswordReset, K as connectAuthEmulator, aa as createUserWithEmailAndPassword, G as debugErrorMap, E as deleteUser, af as fetchSignInMethodsForEmail, aq as getAdditionalUserInfo, o as getAuth, an as getIdToken, ao as getIdTokenResult, as as getMultiFactorResolver, j as getRedirectResult, U as inMemoryPersistence, i as indexedDBLocalPersistence, J as initializeAuth, t as initializeRecaptchaConfig, ad as isSignInWithEmailLink, a2 as linkWithCredential, l as linkWithPhoneNumber, d as linkWithPopup, g as linkWithRedirect, at as multiFactor, y as onAuthStateChanged, w as onIdTokenChanged, aj as parseActionCodeURL, H as prodErrorMap, a3 as reauthenticateWithCredential, r as reauthenticateWithPhoneNumber, e as reauthenticateWithPopup, h as reauthenticateWithRedirect, ar as reload, D as revokeAccessToken, ag as sendEmailVerification, a5 as sendPasswordResetEmail, ac as sendSignInLinkToEmail, q as setPersistence, a0 as signInAnonymously, a1 as signInWithCredential, a4 as signInWithCustomToken, ab as signInWithEmailAndPassword, ae as signInWithEmailLink, s as signInWithPhoneNumber, c as signInWithPopup, f as signInWithRedirect, C as signOut, ap as unlink, B as updateCurrentUser, al as updateEmail, am as updatePassword, u as updatePhoneNumber, ak as updateProfile, z as useDeviceLanguage, v as validatePassword, ah as verifyBeforeUpdateEmail, a9 as verifyPasswordResetCode } from './totp-caa6c436.js';
+export { A as ActionCodeOperation, ai as ActionCodeURL, L as AuthCredential, I as AuthErrorCodes, M as EmailAuthCredential, V as EmailAuthProvider, W as FacebookAuthProvider, F as FactorId, Y as GithubAuthProvider, X as GoogleAuthProvider, N as OAuthCredential, Z as OAuthProvider, O as OperationType, Q as PhoneAuthCredential, P as PhoneAuthProvider, m as PhoneMultiFactorGenerator, p as ProviderId, R as RecaptchaVerifier, _ as SAMLAuthProvider, S as SignInMethod, T as TotpMultiFactorGenerator, n as TotpSecret, $ as TwitterAuthProvider, a7 as applyActionCode, x as beforeAuthStateChanged, b as browserLocalPersistence, k as browserPopupRedirectResolver, a as browserSessionPersistence, a8 as checkActionCode, a6 as confirmPasswordReset, K as connectAuthEmulator, aa as createUserWithEmailAndPassword, G as debugErrorMap, E as deleteUser, af as fetchSignInMethodsForEmail, aq as getAdditionalUserInfo, o as getAuth, an as getIdToken, ao as getIdTokenResult, as as getMultiFactorResolver, j as getRedirectResult, U as inMemoryPersistence, i as indexedDBLocalPersistence, J as initializeAuth, t as initializeRecaptchaConfig, ad as isSignInWithEmailLink, a2 as linkWithCredential, l as linkWithPhoneNumber, d as linkWithPopup, g as linkWithRedirect, at as multiFactor, y as onAuthStateChanged, w as onIdTokenChanged, aj as parseActionCodeURL, H as prodErrorMap, a3 as reauthenticateWithCredential, r as reauthenticateWithPhoneNumber, e as reauthenticateWithPopup, h as reauthenticateWithRedirect, ar as reload, D as revokeAccessToken, ag as sendEmailVerification, a5 as sendPasswordResetEmail, ac as sendSignInLinkToEmail, q as setPersistence, a0 as signInAnonymously, a1 as signInWithCredential, a4 as signInWithCustomToken, ab as signInWithEmailAndPassword, ae as signInWithEmailLink, s as signInWithPhoneNumber, c as signInWithPopup, f as signInWithRedirect, C as signOut, ap as unlink, B as updateCurrentUser, al as updateEmail, am as updatePassword, u as updatePhoneNumber, ak as updateProfile, z as useDeviceLanguage, v as validatePassword, ah as verifyBeforeUpdateEmail, a9 as verifyPasswordResetCode } from './totp-b1e989f6.js';
 import '@firebase/util';
 import '@firebase/app';
 import 'tslib';
 import '@firebase/component';
-import 'node-fetch';
+import 'undici';
 import '@firebase/logger';
 //# sourceMappingURL=index.js.map

package/dist/node-esm/internal.js

@@ -1,10 +1,10 @@
-import { au as _getInstance, av as _assert, aw as _signInWithCredential, ax as _reauthenticate, ay as _link$1, L as AuthCredential, az as signInWithIdp, aA as _fail, aB as debugAssert, aC as _persistenceKeyName, aD as _castAuth, aE as FederatedAuthProvider, aF as BaseOAuthProvider, aG as _emulatorUrl, aH as _performApiRequest, aI as _isIOS, aJ as _isAndroid, aK as _isIOS7Or8, aL as _createError, aM as _isIframe, aN as _isMobileBrowser, aO as _isIE10, aP as _isSafari } from './totp-caa6c436.js';
-export { A as ActionCodeOperation, ai as ActionCodeURL, L as AuthCredential, I as AuthErrorCodes, aR as AuthImpl, M as EmailAuthCredential, V as EmailAuthProvider, W as FacebookAuthProvider, F as FactorId, aT as FetchProvider, Y as GithubAuthProvider, X as GoogleAuthProvider, N as OAuthCredential, Z as OAuthProvider, O as OperationType, Q as PhoneAuthCredential, P as PhoneAuthProvider, m as PhoneMultiFactorGenerator, p as ProviderId, R as RecaptchaVerifier, aU as SAMLAuthCredential, _ as SAMLAuthProvider, S as SignInMethod, T as TotpMultiFactorGenerator, n as TotpSecret, $ as TwitterAuthProvider, aQ as UserImpl, av as _assert, aD as _castAuth, aA as _fail, aS as _getClientVersion, au as _getInstance, aC as _persistenceKeyName, a7 as applyActionCode, x as beforeAuthStateChanged, b as browserLocalPersistence, k as browserPopupRedirectResolver, a as browserSessionPersistence, a8 as checkActionCode, a6 as confirmPasswordReset, K as connectAuthEmulator, aa as createUserWithEmailAndPassword, G as debugErrorMap, E as deleteUser, af as fetchSignInMethodsForEmail, aq as getAdditionalUserInfo, o as getAuth, an as getIdToken, ao as getIdTokenResult, as as getMultiFactorResolver, j as getRedirectResult, U as inMemoryPersistence, i as indexedDBLocalPersistence, J as initializeAuth, t as initializeRecaptchaConfig, ad as isSignInWithEmailLink, a2 as linkWithCredential, l as linkWithPhoneNumber, d as linkWithPopup, g as linkWithRedirect, at as multiFactor, y as onAuthStateChanged, w as onIdTokenChanged, aj as parseActionCodeURL, H as prodErrorMap, a3 as reauthenticateWithCredential, r as reauthenticateWithPhoneNumber, e as reauthenticateWithPopup, h as reauthenticateWithRedirect, ar as reload, D as revokeAccessToken, ag as sendEmailVerification, a5 as sendPasswordResetEmail, ac as sendSignInLinkToEmail, q as setPersistence, a0 as signInAnonymously, a1 as signInWithCredential, a4 as signInWithCustomToken, ab as signInWithEmailAndPassword, ae as signInWithEmailLink, s as signInWithPhoneNumber, c as signInWithPopup, f as signInWithRedirect, C as signOut, ap as unlink, B as updateCurrentUser, al as updateEmail, am as updatePassword, u as updatePhoneNumber, ak as updateProfile, z as useDeviceLanguage, v as validatePassword, ah as verifyBeforeUpdateEmail, a9 as verifyPasswordResetCode } from './totp-caa6c436.js';
+import { au as _getInstance, av as _assert, aw as _signInWithCredential, ax as _reauthenticate, ay as _link$1, L as AuthCredential, az as signInWithIdp, aA as _fail, aB as debugAssert, aC as _persistenceKeyName, aD as _castAuth, aE as FederatedAuthProvider, aF as BaseOAuthProvider, aG as _emulatorUrl, aH as _performApiRequest, aI as _isIOS, aJ as _isAndroid, aK as _isIOS7Or8, aL as _createError, aM as _isIframe, aN as _isMobileBrowser, aO as _isIE10, aP as _isSafari } from './totp-b1e989f6.js';
+export { A as ActionCodeOperation, ai as ActionCodeURL, L as AuthCredential, I as AuthErrorCodes, aR as AuthImpl, M as EmailAuthCredential, V as EmailAuthProvider, W as FacebookAuthProvider, F as FactorId, aT as FetchProvider, Y as GithubAuthProvider, X as GoogleAuthProvider, N as OAuthCredential, Z as OAuthProvider, O as OperationType, Q as PhoneAuthCredential, P as PhoneAuthProvider, m as PhoneMultiFactorGenerator, p as ProviderId, R as RecaptchaVerifier, aU as SAMLAuthCredential, _ as SAMLAuthProvider, S as SignInMethod, T as TotpMultiFactorGenerator, n as TotpSecret, $ as TwitterAuthProvider, aQ as UserImpl, av as _assert, aD as _castAuth, aA as _fail, aS as _getClientVersion, au as _getInstance, aC as _persistenceKeyName, a7 as applyActionCode, x as beforeAuthStateChanged, b as browserLocalPersistence, k as browserPopupRedirectResolver, a as browserSessionPersistence, a8 as checkActionCode, a6 as confirmPasswordReset, K as connectAuthEmulator, aa as createUserWithEmailAndPassword, G as debugErrorMap, E as deleteUser, af as fetchSignInMethodsForEmail, aq as getAdditionalUserInfo, o as getAuth, an as getIdToken, ao as getIdTokenResult, as as getMultiFactorResolver, j as getRedirectResult, U as inMemoryPersistence, i as indexedDBLocalPersistence, J as initializeAuth, t as initializeRecaptchaConfig, ad as isSignInWithEmailLink, a2 as linkWithCredential, l as linkWithPhoneNumber, d as linkWithPopup, g as linkWithRedirect, at as multiFactor, y as onAuthStateChanged, w as onIdTokenChanged, aj as parseActionCodeURL, H as prodErrorMap, a3 as reauthenticateWithCredential, r as reauthenticateWithPhoneNumber, e as reauthenticateWithPopup, h as reauthenticateWithRedirect, ar as reload, D as revokeAccessToken, ag as sendEmailVerification, a5 as sendPasswordResetEmail, ac as sendSignInLinkToEmail, q as setPersistence, a0 as signInAnonymously, a1 as signInWithCredential, a4 as signInWithCustomToken, ab as signInWithEmailAndPassword, ae as signInWithEmailLink, s as signInWithPhoneNumber, c as signInWithPopup, f as signInWithRedirect, C as signOut, ap as unlink, B as updateCurrentUser, al as updateEmail, am as updatePassword, u as updatePhoneNumber, ak as updateProfile, z as useDeviceLanguage, v as validatePassword, ah as verifyBeforeUpdateEmail, a9 as verifyPasswordResetCode } from './totp-b1e989f6.js';
 import { isEmpty, querystring, getUA, querystringDecode } from '@firebase/util';
 import 'tslib';
 import { SDK_VERSION } from '@firebase/app';
 import '@firebase/component';
-import 'node-fetch';
+import 'undici';
 import '@firebase/logger';
 
 /**

package/dist/node-esm/src/api/errors.d.ts

@@ -42,6 +42,7 @@ export declare const enum ServerError {
     INVALID_ID_TOKEN = "INVALID_ID_TOKEN",
     INVALID_IDP_RESPONSE = "INVALID_IDP_RESPONSE",
     INVALID_IDENTIFIER = "INVALID_IDENTIFIER",
+    INVALID_LOGIN_CREDENTIALS = "INVALID_LOGIN_CREDENTIALS",
     INVALID_MESSAGE_PAYLOAD = "INVALID_MESSAGE_PAYLOAD",
     INVALID_MFA_PENDING_CREDENTIAL = "INVALID_MFA_PENDING_CREDENTIAL",
     INVALID_OAUTH_CLIENT_ID = "INVALID_OAUTH_CLIENT_ID",

package/dist/node-esm/src/core/errors.d.ts

@@ -57,7 +57,7 @@ export declare const enum AuthErrorCode {
     INVALID_DYNAMIC_LINK_DOMAIN = "invalid-dynamic-link-domain",
     INVALID_EMAIL = "invalid-email",
     INVALID_EMULATOR_SCHEME = "invalid-emulator-scheme",
-    INVALID_IDP_RESPONSE = "invalid-credential",
+    INVALID_CREDENTIAL = "invalid-credential",
     INVALID_MESSAGE_PAYLOAD = "invalid-message-payload",
     INVALID_MFA_SESSION = "invalid-multi-factor-session",
     INVALID_OAUTH_CLIENT_ID = "invalid-oauth-client-id",
@@ -250,6 +250,7 @@ export declare const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY: {
     readonly INVALID_EMAIL: "auth/invalid-email";
     readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
     readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
+    readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential";
     readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
     readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
     readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";

package/dist/node-esm/src/core/strategies/email.d.ts

@@ -16,7 +16,9 @@
  */
 import { ActionCodeSettings, Auth, User } from '../../model/public_types';
 /**
- * Gets the list of possible sign in methods for the given email address.
+ * Gets the list of possible sign in methods for the given email address. This method returns an
+ * empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
+ * authentication methods available for the given email.
  *
  * @remarks
  * This is useful to differentiate methods of sign-in for the same provider, eg.
@@ -27,6 +29,8 @@ import { ActionCodeSettings, Auth, User } from '../../model/public_types';
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  *
+ * Deprecated. Migrating off of this method is recommended as a security best-practice.
+ * Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
  * @public
  */
 export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;

package/dist/node-esm/src/core/strategies/email_and_password.d.ts

@@ -16,7 +16,9 @@
  */
 import { ActionCodeInfo, ActionCodeSettings, Auth, UserCredential } from '../../model/public_types';
 /**
- * Sends a password reset email to the given email address.
+ * Sends a password reset email to the given email address. This method does not throw an error when
+ * there's no user account with the given email address and
+ * [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
  *
  * @remarks
  * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
@@ -112,6 +114,8 @@ export declare function createUserWithEmailAndPassword(auth: Auth, email: string
  *
  * @remarks
  * Fails with an error if the email address and password do not match.
+ * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
+ * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access

package/dist/node-esm/src/core/user/account_info.d.ts

@@ -41,6 +41,9 @@ export declare function updateProfile(user: User, { displayName, photoURL: photo
  * @param user - The user.
  * @param newEmail - The new email address.
  *
+ * Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
+ * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
+ *
  * @public
  */
 export declare function updateEmail(user: User, newEmail: string): Promise<void>;

package/dist/node-esm/{totp-caa6c436.js → totp-b1e989f6.js}

@@ -2,7 +2,7 @@ import { ErrorFactory, isBrowserExtension, isMobileCordova, isReactNative, Fireb
 import { SDK_VERSION, _getProvider, _registerComponent, registerVersion, getApp } from '@firebase/app';
 import { __rest } from 'tslib';
 import { Component } from '@firebase/component';
-import * as fetchImpl from 'node-fetch';
+import { fetch as fetch$1, Headers as Headers$1, Response as Response$1 } from 'undici';
 import { Logger, LogLevel } from '@firebase/logger';
 
 /**
@@ -175,7 +175,7 @@ function _debugErrorMap() {
         ["invalid-emulator-scheme" /* AuthErrorCode.INVALID_EMULATOR_SCHEME */]: 'Emulator URL must start with a valid scheme (http:// or https://).',
         ["invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */]: 'Your API key is invalid, please check you have copied it correctly.',
         ["invalid-cert-hash" /* AuthErrorCode.INVALID_CERT_HASH */]: 'The SHA-1 certificate hash provided is invalid.',
-        ["invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */]: 'The supplied auth credential is malformed or has expired.',
+        ["invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */]: 'The supplied auth credential is incorrect, malformed or has expired.',
         ["invalid-message-payload" /* AuthErrorCode.INVALID_MESSAGE_PAYLOAD */]: 'The email template corresponding to this action contains invalid characters in its message. ' +
             'Please fix by going to the Auth email templates section in the Firebase Console.',
         ["invalid-multi-factor-session" /* AuthErrorCode.INVALID_MFA_SESSION */]: 'The request does not contain a valid proof of first factor successful sign-in.',
@@ -351,6 +351,7 @@ const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
     INVALID_EMAIL: 'auth/invalid-email',
     INVALID_EMULATOR_SCHEME: 'auth/invalid-emulator-scheme',
     INVALID_IDP_RESPONSE: 'auth/invalid-credential',
+    INVALID_LOGIN_CREDENTIALS: 'auth/invalid-credential',
     INVALID_MESSAGE_PAYLOAD: 'auth/invalid-message-payload',
     INVALID_MFA_SESSION: 'auth/invalid-multi-factor-session',
     INVALID_OAUTH_CLIENT_ID: 'auth/invalid-oauth-client-id',
@@ -775,12 +776,15 @@ const SERVER_ERROR_MAP = {
     ["INVALID_PASSWORD" /* ServerError.INVALID_PASSWORD */]: "wrong-password" /* AuthErrorCode.INVALID_PASSWORD */,
     // This can only happen if the SDK sends a bad request.
     ["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */]: "missing-password" /* AuthErrorCode.MISSING_PASSWORD */,
+    // Thrown if Email Enumeration Protection is enabled in the project and the email or password is
+    // invalid.
+    ["INVALID_LOGIN_CREDENTIALS" /* ServerError.INVALID_LOGIN_CREDENTIALS */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
     // Sign up with email and password errors.
     ["EMAIL_EXISTS" /* ServerError.EMAIL_EXISTS */]: "email-already-in-use" /* AuthErrorCode.EMAIL_EXISTS */,
     ["PASSWORD_LOGIN_DISABLED" /* ServerError.PASSWORD_LOGIN_DISABLED */]: "operation-not-allowed" /* AuthErrorCode.OPERATION_NOT_ALLOWED */,
     // Verify assertion for sign in with credential errors:
-    ["INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */]: "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
-    ["INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */]: "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
+    ["INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
+    ["INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
     ["FEDERATED_USER_ID_ALREADY_LINKED" /* ServerError.FEDERATED_USER_ID_ALREADY_LINKED */]: "credential-already-in-use" /* AuthErrorCode.CREDENTIAL_ALREADY_IN_USE */,
     // This can only happen if the SDK sends a bad request.
     ["MISSING_REQ_TYPE" /* ServerError.MISSING_REQ_TYPE */]: "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
@@ -802,7 +806,7 @@ const SERVER_ERROR_MAP = {
     // Phone Auth related errors.
     ["INVALID_CODE" /* ServerError.INVALID_CODE */]: "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
     ["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */]: "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
-    ["INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */]: "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
+    ["INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
     ["MISSING_SESSION_INFO" /* ServerError.MISSING_SESSION_INFO */]: "missing-verification-id" /* AuthErrorCode.MISSING_SESSION_INFO */,
     ["SESSION_EXPIRED" /* ServerError.SESSION_EXPIRED */]: "code-expired" /* AuthErrorCode.CODE_EXPIRED */,
     // Other action code errors when additional settings passed.
@@ -5595,7 +5599,9 @@ async function recachePasswordPolicy(auth) {
     }
 }
 /**
- * Sends a password reset email to the given email address.
+ * Sends a password reset email to the given email address. This method does not throw an error when
+ * there's no user account with the given email address and
+ * [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
  *
  * @remarks
  * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
@@ -5779,6 +5785,8 @@ async function createUserWithEmailAndPassword(auth, email, password) {
  *
  * @remarks
  * Fails with an error if the email address and password do not match.
+ * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
+ * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
@@ -5964,7 +5972,9 @@ async function createAuthUri(auth, request) {
  * limitations under the License.
  */
 /**
- * Gets the list of possible sign in methods for the given email address.
+ * Gets the list of possible sign in methods for the given email address. This method returns an
+ * empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
+ * authentication methods available for the given email.
  *
  * @remarks
  * This is useful to differentiate methods of sign-in for the same provider, eg.
@@ -5975,6 +5985,8 @@ async function createAuthUri(auth, request) {
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  *
+ * Deprecated. Migrating off of this method is recommended as a security best-practice.
+ * Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
  * @public
  */
 async function fetchSignInMethodsForEmail(auth, email) {
@@ -6168,6 +6180,9 @@ async function updateProfile(user, { displayName, photoURL: photoUrl }) {
  * @param user - The user.
  * @param newEmail - The new email address.
  *
+ * Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
+ * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
+ *
  * @public
  */
 function updateEmail(user, newEmail) {
@@ -6762,7 +6777,7 @@ function multiFactor(user) {
 }
 
 var name = "@firebase/auth";
-var version = "1.4.0-canary.a89e05bfc";
+var version = "1.4.0-canary.b782bb270";
 
 /**
  * @license
@@ -6923,7 +6938,7 @@ function registerAuth(clientPlatform) {
  * limitations under the License.
  */
 // Initialize the fetch polyfill, the types are slightly off so just cast and hope for the best
-FetchProvider.initialize(fetchImpl.default, fetchImpl.Headers, fetchImpl.Response);
+FetchProvider.initialize(fetch$1, Headers$1, Response$1);
 // First, we set up the various platform-specific features for Node (register
 // the version and declare the Node getAuth function)
 function getAuth(app = getApp()) {
@@ -7172,4 +7187,4 @@ function _isEmptyString(input) {
 }
 
 export { TwitterAuthProvider as $, ActionCodeOperation as A, updateCurrentUser as B, signOut as C, revokeAccessToken as D, deleteUser as E, FactorId as F, debugErrorMap as G, prodErrorMap as H, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as I, initializeAuth as J, connectAuthEmulator as K, AuthCredential as L, EmailAuthCredential as M, OAuthCredential as N, OperationType as O, PhoneAuthProvider as P, PhoneAuthCredential as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, inMemoryPersistence as U, EmailAuthProvider as V, FacebookAuthProvider as W, GoogleAuthProvider as X, GithubAuthProvider as Y, OAuthProvider as Z, SAMLAuthProvider as _, browserSessionPersistence as a, signInAnonymously as a0, signInWithCredential as a1, linkWithCredential as a2, reauthenticateWithCredential as a3, signInWithCustomToken as a4, sendPasswordResetEmail as a5, confirmPasswordReset as a6, applyActionCode as a7, checkActionCode as a8, verifyPasswordResetCode as a9, _fail as aA, debugAssert as aB, _persistenceKeyName as aC, _castAuth as aD, FederatedAuthProvider as aE, BaseOAuthProvider as aF, _emulatorUrl as aG, _performApiRequest as aH, _isIOS as aI, _isAndroid as aJ, _isIOS7Or8 as aK, _createError as aL, _isIframe as aM, _isMobileBrowser as aN, _isIE10 as aO, _isSafari as aP, UserImpl as aQ, AuthImpl as aR, _getClientVersion as aS, FetchProvider as aT, SAMLAuthCredential as aU, createUserWithEmailAndPassword as aa, signInWithEmailAndPassword as ab, sendSignInLinkToEmail as ac, isSignInWithEmailLink as ad, signInWithEmailLink as ae, fetchSignInMethodsForEmail as af, sendEmailVerification as ag, verifyBeforeUpdateEmail as ah, ActionCodeURL as ai, parseActionCodeURL as aj, updateProfile as ak, updateEmail as al, updatePassword as am, getIdToken as an, getIdTokenResult as ao, unlink as ap, getAdditionalUserInfo as aq, reload as ar, getMultiFactorResolver as as, multiFactor as at, _getInstance as au, _assert as av, _signInWithCredential as aw, _reauthenticate as ax, _link as ay, signInWithIdp as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, initializeRecaptchaConfig as t, updatePhoneNumber as u, validatePassword as v, onIdTokenChanged as w, beforeAuthStateChanged as x, onAuthStateChanged as y, useDeviceLanguage as z };
-//# sourceMappingURL=totp-caa6c436.js.map
+//# sourceMappingURL=totp-b1e989f6.js.map