@firebase/auth 1.5.1 → 1.6.0-20240131233318

package/dist/web-extension-esm2017/internal.js

@@ -0,0 +1,3350 @@
+import { a8 as STORAGE_AVAILABLE_KEY, a9 as _isIframe, aa as _isMobileBrowser, ab as _isIE10, ac as _isSafari, ad as _isIOS, ae as _assert, af as Delay, ag as _window, ah as isV2, ai as _createError, aj as _recaptchaV2ScriptUrl, ak as _loadJS, al as _generateCallbackName, am as _castAuth, an as _isHttpOrHttps, ao as _isWorker, ap as getRecaptchaParams, z as signInWithCredential, aq as _assertLinkedStatus, B as linkWithCredential, C as reauthenticateWithCredential, ar as startEnrollPhoneMfa, as as startSignInPhoneMfa, at as sendPhoneVerificationCode, au as _link$1, P as PhoneAuthCredential, av as _getInstance, aw as _signInWithCredential, ax as _reauthenticate, m as AuthCredential, ay as signInWithIdp, az as _fail, aA as debugAssert, aB as _assertInstanceOf, aC as _generateEventId, aD as FederatedAuthProvider, aE as _persistenceKeyName, aF as _performApiRequest, aG as _getCurrentUrl, aH as _gapiScriptUrl, aI as _emulatorUrl, aJ as _isChromeIOS, aK as _isFirefox, aL as _isIOSStandalone, aM as BaseOAuthProvider, aN as _setWindowLocation, aO as MultiFactorAssertionImpl, aP as finalizeEnrollPhoneMfa, aQ as finalizeSignInPhoneMfa, r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, e as beforeAuthStateChanged, o as onIdTokenChanged, c as connectAuthEmulator, aR as _setExternalJSProvider, aS as _isAndroid, aT as _isIOS7Or8 } from './register-ec86a01e.js';
+export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, aV as AuthImpl, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, aX as FetchProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, aY as SAMLAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, aU as UserImpl, ae as _assert, am as _castAuth, az as _fail, aC as _generateEventId, aW as _getClientVersion, av as _getInstance, aE as _persistenceKeyName, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-ec86a01e.js';
+import { getUA, querystring, getModularInstance, isEmpty, getExperimentalSetting, getDefaultEmulatorHost, querystringDecode } from '@firebase/util';
+import 'tslib';
+import { SDK_VERSION, _getProvider, getApp } from '@firebase/app';
+import '@firebase/component';
+import '@firebase/logger';
+
+/**
+ * @license
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * An enum of factors that may be used for multifactor authentication.
+ *
+ * @public
+ */
+const FactorId = {
+    /** Phone as second factor */
+    PHONE: 'phone',
+    TOTP: 'totp'
+};
+/**
+ * Enumeration of supported providers.
+ *
+ * @public
+ */
+const ProviderId = {
+    /** Facebook provider ID */
+    FACEBOOK: 'facebook.com',
+    /** GitHub provider ID */
+    GITHUB: 'github.com',
+    /** Google provider ID */
+    GOOGLE: 'google.com',
+    /** Password provider */
+    PASSWORD: 'password',
+    /** Phone provider */
+    PHONE: 'phone',
+    /** Twitter provider ID */
+    TWITTER: 'twitter.com'
+};
+/**
+ * Enumeration of supported sign-in methods.
+ *
+ * @public
+ */
+const SignInMethod = {
+    /** Email link sign in method */
+    EMAIL_LINK: 'emailLink',
+    /** Email/password sign in method */
+    EMAIL_PASSWORD: 'password',
+    /** Facebook sign in method */
+    FACEBOOK: 'facebook.com',
+    /** GitHub sign in method */
+    GITHUB: 'github.com',
+    /** Google sign in method */
+    GOOGLE: 'google.com',
+    /** Phone sign in method */
+    PHONE: 'phone',
+    /** Twitter sign in method */
+    TWITTER: 'twitter.com'
+};
+/**
+ * Enumeration of supported operation types.
+ *
+ * @public
+ */
+const OperationType = {
+    /** Operation involving linking an additional provider to an already signed-in user. */
+    LINK: 'link',
+    /** Operation involving using a provider to reauthenticate an already signed-in user. */
+    REAUTHENTICATE: 'reauthenticate',
+    /** Operation involving signing in a user. */
+    SIGN_IN: 'signIn'
+};
+/**
+ * An enumeration of the possible email action types.
+ *
+ * @public
+ */
+const ActionCodeOperation = {
+    /** The email link sign-in action. */
+    EMAIL_SIGNIN: 'EMAIL_SIGNIN',
+    /** The password reset action. */
+    PASSWORD_RESET: 'PASSWORD_RESET',
+    /** The email revocation action. */
+    RECOVER_EMAIL: 'RECOVER_EMAIL',
+    /** The revert second factor addition email action. */
+    REVERT_SECOND_FACTOR_ADDITION: 'REVERT_SECOND_FACTOR_ADDITION',
+    /** The revert second factor addition email action. */
+    VERIFY_AND_CHANGE_EMAIL: 'VERIFY_AND_CHANGE_EMAIL',
+    /** The email verification action. */
+    VERIFY_EMAIL: 'VERIFY_EMAIL'
+};
+
+/**
+ * @license
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// There are two different browser persistence types: local and session.
+// Both have the same implementation but use a different underlying storage
+// object.
+class BrowserPersistenceClass {
+    constructor(storageRetriever, type) {
+        this.storageRetriever = storageRetriever;
+        this.type = type;
+    }
+    _isAvailable() {
+        try {
+            if (!this.storage) {
+                return Promise.resolve(false);
+            }
+            this.storage.setItem(STORAGE_AVAILABLE_KEY, '1');
+            this.storage.removeItem(STORAGE_AVAILABLE_KEY);
+            return Promise.resolve(true);
+        }
+        catch (_a) {
+            return Promise.resolve(false);
+        }
+    }
+    _set(key, value) {
+        this.storage.setItem(key, JSON.stringify(value));
+        return Promise.resolve();
+    }
+    _get(key) {
+        const json = this.storage.getItem(key);
+        return Promise.resolve(json ? JSON.parse(json) : null);
+    }
+    _remove(key) {
+        this.storage.removeItem(key);
+        return Promise.resolve();
+    }
+    get storage() {
+        return this.storageRetriever();
+    }
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+function _iframeCannotSyncWebStorage() {
+    const ua = getUA();
+    return _isSafari(ua) || _isIOS(ua);
+}
+// The polling period in case events are not supported
+const _POLLING_INTERVAL_MS = 1000;
+// The IE 10 localStorage cross tab synchronization delay in milliseconds
+const IE10_LOCAL_STORAGE_SYNC_DELAY = 10;
+class BrowserLocalPersistence extends BrowserPersistenceClass {
+    constructor() {
+        super(() => window.localStorage, "LOCAL" /* PersistenceType.LOCAL */);
+        this.boundEventHandler = (event, poll) => this.onStorageEvent(event, poll);
+        this.listeners = {};
+        this.localCache = {};
+        // setTimeout return value is platform specific
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        this.pollTimer = null;
+        // Safari or iOS browser and embedded in an iframe.
+        this.safariLocalStorageNotSynced = _iframeCannotSyncWebStorage() && _isIframe();
+        // Whether to use polling instead of depending on window events
+        this.fallbackToPolling = _isMobileBrowser();
+        this._shouldAllowMigration = true;
+    }
+    forAllChangedKeys(cb) {
+        // Check all keys with listeners on them.
+        for (const key of Object.keys(this.listeners)) {
+            // Get value from localStorage.
+            const newValue = this.storage.getItem(key);
+            const oldValue = this.localCache[key];
+            // If local map value does not match, trigger listener with storage event.
+            // Differentiate this simulated event from the real storage event.
+            if (newValue !== oldValue) {
+                cb(key, oldValue, newValue);
+            }
+        }
+    }
+    onStorageEvent(event, poll = false) {
+        // Key would be null in some situations, like when localStorage is cleared
+        if (!event.key) {
+            this.forAllChangedKeys((key, _oldValue, newValue) => {
+                this.notifyListeners(key, newValue);
+            });
+            return;
+        }
+        const key = event.key;
+        // Check the mechanism how this event was detected.
+        // The first event will dictate the mechanism to be used.
+        if (poll) {
+            // Environment detects storage changes via polling.
+            // Remove storage event listener to prevent possible event duplication.
+            this.detachListener();
+        }
+        else {
+            // Environment detects storage changes via storage event listener.
+            // Remove polling listener to prevent possible event duplication.
+            this.stopPolling();
+        }
+        // Safari embedded iframe. Storage event will trigger with the delta
+        // changes but no changes will be applied to the iframe localStorage.
+        if (this.safariLocalStorageNotSynced) {
+            // Get current iframe page value.
+            const storedValue = this.storage.getItem(key);
+            // Value not synchronized, synchronize manually.
+            if (event.newValue !== storedValue) {
+                if (event.newValue !== null) {
+                    // Value changed from current value.
+                    this.storage.setItem(key, event.newValue);
+                }
+                else {
+                    // Current value deleted.
+                    this.storage.removeItem(key);
+                }
+            }
+            else if (this.localCache[key] === event.newValue && !poll) {
+                // Already detected and processed, do not trigger listeners again.
+                return;
+            }
+        }
+        const triggerListeners = () => {
+            // Keep local map up to date in case storage event is triggered before
+            // poll.
+            const storedValue = this.storage.getItem(key);
+            if (!poll && this.localCache[key] === storedValue) {
+                // Real storage event which has already been detected, do nothing.
+                // This seems to trigger in some IE browsers for some reason.
+                return;
+            }
+            this.notifyListeners(key, storedValue);
+        };
+        const storedValue = this.storage.getItem(key);
+        if (_isIE10() &&
+            storedValue !== event.newValue &&
+            event.newValue !== event.oldValue) {
+            // IE 10 has this weird bug where a storage event would trigger with the
+            // correct key, oldValue and newValue but localStorage.getItem(key) does
+            // not yield the updated value until a few milliseconds. This ensures
+            // this recovers from that situation.
+            setTimeout(triggerListeners, IE10_LOCAL_STORAGE_SYNC_DELAY);
+        }
+        else {
+            triggerListeners();
+        }
+    }
+    notifyListeners(key, value) {
+        this.localCache[key] = value;
+        const listeners = this.listeners[key];
+        if (listeners) {
+            for (const listener of Array.from(listeners)) {
+                listener(value ? JSON.parse(value) : value);
+            }
+        }
+    }
+    startPolling() {
+        this.stopPolling();
+        this.pollTimer = setInterval(() => {
+            this.forAllChangedKeys((key, oldValue, newValue) => {
+                this.onStorageEvent(new StorageEvent('storage', {
+                    key,
+                    oldValue,
+                    newValue
+                }), 
+                /* poll */ true);
+            });
+        }, _POLLING_INTERVAL_MS);
+    }
+    stopPolling() {
+        if (this.pollTimer) {
+            clearInterval(this.pollTimer);
+            this.pollTimer = null;
+        }
+    }
+    attachListener() {
+        window.addEventListener('storage', this.boundEventHandler);
+    }
+    detachListener() {
+        window.removeEventListener('storage', this.boundEventHandler);
+    }
+    _addListener(key, listener) {
+        if (Object.keys(this.listeners).length === 0) {
+            // Whether browser can detect storage event when it had already been pushed to the background.
+            // This may happen in some mobile browsers. A localStorage change in the foreground window
+            // will not be detected in the background window via the storage event.
+            // This was detected in iOS 7.x mobile browsers
+            if (this.fallbackToPolling) {
+                this.startPolling();
+            }
+            else {
+                this.attachListener();
+            }
+        }
+        if (!this.listeners[key]) {
+            this.listeners[key] = new Set();
+            // Populate the cache to avoid spuriously triggering on first poll.
+            this.localCache[key] = this.storage.getItem(key);
+        }
+        this.listeners[key].add(listener);
+    }
+    _removeListener(key, listener) {
+        if (this.listeners[key]) {
+            this.listeners[key].delete(listener);
+            if (this.listeners[key].size === 0) {
+                delete this.listeners[key];
+            }
+        }
+        if (Object.keys(this.listeners).length === 0) {
+            this.detachListener();
+            this.stopPolling();
+        }
+    }
+    // Update local cache on base operations:
+    async _set(key, value) {
+        await super._set(key, value);
+        this.localCache[key] = JSON.stringify(value);
+    }
+    async _get(key) {
+        const value = await super._get(key);
+        this.localCache[key] = JSON.stringify(value);
+        return value;
+    }
+    async _remove(key) {
+        await super._remove(key);
+        delete this.localCache[key];
+    }
+}
+BrowserLocalPersistence.type = 'LOCAL';
+/**
+ * An implementation of {@link Persistence} of type `LOCAL` using `localStorage`
+ * for the underlying storage.
+ *
+ * @public
+ */
+const browserLocalPersistence = BrowserLocalPersistence;
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+class BrowserSessionPersistence extends BrowserPersistenceClass {
+    constructor() {
+        super(() => window.sessionStorage, "SESSION" /* PersistenceType.SESSION */);
+    }
+    _addListener(_key, _listener) {
+        // Listeners are not supported for session storage since it cannot be shared across windows
+        return;
+    }
+    _removeListener(_key, _listener) {
+        // Listeners are not supported for session storage since it cannot be shared across windows
+        return;
+    }
+}
+BrowserSessionPersistence.type = 'SESSION';
+/**
+ * An implementation of {@link Persistence} of `SESSION` using `sessionStorage`
+ * for the underlying storage.
+ *
+ * @public
+ */
+const browserSessionPersistence = BrowserSessionPersistence;
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const _SOLVE_TIME_MS = 500;
+const _EXPIRATION_TIME_MS = 60000;
+const _WIDGET_ID_START = 1000000000000;
+class MockReCaptcha {
+    constructor(auth) {
+        this.auth = auth;
+        this.counter = _WIDGET_ID_START;
+        this._widgets = new Map();
+    }
+    render(container, parameters) {
+        const id = this.counter;
+        this._widgets.set(id, new MockWidget(container, this.auth.name, parameters || {}));
+        this.counter++;
+        return id;
+    }
+    reset(optWidgetId) {
+        var _a;
+        const id = optWidgetId || _WIDGET_ID_START;
+        void ((_a = this._widgets.get(id)) === null || _a === void 0 ? void 0 : _a.delete());
+        this._widgets.delete(id);
+    }
+    getResponse(optWidgetId) {
+        var _a;
+        const id = optWidgetId || _WIDGET_ID_START;
+        return ((_a = this._widgets.get(id)) === null || _a === void 0 ? void 0 : _a.getResponse()) || '';
+    }
+    async execute(optWidgetId) {
+        var _a;
+        const id = optWidgetId || _WIDGET_ID_START;
+        void ((_a = this._widgets.get(id)) === null || _a === void 0 ? void 0 : _a.execute());
+        return '';
+    }
+}
+class MockWidget {
+    constructor(containerOrId, appName, params) {
+        this.params = params;
+        this.timerId = null;
+        this.deleted = false;
+        this.responseToken = null;
+        this.clickHandler = () => {
+            this.execute();
+        };
+        const container = typeof containerOrId === 'string'
+            ? document.getElementById(containerOrId)
+            : containerOrId;
+        _assert(container, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, { appName });
+        this.container = container;
+        this.isVisible = this.params.size !== 'invisible';
+        if (this.isVisible) {
+            this.execute();
+        }
+        else {
+            this.container.addEventListener('click', this.clickHandler);
+        }
+    }
+    getResponse() {
+        this.checkIfDeleted();
+        return this.responseToken;
+    }
+    delete() {
+        this.checkIfDeleted();
+        this.deleted = true;
+        if (this.timerId) {
+            clearTimeout(this.timerId);
+            this.timerId = null;
+        }
+        this.container.removeEventListener('click', this.clickHandler);
+    }
+    execute() {
+        this.checkIfDeleted();
+        if (this.timerId) {
+            return;
+        }
+        this.timerId = window.setTimeout(() => {
+            this.responseToken = generateRandomAlphaNumericString(50);
+            const { callback, 'expired-callback': expiredCallback } = this.params;
+            if (callback) {
+                try {
+                    callback(this.responseToken);
+                }
+                catch (e) { }
+            }
+            this.timerId = window.setTimeout(() => {
+                this.timerId = null;
+                this.responseToken = null;
+                if (expiredCallback) {
+                    try {
+                        expiredCallback();
+                    }
+                    catch (e) { }
+                }
+                if (this.isVisible) {
+                    this.execute();
+                }
+            }, _EXPIRATION_TIME_MS);
+        }, _SOLVE_TIME_MS);
+    }
+    checkIfDeleted() {
+        if (this.deleted) {
+            throw new Error('reCAPTCHA mock was already deleted!');
+        }
+    }
+}
+function generateRandomAlphaNumericString(len) {
+    const chars = [];
+    const allowedChars = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    for (let i = 0; i < len; i++) {
+        chars.push(allowedChars.charAt(Math.floor(Math.random() * allowedChars.length)));
+    }
+    return chars.join('');
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// ReCaptcha will load using the same callback, so the callback function needs
+// to be kept around
+const _JSLOAD_CALLBACK = _generateCallbackName('rcb');
+const NETWORK_TIMEOUT_DELAY = new Delay(30000, 60000);
+/**
+ * Loader for the GReCaptcha library. There should only ever be one of this.
+ */
+class ReCaptchaLoaderImpl {
+    constructor() {
+        var _a;
+        this.hostLanguage = '';
+        this.counter = 0;
+        /**
+         * Check for `render()` method. `window.grecaptcha` will exist if the Enterprise
+         * version of the ReCAPTCHA script was loaded by someone else (e.g. App Check) but
+         * `window.grecaptcha.render()` will not. Another load will add it.
+         */
+        this.librarySeparatelyLoaded = !!((_a = _window().grecaptcha) === null || _a === void 0 ? void 0 : _a.render);
+    }
+    load(auth, hl = '') {
+        _assert(isHostLanguageValid(hl), auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+        if (this.shouldResolveImmediately(hl) && isV2(_window().grecaptcha)) {
+            return Promise.resolve(_window().grecaptcha);
+        }
+        return new Promise((resolve, reject) => {
+            const networkTimeout = _window().setTimeout(() => {
+                reject(_createError(auth, "network-request-failed" /* AuthErrorCode.NETWORK_REQUEST_FAILED */));
+            }, NETWORK_TIMEOUT_DELAY.get());
+            _window()[_JSLOAD_CALLBACK] = () => {
+                _window().clearTimeout(networkTimeout);
+                delete _window()[_JSLOAD_CALLBACK];
+                const recaptcha = _window().grecaptcha;
+                if (!recaptcha || !isV2(recaptcha)) {
+                    reject(_createError(auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */));
+                    return;
+                }
+                // Wrap the greptcha render function so that we know if the developer has
+                // called it separately
+                const render = recaptcha.render;
+                recaptcha.render = (container, params) => {
+                    const widgetId = render(container, params);
+                    this.counter++;
+                    return widgetId;
+                };
+                this.hostLanguage = hl;
+                resolve(recaptcha);
+            };
+            const url = `${_recaptchaV2ScriptUrl()}?${querystring({
+                onload: _JSLOAD_CALLBACK,
+                render: 'explicit',
+                hl
+            })}`;
+            _loadJS(url).catch(() => {
+                clearTimeout(networkTimeout);
+                reject(_createError(auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */));
+            });
+        });
+    }
+    clearedOneInstance() {
+        this.counter--;
+    }
+    shouldResolveImmediately(hl) {
+        var _a;
+        // We can resolve immediately if:
+        //   • grecaptcha is already defined AND (
+        //     1. the requested language codes are the same OR
+        //     2. there exists already a ReCaptcha on the page
+        //     3. the library was already loaded by the app
+        // In cases (2) and (3), we _can't_ reload as it would break the recaptchas
+        // that are already in the page
+        return (!!((_a = _window().grecaptcha) === null || _a === void 0 ? void 0 : _a.render) &&
+            (hl === this.hostLanguage ||
+                this.counter > 0 ||
+                this.librarySeparatelyLoaded));
+    }
+}
+function isHostLanguageValid(hl) {
+    return hl.length <= 6 && /^\s*[a-zA-Z0-9\-]*\s*$/.test(hl);
+}
+class MockReCaptchaLoaderImpl {
+    async load(auth) {
+        return new MockReCaptcha(auth);
+    }
+    clearedOneInstance() { }
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const RECAPTCHA_VERIFIER_TYPE = 'recaptcha';
+const DEFAULT_PARAMS = {
+    theme: 'light',
+    type: 'image'
+};
+/**
+ * An {@link https://www.google.com/recaptcha/ | reCAPTCHA}-based application verifier.
+ *
+ * @remarks
+ * `RecaptchaVerifier` does not work in a Node.js environment.
+ *
+ * @public
+ */
+class RecaptchaVerifier {
+    /**
+     * @param authExtern - The corresponding Firebase {@link Auth} instance.
+     *
+     * @param containerOrId - The reCAPTCHA container parameter.
+     *
+     * @remarks
+     * This has different meaning depending on whether the reCAPTCHA is hidden or visible. For a
+     * visible reCAPTCHA the container must be empty. If a string is used, it has to correspond to
+     * an element ID. The corresponding element must also must be in the DOM at the time of
+     * initialization.
+     *
+     * @param parameters - The optional reCAPTCHA parameters.
+     *
+     * @remarks
+     * Check the reCAPTCHA docs for a comprehensive list. All parameters are accepted except for
+     * the sitekey. Firebase Auth backend provisions a reCAPTCHA for each project and will
+     * configure this upon rendering. For an invisible reCAPTCHA, a size key must have the value
+     * 'invisible'.
+     */
+    constructor(authExtern, containerOrId, parameters = Object.assign({}, DEFAULT_PARAMS)) {
+        this.parameters = parameters;
+        /**
+         * The application verifier type.
+         *
+         * @remarks
+         * For a reCAPTCHA verifier, this is 'recaptcha'.
+         */
+        this.type = RECAPTCHA_VERIFIER_TYPE;
+        this.destroyed = false;
+        this.widgetId = null;
+        this.tokenChangeListeners = new Set();
+        this.renderPromise = null;
+        this.recaptcha = null;
+        this.auth = _castAuth(authExtern);
+        this.isInvisible = this.parameters.size === 'invisible';
+        _assert(typeof document !== 'undefined', this.auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */);
+        const container = typeof containerOrId === 'string'
+            ? document.getElementById(containerOrId)
+            : containerOrId;
+        _assert(container, this.auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+        this.container = container;
+        this.parameters.callback = this.makeTokenCallback(this.parameters.callback);
+        this._recaptchaLoader = this.auth.settings.appVerificationDisabledForTesting
+            ? new MockReCaptchaLoaderImpl()
+            : new ReCaptchaLoaderImpl();
+        this.validateStartingState();
+        // TODO: Figure out if sdk version is needed
+    }
+    /**
+     * Waits for the user to solve the reCAPTCHA and resolves with the reCAPTCHA token.
+     *
+     * @returns A Promise for the reCAPTCHA token.
+     */
+    async verify() {
+        this.assertNotDestroyed();
+        const id = await this.render();
+        const recaptcha = this.getAssertedRecaptcha();
+        const response = recaptcha.getResponse(id);
+        if (response) {
+            return response;
+        }
+        return new Promise(resolve => {
+            const tokenChange = (token) => {
+                if (!token) {
+                    return; // Ignore token expirations.
+                }
+                this.tokenChangeListeners.delete(tokenChange);
+                resolve(token);
+            };
+            this.tokenChangeListeners.add(tokenChange);
+            if (this.isInvisible) {
+                recaptcha.execute(id);
+            }
+        });
+    }
+    /**
+     * Renders the reCAPTCHA widget on the page.
+     *
+     * @returns A Promise that resolves with the reCAPTCHA widget ID.
+     */
+    render() {
+        try {
+            this.assertNotDestroyed();
+        }
+        catch (e) {
+            // This method returns a promise. Since it's not async (we want to return the
+            // _same_ promise if rendering is still occurring), the API surface should
+            // reject with the error rather than just throw
+            return Promise.reject(e);
+        }
+        if (this.renderPromise) {
+            return this.renderPromise;
+        }
+        this.renderPromise = this.makeRenderPromise().catch(e => {
+            this.renderPromise = null;
+            throw e;
+        });
+        return this.renderPromise;
+    }
+    /** @internal */
+    _reset() {
+        this.assertNotDestroyed();
+        if (this.widgetId !== null) {
+            this.getAssertedRecaptcha().reset(this.widgetId);
+        }
+    }
+    /**
+     * Clears the reCAPTCHA widget from the page and destroys the instance.
+     */
+    clear() {
+        this.assertNotDestroyed();
+        this.destroyed = true;
+        this._recaptchaLoader.clearedOneInstance();
+        if (!this.isInvisible) {
+            this.container.childNodes.forEach(node => {
+                this.container.removeChild(node);
+            });
+        }
+    }
+    validateStartingState() {
+        _assert(!this.parameters.sitekey, this.auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+        _assert(this.isInvisible || !this.container.hasChildNodes(), this.auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+        _assert(typeof document !== 'undefined', this.auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */);
+    }
+    makeTokenCallback(existing) {
+        return token => {
+            this.tokenChangeListeners.forEach(listener => listener(token));
+            if (typeof existing === 'function') {
+                existing(token);
+            }
+            else if (typeof existing === 'string') {
+                const globalFunc = _window()[existing];
+                if (typeof globalFunc === 'function') {
+                    globalFunc(token);
+                }
+            }
+        };
+    }
+    assertNotDestroyed() {
+        _assert(!this.destroyed, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+    }
+    async makeRenderPromise() {
+        await this.init();
+        if (!this.widgetId) {
+            let container = this.container;
+            if (!this.isInvisible) {
+                const guaranteedEmpty = document.createElement('div');
+                container.appendChild(guaranteedEmpty);
+                container = guaranteedEmpty;
+            }
+            this.widgetId = this.getAssertedRecaptcha().render(container, this.parameters);
+        }
+        return this.widgetId;
+    }
+    async init() {
+        _assert(_isHttpOrHttps() && !_isWorker(), this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        await domReady();
+        this.recaptcha = await this._recaptchaLoader.load(this.auth, this.auth.languageCode || undefined);
+        const siteKey = await getRecaptchaParams(this.auth);
+        _assert(siteKey, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        this.parameters.sitekey = siteKey;
+    }
+    getAssertedRecaptcha() {
+        _assert(this.recaptcha, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        return this.recaptcha;
+    }
+}
+function domReady() {
+    let resolver = null;
+    return new Promise(resolve => {
+        if (document.readyState === 'complete') {
+            resolve();
+            return;
+        }
+        // Document not ready, wait for load before resolving.
+        // Save resolver, so we can remove listener in case it was externally
+        // cancelled.
+        resolver = () => resolve();
+        window.addEventListener('load', resolver);
+    }).catch(e => {
+        if (resolver) {
+            window.removeEventListener('load', resolver);
+        }
+        throw e;
+    });
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+class ConfirmationResultImpl {
+    constructor(verificationId, onConfirmation) {
+        this.verificationId = verificationId;
+        this.onConfirmation = onConfirmation;
+    }
+    confirm(verificationCode) {
+        const authCredential = PhoneAuthCredential._fromVerification(this.verificationId, verificationCode);
+        return this.onConfirmation(authCredential);
+    }
+}
+/**
+ * Asynchronously signs in using a phone number.
+ *
+ * @remarks
+ * This method sends a code via SMS to the given
+ * phone number, and returns a {@link ConfirmationResult}. After the user
+ * provides the code sent to their phone, call {@link ConfirmationResult.confirm}
+ * with the code to sign the user in.
+ *
+ * For abuse prevention, this method also requires a {@link ApplicationVerifier}.
+ * This SDK includes a reCAPTCHA-based implementation, {@link RecaptchaVerifier}.
+ * This function can work on other platforms that do not support the
+ * {@link RecaptchaVerifier} (like React Native), but you need to use a
+ * third-party {@link ApplicationVerifier} implementation.
+ *
+ * This method does not work in a Node.js environment.
+ *
+ * @example
+ * ```javascript
+ * // 'recaptcha-container' is the ID of an element in the DOM.
+ * const applicationVerifier = new firebase.auth.RecaptchaVerifier('recaptcha-container');
+ * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
+ * // Obtain a verificationCode from the user.
+ * const credential = await confirmationResult.confirm(verificationCode);
+ * ```
+ *
+ * @param auth - The {@link Auth} instance.
+ * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
+ * @param appVerifier - The {@link ApplicationVerifier}.
+ *
+ * @public
+ */
+async function signInWithPhoneNumber(auth, phoneNumber, appVerifier) {
+    const authInternal = _castAuth(auth);
+    const verificationId = await _verifyPhoneNumber(authInternal, phoneNumber, getModularInstance(appVerifier));
+    return new ConfirmationResultImpl(verificationId, cred => signInWithCredential(authInternal, cred));
+}
+/**
+ * Links the user account with the given phone number.
+ *
+ * @remarks
+ * This method does not work in a Node.js environment.
+ *
+ * @param user - The user.
+ * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
+ * @param appVerifier - The {@link ApplicationVerifier}.
+ *
+ * @public
+ */
+async function linkWithPhoneNumber(user, phoneNumber, appVerifier) {
+    const userInternal = getModularInstance(user);
+    await _assertLinkedStatus(false, userInternal, "phone" /* ProviderId.PHONE */);
+    const verificationId = await _verifyPhoneNumber(userInternal.auth, phoneNumber, getModularInstance(appVerifier));
+    return new ConfirmationResultImpl(verificationId, cred => linkWithCredential(userInternal, cred));
+}
+/**
+ * Re-authenticates a user using a fresh phone credential.
+ *
+ * @remarks
+ * Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.
+ *
+ * This method does not work in a Node.js environment.
+ *
+ * @param user - The user.
+ * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
+ * @param appVerifier - The {@link ApplicationVerifier}.
+ *
+ * @public
+ */
+async function reauthenticateWithPhoneNumber(user, phoneNumber, appVerifier) {
+    const userInternal = getModularInstance(user);
+    const verificationId = await _verifyPhoneNumber(userInternal.auth, phoneNumber, getModularInstance(appVerifier));
+    return new ConfirmationResultImpl(verificationId, cred => reauthenticateWithCredential(userInternal, cred));
+}
+/**
+ * Returns a verification ID to be used in conjunction with the SMS code that is sent.
+ *
+ */
+async function _verifyPhoneNumber(auth, options, verifier) {
+    var _a;
+    const recaptchaToken = await verifier.verify();
+    try {
+        _assert(typeof recaptchaToken === 'string', auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+        _assert(verifier.type === RECAPTCHA_VERIFIER_TYPE, auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+        let phoneInfoOptions;
+        if (typeof options === 'string') {
+            phoneInfoOptions = {
+                phoneNumber: options
+            };
+        }
+        else {
+            phoneInfoOptions = options;
+        }
+        if ('session' in phoneInfoOptions) {
+            const session = phoneInfoOptions.session;
+            if ('phoneNumber' in phoneInfoOptions) {
+                _assert(session.type === "enroll" /* MultiFactorSessionType.ENROLL */, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+                const response = await startEnrollPhoneMfa(auth, {
+                    idToken: session.credential,
+                    phoneEnrollmentInfo: {
+                        phoneNumber: phoneInfoOptions.phoneNumber,
+                        recaptchaToken
+                    }
+                });
+                return response.phoneSessionInfo.sessionInfo;
+            }
+            else {
+                _assert(session.type === "signin" /* MultiFactorSessionType.SIGN_IN */, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+                const mfaEnrollmentId = ((_a = phoneInfoOptions.multiFactorHint) === null || _a === void 0 ? void 0 : _a.uid) ||
+                    phoneInfoOptions.multiFactorUid;
+                _assert(mfaEnrollmentId, auth, "missing-multi-factor-info" /* AuthErrorCode.MISSING_MFA_INFO */);
+                const response = await startSignInPhoneMfa(auth, {
+                    mfaPendingCredential: session.credential,
+                    mfaEnrollmentId,
+                    phoneSignInInfo: {
+                        recaptchaToken
+                    }
+                });
+                return response.phoneResponseInfo.sessionInfo;
+            }
+        }
+        else {
+            const { sessionInfo } = await sendPhoneVerificationCode(auth, {
+                phoneNumber: phoneInfoOptions.phoneNumber,
+                recaptchaToken
+            });
+            return sessionInfo;
+        }
+    }
+    finally {
+        verifier._reset();
+    }
+}
+/**
+ * Updates the user's phone number.
+ *
+ * @remarks
+ * This method does not work in a Node.js environment.
+ *
+ * @example
+ * ```
+ * // 'recaptcha-container' is the ID of an element in the DOM.
+ * const applicationVerifier = new RecaptchaVerifier('recaptcha-container');
+ * const provider = new PhoneAuthProvider(auth);
+ * const verificationId = await provider.verifyPhoneNumber('+16505550101', applicationVerifier);
+ * // Obtain the verificationCode from the user.
+ * const phoneCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
+ * await updatePhoneNumber(user, phoneCredential);
+ * ```
+ *
+ * @param user - The user.
+ * @param credential - A credential authenticating the new phone number.
+ *
+ * @public
+ */
+async function updatePhoneNumber(user, credential) {
+    await _link$1(getModularInstance(user), credential);
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Provider for generating an {@link PhoneAuthCredential}.
+ *
+ * @remarks
+ * `PhoneAuthProvider` does not work in a Node.js environment.
+ *
+ * @example
+ * ```javascript
+ * // 'recaptcha-container' is the ID of an element in the DOM.
+ * const applicationVerifier = new RecaptchaVerifier('recaptcha-container');
+ * const provider = new PhoneAuthProvider(auth);
+ * const verificationId = await provider.verifyPhoneNumber('+16505550101', applicationVerifier);
+ * // Obtain the verificationCode from the user.
+ * const phoneCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
+ * const userCredential = await signInWithCredential(auth, phoneCredential);
+ * ```
+ *
+ * @public
+ */
+class PhoneAuthProvider {
+    /**
+     * @param auth - The Firebase {@link Auth} instance in which sign-ins should occur.
+     *
+     */
+    constructor(auth) {
+        /** Always set to {@link ProviderId}.PHONE. */
+        this.providerId = PhoneAuthProvider.PROVIDER_ID;
+        this.auth = _castAuth(auth);
+    }
+    /**
+     *
+     * Starts a phone number authentication flow by sending a verification code to the given phone
+     * number.
+     *
+     * @example
+     * ```javascript
+     * const provider = new PhoneAuthProvider(auth);
+     * const verificationId = await provider.verifyPhoneNumber(phoneNumber, applicationVerifier);
+     * // Obtain verificationCode from the user.
+     * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
+     * const userCredential = await signInWithCredential(auth, authCredential);
+     * ```
+     *
+     * @example
+     * An alternative flow is provided using the `signInWithPhoneNumber` method.
+     * ```javascript
+     * const confirmationResult = signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
+     * // Obtain verificationCode from the user.
+     * const userCredential = confirmationResult.confirm(verificationCode);
+     * ```
+     *
+     * @param phoneInfoOptions - The user's {@link PhoneInfoOptions}. The phone number should be in
+     * E.164 format (e.g. +16505550101).
+     * @param applicationVerifier - For abuse prevention, this method also requires a
+     * {@link ApplicationVerifier}. This SDK includes a reCAPTCHA-based implementation,
+     * {@link RecaptchaVerifier}.
+     *
+     * @returns A Promise for a verification ID that can be passed to
+     * {@link PhoneAuthProvider.credential} to identify this flow..
+     */
+    verifyPhoneNumber(phoneOptions, applicationVerifier) {
+        return _verifyPhoneNumber(this.auth, phoneOptions, getModularInstance(applicationVerifier));
+    }
+    /**
+     * Creates a phone auth credential, given the verification ID from
+     * {@link PhoneAuthProvider.verifyPhoneNumber} and the code that was sent to the user's
+     * mobile device.
+     *
+     * @example
+     * ```javascript
+     * const provider = new PhoneAuthProvider(auth);
+     * const verificationId = provider.verifyPhoneNumber(phoneNumber, applicationVerifier);
+     * // Obtain verificationCode from the user.
+     * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
+     * const userCredential = signInWithCredential(auth, authCredential);
+     * ```
+     *
+     * @example
+     * An alternative flow is provided using the `signInWithPhoneNumber` method.
+     * ```javascript
+     * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
+     * // Obtain verificationCode from the user.
+     * const userCredential = await confirmationResult.confirm(verificationCode);
+     * ```
+     *
+     * @param verificationId - The verification ID returned from {@link PhoneAuthProvider.verifyPhoneNumber}.
+     * @param verificationCode - The verification code sent to the user's mobile device.
+     *
+     * @returns The auth provider credential.
+     */
+    static credential(verificationId, verificationCode) {
+        return PhoneAuthCredential._fromVerification(verificationId, verificationCode);
+    }
+    /**
+     * Generates an {@link AuthCredential} from a {@link UserCredential}.
+     * @param userCredential - The user credential.
+     */
+    static credentialFromResult(userCredential) {
+        const credential = userCredential;
+        return PhoneAuthProvider.credentialFromTaggedObject(credential);
+    }
+    /**
+     * Returns an {@link AuthCredential} when passed an error.
+     *
+     * @remarks
+     *
+     * This method works for errors like
+     * `auth/account-exists-with-different-credentials`. This is useful for
+     * recovering when attempting to set a user's phone number but the number
+     * in question is already tied to another account. For example, the following
+     * code tries to update the current user's phone number, and if that
+     * fails, links the user with the account associated with that number:
+     *
+     * ```js
+     * const provider = new PhoneAuthProvider(auth);
+     * const verificationId = await provider.verifyPhoneNumber(number, verifier);
+     * try {
+     *   const code = ''; // Prompt the user for the verification code
+     *   await updatePhoneNumber(
+     *       auth.currentUser,
+     *       PhoneAuthProvider.credential(verificationId, code));
+     * } catch (e) {
+     *   if ((e as FirebaseError)?.code === 'auth/account-exists-with-different-credential') {
+     *     const cred = PhoneAuthProvider.credentialFromError(e);
+     *     await linkWithCredential(auth.currentUser, cred);
+     *   }
+     * }
+     *
+     * // At this point, auth.currentUser.phoneNumber === number.
+     * ```
+     *
+     * @param error - The error to generate a credential from.
+     */
+    static credentialFromError(error) {
+        return PhoneAuthProvider.credentialFromTaggedObject((error.customData || {}));
+    }
+    static credentialFromTaggedObject({ _tokenResponse: tokenResponse }) {
+        if (!tokenResponse) {
+            return null;
+        }
+        const { phoneNumber, temporaryProof } = tokenResponse;
+        if (phoneNumber && temporaryProof) {
+            return PhoneAuthCredential._fromTokenResponse(phoneNumber, temporaryProof);
+        }
+        return null;
+    }
+}
+/** Always set to {@link ProviderId}.PHONE. */
+PhoneAuthProvider.PROVIDER_ID = "phone" /* ProviderId.PHONE */;
+/** Always set to {@link SignInMethod}.PHONE. */
+PhoneAuthProvider.PHONE_SIGN_IN_METHOD = "phone" /* SignInMethod.PHONE */;
+
+/**
+ * @license
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Chooses a popup/redirect resolver to use. This prefers the override (which
+ * is directly passed in), and falls back to the property set on the auth
+ * object. If neither are available, this function errors w/ an argument error.
+ */
+function _withDefaultResolver(auth, resolverOverride) {
+    if (resolverOverride) {
+        return _getInstance(resolverOverride);
+    }
+    _assert(auth._popupRedirectResolver, auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+    return auth._popupRedirectResolver;
+}
+
+/**
+ * @license
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+class IdpCredential extends AuthCredential {
+    constructor(params) {
+        super("custom" /* ProviderId.CUSTOM */, "custom" /* ProviderId.CUSTOM */);
+        this.params = params;
+    }
+    _getIdTokenResponse(auth) {
+        return signInWithIdp(auth, this._buildIdpRequest());
+    }
+    _linkToIdToken(auth, idToken) {
+        return signInWithIdp(auth, this._buildIdpRequest(idToken));
+    }
+    _getReauthenticationResolver(auth) {
+        return signInWithIdp(auth, this._buildIdpRequest());
+    }
+    _buildIdpRequest(idToken) {
+        const request = {
+            requestUri: this.params.requestUri,
+            sessionId: this.params.sessionId,
+            postBody: this.params.postBody,
+            tenantId: this.params.tenantId,
+            pendingToken: this.params.pendingToken,
+            returnSecureToken: true,
+            returnIdpCredential: true
+        };
+        if (idToken) {
+            request.idToken = idToken;
+        }
+        return request;
+    }
+}
+function _signIn(params) {
+    return _signInWithCredential(params.auth, new IdpCredential(params), params.bypassAuthState);
+}
+function _reauth(params) {
+    const { auth, user } = params;
+    _assert(user, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+    return _reauthenticate(user, new IdpCredential(params), params.bypassAuthState);
+}
+async function _link(params) {
+    const { auth, user } = params;
+    _assert(user, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+    return _link$1(user, new IdpCredential(params), params.bypassAuthState);
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Popup event manager. Handles the popup's entire lifecycle; listens to auth
+ * events
+ */
+class AbstractPopupRedirectOperation {
+    constructor(auth, filter, resolver, user, bypassAuthState = false) {
+        this.auth = auth;
+        this.resolver = resolver;
+        this.user = user;
+        this.bypassAuthState = bypassAuthState;
+        this.pendingPromise = null;
+        this.eventManager = null;
+        this.filter = Array.isArray(filter) ? filter : [filter];
+    }
+    execute() {
+        return new Promise(async (resolve, reject) => {
+            this.pendingPromise = { resolve, reject };
+            try {
+                this.eventManager = await this.resolver._initialize(this.auth);
+                await this.onExecution();
+                this.eventManager.registerConsumer(this);
+            }
+            catch (e) {
+                this.reject(e);
+            }
+        });
+    }
+    async onAuthEvent(event) {
+        const { urlResponse, sessionId, postBody, tenantId, error, type } = event;
+        if (error) {
+            this.reject(error);
+            return;
+        }
+        const params = {
+            auth: this.auth,
+            requestUri: urlResponse,
+            sessionId: sessionId,
+            tenantId: tenantId || undefined,
+            postBody: postBody || undefined,
+            user: this.user,
+            bypassAuthState: this.bypassAuthState
+        };
+        try {
+            this.resolve(await this.getIdpTask(type)(params));
+        }
+        catch (e) {
+            this.reject(e);
+        }
+    }
+    onError(error) {
+        this.reject(error);
+    }
+    getIdpTask(type) {
+        switch (type) {
+            case "signInViaPopup" /* AuthEventType.SIGN_IN_VIA_POPUP */:
+            case "signInViaRedirect" /* AuthEventType.SIGN_IN_VIA_REDIRECT */:
+                return _signIn;
+            case "linkViaPopup" /* AuthEventType.LINK_VIA_POPUP */:
+            case "linkViaRedirect" /* AuthEventType.LINK_VIA_REDIRECT */:
+                return _link;
+            case "reauthViaPopup" /* AuthEventType.REAUTH_VIA_POPUP */:
+            case "reauthViaRedirect" /* AuthEventType.REAUTH_VIA_REDIRECT */:
+                return _reauth;
+            default:
+                _fail(this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        }
+    }
+    resolve(cred) {
+        debugAssert(this.pendingPromise, 'Pending promise was never set');
+        this.pendingPromise.resolve(cred);
+        this.unregisterAndCleanUp();
+    }
+    reject(error) {
+        debugAssert(this.pendingPromise, 'Pending promise was never set');
+        this.pendingPromise.reject(error);
+        this.unregisterAndCleanUp();
+    }
+    unregisterAndCleanUp() {
+        if (this.eventManager) {
+            this.eventManager.unregisterConsumer(this);
+        }
+        this.pendingPromise = null;
+        this.cleanUp();
+    }
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const _POLL_WINDOW_CLOSE_TIMEOUT = new Delay(2000, 10000);
+/**
+ * Authenticates a Firebase client using a popup-based OAuth authentication flow.
+ *
+ * @remarks
+ * If succeeds, returns the signed in user along with the provider's credential. If sign in was
+ * unsuccessful, returns an error object containing additional information about the error.
+ *
+ * This method does not work in a Node.js environment.
+ *
+ * @example
+ * ```javascript
+ * // Sign in using a popup.
+ * const provider = new FacebookAuthProvider();
+ * const result = await signInWithPopup(auth, provider);
+ *
+ * // The signed-in user info.
+ * const user = result.user;
+ * // This gives you a Facebook Access Token.
+ * const credential = provider.credentialFromResult(auth, result);
+ * const token = credential.accessToken;
+ * ```
+ *
+ * @param auth - The {@link Auth} instance.
+ * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
+ * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
+ * @param resolver - An instance of {@link PopupRedirectResolver}, optional
+ * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
+ *
+ * @public
+ */
+async function signInWithPopup(auth, provider, resolver) {
+    const authInternal = _castAuth(auth);
+    _assertInstanceOf(auth, provider, FederatedAuthProvider);
+    const resolverInternal = _withDefaultResolver(authInternal, resolver);
+    const action = new PopupOperation(authInternal, "signInViaPopup" /* AuthEventType.SIGN_IN_VIA_POPUP */, provider, resolverInternal);
+    return action.executeNotNull();
+}
+/**
+ * Reauthenticates the current user with the specified {@link OAuthProvider} using a pop-up based
+ * OAuth flow.
+ *
+ * @remarks
+ * If the reauthentication is successful, the returned result will contain the user and the
+ * provider's credential.
+ *
+ * This method does not work in a Node.js environment.
+ *
+ * @example
+ * ```javascript
+ * // Sign in using a popup.
+ * const provider = new FacebookAuthProvider();
+ * const result = await signInWithPopup(auth, provider);
+ * // Reauthenticate using a popup.
+ * await reauthenticateWithPopup(result.user, provider);
+ * ```
+ *
+ * @param user - The user.
+ * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
+ * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
+ * @param resolver - An instance of {@link PopupRedirectResolver}, optional
+ * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
+ *
+ * @public
+ */
+async function reauthenticateWithPopup(user, provider, resolver) {
+    const userInternal = getModularInstance(user);
+    _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);
+    const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);
+    const action = new PopupOperation(userInternal.auth, "reauthViaPopup" /* AuthEventType.REAUTH_VIA_POPUP */, provider, resolverInternal, userInternal);
+    return action.executeNotNull();
+}
+/**
+ * Links the authenticated provider to the user account using a pop-up based OAuth flow.
+ *
+ * @remarks
+ * If the linking is successful, the returned result will contain the user and the provider's credential.
+ *
+ * This method does not work in a Node.js environment.
+ *
+ * @example
+ * ```javascript
+ * // Sign in using some other provider.
+ * const result = await signInWithEmailAndPassword(auth, email, password);
+ * // Link using a popup.
+ * const provider = new FacebookAuthProvider();
+ * await linkWithPopup(result.user, provider);
+ * ```
+ *
+ * @param user - The user.
+ * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
+ * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
+ * @param resolver - An instance of {@link PopupRedirectResolver}, optional
+ * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
+ *
+ * @public
+ */
+async function linkWithPopup(user, provider, resolver) {
+    const userInternal = getModularInstance(user);
+    _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);
+    const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);
+    const action = new PopupOperation(userInternal.auth, "linkViaPopup" /* AuthEventType.LINK_VIA_POPUP */, provider, resolverInternal, userInternal);
+    return action.executeNotNull();
+}
+/**
+ * Popup event manager. Handles the popup's entire lifecycle; listens to auth
+ * events
+ *
+ */
+class PopupOperation extends AbstractPopupRedirectOperation {
+    constructor(auth, filter, provider, resolver, user) {
+        super(auth, filter, resolver, user);
+        this.provider = provider;
+        this.authWindow = null;
+        this.pollId = null;
+        if (PopupOperation.currentPopupAction) {
+            PopupOperation.currentPopupAction.cancel();
+        }
+        PopupOperation.currentPopupAction = this;
+    }
+    async executeNotNull() {
+        const result = await this.execute();
+        _assert(result, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        return result;
+    }
+    async onExecution() {
+        debugAssert(this.filter.length === 1, 'Popup operations only handle one event');
+        const eventId = _generateEventId();
+        this.authWindow = await this.resolver._openPopup(this.auth, this.provider, this.filter[0], // There's always one, see constructor
+        eventId);
+        this.authWindow.associatedEvent = eventId;
+        // Check for web storage support and origin validation _after_ the popup is
+        // loaded. These operations are slow (~1 second or so) Rather than
+        // waiting on them before opening the window, optimistically open the popup
+        // and check for storage support at the same time. If storage support is
+        // not available, this will cause the whole thing to reject properly. It
+        // will also close the popup, but since the promise has already rejected,
+        // the popup closed by user poll will reject into the void.
+        this.resolver._originValidation(this.auth).catch(e => {
+            this.reject(e);
+        });
+        this.resolver._isIframeWebStorageSupported(this.auth, isSupported => {
+            if (!isSupported) {
+                this.reject(_createError(this.auth, "web-storage-unsupported" /* AuthErrorCode.WEB_STORAGE_UNSUPPORTED */));
+            }
+        });
+        // Handle user closure. Notice this does *not* use await
+        this.pollUserCancellation();
+    }
+    get eventId() {
+        var _a;
+        return ((_a = this.authWindow) === null || _a === void 0 ? void 0 : _a.associatedEvent) || null;
+    }
+    cancel() {
+        this.reject(_createError(this.auth, "cancelled-popup-request" /* AuthErrorCode.EXPIRED_POPUP_REQUEST */));
+    }
+    cleanUp() {
+        if (this.authWindow) {
+            this.authWindow.close();
+        }
+        if (this.pollId) {
+            window.clearTimeout(this.pollId);
+        }
+        this.authWindow = null;
+        this.pollId = null;
+        PopupOperation.currentPopupAction = null;
+    }
+    pollUserCancellation() {
+        const poll = () => {
+            var _a, _b;
+            if ((_b = (_a = this.authWindow) === null || _a === void 0 ? void 0 : _a.window) === null || _b === void 0 ? void 0 : _b.closed) {
+                // Make sure that there is sufficient time for whatever action to
+                // complete. The window could have closed but the sign in network
+                // call could still be in flight. This is specifically true for
+                // Firefox or if the opener is in an iframe, in which case the oauth
+                // helper closes the popup.
+                this.pollId = window.setTimeout(() => {
+                    this.pollId = null;
+                    this.reject(_createError(this.auth, "popup-closed-by-user" /* AuthErrorCode.POPUP_CLOSED_BY_USER */));
+                }, 8000 /* _Timeout.AUTH_EVENT */);
+                return;
+            }
+            this.pollId = window.setTimeout(poll, _POLL_WINDOW_CLOSE_TIMEOUT.get());
+        };
+        poll();
+    }
+}
+// Only one popup is ever shown at once. The lifecycle of the current popup
+// can be managed / cancelled by the constructor.
+PopupOperation.currentPopupAction = null;
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const PENDING_REDIRECT_KEY = 'pendingRedirect';
+// We only get one redirect outcome for any one auth, so just store it
+// in here.
+const redirectOutcomeMap = new Map();
+class RedirectAction extends AbstractPopupRedirectOperation {
+    constructor(auth, resolver, bypassAuthState = false) {
+        super(auth, [
+            "signInViaRedirect" /* AuthEventType.SIGN_IN_VIA_REDIRECT */,
+            "linkViaRedirect" /* AuthEventType.LINK_VIA_REDIRECT */,
+            "reauthViaRedirect" /* AuthEventType.REAUTH_VIA_REDIRECT */,
+            "unknown" /* AuthEventType.UNKNOWN */
+        ], resolver, undefined, bypassAuthState);
+        this.eventId = null;
+    }
+    /**
+     * Override the execute function; if we already have a redirect result, then
+     * just return it.
+     */
+    async execute() {
+        let readyOutcome = redirectOutcomeMap.get(this.auth._key());
+        if (!readyOutcome) {
+            try {
+                const hasPendingRedirect = await _getAndClearPendingRedirectStatus(this.resolver, this.auth);
+                const result = hasPendingRedirect ? await super.execute() : null;
+                readyOutcome = () => Promise.resolve(result);
+            }
+            catch (e) {
+                readyOutcome = () => Promise.reject(e);
+            }
+            redirectOutcomeMap.set(this.auth._key(), readyOutcome);
+        }
+        // If we're not bypassing auth state, the ready outcome should be set to
+        // null.
+        if (!this.bypassAuthState) {
+            redirectOutcomeMap.set(this.auth._key(), () => Promise.resolve(null));
+        }
+        return readyOutcome();
+    }
+    async onAuthEvent(event) {
+        if (event.type === "signInViaRedirect" /* AuthEventType.SIGN_IN_VIA_REDIRECT */) {
+            return super.onAuthEvent(event);
+        }
+        else if (event.type === "unknown" /* AuthEventType.UNKNOWN */) {
+            // This is a sentinel value indicating there's no pending redirect
+            this.resolve(null);
+            return;
+        }
+        if (event.eventId) {
+            const user = await this.auth._redirectUserForId(event.eventId);
+            if (user) {
+                this.user = user;
+                return super.onAuthEvent(event);
+            }
+            else {
+                this.resolve(null);
+            }
+        }
+    }
+    async onExecution() { }
+    cleanUp() { }
+}
+async function _getAndClearPendingRedirectStatus(resolver, auth) {
+    const key = pendingRedirectKey(auth);
+    const persistence = resolverPersistence(resolver);
+    if (!(await persistence._isAvailable())) {
+        return false;
+    }
+    const hasPendingRedirect = (await persistence._get(key)) === 'true';
+    await persistence._remove(key);
+    return hasPendingRedirect;
+}
+async function _setPendingRedirectStatus(resolver, auth) {
+    return resolverPersistence(resolver)._set(pendingRedirectKey(auth), 'true');
+}
+function _clearRedirectOutcomes() {
+    redirectOutcomeMap.clear();
+}
+function _overrideRedirectResult(auth, result) {
+    redirectOutcomeMap.set(auth._key(), result);
+}
+function resolverPersistence(resolver) {
+    return _getInstance(resolver._redirectPersistence);
+}
+function pendingRedirectKey(auth) {
+    return _persistenceKeyName(PENDING_REDIRECT_KEY, auth.config.apiKey, auth.name);
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Authenticates a Firebase client using a full-page redirect flow.
+ *
+ * @remarks
+ * To handle the results and errors for this operation, refer to {@link getRedirectResult}.
+ * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
+ * | best practices} when using {@link signInWithRedirect}.
+ *
+ * This method does not work in a Node.js environment.
+ *
+ * @example
+ * ```javascript
+ * // Sign in using a redirect.
+ * const provider = new FacebookAuthProvider();
+ * // You can add additional scopes to the provider:
+ * provider.addScope('user_birthday');
+ * // Start a sign in process for an unauthenticated user.
+ * await signInWithRedirect(auth, provider);
+ * // This will trigger a full page redirect away from your app
+ *
+ * // After returning from the redirect when your app initializes you can obtain the result
+ * const result = await getRedirectResult(auth);
+ * if (result) {
+ *   // This is the signed-in user
+ *   const user = result.user;
+ *   // This gives you a Facebook Access Token.
+ *   const credential = provider.credentialFromResult(auth, result);
+ *   const token = credential.accessToken;
+ * }
+ * // As this API can be used for sign-in, linking and reauthentication,
+ * // check the operationType to determine what triggered this redirect
+ * // operation.
+ * const operationType = result.operationType;
+ * ```
+ *
+ * @param auth - The {@link Auth} instance.
+ * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
+ * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
+ * @param resolver - An instance of {@link PopupRedirectResolver}, optional
+ * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
+ *
+ * @public
+ */
+function signInWithRedirect(auth, provider, resolver) {
+    return _signInWithRedirect(auth, provider, resolver);
+}
+async function _signInWithRedirect(auth, provider, resolver) {
+    const authInternal = _castAuth(auth);
+    _assertInstanceOf(auth, provider, FederatedAuthProvider);
+    // Wait for auth initialization to complete, this will process pending redirects and clear the
+    // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new
+    // redirect and creating a PENDING_REDIRECT_KEY entry.
+    await authInternal._initializationPromise;
+    const resolverInternal = _withDefaultResolver(authInternal, resolver);
+    await _setPendingRedirectStatus(resolverInternal, authInternal);
+    return resolverInternal._openRedirect(authInternal, provider, "signInViaRedirect" /* AuthEventType.SIGN_IN_VIA_REDIRECT */);
+}
+/**
+ * Reauthenticates the current user with the specified {@link OAuthProvider} using a full-page redirect flow.
+ * @remarks
+ * To handle the results and errors for this operation, refer to {@link getRedirectResult}.
+ * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
+ * | best practices} when using {@link reauthenticateWithRedirect}.
+ *
+ * This method does not work in a Node.js environment.
+ *
+ * @example
+ * ```javascript
+ * // Sign in using a redirect.
+ * const provider = new FacebookAuthProvider();
+ * const result = await signInWithRedirect(auth, provider);
+ * // This will trigger a full page redirect away from your app
+ *
+ * // After returning from the redirect when your app initializes you can obtain the result
+ * const result = await getRedirectResult(auth);
+ * // Reauthenticate using a redirect.
+ * await reauthenticateWithRedirect(result.user, provider);
+ * // This will again trigger a full page redirect away from your app
+ *
+ * // After returning from the redirect when your app initializes you can obtain the result
+ * const result = await getRedirectResult(auth);
+ * ```
+ *
+ * @param user - The user.
+ * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
+ * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
+ * @param resolver - An instance of {@link PopupRedirectResolver}, optional
+ * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
+ *
+ * @public
+ */
+function reauthenticateWithRedirect(user, provider, resolver) {
+    return _reauthenticateWithRedirect(user, provider, resolver);
+}
+async function _reauthenticateWithRedirect(user, provider, resolver) {
+    const userInternal = getModularInstance(user);
+    _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);
+    // Wait for auth initialization to complete, this will process pending redirects and clear the
+    // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new
+    // redirect and creating a PENDING_REDIRECT_KEY entry.
+    await userInternal.auth._initializationPromise;
+    // Allow the resolver to error before persisting the redirect user
+    const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);
+    await _setPendingRedirectStatus(resolverInternal, userInternal.auth);
+    const eventId = await prepareUserForRedirect(userInternal);
+    return resolverInternal._openRedirect(userInternal.auth, provider, "reauthViaRedirect" /* AuthEventType.REAUTH_VIA_REDIRECT */, eventId);
+}
+/**
+ * Links the {@link OAuthProvider} to the user account using a full-page redirect flow.
+ * @remarks
+ * To handle the results and errors for this operation, refer to {@link getRedirectResult}.
+ * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
+ * | best practices} when using {@link linkWithRedirect}.
+ *
+ * This method does not work in a Node.js environment.
+ *
+ * @example
+ * ```javascript
+ * // Sign in using some other provider.
+ * const result = await signInWithEmailAndPassword(auth, email, password);
+ * // Link using a redirect.
+ * const provider = new FacebookAuthProvider();
+ * await linkWithRedirect(result.user, provider);
+ * // This will trigger a full page redirect away from your app
+ *
+ * // After returning from the redirect when your app initializes you can obtain the result
+ * const result = await getRedirectResult(auth);
+ * ```
+ *
+ * @param user - The user.
+ * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
+ * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
+ * @param resolver - An instance of {@link PopupRedirectResolver}, optional
+ * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
+ *
+ * @public
+ */
+function linkWithRedirect(user, provider, resolver) {
+    return _linkWithRedirect(user, provider, resolver);
+}
+async function _linkWithRedirect(user, provider, resolver) {
+    const userInternal = getModularInstance(user);
+    _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);
+    // Wait for auth initialization to complete, this will process pending redirects and clear the
+    // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new
+    // redirect and creating a PENDING_REDIRECT_KEY entry.
+    await userInternal.auth._initializationPromise;
+    // Allow the resolver to error before persisting the redirect user
+    const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);
+    await _assertLinkedStatus(false, userInternal, provider.providerId);
+    await _setPendingRedirectStatus(resolverInternal, userInternal.auth);
+    const eventId = await prepareUserForRedirect(userInternal);
+    return resolverInternal._openRedirect(userInternal.auth, provider, "linkViaRedirect" /* AuthEventType.LINK_VIA_REDIRECT */, eventId);
+}
+/**
+ * Returns a {@link UserCredential} from the redirect-based sign-in flow.
+ *
+ * @remarks
+ * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
+ * error. If no redirect operation was called, returns `null`.
+ *
+ * This method does not work in a Node.js environment.
+ *
+ * @example
+ * ```javascript
+ * // Sign in using a redirect.
+ * const provider = new FacebookAuthProvider();
+ * // You can add additional scopes to the provider:
+ * provider.addScope('user_birthday');
+ * // Start a sign in process for an unauthenticated user.
+ * await signInWithRedirect(auth, provider);
+ * // This will trigger a full page redirect away from your app
+ *
+ * // After returning from the redirect when your app initializes you can obtain the result
+ * const result = await getRedirectResult(auth);
+ * if (result) {
+ *   // This is the signed-in user
+ *   const user = result.user;
+ *   // This gives you a Facebook Access Token.
+ *   const credential = provider.credentialFromResult(auth, result);
+ *   const token = credential.accessToken;
+ * }
+ * // As this API can be used for sign-in, linking and reauthentication,
+ * // check the operationType to determine what triggered this redirect
+ * // operation.
+ * const operationType = result.operationType;
+ * ```
+ *
+ * @param auth - The {@link Auth} instance.
+ * @param resolver - An instance of {@link PopupRedirectResolver}, optional
+ * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
+ *
+ * @public
+ */
+async function getRedirectResult(auth, resolver) {
+    await _castAuth(auth)._initializationPromise;
+    return _getRedirectResult(auth, resolver, false);
+}
+async function _getRedirectResult(auth, resolverExtern, bypassAuthState = false) {
+    const authInternal = _castAuth(auth);
+    const resolver = _withDefaultResolver(authInternal, resolverExtern);
+    const action = new RedirectAction(authInternal, resolver, bypassAuthState);
+    const result = await action.execute();
+    if (result && !bypassAuthState) {
+        delete result.user._redirectEventId;
+        await authInternal._persistUserIfCurrent(result.user);
+        await authInternal._setRedirectUser(null, resolverExtern);
+    }
+    return result;
+}
+async function prepareUserForRedirect(user) {
+    const eventId = _generateEventId(`${user.uid}:::`);
+    user._redirectEventId = eventId;
+    await user.auth._setRedirectUser(user);
+    await user.auth._persistUserIfCurrent(user);
+    return eventId;
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// The amount of time to store the UIDs of seen events; this is
+// set to 10 min by default
+const EVENT_DUPLICATION_CACHE_DURATION_MS = 10 * 60 * 1000;
+class AuthEventManager {
+    constructor(auth) {
+        this.auth = auth;
+        this.cachedEventUids = new Set();
+        this.consumers = new Set();
+        this.queuedRedirectEvent = null;
+        this.hasHandledPotentialRedirect = false;
+        this.lastProcessedEventTime = Date.now();
+    }
+    registerConsumer(authEventConsumer) {
+        this.consumers.add(authEventConsumer);
+        if (this.queuedRedirectEvent &&
+            this.isEventForConsumer(this.queuedRedirectEvent, authEventConsumer)) {
+            this.sendToConsumer(this.queuedRedirectEvent, authEventConsumer);
+            this.saveEventToCache(this.queuedRedirectEvent);
+            this.queuedRedirectEvent = null;
+        }
+    }
+    unregisterConsumer(authEventConsumer) {
+        this.consumers.delete(authEventConsumer);
+    }
+    onEvent(event) {
+        // Check if the event has already been handled
+        if (this.hasEventBeenHandled(event)) {
+            return false;
+        }
+        let handled = false;
+        this.consumers.forEach(consumer => {
+            if (this.isEventForConsumer(event, consumer)) {
+                handled = true;
+                this.sendToConsumer(event, consumer);
+                this.saveEventToCache(event);
+            }
+        });
+        if (this.hasHandledPotentialRedirect || !isRedirectEvent(event)) {
+            // If we've already seen a redirect before, or this is a popup event,
+            // bail now
+            return handled;
+        }
+        this.hasHandledPotentialRedirect = true;
+        // If the redirect wasn't handled, hang on to it
+        if (!handled) {
+            this.queuedRedirectEvent = event;
+            handled = true;
+        }
+        return handled;
+    }
+    sendToConsumer(event, consumer) {
+        var _a;
+        if (event.error && !isNullRedirectEvent(event)) {
+            const code = ((_a = event.error.code) === null || _a === void 0 ? void 0 : _a.split('auth/')[1]) ||
+                "internal-error" /* AuthErrorCode.INTERNAL_ERROR */;
+            consumer.onError(_createError(this.auth, code));
+        }
+        else {
+            consumer.onAuthEvent(event);
+        }
+    }
+    isEventForConsumer(event, consumer) {
+        const eventIdMatches = consumer.eventId === null ||
+            (!!event.eventId && event.eventId === consumer.eventId);
+        return consumer.filter.includes(event.type) && eventIdMatches;
+    }
+    hasEventBeenHandled(event) {
+        if (Date.now() - this.lastProcessedEventTime >=
+            EVENT_DUPLICATION_CACHE_DURATION_MS) {
+            this.cachedEventUids.clear();
+        }
+        return this.cachedEventUids.has(eventUid(event));
+    }
+    saveEventToCache(event) {
+        this.cachedEventUids.add(eventUid(event));
+        this.lastProcessedEventTime = Date.now();
+    }
+}
+function eventUid(e) {
+    return [e.type, e.eventId, e.sessionId, e.tenantId].filter(v => v).join('-');
+}
+function isNullRedirectEvent({ type, error }) {
+    return (type === "unknown" /* AuthEventType.UNKNOWN */ &&
+        (error === null || error === void 0 ? void 0 : error.code) === `auth/${"no-auth-event" /* AuthErrorCode.NO_AUTH_EVENT */}`);
+}
+function isRedirectEvent(event) {
+    switch (event.type) {
+        case "signInViaRedirect" /* AuthEventType.SIGN_IN_VIA_REDIRECT */:
+        case "linkViaRedirect" /* AuthEventType.LINK_VIA_REDIRECT */:
+        case "reauthViaRedirect" /* AuthEventType.REAUTH_VIA_REDIRECT */:
+            return true;
+        case "unknown" /* AuthEventType.UNKNOWN */:
+            return isNullRedirectEvent(event);
+        default:
+            return false;
+    }
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+async function _getProjectConfig(auth, request = {}) {
+    return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/projects" /* Endpoint.GET_PROJECT_CONFIG */, request);
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const IP_ADDRESS_REGEX = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;
+const HTTP_REGEX = /^https?/;
+async function _validateOrigin$1(auth) {
+    // Skip origin validation if we are in an emulated environment
+    if (auth.config.emulator) {
+        return;
+    }
+    const { authorizedDomains } = await _getProjectConfig(auth);
+    for (const domain of authorizedDomains) {
+        try {
+            if (matchDomain(domain)) {
+                return;
+            }
+        }
+        catch (_a) {
+            // Do nothing if there's a URL error; just continue searching
+        }
+    }
+    // In the old SDK, this error also provides helpful messages.
+    _fail(auth, "unauthorized-domain" /* AuthErrorCode.INVALID_ORIGIN */);
+}
+function matchDomain(expected) {
+    const currentUrl = _getCurrentUrl();
+    const { protocol, hostname } = new URL(currentUrl);
+    if (expected.startsWith('chrome-extension://')) {
+        const ceUrl = new URL(expected);
+        if (ceUrl.hostname === '' && hostname === '') {
+            // For some reason we're not parsing chrome URLs properly
+            return (protocol === 'chrome-extension:' &&
+                expected.replace('chrome-extension://', '') ===
+                    currentUrl.replace('chrome-extension://', ''));
+        }
+        return protocol === 'chrome-extension:' && ceUrl.hostname === hostname;
+    }
+    if (!HTTP_REGEX.test(protocol)) {
+        return false;
+    }
+    if (IP_ADDRESS_REGEX.test(expected)) {
+        // The domain has to be exactly equal to the pattern, as an IP domain will
+        // only contain the IP, no extra character.
+        return hostname === expected;
+    }
+    // Dots in pattern should be escaped.
+    const escapedDomainPattern = expected.replace(/\./g, '\\.');
+    // Non ip address domains.
+    // domain.com = *.domain.com OR domain.com
+    const re = new RegExp('^(.+\\.' + escapedDomainPattern + '|' + escapedDomainPattern + ')$', 'i');
+    return re.test(hostname);
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const NETWORK_TIMEOUT = new Delay(30000, 60000);
+/**
+ * Reset unlaoded GApi modules. If gapi.load fails due to a network error,
+ * it will stop working after a retrial. This is a hack to fix this issue.
+ */
+function resetUnloadedGapiModules() {
+    // Clear last failed gapi.load state to force next gapi.load to first
+    // load the failed gapi.iframes module.
+    // Get gapix.beacon context.
+    const beacon = _window().___jsl;
+    // Get current hint.
+    if (beacon === null || beacon === void 0 ? void 0 : beacon.H) {
+        // Get gapi hint.
+        for (const hint of Object.keys(beacon.H)) {
+            // Requested modules.
+            beacon.H[hint].r = beacon.H[hint].r || [];
+            // Loaded modules.
+            beacon.H[hint].L = beacon.H[hint].L || [];
+            // Set requested modules to a copy of the loaded modules.
+            beacon.H[hint].r = [...beacon.H[hint].L];
+            // Clear pending callbacks.
+            if (beacon.CP) {
+                for (let i = 0; i < beacon.CP.length; i++) {
+                    // Remove all failed pending callbacks.
+                    beacon.CP[i] = null;
+                }
+            }
+        }
+    }
+}
+function loadGapi(auth) {
+    return new Promise((resolve, reject) => {
+        var _a, _b, _c;
+        // Function to run when gapi.load is ready.
+        function loadGapiIframe() {
+            // The developer may have tried to previously run gapi.load and failed.
+            // Run this to fix that.
+            resetUnloadedGapiModules();
+            gapi.load('gapi.iframes', {
+                callback: () => {
+                    resolve(gapi.iframes.getContext());
+                },
+                ontimeout: () => {
+                    // The above reset may be sufficient, but having this reset after
+                    // failure ensures that if the developer calls gapi.load after the
+                    // connection is re-established and before another attempt to embed
+                    // the iframe, it would work and would not be broken because of our
+                    // failed attempt.
+                    // Timeout when gapi.iframes.Iframe not loaded.
+                    resetUnloadedGapiModules();
+                    reject(_createError(auth, "network-request-failed" /* AuthErrorCode.NETWORK_REQUEST_FAILED */));
+                },
+                timeout: NETWORK_TIMEOUT.get()
+            });
+        }
+        if ((_b = (_a = _window().gapi) === null || _a === void 0 ? void 0 : _a.iframes) === null || _b === void 0 ? void 0 : _b.Iframe) {
+            // If gapi.iframes.Iframe available, resolve.
+            resolve(gapi.iframes.getContext());
+        }
+        else if (!!((_c = _window().gapi) === null || _c === void 0 ? void 0 : _c.load)) {
+            // Gapi loader ready, load gapi.iframes.
+            loadGapiIframe();
+        }
+        else {
+            // Create a new iframe callback when this is called so as not to overwrite
+            // any previous defined callback. This happens if this method is called
+            // multiple times in parallel and could result in the later callback
+            // overwriting the previous one. This would end up with a iframe
+            // timeout.
+            const cbName = _generateCallbackName('iframefcb');
+            // GApi loader not available, dynamically load platform.js.
+            _window()[cbName] = () => {
+                // GApi loader should be ready.
+                if (!!gapi.load) {
+                    loadGapiIframe();
+                }
+                else {
+                    // Gapi loader failed, throw error.
+                    reject(_createError(auth, "network-request-failed" /* AuthErrorCode.NETWORK_REQUEST_FAILED */));
+                }
+            };
+            // Load GApi loader.
+            return _loadJS(`${_gapiScriptUrl()}?onload=${cbName}`)
+                .catch(e => reject(e));
+        }
+    }).catch(error => {
+        // Reset cached promise to allow for retrial.
+        cachedGApiLoader = null;
+        throw error;
+    });
+}
+let cachedGApiLoader = null;
+function _loadGapi(auth) {
+    cachedGApiLoader = cachedGApiLoader || loadGapi(auth);
+    return cachedGApiLoader;
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const PING_TIMEOUT = new Delay(5000, 15000);
+const IFRAME_PATH = '__/auth/iframe';
+const EMULATED_IFRAME_PATH = 'emulator/auth/iframe';
+const IFRAME_ATTRIBUTES = {
+    style: {
+        position: 'absolute',
+        top: '-100px',
+        width: '1px',
+        height: '1px'
+    },
+    'aria-hidden': 'true',
+    tabindex: '-1'
+};
+// Map from apiHost to endpoint ID for passing into iframe. In current SDK, apiHost can be set to
+// anything (not from a list of endpoints with IDs as in legacy), so this is the closest we can get.
+const EID_FROM_APIHOST = new Map([
+    ["identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */, 'p'],
+    ['staging-identitytoolkit.sandbox.googleapis.com', 's'],
+    ['test-identitytoolkit.sandbox.googleapis.com', 't'] // test
+]);
+function getIframeUrl(auth) {
+    const config = auth.config;
+    _assert(config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */);
+    const url = config.emulator
+        ? _emulatorUrl(config, EMULATED_IFRAME_PATH)
+        : `https://${auth.config.authDomain}/${IFRAME_PATH}`;
+    const params = {
+        apiKey: config.apiKey,
+        appName: auth.name,
+        v: SDK_VERSION
+    };
+    const eid = EID_FROM_APIHOST.get(auth.config.apiHost);
+    if (eid) {
+        params.eid = eid;
+    }
+    const frameworks = auth._getFrameworks();
+    if (frameworks.length) {
+        params.fw = frameworks.join(',');
+    }
+    return `${url}?${querystring(params).slice(1)}`;
+}
+async function _openIframe(auth) {
+    const context = await _loadGapi(auth);
+    const gapi = _window().gapi;
+    _assert(gapi, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+    return context.open({
+        where: document.body,
+        url: getIframeUrl(auth),
+        messageHandlersFilter: gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER,
+        attributes: IFRAME_ATTRIBUTES,
+        dontclear: true
+    }, (iframe) => new Promise(async (resolve, reject) => {
+        await iframe.restyle({
+            // Prevent iframe from closing on mouse out.
+            setHideOnLeave: false
+        });
+        const networkError = _createError(auth, "network-request-failed" /* AuthErrorCode.NETWORK_REQUEST_FAILED */);
+        // Confirm iframe is correctly loaded.
+        // To fallback on failure, set a timeout.
+        const networkErrorTimer = _window().setTimeout(() => {
+            reject(networkError);
+        }, PING_TIMEOUT.get());
+        // Clear timer and resolve pending iframe ready promise.
+        function clearTimerAndResolve() {
+            _window().clearTimeout(networkErrorTimer);
+            resolve(iframe);
+        }
+        // This returns an IThenable. However the reject part does not call
+        // when the iframe is not loaded.
+        iframe.ping(clearTimerAndResolve).then(clearTimerAndResolve, () => {
+            reject(networkError);
+        });
+    }));
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const BASE_POPUP_OPTIONS = {
+    location: 'yes',
+    resizable: 'yes',
+    statusbar: 'yes',
+    toolbar: 'no'
+};
+const DEFAULT_WIDTH = 500;
+const DEFAULT_HEIGHT = 600;
+const TARGET_BLANK = '_blank';
+const FIREFOX_EMPTY_URL = 'http://localhost';
+class AuthPopup {
+    constructor(window) {
+        this.window = window;
+        this.associatedEvent = null;
+    }
+    close() {
+        if (this.window) {
+            try {
+                this.window.close();
+            }
+            catch (e) { }
+        }
+    }
+}
+function _open(auth, url, name, width = DEFAULT_WIDTH, height = DEFAULT_HEIGHT) {
+    const top = Math.max((window.screen.availHeight - height) / 2, 0).toString();
+    const left = Math.max((window.screen.availWidth - width) / 2, 0).toString();
+    let target = '';
+    const options = Object.assign(Object.assign({}, BASE_POPUP_OPTIONS), { width: width.toString(), height: height.toString(), top,
+        left });
+    // Chrome iOS 7 and 8 is returning an undefined popup win when target is
+    // specified, even though the popup is not necessarily blocked.
+    const ua = getUA().toLowerCase();
+    if (name) {
+        target = _isChromeIOS(ua) ? TARGET_BLANK : name;
+    }
+    if (_isFirefox(ua)) {
+        // Firefox complains when invalid URLs are popped out. Hacky way to bypass.
+        url = url || FIREFOX_EMPTY_URL;
+        // Firefox disables by default scrolling on popup windows, which can create
+        // issues when the user has many Google accounts, for instance.
+        options.scrollbars = 'yes';
+    }
+    const optionsString = Object.entries(options).reduce((accum, [key, value]) => `${accum}${key}=${value},`, '');
+    if (_isIOSStandalone(ua) && target !== '_self') {
+        openAsNewWindowIOS(url || '', target);
+        return new AuthPopup(null);
+    }
+    // about:blank getting sanitized causing browsers like IE/Edge to display
+    // brief error message before redirecting to handler.
+    const newWin = window.open(url || '', target, optionsString);
+    _assert(newWin, auth, "popup-blocked" /* AuthErrorCode.POPUP_BLOCKED */);
+    // Flaky on IE edge, encapsulate with a try and catch.
+    try {
+        newWin.focus();
+    }
+    catch (e) { }
+    return new AuthPopup(newWin);
+}
+function openAsNewWindowIOS(url, target) {
+    const el = document.createElement('a');
+    el.href = url;
+    el.target = target;
+    const click = document.createEvent('MouseEvent');
+    click.initMouseEvent('click', true, true, window, 1, 0, 0, 0, 0, false, false, false, false, 1, null);
+    el.dispatchEvent(click);
+}
+
+/**
+ * @license
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * URL for Authentication widget which will initiate the OAuth handshake
+ *
+ * @internal
+ */
+const WIDGET_PATH = '__/auth/handler';
+/**
+ * URL for emulated environment
+ *
+ * @internal
+ */
+const EMULATOR_WIDGET_PATH = 'emulator/auth/handler';
+/**
+ * Fragment name for the App Check token that gets passed to the widget
+ *
+ * @internal
+ */
+const FIREBASE_APP_CHECK_FRAGMENT_ID = encodeURIComponent('fac');
+async function _getRedirectUrl(auth, provider, authType, redirectUrl, eventId, additionalParams) {
+    _assert(auth.config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */);
+    _assert(auth.config.apiKey, auth, "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */);
+    const params = {
+        apiKey: auth.config.apiKey,
+        appName: auth.name,
+        authType,
+        redirectUrl,
+        v: SDK_VERSION,
+        eventId
+    };
+    if (provider instanceof FederatedAuthProvider) {
+        provider.setDefaultLanguage(auth.languageCode);
+        params.providerId = provider.providerId || '';
+        if (!isEmpty(provider.getCustomParameters())) {
+            params.customParameters = JSON.stringify(provider.getCustomParameters());
+        }
+        // TODO set additionalParams from the provider as well?
+        for (const [key, value] of Object.entries(additionalParams || {})) {
+            params[key] = value;
+        }
+    }
+    if (provider instanceof BaseOAuthProvider) {
+        const scopes = provider.getScopes().filter(scope => scope !== '');
+        if (scopes.length > 0) {
+            params.scopes = scopes.join(',');
+        }
+    }
+    if (auth.tenantId) {
+        params.tid = auth.tenantId;
+    }
+    // TODO: maybe set eid as endipointId
+    // TODO: maybe set fw as Frameworks.join(",")
+    const paramsDict = params;
+    for (const key of Object.keys(paramsDict)) {
+        if (paramsDict[key] === undefined) {
+            delete paramsDict[key];
+        }
+    }
+    // Sets the App Check token to pass to the widget
+    const appCheckToken = await auth._getAppCheckToken();
+    const appCheckTokenFragment = appCheckToken
+        ? `#${FIREBASE_APP_CHECK_FRAGMENT_ID}=${encodeURIComponent(appCheckToken)}`
+        : '';
+    // Start at index 1 to skip the leading '&' in the query string
+    return `${getHandlerBase(auth)}?${querystring(paramsDict).slice(1)}${appCheckTokenFragment}`;
+}
+function getHandlerBase({ config }) {
+    if (!config.emulator) {
+        return `https://${config.authDomain}/${WIDGET_PATH}`;
+    }
+    return _emulatorUrl(config, EMULATOR_WIDGET_PATH);
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * The special web storage event
+ *
+ */
+const WEB_STORAGE_SUPPORT_KEY = 'webStorageSupport';
+class BrowserPopupRedirectResolver {
+    constructor() {
+        this.eventManagers = {};
+        this.iframes = {};
+        this.originValidationPromises = {};
+        this._redirectPersistence = browserSessionPersistence;
+        this._completeRedirectFn = _getRedirectResult;
+        this._overrideRedirectResult = _overrideRedirectResult;
+    }
+    // Wrapping in async even though we don't await anywhere in order
+    // to make sure errors are raised as promise rejections
+    async _openPopup(auth, provider, authType, eventId) {
+        var _a;
+        debugAssert((_a = this.eventManagers[auth._key()]) === null || _a === void 0 ? void 0 : _a.manager, '_initialize() not called before _openPopup()');
+        const url = await _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId);
+        return _open(auth, url, _generateEventId());
+    }
+    async _openRedirect(auth, provider, authType, eventId) {
+        await this._originValidation(auth);
+        const url = await _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId);
+        _setWindowLocation(url);
+        return new Promise(() => { });
+    }
+    _initialize(auth) {
+        const key = auth._key();
+        if (this.eventManagers[key]) {
+            const { manager, promise } = this.eventManagers[key];
+            if (manager) {
+                return Promise.resolve(manager);
+            }
+            else {
+                debugAssert(promise, 'If manager is not set, promise should be');
+                return promise;
+            }
+        }
+        const promise = this.initAndGetManager(auth);
+        this.eventManagers[key] = { promise };
+        // If the promise is rejected, the key should be removed so that the
+        // operation can be retried later.
+        promise.catch(() => {
+            delete this.eventManagers[key];
+        });
+        return promise;
+    }
+    async initAndGetManager(auth) {
+        const iframe = await _openIframe(auth);
+        const manager = new AuthEventManager(auth);
+        iframe.register('authEvent', (iframeEvent) => {
+            _assert(iframeEvent === null || iframeEvent === void 0 ? void 0 : iframeEvent.authEvent, auth, "invalid-auth-event" /* AuthErrorCode.INVALID_AUTH_EVENT */);
+            // TODO: Consider splitting redirect and popup events earlier on
+            const handled = manager.onEvent(iframeEvent.authEvent);
+            return { status: handled ? "ACK" /* GapiOutcome.ACK */ : "ERROR" /* GapiOutcome.ERROR */ };
+        }, gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER);
+        this.eventManagers[auth._key()] = { manager };
+        this.iframes[auth._key()] = iframe;
+        return manager;
+    }
+    _isIframeWebStorageSupported(auth, cb) {
+        const iframe = this.iframes[auth._key()];
+        iframe.send(WEB_STORAGE_SUPPORT_KEY, { type: WEB_STORAGE_SUPPORT_KEY }, result => {
+            var _a;
+            const isSupported = (_a = result === null || result === void 0 ? void 0 : result[0]) === null || _a === void 0 ? void 0 : _a[WEB_STORAGE_SUPPORT_KEY];
+            if (isSupported !== undefined) {
+                cb(!!isSupported);
+            }
+            _fail(auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        }, gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER);
+    }
+    _originValidation(auth) {
+        const key = auth._key();
+        if (!this.originValidationPromises[key]) {
+            this.originValidationPromises[key] = _validateOrigin$1(auth);
+        }
+        return this.originValidationPromises[key];
+    }
+    get _shouldInitProactively() {
+        // Mobile browsers and Safari need to optimistically initialize
+        return _isMobileBrowser() || _isSafari() || _isIOS();
+    }
+}
+/**
+ * An implementation of {@link PopupRedirectResolver} suitable for browser
+ * based applications.
+ *
+ * @remarks
+ * This method does not work in a Node.js environment.
+ *
+ * @public
+ */
+const browserPopupRedirectResolver = BrowserPopupRedirectResolver;
+
+/**
+ * {@inheritdoc PhoneMultiFactorAssertion}
+ *
+ * @public
+ */
+class PhoneMultiFactorAssertionImpl extends MultiFactorAssertionImpl {
+    constructor(credential) {
+        super("phone" /* FactorId.PHONE */);
+        this.credential = credential;
+    }
+    /** @internal */
+    static _fromCredential(credential) {
+        return new PhoneMultiFactorAssertionImpl(credential);
+    }
+    /** @internal */
+    _finalizeEnroll(auth, idToken, displayName) {
+        return finalizeEnrollPhoneMfa(auth, {
+            idToken,
+            displayName,
+            phoneVerificationInfo: this.credential._makeVerificationRequest()
+        });
+    }
+    /** @internal */
+    _finalizeSignIn(auth, mfaPendingCredential) {
+        return finalizeSignInPhoneMfa(auth, {
+            mfaPendingCredential,
+            phoneVerificationInfo: this.credential._makeVerificationRequest()
+        });
+    }
+}
+/**
+ * Provider for generating a {@link PhoneMultiFactorAssertion}.
+ *
+ * @public
+ */
+class PhoneMultiFactorGenerator {
+    constructor() { }
+    /**
+     * Provides a {@link PhoneMultiFactorAssertion} to confirm ownership of the phone second factor.
+     *
+     * @remarks
+     * This method does not work in a Node.js environment.
+     *
+     * @param phoneAuthCredential - A credential provided by {@link PhoneAuthProvider.credential}.
+     * @returns A {@link PhoneMultiFactorAssertion} which can be used with
+     * {@link MultiFactorResolver.resolveSignIn}
+     */
+    static assertion(credential) {
+        return PhoneMultiFactorAssertionImpl._fromCredential(credential);
+    }
+}
+/**
+ * The identifier of the phone second factor: `phone`.
+ */
+PhoneMultiFactorGenerator.FACTOR_ID = 'phone';
+
+/**
+ * @license
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const DEFAULT_ID_TOKEN_MAX_AGE = 5 * 60;
+const authIdTokenMaxAge = getExperimentalSetting('authIdTokenMaxAge') || DEFAULT_ID_TOKEN_MAX_AGE;
+let lastPostedIdToken = null;
+const mintCookieFactory = (url) => async (user) => {
+    const idTokenResult = user && (await user.getIdTokenResult());
+    const idTokenAge = idTokenResult &&
+        (new Date().getTime() - Date.parse(idTokenResult.issuedAtTime)) / 1000;
+    if (idTokenAge && idTokenAge > authIdTokenMaxAge) {
+        return;
+    }
+    // Specifically trip null => undefined when logged out, to delete any existing cookie
+    const idToken = idTokenResult === null || idTokenResult === void 0 ? void 0 : idTokenResult.token;
+    if (lastPostedIdToken === idToken) {
+        return;
+    }
+    lastPostedIdToken = idToken;
+    await fetch(url, {
+        method: idToken ? 'POST' : 'DELETE',
+        headers: idToken
+            ? {
+                'Authorization': `Bearer ${idToken}`
+            }
+            : {}
+    });
+};
+/**
+ * Returns the Auth instance associated with the provided {@link @firebase/app#FirebaseApp}.
+ * If no instance exists, initializes an Auth instance with platform-specific default dependencies.
+ *
+ * @param app - The Firebase App.
+ *
+ * @public
+ */
+function getAuth(app = getApp()) {
+    const provider = _getProvider(app, 'auth');
+    if (provider.isInitialized()) {
+        return provider.getImmediate();
+    }
+    const auth = initializeAuth(app, {
+        popupRedirectResolver: browserPopupRedirectResolver,
+        persistence: [
+            indexedDBLocalPersistence,
+            browserLocalPersistence,
+            browserSessionPersistence
+        ]
+    });
+    const authTokenSyncUrl = getExperimentalSetting('authTokenSyncURL');
+    if (authTokenSyncUrl) {
+        const mintCookie = mintCookieFactory(authTokenSyncUrl);
+        beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
+        onIdTokenChanged(auth, user => mintCookie(user));
+    }
+    const authEmulatorHost = getDefaultEmulatorHost('auth');
+    if (authEmulatorHost) {
+        connectAuthEmulator(auth, `http://${authEmulatorHost}`);
+    }
+    return auth;
+}
+function getScriptParentElement() {
+    var _a, _b;
+    return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
+}
+_setExternalJSProvider({
+    loadJS(url) {
+        // TODO: consider adding timeout support & cancellation
+        return new Promise((resolve, reject) => {
+            const el = document.createElement('script');
+            el.setAttribute('src', url);
+            el.onload = resolve;
+            el.onerror = e => {
+                const error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+                error.customData = e;
+                reject(error);
+            };
+            el.type = 'text/javascript';
+            el.charset = 'UTF-8';
+            getScriptParentElement().appendChild(el);
+        });
+    },
+    gapiScript: 'https://apis.google.com/js/api.js',
+    recaptchaV2Script: 'https://www.google.com/recaptcha/api.js',
+    recaptchaEnterpriseScript: 'https://www.google.com/recaptcha/enterprise.js?render='
+});
+registerAuth("Browser" /* ClientPlatform.BROWSER */);
+
+/**
+ * @license
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+function _cordovaWindow() {
+    return window;
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * How long to wait after the app comes back into focus before concluding that
+ * the user closed the sign in tab.
+ */
+const REDIRECT_TIMEOUT_MS = 2000;
+/**
+ * Generates the URL for the OAuth handler.
+ */
+async function _generateHandlerUrl(auth, event, provider) {
+    var _a;
+    // Get the cordova plugins
+    const { BuildInfo } = _cordovaWindow();
+    debugAssert(event.sessionId, 'AuthEvent did not contain a session ID');
+    const sessionDigest = await computeSha256(event.sessionId);
+    const additionalParams = {};
+    if (_isIOS()) {
+        // iOS app identifier
+        additionalParams['ibi'] = BuildInfo.packageName;
+    }
+    else if (_isAndroid()) {
+        // Android app identifier
+        additionalParams['apn'] = BuildInfo.packageName;
+    }
+    else {
+        _fail(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */);
+    }
+    // Add the display name if available
+    if (BuildInfo.displayName) {
+        additionalParams['appDisplayName'] = BuildInfo.displayName;
+    }
+    // Attached the hashed session ID
+    additionalParams['sessionId'] = sessionDigest;
+    return _getRedirectUrl(auth, provider, event.type, undefined, (_a = event.eventId) !== null && _a !== void 0 ? _a : undefined, additionalParams);
+}
+/**
+ * Validates that this app is valid for this project configuration
+ */
+async function _validateOrigin(auth) {
+    const { BuildInfo } = _cordovaWindow();
+    const request = {};
+    if (_isIOS()) {
+        request.iosBundleId = BuildInfo.packageName;
+    }
+    else if (_isAndroid()) {
+        request.androidPackageName = BuildInfo.packageName;
+    }
+    else {
+        _fail(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */);
+    }
+    // Will fail automatically if package name is not authorized
+    await _getProjectConfig(auth, request);
+}
+function _performRedirect(handlerUrl) {
+    // Get the cordova plugins
+    const { cordova } = _cordovaWindow();
+    return new Promise(resolve => {
+        cordova.plugins.browsertab.isAvailable(browserTabIsAvailable => {
+            let iabRef = null;
+            if (browserTabIsAvailable) {
+                cordova.plugins.browsertab.openUrl(handlerUrl);
+            }
+            else {
+                // TODO: Return the inappbrowser ref that's returned from the open call
+                iabRef = cordova.InAppBrowser.open(handlerUrl, _isIOS7Or8() ? '_blank' : '_system', 'location=yes');
+            }
+            resolve(iabRef);
+        });
+    });
+}
+/**
+ * This function waits for app activity to be seen before resolving. It does
+ * this by attaching listeners to various dom events. Once the app is determined
+ * to be visible, this promise resolves. AFTER that resolution, the listeners
+ * are detached and any browser tabs left open will be closed.
+ */
+async function _waitForAppResume(auth, eventListener, iabRef) {
+    // Get the cordova plugins
+    const { cordova } = _cordovaWindow();
+    let cleanup = () => { };
+    try {
+        await new Promise((resolve, reject) => {
+            let onCloseTimer = null;
+            // DEFINE ALL THE CALLBACKS =====
+            function authEventSeen() {
+                var _a;
+                // Auth event was detected. Resolve this promise and close the extra
+                // window if it's still open.
+                resolve();
+                const closeBrowserTab = (_a = cordova.plugins.browsertab) === null || _a === void 0 ? void 0 : _a.close;
+                if (typeof closeBrowserTab === 'function') {
+                    closeBrowserTab();
+                }
+                // Close inappbrowser emebedded webview in iOS7 and 8 case if still
+                // open.
+                if (typeof (iabRef === null || iabRef === void 0 ? void 0 : iabRef.close) === 'function') {
+                    iabRef.close();
+                }
+            }
+            function resumed() {
+                if (onCloseTimer) {
+                    // This code already ran; do not rerun.
+                    return;
+                }
+                onCloseTimer = window.setTimeout(() => {
+                    // Wait two seeconds after resume then reject.
+                    reject(_createError(auth, "redirect-cancelled-by-user" /* AuthErrorCode.REDIRECT_CANCELLED_BY_USER */));
+                }, REDIRECT_TIMEOUT_MS);
+            }
+            function visibilityChanged() {
+                if ((document === null || document === void 0 ? void 0 : document.visibilityState) === 'visible') {
+                    resumed();
+                }
+            }
+            // ATTACH ALL THE LISTENERS =====
+            // Listen for the auth event
+            eventListener.addPassiveListener(authEventSeen);
+            // Listen for resume and visibility events
+            document.addEventListener('resume', resumed, false);
+            if (_isAndroid()) {
+                document.addEventListener('visibilitychange', visibilityChanged, false);
+            }
+            // SETUP THE CLEANUP FUNCTION =====
+            cleanup = () => {
+                eventListener.removePassiveListener(authEventSeen);
+                document.removeEventListener('resume', resumed, false);
+                document.removeEventListener('visibilitychange', visibilityChanged, false);
+                if (onCloseTimer) {
+                    window.clearTimeout(onCloseTimer);
+                }
+            };
+        });
+    }
+    finally {
+        cleanup();
+    }
+}
+/**
+ * Checks the configuration of the Cordova environment. This has no side effect
+ * if the configuration is correct; otherwise it throws an error with the
+ * missing plugin.
+ */
+function _checkCordovaConfiguration(auth) {
+    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
+    const win = _cordovaWindow();
+    // Check all dependencies installed.
+    // https://github.com/nordnet/cordova-universal-links-plugin
+    // Note that cordova-universal-links-plugin has been abandoned.
+    // A fork with latest fixes is available at:
+    // https://www.npmjs.com/package/cordova-universal-links-plugin-fix
+    _assert(typeof ((_a = win === null || win === void 0 ? void 0 : win.universalLinks) === null || _a === void 0 ? void 0 : _a.subscribe) === 'function', auth, "invalid-cordova-configuration" /* AuthErrorCode.INVALID_CORDOVA_CONFIGURATION */, {
+        missingPlugin: 'cordova-universal-links-plugin-fix'
+    });
+    // https://www.npmjs.com/package/cordova-plugin-buildinfo
+    _assert(typeof ((_b = win === null || win === void 0 ? void 0 : win.BuildInfo) === null || _b === void 0 ? void 0 : _b.packageName) !== 'undefined', auth, "invalid-cordova-configuration" /* AuthErrorCode.INVALID_CORDOVA_CONFIGURATION */, {
+        missingPlugin: 'cordova-plugin-buildInfo'
+    });
+    // https://github.com/google/cordova-plugin-browsertab
+    _assert(typeof ((_e = (_d = (_c = win === null || win === void 0 ? void 0 : win.cordova) === null || _c === void 0 ? void 0 : _c.plugins) === null || _d === void 0 ? void 0 : _d.browsertab) === null || _e === void 0 ? void 0 : _e.openUrl) === 'function', auth, "invalid-cordova-configuration" /* AuthErrorCode.INVALID_CORDOVA_CONFIGURATION */, {
+        missingPlugin: 'cordova-plugin-browsertab'
+    });
+    _assert(typeof ((_h = (_g = (_f = win === null || win === void 0 ? void 0 : win.cordova) === null || _f === void 0 ? void 0 : _f.plugins) === null || _g === void 0 ? void 0 : _g.browsertab) === null || _h === void 0 ? void 0 : _h.isAvailable) === 'function', auth, "invalid-cordova-configuration" /* AuthErrorCode.INVALID_CORDOVA_CONFIGURATION */, {
+        missingPlugin: 'cordova-plugin-browsertab'
+    });
+    // https://cordova.apache.org/docs/en/latest/reference/cordova-plugin-inappbrowser/
+    _assert(typeof ((_k = (_j = win === null || win === void 0 ? void 0 : win.cordova) === null || _j === void 0 ? void 0 : _j.InAppBrowser) === null || _k === void 0 ? void 0 : _k.open) === 'function', auth, "invalid-cordova-configuration" /* AuthErrorCode.INVALID_CORDOVA_CONFIGURATION */, {
+        missingPlugin: 'cordova-plugin-inappbrowser'
+    });
+}
+/**
+ * Computes the SHA-256 of a session ID. The SubtleCrypto interface is only
+ * available in "secure" contexts, which covers Cordova (which is served on a file
+ * protocol).
+ */
+async function computeSha256(sessionId) {
+    const bytes = stringToArrayBuffer(sessionId);
+    // TODO: For IE11 crypto has a different name and this operation comes back
+    //       as an object, not a promise. This is the old proposed standard that
+    //       is used by IE11:
+    // https://www.w3.org/TR/2013/WD-WebCryptoAPI-20130108/#cryptooperation-interface
+    const buf = await crypto.subtle.digest('SHA-256', bytes);
+    const arr = Array.from(new Uint8Array(buf));
+    return arr.map(num => num.toString(16).padStart(2, '0')).join('');
+}
+function stringToArrayBuffer(str) {
+    // This function is only meant to deal with an ASCII charset and makes
+    // certain simplifying assumptions.
+    debugAssert(/[0-9a-zA-Z]+/.test(str), 'Can only convert alpha-numeric strings');
+    if (typeof TextEncoder !== 'undefined') {
+        return new TextEncoder().encode(str);
+    }
+    const buff = new ArrayBuffer(str.length);
+    const view = new Uint8Array(buff);
+    for (let i = 0; i < str.length; i++) {
+        view[i] = str.charCodeAt(i);
+    }
+    return view;
+}
+
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const SESSION_ID_LENGTH = 20;
+/** Custom AuthEventManager that adds passive listeners to events */
+class CordovaAuthEventManager extends AuthEventManager {
+    constructor() {
+        super(...arguments);
+        this.passiveListeners = new Set();
+        this.initPromise = new Promise(resolve => {
+            this.resolveInialized = resolve;
+        });
+    }
+    addPassiveListener(cb) {
+        this.passiveListeners.add(cb);
+    }
+    removePassiveListener(cb) {
+        this.passiveListeners.delete(cb);
+    }
+    // In a Cordova environment, this manager can live through multiple redirect
+    // operations
+    resetRedirect() {
+        this.queuedRedirectEvent = null;
+        this.hasHandledPotentialRedirect = false;
+    }
+    /** Override the onEvent method */
+    onEvent(event) {
+        this.resolveInialized();
+        this.passiveListeners.forEach(cb => cb(event));
+        return super.onEvent(event);
+    }
+    async initialized() {
+        await this.initPromise;
+    }
+}
+/**
+ * Generates a (partial) {@link AuthEvent}.
+ */
+function _generateNewEvent(auth, type, eventId = null) {
+    return {
+        type,
+        eventId,
+        urlResponse: null,
+        sessionId: generateSessionId(),
+        postBody: null,
+        tenantId: auth.tenantId,
+        error: _createError(auth, "no-auth-event" /* AuthErrorCode.NO_AUTH_EVENT */)
+    };
+}
+function _savePartialEvent(auth, event) {
+    return storage()._set(persistenceKey(auth), event);
+}
+async function _getAndRemoveEvent(auth) {
+    const event = (await storage()._get(persistenceKey(auth)));
+    if (event) {
+        await storage()._remove(persistenceKey(auth));
+    }
+    return event;
+}
+function _eventFromPartialAndUrl(partialEvent, url) {
+    var _a, _b;
+    // Parse the deep link within the dynamic link URL.
+    const callbackUrl = _getDeepLinkFromCallback(url);
+    // Confirm it is actually a callback URL.
+    // Currently the universal link will be of this format:
+    // https://<AUTH_DOMAIN>/__/auth/callback<OAUTH_RESPONSE>
+    // This is a fake URL but is not intended to take the user anywhere
+    // and just redirect to the app.
+    if (callbackUrl.includes('/__/auth/callback')) {
+        // Check if there is an error in the URL.
+        // This mechanism is also used to pass errors back to the app:
+        // https://<AUTH_DOMAIN>/__/auth/callback?firebaseError=<STRINGIFIED_ERROR>
+        const params = searchParamsOrEmpty(callbackUrl);
+        // Get the error object corresponding to the stringified error if found.
+        const errorObject = params['firebaseError']
+            ? parseJsonOrNull(decodeURIComponent(params['firebaseError']))
+            : null;
+        const code = (_b = (_a = errorObject === null || errorObject === void 0 ? void 0 : errorObject['code']) === null || _a === void 0 ? void 0 : _a.split('auth/')) === null || _b === void 0 ? void 0 : _b[1];
+        const error = code ? _createError(code) : null;
+        if (error) {
+            return {
+                type: partialEvent.type,
+                eventId: partialEvent.eventId,
+                tenantId: partialEvent.tenantId,
+                error,
+                urlResponse: null,
+                sessionId: null,
+                postBody: null
+            };
+        }
+        else {
+            return {
+                type: partialEvent.type,
+                eventId: partialEvent.eventId,
+                tenantId: partialEvent.tenantId,
+                sessionId: partialEvent.sessionId,
+                urlResponse: callbackUrl,
+                postBody: null
+            };
+        }
+    }
+    return null;
+}
+function generateSessionId() {
+    const chars = [];
+    const allowedChars = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    for (let i = 0; i < SESSION_ID_LENGTH; i++) {
+        const idx = Math.floor(Math.random() * allowedChars.length);
+        chars.push(allowedChars.charAt(idx));
+    }
+    return chars.join('');
+}
+function storage() {
+    return _getInstance(browserLocalPersistence);
+}
+function persistenceKey(auth) {
+    return _persistenceKeyName("authEvent" /* KeyName.AUTH_EVENT */, auth.config.apiKey, auth.name);
+}
+function parseJsonOrNull(json) {
+    try {
+        return JSON.parse(json);
+    }
+    catch (e) {
+        return null;
+    }
+}
+// Exported for testing
+function _getDeepLinkFromCallback(url) {
+    const params = searchParamsOrEmpty(url);
+    const link = params['link'] ? decodeURIComponent(params['link']) : undefined;
+    // Double link case (automatic redirect)
+    const doubleDeepLink = searchParamsOrEmpty(link)['link'];
+    // iOS custom scheme links.
+    const iOSDeepLink = params['deep_link_id']
+        ? decodeURIComponent(params['deep_link_id'])
+        : undefined;
+    const iOSDoubleDeepLink = searchParamsOrEmpty(iOSDeepLink)['link'];
+    return iOSDoubleDeepLink || iOSDeepLink || doubleDeepLink || link || url;
+}
+/**
+ * Optimistically tries to get search params from a string, or else returns an
+ * empty search params object.
+ */
+function searchParamsOrEmpty(url) {
+    if (!(url === null || url === void 0 ? void 0 : url.includes('?'))) {
+        return {};
+    }
+    const [_, ...rest] = url.split('?');
+    return querystringDecode(rest.join('?'));
+}
+
+/**
+ * @license
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * How long to wait for the initial auth event before concluding no
+ * redirect pending
+ */
+const INITIAL_EVENT_TIMEOUT_MS = 500;
+class CordovaPopupRedirectResolver {
+    constructor() {
+        this._redirectPersistence = browserSessionPersistence;
+        this._shouldInitProactively = true; // This is lightweight for Cordova
+        this.eventManagers = new Map();
+        this.originValidationPromises = {};
+        this._completeRedirectFn = _getRedirectResult;
+        this._overrideRedirectResult = _overrideRedirectResult;
+    }
+    async _initialize(auth) {
+        const key = auth._key();
+        let manager = this.eventManagers.get(key);
+        if (!manager) {
+            manager = new CordovaAuthEventManager(auth);
+            this.eventManagers.set(key, manager);
+            this.attachCallbackListeners(auth, manager);
+        }
+        return manager;
+    }
+    _openPopup(auth) {
+        _fail(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */);
+    }
+    async _openRedirect(auth, provider, authType, eventId) {
+        _checkCordovaConfiguration(auth);
+        const manager = await this._initialize(auth);
+        await manager.initialized();
+        // Reset the persisted redirect states. This does not matter on Web where
+        // the redirect always blows away application state entirely. On Cordova,
+        // the app maintains control flow through the redirect.
+        manager.resetRedirect();
+        _clearRedirectOutcomes();
+        await this._originValidation(auth);
+        const event = _generateNewEvent(auth, authType, eventId);
+        await _savePartialEvent(auth, event);
+        const url = await _generateHandlerUrl(auth, event, provider);
+        const iabRef = await _performRedirect(url);
+        return _waitForAppResume(auth, manager, iabRef);
+    }
+    _isIframeWebStorageSupported(_auth, _cb) {
+        throw new Error('Method not implemented.');
+    }
+    _originValidation(auth) {
+        const key = auth._key();
+        if (!this.originValidationPromises[key]) {
+            this.originValidationPromises[key] = _validateOrigin(auth);
+        }
+        return this.originValidationPromises[key];
+    }
+    attachCallbackListeners(auth, manager) {
+        // Get the global plugins
+        const { universalLinks, handleOpenURL, BuildInfo } = _cordovaWindow();
+        const noEventTimeout = setTimeout(async () => {
+            // We didn't see that initial event. Clear any pending object and
+            // dispatch no event
+            await _getAndRemoveEvent(auth);
+            manager.onEvent(generateNoEvent());
+        }, INITIAL_EVENT_TIMEOUT_MS);
+        const universalLinksCb = async (eventData) => {
+            // We have an event so we can clear the no event timeout
+            clearTimeout(noEventTimeout);
+            const partialEvent = await _getAndRemoveEvent(auth);
+            let finalEvent = null;
+            if (partialEvent && (eventData === null || eventData === void 0 ? void 0 : eventData['url'])) {
+                finalEvent = _eventFromPartialAndUrl(partialEvent, eventData['url']);
+            }
+            // If finalEvent is never filled, trigger with no event
+            manager.onEvent(finalEvent || generateNoEvent());
+        };
+        // Universal links subscriber doesn't exist for iOS, so we need to check
+        if (typeof universalLinks !== 'undefined' &&
+            typeof universalLinks.subscribe === 'function') {
+            universalLinks.subscribe(null, universalLinksCb);
+        }
+        // iOS 7 or 8 custom URL schemes.
+        // This is also the current default behavior for iOS 9+.
+        // For this to work, cordova-plugin-customurlscheme needs to be installed.
+        // https://github.com/EddyVerbruggen/Custom-URL-scheme
+        // Do not overwrite the existing developer's URL handler.
+        const existingHandleOpenURL = handleOpenURL;
+        const packagePrefix = `${BuildInfo.packageName.toLowerCase()}://`;
+        _cordovaWindow().handleOpenURL = async (url) => {
+            if (url.toLowerCase().startsWith(packagePrefix)) {
+                // We want this intentionally to float
+                // eslint-disable-next-line @typescript-eslint/no-floating-promises
+                universalLinksCb({ url });
+            }
+            // Call the developer's handler if it is present.
+            if (typeof existingHandleOpenURL === 'function') {
+                try {
+                    existingHandleOpenURL(url);
+                }
+                catch (e) {
+                    // This is a developer error. Don't stop the flow of the SDK.
+                    console.error(e);
+                }
+            }
+        };
+    }
+}
+/**
+ * An implementation of {@link PopupRedirectResolver} suitable for Cordova
+ * based applications.
+ *
+ * @public
+ */
+const cordovaPopupRedirectResolver = CordovaPopupRedirectResolver;
+function generateNoEvent() {
+    return {
+        type: "unknown" /* AuthEventType.UNKNOWN */,
+        eventId: null,
+        sessionId: null,
+        urlResponse: null,
+        postBody: null,
+        tenantId: null,
+        error: _createError("no-auth-event" /* AuthErrorCode.NO_AUTH_EVENT */)
+    };
+}
+
+/**
+ * @license
+ * Copyright 2017 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// This function should only be called by frameworks (e.g. FirebaseUI-web) to log their usage.
+// It is not intended for direct use by developer apps. NO jsdoc here to intentionally leave it out
+// of autogenerated documentation pages to reduce accidental misuse.
+function addFrameworkForLogging(auth, framework) {
+    _castAuth(auth)._logFramework(framework);
+}
+
+export { ActionCodeOperation, AuthPopup, FactorId, OperationType, PhoneAuthProvider, PhoneMultiFactorGenerator, ProviderId, RecaptchaVerifier, SignInMethod, _getRedirectResult, _overrideRedirectResult, addFrameworkForLogging, browserLocalPersistence, browserPopupRedirectResolver, browserSessionPersistence, cordovaPopupRedirectResolver, getAuth, getRedirectResult, linkWithPhoneNumber, linkWithPopup, linkWithRedirect, reauthenticateWithPhoneNumber, reauthenticateWithPopup, reauthenticateWithRedirect, signInWithPhoneNumber, signInWithPopup, signInWithRedirect, updatePhoneNumber };
+//# sourceMappingURL=internal.js.map