@firebase/auth 1.6.2 → 1.7.0-canary.0068ed5ab

package/dist/browser-cjs/{index-6a907fc6.js → index-e3deabf2.js}

@@ -1,7 +1,7 @@
 'use strict';
 
-var util = require('@firebase/util');
 var app = require('@firebase/app');
+var util = require('@firebase/util');
 var logger = require('@firebase/logger');
 var tslib = require('tslib');
 var component = require('@firebase/component');
@@ -482,6 +482,9 @@ function _errorWithCustomMessage(auth, code, message) {
         appName: auth.name
     });
 }
+function _serverAppCurrentUserOperationNotSupportedError(auth) {
+    return _errorWithCustomMessage(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */, 'Operations that alter the current user are not supported in conjunction with FirebaseServerApp');
+}
 function _assertInstanceOf(auth, object, instance) {
     const constructorInstance = instance;
     if (!(object instanceof constructorInstance)) {
@@ -1590,11 +1593,16 @@ class StsTokenManager {
             : _tokenExpiresIn(response.idToken);
         this.updateTokensAndExpiration(response.idToken, response.refreshToken, expiresIn);
     }
+    updateFromIdToken(idToken) {
+        _assert(idToken.length !== 0, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        const expiresIn = _tokenExpiresIn(idToken);
+        this.updateTokensAndExpiration(idToken, null, expiresIn);
+    }
     async getToken(auth, forceRefresh = false) {
-        _assert(!this.accessToken || this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */);
         if (!forceRefresh && this.accessToken && !this.isExpired) {
             return this.accessToken;
         }
+        _assert(this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */);
         if (this.refreshToken) {
             await this.refresh(auth, this.refreshToken);
             return this.accessToken;
@@ -1774,6 +1782,9 @@ class UserImpl {
         }
     }
     async delete() {
+        if (app._isFirebaseServerApp(this.auth.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this.auth));
+        }
         const idToken = await this.getIdToken();
         await _logoutIfInvalidated(this, deleteAccount(this.auth, { idToken }));
         this.stsTokenManager.clearRefreshToken();
@@ -1857,6 +1868,44 @@ class UserImpl {
         await _reloadWithoutSaving(user);
         return user;
     }
+    /**
+     * Initialize a User from an idToken server response
+     * @param auth
+     * @param idTokenResponse
+     */
+    static async _fromGetAccountInfoResponse(auth, response, idToken) {
+        const coreAccount = response.users[0];
+        _assert(coreAccount.localId !== undefined, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        const providerData = coreAccount.providerUserInfo !== undefined
+            ? extractProviderData(coreAccount.providerUserInfo)
+            : [];
+        const isAnonymous = !(coreAccount.email && coreAccount.passwordHash) && !(providerData === null || providerData === void 0 ? void 0 : providerData.length);
+        const stsTokenManager = new StsTokenManager();
+        stsTokenManager.updateFromIdToken(idToken);
+        // Initialize the Firebase Auth user.
+        const user = new UserImpl({
+            uid: coreAccount.localId,
+            auth,
+            stsTokenManager,
+            isAnonymous
+        });
+        // update the user with data from the GetAccountInfo response.
+        const updates = {
+            uid: coreAccount.localId,
+            displayName: coreAccount.displayName || null,
+            photoURL: coreAccount.photoUrl || null,
+            email: coreAccount.email || null,
+            emailVerified: coreAccount.emailVerified || false,
+            phoneNumber: coreAccount.phoneNumber || null,
+            tenantId: coreAccount.tenantId || null,
+            providerData,
+            metadata: new UserMetadata(coreAccount.createdAt, coreAccount.lastLoginAt),
+            isAnonymous: !(coreAccount.email && coreAccount.passwordHash) &&
+                !(providerData === null || providerData === void 0 ? void 0 : providerData.length)
+        };
+        Object.assign(user, updates);
+        return user;
+    }
 }
 
 /**
@@ -2600,8 +2649,32 @@ class AuthImpl {
         // Skip blocking callbacks, they should not apply to a change in another tab.
         await this._updateCurrentUser(user, /* skipBeforeStateCallbacks */ true);
     }
+    async initializeCurrentUserFromIdToken(idToken) {
+        try {
+            const response = await getAccountInfo(this, { idToken });
+            const user = await UserImpl._fromGetAccountInfoResponse(this, response, idToken);
+            await this.directlySetCurrentUser(user);
+        }
+        catch (err) {
+            console.warn('FirebaseServerApp could not login user with provided authIdToken: ', err);
+            await this.directlySetCurrentUser(null);
+        }
+    }
     async initializeCurrentUser(popupRedirectResolver) {
         var _a;
+        if (app._isFirebaseServerApp(this.app)) {
+            const idToken = this.app.settings.authIdToken;
+            if (idToken) {
+                // Start the auth operation in the next tick to allow a moment for the customer's app to
+                // attach an emulator, if desired.
+                return new Promise(resolve => {
+                    setTimeout(() => this.initializeCurrentUserFromIdToken(idToken).then(resolve, resolve));
+                });
+            }
+            else {
+                return this.directlySetCurrentUser(null);
+            }
+        }
         // First check to see if we have a pending redirect event.
         const previouslyStoredUser = (await this.assertedPersistence.getCurrentUser());
         let futureCurrentUser = previouslyStoredUser;
@@ -2707,6 +2780,9 @@ class AuthImpl {
         this._deleted = true;
     }
     async updateCurrentUser(userExtern) {
+        if (app._isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         // The public updateCurrentUser method needs to make a copy of the user,
         // and also check that the project matches
         const user = userExtern
@@ -2733,6 +2809,9 @@ class AuthImpl {
         });
     }
     async signOut() {
+        if (app._isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         // Run first, to block _setRedirectUser() if any callbacks fail.
         await this.beforeStateQueue.runMiddleware(null);
         // Clear the redirect user when signOut is called
@@ -2744,6 +2823,9 @@ class AuthImpl {
         return this._updateCurrentUser(null, /* skipBeforeStateCallbacks */ true);
     }
     setPersistence(persistence) {
+        if (app._isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         return this.queue(async () => {
             await this.assertedPersistence.setPersistence(_getInstance(persistence));
         });
@@ -5189,12 +5271,18 @@ function providerIdForResponse(response) {
  * If there is already an anonymous user signed in, that user will be returned; otherwise, a
  * new anonymous user identity will be created and returned.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public
  */
 async function signInAnonymously(auth) {
     var _a;
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     await authInternal._initializationPromise;
     if ((_a = authInternal.currentUser) === null || _a === void 0 ? void 0 : _a.isAnonymous) {
@@ -5355,6 +5443,9 @@ async function _assertLinkedStatus(expected, user, provider) {
  */
 async function _reauthenticate(user, credential, bypassAuthState = false) {
     const { auth } = user;
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const operationType = "reauthenticate" /* OperationType.REAUTHENTICATE */;
     try {
         const response = await _logoutIfInvalidated(user, _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential, user), bypassAuthState);
@@ -5391,6 +5482,9 @@ async function _reauthenticate(user, credential, bypassAuthState = false) {
  * limitations under the License.
  */
 async function _signInWithCredential(auth, credential, bypassAuthState = false) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const operationType = "signIn" /* OperationType.SIGN_IN */;
     const response = await _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential);
     const userCredential = await UserCredentialImpl._fromIdTokenResponse(auth, operationType, response);
@@ -5405,6 +5499,9 @@ async function _signInWithCredential(auth, credential, bypassAuthState = false)
  * @remarks
  * An {@link AuthProvider} can be used to generate the credential.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param credential - The auth credential.
  *
@@ -5437,6 +5534,9 @@ async function linkWithCredential(user, credential) {
  * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error
  * or a `TOKEN_EXPIRED` error.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param user - The user.
  * @param credential - The auth credential.
  *
@@ -5493,12 +5593,18 @@ async function signInWithCustomToken$1(auth, request) {
  *
  * Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param customToken - The custom token to sign in with.
  *
  * @public
  */
 async function signInWithCustomToken(auth, customToken) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     const response = await signInWithCustomToken$1(authInternal, {
         token: customToken,
@@ -5786,6 +5892,9 @@ async function verifyPasswordResetCode(auth, code) {
  *
  * User account creation can fail if the account already exists or the password is invalid.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The email address acts as a unique identifier for the user and enables an email-based
  * password reset. This function will create a new user account and set the initial user password.
  *
@@ -5796,6 +5905,9 @@ async function verifyPasswordResetCode(auth, code) {
  * @public
  */
 async function createUserWithEmailAndPassword(auth, email, password) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     const request = {
         returnSecureToken: true,
@@ -5822,10 +5934,14 @@ async function createUserWithEmailAndPassword(auth, email, password) {
  * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
  * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
  * the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The users email address.
  * @param password - The users password.
@@ -5833,6 +5949,9 @@ async function createUserWithEmailAndPassword(auth, email, password) {
  * @public
  */
 function signInWithEmailAndPassword(auth, email, password) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(async (error) => {
         if (error.code === `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
             void recachePasswordPolicy(auth);
@@ -5931,6 +6050,9 @@ function isSignInWithEmailLink(auth, emailLink) {
  *
  * Fails with an error if the email address is invalid or OTP in email link expires.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.
  *
  * @example
@@ -5954,6 +6076,7 @@ function isSignInWithEmailLink(auth, emailLink) {
  * }
  * ```
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  * @param emailLink - The link sent to the user's email address.
@@ -5961,6 +6084,9 @@ function isSignInWithEmailLink(auth, emailLink) {
  * @public
  */
 async function signInWithEmailLink(auth, email, emailLink) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authModular = util.getModularInstance(auth);
     const credential = EmailAuthProvider.credentialWithLink(email, emailLink || _getCurrentUrl());
     // Check if the tenant ID in the email link matches the tenant ID on Auth
@@ -6207,6 +6333,9 @@ async function updateProfile(user, { displayName, photoURL: photoUrl }) {
  * An email will be sent to the original email address (if it was set) that allows to revoke the
  * email address change, in order to protect them from account hijacking.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * Important: this is a security sensitive operation that requires the user to have recently signed
  * in. If this requirement isn't met, ask the user to authenticate again and then call
  * {@link reauthenticateWithCredential}.
@@ -6220,7 +6349,11 @@ async function updateProfile(user, { displayName, photoURL: photoUrl }) {
  * @public
  */
 function updateEmail(user, newEmail) {
-    return updateEmailOrPassword(util.getModularInstance(user), newEmail, null);
+    const userInternal = util.getModularInstance(user);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
+    return updateEmailOrPassword(userInternal, newEmail, null);
 }
 /**
  * Updates the user's password.
@@ -6397,7 +6530,8 @@ function getAdditionalUserInfo(userCredential) {
  * remembered or not. It also makes it easier to never persist the `Auth` state for applications
  * that are shared by other users or have sensitive data.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -6543,6 +6677,9 @@ function useDeviceLanguage(auth) {
  * The operation fails with an error if the user to be updated belongs to a different Firebase
  * project.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param user - The new {@link User}.
  *
@@ -6554,6 +6691,10 @@ function updateCurrentUser(auth, user) {
 /**
  * Signs out the current user.
  *
+ * @remarks
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public
@@ -8333,7 +8474,8 @@ class ConfirmationResultImpl {
  * {@link RecaptchaVerifier} (like React Native), but you need to use a
  * third-party {@link ApplicationVerifier} implementation.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -8351,6 +8493,9 @@ class ConfirmationResultImpl {
  * @public
  */
 async function signInWithPhoneNumber(auth, phoneNumber, appVerifier) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     const verificationId = await _verifyPhoneNumber(authInternal, phoneNumber, util.getModularInstance(appVerifier));
     return new ConfirmationResultImpl(verificationId, cred => signInWithCredential(authInternal, cred));
@@ -8379,7 +8524,8 @@ async function linkWithPhoneNumber(user, phoneNumber, appVerifier) {
  * @remarks
  * Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @param user - The user.
  * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
@@ -8389,6 +8535,9 @@ async function linkWithPhoneNumber(user, phoneNumber, appVerifier) {
  */
 async function reauthenticateWithPhoneNumber(user, phoneNumber, appVerifier) {
     const userInternal = util.getModularInstance(user);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
     const verificationId = await _verifyPhoneNumber(userInternal.auth, phoneNumber, util.getModularInstance(appVerifier));
     return new ConfirmationResultImpl(verificationId, cred => reauthenticateWithCredential(userInternal, cred));
 }
@@ -8455,7 +8604,8 @@ async function _verifyPhoneNumber(auth, options, verifier) {
  * Updates the user's phone number.
  *
  * @remarks
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```
@@ -8474,7 +8624,11 @@ async function _verifyPhoneNumber(auth, options, verifier) {
  * @public
  */
 async function updatePhoneNumber(user, credential) {
-    await _link$1(util.getModularInstance(user), credential);
+    const userInternal = util.getModularInstance(user);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
+    await _link$1(userInternal, credential);
 }
 
 /**
@@ -8860,7 +9014,8 @@ const _POLL_WINDOW_CLOSE_TIMEOUT = new Delay(2000, 10000);
  * If succeeds, returns the signed in user along with the provider's credential. If sign in was
  * unsuccessful, returns an error object containing additional information about the error.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -8884,6 +9039,9 @@ const _POLL_WINDOW_CLOSE_TIMEOUT = new Delay(2000, 10000);
  * @public
  */
 async function signInWithPopup(auth, provider, resolver) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_createError(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */));
+    }
     const authInternal = _castAuth(auth);
     _assertInstanceOf(auth, provider, FederatedAuthProvider);
     const resolverInternal = _withDefaultResolver(authInternal, resolver);
@@ -8898,7 +9056,8 @@ async function signInWithPopup(auth, provider, resolver) {
  * If the reauthentication is successful, the returned result will contain the user and the
  * provider's credential.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -8919,6 +9078,9 @@ async function signInWithPopup(auth, provider, resolver) {
  */
 async function reauthenticateWithPopup(user, provider, resolver) {
     const userInternal = util.getModularInstance(user);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_createError(userInternal.auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */));
+    }
     _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);
     const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);
     const action = new PopupOperation(userInternal.auth, "reauthViaPopup" /* AuthEventType.REAUTH_VIA_POPUP */, provider, resolverInternal, userInternal);
@@ -9170,7 +9332,8 @@ function pendingRedirectKey(auth) {
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link signInWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -9209,6 +9372,9 @@ function signInWithRedirect(auth, provider, resolver) {
     return _signInWithRedirect(auth, provider, resolver);
 }
 async function _signInWithRedirect(auth, provider, resolver) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     _assertInstanceOf(auth, provider, FederatedAuthProvider);
     // Wait for auth initialization to complete, this will process pending redirects and clear the
@@ -9226,7 +9392,8 @@ async function _signInWithRedirect(auth, provider, resolver) {
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link reauthenticateWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -9259,6 +9426,9 @@ function reauthenticateWithRedirect(user, provider, resolver) {
 async function _reauthenticateWithRedirect(user, provider, resolver) {
     const userInternal = util.getModularInstance(user);
     _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
     // Wait for auth initialization to complete, this will process pending redirects and clear the
     // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new
     // redirect and creating a PENDING_REDIRECT_KEY entry.
@@ -9276,7 +9446,8 @@ async function _reauthenticateWithRedirect(user, provider, resolver) {
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link linkWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -9323,7 +9494,8 @@ async function _linkWithRedirect(user, provider, resolver) {
  * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
  * error. If no redirect operation was called, returns `null`.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -9361,6 +9533,9 @@ async function getRedirectResult(auth, resolver) {
     return _getRedirectResult(auth, resolver, false);
 }
 async function _getRedirectResult(auth, resolverExtern, bypassAuthState = false) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     const resolver = _withDefaultResolver(authInternal, resolverExtern);
     const action = new RedirectAction(authInternal, resolver, bypassAuthState);
@@ -10289,7 +10464,7 @@ function _isEmptyString(input) {
 }
 
 var name = "@firebase/auth";
-var version = "1.6.2";
+var version = "1.7.0-canary.0068ed5ab";
 
 /**
  * @license
@@ -10498,12 +10673,17 @@ function getAuth(app$1 = app.getApp()) {
         ]
     });
     const authTokenSyncPath = util.getExperimentalSetting('authTokenSyncURL');
-    // Don't allow urls (XSS possibility), only paths on the same domain
-    // (starting with a single '/')
-    if (authTokenSyncPath && authTokenSyncPath.match(/^\/[^\/].*/)) {
-        const mintCookie = mintCookieFactory(authTokenSyncPath);
-        beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
-        onIdTokenChanged(auth, user => mintCookie(user));
+    // Only do the Cookie exchange in a secure context
+    if (authTokenSyncPath &&
+        typeof isSecureContext === 'boolean' &&
+        isSecureContext) {
+        // Don't allow urls (XSS possibility), only paths on the same domain
+        const authTokenSyncUrl = new URL(authTokenSyncPath, location.origin);
+        if (location.origin === authTokenSyncUrl.origin) {
+            const mintCookie = mintCookieFactory(authTokenSyncUrl.toString());
+            beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
+            onIdTokenChanged(auth, user => mintCookie(user));
+        }
     }
     const authEmulatorHost = util.getDefaultEmulatorHost('auth');
     if (authEmulatorHost) {
@@ -10645,4 +10825,4 @@ exports.useDeviceLanguage = useDeviceLanguage;
 exports.validatePassword = validatePassword;
 exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
 exports.verifyPasswordResetCode = verifyPasswordResetCode;
-//# sourceMappingURL=index-6a907fc6.js.map
+//# sourceMappingURL=index-e3deabf2.js.map