@firebase/auth 1.6.2 → 1.7.0-canary.42fcdfe4c

package/dist/index.webworker.esm5.js

@@ -1,4 +1,4 @@
-import { SDK_VERSION, _getProvider, _registerComponent, registerVersion, getApp } from '@firebase/app';
+import { SDK_VERSION, _getProvider, _isFirebaseServerApp, _registerComponent, registerVersion, getApp } from '@firebase/app';
 import { ErrorFactory, deepEqual, getUA, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, createSubscribe, querystringDecode, extractQuerystring } from '@firebase/util';
 import { __spreadArray, __assign, __awaiter, __generator, __rest, __extends } from 'tslib';
 import { Logger, LogLevel } from '@firebase/logger';
@@ -400,6 +400,9 @@ function _errorWithCustomMessage(auth, code, message) {
         appName: auth.name
     });
 }
+function _serverAppCurrentUserOperationNotSupportedError(auth) {
+    return _errorWithCustomMessage(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */, 'Operations that alter the current user are not supported in conjunction with FirebaseServerApp');
+}
 function createErrorInternal(authOrCode) {
     var _a;
     var rest = [];
@@ -552,7 +555,7 @@ function _initializeAuthInstance(auth, deps) {
 }
 
 var name = "@firebase/auth";
-var version = "1.6.2";
+var version = "1.7.0-canary.42fcdfe4c";
 
 /**
  * @license
@@ -1812,16 +1815,21 @@ var StsTokenManager = /** @class */ (function () {
             : _tokenExpiresIn(response.idToken);
         this.updateTokensAndExpiration(response.idToken, response.refreshToken, expiresIn);
     };
+    StsTokenManager.prototype.updateFromIdToken = function (idToken) {
+        _assert(idToken.length !== 0, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        var expiresIn = _tokenExpiresIn(idToken);
+        this.updateTokensAndExpiration(idToken, null, expiresIn);
+    };
     StsTokenManager.prototype.getToken = function (auth, forceRefresh) {
         if (forceRefresh === void 0) { forceRefresh = false; }
         return __awaiter(this, void 0, void 0, function () {
             return __generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
-                        _assert(!this.accessToken || this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */);
                         if (!forceRefresh && this.accessToken && !this.isExpired) {
                             return [2 /*return*/, this.accessToken];
                         }
+                        _assert(this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */);
                         if (!this.refreshToken) return [3 /*break*/, 2];
                         return [4 /*yield*/, this.refresh(auth, this.refreshToken)];
                     case 1:
@@ -2045,7 +2053,11 @@ var UserImpl = /** @class */ (function () {
             var idToken;
             return __generator(this, function (_a) {
                 switch (_a.label) {
-                    case 0: return [4 /*yield*/, this.getIdToken()];
+                    case 0:
+                        if (_isFirebaseServerApp(this.auth.app)) {
+                            return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this.auth))];
+                        }
+                        return [4 /*yield*/, this.getIdToken()];
                     case 1:
                         idToken = _a.sent();
                         return [4 /*yield*/, _logoutIfInvalidated(this, deleteAccount(this.auth, { idToken: idToken }))];
@@ -2150,6 +2162,47 @@ var UserImpl = /** @class */ (function () {
             });
         });
     };
+    /**
+     * Initialize a User from an idToken server response
+     * @param auth
+     * @param idTokenResponse
+     */
+    UserImpl._fromGetAccountInfoResponse = function (auth, response, idToken) {
+        return __awaiter(this, void 0, void 0, function () {
+            var coreAccount, providerData, isAnonymous, stsTokenManager, user, updates;
+            return __generator(this, function (_a) {
+                coreAccount = response.users[0];
+                _assert(coreAccount.localId !== undefined, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+                providerData = coreAccount.providerUserInfo !== undefined
+                    ? extractProviderData(coreAccount.providerUserInfo)
+                    : [];
+                isAnonymous = !(coreAccount.email && coreAccount.passwordHash) && !(providerData === null || providerData === void 0 ? void 0 : providerData.length);
+                stsTokenManager = new StsTokenManager();
+                stsTokenManager.updateFromIdToken(idToken);
+                user = new UserImpl({
+                    uid: coreAccount.localId,
+                    auth: auth,
+                    stsTokenManager: stsTokenManager,
+                    isAnonymous: isAnonymous
+                });
+                updates = {
+                    uid: coreAccount.localId,
+                    displayName: coreAccount.displayName || null,
+                    photoURL: coreAccount.photoUrl || null,
+                    email: coreAccount.email || null,
+                    emailVerified: coreAccount.emailVerified || false,
+                    phoneNumber: coreAccount.phoneNumber || null,
+                    tenantId: coreAccount.tenantId || null,
+                    providerData: providerData,
+                    metadata: new UserMetadata(coreAccount.createdAt, coreAccount.lastLoginAt),
+                    isAnonymous: !(coreAccount.email && coreAccount.passwordHash) &&
+                        !(providerData === null || providerData === void 0 ? void 0 : providerData.length)
+                };
+                Object.assign(user, updates);
+                return [2 /*return*/, user];
+            });
+        });
+    };
     return UserImpl;
 }());
 
@@ -2840,13 +2893,59 @@ var AuthImpl = /** @class */ (function () {
             });
         });
     };
+    AuthImpl.prototype.initializeCurrentUserFromIdToken = function (idToken) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response, user, err_1;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        _a.trys.push([0, 4, , 6]);
+                        return [4 /*yield*/, getAccountInfo(this, { idToken: idToken })];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, UserImpl._fromGetAccountInfoResponse(this, response, idToken)];
+                    case 2:
+                        user = _a.sent();
+                        return [4 /*yield*/, this.directlySetCurrentUser(user)];
+                    case 3:
+                        _a.sent();
+                        return [3 /*break*/, 6];
+                    case 4:
+                        err_1 = _a.sent();
+                        console.warn('FirebaseServerApp could not login user with provided authIdToken: ', err_1);
+                        return [4 /*yield*/, this.directlySetCurrentUser(null)];
+                    case 5:
+                        _a.sent();
+                        return [3 /*break*/, 6];
+                    case 6: return [2 /*return*/];
+                }
+            });
+        });
+    };
     AuthImpl.prototype.initializeCurrentUser = function (popupRedirectResolver) {
         var _a;
         return __awaiter(this, void 0, void 0, function () {
-            var previouslyStoredUser, futureCurrentUser, needsTocheckMiddleware, redirectUserEventId, storedUserEventId, result, e_2;
+            var idToken_1, previouslyStoredUser, futureCurrentUser, needsTocheckMiddleware, redirectUserEventId, storedUserEventId, result, e_2;
+            var _this = this;
             return __generator(this, function (_b) {
                 switch (_b.label) {
-                    case 0: return [4 /*yield*/, this.assertedPersistence.getCurrentUser()];
+                    case 0:
+                        if (_isFirebaseServerApp(this.app)) {
+                            idToken_1 = this.app.settings.authIdToken;
+                            if (idToken_1) {
+                                // Start the auth operation in the next tick to allow a moment for the customer's app to
+                                // attach an emulator, if desired.
+                                return [2 /*return*/, new Promise(function (resolve) {
+                                        setTimeout(function () {
+                                            return _this.initializeCurrentUserFromIdToken(idToken_1).then(resolve, resolve);
+                                        });
+                                    })];
+                            }
+                            else {
+                                return [2 /*return*/, this.directlySetCurrentUser(null)];
+                            }
+                        }
+                        return [4 /*yield*/, this.assertedPersistence.getCurrentUser()];
                     case 1:
                         previouslyStoredUser = (_b.sent());
                         futureCurrentUser = previouslyStoredUser;
@@ -2988,6 +3087,9 @@ var AuthImpl = /** @class */ (function () {
         return __awaiter(this, void 0, void 0, function () {
             var user;
             return __generator(this, function (_a) {
+                if (_isFirebaseServerApp(this.app)) {
+                    return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this))];
+                }
                 user = userExtern
                     ? getModularInstance(userExtern)
                     : null;
@@ -3035,9 +3137,12 @@ var AuthImpl = /** @class */ (function () {
         return __awaiter(this, void 0, void 0, function () {
             return __generator(this, function (_a) {
                 switch (_a.label) {
-                    case 0: 
-                    // Run first, to block _setRedirectUser() if any callbacks fail.
-                    return [4 /*yield*/, this.beforeStateQueue.runMiddleware(null)];
+                    case 0:
+                        if (_isFirebaseServerApp(this.app)) {
+                            return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this))];
+                        }
+                        // Run first, to block _setRedirectUser() if any callbacks fail.
+                        return [4 /*yield*/, this.beforeStateQueue.runMiddleware(null)];
                     case 1:
                         // Run first, to block _setRedirectUser() if any callbacks fail.
                         _a.sent();
@@ -3056,6 +3161,9 @@ var AuthImpl = /** @class */ (function () {
     };
     AuthImpl.prototype.setPersistence = function (persistence) {
         var _this = this;
+        if (_isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         return this.queue(function () { return __awaiter(_this, void 0, void 0, function () {
             return __generator(this, function (_a) {
                 switch (_a.label) {
@@ -7021,6 +7129,9 @@ function providerIdForResponse(response) {
  * If there is already an anonymous user signed in, that user will be returned; otherwise, a
  * new anonymous user identity will be created and returned.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public
@@ -7032,6 +7143,9 @@ function signInAnonymously(auth) {
         return __generator(this, function (_b) {
             switch (_b.label) {
                 case 0:
+                    if (_isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     authInternal = _castAuth(auth);
                     return [4 /*yield*/, authInternal._initializationPromise];
                 case 1:
@@ -7263,6 +7377,9 @@ function _reauthenticate(user, credential, bypassAuthState) {
             switch (_a.label) {
                 case 0:
                     auth = user.auth;
+                    if (_isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     operationType = "reauthenticate" /* OperationType.REAUTHENTICATE */;
                     _a.label = 1;
                 case 1:
@@ -7312,6 +7429,9 @@ function _signInWithCredential(auth, credential, bypassAuthState) {
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
+                    if (_isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     operationType = "signIn" /* OperationType.SIGN_IN */;
                     return [4 /*yield*/, _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential)];
                 case 1:
@@ -7335,6 +7455,9 @@ function _signInWithCredential(auth, credential, bypassAuthState) {
  * @remarks
  * An {@link AuthProvider} can be used to generate the credential.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param credential - The auth credential.
  *
@@ -7381,6 +7504,9 @@ function linkWithCredential(user, credential) {
  * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error
  * or a `TOKEN_EXPIRED` error.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param user - The user.
  * @param credential - The auth credential.
  *
@@ -7445,6 +7571,9 @@ function signInWithCustomToken$1(auth, request) {
  *
  * Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param customToken - The custom token to sign in with.
  *
@@ -7456,6 +7585,9 @@ function signInWithCustomToken(auth, customToken) {
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
+                    if (_isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     authInternal = _castAuth(auth);
                     return [4 /*yield*/, signInWithCustomToken$1(authInternal, {
                             token: customToken,
@@ -7812,6 +7944,9 @@ function verifyPasswordResetCode(auth, code) {
  *
  * User account creation can fail if the account already exists or the password is invalid.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The email address acts as a unique identifier for the user and enables an email-based
  * password reset. This function will create a new user account and set the initial user password.
  *
@@ -7827,6 +7962,9 @@ function createUserWithEmailAndPassword(auth, email, password) {
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
+                    if (_isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     authInternal = _castAuth(auth);
                     request = {
                         returnSecureToken: true,
@@ -7862,10 +8000,14 @@ function createUserWithEmailAndPassword(auth, email, password) {
  * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
  * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
  * the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The users email address.
  * @param password - The users password.
@@ -7874,6 +8016,9 @@ function createUserWithEmailAndPassword(auth, email, password) {
  */
 function signInWithEmailAndPassword(auth, email, password) {
     var _this = this;
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
         return __generator(this, function (_a) {
             if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
@@ -7985,6 +8130,9 @@ function isSignInWithEmailLink(auth, emailLink) {
  *
  * Fails with an error if the email address is invalid or OTP in email link expires.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.
  *
  * @example
@@ -8008,6 +8156,7 @@ function isSignInWithEmailLink(auth, emailLink) {
  * }
  * ```
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  * @param emailLink - The link sent to the user's email address.
@@ -8018,6 +8167,9 @@ function signInWithEmailLink(auth, email, emailLink) {
     return __awaiter(this, void 0, void 0, function () {
         var authModular, credential;
         return __generator(this, function (_a) {
+            if (_isFirebaseServerApp(auth.app)) {
+                return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+            }
             authModular = getModularInstance(auth);
             credential = EmailAuthProvider.credentialWithLink(email, emailLink || _getCurrentUrl());
             // Check if the tenant ID in the email link matches the tenant ID on Auth
@@ -8331,6 +8483,9 @@ function updateProfile(user, _a) {
  * An email will be sent to the original email address (if it was set) that allows to revoke the
  * email address change, in order to protect them from account hijacking.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * Important: this is a security sensitive operation that requires the user to have recently signed
  * in. If this requirement isn't met, ask the user to authenticate again and then call
  * {@link reauthenticateWithCredential}.
@@ -8344,7 +8499,11 @@ function updateProfile(user, _a) {
  * @public
  */
 function updateEmail(user, newEmail) {
-    return updateEmailOrPassword(getModularInstance(user), newEmail, null);
+    var userInternal = getModularInstance(user);
+    if (_isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
+    return updateEmailOrPassword(userInternal, newEmail, null);
 }
 /**
  * Updates the user's password.
@@ -8549,7 +8708,8 @@ function getAdditionalUserInfo(userCredential) {
  * remembered or not. It also makes it easier to never persist the `Auth` state for applications
  * that are shared by other users or have sensitive data.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -8700,6 +8860,9 @@ function useDeviceLanguage(auth) {
  * The operation fails with an error if the user to be updated belongs to a different Firebase
  * project.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param user - The new {@link User}.
  *
@@ -8711,6 +8874,10 @@ function updateCurrentUser(auth, user) {
 /**
  * Signs out the current user.
  *
+ * @remarks
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public