@firebase/auth 1.6.2 → 1.7.0-canary.42fcdfe4c

package/dist/web-extension-cjs/src/core/auth/auth_impl.d.ts

@@ -68,6 +68,7 @@ export declare class AuthImpl implements AuthInternal, _FirebaseService {
      * If the persistence is changed in another window, the user manager will let us know
      */
     _onStorageEvent(): Promise<void>;
+    private initializeCurrentUserFromIdToken;
     private initializeCurrentUser;
     private tryRedirectSignIn;
     private reloadAndSetCurrentUserOrClear;

package/dist/web-extension-cjs/src/core/index.d.ts

@@ -26,7 +26,8 @@ export { debugErrorMap, prodErrorMap, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY
  * remembered or not. It also makes it easier to never persist the `Auth` state for applications
  * that are shared by other users or have sensitive data.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -157,6 +158,9 @@ export declare function useDeviceLanguage(auth: Auth): void;
  * The operation fails with an error if the user to be updated belongs to a different Firebase
  * project.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param user - The new {@link User}.
  *
@@ -166,6 +170,10 @@ export declare function updateCurrentUser(auth: Auth, user: User | null): Promis
 /**
  * Signs out the current user.
  *
+ * @remarks
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public

package/dist/web-extension-cjs/src/core/strategies/anonymous.d.ts

@@ -22,6 +22,9 @@ import { Auth, UserCredential } from '../../model/public_types';
  * If there is already an anonymous user signed in, that user will be returned; otherwise, a
  * new anonymous user identity will be created and returned.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public

package/dist/web-extension-cjs/src/core/strategies/credential.d.ts

@@ -24,6 +24,9 @@ export declare function _signInWithCredential(auth: AuthInternal, credential: Au
  * @remarks
  * An {@link AuthProvider} can be used to generate the credential.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param credential - The auth credential.
  *
@@ -50,6 +53,9 @@ export declare function linkWithCredential(user: User, credential: AuthCredentia
  * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error
  * or a `TOKEN_EXPIRED` error.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param user - The user.
  * @param credential - The auth credential.
  *

package/dist/web-extension-cjs/src/core/strategies/custom_token.d.ts

@@ -26,6 +26,9 @@ import { Auth, UserCredential } from '../../model/public_types';
  *
  * Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param customToken - The custom token to sign in with.
  *

package/dist/web-extension-cjs/src/core/strategies/email_and_password.d.ts

@@ -99,6 +99,9 @@ export declare function verifyPasswordResetCode(auth: Auth, code: string): Promi
  *
  * User account creation can fail if the account already exists or the password is invalid.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The email address acts as a unique identifier for the user and enables an email-based
  * password reset. This function will create a new user account and set the initial user password.
  *
@@ -117,10 +120,14 @@ export declare function createUserWithEmailAndPassword(auth: Auth, email: string
  * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
  * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
  * the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The users email address.
  * @param password - The users password.

package/dist/web-extension-cjs/src/core/strategies/email_link.d.ts

@@ -71,6 +71,9 @@ export declare function isSignInWithEmailLink(auth: Auth, emailLink: string): bo
  *
  * Fails with an error if the email address is invalid or OTP in email link expires.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.
  *
  * @example
@@ -94,6 +97,7 @@ export declare function isSignInWithEmailLink(auth: Auth, emailLink: string): bo
  * }
  * ```
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  * @param emailLink - The link sent to the user's email address.

package/dist/web-extension-cjs/src/core/user/account_info.d.ts

@@ -34,6 +34,9 @@ export declare function updateProfile(user: User, { displayName, photoURL: photo
  * An email will be sent to the original email address (if it was set) that allows to revoke the
  * email address change, in order to protect them from account hijacking.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * Important: this is a security sensitive operation that requires the user to have recently signed
  * in. If this requirement isn't met, ask the user to authenticate again and then call
  * {@link reauthenticateWithCredential}.

package/dist/web-extension-cjs/src/core/user/reload.d.ts

@@ -14,7 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import { User } from '../../model/public_types';
+import { User, UserInfo } from '../../model/public_types';
+import { ProviderUserInfo } from '../../api/account_management/account';
 import { UserInternal } from '../../model/user';
 export declare function _reloadWithoutSaving(user: UserInternal): Promise<void>;
 /**
@@ -25,3 +26,4 @@ export declare function _reloadWithoutSaving(user: UserInternal): Promise<void>;
  * @public
  */
 export declare function reload(user: User): Promise<void>;
+export declare function extractProviderData(providers: ProviderUserInfo[]): UserInfo[];

package/dist/web-extension-cjs/src/core/user/token_manager.d.ts

@@ -37,6 +37,7 @@ export declare class StsTokenManager {
     expirationTime: number | null;
     get isExpired(): boolean;
     updateFromServerResponse(response: IdTokenResponse | FinalizeMfaResponse): void;
+    updateFromIdToken(idToken: string): void;
     getToken(auth: AuthInternal, forceRefresh?: boolean): Promise<string | null>;
     clearRefreshToken(): void;
     private refresh;

package/dist/web-extension-cjs/src/core/user/user_impl.d.ts

@@ -16,7 +16,7 @@
  */
 import { IdTokenResult } from '../../model/public_types';
 import { NextFn } from '@firebase/util';
-import { APIUserInfo } from '../../api/account_management/account';
+import { APIUserInfo, GetAccountInfoResponse } from '../../api/account_management/account';
 import { FinalizeMfaResponse } from '../../api/authentication/mfa';
 import { AuthInternal } from '../../model/auth';
 import { IdTokenResponse } from '../../model/id_token';
@@ -65,4 +65,10 @@ export declare class UserImpl implements UserInternal {
      * @param idTokenResponse
      */
     static _fromIdTokenResponse(auth: AuthInternal, idTokenResponse: IdTokenResponse, isAnonymous?: boolean): Promise<UserInternal>;
+    /**
+     * Initialize a User from an idToken server response
+     * @param auth
+     * @param idTokenResponse
+     */
+    static _fromGetAccountInfoResponse(auth: AuthInternal, response: GetAccountInfoResponse, idToken: string): Promise<UserInternal>;
 }

package/dist/web-extension-cjs/src/core/util/assert.d.ts

@@ -38,6 +38,7 @@ export declare function _fail<K extends AuthErrorCode>(auth: Auth, code: K, ...d
 export declare function _createError<K extends AuthErrorCode>(code: K, ...data: {} extends AuthErrorParams[K] ? [AuthErrorParams[K]?] : [AuthErrorParams[K]]): FirebaseError;
 export declare function _createError<K extends AuthErrorCode>(auth: Auth, code: K, ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]): FirebaseError;
 export declare function _errorWithCustomMessage(auth: Auth, code: AuthErrorCode, message: string): FirebaseError;
+export declare function _serverAppCurrentUserOperationNotSupportedError(auth: Auth): FirebaseError;
 export declare function _assertInstanceOf(auth: Auth, object: object, instance: unknown): void;
 export declare function _assert<K extends AuthErrorCode>(assertion: unknown, code: K, ...data: {} extends AuthErrorParams[K] ? [AuthErrorParams[K]?] : [AuthErrorParams[K]]): asserts assertion;
 export declare function _assert<K extends AuthErrorCode>(assertion: unknown, auth: Auth, code: K, ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]): asserts assertion;

package/dist/web-extension-cjs/src/model/public_types.d.ts

@@ -287,6 +287,10 @@ export interface Auth {
     useDeviceLanguage(): void;
     /**
      * Signs out the current user. This does not automatically revoke the user's ID token.
+     *
+     * @remarks
+     * This method is not supported by {@link Auth} instances created with a
+     * {@link @firebase/app#FirebaseServerApp}.
      */
     signOut(): Promise<void>;
 }
@@ -943,6 +947,9 @@ export interface User extends UserInfo {
      * Important: this is a security-sensitive operation that requires the user to have recently
      * signed in. If this requirement isn't met, ask the user to authenticate again and then call
      * one of the reauthentication methods like {@link reauthenticateWithCredential}.
+     *
+     * This method is not supported on any {@link User} signed in by {@link Auth} instances
+     * created with a {@link @firebase/app#FirebaseServerApp}.
      */
     delete(): Promise<void>;
     /**

package/dist/web-extension-cjs/src/platform_browser/strategies/phone.d.ts

@@ -33,7 +33,8 @@ import { AuthInternal } from '../../model/auth';
  * {@link RecaptchaVerifier} (like React Native), but you need to use a
  * third-party {@link ApplicationVerifier} implementation.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -70,7 +71,8 @@ export declare function linkWithPhoneNumber(user: User, phoneNumber: string, app
  * @remarks
  * Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @param user - The user.
  * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
@@ -88,7 +90,8 @@ export declare function _verifyPhoneNumber(auth: AuthInternal, options: PhoneInf
  * Updates the user's phone number.
  *
  * @remarks
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```

package/dist/web-extension-cjs/src/platform_browser/strategies/popup.d.ts

@@ -27,7 +27,8 @@ export declare const _POLL_WINDOW_CLOSE_TIMEOUT: Delay;
  * If succeeds, returns the signed in user along with the provider's credential. If sign in was
  * unsuccessful, returns an error object containing additional information about the error.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -59,7 +60,8 @@ export declare function signInWithPopup(auth: Auth, provider: AuthProvider, reso
  * If the reauthentication is successful, the returned result will contain the user and the
  * provider's credential.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript

package/dist/web-extension-cjs/src/platform_browser/strategies/redirect.d.ts

@@ -23,7 +23,8 @@ import { Auth, AuthProvider, PopupRedirectResolver, User, UserCredential } from
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link signInWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -67,7 +68,8 @@ export declare function _signInWithRedirect(auth: Auth, provider: AuthProvider,
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link reauthenticateWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -103,7 +105,8 @@ export declare function _reauthenticateWithRedirect(user: User, provider: AuthPr
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link linkWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -135,7 +138,8 @@ export declare function _linkWithRedirect(user: User, provider: AuthProvider, re
  * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
  * error. If no redirect operation was called, returns `null`.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript

package/dist/web-extension-cjs/test/helpers/integration/helpers.d.ts

@@ -14,9 +14,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+import { FirebaseServerApp } from '@firebase/app';
 import { Auth } from '@firebase/auth';
 export declare function randomEmail(): string;
 export declare function getTestInstance(requireEmulator?: boolean): Auth;
+export declare function getTestInstanceForServerApp(serverApp: FirebaseServerApp): Auth;
 export declare function cleanUpTestInstance(auth: Auth): Promise<void>;
 export declare function getTotpCode(sharedSecretKey: string, periodSec: number, verificationCodeLength: number, timestamp: Date): string;
 export declare const email = "totpuser-donotdelete@test.com";

package/dist/web-extension-cjs/test/integration/flows/firebaseserverapp.test.d.ts

@@ -0,0 +1,17 @@
+/**
+ * @license
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export {};

package/dist/web-extension-esm2017/index.js

@@ -1,5 +1,5 @@
-import { r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, c as connectAuthEmulator } from './register-7b89e556.js';
-export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-7b89e556.js';
+import { r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, c as connectAuthEmulator } from './register-3473374b.js';
+export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-3473374b.js';
 import { _getProvider, getApp } from '@firebase/app';
 import { getDefaultEmulatorHost } from '@firebase/util';
 import 'tslib';

package/dist/web-extension-esm2017/internal.js

@@ -1,8 +1,8 @@
-import { a8 as STORAGE_AVAILABLE_KEY, a9 as _isIframe, aa as _isMobileBrowser, ab as _isIE10, ac as _isSafari, ad as _isIOS, ae as _assert, af as Delay, ag as _window, ah as isV2, ai as _createError, aj as _recaptchaV2ScriptUrl, ak as _loadJS, al as _generateCallbackName, am as _castAuth, an as _isHttpOrHttps, ao as _isWorker, ap as getRecaptchaParams, z as signInWithCredential, aq as _assertLinkedStatus, B as linkWithCredential, C as reauthenticateWithCredential, ar as startEnrollPhoneMfa, as as startSignInPhoneMfa, at as sendPhoneVerificationCode, au as _link$1, P as PhoneAuthCredential, av as _getInstance, aw as _signInWithCredential, ax as _reauthenticate, m as AuthCredential, ay as signInWithIdp, az as _fail, aA as debugAssert, aB as _assertInstanceOf, aC as _generateEventId, aD as FederatedAuthProvider, aE as _persistenceKeyName, aF as _performApiRequest, aG as _getCurrentUrl, aH as _gapiScriptUrl, aI as _emulatorUrl, aJ as _isChromeIOS, aK as _isFirefox, aL as _isIOSStandalone, aM as BaseOAuthProvider, aN as _setWindowLocation, aO as MultiFactorAssertionImpl, aP as finalizeEnrollPhoneMfa, aQ as finalizeSignInPhoneMfa, r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, e as beforeAuthStateChanged, o as onIdTokenChanged, c as connectAuthEmulator, aR as _setExternalJSProvider, aS as _isAndroid, aT as _isIOS7Or8 } from './register-7b89e556.js';
-export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, aV as AuthImpl, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, aX as FetchProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, aY as SAMLAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, aU as UserImpl, ae as _assert, am as _castAuth, az as _fail, aC as _generateEventId, aW as _getClientVersion, av as _getInstance, aE as _persistenceKeyName, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-7b89e556.js';
+import { a8 as STORAGE_AVAILABLE_KEY, a9 as _isIframe, aa as _isMobileBrowser, ab as _isIE10, ac as _isSafari, ad as _isIOS, ae as _assert, af as Delay, ag as _window, ah as isV2, ai as _createError, aj as _recaptchaV2ScriptUrl, ak as _loadJS, al as _generateCallbackName, am as _castAuth, an as _isHttpOrHttps, ao as _isWorker, ap as getRecaptchaParams, aq as _serverAppCurrentUserOperationNotSupportedError, z as signInWithCredential, ar as _assertLinkedStatus, B as linkWithCredential, C as reauthenticateWithCredential, as as startEnrollPhoneMfa, at as startSignInPhoneMfa, au as sendPhoneVerificationCode, av as _link$1, P as PhoneAuthCredential, aw as _getInstance, ax as _signInWithCredential, ay as _reauthenticate, m as AuthCredential, az as signInWithIdp, aA as _fail, aB as debugAssert, aC as _assertInstanceOf, aD as _generateEventId, aE as FederatedAuthProvider, aF as _persistenceKeyName, aG as _performApiRequest, aH as _getCurrentUrl, aI as _gapiScriptUrl, aJ as _emulatorUrl, aK as _isChromeIOS, aL as _isFirefox, aM as _isIOSStandalone, aN as BaseOAuthProvider, aO as _setWindowLocation, aP as MultiFactorAssertionImpl, aQ as finalizeEnrollPhoneMfa, aR as finalizeSignInPhoneMfa, r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, e as beforeAuthStateChanged, o as onIdTokenChanged, c as connectAuthEmulator, aS as _setExternalJSProvider, aT as _isAndroid, aU as _isIOS7Or8 } from './register-3473374b.js';
+export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, aW as AuthImpl, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, aY as FetchProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, aZ as SAMLAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, aV as UserImpl, ae as _assert, am as _castAuth, aA as _fail, aD as _generateEventId, aX as _getClientVersion, aw as _getInstance, aF as _persistenceKeyName, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-3473374b.js';
 import { getUA, querystring, getModularInstance, isEmpty, getExperimentalSetting, getDefaultEmulatorHost, querystringDecode } from '@firebase/util';
+import { _isFirebaseServerApp, SDK_VERSION, _getProvider, getApp } from '@firebase/app';
 import 'tslib';
-import { SDK_VERSION, _getProvider, getApp } from '@firebase/app';
 import '@firebase/component';
 import '@firebase/logger';
 
@@ -894,7 +894,8 @@ class ConfirmationResultImpl {
  * {@link RecaptchaVerifier} (like React Native), but you need to use a
  * third-party {@link ApplicationVerifier} implementation.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -912,6 +913,9 @@ class ConfirmationResultImpl {
  * @public
  */
 async function signInWithPhoneNumber(auth, phoneNumber, appVerifier) {
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     const verificationId = await _verifyPhoneNumber(authInternal, phoneNumber, getModularInstance(appVerifier));
     return new ConfirmationResultImpl(verificationId, cred => signInWithCredential(authInternal, cred));
@@ -940,7 +944,8 @@ async function linkWithPhoneNumber(user, phoneNumber, appVerifier) {
  * @remarks
  * Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @param user - The user.
  * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
@@ -950,6 +955,9 @@ async function linkWithPhoneNumber(user, phoneNumber, appVerifier) {
  */
 async function reauthenticateWithPhoneNumber(user, phoneNumber, appVerifier) {
     const userInternal = getModularInstance(user);
+    if (_isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
     const verificationId = await _verifyPhoneNumber(userInternal.auth, phoneNumber, getModularInstance(appVerifier));
     return new ConfirmationResultImpl(verificationId, cred => reauthenticateWithCredential(userInternal, cred));
 }
@@ -1016,7 +1024,8 @@ async function _verifyPhoneNumber(auth, options, verifier) {
  * Updates the user's phone number.
  *
  * @remarks
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```
@@ -1035,7 +1044,11 @@ async function _verifyPhoneNumber(auth, options, verifier) {
  * @public
  */
 async function updatePhoneNumber(user, credential) {
-    await _link$1(getModularInstance(user), credential);
+    const userInternal = getModularInstance(user);
+    if (_isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
+    await _link$1(userInternal, credential);
 }
 
 /**
@@ -1421,7 +1434,8 @@ const _POLL_WINDOW_CLOSE_TIMEOUT = new Delay(2000, 10000);
  * If succeeds, returns the signed in user along with the provider's credential. If sign in was
  * unsuccessful, returns an error object containing additional information about the error.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1445,6 +1459,9 @@ const _POLL_WINDOW_CLOSE_TIMEOUT = new Delay(2000, 10000);
  * @public
  */
 async function signInWithPopup(auth, provider, resolver) {
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_createError(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */));
+    }
     const authInternal = _castAuth(auth);
     _assertInstanceOf(auth, provider, FederatedAuthProvider);
     const resolverInternal = _withDefaultResolver(authInternal, resolver);
@@ -1459,7 +1476,8 @@ async function signInWithPopup(auth, provider, resolver) {
  * If the reauthentication is successful, the returned result will contain the user and the
  * provider's credential.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1480,6 +1498,9 @@ async function signInWithPopup(auth, provider, resolver) {
  */
 async function reauthenticateWithPopup(user, provider, resolver) {
     const userInternal = getModularInstance(user);
+    if (_isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_createError(userInternal.auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */));
+    }
     _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);
     const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);
     const action = new PopupOperation(userInternal.auth, "reauthViaPopup" /* AuthEventType.REAUTH_VIA_POPUP */, provider, resolverInternal, userInternal);
@@ -1731,7 +1752,8 @@ function pendingRedirectKey(auth) {
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link signInWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1770,6 +1792,9 @@ function signInWithRedirect(auth, provider, resolver) {
     return _signInWithRedirect(auth, provider, resolver);
 }
 async function _signInWithRedirect(auth, provider, resolver) {
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     _assertInstanceOf(auth, provider, FederatedAuthProvider);
     // Wait for auth initialization to complete, this will process pending redirects and clear the
@@ -1787,7 +1812,8 @@ async function _signInWithRedirect(auth, provider, resolver) {
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link reauthenticateWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1820,6 +1846,9 @@ function reauthenticateWithRedirect(user, provider, resolver) {
 async function _reauthenticateWithRedirect(user, provider, resolver) {
     const userInternal = getModularInstance(user);
     _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);
+    if (_isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
     // Wait for auth initialization to complete, this will process pending redirects and clear the
     // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new
     // redirect and creating a PENDING_REDIRECT_KEY entry.
@@ -1837,7 +1866,8 @@ async function _reauthenticateWithRedirect(user, provider, resolver) {
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link linkWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1884,7 +1914,8 @@ async function _linkWithRedirect(user, provider, resolver) {
  * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
  * error. If no redirect operation was called, returns `null`.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1922,6 +1953,9 @@ async function getRedirectResult(auth, resolver) {
     return _getRedirectResult(auth, resolver, false);
 }
 async function _getRedirectResult(auth, resolverExtern, bypassAuthState = false) {
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     const resolver = _withDefaultResolver(authInternal, resolverExtern);
     const action = new RedirectAction(authInternal, resolver, bypassAuthState);
@@ -2748,12 +2782,17 @@ function getAuth(app = getApp()) {
         ]
     });
     const authTokenSyncPath = getExperimentalSetting('authTokenSyncURL');
-    // Don't allow urls (XSS possibility), only paths on the same domain
-    // (starting with a single '/')
-    if (authTokenSyncPath && authTokenSyncPath.match(/^\/[^\/].*/)) {
-        const mintCookie = mintCookieFactory(authTokenSyncPath);
-        beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
-        onIdTokenChanged(auth, user => mintCookie(user));
+    // Only do the Cookie exchange in a secure context
+    if (authTokenSyncPath &&
+        typeof isSecureContext === 'boolean' &&
+        isSecureContext) {
+        // Don't allow urls (XSS possibility), only paths on the same domain
+        const authTokenSyncUrl = new URL(authTokenSyncPath, location.origin);
+        if (location.origin === authTokenSyncUrl.origin) {
+            const mintCookie = mintCookieFactory(authTokenSyncUrl.toString());
+            beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
+            onIdTokenChanged(auth, user => mintCookie(user));
+        }
     }
     const authEmulatorHost = getDefaultEmulatorHost('auth');
     if (authEmulatorHost) {