@firebase/auth 1.6.2 → 1.7.0-canary.42fcdfe4c

package/dist/web-extension-esm2017/{register-7b89e556.js → register-3473374b.js}

@@ -1,5 +1,5 @@
+import { SDK_VERSION, _isFirebaseServerApp, _getProvider, _registerComponent, registerVersion } from '@firebase/app';
 import { ErrorFactory, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, getUA, isIE, createSubscribe, deepEqual, querystringDecode, extractQuerystring } from '@firebase/util';
-import { SDK_VERSION, _getProvider, _registerComponent, registerVersion } from '@firebase/app';
 import { __rest } from 'tslib';
 import { Component } from '@firebase/component';
 import { Logger, LogLevel } from '@firebase/logger';
@@ -381,6 +381,9 @@ function _errorWithCustomMessage(auth, code, message) {
         appName: auth.name
     });
 }
+function _serverAppCurrentUserOperationNotSupportedError(auth) {
+    return _errorWithCustomMessage(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */, 'Operations that alter the current user are not supported in conjunction with FirebaseServerApp');
+}
 function _assertInstanceOf(auth, object, instance) {
     const constructorInstance = instance;
     if (!(object instanceof constructorInstance)) {
@@ -1489,11 +1492,16 @@ class StsTokenManager {
             : _tokenExpiresIn(response.idToken);
         this.updateTokensAndExpiration(response.idToken, response.refreshToken, expiresIn);
     }
+    updateFromIdToken(idToken) {
+        _assert(idToken.length !== 0, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        const expiresIn = _tokenExpiresIn(idToken);
+        this.updateTokensAndExpiration(idToken, null, expiresIn);
+    }
     async getToken(auth, forceRefresh = false) {
-        _assert(!this.accessToken || this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */);
         if (!forceRefresh && this.accessToken && !this.isExpired) {
             return this.accessToken;
         }
+        _assert(this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */);
         if (this.refreshToken) {
             await this.refresh(auth, this.refreshToken);
             return this.accessToken;
@@ -1673,6 +1681,9 @@ class UserImpl {
         }
     }
     async delete() {
+        if (_isFirebaseServerApp(this.auth.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this.auth));
+        }
         const idToken = await this.getIdToken();
         await _logoutIfInvalidated(this, deleteAccount(this.auth, { idToken }));
         this.stsTokenManager.clearRefreshToken();
@@ -1756,6 +1767,44 @@ class UserImpl {
         await _reloadWithoutSaving(user);
         return user;
     }
+    /**
+     * Initialize a User from an idToken server response
+     * @param auth
+     * @param idTokenResponse
+     */
+    static async _fromGetAccountInfoResponse(auth, response, idToken) {
+        const coreAccount = response.users[0];
+        _assert(coreAccount.localId !== undefined, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        const providerData = coreAccount.providerUserInfo !== undefined
+            ? extractProviderData(coreAccount.providerUserInfo)
+            : [];
+        const isAnonymous = !(coreAccount.email && coreAccount.passwordHash) && !(providerData === null || providerData === void 0 ? void 0 : providerData.length);
+        const stsTokenManager = new StsTokenManager();
+        stsTokenManager.updateFromIdToken(idToken);
+        // Initialize the Firebase Auth user.
+        const user = new UserImpl({
+            uid: coreAccount.localId,
+            auth,
+            stsTokenManager,
+            isAnonymous
+        });
+        // update the user with data from the GetAccountInfo response.
+        const updates = {
+            uid: coreAccount.localId,
+            displayName: coreAccount.displayName || null,
+            photoURL: coreAccount.photoUrl || null,
+            email: coreAccount.email || null,
+            emailVerified: coreAccount.emailVerified || false,
+            phoneNumber: coreAccount.phoneNumber || null,
+            tenantId: coreAccount.tenantId || null,
+            providerData,
+            metadata: new UserMetadata(coreAccount.createdAt, coreAccount.lastLoginAt),
+            isAnonymous: !(coreAccount.email && coreAccount.passwordHash) &&
+                !(providerData === null || providerData === void 0 ? void 0 : providerData.length)
+        };
+        Object.assign(user, updates);
+        return user;
+    }
 }
 
 /**
@@ -2499,8 +2548,32 @@ class AuthImpl {
         // Skip blocking callbacks, they should not apply to a change in another tab.
         await this._updateCurrentUser(user, /* skipBeforeStateCallbacks */ true);
     }
+    async initializeCurrentUserFromIdToken(idToken) {
+        try {
+            const response = await getAccountInfo(this, { idToken });
+            const user = await UserImpl._fromGetAccountInfoResponse(this, response, idToken);
+            await this.directlySetCurrentUser(user);
+        }
+        catch (err) {
+            console.warn('FirebaseServerApp could not login user with provided authIdToken: ', err);
+            await this.directlySetCurrentUser(null);
+        }
+    }
     async initializeCurrentUser(popupRedirectResolver) {
         var _a;
+        if (_isFirebaseServerApp(this.app)) {
+            const idToken = this.app.settings.authIdToken;
+            if (idToken) {
+                // Start the auth operation in the next tick to allow a moment for the customer's app to
+                // attach an emulator, if desired.
+                return new Promise(resolve => {
+                    setTimeout(() => this.initializeCurrentUserFromIdToken(idToken).then(resolve, resolve));
+                });
+            }
+            else {
+                return this.directlySetCurrentUser(null);
+            }
+        }
         // First check to see if we have a pending redirect event.
         const previouslyStoredUser = (await this.assertedPersistence.getCurrentUser());
         let futureCurrentUser = previouslyStoredUser;
@@ -2606,6 +2679,9 @@ class AuthImpl {
         this._deleted = true;
     }
     async updateCurrentUser(userExtern) {
+        if (_isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         // The public updateCurrentUser method needs to make a copy of the user,
         // and also check that the project matches
         const user = userExtern
@@ -2632,6 +2708,9 @@ class AuthImpl {
         });
     }
     async signOut() {
+        if (_isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         // Run first, to block _setRedirectUser() if any callbacks fail.
         await this.beforeStateQueue.runMiddleware(null);
         // Clear the redirect user when signOut is called
@@ -2643,6 +2722,9 @@ class AuthImpl {
         return this._updateCurrentUser(null, /* skipBeforeStateCallbacks */ true);
     }
     setPersistence(persistence) {
+        if (_isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         return this.queue(async () => {
             await this.assertedPersistence.setPersistence(_getInstance(persistence));
         });
@@ -5088,12 +5170,18 @@ function providerIdForResponse(response) {
  * If there is already an anonymous user signed in, that user will be returned; otherwise, a
  * new anonymous user identity will be created and returned.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public
  */
 async function signInAnonymously(auth) {
     var _a;
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     await authInternal._initializationPromise;
     if ((_a = authInternal.currentUser) === null || _a === void 0 ? void 0 : _a.isAnonymous) {
@@ -5254,6 +5342,9 @@ async function _assertLinkedStatus(expected, user, provider) {
  */
 async function _reauthenticate(user, credential, bypassAuthState = false) {
     const { auth } = user;
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const operationType = "reauthenticate" /* OperationType.REAUTHENTICATE */;
     try {
         const response = await _logoutIfInvalidated(user, _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential, user), bypassAuthState);
@@ -5290,6 +5381,9 @@ async function _reauthenticate(user, credential, bypassAuthState = false) {
  * limitations under the License.
  */
 async function _signInWithCredential(auth, credential, bypassAuthState = false) {
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const operationType = "signIn" /* OperationType.SIGN_IN */;
     const response = await _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential);
     const userCredential = await UserCredentialImpl._fromIdTokenResponse(auth, operationType, response);
@@ -5304,6 +5398,9 @@ async function _signInWithCredential(auth, credential, bypassAuthState = false)
  * @remarks
  * An {@link AuthProvider} can be used to generate the credential.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param credential - The auth credential.
  *
@@ -5336,6 +5433,9 @@ async function linkWithCredential(user, credential) {
  * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error
  * or a `TOKEN_EXPIRED` error.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param user - The user.
  * @param credential - The auth credential.
  *
@@ -5392,12 +5492,18 @@ async function signInWithCustomToken$1(auth, request) {
  *
  * Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param customToken - The custom token to sign in with.
  *
  * @public
  */
 async function signInWithCustomToken(auth, customToken) {
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     const response = await signInWithCustomToken$1(authInternal, {
         token: customToken,
@@ -5685,6 +5791,9 @@ async function verifyPasswordResetCode(auth, code) {
  *
  * User account creation can fail if the account already exists or the password is invalid.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The email address acts as a unique identifier for the user and enables an email-based
  * password reset. This function will create a new user account and set the initial user password.
  *
@@ -5695,6 +5804,9 @@ async function verifyPasswordResetCode(auth, code) {
  * @public
  */
 async function createUserWithEmailAndPassword(auth, email, password) {
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     const request = {
         returnSecureToken: true,
@@ -5721,10 +5833,14 @@ async function createUserWithEmailAndPassword(auth, email, password) {
  * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
  * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
  * the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The users email address.
  * @param password - The users password.
@@ -5732,6 +5848,9 @@ async function createUserWithEmailAndPassword(auth, email, password) {
  * @public
  */
 function signInWithEmailAndPassword(auth, email, password) {
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(async (error) => {
         if (error.code === `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
             void recachePasswordPolicy(auth);
@@ -5830,6 +5949,9 @@ function isSignInWithEmailLink(auth, emailLink) {
  *
  * Fails with an error if the email address is invalid or OTP in email link expires.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.
  *
  * @example
@@ -5853,6 +5975,7 @@ function isSignInWithEmailLink(auth, emailLink) {
  * }
  * ```
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  * @param emailLink - The link sent to the user's email address.
@@ -5860,6 +5983,9 @@ function isSignInWithEmailLink(auth, emailLink) {
  * @public
  */
 async function signInWithEmailLink(auth, email, emailLink) {
+    if (_isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authModular = getModularInstance(auth);
     const credential = EmailAuthProvider.credentialWithLink(email, emailLink || _getCurrentUrl());
     // Check if the tenant ID in the email link matches the tenant ID on Auth
@@ -6106,6 +6232,9 @@ async function updateProfile(user, { displayName, photoURL: photoUrl }) {
  * An email will be sent to the original email address (if it was set) that allows to revoke the
  * email address change, in order to protect them from account hijacking.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * Important: this is a security sensitive operation that requires the user to have recently signed
  * in. If this requirement isn't met, ask the user to authenticate again and then call
  * {@link reauthenticateWithCredential}.
@@ -6119,7 +6248,11 @@ async function updateProfile(user, { displayName, photoURL: photoUrl }) {
  * @public
  */
 function updateEmail(user, newEmail) {
-    return updateEmailOrPassword(getModularInstance(user), newEmail, null);
+    const userInternal = getModularInstance(user);
+    if (_isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
+    return updateEmailOrPassword(userInternal, newEmail, null);
 }
 /**
  * Updates the user's password.
@@ -6296,7 +6429,8 @@ function getAdditionalUserInfo(userCredential) {
  * remembered or not. It also makes it easier to never persist the `Auth` state for applications
  * that are shared by other users or have sensitive data.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -6442,6 +6576,9 @@ function useDeviceLanguage(auth) {
  * The operation fails with an error if the user to be updated belongs to a different Firebase
  * project.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param user - The new {@link User}.
  *
@@ -6453,6 +6590,10 @@ function updateCurrentUser(auth, user) {
 /**
  * Signs out the current user.
  *
+ * @remarks
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public
@@ -7608,7 +7749,7 @@ function _isEmptyString(input) {
 }
 
 var name = "@firebase/auth";
-var version = "1.6.2";
+var version = "1.7.0-canary.42fcdfe4c";
 
 /**
  * @license
@@ -7754,5 +7895,5 @@ function registerAuth(clientPlatform) {
     registerVersion(name, version, 'esm2017');
 }
 
-export { updateEmail as $, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as A, linkWithCredential as B, reauthenticateWithCredential as C, signInWithCustomToken as D, EmailAuthCredential as E, FacebookAuthProvider as F, GoogleAuthProvider as G, sendPasswordResetEmail as H, confirmPasswordReset as I, applyActionCode as J, checkActionCode as K, verifyPasswordResetCode as L, createUserWithEmailAndPassword as M, signInWithEmailAndPassword as N, OAuthCredential as O, PhoneAuthCredential as P, sendSignInLinkToEmail as Q, isSignInWithEmailLink as R, SAMLAuthProvider as S, TotpMultiFactorGenerator as T, signInWithEmailLink as U, fetchSignInMethodsForEmail as V, sendEmailVerification as W, verifyBeforeUpdateEmail as X, ActionCodeURL as Y, parseActionCodeURL as Z, updateProfile as _, indexedDBLocalPersistence as a, updatePassword as a0, getIdToken as a1, getIdTokenResult as a2, unlink as a3, getAdditionalUserInfo as a4, reload as a5, getMultiFactorResolver as a6, multiFactor as a7, STORAGE_AVAILABLE_KEY as a8, _isIframe as a9, debugAssert as aA, _assertInstanceOf as aB, _generateEventId as aC, FederatedAuthProvider as aD, _persistenceKeyName as aE, _performApiRequest as aF, _getCurrentUrl as aG, _gapiScriptUrl as aH, _emulatorUrl as aI, _isChromeIOS as aJ, _isFirefox as aK, _isIOSStandalone as aL, BaseOAuthProvider as aM, _setWindowLocation as aN, MultiFactorAssertionImpl as aO, finalizeEnrollPhoneMfa as aP, finalizeSignInPhoneMfa as aQ, _setExternalJSProvider as aR, _isAndroid as aS, _isIOS7Or8 as aT, UserImpl as aU, AuthImpl as aV, _getClientVersion as aW, FetchProvider as aX, SAMLAuthCredential as aY, _isMobileBrowser as aa, _isIE10 as ab, _isSafari as ac, _isIOS as ad, _assert as ae, Delay as af, _window as ag, isV2 as ah, _createError as ai, _recaptchaV2ScriptUrl as aj, _loadJS as ak, _generateCallbackName as al, _castAuth as am, _isHttpOrHttps as an, _isWorker as ao, getRecaptchaParams as ap, _assertLinkedStatus as aq, startEnrollPhoneMfa as ar, startSignInPhoneMfa as as, sendPhoneVerificationCode as at, _link as au, _getInstance as av, _signInWithCredential as aw, _reauthenticate as ax, signInWithIdp as ay, _fail as az, TotpSecret as b, connectAuthEmulator as c, initializeRecaptchaConfig as d, beforeAuthStateChanged as e, onAuthStateChanged as f, updateCurrentUser as g, signOut as h, initializeAuth as i, revokeAccessToken as j, deleteUser as k, debugErrorMap as l, AuthCredential as m, inMemoryPersistence as n, onIdTokenChanged as o, prodErrorMap as p, EmailAuthProvider as q, registerAuth as r, setPersistence as s, GithubAuthProvider as t, useDeviceLanguage as u, validatePassword as v, OAuthProvider as w, TwitterAuthProvider as x, signInAnonymously as y, signInWithCredential as z };
-//# sourceMappingURL=register-7b89e556.js.map
+export { updateEmail as $, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as A, linkWithCredential as B, reauthenticateWithCredential as C, signInWithCustomToken as D, EmailAuthCredential as E, FacebookAuthProvider as F, GoogleAuthProvider as G, sendPasswordResetEmail as H, confirmPasswordReset as I, applyActionCode as J, checkActionCode as K, verifyPasswordResetCode as L, createUserWithEmailAndPassword as M, signInWithEmailAndPassword as N, OAuthCredential as O, PhoneAuthCredential as P, sendSignInLinkToEmail as Q, isSignInWithEmailLink as R, SAMLAuthProvider as S, TotpMultiFactorGenerator as T, signInWithEmailLink as U, fetchSignInMethodsForEmail as V, sendEmailVerification as W, verifyBeforeUpdateEmail as X, ActionCodeURL as Y, parseActionCodeURL as Z, updateProfile as _, indexedDBLocalPersistence as a, updatePassword as a0, getIdToken as a1, getIdTokenResult as a2, unlink as a3, getAdditionalUserInfo as a4, reload as a5, getMultiFactorResolver as a6, multiFactor as a7, STORAGE_AVAILABLE_KEY as a8, _isIframe as a9, _fail as aA, debugAssert as aB, _assertInstanceOf as aC, _generateEventId as aD, FederatedAuthProvider as aE, _persistenceKeyName as aF, _performApiRequest as aG, _getCurrentUrl as aH, _gapiScriptUrl as aI, _emulatorUrl as aJ, _isChromeIOS as aK, _isFirefox as aL, _isIOSStandalone as aM, BaseOAuthProvider as aN, _setWindowLocation as aO, MultiFactorAssertionImpl as aP, finalizeEnrollPhoneMfa as aQ, finalizeSignInPhoneMfa as aR, _setExternalJSProvider as aS, _isAndroid as aT, _isIOS7Or8 as aU, UserImpl as aV, AuthImpl as aW, _getClientVersion as aX, FetchProvider as aY, SAMLAuthCredential as aZ, _isMobileBrowser as aa, _isIE10 as ab, _isSafari as ac, _isIOS as ad, _assert as ae, Delay as af, _window as ag, isV2 as ah, _createError as ai, _recaptchaV2ScriptUrl as aj, _loadJS as ak, _generateCallbackName as al, _castAuth as am, _isHttpOrHttps as an, _isWorker as ao, getRecaptchaParams as ap, _serverAppCurrentUserOperationNotSupportedError as aq, _assertLinkedStatus as ar, startEnrollPhoneMfa as as, startSignInPhoneMfa as at, sendPhoneVerificationCode as au, _link as av, _getInstance as aw, _signInWithCredential as ax, _reauthenticate as ay, signInWithIdp as az, TotpSecret as b, connectAuthEmulator as c, initializeRecaptchaConfig as d, beforeAuthStateChanged as e, onAuthStateChanged as f, updateCurrentUser as g, signOut as h, initializeAuth as i, revokeAccessToken as j, deleteUser as k, debugErrorMap as l, AuthCredential as m, inMemoryPersistence as n, onIdTokenChanged as o, prodErrorMap as p, EmailAuthProvider as q, registerAuth as r, setPersistence as s, GithubAuthProvider as t, useDeviceLanguage as u, validatePassword as v, OAuthProvider as w, TwitterAuthProvider as x, signInAnonymously as y, signInWithCredential as z };
+//# sourceMappingURL=register-3473374b.js.map