@firebase/auth 1.6.2 → 1.7.0-canary.42fcdfe4c

package/dist/browser-cjs/index.js

@@ -2,9 +2,9 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var index = require('./index-6a907fc6.js');
-require('@firebase/util');
+var index = require('./index-fcf80d66.js');
 require('@firebase/app');
+require('@firebase/util');
 require('@firebase/logger');
 require('tslib');
 require('@firebase/component');

package/dist/browser-cjs/internal.js

@@ -2,7 +2,7 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var index = require('./index-6a907fc6.js');
+var index = require('./index-fcf80d66.js');
 var util = require('@firebase/util');
 require('@firebase/app');
 require('@firebase/logger');

package/dist/browser-cjs/src/core/auth/auth_impl.d.ts

@@ -68,6 +68,7 @@ export declare class AuthImpl implements AuthInternal, _FirebaseService {
      * If the persistence is changed in another window, the user manager will let us know
      */
     _onStorageEvent(): Promise<void>;
+    private initializeCurrentUserFromIdToken;
     private initializeCurrentUser;
     private tryRedirectSignIn;
     private reloadAndSetCurrentUserOrClear;

package/dist/browser-cjs/src/core/index.d.ts

@@ -26,7 +26,8 @@ export { debugErrorMap, prodErrorMap, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY
  * remembered or not. It also makes it easier to never persist the `Auth` state for applications
  * that are shared by other users or have sensitive data.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -157,6 +158,9 @@ export declare function useDeviceLanguage(auth: Auth): void;
  * The operation fails with an error if the user to be updated belongs to a different Firebase
  * project.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param user - The new {@link User}.
  *
@@ -166,6 +170,10 @@ export declare function updateCurrentUser(auth: Auth, user: User | null): Promis
 /**
  * Signs out the current user.
  *
+ * @remarks
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public

package/dist/browser-cjs/src/core/strategies/anonymous.d.ts

@@ -22,6 +22,9 @@ import { Auth, UserCredential } from '../../model/public_types';
  * If there is already an anonymous user signed in, that user will be returned; otherwise, a
  * new anonymous user identity will be created and returned.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public

package/dist/browser-cjs/src/core/strategies/credential.d.ts

@@ -24,6 +24,9 @@ export declare function _signInWithCredential(auth: AuthInternal, credential: Au
  * @remarks
  * An {@link AuthProvider} can be used to generate the credential.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param credential - The auth credential.
  *
@@ -50,6 +53,9 @@ export declare function linkWithCredential(user: User, credential: AuthCredentia
  * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error
  * or a `TOKEN_EXPIRED` error.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param user - The user.
  * @param credential - The auth credential.
  *

package/dist/browser-cjs/src/core/strategies/custom_token.d.ts

@@ -26,6 +26,9 @@ import { Auth, UserCredential } from '../../model/public_types';
  *
  * Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param customToken - The custom token to sign in with.
  *

package/dist/browser-cjs/src/core/strategies/email_and_password.d.ts

@@ -99,6 +99,9 @@ export declare function verifyPasswordResetCode(auth: Auth, code: string): Promi
  *
  * User account creation can fail if the account already exists or the password is invalid.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The email address acts as a unique identifier for the user and enables an email-based
  * password reset. This function will create a new user account and set the initial user password.
  *
@@ -117,10 +120,14 @@ export declare function createUserWithEmailAndPassword(auth: Auth, email: string
  * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
  * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
  * the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The users email address.
  * @param password - The users password.

package/dist/browser-cjs/src/core/strategies/email_link.d.ts

@@ -71,6 +71,9 @@ export declare function isSignInWithEmailLink(auth: Auth, emailLink: string): bo
  *
  * Fails with an error if the email address is invalid or OTP in email link expires.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.
  *
  * @example
@@ -94,6 +97,7 @@ export declare function isSignInWithEmailLink(auth: Auth, emailLink: string): bo
  * }
  * ```
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  * @param emailLink - The link sent to the user's email address.

package/dist/browser-cjs/src/core/user/account_info.d.ts

@@ -34,6 +34,9 @@ export declare function updateProfile(user: User, { displayName, photoURL: photo
  * An email will be sent to the original email address (if it was set) that allows to revoke the
  * email address change, in order to protect them from account hijacking.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * Important: this is a security sensitive operation that requires the user to have recently signed
  * in. If this requirement isn't met, ask the user to authenticate again and then call
  * {@link reauthenticateWithCredential}.

package/dist/browser-cjs/src/core/user/reload.d.ts

@@ -14,7 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import { User } from '../../model/public_types';
+import { User, UserInfo } from '../../model/public_types';
+import { ProviderUserInfo } from '../../api/account_management/account';
 import { UserInternal } from '../../model/user';
 export declare function _reloadWithoutSaving(user: UserInternal): Promise<void>;
 /**
@@ -25,3 +26,4 @@ export declare function _reloadWithoutSaving(user: UserInternal): Promise<void>;
  * @public
  */
 export declare function reload(user: User): Promise<void>;
+export declare function extractProviderData(providers: ProviderUserInfo[]): UserInfo[];

package/dist/browser-cjs/src/core/user/token_manager.d.ts

@@ -37,6 +37,7 @@ export declare class StsTokenManager {
     expirationTime: number | null;
     get isExpired(): boolean;
     updateFromServerResponse(response: IdTokenResponse | FinalizeMfaResponse): void;
+    updateFromIdToken(idToken: string): void;
     getToken(auth: AuthInternal, forceRefresh?: boolean): Promise<string | null>;
     clearRefreshToken(): void;
     private refresh;

package/dist/browser-cjs/src/core/user/user_impl.d.ts

@@ -16,7 +16,7 @@
  */
 import { IdTokenResult } from '../../model/public_types';
 import { NextFn } from '@firebase/util';
-import { APIUserInfo } from '../../api/account_management/account';
+import { APIUserInfo, GetAccountInfoResponse } from '../../api/account_management/account';
 import { FinalizeMfaResponse } from '../../api/authentication/mfa';
 import { AuthInternal } from '../../model/auth';
 import { IdTokenResponse } from '../../model/id_token';
@@ -65,4 +65,10 @@ export declare class UserImpl implements UserInternal {
      * @param idTokenResponse
      */
     static _fromIdTokenResponse(auth: AuthInternal, idTokenResponse: IdTokenResponse, isAnonymous?: boolean): Promise<UserInternal>;
+    /**
+     * Initialize a User from an idToken server response
+     * @param auth
+     * @param idTokenResponse
+     */
+    static _fromGetAccountInfoResponse(auth: AuthInternal, response: GetAccountInfoResponse, idToken: string): Promise<UserInternal>;
 }

package/dist/browser-cjs/src/core/util/assert.d.ts

@@ -38,6 +38,7 @@ export declare function _fail<K extends AuthErrorCode>(auth: Auth, code: K, ...d
 export declare function _createError<K extends AuthErrorCode>(code: K, ...data: {} extends AuthErrorParams[K] ? [AuthErrorParams[K]?] : [AuthErrorParams[K]]): FirebaseError;
 export declare function _createError<K extends AuthErrorCode>(auth: Auth, code: K, ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]): FirebaseError;
 export declare function _errorWithCustomMessage(auth: Auth, code: AuthErrorCode, message: string): FirebaseError;
+export declare function _serverAppCurrentUserOperationNotSupportedError(auth: Auth): FirebaseError;
 export declare function _assertInstanceOf(auth: Auth, object: object, instance: unknown): void;
 export declare function _assert<K extends AuthErrorCode>(assertion: unknown, code: K, ...data: {} extends AuthErrorParams[K] ? [AuthErrorParams[K]?] : [AuthErrorParams[K]]): asserts assertion;
 export declare function _assert<K extends AuthErrorCode>(assertion: unknown, auth: Auth, code: K, ...data: {} extends LessAppName<K> ? [LessAppName<K>?] : [LessAppName<K>]): asserts assertion;

package/dist/browser-cjs/src/model/public_types.d.ts

@@ -287,6 +287,10 @@ export interface Auth {
     useDeviceLanguage(): void;
     /**
      * Signs out the current user. This does not automatically revoke the user's ID token.
+     *
+     * @remarks
+     * This method is not supported by {@link Auth} instances created with a
+     * {@link @firebase/app#FirebaseServerApp}.
      */
     signOut(): Promise<void>;
 }
@@ -943,6 +947,9 @@ export interface User extends UserInfo {
      * Important: this is a security-sensitive operation that requires the user to have recently
      * signed in. If this requirement isn't met, ask the user to authenticate again and then call
      * one of the reauthentication methods like {@link reauthenticateWithCredential}.
+     *
+     * This method is not supported on any {@link User} signed in by {@link Auth} instances
+     * created with a {@link @firebase/app#FirebaseServerApp}.
      */
     delete(): Promise<void>;
     /**

package/dist/browser-cjs/src/platform_browser/strategies/phone.d.ts

@@ -33,7 +33,8 @@ import { AuthInternal } from '../../model/auth';
  * {@link RecaptchaVerifier} (like React Native), but you need to use a
  * third-party {@link ApplicationVerifier} implementation.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -70,7 +71,8 @@ export declare function linkWithPhoneNumber(user: User, phoneNumber: string, app
  * @remarks
  * Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @param user - The user.
  * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
@@ -88,7 +90,8 @@ export declare function _verifyPhoneNumber(auth: AuthInternal, options: PhoneInf
  * Updates the user's phone number.
  *
  * @remarks
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```

package/dist/browser-cjs/src/platform_browser/strategies/popup.d.ts

@@ -27,7 +27,8 @@ export declare const _POLL_WINDOW_CLOSE_TIMEOUT: Delay;
  * If succeeds, returns the signed in user along with the provider's credential. If sign in was
  * unsuccessful, returns an error object containing additional information about the error.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -59,7 +60,8 @@ export declare function signInWithPopup(auth: Auth, provider: AuthProvider, reso
  * If the reauthentication is successful, the returned result will contain the user and the
  * provider's credential.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript

package/dist/browser-cjs/src/platform_browser/strategies/redirect.d.ts

@@ -23,7 +23,8 @@ import { Auth, AuthProvider, PopupRedirectResolver, User, UserCredential } from
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link signInWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -67,7 +68,8 @@ export declare function _signInWithRedirect(auth: Auth, provider: AuthProvider,
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link reauthenticateWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -103,7 +105,8 @@ export declare function _reauthenticateWithRedirect(user: User, provider: AuthPr
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link linkWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -135,7 +138,8 @@ export declare function _linkWithRedirect(user: User, provider: AuthProvider, re
  * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
  * error. If no redirect operation was called, returns `null`.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript

package/dist/browser-cjs/test/helpers/integration/helpers.d.ts

@@ -14,9 +14,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+import { FirebaseServerApp } from '@firebase/app';
 import { Auth } from '@firebase/auth';
 export declare function randomEmail(): string;
 export declare function getTestInstance(requireEmulator?: boolean): Auth;
+export declare function getTestInstanceForServerApp(serverApp: FirebaseServerApp): Auth;
 export declare function cleanUpTestInstance(auth: Auth): Promise<void>;
 export declare function getTotpCode(sharedSecretKey: string, periodSec: number, verificationCodeLength: number, timestamp: Date): string;
 export declare const email = "totpuser-donotdelete@test.com";

package/dist/browser-cjs/test/integration/flows/firebaseserverapp.test.d.ts

@@ -0,0 +1,17 @@
+/**
+ * @license
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export {};

package/dist/cordova/index.js

@@ -1,6 +1,6 @@
 import { getApp, _getProvider } from '@firebase/app';
-import { _ as _signInWithRedirect, a as _reauthenticateWithRedirect, b as _linkWithRedirect, r as registerAuth, i as initializeAuth, c as indexedDBLocalPersistence, d as cordovaPopupRedirectResolver } from './popup_redirect-58faecee.js';
-export { A as ActionCodeOperation, a6 as ActionCodeURL, y as AuthCredential, w as AuthErrorCodes, E as EmailAuthCredential, D as EmailAuthProvider, G as FacebookAuthProvider, F as FactorId, I as GithubAuthProvider, H as GoogleAuthProvider, z as OAuthCredential, J as OAuthProvider, O as OperationType, B as PhoneAuthCredential, P as ProviderId, K as SAMLAuthProvider, S as SignInMethod, T as TwitterAuthProvider, W as applyActionCode, j as beforeAuthStateChanged, e as browserLocalPersistence, f as browserSessionPersistence, X as checkActionCode, V as confirmPasswordReset, x as connectAuthEmulator, d as cordovaPopupRedirectResolver, Z as createUserWithEmailAndPassword, q as debugErrorMap, p as deleteUser, a3 as fetchSignInMethodsForEmail, ae as getAdditionalUserInfo, ab as getIdToken, ac as getIdTokenResult, ag as getMultiFactorResolver, g as getRedirectResult, C as inMemoryPersistence, c as indexedDBLocalPersistence, i as initializeAuth, h as initializeRecaptchaConfig, a1 as isSignInWithEmailLink, N as linkWithCredential, ah as multiFactor, k as onAuthStateChanged, o as onIdTokenChanged, a7 as parseActionCodeURL, t as prodErrorMap, Q as reauthenticateWithCredential, af as reload, n as revokeAccessToken, a4 as sendEmailVerification, U as sendPasswordResetEmail, a0 as sendSignInLinkToEmail, s as setPersistence, L as signInAnonymously, M as signInWithCredential, R as signInWithCustomToken, $ as signInWithEmailAndPassword, a2 as signInWithEmailLink, m as signOut, ad as unlink, l as updateCurrentUser, a9 as updateEmail, aa as updatePassword, a8 as updateProfile, u as useDeviceLanguage, v as validatePassword, a5 as verifyBeforeUpdateEmail, Y as verifyPasswordResetCode } from './popup_redirect-58faecee.js';
+import { _ as _signInWithRedirect, a as _reauthenticateWithRedirect, b as _linkWithRedirect, r as registerAuth, i as initializeAuth, c as indexedDBLocalPersistence, d as cordovaPopupRedirectResolver } from './popup_redirect-65e04583.js';
+export { A as ActionCodeOperation, a6 as ActionCodeURL, y as AuthCredential, w as AuthErrorCodes, E as EmailAuthCredential, D as EmailAuthProvider, G as FacebookAuthProvider, F as FactorId, I as GithubAuthProvider, H as GoogleAuthProvider, z as OAuthCredential, J as OAuthProvider, O as OperationType, B as PhoneAuthCredential, P as ProviderId, K as SAMLAuthProvider, S as SignInMethod, T as TwitterAuthProvider, W as applyActionCode, j as beforeAuthStateChanged, e as browserLocalPersistence, f as browserSessionPersistence, X as checkActionCode, V as confirmPasswordReset, x as connectAuthEmulator, d as cordovaPopupRedirectResolver, Z as createUserWithEmailAndPassword, q as debugErrorMap, p as deleteUser, a3 as fetchSignInMethodsForEmail, ae as getAdditionalUserInfo, ab as getIdToken, ac as getIdTokenResult, ag as getMultiFactorResolver, g as getRedirectResult, C as inMemoryPersistence, c as indexedDBLocalPersistence, i as initializeAuth, h as initializeRecaptchaConfig, a1 as isSignInWithEmailLink, N as linkWithCredential, ah as multiFactor, k as onAuthStateChanged, o as onIdTokenChanged, a7 as parseActionCodeURL, t as prodErrorMap, Q as reauthenticateWithCredential, af as reload, n as revokeAccessToken, a4 as sendEmailVerification, U as sendPasswordResetEmail, a0 as sendSignInLinkToEmail, s as setPersistence, L as signInAnonymously, M as signInWithCredential, R as signInWithCustomToken, $ as signInWithEmailAndPassword, a2 as signInWithEmailLink, m as signOut, ad as unlink, l as updateCurrentUser, a9 as updateEmail, aa as updatePassword, a8 as updateProfile, u as useDeviceLanguage, v as validatePassword, a5 as verifyBeforeUpdateEmail, Y as verifyPasswordResetCode } from './popup_redirect-65e04583.js';
 import 'tslib';
 import '@firebase/util';
 import '@firebase/component';

package/dist/cordova/internal.js

@@ -1,8 +1,8 @@
-import { ai as _performApiRequest, aj as _addTidIfNecessary, ak as _assert, al as Delay, am as _window, an as isV2, ao as _createError, ap as _recaptchaV2ScriptUrl, aq as _loadJS, ar as _generateCallbackName, as as getRecaptchaParams, at as _isHttpOrHttps, au as _isWorker, av as _castAuth, M as signInWithCredential, N as linkWithCredential, aw as _assertLinkedStatus, Q as reauthenticateWithCredential, ax as sendPhoneVerificationCode, ay as startEnrollPhoneMfa, az as _link, B as PhoneAuthCredential, aA as debugAssert, aB as _generateEventId, aC as AbstractPopupRedirectOperation, aD as _assertInstanceOf, aE as _withDefaultResolver, aF as FederatedAuthProvider, aG as _fail, aH as _getProjectConfig, aI as _getCurrentUrl, aJ as _gapiScriptUrl, aK as _emulatorUrl, aL as _isChromeIOS, aM as _isFirefox, aN as _isIOSStandalone, aO as _getRedirectUrl, aP as _setWindowLocation, aQ as _isMobileBrowser, aR as _isSafari, aS as _isIOS, f as browserSessionPersistence, aT as _getRedirectResult, aU as _overrideRedirectResult, aV as AuthEventManager, aW as debugFail, aX as finalizeEnrollPhoneMfa, aY as finalizeEnrollTotpMfa, aZ as startEnrollTotpMfa, r as registerAuth, i as initializeAuth, c as indexedDBLocalPersistence, e as browserLocalPersistence, j as beforeAuthStateChanged, o as onIdTokenChanged, x as connectAuthEmulator, a_ as _setExternalJSProvider } from './popup_redirect-58faecee.js';
-export { A as ActionCodeOperation, a6 as ActionCodeURL, y as AuthCredential, w as AuthErrorCodes, b2 as AuthImpl, E as EmailAuthCredential, D as EmailAuthProvider, G as FacebookAuthProvider, F as FactorId, b4 as FetchProvider, I as GithubAuthProvider, H as GoogleAuthProvider, z as OAuthCredential, J as OAuthProvider, O as OperationType, B as PhoneAuthCredential, P as ProviderId, b5 as SAMLAuthCredential, K as SAMLAuthProvider, S as SignInMethod, T as TwitterAuthProvider, b0 as UserImpl, ak as _assert, av as _castAuth, aG as _fail, aB as _generateEventId, b3 as _getClientVersion, b1 as _getInstance, aT as _getRedirectResult, aU as _overrideRedirectResult, a$ as _persistenceKeyName, W as applyActionCode, j as beforeAuthStateChanged, e as browserLocalPersistence, f as browserSessionPersistence, X as checkActionCode, V as confirmPasswordReset, x as connectAuthEmulator, d as cordovaPopupRedirectResolver, Z as createUserWithEmailAndPassword, q as debugErrorMap, p as deleteUser, a3 as fetchSignInMethodsForEmail, ae as getAdditionalUserInfo, ab as getIdToken, ac as getIdTokenResult, ag as getMultiFactorResolver, g as getRedirectResult, C as inMemoryPersistence, c as indexedDBLocalPersistence, i as initializeAuth, h as initializeRecaptchaConfig, a1 as isSignInWithEmailLink, N as linkWithCredential, b7 as linkWithRedirect, ah as multiFactor, k as onAuthStateChanged, o as onIdTokenChanged, a7 as parseActionCodeURL, t as prodErrorMap, Q as reauthenticateWithCredential, b8 as reauthenticateWithRedirect, af as reload, n as revokeAccessToken, a4 as sendEmailVerification, U as sendPasswordResetEmail, a0 as sendSignInLinkToEmail, s as setPersistence, L as signInAnonymously, M as signInWithCredential, R as signInWithCustomToken, $ as signInWithEmailAndPassword, a2 as signInWithEmailLink, b6 as signInWithRedirect, m as signOut, ad as unlink, l as updateCurrentUser, a9 as updateEmail, aa as updatePassword, a8 as updateProfile, u as useDeviceLanguage, v as validatePassword, a5 as verifyBeforeUpdateEmail, Y as verifyPasswordResetCode } from './popup_redirect-58faecee.js';
+import { ai as _performApiRequest, aj as _addTidIfNecessary, ak as _assert, al as Delay, am as _window, an as isV2, ao as _createError, ap as _recaptchaV2ScriptUrl, aq as _loadJS, ar as _generateCallbackName, as as getRecaptchaParams, at as _isHttpOrHttps, au as _isWorker, av as _castAuth, M as signInWithCredential, aw as _serverAppCurrentUserOperationNotSupportedError, N as linkWithCredential, ax as _assertLinkedStatus, Q as reauthenticateWithCredential, ay as sendPhoneVerificationCode, az as startEnrollPhoneMfa, aA as _link, B as PhoneAuthCredential, aB as debugAssert, aC as _generateEventId, aD as AbstractPopupRedirectOperation, aE as _assertInstanceOf, aF as _withDefaultResolver, aG as FederatedAuthProvider, aH as _fail, aI as _getProjectConfig, aJ as _getCurrentUrl, aK as _gapiScriptUrl, aL as _emulatorUrl, aM as _isChromeIOS, aN as _isFirefox, aO as _isIOSStandalone, aP as _getRedirectUrl, aQ as _setWindowLocation, aR as _isMobileBrowser, aS as _isSafari, aT as _isIOS, f as browserSessionPersistence, aU as _getRedirectResult, aV as _overrideRedirectResult, aW as AuthEventManager, aX as debugFail, aY as finalizeEnrollPhoneMfa, aZ as finalizeEnrollTotpMfa, a_ as startEnrollTotpMfa, r as registerAuth, i as initializeAuth, c as indexedDBLocalPersistence, e as browserLocalPersistence, j as beforeAuthStateChanged, o as onIdTokenChanged, x as connectAuthEmulator, a$ as _setExternalJSProvider } from './popup_redirect-65e04583.js';
+export { A as ActionCodeOperation, a6 as ActionCodeURL, y as AuthCredential, w as AuthErrorCodes, b3 as AuthImpl, E as EmailAuthCredential, D as EmailAuthProvider, G as FacebookAuthProvider, F as FactorId, b5 as FetchProvider, I as GithubAuthProvider, H as GoogleAuthProvider, z as OAuthCredential, J as OAuthProvider, O as OperationType, B as PhoneAuthCredential, P as ProviderId, b6 as SAMLAuthCredential, K as SAMLAuthProvider, S as SignInMethod, T as TwitterAuthProvider, b1 as UserImpl, ak as _assert, av as _castAuth, aH as _fail, aC as _generateEventId, b4 as _getClientVersion, b2 as _getInstance, aU as _getRedirectResult, aV as _overrideRedirectResult, b0 as _persistenceKeyName, W as applyActionCode, j as beforeAuthStateChanged, e as browserLocalPersistence, f as browserSessionPersistence, X as checkActionCode, V as confirmPasswordReset, x as connectAuthEmulator, d as cordovaPopupRedirectResolver, Z as createUserWithEmailAndPassword, q as debugErrorMap, p as deleteUser, a3 as fetchSignInMethodsForEmail, ae as getAdditionalUserInfo, ab as getIdToken, ac as getIdTokenResult, ag as getMultiFactorResolver, g as getRedirectResult, C as inMemoryPersistence, c as indexedDBLocalPersistence, i as initializeAuth, h as initializeRecaptchaConfig, a1 as isSignInWithEmailLink, N as linkWithCredential, b8 as linkWithRedirect, ah as multiFactor, k as onAuthStateChanged, o as onIdTokenChanged, a7 as parseActionCodeURL, t as prodErrorMap, Q as reauthenticateWithCredential, b9 as reauthenticateWithRedirect, af as reload, n as revokeAccessToken, a4 as sendEmailVerification, U as sendPasswordResetEmail, a0 as sendSignInLinkToEmail, s as setPersistence, L as signInAnonymously, M as signInWithCredential, R as signInWithCustomToken, $ as signInWithEmailAndPassword, a2 as signInWithEmailLink, b7 as signInWithRedirect, m as signOut, ad as unlink, l as updateCurrentUser, a9 as updateEmail, aa as updatePassword, a8 as updateProfile, u as useDeviceLanguage, v as validatePassword, a5 as verifyBeforeUpdateEmail, Y as verifyPasswordResetCode } from './popup_redirect-65e04583.js';
 import { __awaiter, __generator, __assign, __extends, __spreadArray } from 'tslib';
 import { querystring, getModularInstance, getUA, getExperimentalSetting, getDefaultEmulatorHost } from '@firebase/util';
-import { SDK_VERSION, getApp, _getProvider } from '@firebase/app';
+import { _isFirebaseServerApp, SDK_VERSION, getApp, _getProvider } from '@firebase/app';
 import '@firebase/component';
 import '@firebase/logger';
 
@@ -581,7 +581,8 @@ var ConfirmationResultImpl = /** @class */ (function () {
  * {@link RecaptchaVerifier} (like React Native), but you need to use a
  * third-party {@link ApplicationVerifier} implementation.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -604,6 +605,9 @@ function signInWithPhoneNumber(auth, phoneNumber, appVerifier) {
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
+                    if (_isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     authInternal = _castAuth(auth);
                     return [4 /*yield*/, _verifyPhoneNumber(authInternal, phoneNumber, getModularInstance(appVerifier))];
                 case 1:
@@ -653,7 +657,8 @@ function linkWithPhoneNumber(user, phoneNumber, appVerifier) {
  * @remarks
  * Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @param user - The user.
  * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
@@ -668,6 +673,9 @@ function reauthenticateWithPhoneNumber(user, phoneNumber, appVerifier) {
             switch (_a.label) {
                 case 0:
                     userInternal = getModularInstance(user);
+                    if (_isFirebaseServerApp(userInternal.auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth))];
+                    }
                     return [4 /*yield*/, _verifyPhoneNumber(userInternal.auth, phoneNumber, getModularInstance(appVerifier))];
                 case 1:
                     verificationId = _a.sent();
@@ -755,7 +763,8 @@ function _verifyPhoneNumber(auth, options, verifier) {
  * Updates the user's phone number.
  *
  * @remarks
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```
@@ -775,9 +784,15 @@ function _verifyPhoneNumber(auth, options, verifier) {
  */
 function updatePhoneNumber(user, credential) {
     return __awaiter(this, void 0, void 0, function () {
+        var userInternal;
         return __generator(this, function (_a) {
             switch (_a.label) {
-                case 0: return [4 /*yield*/, _link(getModularInstance(user), credential)];
+                case 0:
+                    userInternal = getModularInstance(user);
+                    if (_isFirebaseServerApp(userInternal.auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth))];
+                    }
+                    return [4 /*yield*/, _link(userInternal, credential)];
                 case 1:
                     _a.sent();
                     return [2 /*return*/];
@@ -980,7 +995,8 @@ var _POLL_WINDOW_CLOSE_TIMEOUT = new Delay(2000, 10000);
  * If succeeds, returns the signed in user along with the provider's credential. If sign in was
  * unsuccessful, returns an error object containing additional information about the error.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1007,6 +1023,9 @@ function signInWithPopup(auth, provider, resolver) {
     return __awaiter(this, void 0, void 0, function () {
         var authInternal, resolverInternal, action;
         return __generator(this, function (_a) {
+            if (_isFirebaseServerApp(auth.app)) {
+                return [2 /*return*/, Promise.reject(_createError(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */))];
+            }
             authInternal = _castAuth(auth);
             _assertInstanceOf(auth, provider, FederatedAuthProvider);
             resolverInternal = _withDefaultResolver(authInternal, resolver);
@@ -1023,7 +1042,8 @@ function signInWithPopup(auth, provider, resolver) {
  * If the reauthentication is successful, the returned result will contain the user and the
  * provider's credential.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1047,6 +1067,9 @@ function reauthenticateWithPopup(user, provider, resolver) {
         var userInternal, resolverInternal, action;
         return __generator(this, function (_a) {
             userInternal = getModularInstance(user);
+            if (_isFirebaseServerApp(userInternal.auth.app)) {
+                return [2 /*return*/, Promise.reject(_createError(userInternal.auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */))];
+            }
             _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider);
             resolverInternal = _withDefaultResolver(userInternal.auth, resolver);
             action = new PopupOperation(userInternal.auth, "reauthViaPopup" /* AuthEventType.REAUTH_VIA_POPUP */, provider, resolverInternal, userInternal);
@@ -2077,14 +2100,19 @@ function getAuth(app) {
         ]
     });
     var authTokenSyncPath = getExperimentalSetting('authTokenSyncURL');
-    // Don't allow urls (XSS possibility), only paths on the same domain
-    // (starting with a single '/')
-    if (authTokenSyncPath && authTokenSyncPath.match(/^\/[^\/].*/)) {
-        var mintCookie_1 = mintCookieFactory(authTokenSyncPath);
-        beforeAuthStateChanged(auth, mintCookie_1, function () {
-            return mintCookie_1(auth.currentUser);
-        });
-        onIdTokenChanged(auth, function (user) { return mintCookie_1(user); });
+    // Only do the Cookie exchange in a secure context
+    if (authTokenSyncPath &&
+        typeof isSecureContext === 'boolean' &&
+        isSecureContext) {
+        // Don't allow urls (XSS possibility), only paths on the same domain
+        var authTokenSyncUrl = new URL(authTokenSyncPath, location.origin);
+        if (location.origin === authTokenSyncUrl.origin) {
+            var mintCookie_1 = mintCookieFactory(authTokenSyncUrl.toString());
+            beforeAuthStateChanged(auth, mintCookie_1, function () {
+                return mintCookie_1(auth.currentUser);
+            });
+            onIdTokenChanged(auth, function (user) { return mintCookie_1(user); });
+        }
     }
     var authEmulatorHost = getDefaultEmulatorHost('auth');
     if (authEmulatorHost) {