@firebase/auth 1.9.1 → 1.10.0-auth-redirect-credentials.82faa0828

package/dist/node/src/api/index.d.ts

@@ -91,7 +91,7 @@ export declare function _addTidIfNecessary<T extends {
 export declare function _performApiRequest<T, V>(auth: Auth, method: HttpMethod, path: Endpoint, request?: T, customErrorMap?: Partial<ServerErrorMap<ServerError>>): Promise<V>;
 export declare function _performFetchWithErrorHandling<V>(auth: Auth, customErrorMap: Partial<ServerErrorMap<ServerError>>, fetchFn: () => Promise<Response>): Promise<V>;
 export declare function _performSignInRequest<T, V extends IdTokenResponse>(auth: Auth, method: HttpMethod, path: Endpoint, request?: T, customErrorMap?: Partial<ServerErrorMap<ServerError>>): Promise<V>;
-export declare function _getFinalTarget(auth: Auth, host: string, path: string, query: string): string;
+export declare function _getFinalTarget(auth: Auth, host: string, path: string, query: string): Promise<string>;
 export declare function _parseEnforcementState(enforcementStateStr: string): EnforcementState;
 interface PotentialResponse extends IdTokenResponse {
     email?: string;

package/dist/node/src/core/auth/auth_impl.d.ts

@@ -57,6 +57,8 @@ export declare class AuthImpl implements AuthInternal, _FirebaseService {
     _tenantRecaptchaConfigs: Record<string, RecaptchaConfig>;
     _projectPasswordPolicy: PasswordPolicyInternal | null;
     _tenantPasswordPolicies: Record<string, PasswordPolicyInternal>;
+    _resolvePersistenceManagerAvailable: ((value: void | PromiseLike<void>) => void) | undefined;
+    _persistenceManagerAvailable: Promise<void>;
     readonly name: string;
     private lastNotifiedUid;
     languageCode: string | null;
@@ -82,7 +84,8 @@ export declare class AuthImpl implements AuthInternal, _FirebaseService {
     validatePassword(password: string): Promise<PasswordValidationStatus>;
     _getPasswordPolicyInternal(): PasswordPolicyInternal | null;
     _updatePasswordPolicy(): Promise<void>;
-    _getPersistence(): string;
+    _getPersistenceType(): string;
+    _getPersistence(): PersistenceInternal;
     _updateErrorMap(errorMap: AuthErrorMap): void;
     onAuthStateChanged(nextOrObserver: NextOrObserver<User>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
     beforeAuthStateChanged(callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;

package/dist/node/src/core/persistence/index.d.ts

@@ -18,7 +18,8 @@ import { Persistence } from '../../model/public_types';
 export declare const enum PersistenceType {
     SESSION = "SESSION",
     LOCAL = "LOCAL",
-    NONE = "NONE"
+    NONE = "NONE",
+    COOKIE = "COOKIE"
 }
 export type PersistedBlob = Record<string, unknown>;
 export interface Instantiator<T> {

package/dist/node/src/model/auth.d.ts

@@ -22,6 +22,7 @@ import { UserInternal } from './user';
 import { ClientPlatform } from '../core/util/version';
 import { RecaptchaConfig } from '../platform_browser/recaptcha/recaptcha';
 import { PasswordPolicyInternal } from './password_policy';
+import { PersistenceInternal } from '../core/persistence';
 export type AppName = string;
 export type ApiKey = string;
 export type AuthDomain = string;
@@ -56,6 +57,7 @@ export interface AuthInternal extends Auth {
     _canInitEmulator: boolean;
     _isInitialized: boolean;
     _initializationPromise: Promise<void> | null;
+    _persistenceManagerAvailable: Promise<void>;
     _updateCurrentUser(user: UserInternal | null): Promise<void>;
     _onStorageEvent(): void;
     _notifyListenersIfCurrent(user: UserInternal): void;
@@ -66,7 +68,8 @@ export interface AuthInternal extends Auth {
     _key(): string;
     _startProactiveRefresh(): void;
     _stopProactiveRefresh(): void;
-    _getPersistence(): string;
+    _getPersistenceType(): string;
+    _getPersistence(): PersistenceInternal;
     _getRecaptchaConfig(): RecaptchaConfig | null;
     _getPasswordPolicyInternal(): PasswordPolicyInternal | null;
     _updatePasswordPolicy(): Promise<void>;

package/dist/node/src/model/public_types.d.ts

@@ -305,8 +305,9 @@ export interface Persistence {
      * - 'SESSION' is used for temporary persistence such as `sessionStorage`.
      * - 'LOCAL' is used for long term persistence such as `localStorage` or `IndexedDB`.
      * - 'NONE' is used for in-memory, or no persistence.
+     * - 'COOKIE' is used for cookie persistence, useful for server-side rendering.
      */
-    readonly type: 'SESSION' | 'LOCAL' | 'NONE';
+    readonly type: 'SESSION' | 'LOCAL' | 'NONE' | 'COOKIE';
 }
 /**
  * Interface representing ID token result obtained from {@link User.getIdTokenResult}.

package/dist/node/src/platform_browser/persistence/cookie_storage.d.ts

@@ -0,0 +1,40 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Persistence } from '../../model/public_types';
+import { PersistenceInternal, PersistenceType, PersistenceValue, StorageEventListener } from '../../core/persistence';
+export declare class CookiePersistence implements PersistenceInternal {
+    static type: 'COOKIE';
+    readonly type = PersistenceType.COOKIE;
+    listenerUnsubscribes: Map<StorageEventListener, () => void>;
+    _getFinalTarget(originalUrl: string): URL | string;
+    _isAvailable(): Promise<boolean>;
+    _set(_key: string, _value: PersistenceValue): Promise<void>;
+    _get<T extends PersistenceValue>(key: string): Promise<T | null>;
+    _remove(key: string): Promise<void>;
+    _addListener(key: string, listener: StorageEventListener): void;
+    _removeListener(_key: string, listener: StorageEventListener): void;
+}
+/**
+ * An implementation of {@link Persistence} of type `COOKIE`, for use on the client side in
+ * applications leveraging hybrid rendering and middleware.
+ *
+ * @remarks This persistence method requires companion middleware to function, such as that provided
+ * by {@link https://firebaseopensource.com/projects/firebaseextended/reactfire/ | ReactFire} for
+ * NextJS.
+ * @beta
+ */
+export declare const browserCookiePersistence: Persistence;

package/dist/node/src/platform_node/index.d.ts

@@ -28,6 +28,7 @@ declare class FailClass {
 }
 export declare const browserLocalPersistence: import("../model/public_types").Persistence;
 export declare const browserSessionPersistence: import("../model/public_types").Persistence;
+export declare const browserCookiePersistence: import("../model/public_types").Persistence;
 export declare const indexedDBLocalPersistence: import("../model/public_types").Persistence;
 export declare const browserPopupRedirectResolver: import("@firebase/app").FirebaseError;
 export declare const PhoneAuthProvider: typeof FailClass;

package/dist/node/{totp-06fa6909.js → totp-88cb8aaf.js}

@@ -861,6 +861,14 @@ const SERVER_ERROR_MAP = {
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+const CookieAuthProxiedEndpoints = [
+    "/v1/accounts:signInWithCustomToken" /* Endpoint.SIGN_IN_WITH_CUSTOM_TOKEN */,
+    "/v1/accounts:signInWithEmailLink" /* Endpoint.SIGN_IN_WITH_EMAIL_LINK */,
+    "/v1/accounts:signInWithIdp" /* Endpoint.SIGN_IN_WITH_IDP */,
+    "/v1/accounts:signInWithPassword" /* Endpoint.SIGN_IN_WITH_PASSWORD */,
+    "/v1/accounts:signInWithPhoneNumber" /* Endpoint.SIGN_IN_WITH_PHONE_NUMBER */,
+    "/v1/token" /* Endpoint.TOKEN */
+];
 const DEFAULT_API_TIMEOUT_MS = new Delay(30000, 60000);
 function _addTidIfNecessary(auth, request) {
     if (auth.tenantId && !request.tenantId) {
@@ -897,7 +905,10 @@ async function _performApiRequest(auth, method, path, request, customErrorMap =
         if (!util.isCloudflareWorker()) {
             fetchArgs.referrerPolicy = 'no-referrer';
         }
-        return FetchProvider.fetch()(_getFinalTarget(auth, auth.config.apiHost, path, query), fetchArgs);
+        if (auth.emulatorConfig && util.isCloudWorkstation(auth.emulatorConfig.host)) {
+            fetchArgs.credentials = 'include';
+        }
+        return FetchProvider.fetch()(await _getFinalTarget(auth, auth.config.apiHost, path, query), fetchArgs);
     });
 }
 async function _performFetchWithErrorHandling(auth, customErrorMap, fetchFn) {
@@ -962,12 +973,25 @@ async function _performSignInRequest(auth, method, path, request, customErrorMap
     }
     return serverResponse;
 }
-function _getFinalTarget(auth, host, path, query) {
+async function _getFinalTarget(auth, host, path, query) {
     const base = `${host}${path}?${query}`;
-    if (!auth.config.emulator) {
-        return `${auth.config.apiScheme}://${base}`;
-    }
-    return _emulatorUrl(auth.config, base);
+    const authInternal = auth;
+    const finalTarget = authInternal.config.emulator
+        ? _emulatorUrl(auth.config, base)
+        : `${auth.config.apiScheme}://${base}`;
+    // Cookie auth works by MiTMing the signIn and token endpoints from the developer's backend,
+    // saving the idToken and refreshToken into cookies, and then redacting the refreshToken
+    // from the response
+    if (CookieAuthProxiedEndpoints.includes(path)) {
+        // Persistence manager is async, we need to await it. We can't just wait for auth initialized
+        // here since auth initialization calls this function.
+        await authInternal._persistenceManagerAvailable;
+        if (authInternal._getPersistenceType() === "COOKIE" /* PersistenceType.COOKIE */) {
+            const cookiePersistence = authInternal._getPersistence();
+            return cookiePersistence._getFinalTarget(finalTarget).toString();
+        }
+    }
+    return finalTarget;
 }
 function _parseEnforcementState(enforcementStateStr) {
     switch (enforcementStateStr) {
@@ -1536,7 +1560,7 @@ async function requestStsToken(auth, refreshToken) {
             'refresh_token': refreshToken
         }).slice(1);
         const { tokenApiHost, apiKey } = auth.config;
-        const url = _getFinalTarget(auth, tokenApiHost, "/v1/token" /* Endpoint.TOKEN */, `key=${apiKey}`);
+        const url = await _getFinalTarget(auth, tokenApiHost, "/v1/token" /* Endpoint.TOKEN */, `key=${apiKey}`);
         const headers = await auth._getAdditionalHeaders();
         headers["Content-Type" /* HttpHeader.CONTENT_TYPE */] = 'application/x-www-form-urlencoded';
         return FetchProvider.fetch()(url, {
@@ -2027,7 +2051,17 @@ class PersistenceUserManager {
     }
     async getCurrentUser() {
         const blob = await this.persistence._get(this.fullUserKey);
-        return blob ? UserImpl._fromJSON(this.auth, blob) : null;
+        if (!blob) {
+            return null;
+        }
+        if (typeof blob === 'string') {
+            const response = await getAccountInfo(this.auth, { idToken: blob }).catch(() => undefined);
+            if (!response) {
+                return null;
+            }
+            return UserImpl._fromGetAccountInfoResponse(this.auth, response, blob);
+        }
+        return UserImpl._fromJSON(this.auth, blob);
     }
     removeCurrentUser() {
         return this.persistence._remove(this.fullUserKey);
@@ -2074,7 +2108,19 @@ class PersistenceUserManager {
             try {
                 const blob = await persistence._get(key);
                 if (blob) {
-                    const user = UserImpl._fromJSON(auth, blob); // throws for unparsable blob (wrong format)
+                    let user;
+                    if (typeof blob === 'string') {
+                        const response = await getAccountInfo(auth, {
+                            idToken: blob
+                        }).catch(() => undefined);
+                        if (!response) {
+                            break;
+                        }
+                        user = await UserImpl._fromGetAccountInfoResponse(auth, response, blob);
+                    }
+                    else {
+                        user = UserImpl._fromJSON(auth, blob); // throws for unparsable blob (wrong format)
+                    }
                     if (persistence !== selectedPersistence) {
                         userToMigrate = user;
                     }
@@ -2568,6 +2614,7 @@ class AuthImpl {
         this._tenantRecaptchaConfigs = {};
         this._projectPasswordPolicy = null;
         this._tenantPasswordPolicies = {};
+        this._resolvePersistenceManagerAvailable = undefined;
         // Tracks the last notified UID for state change listeners to prevent
         // repeated calls to the callbacks. Undefined means it's never been
         // called, whereas null means it's been called with a signed out user
@@ -2578,6 +2625,9 @@ class AuthImpl {
         this.frameworks = [];
         this.name = app.name;
         this.clientVersion = config.sdkClientVersion;
+        // TODO(jamesdaniels) explore less hacky way to do this, cookie authentication needs
+        // persistenceMananger to be available. see _getFinalTarget for more context
+        this._persistenceManagerAvailable = new Promise(resolve => (this._resolvePersistenceManagerAvailable = resolve));
     }
     _initializeWithPersistence(persistenceHierarchy, popupRedirectResolver) {
         if (popupRedirectResolver) {
@@ -2586,17 +2636,18 @@ class AuthImpl {
         // Have to check for app deletion throughout initialization (after each
         // promise resolution)
         this._initializationPromise = this.queue(async () => {
-            var _a, _b;
+            var _a, _b, _c;
             if (this._deleted) {
                 return;
             }
             this.persistenceManager = await PersistenceUserManager.create(this, persistenceHierarchy);
+            (_a = this._resolvePersistenceManagerAvailable) === null || _a === void 0 ? void 0 : _a.call(this);
             if (this._deleted) {
                 return;
             }
             // Initialize the resolver early if necessary (only applicable to web:
             // this will cause the iframe to load immediately in certain cases)
-            if ((_a = this._popupRedirectResolver) === null || _a === void 0 ? void 0 : _a._shouldInitProactively) {
+            if ((_b = this._popupRedirectResolver) === null || _b === void 0 ? void 0 : _b._shouldInitProactively) {
                 // If this fails, don't halt auth loading
                 try {
                     await this._popupRedirectResolver._initialize(this);
@@ -2606,7 +2657,7 @@ class AuthImpl {
                 }
             }
             await this.initializeCurrentUser(popupRedirectResolver);
-            this.lastNotifiedUid = ((_b = this.currentUser) === null || _b === void 0 ? void 0 : _b.uid) || null;
+            this.lastNotifiedUid = ((_c = this.currentUser) === null || _c === void 0 ? void 0 : _c.uid) || null;
             if (this._deleted) {
                 return;
             }
@@ -2860,9 +2911,12 @@ class AuthImpl {
             this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;
         }
     }
-    _getPersistence() {
+    _getPersistenceType() {
         return this.assertedPersistence.persistence.type;
     }
+    _getPersistence() {
+        return this.assertedPersistence.persistence;
+    }
     _updateErrorMap(errorMap) {
         this._errorFactory = new util.ErrorFactory('auth', 'Firebase', errorMap());
     }
@@ -4301,7 +4355,7 @@ class ActionCodeURL {
         this.operation = operation;
         this.code = code;
         this.continueUrl = (_d = searchParams["continueUrl" /* QueryField.CONTINUE_URL */]) !== null && _d !== void 0 ? _d : null;
-        this.languageCode = (_e = searchParams["languageCode" /* QueryField.LANGUAGE_CODE */]) !== null && _e !== void 0 ? _e : null;
+        this.languageCode = (_e = searchParams["lang" /* QueryField.LANGUAGE_CODE */]) !== null && _e !== void 0 ? _e : null;
         this.tenantId = (_f = searchParams["tenantId" /* QueryField.TENANT_ID */]) !== null && _f !== void 0 ? _f : null;
     }
     /**
@@ -7081,7 +7135,7 @@ function multiFactor(user) {
 }
 
 var name = "@firebase/auth";
-var version = "1.9.1";
+var version = "1.10.0-auth-redirect-credentials.82faa0828";
 
 /**
  * @license
@@ -7283,6 +7337,7 @@ class FailClass {
 }
 const browserLocalPersistence = inMemoryPersistence;
 const browserSessionPersistence = inMemoryPersistence;
+const browserCookiePersistence = inMemoryPersistence;
 const indexedDBLocalPersistence = inMemoryPersistence;
 const browserPopupRedirectResolver = NOT_AVAILABLE_ERROR;
 const PhoneAuthProvider = FailClass;
@@ -7541,6 +7596,7 @@ exports._serverAppCurrentUserOperationNotSupportedError = _serverAppCurrentUserO
 exports._signInWithCredential = _signInWithCredential;
 exports.applyActionCode = applyActionCode;
 exports.beforeAuthStateChanged = beforeAuthStateChanged;
+exports.browserCookiePersistence = browserCookiePersistence;
 exports.browserLocalPersistence = browserLocalPersistence;
 exports.browserPopupRedirectResolver = browserPopupRedirectResolver;
 exports.browserSessionPersistence = browserSessionPersistence;
@@ -7602,4 +7658,4 @@ exports.useDeviceLanguage = useDeviceLanguage;
 exports.validatePassword = validatePassword;
 exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
 exports.verifyPasswordResetCode = verifyPasswordResetCode;
-//# sourceMappingURL=totp-06fa6909.js.map
+//# sourceMappingURL=totp-88cb8aaf.js.map