@firebase/auth 1.9.1 → 1.10.0

package/dist/web-extension-cjs/src/api/index.d.ts

@@ -91,7 +91,7 @@ export declare function _addTidIfNecessary<T extends {
 export declare function _performApiRequest<T, V>(auth: Auth, method: HttpMethod, path: Endpoint, request?: T, customErrorMap?: Partial<ServerErrorMap<ServerError>>): Promise<V>;
 export declare function _performFetchWithErrorHandling<V>(auth: Auth, customErrorMap: Partial<ServerErrorMap<ServerError>>, fetchFn: () => Promise<Response>): Promise<V>;
 export declare function _performSignInRequest<T, V extends IdTokenResponse>(auth: Auth, method: HttpMethod, path: Endpoint, request?: T, customErrorMap?: Partial<ServerErrorMap<ServerError>>): Promise<V>;
-export declare function _getFinalTarget(auth: Auth, host: string, path: string, query: string): string;
+export declare function _getFinalTarget(auth: Auth, host: string, path: string, query: string): Promise<string>;
 export declare function _parseEnforcementState(enforcementStateStr: string): EnforcementState;
 interface PotentialResponse extends IdTokenResponse {
     email?: string;

package/dist/web-extension-cjs/src/core/auth/auth_impl.d.ts

@@ -57,6 +57,8 @@ export declare class AuthImpl implements AuthInternal, _FirebaseService {
     _tenantRecaptchaConfigs: Record<string, RecaptchaConfig>;
     _projectPasswordPolicy: PasswordPolicyInternal | null;
     _tenantPasswordPolicies: Record<string, PasswordPolicyInternal>;
+    _resolvePersistenceManagerAvailable: ((value: void | PromiseLike<void>) => void) | undefined;
+    _persistenceManagerAvailable: Promise<void>;
     readonly name: string;
     private lastNotifiedUid;
     languageCode: string | null;
@@ -82,7 +84,8 @@ export declare class AuthImpl implements AuthInternal, _FirebaseService {
     validatePassword(password: string): Promise<PasswordValidationStatus>;
     _getPasswordPolicyInternal(): PasswordPolicyInternal | null;
     _updatePasswordPolicy(): Promise<void>;
-    _getPersistence(): string;
+    _getPersistenceType(): string;
+    _getPersistence(): PersistenceInternal;
     _updateErrorMap(errorMap: AuthErrorMap): void;
     onAuthStateChanged(nextOrObserver: NextOrObserver<User>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
     beforeAuthStateChanged(callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;

package/dist/web-extension-cjs/src/core/persistence/index.d.ts

@@ -18,7 +18,8 @@ import { Persistence } from '../../model/public_types';
 export declare const enum PersistenceType {
     SESSION = "SESSION",
     LOCAL = "LOCAL",
-    NONE = "NONE"
+    NONE = "NONE",
+    COOKIE = "COOKIE"
 }
 export type PersistedBlob = Record<string, unknown>;
 export interface Instantiator<T> {

package/dist/web-extension-cjs/src/model/auth.d.ts

@@ -22,6 +22,7 @@ import { UserInternal } from './user';
 import { ClientPlatform } from '../core/util/version';
 import { RecaptchaConfig } from '../platform_browser/recaptcha/recaptcha';
 import { PasswordPolicyInternal } from './password_policy';
+import { PersistenceInternal } from '../core/persistence';
 export type AppName = string;
 export type ApiKey = string;
 export type AuthDomain = string;
@@ -56,6 +57,7 @@ export interface AuthInternal extends Auth {
     _canInitEmulator: boolean;
     _isInitialized: boolean;
     _initializationPromise: Promise<void> | null;
+    _persistenceManagerAvailable: Promise<void>;
     _updateCurrentUser(user: UserInternal | null): Promise<void>;
     _onStorageEvent(): void;
     _notifyListenersIfCurrent(user: UserInternal): void;
@@ -66,7 +68,8 @@ export interface AuthInternal extends Auth {
     _key(): string;
     _startProactiveRefresh(): void;
     _stopProactiveRefresh(): void;
-    _getPersistence(): string;
+    _getPersistenceType(): string;
+    _getPersistence(): PersistenceInternal;
     _getRecaptchaConfig(): RecaptchaConfig | null;
     _getPasswordPolicyInternal(): PasswordPolicyInternal | null;
     _updatePasswordPolicy(): Promise<void>;

package/dist/web-extension-cjs/src/model/public_types.d.ts

@@ -305,8 +305,9 @@ export interface Persistence {
      * - 'SESSION' is used for temporary persistence such as `sessionStorage`.
      * - 'LOCAL' is used for long term persistence such as `localStorage` or `IndexedDB`.
      * - 'NONE' is used for in-memory, or no persistence.
+     * - 'COOKIE' is used for cookie persistence, useful for server-side rendering.
      */
-    readonly type: 'SESSION' | 'LOCAL' | 'NONE';
+    readonly type: 'SESSION' | 'LOCAL' | 'NONE' | 'COOKIE';
 }
 /**
  * Interface representing ID token result obtained from {@link User.getIdTokenResult}.

package/dist/web-extension-cjs/src/platform_browser/persistence/cookie_storage.d.ts

@@ -0,0 +1,40 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Persistence } from '../../model/public_types';
+import { PersistenceInternal, PersistenceType, PersistenceValue, StorageEventListener } from '../../core/persistence';
+export declare class CookiePersistence implements PersistenceInternal {
+    static type: 'COOKIE';
+    readonly type = PersistenceType.COOKIE;
+    listenerUnsubscribes: Map<StorageEventListener, () => void>;
+    _getFinalTarget(originalUrl: string): URL | string;
+    _isAvailable(): Promise<boolean>;
+    _set(_key: string, _value: PersistenceValue): Promise<void>;
+    _get<T extends PersistenceValue>(key: string): Promise<T | null>;
+    _remove(key: string): Promise<void>;
+    _addListener(key: string, listener: StorageEventListener): void;
+    _removeListener(_key: string, listener: StorageEventListener): void;
+}
+/**
+ * An implementation of {@link Persistence} of type `COOKIE`, for use on the client side in
+ * applications leveraging hybrid rendering and middleware.
+ *
+ * @remarks This persistence method requires companion middleware to function, such as that provided
+ * by {@link https://firebaseopensource.com/projects/firebaseextended/reactfire/ | ReactFire} for
+ * NextJS.
+ * @beta
+ */
+export declare const browserCookiePersistence: Persistence;

package/dist/web-extension-cjs/src/platform_node/index.d.ts

@@ -28,6 +28,7 @@ declare class FailClass {
 }
 export declare const browserLocalPersistence: import("../model/public_types").Persistence;
 export declare const browserSessionPersistence: import("../model/public_types").Persistence;
+export declare const browserCookiePersistence: import("../model/public_types").Persistence;
 export declare const indexedDBLocalPersistence: import("../model/public_types").Persistence;
 export declare const browserPopupRedirectResolver: import("@firebase/app").FirebaseError;
 export declare const PhoneAuthProvider: typeof FailClass;

package/dist/web-extension-esm2017/auth-web-extension-public.d.ts

@@ -2183,10 +2183,31 @@ declare interface Persistence {
      * - 'SESSION' is used for temporary persistence such as `sessionStorage`.
      * - 'LOCAL' is used for long term persistence such as `localStorage` or `IndexedDB`.
      * - 'NONE' is used for in-memory, or no persistence.
+     * - 'COOKIE' is used for cookie persistence, useful for server-side rendering.
      */
-    readonly type: 'SESSION' | 'LOCAL' | 'NONE';
+    readonly type: 'SESSION' | 'LOCAL' | 'NONE' | 'COOKIE';
 }
 
+declare interface PersistenceInternal extends Persistence {
+    type: PersistenceType;
+    _isAvailable(): Promise<boolean>;
+    _set(key: string, value: PersistenceValue): Promise<void>;
+    _get<T extends PersistenceValue>(key: string): Promise<T | null>;
+    _remove(key: string): Promise<void>;
+    _addListener(key: string, listener: StorageEventListener): void;
+    _removeListener(key: string, listener: StorageEventListener): void;
+    _shouldAllowMigration?: boolean;
+}
+
+declare const enum PersistenceType {
+    SESSION = "SESSION",
+    LOCAL = "LOCAL",
+    NONE = "NONE",
+    COOKIE = "COOKIE"
+}
+
+declare type PersistenceValue = PersistedBlob | string;
+
 /**
  * Represents the credentials returned by {@link PhoneAuthProvider}.
  *
@@ -2651,6 +2672,10 @@ declare interface StartTotpMfaEnrollmentResponse {
     };
 }
 
+declare interface StorageEventListener {
+    (value: PersistenceValue | null): void;
+}
+
 /* Excluded from this release type: StsTokenManager */
 
 /* Excluded from this release type: TaggedWithTokenResponse */

package/dist/web-extension-esm2017/auth-web-extension.d.ts

@@ -839,6 +839,7 @@ declare interface AuthInternal extends Auth {
     _canInitEmulator: boolean;
     _isInitialized: boolean;
     _initializationPromise: Promise<void> | null;
+    _persistenceManagerAvailable: Promise<void>;
     _updateCurrentUser(user: UserInternal | null): Promise<void>;
     _onStorageEvent(): void;
     _notifyListenersIfCurrent(user: UserInternal): void;
@@ -849,7 +850,8 @@ declare interface AuthInternal extends Auth {
     _key(): string;
     _startProactiveRefresh(): void;
     _stopProactiveRefresh(): void;
-    _getPersistence(): string;
+    _getPersistenceType(): string;
+    _getPersistence(): PersistenceInternal;
     _getRecaptchaConfig(): RecaptchaConfig | null;
     _getPasswordPolicyInternal(): PasswordPolicyInternal | null;
     _updatePasswordPolicy(): Promise<void>;
@@ -2580,10 +2582,31 @@ declare interface Persistence {
      * - 'SESSION' is used for temporary persistence such as `sessionStorage`.
      * - 'LOCAL' is used for long term persistence such as `localStorage` or `IndexedDB`.
      * - 'NONE' is used for in-memory, or no persistence.
+     * - 'COOKIE' is used for cookie persistence, useful for server-side rendering.
      */
-    readonly type: 'SESSION' | 'LOCAL' | 'NONE';
+    readonly type: 'SESSION' | 'LOCAL' | 'NONE' | 'COOKIE';
 }
 
+declare interface PersistenceInternal extends Persistence {
+    type: PersistenceType;
+    _isAvailable(): Promise<boolean>;
+    _set(key: string, value: PersistenceValue): Promise<void>;
+    _get<T extends PersistenceValue>(key: string): Promise<T | null>;
+    _remove(key: string): Promise<void>;
+    _addListener(key: string, listener: StorageEventListener): void;
+    _removeListener(key: string, listener: StorageEventListener): void;
+    _shouldAllowMigration?: boolean;
+}
+
+declare const enum PersistenceType {
+    SESSION = "SESSION",
+    LOCAL = "LOCAL",
+    NONE = "NONE",
+    COOKIE = "COOKIE"
+}
+
+declare type PersistenceValue = PersistedBlob | string;
+
 /**
  * Represents the credentials returned by {@link PhoneAuthProvider}.
  *
@@ -3136,6 +3159,10 @@ declare interface StartTotpMfaEnrollmentResponse {
     };
 }
 
+declare interface StorageEventListener {
+    (value: PersistenceValue | null): void;
+}
+
 /**
  * We need to mark this class as internal explicitly to exclude it in the public typings, because
  * it references AuthInternal which has a circular dependency with UserInternal.

package/dist/web-extension-esm2017/index.d.ts

@@ -23,6 +23,7 @@ export * from './src/model/public_types';
 export { FactorId, ProviderId, SignInMethod, OperationType, ActionCodeOperation } from './src/model/enum_maps';
 export * from './src';
 import { browserLocalPersistence } from './src/platform_browser/persistence/local_storage';
+import { browserCookiePersistence } from './src/platform_browser/persistence/cookie_storage';
 import { browserSessionPersistence } from './src/platform_browser/persistence/session_storage';
 import { indexedDBLocalPersistence } from './src/platform_browser/persistence/indexed_db';
 import { PhoneAuthProvider } from './src/platform_browser/providers/phone';
@@ -34,4 +35,4 @@ import { browserPopupRedirectResolver } from './src/platform_browser/popup_redir
 import { PhoneMultiFactorGenerator } from './src/platform_browser/mfa/assertions/phone';
 import { TotpMultiFactorGenerator, TotpSecret } from './src/mfa/assertions/totp';
 import { getAuth } from './src/platform_browser';
-export { browserLocalPersistence, browserSessionPersistence, indexedDBLocalPersistence, PhoneAuthProvider, signInWithPhoneNumber, linkWithPhoneNumber, reauthenticateWithPhoneNumber, updatePhoneNumber, signInWithPopup, linkWithPopup, reauthenticateWithPopup, signInWithRedirect, linkWithRedirect, reauthenticateWithRedirect, getRedirectResult, RecaptchaVerifier, browserPopupRedirectResolver, PhoneMultiFactorGenerator, TotpMultiFactorGenerator, TotpSecret, getAuth };
+export { browserLocalPersistence, browserCookiePersistence, browserSessionPersistence, indexedDBLocalPersistence, PhoneAuthProvider, signInWithPhoneNumber, linkWithPhoneNumber, reauthenticateWithPhoneNumber, updatePhoneNumber, signInWithPopup, linkWithPopup, reauthenticateWithPopup, signInWithRedirect, linkWithRedirect, reauthenticateWithRedirect, getRedirectResult, RecaptchaVerifier, browserPopupRedirectResolver, PhoneMultiFactorGenerator, TotpMultiFactorGenerator, TotpSecret, getAuth };

package/dist/web-extension-esm2017/index.js

@@ -1,5 +1,5 @@
-import { r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, c as connectAuthEmulator } from './register-31c228e4.js';
-export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-31c228e4.js';
+import { r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, c as connectAuthEmulator } from './register-00522d81.js';
+export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-00522d81.js';
 import { _getProvider, getApp } from '@firebase/app';
 import { getDefaultEmulatorHost } from '@firebase/util';
 import 'tslib';

package/dist/web-extension-esm2017/internal.js

@@ -1,5 +1,5 @@
-import { a8 as STORAGE_AVAILABLE_KEY, a9 as _isMobileBrowser, aa as _isIE10, ab as Delay, ac as _window, ad as _assert, ae as isV2, af as _createError, ag as _recaptchaV2ScriptUrl, ah as _loadJS, ai as MockReCaptcha, aj as _generateCallbackName, ak as _castAuth, al as _isHttpOrHttps, am as _isWorker, an as getRecaptchaParams, ao as _serverAppCurrentUserOperationNotSupportedError, z as signInWithCredential, ap as _assertLinkedStatus, B as linkWithCredential, C as reauthenticateWithCredential, aq as _initializeRecaptchaConfig, ar as FAKE_TOKEN, as as startEnrollPhoneMfa, at as handleRecaptchaFlow, au as startSignInPhoneMfa, av as sendPhoneVerificationCode, aw as _link$1, P as PhoneAuthCredential, ax as _getInstance, ay as _signInWithCredential, az as _reauthenticate, m as AuthCredential, aA as signInWithIdp, aB as _fail, aC as debugAssert, aD as _assertInstanceOf, aE as _generateEventId, aF as FederatedAuthProvider, aG as _persistenceKeyName, aH as _performApiRequest, aI as _getCurrentUrl, aJ as _gapiScriptUrl, aK as _emulatorUrl, aL as _isChromeIOS, aM as _isFirefox, aN as _isIOSStandalone, aO as BaseOAuthProvider, aP as _setWindowLocation, aQ as _isSafari, aR as _isIOS, aS as MultiFactorAssertionImpl, aT as finalizeEnrollPhoneMfa, aU as finalizeSignInPhoneMfa, r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, e as beforeAuthStateChanged, o as onIdTokenChanged, c as connectAuthEmulator, aV as _setExternalJSProvider, aW as _isAndroid, aX as _isIOS7Or8 } from './register-31c228e4.js';
-export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, aZ as AuthImpl, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, a$ as FetchProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, b0 as SAMLAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, aY as UserImpl, ad as _assert, ak as _castAuth, aB as _fail, aE as _generateEventId, a_ as _getClientVersion, ax as _getInstance, aG as _persistenceKeyName, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-31c228e4.js';
+import { a8 as STORAGE_AVAILABLE_KEY, a9 as _isMobileBrowser, aa as _isIE10, ab as Delay, ac as _window, ad as _assert, ae as isV2, af as _createError, ag as _recaptchaV2ScriptUrl, ah as _loadJS, ai as MockReCaptcha, aj as _generateCallbackName, ak as _castAuth, al as _isHttpOrHttps, am as _isWorker, an as getRecaptchaParams, ao as _serverAppCurrentUserOperationNotSupportedError, z as signInWithCredential, ap as _assertLinkedStatus, B as linkWithCredential, C as reauthenticateWithCredential, aq as _initializeRecaptchaConfig, ar as FAKE_TOKEN, as as startEnrollPhoneMfa, at as handleRecaptchaFlow, au as startSignInPhoneMfa, av as sendPhoneVerificationCode, aw as _link$1, P as PhoneAuthCredential, ax as _getInstance, ay as _signInWithCredential, az as _reauthenticate, m as AuthCredential, aA as signInWithIdp, aB as _fail, aC as debugAssert, aD as _assertInstanceOf, aE as _generateEventId, aF as FederatedAuthProvider, aG as _persistenceKeyName, aH as _performApiRequest, aI as _getCurrentUrl, aJ as _gapiScriptUrl, aK as _emulatorUrl, aL as _isChromeIOS, aM as _isFirefox, aN as _isIOSStandalone, aO as BaseOAuthProvider, aP as _setWindowLocation, aQ as _isSafari, aR as _isIOS, aS as MultiFactorAssertionImpl, aT as finalizeEnrollPhoneMfa, aU as finalizeSignInPhoneMfa, r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, e as beforeAuthStateChanged, o as onIdTokenChanged, c as connectAuthEmulator, aV as _setExternalJSProvider, aW as _isAndroid, aX as _isIOS7Or8 } from './register-00522d81.js';
+export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, aZ as AuthImpl, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, a$ as FetchProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, b0 as SAMLAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, aY as UserImpl, ad as _assert, ak as _castAuth, aB as _fail, aE as _generateEventId, a_ as _getClientVersion, ax as _getInstance, aG as _persistenceKeyName, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-00522d81.js';
 import { querystring, getModularInstance, getUA, isEmpty, getExperimentalSetting, getDefaultEmulatorHost, querystringDecode } from '@firebase/util';
 import { _isFirebaseServerApp, SDK_VERSION, _getProvider, getApp } from '@firebase/app';
 import 'tslib';
@@ -341,6 +341,150 @@ BrowserLocalPersistence.type = 'LOCAL';
  */
 const browserLocalPersistence = BrowserLocalPersistence;
 
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const POLLING_INTERVAL_MS = 1000;
+// Pull a cookie value from document.cookie
+function getDocumentCookie(name) {
+    var _a, _b;
+    const escapedName = name.replace(/[\\^$.*+?()[\]{}|]/g, '\\$&');
+    const matcher = RegExp(`${escapedName}=([^;]+)`);
+    return (_b = (_a = document.cookie.match(matcher)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : null;
+}
+// Produce a sanitized cookie name from the persistence key
+function getCookieName(key) {
+    // __HOST- doesn't work in localhost https://issues.chromium.org/issues/40196122 but it has
+    // desirable security properties, so lets use a different cookie name while in dev-mode.
+    // Already checked isSecureContext in _isAvailable, so if it's http we're hitting local.
+    const isDevMode = window.location.protocol === 'http:';
+    return `${isDevMode ? '__dev_' : '__HOST-'}FIREBASE_${key.split(':')[3]}`;
+}
+class CookiePersistence {
+    constructor() {
+        this.type = "COOKIE" /* PersistenceType.COOKIE */;
+        this.listenerUnsubscribes = new Map();
+    }
+    // used to get the URL to the backend to proxy to
+    _getFinalTarget(originalUrl) {
+        if (typeof window === undefined) {
+            return originalUrl;
+        }
+        const url = new URL(`${window.location.origin}/__cookies__`);
+        url.searchParams.set('finalTarget', originalUrl);
+        return url;
+    }
+    // To be a usable persistence method in a chain browserCookiePersistence ensures that
+    // prerequisites have been met, namely that we're in a secureContext, navigator and document are
+    // available and cookies are enabled. Not all UAs support these method, so fallback accordingly.
+    async _isAvailable() {
+        var _a;
+        if (typeof isSecureContext === 'boolean' && !isSecureContext) {
+            return false;
+        }
+        if (typeof navigator === 'undefined' || typeof document === 'undefined') {
+            return false;
+        }
+        return (_a = navigator.cookieEnabled) !== null && _a !== void 0 ? _a : true;
+    }
+    // Set should be a noop as we expect middleware to handle this
+    async _set(_key, _value) {
+        return;
+    }
+    // Attempt to get the cookie from cookieStore, fallback to document.cookie
+    async _get(key) {
+        if (!this._isAvailable()) {
+            return null;
+        }
+        const name = getCookieName(key);
+        if (window.cookieStore) {
+            const cookie = await window.cookieStore.get(name);
+            return cookie === null || cookie === void 0 ? void 0 : cookie.value;
+        }
+        return getDocumentCookie(name);
+    }
+    // Log out by overriding the idToken with a sentinel value of ""
+    async _remove(key) {
+        if (!this._isAvailable()) {
+            return;
+        }
+        // To make sure we don't hit signout over and over again, only do this operation if we need to
+        // with the logout sentinel value of "" this can cause race conditions. Unnecessary set-cookie
+        // headers will reduce CDN hit rates too.
+        const existingValue = await this._get(key);
+        if (!existingValue) {
+            return;
+        }
+        const name = getCookieName(key);
+        document.cookie = `${name}=;Max-Age=34560000;Partitioned;Secure;SameSite=Strict;Path=/;Priority=High`;
+        await fetch(`/__cookies__`, { method: 'DELETE' }).catch(() => undefined);
+    }
+    // Listen for cookie changes, both cookieStore and fallback to polling document.cookie
+    _addListener(key, listener) {
+        if (!this._isAvailable()) {
+            return;
+        }
+        const name = getCookieName(key);
+        if (window.cookieStore) {
+            const cb = ((event) => {
+                const changedCookie = event.changed.find(change => change.name === name);
+                if (changedCookie) {
+                    listener(changedCookie.value);
+                }
+                const deletedCookie = event.deleted.find(change => change.name === name);
+                if (deletedCookie) {
+                    listener(null);
+                }
+            });
+            const unsubscribe = () => window.cookieStore.removeEventListener('change', cb);
+            this.listenerUnsubscribes.set(listener, unsubscribe);
+            return window.cookieStore.addEventListener('change', cb);
+        }
+        let lastValue = getDocumentCookie(name);
+        const interval = setInterval(() => {
+            const currentValue = getDocumentCookie(name);
+            if (currentValue !== lastValue) {
+                listener(currentValue);
+                lastValue = currentValue;
+            }
+        }, POLLING_INTERVAL_MS);
+        const unsubscribe = () => clearInterval(interval);
+        this.listenerUnsubscribes.set(listener, unsubscribe);
+    }
+    _removeListener(_key, listener) {
+        const unsubscribe = this.listenerUnsubscribes.get(listener);
+        if (!unsubscribe) {
+            return;
+        }
+        unsubscribe();
+        this.listenerUnsubscribes.delete(listener);
+    }
+}
+CookiePersistence.type = 'COOKIE';
+/**
+ * An implementation of {@link Persistence} of type `COOKIE`, for use on the client side in
+ * applications leveraging hybrid rendering and middleware.
+ *
+ * @remarks This persistence method requires companion middleware to function, such as that provided
+ * by {@link https://firebaseopensource.com/projects/firebaseextended/reactfire/ | ReactFire} for
+ * NextJS.
+ * @beta
+ */
+const browserCookiePersistence = CookiePersistence;
+
 /**
  * @license
  * Copyright 2020 Google LLC
@@ -3328,5 +3472,5 @@ function addFrameworkForLogging(auth, framework) {
     _castAuth(auth)._logFramework(framework);
 }
 
-export { ActionCodeOperation, AuthPopup, FactorId, OperationType, PhoneAuthProvider, PhoneMultiFactorGenerator, ProviderId, RecaptchaVerifier, SignInMethod, _getRedirectResult, _overrideRedirectResult, addFrameworkForLogging, browserLocalPersistence, browserPopupRedirectResolver, browserSessionPersistence, cordovaPopupRedirectResolver, getAuth, getRedirectResult, linkWithPhoneNumber, linkWithPopup, linkWithRedirect, reauthenticateWithPhoneNumber, reauthenticateWithPopup, reauthenticateWithRedirect, signInWithPhoneNumber, signInWithPopup, signInWithRedirect, updatePhoneNumber };
+export { ActionCodeOperation, AuthPopup, FactorId, OperationType, PhoneAuthProvider, PhoneMultiFactorGenerator, ProviderId, RecaptchaVerifier, SignInMethod, _getRedirectResult, _overrideRedirectResult, addFrameworkForLogging, browserCookiePersistence, browserLocalPersistence, browserPopupRedirectResolver, browserSessionPersistence, cordovaPopupRedirectResolver, getAuth, getRedirectResult, linkWithPhoneNumber, linkWithPopup, linkWithRedirect, reauthenticateWithPhoneNumber, reauthenticateWithPopup, reauthenticateWithRedirect, signInWithPhoneNumber, signInWithPopup, signInWithRedirect, updatePhoneNumber };
 //# sourceMappingURL=internal.js.map