@react-native-firebase/auth 16.2.0 → 16.3.1

package/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+### [16.3.1](https://github.com/invertase/react-native-firebase/compare/v16.3.0...v16.3.1) (2022-10-28)
+
+**Note:** Version bump only for package @react-native-firebase/auth
+
+## [16.3.0](https://github.com/invertase/react-native-firebase/compare/v16.2.0...v16.3.0) (2022-10-26)
+
+### Features
+
+- **auth:** Add multi-factor support for the sign-in flow ([#6593](https://github.com/invertase/react-native-firebase/issues/6593)) ([3c64bf5](https://github.com/invertase/react-native-firebase/commit/3c64bf5987eec73c8cc5d3f9246c4c0185eb7718))
+
 ## [16.2.0](https://github.com/invertase/react-native-firebase/compare/v16.1.1...v16.2.0) (2022-10-23)
 
 **Note:** Version bump only for package @react-native-firebase/auth

package/__tests__/auth.test.ts

@@ -2,6 +2,9 @@ import { describe, expect, it } from '@jest/globals';
 
 import auth, { firebase } from '../lib';
 
+// @ts-ignore - We don't mind missing types here
+import { NativeFirebaseError } from '../../app/lib/internal';
+
 describe('Auth', function () {
   describe('namespace', function () {
     it('accessible from firebase.app()', function () {
@@ -69,4 +72,50 @@ describe('Auth', function () {
       }
     });
   });
+
+  describe('getMultiFactorResolver', function () {
+    it('should return null if no resolver object is found', function () {
+      const unknownError = NativeFirebaseError.fromEvent(
+        {
+          code: 'unknown',
+        },
+        'auth',
+      );
+      const actual = auth.getMultiFactorResolver(auth(), unknownError);
+      expect(actual).toBe(null);
+    });
+
+    it('should return null if resolver object is null', function () {
+      const unknownError = NativeFirebaseError.fromEvent(
+        {
+          code: 'unknown',
+          resolver: null,
+        },
+        'auth',
+      );
+      const actual = auth.getMultiFactorResolver(firebase.app().auth(), unknownError);
+      expect(actual).toBe(null);
+    });
+
+    it('should return the resolver object if its found', function () {
+      const resolver = { session: '', hints: [] };
+      const errorWithResolver = NativeFirebaseError.fromEvent(
+        {
+          code: 'multi-factor-auth-required',
+          resolver,
+        },
+        'auth',
+      );
+      const actual = auth.getMultiFactorResolver(firebase.app().auth(), errorWithResolver);
+      // Using expect(actual).toEqual(resolver) causes unexpected errors:
+      //  You attempted to use "firebase.app('[DEFAULT]').appCheck" but this module could not be found.
+      expect(actual).not.toBeNull();
+      // @ts-ignore We know actual is not null
+      expect(actual.session).toEqual(resolver.session);
+      // @ts-ignore We know actual is not null
+      expect(actual.hints).toEqual(resolver.hints);
+      // @ts-ignore We know actual is not null
+      expect(actual._auth).not.toBeNull();
+    });
+  });
 });

package/android/src/main/java/io/invertase/firebase/auth/ReactNativeFirebaseAuthModule.java

@@ -21,6 +21,7 @@ import android.app.Activity;
 import android.net.Uri;
 import android.os.Parcel;
 import android.util.Log;
+import androidx.annotation.NonNull;
 import com.facebook.react.bridge.Arguments;
 import com.facebook.react.bridge.Promise;
 import com.facebook.react.bridge.ReactApplicationContext;
@@ -42,6 +43,7 @@ import com.google.firebase.auth.FacebookAuthProvider;
 import com.google.firebase.auth.FirebaseAuth;
 import com.google.firebase.auth.FirebaseAuthException;
 import com.google.firebase.auth.FirebaseAuthInvalidCredentialsException;
+import com.google.firebase.auth.FirebaseAuthMultiFactorException;
 import com.google.firebase.auth.FirebaseAuthProvider;
 import com.google.firebase.auth.FirebaseAuthSettings;
 import com.google.firebase.auth.FirebaseUser;
@@ -49,9 +51,17 @@ import com.google.firebase.auth.FirebaseUserMetadata;
 import com.google.firebase.auth.GetTokenResult;
 import com.google.firebase.auth.GithubAuthProvider;
 import com.google.firebase.auth.GoogleAuthProvider;
+import com.google.firebase.auth.MultiFactorAssertion;
+import com.google.firebase.auth.MultiFactorInfo;
+import com.google.firebase.auth.MultiFactorResolver;
+import com.google.firebase.auth.MultiFactorSession;
 import com.google.firebase.auth.OAuthProvider;
 import com.google.firebase.auth.PhoneAuthCredential;
+import com.google.firebase.auth.PhoneAuthOptions;
 import com.google.firebase.auth.PhoneAuthProvider;
+import com.google.firebase.auth.PhoneMultiFactorAssertion;
+import com.google.firebase.auth.PhoneMultiFactorGenerator;
+import com.google.firebase.auth.PhoneMultiFactorInfo;
 import com.google.firebase.auth.TwitterAuthProvider;
 import com.google.firebase.auth.UserInfo;
 import com.google.firebase.auth.UserProfileChangeRequest;
@@ -59,6 +69,8 @@ import io.invertase.firebase.common.ReactNativeFirebaseEvent;
 import io.invertase.firebase.common.ReactNativeFirebaseEventEmitter;
 import io.invertase.firebase.common.ReactNativeFirebaseModule;
 import io.invertase.firebase.common.SharedUtils;
+import java.text.SimpleDateFormat;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -72,6 +84,12 @@ import javax.annotation.Nullable;
 
 @SuppressWarnings({"ThrowableResultOfMethodCallIgnored", "JavaDoc"})
 class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
+  // Easier to use would be Instant and DateTimeFormatter, but these are only available in API 26+
+  // According to https://stackoverflow.com/a/2202300 this is not the optimal solution, but we only
+  // get a unix timestamp so we can hardcode the timezone.
+  public static final SimpleDateFormat ISO_8601_FORMATTER =
+      new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
+
   private static final String TAG = "Auth";
   private static HashMap<String, FirebaseAuth.AuthStateListener> mAuthListeners = new HashMap<>();
   private static HashMap<String, FirebaseAuth.IdTokenListener> mIdTokenListeners = new HashMap<>();
@@ -81,6 +99,9 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
   private PhoneAuthProvider.ForceResendingToken mForceResendingToken;
   private PhoneAuthCredential mCredential;
 
+  private final HashMap<String, MultiFactorResolver> mCachedResolvers = new HashMap<>();
+  private final HashMap<String, MultiFactorSession> mMultiFactorSessions = new HashMap<>();
+
   ReactNativeFirebaseAuthModule(ReactApplicationContext reactContext) {
     super(reactContext, TAG);
   }
@@ -120,6 +141,9 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
       firebaseAuth.removeIdTokenListener(mAuthListener);
       idTokenListenerIterator.remove();
     }
+
+    mCachedResolvers.clear();
+    mMultiFactorSessions.clear();
   }
 
   /** Add a new auth state listener - if one doesn't exist already */
@@ -929,6 +953,228 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
     }
   }
 
+  @ReactMethod
+  public void getSession(final String appName, final Promise promise) {
+    FirebaseApp firebaseApp = FirebaseApp.getInstance(appName);
+    FirebaseAuth firebaseAuth = FirebaseAuth.getInstance(firebaseApp);
+    firebaseAuth
+        .getCurrentUser()
+        .getMultiFactor()
+        .getSession()
+        .addOnCompleteListener(
+            task -> {
+              if (!task.isSuccessful()) {
+                rejectPromiseWithExceptionMap(promise, task.getException());
+                return;
+              }
+
+              final MultiFactorSession session = task.getResult();
+              final String sessionId = Integer.toString(session.hashCode());
+              mMultiFactorSessions.put(sessionId, session);
+
+              promise.resolve(sessionId);
+            });
+  }
+
+  @ReactMethod
+  public void verifyPhoneNumberWithMultiFactorInfo(
+      final String appName, final String hintUid, final String sessionKey, final Promise promise) {
+    final MultiFactorResolver resolver = mCachedResolvers.get(sessionKey);
+    if (resolver == null) {
+      // See https://firebase.google.com/docs/reference/node/firebase.auth.multifactorresolver for
+      // the error code
+      rejectPromiseWithCodeAndMessage(
+          promise,
+          "invalid-multi-factor-session",
+          "No resolver for session found. Is the session id correct?");
+      return;
+    }
+
+    MultiFactorInfo selectedHint = null;
+    for (MultiFactorInfo multiFactorInfo : resolver.getHints()) {
+      if (hintUid.equals(multiFactorInfo.getUid())) {
+        selectedHint = multiFactorInfo;
+        break;
+      }
+    }
+
+    if (selectedHint == null) {
+      rejectPromiseWithCodeAndMessage(
+          promise,
+          "multi-factor-info-not-found",
+          "The user does not have a second factor matching the identifier provided.");
+      return;
+    }
+
+    if (!PhoneMultiFactorGenerator.FACTOR_ID.equals(selectedHint.getFactorId())) {
+      rejectPromiseWithCodeAndMessage(
+          promise, "unknown", "Unsupported second factor. Only phone factors are supported.");
+      return;
+    }
+
+    final Activity activity = getCurrentActivity();
+    final PhoneAuthOptions phoneAuthOptions =
+        PhoneAuthOptions.newBuilder()
+            .setActivity(activity)
+            .setMultiFactorHint((PhoneMultiFactorInfo) selectedHint)
+            .setTimeout(30L, TimeUnit.SECONDS)
+            .setMultiFactorSession(resolver.getSession())
+            .setCallbacks(
+                new PhoneAuthProvider.OnVerificationStateChangedCallbacks() {
+                  @Override
+                  public void onCodeSent(
+                      @NonNull String verificationId,
+                      @NonNull PhoneAuthProvider.ForceResendingToken forceResendingToken) {
+                    promise.resolve(verificationId);
+                  }
+
+                  @Override
+                  public void onVerificationCompleted(
+                      @NonNull PhoneAuthCredential phoneAuthCredential) {
+                    resolveMultiFactorCredential(phoneAuthCredential, sessionKey, promise);
+                  }
+
+                  @Override
+                  public void onVerificationFailed(@NonNull FirebaseException e) {
+                    promiseRejectAuthException(promise, e);
+                  }
+                })
+            .build();
+
+    PhoneAuthProvider.verifyPhoneNumber(phoneAuthOptions);
+  }
+
+  @ReactMethod
+  public void verifyPhoneNumberForMultiFactor(
+      final String appName,
+      final String phoneNumber,
+      final String sessionKey,
+      final Promise promise) {
+    final MultiFactorSession multiFactorSession = mMultiFactorSessions.get(sessionKey);
+    if (multiFactorSession == null) {
+      rejectPromiseWithCodeAndMessage(promise, "unknown", "can't find session for provided key");
+      return;
+    }
+
+    final PhoneAuthOptions phoneAuthOptions =
+        PhoneAuthOptions.newBuilder()
+            .setPhoneNumber(phoneNumber)
+            .setActivity(getCurrentActivity())
+            .setTimeout(30L, TimeUnit.SECONDS)
+            .setMultiFactorSession(multiFactorSession)
+            .requireSmsValidation(true)
+            .setCallbacks(
+                new PhoneAuthProvider.OnVerificationStateChangedCallbacks() {
+                  @Override
+                  public void onVerificationCompleted(
+                      @NonNull PhoneAuthCredential phoneAuthCredential) {
+                    // We can't handle this flow in the JS part if we want to be compatible with
+                    // the firebase-js-sdk. If we set the requireSmsValidation option to true
+                    // this code should not be executed.
+                    rejectPromiseWithCodeAndMessage(
+                        promise, "not-implemented", "This is currently not supported.");
+                  }
+
+                  @Override
+                  public void onVerificationFailed(@NonNull FirebaseException e) {
+                    promiseRejectAuthException(promise, e);
+                  }
+
+                  @Override
+                  public void onCodeSent(
+                      @NonNull String verificationId,
+                      @NonNull PhoneAuthProvider.ForceResendingToken forceResendingToken) {
+                    promise.resolve(verificationId);
+                  }
+                })
+            .build();
+
+    PhoneAuthProvider.verifyPhoneNumber(phoneAuthOptions);
+  }
+
+  @ReactMethod
+  public void finalizeMultiFactorEnrollment(
+      final String appName,
+      final String verificationId,
+      final String verificationCode,
+      @Nullable final String displayName,
+      final Promise promise) {
+    FirebaseApp firebaseApp = FirebaseApp.getInstance(appName);
+    FirebaseAuth firebaseAuth = FirebaseAuth.getInstance(firebaseApp);
+
+    final PhoneAuthCredential phoneAuthCredential =
+        PhoneAuthProvider.getCredential(verificationId, verificationCode);
+    final PhoneMultiFactorAssertion assertion =
+        PhoneMultiFactorGenerator.getAssertion(phoneAuthCredential);
+    firebaseAuth
+        .getCurrentUser()
+        .getMultiFactor()
+        .enroll(assertion, displayName)
+        .addOnCompleteListener(
+            task -> {
+              if (!task.isSuccessful()) {
+                rejectPromiseWithExceptionMap(promise, task.getException());
+              }
+
+              // Need to reload user to make it all visible?
+              promise.resolve("yes");
+            });
+  }
+  /**
+   * This method is intended to resolve a {@link PhoneAuthCredential} obtained through a
+   * multi-factor authentication flow. A credential can either be obtained using:
+   *
+   * <ul>
+   *   <li>{@link PhoneAuthProvider#getCredential(String, String)}
+   *   <li>or {@link
+   *       com.google.firebase.auth.PhoneAuthProvider.OnVerificationStateChangedCallbacks#onVerificationCompleted(PhoneAuthCredential)}
+   * </ul>
+   *
+   * @param authCredential
+   * @param sessionKey An identifier for the session the flow belongs to. Used to look up the {@link
+   *     MultiFactorResolver}
+   * @param promise
+   */
+  private void resolveMultiFactorCredential(
+      final PhoneAuthCredential authCredential, final String sessionKey, final Promise promise) {
+    final MultiFactorAssertion multiFactorAssertion =
+        PhoneMultiFactorGenerator.getAssertion(authCredential);
+
+    final MultiFactorResolver resolver = mCachedResolvers.get(sessionKey);
+    if (resolver == null) {
+      rejectPromiseWithCodeAndMessage(
+          promise,
+          "invalid-multi-factor-session",
+          "No resolver for session found. Is the session id correct?");
+      return;
+    }
+
+    resolver
+        .resolveSignIn(multiFactorAssertion)
+        .addOnCompleteListener(
+            task -> {
+              if (task.isSuccessful()) {
+                AuthResult authResult = task.getResult();
+                promiseWithAuthResult(authResult, promise);
+              } else {
+                promiseRejectAuthException(promise, task.getException());
+              }
+            });
+  }
+
+  @ReactMethod
+  public void resolveMultiFactorSignIn(
+      final String appName,
+      final String session,
+      final String verificationId,
+      final String verificationCode,
+      final Promise promise) {
+
+    final PhoneAuthCredential credential =
+        PhoneAuthProvider.getCredential(verificationId, verificationCode);
+    resolveMultiFactorCredential(credential, session, promise);
+  }
+
   @ReactMethod
   public void confirmationResultConfirm(
       String appName, final String verificationCode, final Promise promise) {
@@ -1641,6 +1887,7 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
       authResultMap.putMap("user", userMap);
 
       promise.resolve(authResultMap);
+
     } else {
       promiseNoUser(promise, true);
     }
@@ -1654,7 +1901,14 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
    */
   private void promiseRejectAuthException(Promise promise, Exception exception) {
     WritableMap error = getJSError(exception);
-    rejectPromiseWithCodeAndMessage(promise, error.getString("code"), error.getString("message"));
+    final String sessionId = error.getString("sessionId");
+    final MultiFactorResolver multiFactorResolver = mCachedResolvers.get(sessionId);
+    WritableMap resolverAsMap = Arguments.createMap();
+    if (multiFactorResolver != null) {
+      resolverAsMap = resolverToMap(sessionId, multiFactorResolver);
+    }
+    rejectPromiseWithCodeAndMessage(
+        promise, error.getString("code"), error.getString("message"), resolverAsMap);
   }
 
   /**
@@ -1741,6 +1995,20 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
       }
     }
 
+    if (exception instanceof FirebaseAuthMultiFactorException) {
+      final FirebaseAuthMultiFactorException multiFactorException =
+          (FirebaseAuthMultiFactorException) exception;
+      // Make sure the error code conforms to the Web API. See
+      // https://firebase.google.com/docs/auth/web/multi-factor#signing_users_in_with_a_second_factor
+      code = "MULTI_FACTOR_AUTH_REQUIRED";
+      final MultiFactorResolver resolver = multiFactorException.getResolver();
+      final String sessionId = Integer.toString(resolver.getSession().hashCode());
+      mCachedResolvers.put(sessionId, resolver);
+      // Passing around a resolver ReadableMap leads to issues when trying to send the data back by
+      // calling Promise#reject. Building the map just before sending solves that issue.
+      error.putString("sessionId", sessionId);
+    }
+
     if (code.equals("UNKNOWN")) {
       if (exception instanceof FirebaseAuthInvalidCredentialsException) {
         code = "INVALID_EMAIL";
@@ -1753,6 +2021,24 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
       }
     }
 
+    // Some message need to be rewritten to match error messages from the Web SDK
+    switch (code) {
+      case "ERROR_UNVERIFIED_EMAIL":
+        message = "This operation requires a verified email.";
+        break;
+      case "ERROR_UNSUPPORTED_FIRST_FACTOR":
+        message =
+            "Enrolling a second factor or signing in with a multi-factor account requires sign-in"
+                + " with a supported first factor.";
+        break;
+      case "ERROR_INVALID_PHONE_NUMBER":
+        message =
+            "The format of the phone number provided is incorrect. Please enter the phone number in"
+                + " a format that can be parsed into E.164 format. E.164 phone numbers are written"
+                + " in the format [+][country code][subscriber number including area code].";
+        break;
+    }
+
     code = code.toLowerCase(Locale.ROOT).replace("error_", "").replace('_', '-');
     error.putString("code", code);
     error.putString("message", message);
@@ -1881,9 +2167,42 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
     }
     userMap.putMap("metadata", metadataMap);
 
+    final WritableArray enrolledFactors = Arguments.createArray();
+    for (final MultiFactorInfo hint : user.getMultiFactor().getEnrolledFactors()) {
+      enrolledFactors.pushMap(multiFactorInfoToMap(hint));
+    }
+    final WritableMap multiFactorMap = Arguments.createMap();
+    multiFactorMap.putArray("enrolledFactors", enrolledFactors);
+    userMap.putMap("multiFactor", multiFactorMap);
+
     return userMap;
   }
 
+  @NonNull
+  private WritableMap resolverToMap(final String sessionId, final MultiFactorResolver resolver) {
+    final WritableMap result = Arguments.createMap();
+    final WritableArray hints = Arguments.createArray();
+    for (MultiFactorInfo hint : resolver.getHints()) {
+      hints.pushMap(multiFactorInfoToMap(hint));
+    }
+
+    result.putArray("hints", hints);
+    result.putString("session", sessionId);
+    return result;
+  }
+
+  @NonNull
+  private WritableMap multiFactorInfoToMap(MultiFactorInfo hint) {
+    final WritableMap hintMap = Arguments.createMap();
+    final Date enrollmentTime = new Date(hint.getEnrollmentTimestamp() * 1000);
+    hintMap.putString("displayName", hint.getDisplayName());
+    hintMap.putString("enrollmentTime", ISO_8601_FORMATTER.format(enrollmentTime));
+    hintMap.putString("factorId", hint.getFactorId());
+    hintMap.putString("uid", hint.getUid());
+
+    return hintMap;
+  }
+
   private ActionCodeSettings buildActionCodeSettings(ReadableMap actionCodeSettings) {
     ActionCodeSettings.Builder builder = ActionCodeSettings.newBuilder();
 

package/ios/RNFBAuth/RNFBAuthModule.h

@@ -82,4 +82,5 @@ NSString* const AuthErrorCode_toJSErrorCode[] = {
     [FIRAuthErrorCodeNullUser] = @"null-user",
     [FIRAuthErrorCodeKeychainError] = @"keychain-error",
     [FIRAuthErrorCodeInternalError] = @"internal-error",
-    [FIRAuthErrorCodeMalformedJWT] = @"malformed-jwt"};
+    [FIRAuthErrorCodeMalformedJWT] = @"malformed-jwt",
+    [FIRAuthErrorCodeSecondFactorRequired] = @"multi-factor-auth-required"};

package/ios/RNFBAuth/RNFBAuthModule.m

@@ -31,6 +31,7 @@ static NSString *const keyAndroid = @"android";
 static NSString *const keyProfile = @"profile";
 static NSString *const keyNewUser = @"isNewUser";
 static NSString *const keyUsername = @"username";
+static NSString *const keyMultiFactor = @"multiFactor";
 static NSString *const keyPhotoUrl = @"photoURL";
 static NSString *const keyBundleId = @"bundleId";
 static NSString *const keyInstallApp = @"installApp";
@@ -53,6 +54,8 @@ static __strong NSMutableDictionary *idTokenHandlers;
 static __strong NSMutableDictionary *emulatorConfigs;
 // Used for caching credentials between method calls.
 static __strong NSMutableDictionary<NSString *, FIRAuthCredential *> *credentials;
+static __strong NSMutableDictionary<NSString *, FIRMultiFactorResolver *> *cachedResolver;
+static __strong NSMutableDictionary<NSString *, FIRMultiFactorSession *> *cachedSessions;
 
 @implementation RNFBAuthModule
 #pragma mark -
@@ -72,6 +75,8 @@ RCT_EXPORT_MODULE();
     idTokenHandlers = [[NSMutableDictionary alloc] init];
     emulatorConfigs = [[NSMutableDictionary alloc] init];
     credentials = [[NSMutableDictionary alloc] init];
+    cachedResolver = [[NSMutableDictionary alloc] init];
+    cachedSessions = [[NSMutableDictionary alloc] init];
   });
   return self;
 }
@@ -97,6 +102,8 @@ RCT_EXPORT_MODULE();
   [idTokenHandlers removeAllObjects];
 
   [credentials removeAllObjects];
+  [cachedResolver removeAllObjects];
+  [cachedSessions removeAllObjects];
 }
 
 #pragma mark -
@@ -734,12 +741,146 @@ RCT_EXPORT_METHOD(signInWithPhoneNumber
                }
              }];
 }
+RCT_EXPORT_METHOD(verifyPhoneNumberWithMultiFactorInfo
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)hintUid
+                  : (NSString *)sessionKey
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  if ([cachedResolver valueForKey:sessionKey] == nil) {
+    [RNFBSharedUtils
+        rejectPromiseWithUserInfo:reject
+                         userInfo:(NSMutableDictionary *)@{
+                           @"code" : @"invalid-multi-factor-session",
+                           @"message" : @"No resolver for session found. Is the session id correct?"
+                         }];
+    return;
+  }
+  FIRMultiFactorSession *session = cachedResolver[sessionKey].session;
+  NSPredicate *findByUid = [NSPredicate predicateWithFormat:@"UID == %@", hintUid];
+  FIRMultiFactorInfo *_Nullable hint =
+      [[cachedResolver[sessionKey].hints filteredArrayUsingPredicate:findByUid] firstObject];
+  if (hint == nil) {
+    [RNFBSharedUtils rejectPromiseWithUserInfo:reject
+                                      userInfo:(NSMutableDictionary *)@{
+                                        @"code" : @"multi-factor-info-not-found",
+                                        @"message" : @"The user does not have a second factor "
+                                                     @"matching the identifier provided."
+                                      }];
+    return;
+  }
+
+  [FIRPhoneAuthProvider.provider
+      verifyPhoneNumberWithMultiFactorInfo:hint
+                                UIDelegate:nil
+                        multiFactorSession:session
+                                completion:^(NSString *_Nullable verificationID,
+                                             NSError *_Nullable error) {
+                                  if (error) {
+                                    [self promiseRejectAuthException:reject error:error];
+                                  } else {
+                                    resolve(verificationID);
+                                  }
+                                }];
+}
+
+RCT_EXPORT_METHOD(verifyPhoneNumberForMultiFactor
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)phoneNumber
+                  : (NSString *)sessionId
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  FIRMultiFactorSession *session = cachedSessions[sessionId];
+  [FIRPhoneAuthProvider.provider
+       verifyPhoneNumber:phoneNumber
+              UIDelegate:nil
+      multiFactorSession:session
+              completion:^(NSString *_Nullable verificationID, NSError *_Nullable error) {
+                if (error != nil) {
+                  [self promiseRejectAuthException:reject error:error];
+                  return;
+                }
+
+                resolve(verificationID);
+              }];
+}
+
+RCT_EXPORT_METHOD(resolveMultiFactorSignIn
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)sessionKey
+                  : (NSString *)verificationId
+                  : (NSString *)verificationCode
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  FIRPhoneAuthCredential *credential =
+      [[FIRPhoneAuthProvider providerWithAuth:[FIRAuth authWithApp:firebaseApp]]
+          credentialWithVerificationID:verificationId
+                      verificationCode:verificationCode];
+  FIRMultiFactorAssertion *assertion =
+      [FIRPhoneMultiFactorGenerator assertionWithCredential:credential];
+  [cachedResolver[sessionKey] resolveSignInWithAssertion:assertion
+                                              completion:^(FIRAuthDataResult *_Nullable authResult,
+                                                           NSError *_Nullable error) {
+                                                if (error) {
+                                                  [self promiseRejectAuthException:reject
+                                                                             error:error];
+                                                } else {
+                                                  [self promiseWithAuthResult:resolve
+                                                                     rejecter:reject
+                                                                   authResult:authResult];
+                                                }
+                                              }];
+}
+
+RCT_EXPORT_METHOD(getSession
+                  : (FIRApp *)firebaseApp
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  FIRUser *user = [FIRAuth authWithApp:firebaseApp].currentUser;
+  [[user multiFactor] getSessionWithCompletion:^(FIRMultiFactorSession *_Nullable session,
+                                                 NSError *_Nullable error) {
+    if (error != nil) {
+      [self promiseRejectAuthException:reject error:error];
+      return;
+    }
+
+    NSString *sessionId = [NSString stringWithFormat:@"%@", @([session hash])];
+    cachedSessions[sessionId] = session;
+    resolve(sessionId);
+  }];
+}
+
+RCT_EXPORT_METHOD(finalizeMultiFactorEnrollment
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)verificationId
+                  : (NSString *)verificationCode
+                  : (NSString *_Nullable)displayName
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  FIRPhoneAuthCredential *credential =
+      [FIRPhoneAuthProvider.provider credentialWithVerificationID:verificationId
+                                                 verificationCode:verificationCode];
+  FIRMultiFactorAssertion *assertion =
+      [FIRPhoneMultiFactorGenerator assertionWithCredential:credential];
+  FIRUser *user = [FIRAuth authWithApp:firebaseApp].currentUser;
+  [user.multiFactor enrollWithAssertion:assertion
+                            displayName:displayName
+                             completion:^(NSError *_Nullable error) {
+                               if (error != nil) {
+                                 [self promiseRejectAuthException:reject error:error];
+                                 return;
+                               }
+
+                               resolve(nil);
+                               return;
+                             }];
+}
 
 RCT_EXPORT_METHOD(verifyPhoneNumber
                   : (FIRApp *)firebaseApp
                   : (NSString *)phoneNumber
                   : (NSString *)requestKey) {
-  [[FIRPhoneAuthProvider providerWithAuth:[FIRAuth authWithApp:firebaseApp]]
+  [FIRPhoneAuthProvider.provider
       verifyPhoneNumber:phoneNumber
              UIDelegate:nil
              completion:^(NSString *_Nullable verificationID, NSError *_Nullable error) {
@@ -1020,8 +1161,28 @@ RCT_EXPORT_METHOD(useEmulator
   }
 }
 
+- (NSDictionary *)multiFactorResolverToDict:(FIRMultiFactorResolver *)resolver {
+  // Temporarily store the non-serializable session for later
+  NSString *sessionHash = [NSString stringWithFormat:@"%@", @([resolver.session hash])];
+
+  return @{
+    @"hints" : [self convertMultiFactorData:resolver.hints],
+    @"session" : sessionHash,
+  };
+}
+
+- (NSString *)getJSFactorId:(NSString *)factorId {
+  if ([factorId isEqualToString:@"1"]) {
+    // Only phone is supported by the front-end so far
+    return @"phone";
+  }
+
+  return factorId;
+}
+
 - (void)promiseRejectAuthException:(RCTPromiseRejectBlock)reject error:(NSError *)error {
   NSDictionary *jsError = [self getJSError:(error)];
+
   [RNFBSharedUtils
       rejectPromiseWithUserInfo:reject
                        userInfo:(NSMutableDictionary *)@{
@@ -1029,6 +1190,7 @@ RCT_EXPORT_METHOD(useEmulator
                          @"message" : [jsError valueForKey:@"message"],
                          @"nativeErrorMessage" : [jsError valueForKey:@"nativeErrorMessage"],
                          @"authCredential" : [jsError valueForKey:@"authCredential"],
+                         @"resolver" : [jsError valueForKey:@"resolver"]
                        }];
 }
 
@@ -1063,6 +1225,9 @@ RCT_EXPORT_METHOD(useEmulator
       message = @"This operation is sensitive and requires recent authentication. Log in again "
                 @"before retrying this request.";
       break;
+    case FIRAuthErrorCodeSecondFactorRequired:
+      message = @"Please complete a second factor challenge to finish signing into this account.";
+      break;
     case FIRAuthErrorCodeAccountExistsWithDifferentCredential:
       message = @"An account already exists with the same email address but different sign-in "
                 @"credentials. Sign in using a provider associated with this email address.";
@@ -1098,6 +1263,12 @@ RCT_EXPORT_METHOD(useEmulator
     case FIRAuthErrorCodeInternalError:
       message = @"An internal error has occurred, please try again.";
       break;
+    case FIRAuthErrorCodeInvalidPhoneNumber:
+      message = @"The format of the phone number provided is incorrect. "
+                @"Please enter the phone number in a format that can be parsed into E.164 format. "
+                @"E.164 phone numbers are written in the format [+][country code][subscriber "
+                @"number including area code].";
+      break;
     default:
       break;
   }
@@ -1108,11 +1279,22 @@ RCT_EXPORT_METHOD(useEmulator
     authCredentialDict = [self authCredentialToDict:authCredential];
   }
 
+  NSDictionary *resolverDict = nil;
+  if ([error userInfo][FIRAuthErrorUserInfoMultiFactorResolverKey] != nil) {
+    FIRMultiFactorResolver *resolver =
+        (FIRMultiFactorResolver *)error.userInfo[FIRAuthErrorUserInfoMultiFactorResolverKey];
+    resolverDict = [self multiFactorResolverToDict:resolver];
+
+    NSString *sessionKey = [NSString stringWithFormat:@"%@", @([resolver.session hash])];
+    cachedResolver[sessionKey] = resolver;
+  }
+
   return @{
     @"code" : code,
     @"message" : message,
     @"nativeErrorMessage" : nativeErrorMessage,
     @"authCredential" : authCredentialDict != nil ? (id)authCredentialDict : [NSNull null],
+    @"resolver" : resolverDict != nil ? (id)resolverDict : [NSNull null]
   };
 }
 
@@ -1251,10 +1433,28 @@ RCT_EXPORT_METHOD(useEmulator
     keyProviderId : [user.providerID lowercaseString],
     @"refreshToken" : user.refreshToken,
     @"tenantId" : user.tenantID ? (id)user.tenantID : [NSNull null],
-    keyUid : user.uid
+    keyUid : user.uid,
+    @"multiFactor" :
+        @{@"enrolledFactors" : [self convertMultiFactorData:user.multiFactor.enrolledFactors]}
   };
 }
 
+- (NSArray<NSMutableDictionary *> *)convertMultiFactorData:(NSArray<FIRMultiFactorInfo *> *)hints {
+  NSMutableArray *enrolledFactors = [NSMutableArray array];
+
+  for (FIRPhoneMultiFactorInfo *hint in hints) {
+    NSString *enrollmentDate =
+        [[[NSISO8601DateFormatter alloc] init] stringFromDate:hint.enrollmentDate];
+    [enrolledFactors addObject:@{
+      @"uid" : hint.UID,
+      @"factorId" : [self getJSFactorId:(hint.factorID)],
+      @"displayName" : hint.displayName == nil ? [NSNull null] : hint.displayName,
+      @"enrollmentDate" : enrollmentDate,
+    }];
+  }
+  return enrolledFactors;
+}
+
 - (NSDictionary *)authCredentialToDict:(FIRAuthCredential *)authCredential {
   NSString *authCredentialHash = [NSString stringWithFormat:@"%@", @([authCredential hash])];
 

package/lib/MultiFactorResolver.js

@@ -0,0 +1,15 @@
+/**
+ * Base class to facilitate multi-factor authentication.
+ */
+export default class MultiFactorResolver {
+  constructor(auth, resolver) {
+    this._auth = auth;
+    this.hints = resolver.hints;
+    this.session = resolver.session;
+  }
+
+  resolveSignIn(assertion) {
+    const { token, secret } = assertion;
+    return this._auth.resolveMultiFactorSignIn(this.session, token, secret);
+  }
+}

package/lib/PhoneMultiFactorGenerator.js

@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+export default class PhoneMultiFactorGenerator {
+  static FACTOR_ID = 'phone';
+
+  constructor() {
+    throw new Error(
+      '`new PhoneMultiFactorGenerator()` is not supported on the native Firebase SDKs.',
+    );
+  }
+
+  static assertion(credential) {
+    // There is no logic here, we mainly do this for API compatibility
+    // (following the Web API).
+    const { token, secret } = credential;
+    return { token, secret };
+  }
+}

package/lib/User.js

@@ -48,6 +48,10 @@ export default class User {
     };
   }
 
+  get multiFactor() {
+    return this._user.multiFactor || null;
+  }
+
   get phoneNumber() {
     return this._user.phoneNumber || null;
   }

package/lib/getMultiFactorResolver.js

@@ -0,0 +1,19 @@
+import MultiFactorResolver from './MultiFactorResolver.js';
+
+/**
+ * Create a new resolver based on an auth instance and error
+ * object.
+ *
+ * Returns null if no resolver object can be found on the error.
+ */
+export function getMultiFactorResolver(auth, error) {
+  if (
+    error.hasOwnProperty('userInfo') &&
+    error.userInfo.hasOwnProperty('resolver') &&
+    error.userInfo.resolver
+  ) {
+    return new MultiFactorResolver(auth, error.userInfo.resolver);
+  }
+
+  return null;
+}

package/lib/index.d.ts

@@ -59,6 +59,11 @@ export namespace FirebaseAuthTypes {
        *  you might receive an updated credential (depending of provider) which you can use to recover from the error.
        */
       authCredential: AuthCredential | null;
+      /**
+       * When trying to sign in the user might be prompted for a second factor confirmation. Can
+       * can use this object to initialize the second factor flow and recover from the error.
+       */
+      resolver: MultiFactorResolver | null;
     };
   }
 
@@ -189,10 +194,23 @@ export namespace FirebaseAuthTypes {
     ERROR: 'error';
   }
 
+  export interface PhoneMultiFactorGenerator {
+    /**
+     * Identifies second factors of type phone.
+     */
+    FACTOR_ID: FactorId.PHONE;
+
+    /**
+     * Build a MultiFactorAssertion to resolve the multi-factor sign in process.
+     */
+    assertion(credential: AuthCredential): MultiFactorAssertion;
+  }
+
   /**
    * firebase.auth.X
    */
   export interface Statics {
+    getMultiFactorResolver: getMultiFactorResolver;
     /**
      * Email and password auth provider implementation.
      *
@@ -285,6 +303,11 @@ export namespace FirebaseAuthTypes {
      * ```
      */
     PhoneAuthState: PhoneAuthState;
+
+    /**
+     * A PhoneMultiFactorGenerator interface.
+     */
+    PhoneMultiFactorGenerator: PhoneMultiFactorGenerator;
   }
 
   /**
@@ -360,6 +383,129 @@ export namespace FirebaseAuthTypes {
     lastSignInTime?: string;
   }
 
+  /**
+   * Identifies the type of a second factor.
+   */
+  export enum FactorId {
+    PHONE = 'phone',
+  }
+
+  /**
+   * Contains information about a second factor.
+   */
+  export interface MultiFactorInfo {
+    /**
+     * User friendly name for this factor.
+     */
+    displayName?: string;
+    /**
+     * Time the second factor was enrolled, in UTC.
+     */
+    enrollmentTime: string;
+    /**
+     * Type of factor.
+     */
+    factorId: FactorId;
+    /**
+     * Unique id for this factor.
+     */
+    uid: string;
+  }
+
+  export interface MultiFactorAssertion {
+    token: string;
+    secret: string;
+  }
+
+  /**
+   * Facilitates the recovery when a user needs to provide a second factor to sign-in.
+   */
+  export interface MultiFactorResolver {
+    /**
+     * A list of enrolled factors that can be used to complete the multi-factor challenge.
+     */
+    hints: MultiFactorInfo[];
+    /**
+     * Serialized session this resolver belongs to.
+     */
+    session: string;
+
+    /**
+     * For testing purposes only
+     */
+    _auth: FirebaseAuthTypes.Module;
+
+    /**
+     * Resolve the multi factor flow.
+     */
+    resolveSignIn(assertion: MultiFactorAssertion): Promise<UserCredential>;
+  }
+
+  /**
+   * Try and obtain a #{@link MultiFactorResolver} instance based on an error.
+   * Returns null if no resolver object could be found.
+   *
+   * #### Example
+   *
+   * ```js
+   * const auth = firebase.auth();
+   * auth.signInWithEmailAndPassword(email, password).then((user) => {
+   *   // signed in
+   * }).catch((error) => {
+   *   if (error.code === 'auth/multi-factor-auth-required') {
+   *     const resolver = getMultiFactorResolver(auth, error);
+   *   }
+   * });
+   * ```
+   */
+  export type getMultiFactorResolver = (
+    auth: FirebaseAuthTypes.Module,
+    error: unknown,
+  ) => MultiFactorResolver | null;
+
+  /**
+   * The entry point for most multi-factor operations.
+   */
+  export interface MultiFactorUser {
+    /**
+     * Returns the user's enrolled factors.
+     */
+    enrolledFactors: MultiFactorInfo[];
+
+    /**
+     * Return the session id for this user.
+     */
+    getSession(): Promise<string>;
+
+    /**
+     * Enroll an additional factor. Provide an optional display name that can be shown to the user.
+     * The method will ensure the user state is reloaded after successfully enrolling a factor.
+     */
+    enroll(assertion: MultiFactorAssertion, displayName?: string): Promise<void>;
+  }
+
+  /**
+   * Return the #{@link MultiFactorUser} instance for the current user.
+   */
+  export type multiFactor = (auth: FirebaseAuthTypes.Module) => Promise<MultiFactorUser>;
+
+  /**
+   * Holds information about the user's enrolled factors.
+   *
+   * #### Example
+   *
+   * ```js
+   * const user = firebase.auth().currentUser;
+   * console.log('User multi factors: ', user.multiFactor);
+   * ```
+   */
+  export interface MultiFactor {
+    /**
+     * Returns the enrolled factors
+     */
+    enrolledFactors: MultiFactorInfo[];
+  }
+
   /**
    * Represents a collection of standard profile information for a user. Can be used to expose
    * profile information returned by an identity provider, such as Google Sign-In or Facebook Login.
@@ -904,6 +1050,11 @@ export namespace FirebaseAuthTypes {
      */
     metadata: UserMetadata;
 
+    /**
+     * Returns the {@link auth.MultiFactor} associated with this user.
+     */
+    multiFactor: MultiFactor | null;
+
     /**
      * Returns the phone number of the user, as stored in the Firebase project's user database,
      * or null if none exists. This can be updated at any time by calling {@link auth.User#updatePhoneNumber}.
@@ -1412,6 +1563,11 @@ export namespace FirebaseAuthTypes {
       forceResend?: boolean,
     ): PhoneAuthListener;
 
+    /**
+     * Obtain a verification id to complete the multi-factor sign-in flow.
+     */
+    verifyPhoneNumberWithMultiFactorInfo(hint: MultiFactorInfo, session: string): Promise<string>;
+
     /**
      * Creates a new user with an email and password.
      *

package/lib/index.js

@@ -35,11 +35,14 @@ import GithubAuthProvider from './providers/GithubAuthProvider';
 import GoogleAuthProvider from './providers/GoogleAuthProvider';
 import OAuthProvider from './providers/OAuthProvider';
 import PhoneAuthProvider from './providers/PhoneAuthProvider';
+import PhoneMultiFactorGenerator from './PhoneMultiFactorGenerator';
 import TwitterAuthProvider from './providers/TwitterAuthProvider';
 import AppleAuthProvider from './providers/AppleAuthProvider';
 import Settings from './Settings';
 import User from './User';
 import version from './version';
+import { getMultiFactorResolver } from './getMultiFactorResolver';
+import { multiFactor } from './multiFactor';
 
 const statics = {
   AppleAuthProvider,
@@ -49,6 +52,7 @@ const statics = {
   GithubAuthProvider,
   TwitterAuthProvider,
   FacebookAuthProvider,
+  PhoneMultiFactorGenerator,
   OAuthProvider,
   PhoneAuthState: {
     CODE_SENT: 'sent',
@@ -56,6 +60,8 @@ const statics = {
     AUTO_VERIFIED: 'verified',
     ERROR: 'error',
   },
+  getMultiFactorResolver,
+  multiFactor,
 };
 
 const namespace = 'auth';
@@ -250,6 +256,23 @@ class FirebaseAuthModule extends FirebaseModule {
     return new PhoneAuthListener(this, phoneNumber, _autoVerifyTimeout, _forceResend);
   }
 
+  verifyPhoneNumberWithMultiFactorInfo(multiFactorHint, session) {
+    return this.native.verifyPhoneNumberWithMultiFactorInfo(multiFactorHint.uid, session);
+  }
+
+  verifyPhoneNumberForMultiFactor(phoneInfoOptions) {
+    const { phoneNumber, session } = phoneInfoOptions;
+    return this.native.verifyPhoneNumberForMultiFactor(phoneNumber, session);
+  }
+
+  resolveMultiFactorSignIn(session, verificationId, verificationCode) {
+    return this.native
+      .resolveMultiFactorSignIn(session, verificationId, verificationCode)
+      .then(userCredential => {
+        return this._setUserCredential(userCredential);
+      });
+  }
+
   createUserWithEmailAndPassword(email, password) {
     return this.native
       .createUserWithEmailAndPassword(email, password)

package/lib/multiFactor.js

@@ -0,0 +1,35 @@
+/**
+ * Return a MultiFactorUser instance the gateway to multi-factor operations.
+ */
+export function multiFactor(auth) {
+  return new MultiFactorUser(auth);
+}
+
+export class MultiFactorUser {
+  constructor(auth) {
+    this._auth = auth;
+    this._user = auth.currentUser;
+    this.enrolledFactor = auth.currentUser.multiFactor.enrolledFactors;
+  }
+
+  getSession() {
+    return this._auth.native.getSession();
+  }
+
+  /**
+   * Finalize the enrollment process for the given multi-factor assertion.
+   * Optionally set a displayName. This method will reload the current user
+   * profile, which is necessary to see the multi-factor changes.
+   */
+  async enroll(multiFactorAssertion, displayName) {
+    const { token, secret } = multiFactorAssertion;
+    await this._auth.native.finalizeMultiFactorEnrollment(token, secret, displayName);
+
+    // We need to reload the user otherwise the changes are not visible
+    return this._auth.currentUser.reload();
+  }
+
+  unenroll() {
+    return Promise.reject(new Error('No implemented yet.'));
+  }
+}

package/lib/version.js

@@ -1,2 +1,2 @@
 // Generated by genversion.
-module.exports = '16.2.0';
+module.exports = '16.3.1';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@react-native-firebase/auth",
-  "version": "16.2.0",
+  "version": "16.3.1",
   "author": "Invertase <oss@invertase.io> (http://invertase.io)",
   "description": "React Native Firebase - The authentication module provides an easy-to-use API to integrate an authentication workflow into new and existing applications. React Native Firebase provides access to all Firebase authentication methods and identity providers.",
   "main": "lib/index.js",
@@ -22,10 +22,10 @@
     "auth"
   ],
   "peerDependencies": {
-    "@react-native-firebase/app": "16.2.0"
+    "@react-native-firebase/app": "16.3.1"
   },
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "e6fbf592e1014508528b302e4aa4cc63f052ddd1"
+  "gitHead": "1f2385bfb90ee5cad2aab23332d1d13fdf0d81c2"
 }