@react-native-firebase/auth 23.1.2 → 23.2.1

package/CHANGELOG.md

@@ -3,6 +3,23 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [23.2.1](https://github.com/invertase/react-native-firebase/compare/v23.2.0...v23.2.1) (2025-09-01)
+
+**Note:** Version bump only for package @react-native-firebase/auth
+
+## [23.2.0](https://github.com/invertase/react-native-firebase/compare/v23.1.2...v23.2.0) (2025-08-29)
+
+### Features
+
+- **auth:** QR code generation from TOTP secrets ([dd8e14b](https://github.com/invertase/react-native-firebase/commit/dd8e14b3387a8d6a0a48e3379d6379d7a3dae14d))
+- **auth:** support native TOTP app open ([213ee45](https://github.com/invertase/react-native-firebase/commit/213ee456894d21666ccdd6f179232aefba19658a))
+- **auth:** support TOTP enroll and unenroll ([0ad0658](https://github.com/invertase/react-native-firebase/commit/0ad0658ecb6d586c4428bf34b034add03fb90e3e))
+- **other:** implement TOTP auth for Other platform ([3fbc43a](https://github.com/invertase/react-native-firebase/commit/3fbc43a1f1ccf768c5f76a962a59d1850f73ba5a))
+
+### Bug Fixes
+
+- **auth:** add TotpSecret type definition ([be01081](https://github.com/invertase/react-native-firebase/commit/be0108134c93c57fcdac1069ac28b7aab9fc62be))
+
 ## [23.1.2](https://github.com/invertase/react-native-firebase/compare/v23.1.1...v23.1.2) (2025-08-25)
 
 **Note:** Version bump only for package @react-native-firebase/auth

package/android/src/main/java/io/invertase/firebase/auth/ReactNativeFirebaseAuthModule.java

@@ -66,6 +66,9 @@ import com.google.firebase.auth.PhoneAuthProvider;
 import com.google.firebase.auth.PhoneMultiFactorAssertion;
 import com.google.firebase.auth.PhoneMultiFactorGenerator;
 import com.google.firebase.auth.PhoneMultiFactorInfo;
+import com.google.firebase.auth.TotpMultiFactorAssertion;
+import com.google.firebase.auth.TotpMultiFactorGenerator;
+import com.google.firebase.auth.TotpSecret;
 import com.google.firebase.auth.TwitterAuthProvider;
 import com.google.firebase.auth.UserInfo;
 import com.google.firebase.auth.UserProfileChangeRequest;
@@ -107,6 +110,7 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
 
   private final HashMap<String, MultiFactorResolver> mCachedResolvers = new HashMap<>();
   private final HashMap<String, MultiFactorSession> mMultiFactorSessions = new HashMap<>();
+  private final HashMap<String, TotpSecret> mTotpSecrets = new HashMap<>();
 
   // storage for anonymous phone auth credentials, used for linkWithCredentials
   // https://github.com/invertase/react-native-firebase/issues/4911
@@ -154,6 +158,7 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
 
     mCachedResolvers.clear();
     mMultiFactorSessions.clear();
+    mTotpSecrets.clear();
   }
 
   @ReactMethod
@@ -1130,6 +1135,26 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
             });
   }
 
+  @ReactMethod
+  public void unenrollMultiFactor(
+      final String appName, final String factorUID, final Promise promise) {
+    FirebaseApp firebaseApp = FirebaseApp.getInstance(appName);
+    FirebaseAuth firebaseAuth = FirebaseAuth.getInstance(firebaseApp);
+    firebaseAuth
+        .getCurrentUser()
+        .getMultiFactor()
+        .unenroll(factorUID)
+        .addOnCompleteListener(
+            task -> {
+              if (!task.isSuccessful()) {
+                rejectPromiseWithExceptionMap(promise, task.getException());
+                return;
+              }
+
+              promise.resolve(null);
+            });
+  }
+
   @ReactMethod
   public void verifyPhoneNumberWithMultiFactorInfo(
       final String appName, final String hintUid, final String sessionKey, final Promise promise) {
@@ -1280,6 +1305,67 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
             });
   }
 
+  @ReactMethod
+  public void generateQrCodeUrl(
+      final String appName,
+      final String secretKey,
+      final String account,
+      final String issuer,
+      final Promise promise) {
+
+    TotpSecret secret = mTotpSecrets.get(secretKey);
+    if (secret == null) {
+      rejectPromiseWithCodeAndMessage(
+          promise, "invalid-multi-factor-secret", "can't find secret for provided key");
+      return;
+    }
+    promise.resolve(secret.generateQrCodeUrl(account, issuer));
+  }
+
+  @ReactMethod
+  public void openInOtpApp(final String appName, final String secretKey, final String qrCodeUri) {
+    TotpSecret secret = mTotpSecrets.get(secretKey);
+    if (secret != null) {
+      secret.openInOtpApp(qrCodeUri);
+    }
+  }
+
+  @ReactMethod
+  public void finalizeTotpEnrollment(
+      final String appName,
+      final String totpSecret,
+      final String verificationCode,
+      @Nullable final String displayName,
+      final Promise promise) {
+
+    TotpSecret secret = mTotpSecrets.get(totpSecret);
+    if (secret == null) {
+      rejectPromiseWithCodeAndMessage(
+          promise, "invalid-multi-factor-secret", "can't find secret for provided key");
+      return;
+    }
+
+    TotpMultiFactorAssertion assertion =
+        TotpMultiFactorGenerator.getAssertionForEnrollment(secret, verificationCode);
+
+    FirebaseApp firebaseApp = FirebaseApp.getInstance(appName);
+    FirebaseAuth firebaseAuth = FirebaseAuth.getInstance(firebaseApp);
+
+    firebaseAuth
+        .getCurrentUser()
+        .getMultiFactor()
+        .enroll(assertion, displayName)
+        .addOnCompleteListener(
+            task -> {
+              if (!task.isSuccessful()) {
+                rejectPromiseWithExceptionMap(promise, task.getException());
+                return;
+              }
+
+              promise.resolve(null);
+            });
+  }
+
   /**
    * This method is intended to resolve a {@link PhoneAuthCredential} obtained through a
    * multi-factor authentication flow. A credential can either be obtained using:
@@ -1335,6 +1421,70 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
     resolveMultiFactorCredential(credential, session, promise);
   }
 
+  @ReactMethod
+  public void resolveTotpSignIn(
+      final String appName,
+      final String sessionKey,
+      final String uid,
+      final String oneTimePassword,
+      final Promise promise) {
+
+    final MultiFactorAssertion assertion =
+        TotpMultiFactorGenerator.getAssertionForSignIn(uid, oneTimePassword);
+
+    final MultiFactorResolver resolver = mCachedResolvers.get(sessionKey);
+    if (resolver == null) {
+      // See https://firebase.google.com/docs/reference/node/firebase.auth.multifactorresolver for
+      // the error code
+      rejectPromiseWithCodeAndMessage(
+          promise,
+          "invalid-multi-factor-session",
+          "No resolver for session found. Is the session id correct?");
+      return;
+    }
+
+    resolver
+        .resolveSignIn(assertion)
+        .addOnCompleteListener(
+            task -> {
+              if (task.isSuccessful()) {
+                AuthResult authResult = task.getResult();
+                promiseWithAuthResult(authResult, promise);
+              } else {
+                promiseRejectAuthException(promise, task.getException());
+              }
+            });
+  }
+
+  @ReactMethod
+  public void generateTotpSecret(
+      final String appName, final String sessionKey, final Promise promise) {
+
+    final MultiFactorSession session = mMultiFactorSessions.get(sessionKey);
+    if (session == null) {
+      rejectPromiseWithCodeAndMessage(
+          promise,
+          "invalid-multi-factor-session",
+          "No resolver for session found. Is the session id correct?");
+      return;
+    }
+
+    TotpMultiFactorGenerator.generateSecret(session)
+        .addOnCompleteListener(
+            task -> {
+              if (task.isSuccessful()) {
+                TotpSecret totpSecret = task.getResult();
+                String totpSecretKey = totpSecret.getSharedSecretKey();
+                mTotpSecrets.put(totpSecretKey, totpSecret);
+                WritableMap result = Arguments.createMap();
+                result.putString("secretKey", totpSecretKey);
+                promise.resolve(result);
+              } else {
+                promiseRejectAuthException(promise, task.getException());
+              }
+            });
+  }
+
   @ReactMethod
   public void confirmationResultConfirm(
       String appName, final String verificationCode, final Promise promise) {

package/ios/RNFBAuth/RNFBAuthModule.m

@@ -58,6 +58,7 @@ static __strong NSMutableDictionary<NSString *, FIRAuthCredential *> *credential
 #if TARGET_OS_IOS
 static __strong NSMutableDictionary<NSString *, FIRMultiFactorResolver *> *cachedResolver;
 static __strong NSMutableDictionary<NSString *, FIRMultiFactorSession *> *cachedSessions;
+static __strong NSMutableDictionary<NSString *, FIRTOTPSecret *> *cachedTotpSecrets;
 #endif
 
 @implementation RNFBAuthModule
@@ -81,6 +82,7 @@ RCT_EXPORT_MODULE();
 #if TARGET_OS_IOS
     cachedResolver = [[NSMutableDictionary alloc] init];
     cachedSessions = [[NSMutableDictionary alloc] init];
+    cachedTotpSecrets = [[NSMutableDictionary alloc] init];
 #endif
   });
   return self;
@@ -110,6 +112,7 @@ RCT_EXPORT_MODULE();
 #if TARGET_OS_IOS
   [cachedResolver removeAllObjects];
   [cachedSessions removeAllObjects];
+  [cachedTotpSecrets removeAllObjects];
 #endif
 }
 
@@ -967,6 +970,87 @@ RCT_EXPORT_METHOD(resolveMultiFactorSignIn
                                               }];
 }
 
+RCT_EXPORT_METHOD(resolveTotpSignIn
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)sessionKey
+                  : (NSString *)uid
+                  : (NSString *)oneTimePassword
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  DLog(@"using instance resolve TotpSignIn: %@", firebaseApp.name);
+
+  FIRMultiFactorAssertion *assertion =
+      [FIRTOTPMultiFactorGenerator assertionForSignInWithEnrollmentID:uid
+                                                      oneTimePassword:oneTimePassword];
+  [cachedResolver[sessionKey] resolveSignInWithAssertion:assertion
+                                              completion:^(FIRAuthDataResult *_Nullable authResult,
+                                                           NSError *_Nullable error) {
+                                                DLog(@"authError: %@", error) if (error) {
+                                                  [self promiseRejectAuthException:reject
+                                                                             error:error];
+                                                }
+                                                else {
+                                                  [self promiseWithAuthResult:resolve
+                                                                     rejecter:reject
+                                                                   authResult:authResult];
+                                                }
+                                              }];
+}
+
+RCT_EXPORT_METHOD(generateTotpSecret
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)sessionKey
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  DLog(@"using instance resolve generateTotpSecret: %@", firebaseApp.name);
+
+  FIRMultiFactorSession *session = cachedSessions[sessionKey];
+  DLog(@"using sessionKey: %@", sessionKey);
+  DLog(@"using session: %@", session);
+  [FIRTOTPMultiFactorGenerator
+      generateSecretWithMultiFactorSession:session
+                                completion:^(FIRTOTPSecret *_Nullable totpSecret,
+                                             NSError *_Nullable error) {
+                                  DLog(@"authError: %@", error) if (error) {
+                                    [self promiseRejectAuthException:reject error:error];
+                                  }
+                                  else {
+                                    NSString *secretKey = totpSecret.sharedSecretKey;
+                                    DLog(@"secretKey generated: %@", secretKey);
+                                    cachedTotpSecrets[secretKey] = totpSecret;
+                                    DLog(@"cachedSecret: %@", cachedTotpSecrets[secretKey]);
+                                    resolve(@{
+                                      @"secretKey" : secretKey,
+                                    });
+                                  }
+                                }];
+}
+
+RCT_EXPORT_METHOD(generateQrCodeUrl
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)secretKey
+                  : (NSString *)accountName
+                  : (NSString *)issuer
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  DLog(@"generateQrCodeUrl using instance resolve generateQrCodeUrl: %@", firebaseApp.name);
+  DLog(@"generateQrCodeUrl using secretKey: %@", secretKey);
+  FIRTOTPSecret *totpSecret = cachedTotpSecrets[secretKey];
+  NSString *url = [totpSecret generateQRCodeURLWithAccountName:accountName issuer:issuer];
+  DLog(@"generateQrCodeUrl got QR Code URL %@", url);
+  resolve(url);
+}
+
+RCT_EXPORT_METHOD(openInOtpApp
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)secretKey
+                  : (NSString *)qrCodeUri) {
+  DLog(@"generateQrCodeUrl using secretKey: %@", secretKey);
+  FIRTOTPSecret *totpSecret = cachedTotpSecrets[secretKey];
+  DLog(@"openInOtpApp using qrCodeUri: %@", qrCodeUri);
+  [totpSecret openInOTPAppWithQRCodeURL:qrCodeUri];
+}
+
 RCT_EXPORT_METHOD(getSession
                   : (FIRApp *)firebaseApp
                   : (RCTPromiseResolveBlock)resolve
@@ -985,6 +1069,26 @@ RCT_EXPORT_METHOD(getSession
   }];
 }
 
+RCT_EXPORT_METHOD(unenrollMultiFactor
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)factorUID
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  DLog(@"using instance unenrollMultiFactor: %@", firebaseApp.name);
+
+  FIRUser *user = [FIRAuth authWithApp:firebaseApp].currentUser;
+  [user.multiFactor unenrollWithFactorUID:factorUID
+                               completion:^(NSError *_Nullable error) {
+                                 if (error != nil) {
+                                   [self promiseRejectAuthException:reject error:error];
+                                   return;
+                                 }
+
+                                 resolve(nil);
+                                 return;
+                               }];
+}
+
 RCT_EXPORT_METHOD(finalizeMultiFactorEnrollment
                   : (FIRApp *)firebaseApp
                   : (NSString *)verificationId
@@ -1014,6 +1118,37 @@ RCT_EXPORT_METHOD(finalizeMultiFactorEnrollment
                              }];
 }
 
+RCT_EXPORT_METHOD(finalizeTotpEnrollment
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)totpSecret
+                  : (NSString *)verificationCode
+                  : (NSString *_Nullable)displayName
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  DLog(@"using instance finalizeTotpEnrollment: %@", firebaseApp.name);
+
+  FIRTOTPSecret *cachedTotpSecret = cachedTotpSecrets[totpSecret];
+  DLog(@"using totpSecretKey: %@", totpSecret);
+  DLog(@"using cachedSecret: %@", cachedTotpSecret);
+  FIRTOTPMultiFactorAssertion *assertion =
+      [FIRTOTPMultiFactorGenerator assertionForEnrollmentWithSecret:cachedTotpSecret
+                                                    oneTimePassword:verificationCode];
+
+  FIRUser *user = [FIRAuth authWithApp:firebaseApp].currentUser;
+
+  [user.multiFactor enrollWithAssertion:assertion
+                            displayName:displayName
+                             completion:^(NSError *_Nullable error) {
+                               if (error != nil) {
+                                 [self promiseRejectAuthException:reject error:error];
+                                 return;
+                               }
+
+                               resolve(nil);
+                               return;
+                             }];
+}
+
 RCT_EXPORT_METHOD(verifyPhoneNumber
                   : (FIRApp *)firebaseApp
                   : (NSString *)phoneNumber
@@ -1741,12 +1876,12 @@ RCT_EXPORT_METHOD(useEmulator
       @"enrollmentDate" : enrollmentTime,
     } mutableCopy];
 
-    // only support phone mutli factor
     if ([hint isKindOfClass:[FIRPhoneMultiFactorInfo class]]) {
       FIRPhoneMultiFactorInfo *phoneHint = (FIRPhoneMultiFactorInfo *)hint;
       factorDict[@"phoneNumber"] = phoneHint.phoneNumber;
-      [enrolledFactors addObject:factorDict];
     }
+
+    [enrolledFactors addObject:factorDict];
   }
   return enrolledFactors;
 }

package/lib/MultiFactorResolver.js

@@ -9,7 +9,12 @@ export default class MultiFactorResolver {
   }
 
   resolveSignIn(assertion) {
-    const { token, secret } = assertion;
-    return this._auth.resolveMultiFactorSignIn(this.session, token, secret);
+    const { token, secret, uid, verificationCode } = assertion;
+
+    if (token && secret) {
+      return this._auth.resolveMultiFactorSignIn(this.session, token, secret);
+    }
+
+    return this._auth.resolveTotpSignIn(this.session, uid, verificationCode);
   }
 }

package/lib/TotpMultiFactorGenerator.js

@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import { isOther } from '@react-native-firebase/app/lib/common';
+import { TotpSecret } from './TotpSecret';
+import { getAuth } from './modular';
+
+export default class TotpMultiFactorGenerator {
+  static FACTOR_ID = 'totp';
+
+  constructor() {
+    throw new Error(
+      '`new TotpMultiFactorGenerator()` is not supported on the native Firebase SDKs.',
+    );
+  }
+
+  static assertionForSignIn(uid, verificationCode) {
+    if (isOther) {
+      // we require the web native assertion when using firebase-js-sdk
+      // as it has functions used by the SDK, a shim won't do
+      return getAuth().native.assertionForSignIn(uid, verificationCode);
+    }
+    return { uid, verificationCode };
+  }
+
+  static assertionForEnrollment(totpSecret, verificationCode) {
+    return { totpSecret: totpSecret.secretKey, verificationCode };
+  }
+
+  static async generateSecret(session, auth) {
+    if (!session) {
+      throw new Error('Session is required to generate a TOTP secret.');
+    }
+    const {
+      secretKey,
+      // Other properties are not publicly exposed in native APIs
+      // hashingAlgorithm, codeLength, codeIntervalSeconds, enrollmentCompletionDeadline
+    } = await auth.native.generateTotpSecret(session);
+
+    return new TotpSecret(secretKey, auth);
+  }
+}

package/lib/TotpSecret.js

@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { isString } from '@react-native-firebase/app/lib/common';
+
+export class TotpSecret {
+  constructor(secretKey, auth) {
+    // The native TotpSecret has many more properties, but they are
+    // internal to the native SDKs, we only maintain the secret in JS layer
+    this.secretKey = secretKey;
+
+    // we do need a handle to the correct auth instance to generate QR codes etc
+    this.auth = auth;
+  }
+
+  /**
+   * Shared secret key/seed used for enrolling in TOTP MFA and generating OTPs.
+   */
+  secretKey = null;
+
+  /**
+   * Returns a QR code URL as described in
+   * https://github.com/google/google-authenticator/wiki/Key-Uri-Format
+   * This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator.
+   * If the optional parameters are unspecified, an accountName of <userEmail> and issuer of <firebaseAppName> are used.
+   *
+   * @param accountName the name of the account/app along with a user identifier.
+   * @param issuer issuer of the TOTP (likely the app name).
+   * @returns A Promise that resolves to a QR code URL string.
+   */
+  async generateQrCodeUrl(accountName, issuer) {
+    // accountName and issure are nullable in the API specification but are
+    // required by tha native SDK. The JS SDK returns '' if they are missing/empty.
+    if (!isString(accountName) || !isString(issuer) || accountName === '' || issuer === '') {
+      return '';
+    }
+    return this.auth.native.generateQrCodeUrl(this.secretKey, accountName, issuer);
+  }
+
+  /**
+   * Opens the specified QR Code URL in an OTP authenticator app on the device.
+   * The shared secret key and account name will be populated in the OTP authenticator app.
+   * The URL uses the otpauth:// scheme and will be opened on an app that handles this scheme,
+   * if it exists on the device, possibly opening the ecocystem-specific app store with a generic
+   * query for compatible apps if no app exists on the device.
+   *
+   * @param qrCodeUrl the URL to open in the app, from generateQrCodeUrl
+   */
+  openInOtpApp(qrCodeUrl) {
+    if (isString(qrCodeUrl) && !qrCodeUrl !== '') {
+      return this.auth.native.openInOtpApp(this.secretKey, qrCodeUrl);
+    }
+  }
+}

package/lib/getMultiFactorResolver.js

@@ -1,3 +1,4 @@
+import { isOther } from '@react-native-firebase/app/lib/common';
 import MultiFactorResolver from './MultiFactorResolver.js';
 
 /**
@@ -7,6 +8,9 @@ import MultiFactorResolver from './MultiFactorResolver.js';
  * Returns null if no resolver object can be found on the error.
  */
 export function getMultiFactorResolver(auth, error) {
+  if (isOther) {
+    return auth.native.getMultiFactorResolver(error);
+  }
   if (
     error.hasOwnProperty('userInfo') &&
     error.userInfo.hasOwnProperty('resolver') &&

package/lib/index.d.ts

@@ -275,6 +275,78 @@ export namespace FirebaseAuthTypes {
     assertion(credential: AuthCredential): MultiFactorAssertion;
   }
 
+  /**
+   * Represents a TOTP secret that is used for enrolling a TOTP second factor.
+   * Contains the shared secret key and other parameters to generate time-based
+   * one-time passwords. Implements methods to retrieve the shared secret key,
+   * generate a QR code URL, and open the QR code URL in an OTP authenticator app.
+   *
+   * Differs from standard firebase JS implementation in three ways:
+   * 1- there is no visibility into ony properties other than the secretKey
+   * 2- there is an added `openInOtpApp` method supported by native SDKs
+   * 3- the return value of generateQrCodeUrl is a Promise because react-native bridge is async
+   * @public
+   */
+  export declare class TotpSecret {
+    /** used internally to support non-default auth instances */
+    private readonly auth;
+    /**
+     * Shared secret key/seed used for enrolling in TOTP MFA and generating OTPs.
+     */
+    readonly secretKey: string;
+
+    private constructor();
+
+    /**
+     * Returns a QR code URL as described in
+     * https://github.com/google/google-authenticator/wiki/Key-Uri-Format
+     * This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator.
+     * If the optional parameters are unspecified, an accountName of userEmail and issuer of firebaseAppName are used.
+     *
+     * @param accountName the name of the account/app along with a user identifier.
+     * @param issuer issuer of the TOTP (likely the app name).
+     * @returns A Promise that resolves to a QR code URL string.
+     */
+    async generateQrCodeUrl(accountName?: string, issuer?: string): Promise<string>;
+
+    /**
+     * Opens the specified QR Code URL in an OTP authenticator app on the device.
+     * The shared secret key and account name will be populated in the OTP authenticator app.
+     * The URL uses the otpauth:// scheme and will be opened on an app that handles this scheme,
+     * if it exists on the device, possibly opening the ecocystem-specific app store with a generic
+     * query for compatible apps if no app exists on the device.
+     *
+     * @param qrCodeUrl the URL to open in the app, from generateQrCodeUrl
+     */
+    openInOtpApp(qrCodeUrl: string): string;
+  }
+
+  export interface TotpMultiFactorGenerator {
+    FACTOR_ID: FactorId.TOTP;
+
+    assertionForSignIn(uid: string, totpSecret: string): MultiFactorAssertion;
+
+    assertionForEnrollment(secret: TotpSecret, code: string): MultiFactorAssertion;
+
+    /**
+     * @param auth - The Auth instance. Only used for native platforms, should be ignored on web.
+     */
+    generateSecret(
+      session: FirebaseAuthTypes.MultiFactorSession,
+      auth: FirebaseAuthTypes.Auth,
+    ): Promise<TotpSecret>;
+  }
+
+  export declare interface MultiFactorError extends AuthError {
+    /** Details about the MultiFactorError. */
+    readonly customData: AuthError['customData'] & {
+      /**
+       * The type of operation (sign-in, linking, or re-authentication) that raised the error.
+       */
+      readonly operationType: (typeof OperationType)[keyof typeof OperationType];
+    };
+  }
+
   /**
    * firebase.auth.X
    */
@@ -476,6 +548,7 @@ export namespace FirebaseAuthTypes {
    */
   export enum FactorId {
     PHONE = 'phone',
+    TOTP = 'totp',
   }
 
   /**
@@ -596,6 +669,12 @@ export namespace FirebaseAuthTypes {
      * The method will ensure the user state is reloaded after successfully enrolling a factor.
      */
     enroll(assertion: MultiFactorAssertion, displayName?: string): Promise<void>;
+
+    /**
+     * Unenroll a previously enrolled multi-factor authentication factor.
+     * @param option The multi-factor option to unenroll.
+     */
+    unenroll(option: MultiFactorInfo | string): Promise<void>;
   }
 
   /**

package/lib/index.js

@@ -34,6 +34,7 @@ import {
 import ConfirmationResult from './ConfirmationResult';
 import PhoneAuthListener from './PhoneAuthListener';
 import PhoneMultiFactorGenerator from './PhoneMultiFactorGenerator';
+import TotpMultiFactorGenerator from './TotpMultiFactorGenerator';
 import Settings from './Settings';
 import User from './User';
 import { getMultiFactorResolver } from './getMultiFactorResolver';
@@ -66,6 +67,7 @@ export {
   TwitterAuthProvider,
   FacebookAuthProvider,
   PhoneMultiFactorGenerator,
+  TotpMultiFactorGenerator,
   OAuthProvider,
   OIDCAuthProvider,
   PhoneAuthState,
@@ -80,6 +82,7 @@ const statics = {
   TwitterAuthProvider,
   FacebookAuthProvider,
   PhoneMultiFactorGenerator,
+  TotpMultiFactorGenerator,
   OAuthProvider,
   OIDCAuthProvider,
   PhoneAuthState,
@@ -324,6 +327,12 @@ class FirebaseAuthModule extends FirebaseModule {
       });
   }
 
+  resolveTotpSignIn(session, uid, totpSecret) {
+    return this.native.resolveTotpSignIn(session, uid, totpSecret).then(userCredential => {
+      return this._setUserCredential(userCredential);
+    });
+  }
+
   createUserWithEmailAndPassword(email, password) {
     return this.native
       .createUserWithEmailAndPassword(email, password)

package/lib/multiFactor.js

@@ -26,14 +26,25 @@ export class MultiFactorUser {
    * profile, which is necessary to see the multi-factor changes.
    */
   async enroll(multiFactorAssertion, displayName) {
-    const { token, secret } = multiFactorAssertion;
-    await this._auth.native.finalizeMultiFactorEnrollment(token, secret, displayName);
+    const { token, secret, totpSecret, verificationCode } = multiFactorAssertion;
+    if (token && secret) {
+      await this._auth.native.finalizeMultiFactorEnrollment(token, secret, displayName);
+    } else if (totpSecret && verificationCode) {
+      await this._auth.native.finalizeTotpEnrollment(totpSecret, verificationCode, displayName);
+    } else {
+      throw new Error('Invalid multi-factor assertion provided for enrollment.');
+    }
 
     // We need to reload the user otherwise the changes are not visible
+    // TODO reload not working on Other platform
     return reload(this._auth.currentUser);
   }
 
-  unenroll() {
-    return Promise.reject(new Error('No implemented yet.'));
+  async unenroll(enrollmentId) {
+    await this._auth.native.unenrollMultiFactor(enrollmentId);
+
+    if (this._auth.currentUser) {
+      return reload(this._auth.currentUser);
+    }
   }
 }

package/lib/version.js

@@ -1,2 +1,2 @@
 // Generated by genversion.
-module.exports = '23.1.2';
+module.exports = '23.2.1';

package/lib/web/RNFBAuthModule.js

@@ -8,6 +8,8 @@ import {
   sendSignInLinkToEmail,
   getAdditionalUserInfo,
   multiFactor,
+  getMultiFactorResolver,
+  TotpMultiFactorGenerator,
   createUserWithEmailAndPassword,
   signInWithEmailAndPassword,
   isSignInWithEmailLink,
@@ -70,6 +72,15 @@ function rejectPromiseWithCodeAndMessage(code, message) {
   return rejectPromise(getWebError({ code: `auth/${code}`, message }));
 }
 
+function rejectWithCodeAndMessage(code, message) {
+  return Promise.reject(
+    getWebError({
+      code,
+      message,
+    }),
+  );
+}
+
 /**
  * Returns a structured error object.
  * @param {error} error The error object.
@@ -102,7 +113,9 @@ function userToObject(user) {
     tenantId: user.tenantId !== null && user.tenantId !== '' ? user.tenantId : null,
     providerData: user.providerData.map(userInfoToObject),
     metadata: userMetadataToObject(user.metadata),
-    multiFactor: multiFactor(user).enrolledFactors.map(multiFactorInfoToObject),
+    multiFactor: {
+      enrolledFactors: multiFactor(user).enrolledFactors.map(multiFactorInfoToObject),
+    },
   };
 }
 
@@ -222,6 +235,7 @@ const instances = {};
 const authStateListeners = {};
 const idTokenListeners = {};
 const sessionMap = new Map();
+const totpSecretMap = new Map();
 let sessionId = 0;
 
 // Returns a cached Firestore instance.
@@ -441,11 +455,28 @@ export default {
    * @returns {Promise<object>} - The result of the sign in.
    */
   async signInWithEmailAndPassword(appName, email, password) {
-    return guard(async () => {
-      const auth = getCachedAuthInstance(appName);
-      const credential = await signInWithEmailAndPassword(auth, email, password);
+    // The default guard / getWebError process doesn't work well here,
+    // since it creates a new error object that is then passed through
+    // a native module proxy and gets processed again.
+    // We need lots of information from the error so that MFA will work
+    // later if needed. So we handle the error custom here.
+    // return guard(async () => {
+    try {
+      const credential = await signInWithEmailAndPassword(
+        getCachedAuthInstance(appName),
+        email,
+        password,
+      );
       return authResultToObject(credential);
-    });
+    } catch (e) {
+      e.userInfo = {
+        code: e.code.split('/')[1],
+        message: e.message,
+        customData: e.customData,
+      };
+      throw e;
+    }
+    // });
   },
 
   /**
@@ -991,6 +1022,104 @@ export default {
     });
   },
 
+  /**
+   * Get a MultiFactorResolver from the underlying SDK
+   * @param {*} _appName the name of the app to get the auth instance for
+   * @param {*} uid the uid of the TOTP MFA attempt
+   * @param {*} code the code from the user TOTP app
+   * @return TotpMultiFactorAssertion to use for resolving
+   */
+  assertionForSignIn(_appName, uid, code) {
+    return TotpMultiFactorGenerator.assertionForSignIn(uid, code);
+  },
+
+  /**
+   * Get a MultiFactorResolver from the underlying SDK
+   * @param {*} appName the name of the app to get the auth instance for
+   * @param {*} error the MFA error returned from initial factor login attempt
+   * @return MultiFactorResolver to use for verifying the second factor
+   */
+  getMultiFactorResolver(appName, error) {
+    return getMultiFactorResolver(getCachedAuthInstance(appName), error);
+  },
+
+  /**
+   * generate a TOTP secret
+   * @param {*} _appName - The name of the app to get the auth instance for.
+   * @param {*} session - The MultiFactorSession to associate with the secret
+   * @returns object with secretKey to associate with TotpSecret
+   */
+  async generateTotpSecret(_appName, session) {
+    return guard(async () => {
+      const totpSecret = await TotpMultiFactorGenerator.generateSecret(sessionMap.get(session));
+      totpSecretMap.set(totpSecret.secretKey, totpSecret);
+      return { secretKey: totpSecret.secretKey };
+    });
+  },
+
+  /**
+   * unenroll from TOTP
+   * @param {*} appName - The name of the app to get the auth instance for.
+   * @param {*} enrollmentId - The ID to associate with the enrollment
+   * @returns
+   */
+  async unenrollMultiFactor(appName, enrollmentId) {
+    return guard(async () => {
+      const auth = getCachedAuthInstance(appName);
+      if (auth.currentUser === null) {
+        return promiseNoUser(true);
+      }
+      await multiFactor(auth.currentUser).unenroll(enrollmentId);
+    });
+  },
+
+  /**
+   * finalize a TOTP enrollment
+   * @param {*} appName - The name of the app to get the auth instance for.
+   * @param {*} secretKey - The secretKey to associate native TotpSecret
+   * @param {*} verificationCode - The TOTP to verify
+   * @param {*} displayName - The name to associate as a hint
+   * @returns
+   */
+  async finalizeTotpEnrollment(appName, secretKey, verificationCode, displayName) {
+    return guard(async () => {
+      const auth = getCachedAuthInstance(appName);
+      if (auth.currentUser === null) {
+        return promiseNoUser(true);
+      }
+      const multiFactorAssertion = TotpMultiFactorGenerator.assertionForEnrollment(
+        totpSecretMap.get(secretKey),
+        verificationCode,
+      );
+      await multiFactor(auth.currentUser).enroll(multiFactorAssertion, displayName);
+    });
+  },
+
+  /**
+   * generate a TOTP QR Code URL
+   * @param {*} _appName - The name of the app to get the auth instance for.
+   * @param {*} secretKey - The secretKey to associate with the TotpSecret
+   * @param {*} accountName - The account name to use in auth app
+   * @param {*} issuer - The issuer to use in auth app
+   * @returns QR Code URL
+   */
+  generateQrCodeUrl(_appName, secretKey, accountName, issuer) {
+    return totpSecretMap.get(secretKey).generateQrCodeUrl(accountName, issuer);
+  },
+
+  /**
+   * open a QR Code URL in an app directly
+   * @param {*} appName - The name of the app to get the auth instance for.
+   * @param {*} qrCodeUrl the URL to open in the app, from generateQrCodeUrl
+   * @throws Error not supported in this environment
+   */
+  openInOtpApp() {
+    return rejectWithCodeAndMessage(
+      'unsupported',
+      'This operation is not supported in this environment.',
+    );
+  },
+
   /* ----------------------
    *  other methods
    * ---------------------- */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@react-native-firebase/auth",
-  "version": "23.1.2",
+  "version": "23.2.1",
   "author": "Invertase <oss@invertase.io> (http://invertase.io)",
   "description": "React Native Firebase - The authentication module provides an easy-to-use API to integrate an authentication workflow into new and existing applications. React Native Firebase provides access to all Firebase authentication methods and identity providers.",
   "main": "lib/index.js",
@@ -27,7 +27,7 @@
     "plist": "^3.1.0"
   },
   "peerDependencies": {
-    "@react-native-firebase/app": "23.1.2",
+    "@react-native-firebase/app": "23.2.1",
     "expo": ">=47.0.0"
   },
   "devDependencies": {
@@ -43,5 +43,5 @@
     "access": "public",
     "provenance": true
   },
-  "gitHead": "65b4f41cea31be5393aca14bcc78ce6e5255f51f"
+  "gitHead": "79455d150fd162c23a1fd57af5d1a497303a5407"
 }