@tern-secure/backend 1.2.0-canary.v20250926170202 → 1.2.0-canary.v20251002175916

package/dist/chunk-YKIA5EBF.mjs

@@ -0,0 +1,142 @@
+import {
+  CACHE_CONTROL_REGEX,
+  DEFAULT_CACHE_DURATION,
+  GOOGLE_PUBLIC_KEYS_URL,
+  MAX_CACHE_LAST_UPDATED_AT_SECONDS
+} from "./chunk-4SGWLAJG.mjs";
+import {
+  TokenVerificationError,
+  TokenVerificationErrorReason,
+  ternDecodeJwt,
+  verifyJwt
+} from "./chunk-WZYVAHZ3.mjs";
+
+// src/tokens/keys.ts
+var cache = {};
+var lastUpdatedAt = 0;
+var googleExpiresAt = 0;
+function getFromCache(kid) {
+  return cache[kid];
+}
+function getCacheValues() {
+  return Object.values(cache);
+}
+function setInCache(kid, certificate, shouldExpire = true) {
+  cache[kid] = certificate;
+  lastUpdatedAt = shouldExpire ? Date.now() : -1;
+}
+async function fetchPublicKeys(keyUrl) {
+  const url = new URL(keyUrl);
+  const response = await fetch(url);
+  if (!response.ok) {
+    throw new TokenVerificationError({
+      message: `Error loading public keys from ${url.href} with code=${response.status} `,
+      reason: TokenVerificationErrorReason.TokenInvalid
+    });
+  }
+  const data = await response.json();
+  const expiresAt = getExpiresAt(response);
+  return {
+    keys: data,
+    expiresAt
+  };
+}
+async function loadJWKFromRemote({
+  keyURL = GOOGLE_PUBLIC_KEYS_URL,
+  skipJwksCache,
+  kid
+}) {
+  if (skipJwksCache || isCacheExpired() || !getFromCache(kid)) {
+    const { keys, expiresAt } = await fetchPublicKeys(keyURL);
+    if (!keys || Object.keys(keys).length === 0) {
+      throw new TokenVerificationError({
+        message: `The JWKS endpoint ${keyURL} returned no keys`,
+        reason: TokenVerificationErrorReason.RemoteJWKFailedToLoad
+      });
+    }
+    googleExpiresAt = expiresAt;
+    Object.entries(keys).forEach(([keyId, cert2]) => {
+      setInCache(keyId, cert2);
+    });
+  }
+  const cert = getFromCache(kid);
+  if (!cert) {
+    getCacheValues();
+    const availableKids = Object.keys(cache).sort().join(", ");
+    throw new TokenVerificationError({
+      message: `No public key found for kid "${kid}". Available kids: [${availableKids}]`,
+      reason: TokenVerificationErrorReason.TokenInvalid
+    });
+  }
+  return cert;
+}
+function isCacheExpired() {
+  const now = Date.now();
+  if (lastUpdatedAt === -1) {
+    return false;
+  }
+  const cacheAge = now - lastUpdatedAt;
+  const maxCacheAge = MAX_CACHE_LAST_UPDATED_AT_SECONDS * 1e3;
+  const localCacheExpired = cacheAge >= maxCacheAge;
+  const googleCacheExpired = now >= googleExpiresAt;
+  const isExpired = localCacheExpired || googleCacheExpired;
+  if (isExpired) {
+    cache = {};
+  }
+  return isExpired;
+}
+function getExpiresAt(res) {
+  const cacheControlHeader = res.headers.get("cache-control");
+  if (!cacheControlHeader) {
+    return Date.now() + DEFAULT_CACHE_DURATION;
+  }
+  const maxAgeMatch = cacheControlHeader.match(CACHE_CONTROL_REGEX);
+  const maxAge = maxAgeMatch ? parseInt(maxAgeMatch[1], 10) : DEFAULT_CACHE_DURATION / 1e3;
+  return Date.now() + maxAge * 1e3;
+}
+
+// src/tokens/verify.ts
+async function verifyToken(token, options) {
+  const { data: decodedResult, errors } = ternDecodeJwt(token);
+  if (errors) {
+    return { errors };
+  }
+  const { header } = decodedResult;
+  const { kid } = header;
+  if (!kid) {
+    return {
+      errors: [
+        new TokenVerificationError({
+          reason: TokenVerificationErrorReason.TokenInvalid,
+          message: 'JWT "kid" header is missing.'
+        })
+      ]
+    };
+  }
+  try {
+    const key = options.jwtKey || await loadJWKFromRemote({ ...options, kid });
+    if (!key) {
+      return {
+        errors: [
+          new TokenVerificationError({
+            reason: TokenVerificationErrorReason.TokenInvalid,
+            message: `No public key found for kid "${kid}".`
+          })
+        ]
+      };
+    }
+    return await verifyJwt(token, { ...options, key });
+  } catch (error) {
+    if (error instanceof TokenVerificationError) {
+      return { errors: [error] };
+    }
+    return {
+      errors: [error]
+    };
+  }
+}
+
+export {
+  verifyToken
+};
+//# sourceMappingURL=chunk-YKIA5EBF.mjs.map

package/dist/chunk-YKIA5EBF.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/tokens/keys.ts","../src/tokens/verify.ts"],"sourcesContent":["import { type RemoteJWKSetOptions } from 'jose';\n\nimport {\n  CACHE_CONTROL_REGEX,\n  DEFAULT_CACHE_DURATION,\n  GOOGLE_PUBLIC_KEYS_URL,\n  MAX_CACHE_LAST_UPDATED_AT_SECONDS\n} from '../constants';\nimport { TokenVerificationError, TokenVerificationErrorReason } from '../utils/errors';\n\nexport type PublicKeys = { [key: string]: string };\n\ninterface PublicKeysResponse {\n  keys: PublicKeys;\n  expiresAt: number;\n}\n\nexport type LoadJWKFromRemoteOptions = RemoteJWKSetOptions & {\n  kid: string;\n  keyURL?: string;\n  skipJwksCache?: boolean;\n};\n\ntype CertificateCache = Record<string, string>;\n\nlet cache: CertificateCache = {};\nlet lastUpdatedAt = 0;\nlet googleExpiresAt = 0;\n\nfunction getFromCache(kid: string) {\n  return cache[kid];\n}\n\nfunction getCacheValues() {\n  return Object.values(cache);\n}\n\nfunction setInCache(kid: string, certificate: string, shouldExpire = true) {\n  cache[kid] = certificate;\n  lastUpdatedAt = shouldExpire ? Date.now() : -1;\n}\n\nasync function fetchPublicKeys(keyUrl: string): Promise<PublicKeysResponse> {\n  const url = new URL(keyUrl);\n  const response = await fetch(url);\n  if (!response.ok) {\n    throw new TokenVerificationError({\n      message: `Error loading public keys from ${url.href} with code=${response.status} `,\n      reason: TokenVerificationErrorReason.TokenInvalid,\n    });\n  }\n\n  const data = await response.json();\n  const expiresAt = getExpiresAt(response);\n\n  return {\n    keys: data,\n    expiresAt,\n  };\n}\n\nexport async function loadJWKFromRemote({\n  keyURL = GOOGLE_PUBLIC_KEYS_URL,\n  skipJwksCache,\n  kid,\n}: LoadJWKFromRemoteOptions): Promise<string> {\n  if (skipJwksCache || isCacheExpired() || !getFromCache(kid)) {\n    const { keys, expiresAt } = await fetchPublicKeys(keyURL);\n\n    if (!keys || Object.keys(keys).length === 0) {\n      throw new TokenVerificationError({\n        message: `The JWKS endpoint ${keyURL} returned no keys`,\n        reason: TokenVerificationErrorReason.RemoteJWKFailedToLoad,\n      });\n    }\n    googleExpiresAt = expiresAt;\n\n    Object.entries(keys).forEach(([keyId, cert]) => {\n      setInCache(keyId, cert);\n    });\n  }\n  const cert = getFromCache(kid);\n  if (!cert) {\n    getCacheValues();\n    const availableKids = Object.keys(cache).sort().join(', ');\n\n    throw new TokenVerificationError({\n      message: `No public key found for kid \"${kid}\". Available kids: [${availableKids}]`,\n      reason: TokenVerificationErrorReason.TokenInvalid,\n    });\n  }\n  return cert;\n}\n\nfunction isCacheExpired() {\n  const now = Date.now();\n  if (lastUpdatedAt === -1) {\n    return false;\n  }\n\n  const cacheAge = now - lastUpdatedAt;\n  const maxCacheAge = MAX_CACHE_LAST_UPDATED_AT_SECONDS * 1000;\n  const localCacheExpired = cacheAge >= maxCacheAge;\n  const googleCacheExpired = now >= googleExpiresAt;\n\n  const isExpired = localCacheExpired || googleCacheExpired;\n\n  if (isExpired) {\n    cache = {};\n  }\n\n  return isExpired;\n}\n\nfunction getExpiresAt(res: Response) {\n  const cacheControlHeader = res.headers.get('cache-control');\n  if (!cacheControlHeader) {\n    return Date.now() + DEFAULT_CACHE_DURATION;\n  }\n  const maxAgeMatch = cacheControlHeader.match(CACHE_CONTROL_REGEX);\n  const maxAge = maxAgeMatch ? parseInt(maxAgeMatch[1], 10) : DEFAULT_CACHE_DURATION / 1000;\n\n  return Date.now() + maxAge * 1000;\n}\n\nexport const getCacheStats = () => ({\n  localExpiry: lastUpdatedAt + MAX_CACHE_LAST_UPDATED_AT_SECONDS * 1000,\n  googleExpiry: googleExpiresAt,\n  cacheCount: Object.keys(cache).length,\n});\n","import type { DecodedIdToken, TernSecureConfig } from '@tern-secure/types';\n\nimport type { JwtReturnType } from '../jwt/types';\nimport { ternDecodeJwt, verifyJwt, type VerifyJwtOptions } from '../jwt/verifyJwt';\nimport { TokenVerificationError, TokenVerificationErrorReason } from '../utils/errors';\nimport type { LoadJWKFromRemoteOptions } from './keys';\nimport { loadJWKFromRemote } from './keys';\n\nexport type VerifyTokenVOptions = Omit<VerifyJwtOptions, 'key'> & Omit<LoadJWKFromRemoteOptions, 'kid'> & {\n  jwtKey?: string;\n};\n\nexport { TernSecureConfig };\n\nexport async function verifyToken(\n  token: string,\n  options: VerifyTokenVOptions,\n): Promise<JwtReturnType<DecodedIdToken, TokenVerificationError>> {\n  const { data: decodedResult, errors } = ternDecodeJwt(token);\n\n  if (errors) {\n    return { errors };\n  }\n\n  const { header } = decodedResult;\n  const { kid } = header;\n\n  if (!kid) {\n    return {\n      errors: [\n        new TokenVerificationError({\n          reason: TokenVerificationErrorReason.TokenInvalid,\n          message: 'JWT \"kid\" header is missing.',\n        }),\n      ],\n    };\n  }\n\n  try {\n    const key = options.jwtKey || (await loadJWKFromRemote({ ...options, kid }));\n\n    if (!key) {\n      return {\n        errors: [\n          new TokenVerificationError({\n            reason: TokenVerificationErrorReason.TokenInvalid,\n            message: `No public key found for kid \"${kid}\".`,\n          }),\n        ],\n      };\n    }\n    return await verifyJwt(token, { ...options, key });\n  } catch (error) {\n    if (error instanceof TokenVerificationError) {\n      return { errors: [error] };\n    }\n    return {\n      errors: [error as TokenVerificationError],\n    };\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;AAyBA,IAAI,QAA0B,CAAC;AAC/B,IAAI,gBAAgB;AACpB,IAAI,kBAAkB;AAEtB,SAAS,aAAa,KAAa;AACjC,SAAO,MAAM,GAAG;AAClB;AAEA,SAAS,iBAAiB;AACxB,SAAO,OAAO,OAAO,KAAK;AAC5B;AAEA,SAAS,WAAW,KAAa,aAAqB,eAAe,MAAM;AACzE,QAAM,GAAG,IAAI;AACb,kBAAgB,eAAe,KAAK,IAAI,IAAI;AAC9C;AAEA,eAAe,gBAAgB,QAA6C;AAC1E,QAAM,MAAM,IAAI,IAAI,MAAM;AAC1B,QAAM,WAAW,MAAM,MAAM,GAAG;AAChC,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,IAAI,uBAAuB;AAAA,MAC/B,SAAS,kCAAkC,IAAI,IAAI,cAAc,SAAS,MAAM;AAAA,MAChF,QAAQ,6BAA6B;AAAA,IACvC,CAAC;AAAA,EACH;AAEA,QAAM,OAAO,MAAM,SAAS,KAAK;AACjC,QAAM,YAAY,aAAa,QAAQ;AAEvC,SAAO;AAAA,IACL,MAAM;AAAA,IACN;AAAA,EACF;AACF;AAEA,eAAsB,kBAAkB;AAAA,EACtC,SAAS;AAAA,EACT;AAAA,EACA;AACF,GAA8C;AAC5C,MAAI,iBAAiB,eAAe,KAAK,CAAC,aAAa,GAAG,GAAG;AAC3D,UAAM,EAAE,MAAM,UAAU,IAAI,MAAM,gBAAgB,MAAM;AAExD,QAAI,CAAC,QAAQ,OAAO,KAAK,IAAI,EAAE,WAAW,GAAG;AAC3C,YAAM,IAAI,uBAAuB;AAAA,QAC/B,SAAS,qBAAqB,MAAM;AAAA,QACpC,QAAQ,6BAA6B;AAAA,MACvC,CAAC;AAAA,IACH;AACA,sBAAkB;AAElB,WAAO,QAAQ,IAAI,EAAE,QAAQ,CAAC,CAAC,OAAOA,KAAI,MAAM;AAC9C,iBAAW,OAAOA,KAAI;AAAA,IACxB,CAAC;AAAA,EACH;AACA,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,CAAC,MAAM;AACT,mBAAe;AACf,UAAM,gBAAgB,OAAO,KAAK,KAAK,EAAE,KAAK,EAAE,KAAK,IAAI;AAEzD,UAAM,IAAI,uBAAuB;AAAA,MAC/B,SAAS,gCAAgC,GAAG,uBAAuB,aAAa;AAAA,MAChF,QAAQ,6BAA6B;AAAA,IACvC,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAEA,SAAS,iBAAiB;AACxB,QAAM,MAAM,KAAK,IAAI;AACrB,MAAI,kBAAkB,IAAI;AACxB,WAAO;AAAA,EACT;AAEA,QAAM,WAAW,MAAM;AACvB,QAAM,cAAc,oCAAoC;AACxD,QAAM,oBAAoB,YAAY;AACtC,QAAM,qBAAqB,OAAO;AAElC,QAAM,YAAY,qBAAqB;AAEvC,MAAI,WAAW;AACb,YAAQ,CAAC;AAAA,EACX;AAEA,SAAO;AACT;AAEA,SAAS,aAAa,KAAe;AACnC,QAAM,qBAAqB,IAAI,QAAQ,IAAI,eAAe;AAC1D,MAAI,CAAC,oBAAoB;AACvB,WAAO,KAAK,IAAI,IAAI;AAAA,EACtB;AACA,QAAM,cAAc,mBAAmB,MAAM,mBAAmB;AAChE,QAAM,SAAS,cAAc,SAAS,YAAY,CAAC,GAAG,EAAE,IAAI,yBAAyB;AAErF,SAAO,KAAK,IAAI,IAAI,SAAS;AAC/B;;;AC7GA,eAAsB,YACpB,OACA,SACgE;AAChE,QAAM,EAAE,MAAM,eAAe,OAAO,IAAI,cAAc,KAAK;AAE3D,MAAI,QAAQ;AACV,WAAO,EAAE,OAAO;AAAA,EAClB;AAEA,QAAM,EAAE,OAAO,IAAI;AACnB,QAAM,EAAE,IAAI,IAAI;AAEhB,MAAI,CAAC,KAAK;AACR,WAAO;AAAA,MACL,QAAQ;AAAA,QACN,IAAI,uBAAuB;AAAA,UACzB,QAAQ,6BAA6B;AAAA,UACrC,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACF,UAAM,MAAM,QAAQ,UAAW,MAAM,kBAAkB,EAAE,GAAG,SAAS,IAAI,CAAC;AAE1E,QAAI,CAAC,KAAK;AACR,aAAO;AAAA,QACL,QAAQ;AAAA,UACN,IAAI,uBAAuB;AAAA,YACzB,QAAQ,6BAA6B;AAAA,YACrC,SAAS,gCAAgC,GAAG;AAAA,UAC9C,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AACA,WAAO,MAAM,UAAU,OAAO,EAAE,GAAG,SAAS,IAAI,CAAC;AAAA,EACnD,SAAS,OAAO;AACd,QAAI,iBAAiB,wBAAwB;AAC3C,aAAO,EAAE,QAAQ,CAAC,KAAK,EAAE;AAAA,IAC3B;AACA,WAAO;AAAA,MACL,QAAQ,CAAC,KAA+B;AAAA,IAC1C;AAAA,EACF;AACF;","names":["cert"]}

package/dist/fireRestApi/emulator.d.ts

@@ -0,0 +1,4 @@
+export declare const FIREBASE_AUTH_EMULATOR_HOST: string | undefined;
+export declare function emulatorHost(): string | undefined;
+export declare function useEmulator(): boolean;
+//# sourceMappingURL=emulator.d.ts.map

package/dist/fireRestApi/emulator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"emulator.d.ts","sourceRoot":"","sources":["../../src/fireRestApi/emulator.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,2BAA2B,oBAA0C,CAAC;AAEnF,wBAAgB,YAAY,IAAI,MAAM,GAAG,SAAS,CAGjD;AAED,wBAAgB,WAAW,IAAI,OAAO,CAErC"}

package/dist/fireRestApi/endpointUrl.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"endpointUrl.d.ts","sourceRoot":"","sources":["../../src/fireRestApi/endpointUrl.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,uBAAuB,GAAI,QAAQ,MAAM,WAErD,CAAA;AAED,eAAO,MAAM,kBAAkB,GAAI,QAAQ,MAAM,WAEhD,CAAA;AAED,eAAO,MAAM,cAAc,GAAI,QAAQ,MAAM,WAE5C,CAAA;AAED,eAAO,MAAM,sBAAsB,GAAI,QAAQ,MAAM,WAEpD,CAAA;AAED,eAAO,MAAM,qBAAqB,GAAI,QAAQ,MAAM,WAEnD,CAAA"}
+{"version":3,"file":"endpointUrl.d.ts","sourceRoot":"","sources":["../../src/fireRestApi/endpointUrl.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,uBAAuB,GAAI,QAAQ,MAAM,WAErD,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,QAAQ,MAAM,WAEhD,CAAC;AAEF,eAAO,MAAM,cAAc,GAAI,QAAQ,MAAM,WAE5C,CAAC;AAEF,eAAO,MAAM,sBAAsB,GAAI,QAAQ,MAAM,WAUpD,CAAC;AAEF,eAAO,MAAM,qBAAqB,GAAI,QAAQ,MAAM,WAEnD,CAAC"}

package/dist/fireRestApi/endpoints/EmailApi.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"EmailApi.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/endpoints/EmailApi.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAI5C,KAAK,2BAA2B,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,cAAc,CAAC;CAC/B,CAAC;AAEF,KAAK,8BAA8B,GAAG;IACpC,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAGF,qBAAa,QAAS,SAAQ,WAAW;IAC1B,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,2BAA2B;IAU3E,wBAAwB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,8BAA8B;CAS7F"}
+{"version":3,"file":"EmailApi.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/endpoints/EmailApi.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5C,KAAK,2BAA2B,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,cAAc,CAAC;CAC/B,CAAC;AAEF,KAAK,8BAA8B,GAAG;IACpC,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAGF,qBAAa,QAAS,SAAQ,WAAW;IAC1B,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,2BAA2B;IAU3E,wBAAwB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,8BAA8B;CAS7F"}

package/dist/fireRestApi/endpoints/PasswordApi.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"PasswordApi.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/endpoints/PasswordApi.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAI5C,KAAK,0BAA0B,GAAG;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,KAAK,6BAA6B,GAAG;IACnC,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC;AAEF,qBAAa,WAAY,SAAQ,WAAW;IAC7B,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,6BAA6B;IAU7E,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,0BAA0B;IAUrE,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB;CAS3E"}
+{"version":3,"file":"PasswordApi.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/endpoints/PasswordApi.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5C,KAAK,0BAA0B,GAAG;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,KAAK,6BAA6B,GAAG;IACnC,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC;AAEF,qBAAa,WAAY,SAAQ,WAAW;IAC7B,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,6BAA6B;IAU7E,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,0BAA0B;IAUrE,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB;CAS3E"}

package/dist/fireRestApi/endpoints/SignInTokenApi.d.ts

@@ -1,11 +1,11 @@
-import { AbstractAPI } from "./AbstractApi";
+import type { IdAndRefreshTokens } from '../resources/Token';
+import { AbstractAPI } from './AbstractApi';
 type CreateSignInTokenParams = {
-    email: string;
-    password: string;
+    token: string;
     returnSecureToken?: boolean;
 };
 export declare class SignInTokenApi extends AbstractAPI {
-    createCustomToken(apiKey: string, params: CreateSignInTokenParams): Promise<import("../request").BackendApiResponse<unknown>>;
+    createCustomToken(apiKey: string, params: CreateSignInTokenParams): Promise<IdAndRefreshTokens>;
 }
 export {};
 //# sourceMappingURL=SignInTokenApi.d.ts.map

package/dist/fireRestApi/endpoints/SignInTokenApi.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SignInTokenApi.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/endpoints/SignInTokenApi.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAI5C,KAAK,uBAAuB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC;AAGF,qBAAa,cAAe,SAAQ,WAAW;IAChC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,uBAAuB;CAU/E"}
+{"version":3,"file":"SignInTokenApi.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/endpoints/SignInTokenApi.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5C,KAAK,uBAAuB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC;AAEF,qBAAa,cAAe,SAAQ,WAAW;IAChC,iBAAiB,CAC5B,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,uBAAuB,GAC9B,OAAO,CAAC,kBAAkB,CAAC;CAsB/B"}

package/dist/fireRestApi/endpoints/SignUpApi.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SignUpApi.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/endpoints/SignUpApi.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAI5C,KAAK,uBAAuB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC;AAGF,qBAAa,SAAU,SAAQ,WAAW;IAC3B,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,uBAAuB;CAU/E"}
+{"version":3,"file":"SignUpApi.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/endpoints/SignUpApi.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5C,KAAK,uBAAuB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC;AAGF,qBAAa,SAAU,SAAQ,WAAW;IAC3B,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,uBAAuB;CAU/E"}

package/dist/fireRestApi/endpoints/TokenApi.d.ts

@@ -1,4 +1,5 @@
-import { AbstractAPI } from "./AbstractApi";
+import type { IdAndRefreshTokens } from '../resources/Token';
+import { AbstractAPI } from './AbstractApi';
 type RefreshTokenParams = {
     expired_token: string;
     refresh_token: string;
@@ -8,8 +9,13 @@ type RefreshTokenParams = {
     suffixed_cookies?: boolean;
     format?: 'token' | 'cookie';
 };
+type IdAndRefreshTokensParams = {
+    token: string;
+    returnSecureToken?: boolean;
+};
 export declare class TokenApi extends AbstractAPI {
     refreshToken(apiKey: string, params: RefreshTokenParams): Promise<import("../request").BackendApiResponse<unknown>>;
+    exchangeCustomForIdAndRefreshTokens(apiKey: string, params: IdAndRefreshTokensParams): Promise<IdAndRefreshTokens>;
 }
 export {};
 //# sourceMappingURL=TokenApi.d.ts.map

package/dist/fireRestApi/endpoints/TokenApi.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"TokenApi.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/endpoints/TokenApi.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAK5C,KAAK,kBAAkB,GAAG;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC3C,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,MAAM,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC;CAC7B,CAAC;AAEF,qBAAa,QAAS,SAAQ,WAAW;IAC1B,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB;CAUrE"}
+{"version":3,"file":"TokenApi.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/endpoints/TokenApi.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAO5C,KAAK,kBAAkB,GAAG;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC3C,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,MAAM,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC;CAC7B,CAAC;AAEF,KAAK,wBAAwB,GAAG;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC;AAEF,qBAAa,QAAS,SAAQ,WAAW;IAC1B,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB;IAUvD,mCAAmC,CAC9C,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,wBAAwB,GAC/B,OAAO,CAAC,kBAAkB,CAAC;CAyB/B"}

package/dist/fireRestApi/request.d.ts

@@ -1,18 +1,15 @@
 import type { TernSecureAPIError, TernSecureApiErrorJSON } from "@tern-secure/types";
 export type HTTPMethod = "DELETE" | "GET" | "PATCH" | "POST" | "PUT";
+export type FirebaseEndpoint = "refreshToken" | "signInWithPassword" | "signUp" | "signInWithCustomToken" | "passwordReset" | "sendOobCode";
 export type BackendApiRequestOptions = {
+    endpoint: FirebaseEndpoint;
     method?: HTTPMethod;
+    apiKey?: string;
     queryParams?: Record<string, unknown>;
     headerParams?: Record<string, string>;
     bodyParams?: Record<string, unknown>;
     formData?: FormData;
-} & ({
-    url: string;
-    path?: string;
-} | {
-    url?: string;
-    path: string;
-});
+};
 export type BackendApiResponse<T> = {
     data: T;
     errors: null;

package/dist/fireRestApi/request.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../src/fireRestApi/request.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,kBAAkB,EAClB,sBAAsB,EACvB,MAAM,oBAAoB,CAAC;AAM5B,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,KAAK,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;AACrE,MAAM,MAAM,wBAAwB,GAAG;IACrC,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB,GAAG,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAEtE,MAAM,MAAM,kBAAkB,CAAC,CAAC,IAC5B;IACE,IAAI,EAAE,CAAC,CAAC;IACR,MAAM,EAAE,IAAI,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GACD;IACE,IAAI,EAAE,IAAI,CAAC;IACX,MAAM,EAAE,kBAAkB,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,KAAK,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEN,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AAE/D,KAAK,oBAAoB,GAAG;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,wBAAgB,aAAa,CAAC,OAAO,EAAE,oBAAoB,IAChC,CAAC,kBACR,wBAAwB,KACvC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAkFlC;AAUD,wBAAgB,UAAU,CAAC,KAAK,EAAE,sBAAsB,GAAG,kBAAkB,CAK5E"}
+{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../src/fireRestApi/request.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,kBAAkB,EAClB,sBAAsB,EACvB,MAAM,oBAAoB,CAAC;AAY5B,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,KAAK,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;AACrE,MAAM,MAAM,gBAAgB,GACxB,cAAc,GACd,oBAAoB,GACpB,QAAQ,GACR,uBAAuB,GACvB,eAAe,GACf,aAAa,CAAA;AAEjB,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,CAAC,IAC5B;IACE,IAAI,EAAE,CAAC,CAAC;IACR,MAAM,EAAE,IAAI,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GACD;IACE,IAAI,EAAE,IAAI,CAAC;IACX,MAAM,EAAE,kBAAkB,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,KAAK,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEN,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AAE/D,KAAK,oBAAoB,GAAG;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAYF,wBAAgB,aAAa,CAAC,OAAO,EAAE,oBAAoB,IAChC,CAAC,kBACR,wBAAwB,KACvC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAkGlC;AAUD,wBAAgB,UAAU,CAAC,KAAK,EAAE,sBAAsB,GAAG,kBAAkB,CAK5E"}

package/dist/fireRestApi/resources/JSON.d.ts

@@ -15,6 +15,7 @@ export declare const ObjectType: {
     readonly SignUpAttempt: "sign_up_attempt";
     readonly SmsMessage: "sms_message";
     readonly User: "user";
+    readonly IdAndRefreshTokens: "id_and_refresh_tokens";
     readonly Token: "token";
     readonly TotalCount: "total_count";
     readonly TestingToken: "testing_token";
@@ -41,4 +42,9 @@ export interface JwksKeyJSON {
     n: string;
     e: string;
 }
+export interface IdAndRefreshTokenJSON {
+    object: typeof ObjectType.IdAndRefreshTokens;
+    idToken: string;
+    refreshToken: string;
+}
 //# sourceMappingURL=JSON.d.ts.map

package/dist/fireRestApi/resources/JSON.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"JSON.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/resources/JSON.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;CAsBb,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAGtE,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,OAAO,UAAU,CAAC,OAAO,CAAC;IAClC,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,CAAC,EAAE,WAAW,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX"}
+{"version":3,"file":"JSON.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/resources/JSON.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;CAuBb,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAGtE,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,OAAO,UAAU,CAAC,OAAO,CAAC;IAClC,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,CAAC,EAAE,WAAW,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,OAAO,UAAU,CAAC,kBAAkB,CAAC;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;CACtB"}

package/dist/fireRestApi/resources/Token.d.ts

@@ -1,7 +1,13 @@
-import type { TokenJSON } from './JSON';
+import type { IdAndRefreshTokenJSON, TokenJSON } from './JSON';
 export declare class Token {
     readonly jwt: string;
     constructor(jwt: string);
     static fromJSON(data: TokenJSON): Token;
 }
+export declare class IdAndRefreshTokens {
+    readonly idToken: string;
+    readonly refreshToken: string;
+    constructor(idToken: string, refreshToken: string);
+    static fromJSON(data: IdAndRefreshTokenJSON): IdAndRefreshTokens;
+}
 //# sourceMappingURL=Token.d.ts.map

package/dist/fireRestApi/resources/Token.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Token.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/resources/Token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAExC,qBAAa,KAAK;IACJ,QAAQ,CAAC,GAAG,EAAE,MAAM;gBAAX,GAAG,EAAE,MAAM;IAEhC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,SAAS,GAAG,KAAK;CAGxC"}
+{"version":3,"file":"Token.d.ts","sourceRoot":"","sources":["../../../src/fireRestApi/resources/Token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAC,SAAS,EAAE,MAAM,QAAQ,CAAC;AAE9D,qBAAa,KAAK;IACJ,QAAQ,CAAC,GAAG,EAAE,MAAM;gBAAX,GAAG,EAAE,MAAM;IAEhC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,SAAS,GAAG,KAAK;CAGxC;AAED,qBAAa,kBAAkB;IAE3B,QAAQ,CAAC,OAAO,EAAE,MAAM;IACxB,QAAQ,CAAC,YAAY,EAAE,MAAM;gBADpB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM;IAG/B,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,qBAAqB,GAAG,kBAAkB;CAGjE"}

package/dist/index.d.ts

@@ -6,7 +6,7 @@ export type { AuthObject, RequestState, SignedInAuthObject, SignedOutAuthObject
 export { signedIn, signedInAuthObject, signedOutAuthObject, AuthStatus } from './tokens/authstate';
 export { createBackendInstanceClient } from "./instance/backendInstanceEdge";
 export { createFireClient } from "./instance/backendFireInstance";
-export type { BackendInstance, } from "./instance/backendInstanceEdge";
+export type { BackendInstance, TernSecureBackendOptions } from "./instance/backendInstanceEdge";
 export { enableDebugLogging, disableDebugLogging, setLogLevel, } from "./utils/enableDebugLogging";
 export { LogLevel } from "./utils/logger";
 export { RedisAdapter, PostgresAdapter, createAdapter, validateCheckRevokedOptions, } from "./adapters";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,YAAY,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AACpE,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAErE,YAAY,EAAE,cAAc,EAAE,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAEjF,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC5G,OAAO,EAAE,QAAQ,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,UAAU,EAAC,MAAM,oBAAoB,CAAA;AAEjG,OAAO,EACL,2BAA2B,EAC5B,MAAM,gCAAgC,CAAC;AAExC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAElE,YAAY,EACV,eAAe,GAChB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,WAAW,GACZ,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EACL,YAAY,EACZ,eAAe,EACf,aAAa,EACb,2BAA2B,GAC5B,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,mBAAmB,EACnB,kBAAkB,EAClB,aAAa,EACb,WAAW,EACX,cAAc,EACd,WAAW,EACX,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,YAAY,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AACpE,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAErE,YAAY,EAAE,cAAc,EAAE,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAEjF,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC5G,OAAO,EAAE,QAAQ,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,UAAU,EAAC,MAAM,oBAAoB,CAAA;AAEjG,OAAO,EACL,2BAA2B,EAC5B,MAAM,gCAAgC,CAAC;AAExC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAElE,YAAY,EACV,eAAe,EACf,wBAAwB,EACzB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,WAAW,GACZ,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EACL,YAAY,EACZ,eAAe,EACf,aAAa,EACb,2BAA2B,GAC5B,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,mBAAmB,EACnB,kBAAkB,EAClB,aAAa,EACb,WAAW,EACX,cAAc,EACd,WAAW,EACX,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -40,7 +40,7 @@ __export(index_exports, {
 module.exports = __toCommonJS(index_exports);
 
 // src/constants.ts
-var SESSION_COOKIE_PUBLIC_KEYS_URL = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys";
+var GOOGLE_PUBLIC_KEYS_URL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
 var MAX_CACHE_LAST_UPDATED_AT_SECONDS = 5 * 60;
 var DEFAULT_CACHE_DURATION = 3600 * 1e3;
 var CACHE_CONTROL_REGEX = /max-age=(\d+)/;
@@ -284,14 +284,13 @@ var AbstractAPI = class {
 };
 
 // src/fireRestApi/endpoints/EmailApi.ts
-var rootPath = "/customTokens";
 var EmailApi = class extends AbstractAPI {
   async verifyEmailVerification(apiKey, params) {
     this.requireApiKey(apiKey);
     const { ...restParams } = params;
     return this.request({
+      endpoint: "sendOobCode",
       method: "POST",
-      path: `${rootPath}`,
       bodyParams: restParams
     });
   }
@@ -299,22 +298,21 @@ var EmailApi = class extends AbstractAPI {
     this.requireApiKey(apiKey);
     const { ...restParams } = params;
     return this.request({
+      endpoint: "sendOobCode",
       method: "POST",
-      path: `${rootPath}`,
       bodyParams: restParams
     });
   }
 };
 
 // src/fireRestApi/endpoints/PasswordApi.ts
-var rootPath2 = "/customTokens";
 var PasswordApi = class extends AbstractAPI {
   async verifyPasswordResetCode(apiKey, params) {
     this.requireApiKey(apiKey);
     const { ...restParams } = params;
     return this.request({
+      endpoint: "passwordReset",
       method: "POST",
-      path: `${rootPath2}`,
       bodyParams: restParams
     });
   }
@@ -322,8 +320,8 @@ var PasswordApi = class extends AbstractAPI {
     this.requireApiKey(apiKey);
     const { ...restParams } = params;
     return this.request({
+      endpoint: "passwordReset",
       method: "POST",
-      path: `${rootPath2}`,
       bodyParams: restParams
     });
   }
@@ -331,53 +329,81 @@ var PasswordApi = class extends AbstractAPI {
     this.requireApiKey(apiKey);
     const { ...restParams } = params;
     return this.request({
+      endpoint: "passwordReset",
       method: "POST",
-      path: `${rootPath2}`,
       bodyParams: restParams
     });
   }
 };
 
 // src/fireRestApi/endpoints/SignInTokenApi.ts
-var rootPath3 = "/customTokens";
 var SignInTokenApi = class extends AbstractAPI {
   async createCustomToken(apiKey, params) {
-    this.requireApiKey(apiKey);
-    const { ...restParams } = params;
-    return this.request({
-      method: "POST",
-      path: `${rootPath3}`,
-      bodyParams: restParams
-    });
+    try {
+      this.requireApiKey(apiKey);
+      const { ...restParams } = params;
+      const response = await this.request({
+        endpoint: "signInWithCustomToken",
+        method: "POST",
+        bodyParams: restParams
+      });
+      if (response.errors) {
+        const errorMessage = response.errors[0]?.message || "Failed to create custom token";
+        throw new Error(errorMessage);
+      }
+      return response.data;
+    } catch (error) {
+      const contextualMessage = `Failed to create custom token: ${error instanceof Error ? error.message : "Unknown error"}`;
+      throw new Error(contextualMessage);
+    }
   }
 };
 
 // src/fireRestApi/endpoints/SignUpApi.ts
-var rootPath4 = "/customTokens";
 var SignUpApi = class extends AbstractAPI {
   async createCustomToken(apiKey, params) {
     this.requireApiKey(apiKey);
     const { ...restParams } = params;
     return this.request({
+      endpoint: "signUp",
       method: "POST",
-      path: `${rootPath4}`,
       bodyParams: restParams
     });
   }
 };
 
 // src/fireRestApi/endpoints/TokenApi.ts
-var rootPath5 = "/sessions";
 var TokenApi = class extends AbstractAPI {
   async refreshToken(apiKey, params) {
     this.requireApiKey(apiKey);
     const { ...restParams } = params;
     return this.request({
+      endpoint: "refreshToken",
       method: "POST",
-      path: `${rootPath5}/refresh`,
       bodyParams: restParams
     });
   }
+  async exchangeCustomForIdAndRefreshTokens(apiKey, params) {
+    try {
+      this.requireApiKey(apiKey);
+      const { ...restParams } = params;
+      const response = await this.request({
+        endpoint: "signInWithCustomToken",
+        method: "POST",
+        apiKey,
+        bodyParams: restParams
+      });
+      if (response.errors) {
+        const errorMessage = response.errors[0]?.message || "Failed to create custom token";
+        console.error("Error response from exchangeCustomForIdAndRefreshTokens:", response.errors);
+        throw new Error(errorMessage);
+      }
+      return response.data;
+    } catch (error) {
+      const contextualMessage = `Failed to create custom token: ${error instanceof Error ? error.message : "Unknown error"}`;
+      throw new Error(contextualMessage);
+    }
+  }
 };
 
 // src/runtime.ts
@@ -396,20 +422,69 @@ var runtime = {
   Response: globalThis.Response
 };
 
-// src/utils/path.ts
-var SEPARATOR = "/";
-var MULTIPLE_SEPARATOR_REGEX = new RegExp("(?<!:)" + SEPARATOR + "{1,}", "g");
-function joinPaths(...args) {
-  return args.filter((p) => p).join(SEPARATOR).replace(MULTIPLE_SEPARATOR_REGEX, SEPARATOR);
+// src/fireRestApi/emulator.ts
+var FIREBASE_AUTH_EMULATOR_HOST = process.env.FIREBASE_AUTH_EMULATOR_HOST;
+function emulatorHost() {
+  if (typeof process === "undefined") return void 0;
+  return FIREBASE_AUTH_EMULATOR_HOST;
+}
+function useEmulator() {
+  return !!emulatorHost();
 }
 
+// src/fireRestApi/endpointUrl.ts
+var getRefreshTokenEndpoint = (apiKey) => {
+  return `https://securetoken.googleapis.com/v1/token?key=${apiKey}`;
+};
+var signInWithPassword = (apiKey) => {
+  return `https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=${apiKey}`;
+};
+var signUpEndpoint = (apiKey) => {
+  return `https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=${apiKey}`;
+};
+var getCustomTokenEndpoint = (apiKey) => {
+  if (useEmulator() && FIREBASE_AUTH_EMULATOR_HOST) {
+    let protocol = "http://";
+    if (FIREBASE_AUTH_EMULATOR_HOST.startsWith("http://")) {
+      protocol = "";
+    }
+    return `${protocol}${FIREBASE_AUTH_EMULATOR_HOST}/identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`;
+  }
+  return `https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`;
+};
+var passwordResetEndpoint = (apiKey) => {
+  return `https://identitytoolkit.googleapis.com/v1/accounts:resetPassword?key=${apiKey}`;
+};
+
 // src/fireRestApi/request.ts
+var FIREBASE_ENDPOINT_MAP = {
+  refreshToken: getRefreshTokenEndpoint,
+  signInWithPassword,
+  signUp: signUpEndpoint,
+  signInWithCustomToken: getCustomTokenEndpoint,
+  passwordReset: passwordResetEndpoint,
+  sendOobCode: signInWithPassword
+};
 function createRequest(options) {
   const requestFn = async (requestOptions) => {
-    const { apiKey, apiUrl, apiVersion = "v1" } = options;
-    const { path, method, queryParams, headerParams, bodyParams, formData } = requestOptions;
-    const url = joinPaths(apiUrl, apiVersion, path);
-    const finalUrl = new URL(url);
+    const { endpoint, method, apiKey, queryParams, headerParams, bodyParams, formData } = requestOptions;
+    if (!apiKey) {
+      return {
+        data: null,
+        errors: [
+          {
+            code: "missing_api_key",
+            message: "Firebase API key is required"
+          }
+        ]
+      };
+    }
+    const endpointUrl = FIREBASE_ENDPOINT_MAP[endpoint](apiKey);
+    const finalUrl = new URL(endpointUrl);
+    console.log("endpoint url:", endpointUrl);
+    console.log("Final URL href:", finalUrl.href);
+    console.log("Final URL:", finalUrl);
+    console.log("Method:", method);
     if (queryParams) {
       Object.entries(queryParams).forEach(([key, value]) => {
         if (value) {
@@ -500,6 +575,9 @@ function createFireApi(options) {
   };
 }
 
+// src/tokens/request.ts
+var import_cookie2 = require("@tern-secure/shared/cookie");
+
 // src/utils/errors.ts
 var TokenVerificationErrorReason = {
   TokenExpired: "token-expired",
@@ -537,6 +615,7 @@ var TokenVerificationError = class _TokenVerificationError extends Error {
 
 // src/utils/options.ts
 var defaultOptions = {
+  apiKey: void 0,
   apiUrl: void 0,
   apiVersion: void 0
 };
@@ -842,7 +921,7 @@ async function fetchPublicKeys(keyUrl) {
   };
 }
 async function loadJWKFromRemote({
-  keyURL = SESSION_COOKIE_PUBLIC_KEYS_URL,
+  keyURL = GOOGLE_PUBLIC_KEYS_URL,
   skipJwksCache,
   kid
 }) {
@@ -950,6 +1029,11 @@ function extractTokenFromCookie(request) {
   if (!cookieHeader) {
     return null;
   }
+  const cookiePrefix = (0, import_cookie2.getCookiePrefix)();
+  const idTokenCookieName = (0, import_cookie2.getCookieName)(
+    constants.Cookies.IdToken,
+    cookiePrefix
+  );
   const cookies = cookieHeader.split(";").reduce(
     (acc, cookie) => {
       const [name, value] = cookie.trim().split("=");
@@ -958,7 +1042,7 @@ function extractTokenFromCookie(request) {
     },
     {}
   );
-  return cookies[constants.Cookies.Session] || null;
+  return idTokenCookieName || null;
 }
 function hasAuthorizationHeader(request) {
   return request.headers.has("Authorization");