firebase-admin 10.0.1 → 10.2.0

package/lib/app/core.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/core.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license

package/lib/app/credential-factory.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/credential-factory.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license

package/lib/app/credential-internal.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2020 Google Inc.
@@ -51,9 +51,11 @@ export declare class ComputeEngineCredential implements Credential {
     private readonly httpClient;
     private readonly httpAgent?;
     private projectId?;
+    private accountId?;
     constructor(httpAgent?: Agent);
     getAccessToken(): Promise<GoogleOAuthAccessToken>;
     getProjectId(): Promise<string>;
+    getServiceAccountEmail(): Promise<string>;
     private buildRequest;
 }
 /**

package/lib/app/credential-internal.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license
@@ -31,6 +31,7 @@ var GOOGLE_AUTH_TOKEN_PATH = '/o/oauth2/token';
 var GOOGLE_METADATA_SERVICE_HOST = 'metadata.google.internal';
 var GOOGLE_METADATA_SERVICE_TOKEN_PATH = '/computeMetadata/v1/instance/service-accounts/default/token';
 var GOOGLE_METADATA_SERVICE_PROJECT_ID_PATH = '/computeMetadata/v1/project/project-id';
+var GOOGLE_METADATA_SERVICE_ACCOUNT_ID_PATH = '/computeMetadata/v1/instance/service-accounts/default/email';
 var configDir = (function () {
     // Windows has a dedicated low-rights location for apps at ~/Application Data
     var sys = os.platform();
@@ -87,6 +88,7 @@ var ServiceAccountCredential = /** @class */ (function () {
         };
         return requestAccessToken(this.httpClient, request);
     };
+    // eslint-disable-next-line @typescript-eslint/naming-convention
     ServiceAccountCredential.prototype.createAuthJwt_ = function () {
         var claims = {
             scope: [
@@ -184,6 +186,22 @@ var ComputeEngineCredential = /** @class */ (function () {
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, "Failed to determine project ID: " + detail);
         });
     };
+    ComputeEngineCredential.prototype.getServiceAccountEmail = function () {
+        var _this = this;
+        if (this.accountId) {
+            return Promise.resolve(this.accountId);
+        }
+        var request = this.buildRequest(GOOGLE_METADATA_SERVICE_ACCOUNT_ID_PATH);
+        return this.httpClient.send(request)
+            .then(function (resp) {
+            _this.accountId = resp.text;
+            return _this.accountId;
+        })
+            .catch(function (err) {
+            var detail = (err instanceof api_request_1.HttpError) ? getDetailFromResponse(err.response) : err.message;
+            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, "Failed to determine service account email: " + detail);
+        });
+    };
     ComputeEngineCredential.prototype.buildRequest = function (urlPath) {
         return {
             method: 'GET',

package/lib/app/credential.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/credential.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license

package/lib/app/firebase-app.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/app/firebase-app.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license
@@ -27,6 +27,7 @@ var TOKEN_EXPIRY_THRESHOLD_MILLIS = 5 * 60 * 1000;
  * Internals of a FirebaseApp instance.
  */
 var FirebaseAppInternals = /** @class */ (function () {
+    // eslint-disable-next-line @typescript-eslint/naming-convention
     function FirebaseAppInternals(credential_) {
         this.credential_ = credential_;
         this.tokenListeners_ = [];
@@ -196,6 +197,7 @@ var FirebaseApp = /** @class */ (function () {
             _this.isDeleted_ = true;
         });
     };
+    // eslint-disable-next-line @typescript-eslint/naming-convention
     FirebaseApp.prototype.ensureService_ = function (serviceName, initializer) {
         this.checkDestroyed_();
         if (!(serviceName in this.services_)) {
@@ -206,6 +208,7 @@ var FirebaseApp = /** @class */ (function () {
     /**
      * Throws an Error if the FirebaseApp instance has already been deleted.
      */
+    // eslint-disable-next-line @typescript-eslint/naming-convention
     FirebaseApp.prototype.checkDestroyed_ = function () {
         if (this.isDeleted_) {
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.APP_DELETED, "Firebase app named \"" + this.name_ + "\" has already been deleted.");

package/lib/app/firebase-namespace.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/app/firebase-namespace.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license

package/lib/app/index.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/index.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license

package/lib/app/lifecycle.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/lifecycle.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license

package/lib/app-check/app-check-api-client-internal.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app-check/app-check-api-client-internal.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license
@@ -36,7 +36,7 @@ var error_1 = require("../utils/error");
 var utils = require("../utils/index");
 var validator = require("../utils/validator");
 // App Check backend constants
-var FIREBASE_APP_CHECK_V1_API_URL_FORMAT = 'https://firebaseappcheck.googleapis.com/v1beta/projects/{projectId}/apps/{appId}:exchangeCustomToken';
+var FIREBASE_APP_CHECK_V1_API_URL_FORMAT = 'https://firebaseappcheck.googleapis.com/v1/projects/{projectId}/apps/{appId}:exchangeCustomToken';
 var FIREBASE_APP_CHECK_CONFIG_HEADERS = {
     'X-Firebase-Client': "fire-admin-node/" + utils.getSdkVersion()
 };
@@ -135,7 +135,7 @@ var AppCheckApiClient = /** @class */ (function () {
      * @returns An AppCheckToken instance.
      */
     AppCheckApiClient.prototype.toAppCheckToken = function (resp) {
-        var token = resp.data.attestationToken;
+        var token = resp.data.token;
         // `ttl` is a string with the suffix "s" preceded by the number of seconds,
         // with nanoseconds expressed as fractional seconds.
         var ttlMillis = this.stringToMilliseconds(resp.data.ttl);

package/lib/app-check/app-check-api.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app-check/app-check-api.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license

package/lib/app-check/app-check-namespace.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * Copyright 2021 Google Inc.
  *

package/lib/app-check/app-check-namespace.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.

package/lib/app-check/app-check.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app-check/app-check.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license

package/lib/app-check/index.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app-check/index.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license

package/lib/app-check/token-generator.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app-check/token-generator.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license
@@ -37,7 +37,7 @@ var ONE_MINUTE_IN_SECONDS = 60;
 var ONE_MINUTE_IN_MILLIS = ONE_MINUTE_IN_SECONDS * 1000;
 var ONE_DAY_IN_MILLIS = 24 * 60 * 60 * 1000;
 // Audience to use for Firebase App Check Custom tokens
-var FIREBASE_APP_CHECK_AUDIENCE = 'https://firebaseappcheck.googleapis.com/google.firebase.appcheck.v1beta.TokenExchangeService';
+var FIREBASE_APP_CHECK_AUDIENCE = 'https://firebaseappcheck.googleapis.com/google.firebase.appcheck.v1.TokenExchangeService';
 /**
  * Class for generating Firebase App Check tokens.
  *
@@ -79,9 +79,7 @@ var AppCheckTokenGenerator = /** @class */ (function () {
                 typ: 'JWT',
             };
             var iat = Math.floor(Date.now() / 1000);
-            var body = __assign({ iss: account, sub: account, 
-                // eslint-disable-next-line @typescript-eslint/camelcase
-                app_id: appId, aud: FIREBASE_APP_CHECK_AUDIENCE, exp: iat + (ONE_MINUTE_IN_SECONDS * 5), iat: iat }, customOptions);
+            var body = __assign({ iss: account, sub: account, app_id: appId, aud: FIREBASE_APP_CHECK_AUDIENCE, exp: iat + (ONE_MINUTE_IN_SECONDS * 5), iat: iat }, customOptions);
             var token = _this.encodeSegment(header) + "." + _this.encodeSegment(body);
             return _this.signer.sign(Buffer.from(token))
                 .then(function (signature) {

package/lib/app-check/token-verifier.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * Copyright 2021 Google Inc.
  *

package/lib/app-check/token-verifier.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.
@@ -22,7 +22,7 @@ var util = require("../utils/index");
 var app_check_api_client_internal_1 = require("./app-check-api-client-internal");
 var jwt_1 = require("../utils/jwt");
 var APP_CHECK_ISSUER = 'https://firebaseappcheck.googleapis.com/';
-var JWKS_URL = 'https://firebaseappcheck.googleapis.com/v1beta/jwks';
+var JWKS_URL = 'https://firebaseappcheck.googleapis.com/v1/jwks';
 /**
  * Class for verifying Firebase App Check tokens.
  *
@@ -50,7 +50,6 @@ var AppCheckTokenVerifier = /** @class */ (function () {
         })
             .then(function (decoded) {
             var decodedAppCheckToken = decoded.payload;
-            // eslint-disable-next-line @typescript-eslint/camelcase
             decodedAppCheckToken.app_id = decodedAppCheckToken.sub;
             return decodedAppCheckToken;
         });

package/lib/auth/action-code-settings-builder.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * Copyright 2018 Google Inc.
  *

package/lib/auth/action-code-settings-builder.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.

package/lib/auth/auth-api-request.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/auth/auth-api-request.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license
@@ -29,6 +29,17 @@ var __extends = (this && this.__extends) || (function () {
         d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
     };
 })();
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.useEmulator = exports.TenantAwareAuthRequestHandler = exports.AuthRequestHandler = exports.AbstractAuthRequestHandler = exports.FIREBASE_AUTH_SIGN_UP_NEW_USER = exports.FIREBASE_AUTH_SET_ACCOUNT_INFO = exports.FIREBASE_AUTH_BATCH_DELETE_ACCOUNTS = exports.FIREBASE_AUTH_DELETE_ACCOUNT = exports.FIREBASE_AUTH_GET_ACCOUNTS_INFO = exports.FIREBASE_AUTH_GET_ACCOUNT_INFO = exports.FIREBASE_AUTH_DOWNLOAD_ACCOUNT = exports.FIREBASE_AUTH_UPLOAD_ACCOUNT = exports.FIREBASE_AUTH_CREATE_SESSION_COOKIE = exports.EMAIL_ACTION_REQUEST_TYPES = exports.RESERVED_CLAIMS = void 0;
 var validator = require("../utils/validator");
@@ -54,7 +65,7 @@ exports.RESERVED_CLAIMS = [
 ];
 /** List of supported email action request types. */
 exports.EMAIL_ACTION_REQUEST_TYPES = [
-    'PASSWORD_RESET', 'VERIFY_EMAIL', 'EMAIL_SIGNIN',
+    'PASSWORD_RESET', 'VERIFY_EMAIL', 'EMAIL_SIGNIN', 'VERIFY_AND_CHANGE_EMAIL',
 ];
 /** Maximum allowed number of characters in the custom claims payload. */
 var MAX_CLAIMS_PAYLOAD_SIZE = 1000;
@@ -686,6 +697,9 @@ var FIREBASE_AUTH_GET_OOB_CODE = new api_request_1.ApiSettings('/accounts:sendOo
     if (!validator.isEmail(request.email)) {
         throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_EMAIL);
     }
+    if (typeof request.newEmail !== 'undefined' && !validator.isEmail(request.newEmail)) {
+        throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_NEW_EMAIL);
+    }
     if (exports.EMAIL_ACTION_REQUEST_TYPES.indexOf(request.requestType) === -1) {
         throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "\"" + request.requestType + "\" is not a supported email action request type.");
     }
@@ -1350,10 +1364,13 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
      * @param actionCodeSettings - The optional action code setings which defines whether
      *     the link is to be handled by a mobile app and the additional state information to be passed in the
      *     deep link, etc. Required when requestType == 'EMAIL_SIGNIN'
+     * @param newEmail - The email address the account is being updated to.
+     *     Required only for VERIFY_AND_CHANGE_EMAIL requests.
      * @returns A promise that resolves with the email action link.
      */
-    AbstractAuthRequestHandler.prototype.getEmailActionLink = function (requestType, email, actionCodeSettings) {
-        var request = { requestType: requestType, email: email, returnOobLink: true };
+    AbstractAuthRequestHandler.prototype.getEmailActionLink = function (requestType, email, actionCodeSettings, newEmail) {
+        var request = __assign({ requestType: requestType,
+            email: email, returnOobLink: true }, (typeof newEmail !== 'undefined') && { newEmail: newEmail });
         // ActionCodeSettings required for email link sign-in to determine the url where the sign-in will
         // be completed.
         if (typeof actionCodeSettings === 'undefined' && requestType === 'EMAIL_SIGNIN') {
@@ -1368,6 +1385,9 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
                 return Promise.reject(e);
             }
         }
+        if (requestType === 'VERIFY_AND_CHANGE_EMAIL' && typeof newEmail === 'undefined') {
+            return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "`newEmail` is required when `requestType` === 'VERIFY_AND_CHANGE_EMAIL'"));
+        }
         return this.invokeRequestHandler(this.getAuthUrlBuilder(), FIREBASE_AUTH_GET_OOB_CODE, request)
             .then(function (response) {
             // Return the link.

package/lib/auth/auth-config.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * Copyright 2018 Google Inc.
  *

package/lib/auth/auth-config.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.

package/lib/auth/auth-namespace.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * Copyright 2021 Google Inc.
  *
@@ -22,7 +22,7 @@ import { BaseAuth as TBaseAuth, DeleteUsersResult as TDeleteUsersResult, GetUser
 import { EmailIdentifier as TEmailIdentifier, PhoneIdentifier as TPhoneIdentifier, ProviderIdentifier as TProviderIdentifier, UserIdentifier as TUserIdentifier, UidIdentifier as TUidIdentifier } from './identifier';
 import { CreateTenantRequest as TCreateTenantRequest, Tenant as TTenant, UpdateTenantRequest as TUpdateTenantRequest } from './tenant';
 import { ListTenantsResult as TListTenantsResult, TenantAwareAuth as TTenantAwareAuth, TenantManager as TTenantManager } from './tenant-manager';
-import { DecodedIdToken as TDecodedIdToken } from './token-verifier';
+import { DecodedIdToken as TDecodedIdToken, DecodedAuthBlockingToken as TDecodedAuthBlockingToken } from './token-verifier';
 import { HashAlgorithmType as THashAlgorithmType, UserImportOptions as TUserImportOptions, UserImportRecord as TUserImportRecord, UserImportResult as TUserImportResult, UserMetadataRequest as TUserMetadataRequest, UserProviderRequest as TUserProviderRequest } from './user-import-builder';
 import { MultiFactorInfo as TMultiFactorInfo, MultiFactorSettings as TMultiFactorSettings, PhoneMultiFactorInfo as TPhoneMultiFactorInfo, UserInfo as TUserInfo, UserMetadata as TUserMetadata, UserRecord as TUserRecord } from './user-record';
 /**
@@ -92,6 +92,8 @@ export declare namespace auth {
      * Type alias to {@link firebase-admin.auth#DecodedIdToken}.
      */
     type DecodedIdToken = TDecodedIdToken;
+    /** @alpha */
+    type DecodedAuthBlockingToken = TDecodedAuthBlockingToken;
     /**
      * Type alias to {@link firebase-admin.auth#DeleteUsersResult}.
      */

package/lib/auth/auth-namespace.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.

package/lib/auth/auth.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/auth/auth.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * @license

package/lib/auth/base-auth.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * Copyright 2021 Google Inc.
  *
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 import { FirebaseArrayIndexError } from '../app';
-import { DecodedIdToken } from './token-verifier';
+import { DecodedIdToken, DecodedAuthBlockingToken } from './token-verifier';
 import { AuthProviderConfig, AuthProviderConfigFilter, ListProviderConfigResults, UpdateAuthProviderRequest, CreateRequest, UpdateRequest } from './auth-config';
 import { UserRecord } from './user-record';
 import { UserIdentifier } from './identifier';
@@ -479,6 +479,31 @@ export declare abstract class BaseAuth {
      * @returns A promise that resolves with the generated link.
      */
     generateEmailVerificationLink(email: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
+    /**
+     * Generates an out-of-band email action link to verify the user's ownership
+     * of the specified email. The {@link ActionCodeSettings} object provided
+     * as an argument to this method defines whether the link is to be handled by a
+     * mobile app or browser along with additional state information to be passed in
+     * the deep link, etc.
+     *
+     * @param email - The current email account.
+     * @param newEmail - The email address the account is being updated to.
+     * @param actionCodeSettings - The action
+     *     code settings. If specified, the state/continue URL is set as the
+     *     "continueUrl" parameter in the email verification link. The default email
+     *     verification landing page will use this to display a link to go back to
+     *     the app if it is installed.
+     *     If the actionCodeSettings is not specified, no URL is appended to the
+     *     action URL.
+     *     The state URL provided must belong to a domain that is authorized
+     *     in the console, or an error will be thrown.
+     *     Mobile app redirects are only applicable if the developer configures
+     *     and accepts the Firebase Dynamic Links terms of service.
+     *     The Android package name and iOS bundle ID are respected only if they
+     *     are configured in the same Firebase Auth project.
+     * @returns A promise that resolves with the generated link.
+     */
+    generateVerifyAndChangeEmailLink(email: string, newEmail: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
     /**
      * Generates the out of band email action link to verify the user's ownership
      * of the specified email. The {@link ActionCodeSettings} object provided
@@ -599,6 +624,8 @@ export declare abstract class BaseAuth {
      * @returns A promise that resolves with the created provider configuration.
      */
     createProviderConfig(config: AuthProviderConfig): Promise<AuthProviderConfig>;
+    /** @alpha */
+    _verifyAuthBlockingToken(token: string, audience?: string): Promise<DecodedAuthBlockingToken>;
     /**
      * Verifies the decoded Firebase issued JWT is not revoked or disabled. Returns a promise that
      * resolves with the decoded claims on success. Rejects the promise with revocation error if revoked

package/lib/auth/base-auth.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.
@@ -66,6 +66,7 @@ var BaseAuth = /** @class */ (function () {
         }
         this.sessionCookieVerifier = token_verifier_1.createSessionCookieVerifier(app);
         this.idTokenVerifier = token_verifier_1.createIdTokenVerifier(app);
+        this.authBlockingTokenVerifier = token_verifier_1.createAuthBlockingTokenVerifier(app);
     }
     /**
      * Creates a new Firebase custom token (JWT) that can be sent back to a client
@@ -697,6 +698,33 @@ var BaseAuth = /** @class */ (function () {
     BaseAuth.prototype.generateEmailVerificationLink = function (email, actionCodeSettings) {
         return this.authRequestHandler.getEmailActionLink('VERIFY_EMAIL', email, actionCodeSettings);
     };
+    /**
+     * Generates an out-of-band email action link to verify the user's ownership
+     * of the specified email. The {@link ActionCodeSettings} object provided
+     * as an argument to this method defines whether the link is to be handled by a
+     * mobile app or browser along with additional state information to be passed in
+     * the deep link, etc.
+     *
+     * @param email - The current email account.
+     * @param newEmail - The email address the account is being updated to.
+     * @param actionCodeSettings - The action
+     *     code settings. If specified, the state/continue URL is set as the
+     *     "continueUrl" parameter in the email verification link. The default email
+     *     verification landing page will use this to display a link to go back to
+     *     the app if it is installed.
+     *     If the actionCodeSettings is not specified, no URL is appended to the
+     *     action URL.
+     *     The state URL provided must belong to a domain that is authorized
+     *     in the console, or an error will be thrown.
+     *     Mobile app redirects are only applicable if the developer configures
+     *     and accepts the Firebase Dynamic Links terms of service.
+     *     The Android package name and iOS bundle ID are respected only if they
+     *     are configured in the same Firebase Auth project.
+     * @returns A promise that resolves with the generated link.
+     */
+    BaseAuth.prototype.generateVerifyAndChangeEmailLink = function (email, newEmail, actionCodeSettings) {
+        return this.authRequestHandler.getEmailActionLink('VERIFY_AND_CHANGE_EMAIL', email, actionCodeSettings, newEmail);
+    };
     /**
      * Generates the out of band email action link to verify the user's ownership
      * of the specified email. The {@link ActionCodeSettings} object provided
@@ -914,6 +942,15 @@ var BaseAuth = /** @class */ (function () {
         }
         return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_PROVIDER_ID));
     };
+    /** @alpha */
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    BaseAuth.prototype._verifyAuthBlockingToken = function (token, audience) {
+        var isEmulator = auth_api_request_1.useEmulator();
+        return this.authBlockingTokenVerifier._verifyAuthBlockingToken(token, isEmulator, audience)
+            .then(function (decodedAuthBlockingToken) {
+            return decodedAuthBlockingToken;
+        });
+    };
     /**
      * Verifies the decoded Firebase issued JWT is not revoked or disabled. Returns a promise that
      * resolves with the decoded claims on success. Rejects the promise with revocation error if revoked

package/lib/auth/identifier.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * Copyright 2020 Google Inc.
  *

package/lib/auth/identifier.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 "use strict";
 /*!
  * Copyright 2020 Google Inc.

package/lib/auth/index.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.0.1 */
+/*! firebase-admin v10.2.0 */
 /*!
  * Copyright 2020 Google Inc.
  *
@@ -50,6 +50,6 @@ export { BaseAuth, DeleteUsersResult, GetUsersResult, ListUsersResult, SessionCo
 export { EmailIdentifier, PhoneIdentifier, ProviderIdentifier, UidIdentifier, UserIdentifier, } from './identifier';
 export { CreateTenantRequest, Tenant, UpdateTenantRequest, } from './tenant';
 export { ListTenantsResult, TenantAwareAuth, TenantManager, } from './tenant-manager';
-export { DecodedIdToken } from './token-verifier';
+export { DecodedIdToken, DecodedAuthBlockingToken } from './token-verifier';
 export { HashAlgorithmType, UserImportOptions, UserImportRecord, UserImportResult, UserMetadataRequest, UserProviderRequest, } from './user-import-builder';
 export { MultiFactorInfo, MultiFactorSettings, PhoneMultiFactorInfo, UserInfo, UserMetadata, UserRecord, } from './user-record';