firebase-admin 10.2.0 → 11.0.1

package/lib/auth/token-generator.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 "use strict";
 /*!
  * @license
@@ -18,55 +18,54 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.handleCryptoSignerError = exports.FirebaseTokenGenerator = exports.EmulatedSigner = exports.BLACKLISTED_CLAIMS = void 0;
-var error_1 = require("../utils/error");
-var crypto_signer_1 = require("../utils/crypto-signer");
-var validator = require("../utils/validator");
-var utils_1 = require("../utils");
-var ALGORITHM_NONE = 'none';
-var ONE_HOUR_IN_SECONDS = 60 * 60;
+const error_1 = require("../utils/error");
+const crypto_signer_1 = require("../utils/crypto-signer");
+const validator = require("../utils/validator");
+const utils_1 = require("../utils");
+const ALGORITHM_NONE = 'none';
+const ONE_HOUR_IN_SECONDS = 60 * 60;
 // List of blacklisted claims which cannot be provided when creating a custom token
 exports.BLACKLISTED_CLAIMS = [
     'acr', 'amr', 'at_hash', 'aud', 'auth_time', 'azp', 'cnf', 'c_hash', 'exp', 'iat', 'iss', 'jti',
     'nbf', 'nonce',
 ];
 // Audience to use for Firebase Auth Custom tokens
-var FIREBASE_AUDIENCE = 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit';
+const FIREBASE_AUDIENCE = 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit';
 /**
  * A CryptoSigner implementation that is used when communicating with the Auth emulator.
  * It produces unsigned tokens.
  */
-var EmulatedSigner = /** @class */ (function () {
-    function EmulatedSigner() {
+class EmulatedSigner {
+    constructor() {
         this.algorithm = ALGORITHM_NONE;
     }
     /**
      * @inheritDoc
      */
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    EmulatedSigner.prototype.sign = function (buffer) {
+    sign(buffer) {
         return Promise.resolve(Buffer.from(''));
-    };
+    }
     /**
      * @inheritDoc
      */
-    EmulatedSigner.prototype.getAccountId = function () {
+    getAccountId() {
         return Promise.resolve('firebase-auth-emulator@example.com');
-    };
-    return EmulatedSigner;
-}());
+    }
+}
 exports.EmulatedSigner = EmulatedSigner;
 /**
  * Class for generating different types of Firebase Auth tokens (JWTs).
  *
  * @internal
  */
-var FirebaseTokenGenerator = /** @class */ (function () {
+class FirebaseTokenGenerator {
     /**
      * @param tenantId - The tenant ID to use for the generated Firebase Auth
      *     Custom token. If absent, then no tenant ID claim will be set in the
      *     resulting JWT.
      */
-    function FirebaseTokenGenerator(signer, tenantId) {
+    constructor(signer, tenantId) {
         this.tenantId = tenantId;
         if (!validator.isNonNullObject(signer)) {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CREDENTIAL, 'INTERNAL ASSERT: Must provide a CryptoSigner to use FirebaseTokenGenerator.');
@@ -85,9 +84,8 @@ var FirebaseTokenGenerator = /** @class */ (function () {
      * @returns A Promise fulfilled with a Firebase Auth Custom token signed with a
      *     service account key and containing the provided payload.
      */
-    FirebaseTokenGenerator.prototype.createCustomToken = function (uid, developerClaims) {
-        var _this = this;
-        var errorMessage;
+    createCustomToken(uid, developerClaims) {
+        let errorMessage;
         if (!validator.isNonEmptyString(uid)) {
             errorMessage = '`uid` argument must be a non-empty string uid.';
         }
@@ -100,52 +98,51 @@ var FirebaseTokenGenerator = /** @class */ (function () {
         if (errorMessage) {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage);
         }
-        var claims = {};
+        const claims = {};
         if (typeof developerClaims !== 'undefined') {
-            for (var key in developerClaims) {
+            for (const key in developerClaims) {
                 /* istanbul ignore else */
                 if (Object.prototype.hasOwnProperty.call(developerClaims, key)) {
                     if (exports.BLACKLISTED_CLAIMS.indexOf(key) !== -1) {
-                        throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "Developer claim \"" + key + "\" is reserved and cannot be specified.");
+                        throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `Developer claim "${key}" is reserved and cannot be specified.`);
                     }
                     claims[key] = developerClaims[key];
                 }
             }
         }
-        return this.signer.getAccountId().then(function (account) {
-            var header = {
-                alg: _this.signer.algorithm,
+        return this.signer.getAccountId().then((account) => {
+            const header = {
+                alg: this.signer.algorithm,
                 typ: 'JWT',
             };
-            var iat = Math.floor(Date.now() / 1000);
-            var body = {
+            const iat = Math.floor(Date.now() / 1000);
+            const body = {
                 aud: FIREBASE_AUDIENCE,
-                iat: iat,
+                iat,
                 exp: iat + ONE_HOUR_IN_SECONDS,
                 iss: account,
                 sub: account,
-                uid: uid,
+                uid,
             };
-            if (_this.tenantId) {
-                body.tenant_id = _this.tenantId;
+            if (this.tenantId) {
+                body.tenant_id = this.tenantId;
             }
             if (Object.keys(claims).length > 0) {
                 body.claims = claims;
             }
-            var token = _this.encodeSegment(header) + "." + _this.encodeSegment(body);
-            var signPromise = _this.signer.sign(Buffer.from(token));
+            const token = `${this.encodeSegment(header)}.${this.encodeSegment(body)}`;
+            const signPromise = this.signer.sign(Buffer.from(token));
             return Promise.all([token, signPromise]);
-        }).then(function (_a) {
-            var token = _a[0], signature = _a[1];
-            return token + "." + _this.encodeSegment(signature);
-        }).catch(function (err) {
+        }).then(([token, signature]) => {
+            return `${token}.${this.encodeSegment(signature)}`;
+        }).catch((err) => {
             throw handleCryptoSignerError(err);
         });
-    };
-    FirebaseTokenGenerator.prototype.encodeSegment = function (segment) {
-        var buffer = (segment instanceof Buffer) ? segment : Buffer.from(JSON.stringify(segment));
-        return utils_1.toWebSafeBase64(buffer).replace(/=+$/, '');
-    };
+    }
+    encodeSegment(segment) {
+        const buffer = (segment instanceof Buffer) ? segment : Buffer.from(JSON.stringify(segment));
+        return (0, utils_1.toWebSafeBase64)(buffer).replace(/=+$/, '');
+    }
     /**
      * Returns whether or not the provided developer claims are valid.
      *
@@ -153,14 +150,13 @@ var FirebaseTokenGenerator = /** @class */ (function () {
      * @returns True if the provided claims are valid; otherwise, false.
      */
     // eslint-disable-next-line @typescript-eslint/naming-convention
-    FirebaseTokenGenerator.prototype.isDeveloperClaimsValid_ = function (developerClaims) {
+    isDeveloperClaimsValid_(developerClaims) {
         if (typeof developerClaims === 'undefined') {
             return true;
         }
         return validator.isNonNullObject(developerClaims);
-    };
-    return FirebaseTokenGenerator;
-}());
+    }
+}
 exports.FirebaseTokenGenerator = FirebaseTokenGenerator;
 /**
  * Creates a new FirebaseAuthError by extracting the error code, message and other relevant
@@ -174,13 +170,13 @@ function handleCryptoSignerError(err) {
         return err;
     }
     if (err.code === crypto_signer_1.CryptoSignerErrorCode.SERVER_ERROR && validator.isNonNullObject(err.cause)) {
-        var httpError = err.cause;
-        var errorResponse = httpError.response.data;
+        const httpError = err.cause;
+        const errorResponse = httpError.response.data;
         if (validator.isNonNullObject(errorResponse) && errorResponse.error) {
-            var errorCode = errorResponse.error.status;
-            var description = 'Please refer to https://firebase.google.com/docs/auth/admin/create-custom-tokens ' +
+            const errorCode = errorResponse.error.status;
+            const description = 'Please refer to https://firebase.google.com/docs/auth/admin/create-custom-tokens ' +
                 'for more details on how to use and troubleshoot this feature.';
-            var errorMsg = errorResponse.error.message + "; " + description;
+            const errorMsg = `${errorResponse.error.message}; ${description}`;
             return error_1.FirebaseAuthError.fromServerError(errorCode, errorMsg, errorResponse);
         }
         return new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'Error returned from server: ' + errorResponse + '. Additionally, an ' +

package/lib/auth/token-verifier.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 /*!
  * Copyright 2018 Google Inc.
  *

package/lib/auth/token-verifier.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.
@@ -17,18 +17,18 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createSessionCookieVerifier = exports.createAuthBlockingTokenVerifier = exports.createIdTokenVerifier = exports.FirebaseTokenVerifier = exports.SESSION_COOKIE_INFO = exports.AUTH_BLOCKING_TOKEN_INFO = exports.ID_TOKEN_INFO = void 0;
-var error_1 = require("../utils/error");
-var util = require("../utils/index");
-var validator = require("../utils/validator");
-var jwt_1 = require("../utils/jwt");
+const error_1 = require("../utils/error");
+const util = require("../utils/index");
+const validator = require("../utils/validator");
+const jwt_1 = require("../utils/jwt");
 // Audience to use for Firebase Auth Custom tokens
-var FIREBASE_AUDIENCE = 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit';
+const FIREBASE_AUDIENCE = 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit';
 // URL containing the public keys for the Google certs (whose private keys are used to sign Firebase
 // Auth ID tokens)
-var CLIENT_CERT_URL = 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com';
+const CLIENT_CERT_URL = 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com';
 // URL containing the public keys for Firebase session cookies. This will be updated to a different URL soon.
-var SESSION_COOKIE_CERT_URL = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys';
-var EMULATOR_VERIFIER = new jwt_1.EmulatorSignatureVerifier();
+const SESSION_COOKIE_CERT_URL = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys';
+const EMULATOR_VERIFIER = new jwt_1.EmulatorSignatureVerifier();
 /**
  * User facing token information related to the Firebase ID token.
  *
@@ -70,8 +70,8 @@ exports.SESSION_COOKIE_INFO = {
  *
  * @internal
  */
-var FirebaseTokenVerifier = /** @class */ (function () {
-    function FirebaseTokenVerifier(clientCertUrl, issuer, tokenInfo, app) {
+class FirebaseTokenVerifier {
+    constructor(clientCertUrl, issuer, tokenInfo, app) {
         this.issuer = issuer;
         this.tokenInfo = tokenInfo;
         this.app = app;
@@ -111,77 +111,71 @@ var FirebaseTokenVerifier = /** @class */ (function () {
      * @param isEmulator - Whether to accept Auth Emulator tokens.
      * @returns A promise fulfilled with the decoded claims of the Firebase Auth ID token.
      */
-    FirebaseTokenVerifier.prototype.verifyJWT = function (jwtToken, isEmulator) {
-        var _this = this;
-        if (isEmulator === void 0) { isEmulator = false; }
+    verifyJWT(jwtToken, isEmulator = false) {
         if (!validator.isString(jwtToken)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "First argument to " + this.tokenInfo.verifyApiName + " must be a " + this.tokenInfo.jwtName + " string.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `First argument to ${this.tokenInfo.verifyApiName} must be a ${this.tokenInfo.jwtName} string.`);
         }
         return this.ensureProjectId()
-            .then(function (projectId) {
-            return _this.decodeAndVerify(jwtToken, projectId, isEmulator);
+            .then((projectId) => {
+            return this.decodeAndVerify(jwtToken, projectId, isEmulator);
         })
-            .then(function (decoded) {
-            var decodedIdToken = decoded.payload;
+            .then((decoded) => {
+            const decodedIdToken = decoded.payload;
             decodedIdToken.uid = decodedIdToken.sub;
             return decodedIdToken;
         });
-    };
+    }
     /** @alpha */
     // eslint-disable-next-line @typescript-eslint/naming-convention
-    FirebaseTokenVerifier.prototype._verifyAuthBlockingToken = function (jwtToken, isEmulator, audience) {
-        var _this = this;
+    _verifyAuthBlockingToken(jwtToken, isEmulator, audience) {
         if (!validator.isString(jwtToken)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "First argument to " + this.tokenInfo.verifyApiName + " must be a " + this.tokenInfo.jwtName + " string.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `First argument to ${this.tokenInfo.verifyApiName} must be a ${this.tokenInfo.jwtName} string.`);
         }
         return this.ensureProjectId()
-            .then(function (projectId) {
+            .then((projectId) => {
             if (typeof audience === 'undefined') {
-                audience = projectId + ".cloudfunctions.net/";
+                audience = `${projectId}.cloudfunctions.net/`;
             }
-            return _this.decodeAndVerify(jwtToken, projectId, isEmulator, audience);
+            return this.decodeAndVerify(jwtToken, projectId, isEmulator, audience);
         })
-            .then(function (decoded) {
-            var decodedAuthBlockingToken = decoded.payload;
+            .then((decoded) => {
+            const decodedAuthBlockingToken = decoded.payload;
             decodedAuthBlockingToken.uid = decodedAuthBlockingToken.sub;
             return decodedAuthBlockingToken;
         });
-    };
-    FirebaseTokenVerifier.prototype.ensureProjectId = function () {
-        var _this = this;
+    }
+    ensureProjectId() {
         return util.findProjectId(this.app)
-            .then(function (projectId) {
+            .then((projectId) => {
             if (!validator.isNonEmptyString(projectId)) {
                 throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CREDENTIAL, 'Must initialize app with a cert credential or set your Firebase project ID as the ' +
-                    ("GOOGLE_CLOUD_PROJECT environment variable to call " + _this.tokenInfo.verifyApiName + "."));
+                    `GOOGLE_CLOUD_PROJECT environment variable to call ${this.tokenInfo.verifyApiName}.`);
             }
             return Promise.resolve(projectId);
         });
-    };
-    FirebaseTokenVerifier.prototype.decodeAndVerify = function (token, projectId, isEmulator, audience) {
-        var _this = this;
+    }
+    decodeAndVerify(token, projectId, isEmulator, audience) {
         return this.safeDecode(token)
-            .then(function (decodedToken) {
-            _this.verifyContent(decodedToken, projectId, isEmulator, audience);
-            return _this.verifySignature(token, isEmulator)
-                .then(function () { return decodedToken; });
+            .then((decodedToken) => {
+            this.verifyContent(decodedToken, projectId, isEmulator, audience);
+            return this.verifySignature(token, isEmulator)
+                .then(() => decodedToken);
         });
-    };
-    FirebaseTokenVerifier.prototype.safeDecode = function (jwtToken) {
-        var _this = this;
-        return jwt_1.decodeJwt(jwtToken)
-            .catch(function (err) {
+    }
+    safeDecode(jwtToken) {
+        return (0, jwt_1.decodeJwt)(jwtToken)
+            .catch((err) => {
             if (err.code == jwt_1.JwtErrorCode.INVALID_ARGUMENT) {
-                var verifyJwtTokenDocsMessage = " See " + _this.tokenInfo.url + " " +
-                    ("for details on how to retrieve " + _this.shortNameArticle + " " + _this.tokenInfo.shortName + ".");
-                var errorMessage = "Decoding " + _this.tokenInfo.jwtName + " failed. Make sure you passed " +
-                    ("the entire string JWT which represents " + _this.shortNameArticle + " ") +
-                    (_this.tokenInfo.shortName + ".") + verifyJwtTokenDocsMessage;
+                const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
+                    `for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
+                const errorMessage = `Decoding ${this.tokenInfo.jwtName} failed. Make sure you passed ` +
+                    `the entire string JWT which represents ${this.shortNameArticle} ` +
+                    `${this.tokenInfo.shortName}.` + verifyJwtTokenDocsMessage;
                 throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage);
             }
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, err.message);
         });
-    };
+    }
     /**
      * Verifies the content of a Firebase Auth JWT.
      *
@@ -189,99 +183,97 @@ var FirebaseTokenVerifier = /** @class */ (function () {
      * @param projectId - The Firebase Project Id.
      * @param isEmulator - Whether the token is an Emulator token.
      */
-    FirebaseTokenVerifier.prototype.verifyContent = function (fullDecodedToken, projectId, isEmulator, audience) {
-        var header = fullDecodedToken && fullDecodedToken.header;
-        var payload = fullDecodedToken && fullDecodedToken.payload;
-        var projectIdMatchMessage = " Make sure the " + this.tokenInfo.shortName + " comes from the same " +
+    verifyContent(fullDecodedToken, projectId, isEmulator, audience) {
+        const header = fullDecodedToken && fullDecodedToken.header;
+        const payload = fullDecodedToken && fullDecodedToken.payload;
+        const projectIdMatchMessage = ` Make sure the ${this.tokenInfo.shortName} comes from the same ` +
             'Firebase project as the service account used to authenticate this SDK.';
-        var verifyJwtTokenDocsMessage = " See " + this.tokenInfo.url + " " +
-            ("for details on how to retrieve " + this.shortNameArticle + " " + this.tokenInfo.shortName + ".");
-        var errorMessage;
+        const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
+            `for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
+        let errorMessage;
         if (!isEmulator && typeof header.kid === 'undefined') {
-            var isCustomToken = (payload.aud === FIREBASE_AUDIENCE);
-            var isLegacyCustomToken = (header.alg === 'HS256' && payload.v === 0 && 'd' in payload && 'uid' in payload.d);
+            const isCustomToken = (payload.aud === FIREBASE_AUDIENCE);
+            const isLegacyCustomToken = (header.alg === 'HS256' && payload.v === 0 && 'd' in payload && 'uid' in payload.d);
             if (isCustomToken) {
-                errorMessage = this.tokenInfo.verifyApiName + " expects " + this.shortNameArticle + " " +
-                    (this.tokenInfo.shortName + ", but was given a custom token.");
+                errorMessage = `${this.tokenInfo.verifyApiName} expects ${this.shortNameArticle} ` +
+                    `${this.tokenInfo.shortName}, but was given a custom token.`;
             }
             else if (isLegacyCustomToken) {
-                errorMessage = this.tokenInfo.verifyApiName + " expects " + this.shortNameArticle + " " +
-                    (this.tokenInfo.shortName + ", but was given a legacy custom token.");
+                errorMessage = `${this.tokenInfo.verifyApiName} expects ${this.shortNameArticle} ` +
+                    `${this.tokenInfo.shortName}, but was given a legacy custom token.`;
             }
             else {
-                errorMessage = this.tokenInfo.jwtName + " has no \"kid\" claim.";
+                errorMessage = `${this.tokenInfo.jwtName} has no "kid" claim.`;
             }
             errorMessage += verifyJwtTokenDocsMessage;
         }
         else if (!isEmulator && header.alg !== jwt_1.ALGORITHM_RS256) {
-            errorMessage = this.tokenInfo.jwtName + " has incorrect algorithm. Expected \"" + jwt_1.ALGORITHM_RS256 + '" but got ' +
+            errorMessage = `${this.tokenInfo.jwtName} has incorrect algorithm. Expected "` + jwt_1.ALGORITHM_RS256 + '" but got ' +
                 '"' + header.alg + '".' + verifyJwtTokenDocsMessage;
         }
         else if (typeof audience !== 'undefined' && !payload.aud.includes(audience)) {
-            errorMessage = this.tokenInfo.jwtName + " has incorrect \"aud\" (audience) claim. Expected \"" +
+            errorMessage = `${this.tokenInfo.jwtName} has incorrect "aud" (audience) claim. Expected "` +
                 audience + '" but got "' + payload.aud + '".' + verifyJwtTokenDocsMessage;
         }
         else if (typeof audience === 'undefined' && payload.aud !== projectId) {
-            errorMessage = this.tokenInfo.jwtName + " has incorrect \"aud\" (audience) claim. Expected \"" +
+            errorMessage = `${this.tokenInfo.jwtName} has incorrect "aud" (audience) claim. Expected "` +
                 projectId + '" but got "' + payload.aud + '".' + projectIdMatchMessage +
                 verifyJwtTokenDocsMessage;
         }
         else if (payload.iss !== this.issuer + projectId) {
-            errorMessage = this.tokenInfo.jwtName + " has incorrect \"iss\" (issuer) claim. Expected " +
-                ("\"" + this.issuer) + projectId + '" but got "' +
+            errorMessage = `${this.tokenInfo.jwtName} has incorrect "iss" (issuer) claim. Expected ` +
+                `"${this.issuer}` + projectId + '" but got "' +
                 payload.iss + '".' + projectIdMatchMessage + verifyJwtTokenDocsMessage;
         }
         else if (typeof payload.sub !== 'string') {
-            errorMessage = this.tokenInfo.jwtName + " has no \"sub\" (subject) claim." + verifyJwtTokenDocsMessage;
+            errorMessage = `${this.tokenInfo.jwtName} has no "sub" (subject) claim.` + verifyJwtTokenDocsMessage;
         }
         else if (payload.sub === '') {
-            errorMessage = this.tokenInfo.jwtName + " has an empty string \"sub\" (subject) claim." + verifyJwtTokenDocsMessage;
+            errorMessage = `${this.tokenInfo.jwtName} has an empty string "sub" (subject) claim.` + verifyJwtTokenDocsMessage;
         }
         else if (payload.sub.length > 128) {
-            errorMessage = this.tokenInfo.jwtName + " has \"sub\" (subject) claim longer than 128 characters." +
+            errorMessage = `${this.tokenInfo.jwtName} has "sub" (subject) claim longer than 128 characters.` +
                 verifyJwtTokenDocsMessage;
         }
         if (errorMessage) {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage);
         }
-    };
-    FirebaseTokenVerifier.prototype.verifySignature = function (jwtToken, isEmulator) {
-        var _this = this;
-        var verifier = isEmulator ? EMULATOR_VERIFIER : this.signatureVerifier;
+    }
+    verifySignature(jwtToken, isEmulator) {
+        const verifier = isEmulator ? EMULATOR_VERIFIER : this.signatureVerifier;
         return verifier.verify(jwtToken)
-            .catch(function (error) {
-            throw _this.mapJwtErrorToAuthError(error);
+            .catch((error) => {
+            throw this.mapJwtErrorToAuthError(error);
         });
-    };
+    }
     /**
      * Maps JwtError to FirebaseAuthError
      *
      * @param error - JwtError to be mapped.
      * @returns FirebaseAuthError or Error instance.
      */
-    FirebaseTokenVerifier.prototype.mapJwtErrorToAuthError = function (error) {
-        var verifyJwtTokenDocsMessage = " See " + this.tokenInfo.url + " " +
-            ("for details on how to retrieve " + this.shortNameArticle + " " + this.tokenInfo.shortName + ".");
+    mapJwtErrorToAuthError(error) {
+        const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
+            `for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
         if (error.code === jwt_1.JwtErrorCode.TOKEN_EXPIRED) {
-            var errorMessage = this.tokenInfo.jwtName + " has expired. Get a fresh " + this.tokenInfo.shortName +
-                (" from your client app and try again (auth/" + this.tokenInfo.expiredErrorCode.code + ").") +
+            const errorMessage = `${this.tokenInfo.jwtName} has expired. Get a fresh ${this.tokenInfo.shortName}` +
+                ` from your client app and try again (auth/${this.tokenInfo.expiredErrorCode.code}).` +
                 verifyJwtTokenDocsMessage;
             return new error_1.FirebaseAuthError(this.tokenInfo.expiredErrorCode, errorMessage);
         }
         else if (error.code === jwt_1.JwtErrorCode.INVALID_SIGNATURE) {
-            var errorMessage = this.tokenInfo.jwtName + " has invalid signature." + verifyJwtTokenDocsMessage;
+            const errorMessage = `${this.tokenInfo.jwtName} has invalid signature.` + verifyJwtTokenDocsMessage;
             return new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage);
         }
         else if (error.code === jwt_1.JwtErrorCode.NO_MATCHING_KID) {
-            var errorMessage = this.tokenInfo.jwtName + " has \"kid\" claim which does not " +
-                ("correspond to a known public key. Most likely the " + this.tokenInfo.shortName + " ") +
+            const errorMessage = `${this.tokenInfo.jwtName} has "kid" claim which does not ` +
+                `correspond to a known public key. Most likely the ${this.tokenInfo.shortName} ` +
                 'is expired, so get a fresh token from your client app and try again.';
             return new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage);
         }
         return new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, error.message);
-    };
-    return FirebaseTokenVerifier;
-}());
+    }
+}
 exports.FirebaseTokenVerifier = FirebaseTokenVerifier;
 /**
  * Creates a new FirebaseTokenVerifier to verify Firebase ID tokens.

package/lib/auth/user-import-builder.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 /*!
  * Copyright 2018 Google Inc.
  *