firebase-admin 11.6.0 → 11.8.0

package/lib/auth/auth-config.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 /*!
  * Copyright 2018 Google Inc.
  *
@@ -42,7 +42,7 @@ export interface CreatePhoneMultiFactorInfoRequest extends BaseCreateMultiFactor
  * Type representing the properties of a user-enrolled second factor
  * for a `CreateRequest`.
  */
-export declare type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;
+export type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;
 /**
  * Interface representing common properties of a user-enrolled second factor
  * for an `UpdateRequest`.
@@ -80,7 +80,7 @@ export interface UpdatePhoneMultiFactorInfoRequest extends BaseUpdateMultiFactor
  * Type representing the properties of a user-enrolled second factor
  * for an `UpdateRequest`.
  */
-export declare type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;
+export type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;
 /**
  * The multi-factor related user settings for create operations.
  */
@@ -316,7 +316,7 @@ export interface OIDCUpdateAuthProviderRequest {
      */
     responseType?: OAuthResponseType;
 }
-export declare type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;
+export type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;
 /** A maximum of 10 test phone number / code pairs can be configured. */
 export declare const MAXIMUM_TEST_PHONE_NUMBERS = 10;
 /** The server side SAML configuration request interface. */
@@ -381,7 +381,7 @@ export interface EmailSignInConfigServerRequest {
     enableEmailLinkSignin?: boolean;
 }
 /** Identifies the server side second factor type. */
-declare type AuthFactorServerType = 'PHONE_SMS';
+type AuthFactorServerType = 'PHONE_SMS';
 /** Server side multi-factor configuration. */
 export interface MultiFactorAuthServerConfig {
     state?: MultiFactorConfigState;
@@ -391,11 +391,11 @@ export interface MultiFactorAuthServerConfig {
 /**
  * Identifies a second factor type.
  */
-export declare type AuthFactorType = 'phone';
+export type AuthFactorType = 'phone';
 /**
  * Identifies a multi-factor configuration state.
  */
-export declare type MultiFactorConfigState = 'ENABLED' | 'DISABLED';
+export type MultiFactorConfigState = 'ENABLED' | 'DISABLED';
 /**
  * Interface representing a multi-factor configuration.
  * This can be used to define whether multi-factor authentication is enabled
@@ -581,13 +581,13 @@ export interface OIDCAuthProviderConfig extends BaseAuthProviderConfig {
  * The Auth provider configuration type.
  * {@link BaseAuth.createProviderConfig}.
  */
-export declare type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;
+export type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;
 /**
  * The request interface for updating a SMS Region Config.
  * Configures the regions where users are allowed to send verification SMS.
  * This is based on the calling code of the destination phone number.
  */
-export declare type SmsRegionConfig = AllowByDefaultWrap | AllowlistOnlyWrap;
+export type SmsRegionConfig = AllowByDefaultWrap | AllowlistOnlyWrap;
 /**
  * Mutual exclusive SMS Region Config of AllowByDefault interface
  */
@@ -637,4 +637,93 @@ export interface AllowlistOnly {
    */
     allowedRegions: string[];
 }
+/**
+* Enforcement state of reCAPTCHA protection.
+*   - 'OFF': Unenforced.
+*   - 'AUDIT': Create assessment but don't enforce the result.
+*   - 'ENFORCE': Create assessment and enforce the result.
+*/
+export type RecaptchaProviderEnforcementState = 'OFF' | 'AUDIT' | 'ENFORCE';
+/**
+* The actions to take for reCAPTCHA-protected requests.
+*   - 'BLOCK': The reCAPTCHA-protected request will be blocked.
+*/
+export type RecaptchaAction = 'BLOCK';
+/**
+ * The config for a reCAPTCHA action rule.
+ */
+export interface RecaptchaManagedRule {
+    /**
+     * The action will be enforced if the reCAPTCHA score of a request is larger than endScore.
+     */
+    endScore: number;
+    /**
+    * The action for reCAPTCHA-protected requests.
+    */
+    action?: RecaptchaAction;
+}
+/**
+ * The key's platform type.
+ */
+export type RecaptchaKeyClientType = 'WEB' | 'IOS' | 'ANDROID';
+/**
+ * The reCAPTCHA key config.
+ */
+export interface RecaptchaKey {
+    /**
+     * The key's client platform type.
+     */
+    type?: RecaptchaKeyClientType;
+    /**
+     * The reCAPTCHA site key.
+     */
+    key: string;
+}
+/**
+ * The request interface for updating a reCAPTCHA Config.
+ * By enabling reCAPTCHA Enterprise Integration you are
+ * agreeing to reCAPTCHA Enterprise
+ * {@link https://cloud.google.com/terms/service-terms | Term of Service}.
+ */
+export interface RecaptchaConfig {
+    /**
+    * The enforcement state of the email password provider.
+    */
+    emailPasswordEnforcementState?: RecaptchaProviderEnforcementState;
+    /**
+     *  The reCAPTCHA managed rules.
+     */
+    managedRules?: RecaptchaManagedRule[];
+    /**
+     * The reCAPTCHA keys.
+     */
+    recaptchaKeys?: RecaptchaKey[];
+    /**
+     * Whether to use account defender for reCAPTCHA assessment.
+     * The default value is false.
+     */
+    useAccountDefender?: boolean;
+}
+export declare class RecaptchaAuthConfig implements RecaptchaConfig {
+    readonly emailPasswordEnforcementState?: RecaptchaProviderEnforcementState;
+    readonly managedRules?: RecaptchaManagedRule[];
+    readonly recaptchaKeys?: RecaptchaKey[];
+    readonly useAccountDefender?: boolean;
+    constructor(recaptchaConfig: RecaptchaConfig);
+    /**
+     * Validates the RecaptchaConfig options object. Throws an error on failure.
+     * @param options - The options object to validate.
+     */
+    static validate(options: RecaptchaConfig): void;
+    /**
+     * Validate each element in ManagedRule array
+     * @param options - The options object to validate.
+     */
+    private static validateManagedRule;
+    /**
+     * Returns a JSON-serializable representation of this object.
+     * @returns The JSON-serializable object representation of the ReCaptcha config instance
+     */
+    toJSON(): object;
+}
 export {};

package/lib/auth/auth-config.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.
@@ -16,7 +16,7 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SmsRegionsAuthConfig = exports.OIDCConfig = exports.SAMLConfig = exports.EmailSignInConfig = exports.validateTestPhoneNumbers = exports.MultiFactorAuthConfig = exports.MAXIMUM_TEST_PHONE_NUMBERS = void 0;
+exports.RecaptchaAuthConfig = exports.SmsRegionsAuthConfig = exports.OIDCConfig = exports.SAMLConfig = exports.EmailSignInConfig = exports.validateTestPhoneNumbers = exports.MultiFactorAuthConfig = exports.MAXIMUM_TEST_PHONE_NUMBERS = void 0;
 const validator = require("../utils/validator");
 const deep_copy_1 = require("../utils/deep-copy");
 const error_1 = require("../utils/error");
@@ -39,40 +39,6 @@ const AUTH_FACTOR_SERVER_TO_CLIENT_TYPE = Object.keys(AUTH_FACTOR_CLIENT_TO_SERV
  * @internal
  */
 class MultiFactorAuthConfig {
-    /**
-     * The MultiFactorAuthConfig constructor.
-     *
-     * @param response - The server side response used to initialize the
-     *     MultiFactorAuthConfig object.
-     * @constructor
-     * @internal
-     */
-    constructor(response) {
-        if (typeof response.state === 'undefined') {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid multi-factor configuration response');
-        }
-        this.state = response.state;
-        this.factorIds = [];
-        (response.enabledProviders || []).forEach((enabledProvider) => {
-            // Ignore unsupported types. It is possible the current admin SDK version is
-            // not up to date and newer backend types are supported.
-            if (typeof AUTH_FACTOR_SERVER_TO_CLIENT_TYPE[enabledProvider] !== 'undefined') {
-                this.factorIds.push(AUTH_FACTOR_SERVER_TO_CLIENT_TYPE[enabledProvider]);
-            }
-        });
-        this.providerConfigs = [];
-        (response.providerConfigs || []).forEach((providerConfig) => {
-            if (typeof providerConfig !== 'undefined') {
-                if (typeof providerConfig.state === 'undefined' ||
-                    typeof providerConfig.totpProviderConfig === 'undefined' ||
-                    (typeof providerConfig.totpProviderConfig.adjacentIntervals !== 'undefined' &&
-                        typeof providerConfig.totpProviderConfig.adjacentIntervals !== 'number')) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid multi-factor configuration response');
-                }
-                this.providerConfigs.push(providerConfig);
-            }
-        });
-    }
     /**
      * Static method to convert a client side request to a MultiFactorAuthServerConfig.
      * Throws an error if validation fails.
@@ -185,6 +151,40 @@ class MultiFactorAuthConfig {
             });
         }
     }
+    /**
+     * The MultiFactorAuthConfig constructor.
+     *
+     * @param response - The server side response used to initialize the
+     *     MultiFactorAuthConfig object.
+     * @constructor
+     * @internal
+     */
+    constructor(response) {
+        if (typeof response.state === 'undefined') {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid multi-factor configuration response');
+        }
+        this.state = response.state;
+        this.factorIds = [];
+        (response.enabledProviders || []).forEach((enabledProvider) => {
+            // Ignore unsupported types. It is possible the current admin SDK version is
+            // not up to date and newer backend types are supported.
+            if (typeof AUTH_FACTOR_SERVER_TO_CLIENT_TYPE[enabledProvider] !== 'undefined') {
+                this.factorIds.push(AUTH_FACTOR_SERVER_TO_CLIENT_TYPE[enabledProvider]);
+            }
+        });
+        this.providerConfigs = [];
+        (response.providerConfigs || []).forEach((providerConfig) => {
+            if (typeof providerConfig !== 'undefined') {
+                if (typeof providerConfig.state === 'undefined' ||
+                    typeof providerConfig.totpProviderConfig === 'undefined' ||
+                    (typeof providerConfig.totpProviderConfig.adjacentIntervals !== 'undefined' &&
+                        typeof providerConfig.totpProviderConfig.adjacentIntervals !== 'number')) {
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid multi-factor configuration response');
+                }
+                this.providerConfigs.push(providerConfig);
+            }
+        });
+    }
     /** Converts MultiFactorConfig to JSON object
      * @returns The plain object representation of the multi-factor config instance. */
     toJSON() {
@@ -227,20 +227,6 @@ exports.validateTestPhoneNumbers = validateTestPhoneNumbers;
  * @internal
  */
 class EmailSignInConfig {
-    /**
-     * The EmailSignInConfig constructor.
-     *
-     * @param response - The server side response used to initialize the
-     *     EmailSignInConfig object.
-     * @constructor
-     */
-    constructor(response) {
-        if (typeof response.allowPasswordSignup === 'undefined') {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid email sign-in configuration response');
-        }
-        this.enabled = response.allowPasswordSignup;
-        this.passwordRequired = !response.enableEmailLinkSignin;
-    }
     /**
      * Static method to convert a client side request to a EmailSignInConfigServerRequest.
      * Throws an error if validation fails.
@@ -290,6 +276,20 @@ class EmailSignInConfig {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"EmailSignInConfig.passwordRequired" must be a boolean.');
         }
     }
+    /**
+     * The EmailSignInConfig constructor.
+     *
+     * @param response - The server side response used to initialize the
+     *     EmailSignInConfig object.
+     * @constructor
+     */
+    constructor(response) {
+        if (typeof response.allowPasswordSignup === 'undefined') {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid email sign-in configuration response');
+        }
+        this.enabled = response.allowPasswordSignup;
+        this.passwordRequired = !response.enableEmailLinkSignin;
+    }
     /** @returns The plain object representation of the email sign-in config. */
     toJSON() {
         return {
@@ -306,47 +306,6 @@ exports.EmailSignInConfig = EmailSignInConfig;
  * @internal
  */
 class SAMLConfig {
-    /**
-     * The SAMLConfig constructor.
-     *
-     * @param response - The server side response used to initialize the SAMLConfig object.
-     * @constructor
-     */
-    constructor(response) {
-        if (!response ||
-            !response.idpConfig ||
-            !response.idpConfig.idpEntityId ||
-            !response.idpConfig.ssoUrl ||
-            !response.spConfig ||
-            !response.spConfig.spEntityId ||
-            !response.name ||
-            !(validator.isString(response.name) &&
-                SAMLConfig.getProviderIdFromResourceName(response.name))) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid SAML configuration response');
-        }
-        const providerId = SAMLConfig.getProviderIdFromResourceName(response.name);
-        if (!providerId) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid SAML configuration response');
-        }
-        this.providerId = providerId;
-        // RP config.
-        this.rpEntityId = response.spConfig.spEntityId;
-        this.callbackURL = response.spConfig.callbackUri;
-        // IdP config.
-        this.idpEntityId = response.idpConfig.idpEntityId;
-        this.ssoURL = response.idpConfig.ssoUrl;
-        this.enableRequestSigning = !!response.idpConfig.signRequest;
-        const x509Certificates = [];
-        for (const cert of (response.idpConfig.idpCertificates || [])) {
-            if (cert.x509Certificate) {
-                x509Certificates.push(cert.x509Certificate);
-            }
-        }
-        this.x509Certificates = x509Certificates;
-        // When enabled is undefined, it takes its default value of false.
-        this.enabled = !!response.enabled;
-        this.displayName = response.displayName;
-    }
     /**
      * Converts a client side request to a SAMLConfigServerRequest which is the format
      * accepted by the backend server.
@@ -488,6 +447,47 @@ class SAMLConfig {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"SAMLAuthProviderConfig.displayName" must be a valid string.');
         }
     }
+    /**
+     * The SAMLConfig constructor.
+     *
+     * @param response - The server side response used to initialize the SAMLConfig object.
+     * @constructor
+     */
+    constructor(response) {
+        if (!response ||
+            !response.idpConfig ||
+            !response.idpConfig.idpEntityId ||
+            !response.idpConfig.ssoUrl ||
+            !response.spConfig ||
+            !response.spConfig.spEntityId ||
+            !response.name ||
+            !(validator.isString(response.name) &&
+                SAMLConfig.getProviderIdFromResourceName(response.name))) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid SAML configuration response');
+        }
+        const providerId = SAMLConfig.getProviderIdFromResourceName(response.name);
+        if (!providerId) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid SAML configuration response');
+        }
+        this.providerId = providerId;
+        // RP config.
+        this.rpEntityId = response.spConfig.spEntityId;
+        this.callbackURL = response.spConfig.callbackUri;
+        // IdP config.
+        this.idpEntityId = response.idpConfig.idpEntityId;
+        this.ssoURL = response.idpConfig.ssoUrl;
+        this.enableRequestSigning = !!response.idpConfig.signRequest;
+        const x509Certificates = [];
+        for (const cert of (response.idpConfig.idpCertificates || [])) {
+            if (cert.x509Certificate) {
+                x509Certificates.push(cert.x509Certificate);
+            }
+        }
+        this.x509Certificates = x509Certificates;
+        // When enabled is undefined, it takes its default value of false.
+        this.enabled = !!response.enabled;
+        this.displayName = response.displayName;
+    }
     /** @returns The plain object representation of the SAMLConfig. */
     toJSON() {
         return {
@@ -511,38 +511,6 @@ exports.SAMLConfig = SAMLConfig;
  * @internal
  */
 class OIDCConfig {
-    /**
-     * The OIDCConfig constructor.
-     *
-     * @param response - The server side response used to initialize the OIDCConfig object.
-     * @constructor
-     */
-    constructor(response) {
-        if (!response ||
-            !response.issuer ||
-            !response.clientId ||
-            !response.name ||
-            !(validator.isString(response.name) &&
-                OIDCConfig.getProviderIdFromResourceName(response.name))) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid OIDC configuration response');
-        }
-        const providerId = OIDCConfig.getProviderIdFromResourceName(response.name);
-        if (!providerId) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid SAML configuration response');
-        }
-        this.providerId = providerId;
-        this.clientId = response.clientId;
-        this.issuer = response.issuer;
-        // When enabled is undefined, it takes its default value of false.
-        this.enabled = !!response.enabled;
-        this.displayName = response.displayName;
-        if (typeof response.clientSecret !== 'undefined') {
-            this.clientSecret = response.clientSecret;
-        }
-        if (typeof response.responseType !== 'undefined') {
-            this.responseType = response.responseType;
-        }
-    }
     /**
      * Converts a client side request to a OIDCConfigServerRequest which is the format
      * accepted by the backend server.
@@ -681,6 +649,38 @@ class OIDCConfig {
             }
         }
     }
+    /**
+     * The OIDCConfig constructor.
+     *
+     * @param response - The server side response used to initialize the OIDCConfig object.
+     * @constructor
+     */
+    constructor(response) {
+        if (!response ||
+            !response.issuer ||
+            !response.clientId ||
+            !response.name ||
+            !(validator.isString(response.name) &&
+                OIDCConfig.getProviderIdFromResourceName(response.name))) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid OIDC configuration response');
+        }
+        const providerId = OIDCConfig.getProviderIdFromResourceName(response.name);
+        if (!providerId) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid SAML configuration response');
+        }
+        this.providerId = providerId;
+        this.clientId = response.clientId;
+        this.issuer = response.issuer;
+        // When enabled is undefined, it takes its default value of false.
+        this.enabled = !!response.enabled;
+        this.displayName = response.displayName;
+        if (typeof response.clientSecret !== 'undefined') {
+            this.clientSecret = response.clientSecret;
+        }
+        if (typeof response.responseType !== 'undefined') {
+            this.responseType = response.responseType;
+        }
+    }
     /** @returns The plain object representation of the OIDCConfig. */
     toJSON() {
         return {
@@ -752,3 +752,107 @@ class SmsRegionsAuthConfig {
     }
 }
 exports.SmsRegionsAuthConfig = SmsRegionsAuthConfig;
+class RecaptchaAuthConfig {
+    constructor(recaptchaConfig) {
+        this.emailPasswordEnforcementState = recaptchaConfig.emailPasswordEnforcementState;
+        this.managedRules = recaptchaConfig.managedRules;
+        this.recaptchaKeys = recaptchaConfig.recaptchaKeys;
+        this.useAccountDefender = recaptchaConfig.useAccountDefender;
+    }
+    /**
+     * Validates the RecaptchaConfig options object. Throws an error on failure.
+     * @param options - The options object to validate.
+     */
+    static validate(options) {
+        const validKeys = {
+            emailPasswordEnforcementState: true,
+            managedRules: true,
+            recaptchaKeys: true,
+            useAccountDefender: true,
+        };
+        if (!validator.isNonNullObject(options)) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"RecaptchaConfig" must be a non-null object.');
+        }
+        for (const key in options) {
+            if (!(key in validKeys)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, `"${key}" is not a valid RecaptchaConfig parameter.`);
+            }
+        }
+        // Validation
+        if (typeof options.emailPasswordEnforcementState !== undefined) {
+            if (!validator.isNonEmptyString(options.emailPasswordEnforcementState)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"RecaptchaConfig.emailPasswordEnforcementState" must be a valid non-empty string.');
+            }
+            if (options.emailPasswordEnforcementState !== 'OFF' &&
+                options.emailPasswordEnforcementState !== 'AUDIT' &&
+                options.emailPasswordEnforcementState !== 'ENFORCE') {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"RecaptchaConfig.emailPasswordEnforcementState" must be either "OFF", "AUDIT" or "ENFORCE".');
+            }
+        }
+        if (typeof options.managedRules !== 'undefined') {
+            // Validate array
+            if (!validator.isArray(options.managedRules)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"RecaptchaConfig.managedRules" must be an array of valid "RecaptchaManagedRule".');
+            }
+            // Validate each rule of the array
+            options.managedRules.forEach((managedRule) => {
+                RecaptchaAuthConfig.validateManagedRule(managedRule);
+            });
+        }
+        if (typeof options.useAccountDefender != 'undefined') {
+            if (!validator.isBoolean(options.useAccountDefender)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"RecaptchaConfig.useAccountDefender" must be a boolean value".');
+            }
+        }
+    }
+    /**
+     * Validate each element in ManagedRule array
+     * @param options - The options object to validate.
+     */
+    static validateManagedRule(options) {
+        const validKeys = {
+            endScore: true,
+            action: true,
+        };
+        if (!validator.isNonNullObject(options)) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"RecaptchaManagedRule" must be a non-null object.');
+        }
+        // Check for unsupported top level attributes.
+        for (const key in options) {
+            if (!(key in validKeys)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, `"${key}" is not a valid RecaptchaManagedRule parameter.`);
+            }
+        }
+        // Validate content.
+        if (typeof options.action !== 'undefined' &&
+            options.action !== 'BLOCK') {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"RecaptchaManagedRule.action" must be "BLOCK".');
+        }
+    }
+    /**
+     * Returns a JSON-serializable representation of this object.
+     * @returns The JSON-serializable object representation of the ReCaptcha config instance
+     */
+    toJSON() {
+        const json = {
+            emailPasswordEnforcementState: this.emailPasswordEnforcementState,
+            managedRules: (0, deep_copy_1.deepCopy)(this.managedRules),
+            recaptchaKeys: (0, deep_copy_1.deepCopy)(this.recaptchaKeys),
+            useAccountDefender: this.useAccountDefender,
+        };
+        if (typeof json.emailPasswordEnforcementState === 'undefined') {
+            delete json.emailPasswordEnforcementState;
+        }
+        if (typeof json.managedRules === 'undefined') {
+            delete json.managedRules;
+        }
+        if (typeof json.recaptchaKeys === 'undefined') {
+            delete json.recaptchaKeys;
+        }
+        if (typeof json.useAccountDefender === 'undefined') {
+            delete json.useAccountDefender;
+        }
+        return json;
+    }
+}
+exports.RecaptchaAuthConfig = RecaptchaAuthConfig;

package/lib/auth/auth-namespace.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 /*!
  * Copyright 2021 Google Inc.
  *

package/lib/auth/auth-namespace.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.

package/lib/auth/auth.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/auth/auth.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 "use strict";
 /*!
  * @license

package/lib/auth/base-auth.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 /*!
  * Copyright 2021 Google Inc.
  *

package/lib/auth/base-auth.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.

package/lib/auth/identifier.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 /*!
  * Copyright 2020 Google Inc.
  *
@@ -50,7 +50,7 @@ export interface ProviderIdentifier {
 /**
  * Identifies a user to be looked up.
  */
-export declare type UserIdentifier = UidIdentifier | EmailIdentifier | PhoneIdentifier | ProviderIdentifier;
+export type UserIdentifier = UidIdentifier | EmailIdentifier | PhoneIdentifier | ProviderIdentifier;
 export declare function isUidIdentifier(id: UserIdentifier): id is UidIdentifier;
 export declare function isEmailIdentifier(id: UserIdentifier): id is EmailIdentifier;
 export declare function isPhoneIdentifier(id: UserIdentifier): id is PhoneIdentifier;

package/lib/auth/identifier.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 "use strict";
 /*!
  * Copyright 2020 Google Inc.

package/lib/auth/index.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 /*!
  * Copyright 2020 Google Inc.
  *
@@ -45,7 +45,7 @@ import { Auth } from './auth';
 export declare function getAuth(app?: App): Auth;
 export { ActionCodeSettings } from './action-code-settings-builder';
 export { Auth, } from './auth';
-export { AllowByDefault, AllowByDefaultWrap, AllowlistOnly, AllowlistOnlyWrap, AuthFactorType, AuthProviderConfig, AuthProviderConfigFilter, BaseAuthProviderConfig, BaseCreateMultiFactorInfoRequest, BaseUpdateMultiFactorInfoRequest, CreateMultiFactorInfoRequest, CreatePhoneMultiFactorInfoRequest, CreateRequest, EmailSignInProviderConfig, ListProviderConfigResults, MultiFactorConfig, MultiFactorConfigState, MultiFactorCreateSettings, MultiFactorUpdateSettings, MultiFactorProviderConfig, OAuthResponseType, OIDCAuthProviderConfig, OIDCUpdateAuthProviderRequest, SAMLAuthProviderConfig, SAMLUpdateAuthProviderRequest, SmsRegionConfig, UserProvider, UpdateAuthProviderRequest, UpdateMultiFactorInfoRequest, UpdatePhoneMultiFactorInfoRequest, UpdateRequest, TotpMultiFactorProviderConfig, } from './auth-config';
+export { AllowByDefault, AllowByDefaultWrap, AllowlistOnly, AllowlistOnlyWrap, AuthFactorType, AuthProviderConfig, AuthProviderConfigFilter, BaseAuthProviderConfig, BaseCreateMultiFactorInfoRequest, BaseUpdateMultiFactorInfoRequest, CreateMultiFactorInfoRequest, CreatePhoneMultiFactorInfoRequest, CreateRequest, EmailSignInProviderConfig, ListProviderConfigResults, MultiFactorConfig, MultiFactorConfigState, MultiFactorCreateSettings, MultiFactorUpdateSettings, MultiFactorProviderConfig, OAuthResponseType, OIDCAuthProviderConfig, OIDCUpdateAuthProviderRequest, RecaptchaAction, RecaptchaConfig, RecaptchaKey, RecaptchaKeyClientType, RecaptchaManagedRule, RecaptchaProviderEnforcementState, SAMLAuthProviderConfig, SAMLUpdateAuthProviderRequest, SmsRegionConfig, UserProvider, UpdateAuthProviderRequest, UpdateMultiFactorInfoRequest, UpdatePhoneMultiFactorInfoRequest, UpdateRequest, TotpMultiFactorProviderConfig, } from './auth-config';
 export { BaseAuth, DeleteUsersResult, GetUsersResult, ListUsersResult, SessionCookieOptions, } from './base-auth';
 export { EmailIdentifier, PhoneIdentifier, ProviderIdentifier, UidIdentifier, UserIdentifier, } from './identifier';
 export { CreateTenantRequest, Tenant, UpdateTenantRequest, } from './tenant';

package/lib/auth/index.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.6.0 */
+/*! firebase-admin v11.8.0 */
 "use strict";
 /*!
  * Copyright 2020 Google Inc.