firebase-admin 13.6.1 → 13.8.0

package/lib/phone-number-verification/index.js

@@ -0,0 +1,60 @@
+/*! firebase-admin v13.8.0 */
+"use strict";
+/*!
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PhoneNumberVerification = void 0;
+exports.getPhoneNumberVerification = getPhoneNumberVerification;
+/**
+ * Firebase Phone Number Verification.
+ *
+ * @packageDocumentation
+ */
+const app_1 = require("../app");
+const phone_number_verification_1 = require("./phone-number-verification");
+var phone_number_verification_2 = require("./phone-number-verification");
+Object.defineProperty(exports, "PhoneNumberVerification", { enumerable: true, get: function () { return phone_number_verification_2.PhoneNumberVerification; } });
+/**
+ * Gets the {@link PhoneNumberVerification} service for the default app or a
+ * given app.
+ *
+ * `getPhoneNumberVerification()` can be called with no arguments to access the default app's
+ * {@link PhoneNumberVerification} service or as `getPhoneNumberVerification(app)` to access the
+ * {@link PhoneNumberVerification} service associated with a specific app.
+ *
+ * @example
+ * ```javascript
+ * // Get the PhoneNumberVerification service for the default app
+ * const defaultPnv = getPhoneNumberVerification();
+ * ```
+ *
+ * @example
+ * ```javascript
+ * // Get the PhoneNumberVerification service for a given app
+ * const otherPnv = getPhoneNumberVerification(otherApp);
+ * ```
+ *
+ * @returns The {@link PhoneNumberVerification} service associated with the provided app.
+ *
+ */
+function getPhoneNumberVerification(app) {
+    if (typeof app === 'undefined') {
+        app = (0, app_1.getApp)();
+    }
+    const firebaseApp = app;
+    return firebaseApp.getOrInitService('phone-number-verification', (app) => new phone_number_verification_1.PhoneNumberVerification(app));
+}

package/lib/phone-number-verification/phone-number-verification-api-client-internal.d.ts

@@ -0,0 +1,48 @@
+/*! firebase-admin v13.8.0 */
+/*!
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { PrefixedFirebaseError } from '../utils/error';
+export interface FirebasePhoneNumberTokenInfo {
+    /** Documentation URL. */
+    url: string;
+    /** verify API name. */
+    verifyApiName: string;
+    /** The JWT full name. */
+    jwtName: string;
+    /** The JWT short name. */
+    shortName: string;
+    /** The JWT typ (Type) */
+    typ: string;
+}
+export declare const JWKS_URL = "https://fpnv.googleapis.com/v1beta/jwks";
+export declare const FPNV_TOKEN_INFO: FirebasePhoneNumberTokenInfo;
+export declare const FPNV_ERROR_CODE_MAPPING: {
+    INVALID_ARGUMENT: "invalid-argument";
+    INVALID_TOKEN: "invalid-token";
+    EXPIRED_TOKEN: "expired-token";
+};
+export type PhoneNumberVerificationErrorCode = 'invalid-argument' | 'invalid-token' | 'expired-token';
+/**
+ * Firebase Phone Number Verification error code structure. This extends `PrefixedFirebaseError`.
+ *
+ * @param code - The error code.
+ * @param message - The error message.
+ * @constructor
+ */
+export declare class FirebasePhoneNumberVerificationError extends PrefixedFirebaseError {
+    constructor(code: PhoneNumberVerificationErrorCode, message: string);
+}

package/lib/phone-number-verification/phone-number-verification-api-client-internal.js

@@ -0,0 +1,52 @@
+/*! firebase-admin v13.8.0 */
+"use strict";
+/*!
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FirebasePhoneNumberVerificationError = exports.FPNV_ERROR_CODE_MAPPING = exports.FPNV_TOKEN_INFO = exports.JWKS_URL = void 0;
+const error_1 = require("../utils/error");
+exports.JWKS_URL = 'https://fpnv.googleapis.com/v1beta/jwks';
+exports.FPNV_TOKEN_INFO = {
+    url: 'https://firebase.google.com/docs/phone-number-verification',
+    verifyApiName: 'verifyToken()',
+    jwtName: 'Firebase Phone Verification token',
+    shortName: 'FPNV token',
+    typ: 'JWT',
+};
+exports.FPNV_ERROR_CODE_MAPPING = {
+    INVALID_ARGUMENT: 'invalid-argument',
+    INVALID_TOKEN: 'invalid-token',
+    EXPIRED_TOKEN: 'expired-token',
+};
+/**
+ * Firebase Phone Number Verification error code structure. This extends `PrefixedFirebaseError`.
+ *
+ * @param code - The error code.
+ * @param message - The error message.
+ * @constructor
+ */
+class FirebasePhoneNumberVerificationError extends error_1.PrefixedFirebaseError {
+    constructor(code, message) {
+        super('phone-number-verification', code, message);
+        /* tslint:disable:max-line-length */
+        // Set the prototype explicitly. See the following link for more details:
+        // https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes#extending-built-ins-like-error-array-and-map-may-no-longer-work
+        /* tslint:enable:max-line-length */
+        this.__proto__ = FirebasePhoneNumberVerificationError.prototype;
+    }
+}
+exports.FirebasePhoneNumberVerificationError = FirebasePhoneNumberVerificationError;

package/lib/phone-number-verification/phone-number-verification-api.d.ts

@@ -0,0 +1,72 @@
+/*! firebase-admin v13.8.0 */
+/*!
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Interface representing a PhoneNumberVerification token.
+ */
+export interface PhoneNumberVerificationToken {
+    /**
+     * The issuer identifier for the issuer of the response.
+     * This value is a URL with the format
+     * `https://fpnv.googleapis.com/projects/<PROJECT_NUMBER>`, where `<PROJECT_NUMBER>` is the
+     * project number of your Firebase project, and the
+     * same project number specified in the {@link PhoneNumberVerificationToken.aud} property.
+     */
+    iss: string;
+    /**
+     * The audience for which this token is intended.
+     * This value is a JSON array of two strings, the first is the project number of your
+     * Firebase project, and the second is the project ID of the same project.
+     */
+    aud: string[];
+    /**
+     * The PhoneNumber Verification token's expiration time, in seconds since the Unix epoch. That is, the
+     * time at which this PhoneNumber Verification token expires and should no longer be considered valid.
+     */
+    exp: number;
+    /**
+     * The PhoneNumber Verification token's issued-at time, in seconds since the Unix epoch. That is, the
+     * time at which this PhoneNumber Verification token was issued and should start to be considered
+     * valid.
+     */
+    iat: number;
+    /**
+     * The phone number corresponding to this token.
+     * As a convenience, this value is copied over to the
+     * {@link PhoneNumberVerificationToken.phoneNumber | phoneNumber} property.
+     */
+    sub: string;
+    /**
+     * A case-sensitive string that uniquely identifies a specific JWT instance
+     */
+    jti: string;
+    /**
+     * A unique, single-use "number used once" value.
+     */
+    nonce: string;
+    /**
+     * The corresponding user's phone number.
+     * This value is not actually one of the JWT token claims. It is added as a
+     * convenience, and is set as the value of the {@link PhoneNumberVerificationToken.sub} property.
+     */
+    phoneNumber: string;
+    /**
+     * Other arbitrary claims included in the token.
+     */
+    [key: string]: any;
+}
+export { PhoneNumberVerificationErrorCode, FirebasePhoneNumberVerificationError, } from './phone-number-verification-api-client-internal';

package/lib/phone-number-verification/phone-number-verification-api.js

@@ -0,0 +1,22 @@
+/*! firebase-admin v13.8.0 */
+"use strict";
+/*!
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FirebasePhoneNumberVerificationError = void 0;
+var phone_number_verification_api_client_internal_1 = require("./phone-number-verification-api-client-internal");
+Object.defineProperty(exports, "FirebasePhoneNumberVerificationError", { enumerable: true, get: function () { return phone_number_verification_api_client_internal_1.FirebasePhoneNumberVerificationError; } });

package/lib/phone-number-verification/phone-number-verification.d.ts

@@ -0,0 +1,39 @@
+/*! firebase-admin v13.8.0 */
+/*!
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { App } from '../app';
+import { PhoneNumberVerificationToken } from './phone-number-verification-api';
+/**
+ * PhoneNumberVerification service bound to the provided app.
+ */
+export declare class PhoneNumberVerification {
+    private readonly appInternal;
+    private readonly phoneNumberVerificationVerifier;
+    /**
+     * Returns the app associated with this `PhoneNumberVerification` instance.
+     *
+     * @returns The app associated with this `PhoneNumberVerification` instance.
+     */
+    get app(): App;
+    /**
+     * Verifies a Firebase Phone Number Verification token.
+     *
+     * @param jwt - A string containing the Firebase Phone Number Verification JWT.
+     * @returns A promise that resolves with the decoded token.
+     */
+    verifyToken(jwt: string): Promise<PhoneNumberVerificationToken>;
+}

package/lib/phone-number-verification/phone-number-verification.js

@@ -0,0 +1,54 @@
+/*! firebase-admin v13.8.0 */
+"use strict";
+/*!
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PhoneNumberVerification = void 0;
+const token_verifier_1 = require("./token-verifier");
+const phone_number_verification_api_client_internal_1 = require("./phone-number-verification-api-client-internal");
+/**
+ * PhoneNumberVerification service bound to the provided app.
+ */
+class PhoneNumberVerification {
+    /**
+     * @param app - The app for this `PhoneNumberVerification` service.
+     * @constructor
+     * @internal
+     */
+    constructor(app) {
+        this.appInternal = app;
+        this.phoneNumberVerificationVerifier = new token_verifier_1.PhoneNumberTokenVerifier(phone_number_verification_api_client_internal_1.JWKS_URL, 'https://fpnv.googleapis.com/projects/', phone_number_verification_api_client_internal_1.FPNV_TOKEN_INFO, app);
+    }
+    /**
+     * Returns the app associated with this `PhoneNumberVerification` instance.
+     *
+     * @returns The app associated with this `PhoneNumberVerification` instance.
+     */
+    get app() {
+        return this.appInternal;
+    }
+    /**
+     * Verifies a Firebase Phone Number Verification token.
+     *
+     * @param jwt - A string containing the Firebase Phone Number Verification JWT.
+     * @returns A promise that resolves with the decoded token.
+     */
+    verifyToken(jwt) {
+        return this.phoneNumberVerificationVerifier.verifyJWT(jwt);
+    }
+}
+exports.PhoneNumberVerification = PhoneNumberVerification;

package/lib/phone-number-verification/token-verifier.d.ts

@@ -0,0 +1,35 @@
+/*! firebase-admin v13.8.0 */
+/*!
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { App } from '../app';
+import { PhoneNumberVerificationToken } from './phone-number-verification-api';
+import { FirebasePhoneNumberTokenInfo } from './phone-number-verification-api-client-internal';
+export declare class PhoneNumberTokenVerifier {
+    private readonly issuer;
+    private readonly tokenInfo;
+    private readonly app;
+    private readonly shortNameArticle;
+    private readonly signatureVerifier;
+    constructor(jwksUrl: string, issuer: string, tokenInfo: FirebasePhoneNumberTokenInfo, app: App);
+    verifyJWT(jwtToken: string): Promise<PhoneNumberVerificationToken>;
+    private ensureProjectId;
+    private decodeAndVerify;
+    private safeDecode;
+    private verifyContent;
+    private verifySignature;
+    private mapJwtErrorToAuthError;
+}

package/lib/phone-number-verification/token-verifier.js

@@ -0,0 +1,170 @@
+/*! firebase-admin v13.8.0 */
+"use strict";
+/*!
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PhoneNumberTokenVerifier = void 0;
+const phone_number_verification_api_1 = require("./phone-number-verification-api");
+const util = require("../utils/index");
+const validator = require("../utils/validator");
+const jwt_1 = require("../utils/jwt");
+const phone_number_verification_api_client_internal_1 = require("./phone-number-verification-api-client-internal");
+class PhoneNumberTokenVerifier {
+    constructor(jwksUrl, issuer, tokenInfo, app) {
+        this.issuer = issuer;
+        this.tokenInfo = tokenInfo;
+        this.app = app;
+        if (!validator.isURL(jwksUrl)) {
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, 'The provided public client certificate URL is an invalid URL.');
+        }
+        else if (!validator.isURL(issuer)) {
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, 'The provided JWT issuer is an invalid URL.');
+        }
+        else if (!validator.isNonNullObject(tokenInfo)) {
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, 'The provided JWT information is not an object or null.');
+        }
+        else if (!validator.isURL(tokenInfo.url)) {
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, 'The provided JWT verification documentation URL is invalid.');
+        }
+        else if (!validator.isNonEmptyString(tokenInfo.verifyApiName)) {
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, 'The JWT verify API name must be a non-empty string.');
+        }
+        else if (!validator.isNonEmptyString(tokenInfo.jwtName)) {
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, 'The JWT public full name must be a non-empty string.');
+        }
+        else if (!validator.isNonEmptyString(tokenInfo.shortName)) {
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, 'The JWT public short name must be a non-empty string.');
+        }
+        this.shortNameArticle = tokenInfo.shortName.charAt(0).match(/[aeiou]/i) ? 'an' : 'a';
+        this.signatureVerifier = jwt_1.PublicKeySignatureVerifier.withJwksUrl(jwksUrl, app.options.httpAgent);
+        // Project ID is validated in the verification call.
+    }
+    async verifyJWT(jwtToken) {
+        if (!validator.isString(jwtToken)) {
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_TOKEN, `First argument to ${this.tokenInfo.verifyApiName} must be a string.`);
+        }
+        const projectId = await this.ensureProjectId();
+        const decoded = await this.decodeAndVerify(jwtToken, projectId);
+        const decodedIdToken = decoded.payload;
+        decodedIdToken.phoneNumber = decodedIdToken.sub;
+        return decodedIdToken;
+    }
+    async ensureProjectId() {
+        const projectId = await util.findProjectId(this.app);
+        if (!validator.isNonEmptyString(projectId)) {
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, 'Must initialize app with a cert credential or set your Firebase project ID as the ' +
+                `GOOGLE_CLOUD_PROJECT environment variable to call ${this.tokenInfo.verifyApiName}.`);
+        }
+        return projectId;
+    }
+    async decodeAndVerify(token, projectId) {
+        const decodedToken = await this.safeDecode(token);
+        this.verifyContent(decodedToken, projectId);
+        await this.verifySignature(token);
+        return decodedToken;
+    }
+    async safeDecode(jwtToken) {
+        try {
+            return await (0, jwt_1.decodeJwt)(jwtToken);
+        }
+        catch (err) {
+            if (err.code === jwt_1.JwtErrorCode.INVALID_ARGUMENT) {
+                const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
+                    `for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
+                const errorMessage = `Decoding ${this.tokenInfo.jwtName} failed. Make sure you passed ` +
+                    `the entire string JWT which represents ${this.shortNameArticle} ` +
+                    `${this.tokenInfo.shortName}.` + verifyJwtTokenDocsMessage;
+                throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, errorMessage);
+            }
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, err.message);
+        }
+    }
+    verifyContent(fullDecodedToken, projectId) {
+        const header = fullDecodedToken && fullDecodedToken.header;
+        const payload = fullDecodedToken && fullDecodedToken.payload;
+        const projectIdMatchMessage = ` Make sure the ${this.tokenInfo.shortName} comes from the same ` +
+            'Firebase project as the service account used to authenticate this SDK.';
+        const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
+            `for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
+        const scopedProjectId = `${this.issuer}${projectId}`;
+        let errorMessage;
+        // JWT Header
+        if (!header || typeof header.kid === 'undefined') {
+            errorMessage = `${this.tokenInfo.jwtName} has no "kid" claim.`;
+            errorMessage += verifyJwtTokenDocsMessage;
+        }
+        else if (header.alg !== jwt_1.ALGORITHM_ES256) {
+            errorMessage = `${this.tokenInfo.jwtName} has incorrect algorithm. Expected ` +
+                `"${jwt_1.ALGORITHM_ES256}" but got "${header.alg}". ${verifyJwtTokenDocsMessage}`;
+        }
+        else if (header.typ !== this.tokenInfo.typ) {
+            errorMessage = `${this.tokenInfo.jwtName} has incorrect typ. Expected "${this.tokenInfo.typ}" but got ` +
+                `"${header.typ}". ${verifyJwtTokenDocsMessage}`;
+        }
+        // FPNV Token
+        else if (!payload) {
+            errorMessage = `${this.tokenInfo.jwtName} has no payload. ${verifyJwtTokenDocsMessage}`;
+        }
+        else if (typeof payload.iss !== 'string' || !payload.iss.startsWith(this.issuer)) {
+            errorMessage = `${this.tokenInfo.jwtName} has incorrect "iss" (issuer) claim. Expected ` +
+                `an issuer starting with "${this.issuer}" but got "${payload.iss}".`
+                + ` ${projectIdMatchMessage} ${verifyJwtTokenDocsMessage}`;
+        }
+        else if (!validator.isNonEmptyArray(payload.aud) || !payload.aud.includes(scopedProjectId)) {
+            errorMessage = `${this.tokenInfo.jwtName} has incorrect "aud" (audience) claim. Expected ` +
+                `"${scopedProjectId}" to be one of "${payload.aud}". ${projectIdMatchMessage} ${verifyJwtTokenDocsMessage}`;
+        }
+        else if (typeof payload.sub !== 'string') {
+            errorMessage = `${this.tokenInfo.jwtName} has no "sub" (subject) claim. ${verifyJwtTokenDocsMessage}`;
+        }
+        else if (payload.sub === '') {
+            errorMessage = `${this.tokenInfo.jwtName} has an empty "sub" (subject) claim. ${verifyJwtTokenDocsMessage}`;
+        }
+        if (errorMessage) {
+            throw new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, errorMessage);
+        }
+    }
+    async verifySignature(jwtToken) {
+        try {
+            return await this.signatureVerifier.verify(jwtToken);
+        }
+        catch (error) {
+            throw this.mapJwtErrorToAuthError(error);
+        }
+    }
+    mapJwtErrorToAuthError(error) {
+        const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
+            `for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
+        if (error.code === jwt_1.JwtErrorCode.TOKEN_EXPIRED) {
+            const errorMessage = `${this.tokenInfo.jwtName} has expired. Get a fresh ${this.tokenInfo.shortName}` +
+                ` from your client app and try again. ${verifyJwtTokenDocsMessage}`;
+            return new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.EXPIRED_TOKEN, errorMessage);
+        }
+        else if (error.code === jwt_1.JwtErrorCode.INVALID_SIGNATURE) {
+            const errorMessage = `${this.tokenInfo.jwtName} has invalid signature. ${verifyJwtTokenDocsMessage}`;
+            return new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, errorMessage);
+        }
+        else if (error.code === jwt_1.JwtErrorCode.NO_MATCHING_KID) {
+            const errorMessage = `${this.tokenInfo.jwtName} has "kid" claim which does not ` +
+                `correspond to a known public key. Most likely the ${this.tokenInfo.shortName} ` +
+                'is expired, so get a fresh token from your client app and try again.';
+            return new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, errorMessage);
+        }
+        return new phone_number_verification_api_1.FirebasePhoneNumberVerificationError(phone_number_verification_api_client_internal_1.FPNV_ERROR_CODE_MAPPING.INVALID_ARGUMENT, error.message);
+    }
+}
+exports.PhoneNumberTokenVerifier = PhoneNumberTokenVerifier;

package/lib/project-management/android-app.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 /*!
  * Copyright 2018 Google LLC
  *

package/lib/project-management/android-app.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 "use strict";
 /*!
  * Copyright 2018 Google LLC

package/lib/project-management/app-metadata.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 /*!
  * Copyright 2021 Google LLC
  *

package/lib/project-management/app-metadata.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 "use strict";
 /*!
  * Copyright 2021 Google LLC

package/lib/project-management/index.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 /*!
  * Copyright 2020 Google LLC
  *

package/lib/project-management/index.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 "use strict";
 /*!
  * Copyright 2020 Google LLC

package/lib/project-management/ios-app.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 /*!
  * Copyright 2018 Google LLC
  *

package/lib/project-management/ios-app.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 "use strict";
 /*!
  * Copyright 2018 Google LLC

package/lib/project-management/project-management-api-request-internal.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 /*!
  * Copyright 2018 Google LLC
  *

package/lib/project-management/project-management-api-request-internal.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 "use strict";
 /*!
  * Copyright 2018 Google LLC

package/lib/project-management/project-management-namespace.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 /*!
  * Copyright 2021 Google LLC
  *

package/lib/project-management/project-management-namespace.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 "use strict";
 /*!
  * Copyright 2021 Google LLC

package/lib/project-management/project-management.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 /*!
  * Copyright 2018 Google LLC
  *

package/lib/project-management/project-management.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v13.6.1 */
+/*! firebase-admin v13.8.0 */
 "use strict";
 /*!
  * Copyright 2018 Google LLC