firebase-admin 9.100.0-alpha.0 → 10.0.2

package/lib/auth/auth-api-request.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v9.100.0-alpha.0 */
+/*! firebase-admin v10.0.2 */
 "use strict";
 /*!
  * @license
@@ -96,8 +96,8 @@ var AuthResourceUrlBuilder = /** @class */ (function () {
     /**
      * The resource URL builder constructor.
      *
-     * @param {string} projectId The resource project ID.
-     * @param {string} version The endpoint API version.
+     * @param projectId - The resource project ID.
+     * @param version - The endpoint API version.
      * @constructor
      */
     function AuthResourceUrlBuilder(app, version) {
@@ -116,10 +116,10 @@ var AuthResourceUrlBuilder = /** @class */ (function () {
     /**
      * Returns the resource URL corresponding to the provided parameters.
      *
-     * @param {string=} api The backend API name.
-     * @param {object=} params The optional additional parameters to substitute in the
+     * @param api - The backend API name.
+     * @param params - The optional additional parameters to substitute in the
      *     URL path.
-     * @return {Promise<string>} The corresponding resource URL.
+     * @returns The corresponding resource URL.
      */
     AuthResourceUrlBuilder.prototype.getUrl = function (api, params) {
         var _this = this;
@@ -159,9 +159,9 @@ var TenantAwareAuthResourceUrlBuilder = /** @class */ (function (_super) {
     /**
      * The tenant aware resource URL builder constructor.
      *
-     * @param {string} projectId The resource project ID.
-     * @param {string} version The endpoint API version.
-     * @param {string} tenantId The tenant ID.
+     * @param projectId - The resource project ID.
+     * @param version - The endpoint API version.
+     * @param tenantId - The tenant ID.
      * @constructor
      */
     function TenantAwareAuthResourceUrlBuilder(app, version, tenantId) {
@@ -182,10 +182,10 @@ var TenantAwareAuthResourceUrlBuilder = /** @class */ (function (_super) {
     /**
      * Returns the resource URL corresponding to the provided parameters.
      *
-     * @param {string=} api The backend API name.
-     * @param {object=} params The optional additional parameters to substitute in the
+     * @param api - The backend API name.
+     * @param params - The optional additional parameters to substitute in the
      *     URL path.
-     * @return {Promise<string>} The corresponding resource URL.
+     * @returns The corresponding resource URL.
      */
     TenantAwareAuthResourceUrlBuilder.prototype.getUrl = function (api, params) {
         var _this = this;
@@ -218,10 +218,9 @@ var AuthHttpClient = /** @class */ (function (_super) {
  * are removed from the original request. If an invalid field is passed
  * an error is thrown.
  *
- * @param request The AuthFactorInfo request object.
- * @param writeOperationType The write operation type.
+ * @param request - The AuthFactorInfo request object.
  */
-function validateAuthFactorInfo(request, writeOperationType) {
+function validateAuthFactorInfo(request) {
     var validKeys = {
         mfaEnrollmentId: true,
         displayName: true,
@@ -236,8 +235,8 @@ function validateAuthFactorInfo(request, writeOperationType) {
     }
     // No enrollment ID is available for signupNewUser. Use another identifier.
     var authFactorInfoIdentifier = request.mfaEnrollmentId || request.phoneInfo || JSON.stringify(request);
-    var uidRequired = writeOperationType !== WriteOperationType.Create;
-    if ((typeof request.mfaEnrollmentId !== 'undefined' || uidRequired) &&
+    // Enrollment uid may or may not be specified for update operations.
+    if (typeof request.mfaEnrollmentId !== 'undefined' &&
         !validator.isNonEmptyString(request.mfaEnrollmentId)) {
         throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_UID, 'The second factor "uid" must be a valid non-empty string.');
     }
@@ -270,7 +269,7 @@ function validateAuthFactorInfo(request, writeOperationType) {
  * are removed from the original request. If an invalid field is passed
  * an error is thrown.
  *
- * @param {any} request The providerUserInfo request object.
+ * @param request - The providerUserInfo request object.
  */
 function validateProviderUserInfo(request) {
     var validKeys = {
@@ -315,8 +314,8 @@ function validateProviderUserInfo(request) {
  * are removed from the original request. If an invalid field is passed
  * an error is thrown.
  *
- * @param request The create/edit request object.
- * @param writeOperationType The write operation type.
+ * @param request - The create/edit request object.
+ * @param writeOperationType - The write operation type.
  */
 function validateCreateEditRequest(request, writeOperationType) {
     var uploadAccountRequest = writeOperationType === WriteOperationType.Upload;
@@ -337,6 +336,8 @@ function validateCreateEditRequest(request, writeOperationType) {
         phoneNumber: true,
         customAttributes: true,
         validSince: true,
+        // Pass linkProviderUserInfo only for updates (i.e. not for uploads.)
+        linkProviderUserInfo: !uploadAccountRequest,
         // Pass tenantId only for uploadAccount requests.
         tenantId: uploadAccountRequest,
         passwordHash: uploadAccountRequest,
@@ -481,6 +482,10 @@ function validateCreateEditRequest(request, writeOperationType) {
             validateProviderUserInfo(providerUserInfoEntry);
         });
     }
+    // linkProviderUserInfo must be a (single) UserProvider value.
+    if (typeof request.linkProviderUserInfo !== 'undefined') {
+        validateProviderUserInfo(request.linkProviderUserInfo);
+    }
     // mfaInfo is used for importUsers.
     // mfa.enrollments is used for setAccountInfo.
     // enrollments has to be an array of valid AuthFactorInfo requests.
@@ -496,7 +501,7 @@ function validateCreateEditRequest(request, writeOperationType) {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ENROLLED_FACTORS);
         }
         enrollments.forEach(function (authFactorInfoEntry) {
-            validateAuthFactorInfo(authFactorInfoEntry, writeOperationType);
+            validateAuthFactorInfo(authFactorInfoEntry);
         });
     }
 }
@@ -831,7 +836,7 @@ var LIST_INBOUND_SAML_CONFIGS = new api_request_1.ApiSettings('/inboundSamlConfi
  */
 var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
-     * @param {FirebaseApp} app The app used to fetch access tokens to sign API requests.
+     * @param app - The app used to fetch access tokens to sign API requests.
      * @constructor
      */
     function AbstractAuthRequestHandler(app) {
@@ -842,8 +847,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
         this.httpClient = new AuthHttpClient(app);
     }
     /**
-     * @param {any} response The response to check for errors.
-     * @return {string|null} The error code if present; null otherwise.
+     * @param response - The response to check for errors.
+     * @returns The error code if present; null otherwise.
      */
     AbstractAuthRequestHandler.getErrorCode = function (response) {
         return (validator.isNonNullObject(response) && response.error && response.error.message) || null;
@@ -890,10 +895,10 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
      * session management (set as a server side session cookie with custom cookie policy).
      * The session cookie JWT will have the same payload claims as the provided ID token.
      *
-     * @param {string} idToken The Firebase ID token to exchange for a session cookie.
-     * @param {number} expiresIn The session cookie duration in milliseconds.
+     * @param idToken - The Firebase ID token to exchange for a session cookie.
+     * @param expiresIn - The session cookie duration in milliseconds.
      *
-     * @return {Promise<string>} A promise that resolves on success with the created session cookie.
+     * @returns A promise that resolves on success with the created session cookie.
      */
     AbstractAuthRequestHandler.prototype.createSessionCookie = function (idToken, expiresIn) {
         var request = {
@@ -907,8 +912,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Looks up a user by uid.
      *
-     * @param {string} uid The uid of the user to lookup.
-     * @return {Promise<object>} A promise that resolves with the user information.
+     * @param uid - The uid of the user to lookup.
+     * @returns A promise that resolves with the user information.
      */
     AbstractAuthRequestHandler.prototype.getAccountInfoByUid = function (uid) {
         if (!validator.isUid(uid)) {
@@ -922,8 +927,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Looks up a user by email.
      *
-     * @param {string} email The email of the user to lookup.
-     * @return {Promise<object>} A promise that resolves with the user information.
+     * @param email - The email of the user to lookup.
+     * @returns A promise that resolves with the user information.
      */
     AbstractAuthRequestHandler.prototype.getAccountInfoByEmail = function (email) {
         if (!validator.isEmail(email)) {
@@ -937,8 +942,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Looks up a user by phone number.
      *
-     * @param {string} phoneNumber The phone number of the user to lookup.
-     * @return {Promise<object>} A promise that resolves with the user information.
+     * @param phoneNumber - The phone number of the user to lookup.
+     * @returns A promise that resolves with the user information.
      */
     AbstractAuthRequestHandler.prototype.getAccountInfoByPhoneNumber = function (phoneNumber) {
         if (!validator.isPhoneNumber(phoneNumber)) {
@@ -949,12 +954,24 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
         };
         return this.invokeRequestHandler(this.getAuthUrlBuilder(), exports.FIREBASE_AUTH_GET_ACCOUNT_INFO, request);
     };
+    AbstractAuthRequestHandler.prototype.getAccountInfoByFederatedUid = function (providerId, rawId) {
+        if (!validator.isNonEmptyString(providerId) || !validator.isNonEmptyString(rawId)) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_PROVIDER_ID);
+        }
+        var request = {
+            federatedUserId: [{
+                    providerId: providerId,
+                    rawId: rawId,
+                }],
+        };
+        return this.invokeRequestHandler(this.getAuthUrlBuilder(), exports.FIREBASE_AUTH_GET_ACCOUNT_INFO, request);
+    };
     /**
      * Looks up multiple users by their identifiers (uid, email, etc).
      *
-     * @param {UserIdentifier[]} identifiers The identifiers indicating the users
+     * @param identifiers - The identifiers indicating the users
      *     to be looked up. Must have <= 100 entries.
-     * @param {Promise<object>} A promise that resolves with the set of successfully
+     * @param A - promise that resolves with the set of successfully
      *     looked up users. Possibly empty if no users were looked up.
      */
     AbstractAuthRequestHandler.prototype.getAccountInfoByIdentifiers = function (identifiers) {
@@ -989,12 +1006,12 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
      * Exports the users (single batch only) with a size of maxResults and starting from
      * the offset as specified by pageToken.
      *
-     * @param {number=} maxResults The page size, 1000 if undefined. This is also the maximum
+     * @param maxResults - The page size, 1000 if undefined. This is also the maximum
      *     allowed limit.
-     * @param {string=} pageToken The next page token. If not specified, returns users starting
+     * @param pageToken - The next page token. If not specified, returns users starting
      *     without any offset. Users are returned in the order they were created from oldest to
      *     newest, relative to the page token offset.
-     * @return {Promise<object>} A promise that resolves with the current batch of downloaded
+     * @returns A promise that resolves with the current batch of downloaded
      *     users and the next page token if available. For the last page, an empty list of users
      *     and no page token are returned.
      */
@@ -1024,10 +1041,10 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
      * At most, 1000 users are allowed to be imported one at a time.
      * When importing a list of password users, UserImportOptions are required to be specified.
      *
-     * @param {UserImportRecord[]} users The list of user records to import to Firebase Auth.
-     * @param {UserImportOptions=} options The user import options, required when the users provided
+     * @param users - The list of user records to import to Firebase Auth.
+     * @param options - The user import options, required when the users provided
      *     include password credentials.
-     * @return {Promise<UserImportResult>} A promise that resolves when the operation completes
+     * @returns A promise that resolves when the operation completes
      *     with the result of the import. This includes the number of successful imports, the number
      *     of failed uploads and their corresponding errors.
      */
@@ -1061,8 +1078,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Deletes an account identified by a uid.
      *
-     * @param {string} uid The uid of the user to delete.
-     * @return {Promise<object>} A promise that resolves when the user is deleted.
+     * @param uid - The uid of the user to delete.
+     * @returns A promise that resolves when the user is deleted.
      */
     AbstractAuthRequestHandler.prototype.deleteAccount = function (uid) {
         if (!validator.isUid(uid)) {
@@ -1095,9 +1112,9 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Sets additional developer claims on an existing user identified by provided UID.
      *
-     * @param {string} uid The user to edit.
-     * @param {object} customUserClaims The developer claims to set.
-     * @return {Promise<string>} A promise that resolves when the operation completes
+     * @param uid - The user to edit.
+     * @param customUserClaims - The developer claims to set.
+     * @returns A promise that resolves when the operation completes
      *     with the user id that was edited.
      */
     AbstractAuthRequestHandler.prototype.setCustomUserClaims = function (uid, customUserClaims) {
@@ -1125,9 +1142,9 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Edits an existing user.
      *
-     * @param {string} uid The user to edit.
-     * @param {object} properties The properties to set on the user.
-     * @return {Promise<string>} A promise that resolves when the operation completes
+     * @param uid - The user to edit.
+     * @param properties - The properties to set on the user.
+     * @returns A promise that resolves when the operation completes
      *     with the user id that was edited.
      */
     AbstractAuthRequestHandler.prototype.updateExistingAccount = function (uid, properties) {
@@ -1137,6 +1154,26 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
         else if (!validator.isNonNullObject(properties)) {
             return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'Properties argument must be a non-null object.'));
         }
+        else if (validator.isNonNullObject(properties.providerToLink)) {
+            // TODO(rsgowman): These checks overlap somewhat with
+            // validateProviderUserInfo. It may be possible to refactor a bit.
+            if (!validator.isNonEmptyString(properties.providerToLink.providerId)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'providerToLink.providerId of properties argument must be a non-empty string.');
+            }
+            if (!validator.isNonEmptyString(properties.providerToLink.uid)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'providerToLink.uid of properties argument must be a non-empty string.');
+            }
+        }
+        else if (typeof properties.providersToUnlink !== 'undefined') {
+            if (!validator.isArray(properties.providersToUnlink)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'providersToUnlink of properties argument must be an array of strings.');
+            }
+            properties.providersToUnlink.forEach(function (providerId) {
+                if (!validator.isNonEmptyString(providerId)) {
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'providersToUnlink of properties argument must be an array of strings.');
+                }
+            });
+        }
         // Build the setAccountInfo request.
         var request = deep_copy_1.deepCopy(properties);
         request.localId = uid;
@@ -1167,14 +1204,22 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
         // It will be removed from the backend request and an additional parameter
         // deleteProvider: ['phone'] with an array of providerIds (phone in this case),
         // will be passed.
-        // Currently this applies to phone provider only.
         if (request.phoneNumber === null) {
-            request.deleteProvider = ['phone'];
+            request.deleteProvider ? request.deleteProvider.push('phone') : request.deleteProvider = ['phone'];
             delete request.phoneNumber;
         }
-        else {
-            // Doesn't apply to other providers in admin SDK.
-            delete request.deleteProvider;
+        if (typeof (request.providerToLink) !== 'undefined') {
+            request.linkProviderUserInfo = deep_copy_1.deepCopy(request.providerToLink);
+            delete request.providerToLink;
+            request.linkProviderUserInfo.rawId = request.linkProviderUserInfo.uid;
+            delete request.linkProviderUserInfo.uid;
+        }
+        if (typeof (request.providersToUnlink) !== 'undefined') {
+            if (!validator.isArray(request.deleteProvider)) {
+                request.deleteProvider = [];
+            }
+            request.deleteProvider = request.deleteProvider.concat(request.providersToUnlink);
+            delete request.providersToUnlink;
         }
         // Rewrite photoURL to photoUrl.
         if (typeof request.photoURL !== 'undefined') {
@@ -1224,8 +1269,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
      * the same second as the revocation will still be valid. If there is a chance that a token
      * was minted in the last second, delay for 1 second before revoking.
      *
-     * @param {string} uid The user whose tokens are to be revoked.
-     * @return {Promise<string>} A promise that resolves when the operation completes
+     * @param uid - The user whose tokens are to be revoked.
+     * @returns A promise that resolves when the operation completes
      *     successfully with the user id of the corresponding user.
      */
     AbstractAuthRequestHandler.prototype.revokeRefreshTokens = function (uid) {
@@ -1246,15 +1291,14 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Create a new user with the properties supplied.
      *
-     * @param {object} properties The properties to set on the user.
-     * @return {Promise<string>} A promise that resolves when the operation completes
+     * @param properties - The properties to set on the user.
+     * @returns A promise that resolves when the operation completes
      *     with the user id that was created.
      */
     AbstractAuthRequestHandler.prototype.createNewAccount = function (properties) {
         if (!validator.isNonNullObject(properties)) {
             return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'Properties argument must be a non-null object.'));
         }
-        // Build the signupNewUser request.
         var request = deep_copy_1.deepCopy(properties);
         // Rewrite photoURL to photoUrl.
         if (typeof request.photoURL !== 'undefined') {
@@ -1274,10 +1318,10 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
                     request.multiFactor.enrolledFactors.forEach(function (multiFactorInfo) {
                         // Enrollment time and uid are not allowed for signupNewUser endpoint.
                         // They will automatically be provisioned server side.
-                        if (multiFactorInfo.enrollmentTime) {
+                        if ('enrollmentTime' in multiFactorInfo) {
                             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"enrollmentTime" is not supported when adding second factors via "createUser()"');
                         }
-                        else if (multiFactorInfo.uid) {
+                        else if ('uid' in multiFactorInfo) {
                             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"uid" is not supported when adding second factors via "createUser()"');
                         }
                         mfaInfo_1.push(user_import_builder_1.convertMultiFactorInfoToServerFormat(multiFactorInfo));
@@ -1300,13 +1344,13 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
      * Generates the out of band email action link for the email specified using the action code settings provided.
      * Returns a promise that resolves with the generated link.
      *
-     * @param {string} requestType The request type. This could be either used for password reset,
+     * @param requestType - The request type. This could be either used for password reset,
      *     email verification, email link sign-in.
-     * @param {string} email The email of the user the link is being sent to.
-     * @param {ActionCodeSettings=} actionCodeSettings The optional action code setings which defines whether
+     * @param email - The email of the user the link is being sent to.
+     * @param actionCodeSettings - The optional action code setings which defines whether
      *     the link is to be handled by a mobile app and the additional state information to be passed in the
      *     deep link, etc. Required when requestType == 'EMAIL_SIGNIN'
-     * @return {Promise<string>} A promise that resolves with the email action link.
+     * @returns A promise that resolves with the email action link.
      */
     AbstractAuthRequestHandler.prototype.getEmailActionLink = function (requestType, email, actionCodeSettings) {
         var request = { requestType: requestType, email: email, returnOobLink: true };
@@ -1333,8 +1377,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Looks up an OIDC provider configuration by provider ID.
      *
-     * @param {string} providerId The provider identifier of the configuration to lookup.
-     * @return {Promise<OIDCConfigServerResponse>} A promise that resolves with the provider configuration information.
+     * @param providerId - The provider identifier of the configuration to lookup.
+     * @returns A promise that resolves with the provider configuration information.
      */
     AbstractAuthRequestHandler.prototype.getOAuthIdpConfig = function (providerId) {
         if (!auth_config_1.OIDCConfig.isProviderId(providerId)) {
@@ -1346,12 +1390,12 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
      * Lists the OIDC configurations (single batch only) with a size of maxResults and starting from
      * the offset as specified by pageToken.
      *
-     * @param {number=} maxResults The page size, 100 if undefined. This is also the maximum
+     * @param maxResults - The page size, 100 if undefined. This is also the maximum
      *     allowed limit.
-     * @param {string=} pageToken The next page token. If not specified, returns OIDC configurations
+     * @param pageToken - The next page token. If not specified, returns OIDC configurations
      *     without any offset. Configurations are returned in the order they were created from oldest to
      *     newest, relative to the page token offset.
-     * @return {Promise<object>} A promise that resolves with the current batch of downloaded
+     * @returns A promise that resolves with the current batch of downloaded
      *     OIDC configurations and the next page token if available. For the last page, an empty list of provider
      *     configuration and no page token are returned.
      */
@@ -1376,8 +1420,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Deletes an OIDC configuration identified by a providerId.
      *
-     * @param {string} providerId The identifier of the OIDC configuration to delete.
-     * @return {Promise<void>} A promise that resolves when the OIDC provider is deleted.
+     * @param providerId - The identifier of the OIDC configuration to delete.
+     * @returns A promise that resolves when the OIDC provider is deleted.
      */
     AbstractAuthRequestHandler.prototype.deleteOAuthIdpConfig = function (providerId) {
         if (!auth_config_1.OIDCConfig.isProviderId(providerId)) {
@@ -1391,8 +1435,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Creates a new OIDC provider configuration with the properties provided.
      *
-     * @param {AuthProviderConfig} options The properties to set on the new OIDC provider configuration to be created.
-     * @return {Promise<OIDCConfigServerResponse>} A promise that resolves with the newly created OIDC
+     * @param options - The properties to set on the new OIDC provider configuration to be created.
+     * @returns A promise that resolves with the newly created OIDC
      *     configuration.
      */
     AbstractAuthRequestHandler.prototype.createOAuthIdpConfig = function (options) {
@@ -1416,9 +1460,9 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Updates an existing OIDC provider configuration with the properties provided.
      *
-     * @param {string} providerId The provider identifier of the OIDC configuration to update.
-     * @param {OIDCUpdateAuthProviderRequest} options The properties to update on the existing configuration.
-     * @return {Promise<OIDCConfigServerResponse>} A promise that resolves with the modified provider
+     * @param providerId - The provider identifier of the OIDC configuration to update.
+     * @param options - The properties to update on the existing configuration.
+     * @returns A promise that resolves with the modified provider
      *     configuration.
      */
     AbstractAuthRequestHandler.prototype.updateOAuthIdpConfig = function (providerId, options) {
@@ -1445,8 +1489,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Looks up an SAML provider configuration by provider ID.
      *
-     * @param {string} providerId The provider identifier of the configuration to lookup.
-     * @return {Promise<SAMLConfigServerResponse>} A promise that resolves with the provider configuration information.
+     * @param providerId - The provider identifier of the configuration to lookup.
+     * @returns A promise that resolves with the provider configuration information.
      */
     AbstractAuthRequestHandler.prototype.getInboundSamlConfig = function (providerId) {
         if (!auth_config_1.SAMLConfig.isProviderId(providerId)) {
@@ -1458,12 +1502,12 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
      * Lists the SAML configurations (single batch only) with a size of maxResults and starting from
      * the offset as specified by pageToken.
      *
-     * @param {number=} maxResults The page size, 100 if undefined. This is also the maximum
+     * @param maxResults - The page size, 100 if undefined. This is also the maximum
      *     allowed limit.
-     * @param {string=} pageToken The next page token. If not specified, returns SAML configurations starting
+     * @param pageToken - The next page token. If not specified, returns SAML configurations starting
      *     without any offset. Configurations are returned in the order they were created from oldest to
      *     newest, relative to the page token offset.
-     * @return {Promise<object>} A promise that resolves with the current batch of downloaded
+     * @returns A promise that resolves with the current batch of downloaded
      *     SAML configurations and the next page token if available. For the last page, an empty list of provider
      *     configuration and no page token are returned.
      */
@@ -1488,8 +1532,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Deletes a SAML configuration identified by a providerId.
      *
-     * @param {string} providerId The identifier of the SAML configuration to delete.
-     * @return {Promise<void>} A promise that resolves when the SAML provider is deleted.
+     * @param providerId - The identifier of the SAML configuration to delete.
+     * @returns A promise that resolves when the SAML provider is deleted.
      */
     AbstractAuthRequestHandler.prototype.deleteInboundSamlConfig = function (providerId) {
         if (!auth_config_1.SAMLConfig.isProviderId(providerId)) {
@@ -1503,8 +1547,8 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Creates a new SAML provider configuration with the properties provided.
      *
-     * @param {AuthProviderConfig} options The properties to set on the new SAML provider configuration to be created.
-     * @return {Promise<SAMLConfigServerResponse>} A promise that resolves with the newly created SAML
+     * @param options - The properties to set on the new SAML provider configuration to be created.
+     * @returns A promise that resolves with the newly created SAML
      *     configuration.
      */
     AbstractAuthRequestHandler.prototype.createInboundSamlConfig = function (options) {
@@ -1528,9 +1572,9 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Updates an existing SAML provider configuration with the properties provided.
      *
-     * @param {string} providerId The provider identifier of the SAML configuration to update.
-     * @param {SAMLUpdateAuthProviderRequest} options The properties to update on the existing configuration.
-     * @return {Promise<SAMLConfigServerResponse>} A promise that resolves with the modified provider
+     * @param providerId - The provider identifier of the SAML configuration to update.
+     * @param options - The properties to update on the existing configuration.
+     * @returns A promise that resolves with the modified provider
      *     configuration.
      */
     AbstractAuthRequestHandler.prototype.updateInboundSamlConfig = function (providerId, options) {
@@ -1557,19 +1601,21 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
     /**
      * Invokes the request handler based on the API settings object passed.
      *
-     * @param {AuthResourceUrlBuilder} urlBuilder The URL builder for Auth endpoints.
-     * @param {ApiSettings} apiSettings The API endpoint settings to apply to request and response.
-     * @param {object} requestData The request data.
-     * @param {object=} additionalResourceParams Additional resource related params if needed.
-     * @return {Promise<object>} A promise that resolves with the response.
+     * @param urlBuilder - The URL builder for Auth endpoints.
+     * @param apiSettings - The API endpoint settings to apply to request and response.
+     * @param requestData - The request data.
+     * @param additionalResourceParams - Additional resource related params if needed.
+     * @returns A promise that resolves with the response.
      */
     AbstractAuthRequestHandler.prototype.invokeRequestHandler = function (urlBuilder, apiSettings, requestData, additionalResourceParams) {
         var _this = this;
         return urlBuilder.getUrl(apiSettings.getEndpoint(), additionalResourceParams)
             .then(function (url) {
             // Validate request.
-            var requestValidator = apiSettings.getRequestValidator();
-            requestValidator(requestData);
+            if (requestData) {
+                var requestValidator = apiSettings.getRequestValidator();
+                requestValidator(requestData);
+            }
             // Process request.
             var req = {
                 method: apiSettings.getHttpMethod(),
@@ -1602,7 +1648,7 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
         });
     };
     /**
-     * @return {AuthResourceUrlBuilder} The current Auth user management resource URL builder.
+     * @returns The current Auth user management resource URL builder.
      */
     AbstractAuthRequestHandler.prototype.getAuthUrlBuilder = function () {
         if (!this.authUrlBuilder) {
@@ -1611,7 +1657,7 @@ var AbstractAuthRequestHandler = /** @class */ (function () {
         return this.authUrlBuilder;
     };
     /**
-     * @return {AuthResourceUrlBuilder} The current project config resource URL builder.
+     * @returns The current project config resource URL builder.
      */
     AbstractAuthRequestHandler.prototype.getProjectConfigUrlBuilder = function () {
         if (!this.projectConfigUrlBuilder) {
@@ -1680,7 +1726,7 @@ var AuthRequestHandler = /** @class */ (function (_super) {
     /**
      * The FirebaseAuthRequestHandler constructor used to initialize an instance using a FirebaseApp.
      *
-     * @param {FirebaseApp} app The app used to fetch access tokens to sign API requests.
+     * @param app - The app used to fetch access tokens to sign API requests.
      * @constructor.
      */
     function AuthRequestHandler(app) {
@@ -1689,13 +1735,13 @@ var AuthRequestHandler = /** @class */ (function (_super) {
         return _this;
     }
     /**
-     * @return {AuthResourceUrlBuilder} A new Auth user management resource URL builder instance.
+     * @returns A new Auth user management resource URL builder instance.
      */
     AuthRequestHandler.prototype.newAuthUrlBuilder = function () {
         return new AuthResourceUrlBuilder(this.app, 'v1');
     };
     /**
-     * @return {AuthResourceUrlBuilder} A new project config resource URL builder instance.
+     * @returns A new project config resource URL builder instance.
      */
     AuthRequestHandler.prototype.newProjectConfigUrlBuilder = function () {
         return new AuthResourceUrlBuilder(this.app, 'v2');
@@ -1703,8 +1749,8 @@ var AuthRequestHandler = /** @class */ (function (_super) {
     /**
      * Looks up a tenant by tenant ID.
      *
-     * @param {string} tenantId The tenant identifier of the tenant to lookup.
-     * @return {Promise<TenantServerResponse>} A promise that resolves with the tenant information.
+     * @param tenantId - The tenant identifier of the tenant to lookup.
+     * @returns A promise that resolves with the tenant information.
      */
     AuthRequestHandler.prototype.getTenant = function (tenantId) {
         if (!validator.isNonEmptyString(tenantId)) {
@@ -1719,12 +1765,12 @@ var AuthRequestHandler = /** @class */ (function (_super) {
      * Exports the tenants (single batch only) with a size of maxResults and starting from
      * the offset as specified by pageToken.
      *
-     * @param {number=} maxResults The page size, 1000 if undefined. This is also the maximum
+     * @param maxResults - The page size, 1000 if undefined. This is also the maximum
      *     allowed limit.
-     * @param {string=} pageToken The next page token. If not specified, returns tenants starting
+     * @param pageToken - The next page token. If not specified, returns tenants starting
      *     without any offset. Tenants are returned in the order they were created from oldest to
      *     newest, relative to the page token offset.
-     * @return {Promise<object>} A promise that resolves with the current batch of downloaded
+     * @returns A promise that resolves with the current batch of downloaded
      *     tenants and the next page token if available. For the last page, an empty list of tenants
      *     and no page token are returned.
      */
@@ -1750,14 +1796,14 @@ var AuthRequestHandler = /** @class */ (function (_super) {
     /**
      * Deletes a tenant identified by a tenantId.
      *
-     * @param {string} tenantId The identifier of the tenant to delete.
-     * @return {Promise<void>} A promise that resolves when the tenant is deleted.
+     * @param tenantId - The identifier of the tenant to delete.
+     * @returns A promise that resolves when the tenant is deleted.
      */
     AuthRequestHandler.prototype.deleteTenant = function (tenantId) {
         if (!validator.isNonEmptyString(tenantId)) {
             return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_TENANT_ID));
         }
-        return this.invokeRequestHandler(this.tenantMgmtResourceBuilder, DELETE_TENANT, {}, { tenantId: tenantId })
+        return this.invokeRequestHandler(this.tenantMgmtResourceBuilder, DELETE_TENANT, undefined, { tenantId: tenantId })
             .then(function () {
             // Return nothing.
         });
@@ -1765,8 +1811,8 @@ var AuthRequestHandler = /** @class */ (function (_super) {
     /**
      * Creates a new tenant with the properties provided.
      *
-     * @param {TenantOptions} tenantOptions The properties to set on the new tenant to be created.
-     * @return {Promise<TenantServerResponse>} A promise that resolves with the newly created tenant object.
+     * @param tenantOptions - The properties to set on the new tenant to be created.
+     * @returns A promise that resolves with the newly created tenant object.
      */
     AuthRequestHandler.prototype.createTenant = function (tenantOptions) {
         try {
@@ -1784,9 +1830,9 @@ var AuthRequestHandler = /** @class */ (function (_super) {
     /**
      * Updates an existing tenant with the properties provided.
      *
-     * @param {string} tenantId The tenant identifier of the tenant to update.
-     * @param {TenantOptions} tenantOptions The properties to update on the existing tenant.
-     * @return {Promise<TenantServerResponse>} A promise that resolves with the modified tenant object.
+     * @param tenantId - The tenant identifier of the tenant to update.
+     * @param tenantOptions - The properties to update on the existing tenant.
+     * @returns A promise that resolves with the modified tenant object.
      */
     AuthRequestHandler.prototype.updateTenant = function (tenantId, tenantOptions) {
         if (!validator.isNonEmptyString(tenantId)) {
@@ -1821,8 +1867,8 @@ var TenantAwareAuthRequestHandler = /** @class */ (function (_super) {
      * The FirebaseTenantRequestHandler constructor used to initialize an instance using a
      * FirebaseApp and a tenant ID.
      *
-     * @param {FirebaseApp} app The app used to fetch access tokens to sign API requests.
-     * @param {string} tenantId The request handler's tenant ID.
+     * @param app - The app used to fetch access tokens to sign API requests.
+     * @param tenantId - The request handler's tenant ID.
      * @constructor
      */
     function TenantAwareAuthRequestHandler(app, tenantId) {
@@ -1831,13 +1877,13 @@ var TenantAwareAuthRequestHandler = /** @class */ (function (_super) {
         return _this;
     }
     /**
-     * @return {AuthResourceUrlBuilder} A new Auth user management resource URL builder instance.
+     * @returns A new Auth user management resource URL builder instance.
      */
     TenantAwareAuthRequestHandler.prototype.newAuthUrlBuilder = function () {
         return new TenantAwareAuthResourceUrlBuilder(this.app, 'v1', this.tenantId);
     };
     /**
-     * @return {AuthResourceUrlBuilder} A new project config resource URL builder instance.
+     * @returns A new project config resource URL builder instance.
      */
     TenantAwareAuthRequestHandler.prototype.newProjectConfigUrlBuilder = function () {
         return new TenantAwareAuthResourceUrlBuilder(this.app, 'v2', this.tenantId);
@@ -1851,10 +1897,10 @@ var TenantAwareAuthRequestHandler = /** @class */ (function (_super) {
      * Overrides the superclass methods by adding an additional check to match tenant IDs of
      * imported user records if present.
      *
-     * @param {UserImportRecord[]} users The list of user records to import to Firebase Auth.
-     * @param {UserImportOptions=} options The user import options, required when the users provided
+     * @param users - The list of user records to import to Firebase Auth.
+     * @param options - The user import options, required when the users provided
      *     include password credentials.
-     * @return {Promise<UserImportResult>} A promise that resolves when the operation completes
+     * @returns A promise that resolves when the operation completes
      *     with the result of the import. This includes the number of successful imports, the number
      *     of failed uploads and their corresponding errors.
      */
@@ -1878,10 +1924,6 @@ function emulatorHost() {
 /**
  * When true the SDK should communicate with the Auth Emulator for all API
  * calls and also produce unsigned tokens.
- *
- * This alone does <b>NOT<b> short-circuit ID Token verification.
- * For security reasons that must be explicitly disabled through
- * setJwtVerificationEnabled(false);
  */
 function useEmulator() {
     return !!emulatorHost();