firebase-admin 9.3.0 → 9.5.0

package/lib/{credential/credential-interfaces.js → auth/index.js}

@@ -1,4 +1,4 @@
-/*! firebase-admin v9.3.0 */
+/*! firebase-admin v9.5.0 */
 "use strict";
 /*!
  * Copyright 2020 Google Inc.

package/lib/auth/tenant-manager.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v9.3.0 */
+/*! firebase-admin v9.5.0 */
 "use strict";
 /*!
  * Copyright 2019 Google Inc.

package/lib/auth/tenant.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v9.3.0 */
+/*! firebase-admin v9.5.0 */
 "use strict";
 /*!
  * Copyright 2019 Google Inc.
@@ -47,6 +47,7 @@ var Tenant = /** @class */ (function () {
                 allowPasswordSignup: false,
             });
         }
+        this.anonymousSignInEnabled = !!response.enableAnonymousUser;
         if (typeof response.mfaConfig !== 'undefined') {
             this.multiFactorConfig = new auth_config_1.MultiFactorAuthConfig(response.mfaConfig);
         }
@@ -71,6 +72,9 @@ var Tenant = /** @class */ (function () {
         if (typeof tenantOptions.displayName !== 'undefined') {
             request.displayName = tenantOptions.displayName;
         }
+        if (typeof tenantOptions.anonymousSignInEnabled !== 'undefined') {
+            request.enableAnonymousUser = tenantOptions.anonymousSignInEnabled;
+        }
         if (typeof tenantOptions.multiFactorConfig !== 'undefined') {
             request.mfaConfig = auth_config_1.MultiFactorAuthConfig.buildServerRequest(tenantOptions.multiFactorConfig);
         }
@@ -104,6 +108,7 @@ var Tenant = /** @class */ (function () {
         var validKeys = {
             displayName: true,
             emailSignInConfig: true,
+            anonymousSignInEnabled: true,
             multiFactorConfig: true,
             testPhoneNumbers: true,
         };
@@ -149,6 +154,7 @@ var Tenant = /** @class */ (function () {
             tenantId: this.tenantId,
             displayName: this.displayName,
             emailSignInConfig: (_a = this.emailSignInConfig) === null || _a === void 0 ? void 0 : _a.toJSON(),
+            anonymousSignInEnabled: this.anonymousSignInEnabled,
             multiFactorConfig: (_b = this.multiFactorConfig) === null || _b === void 0 ? void 0 : _b.toJSON(),
             testPhoneNumbers: this.testPhoneNumbers,
         };

package/lib/auth/token-generator.js

@@ -1,6 +1,7 @@
-/*! firebase-admin v9.3.0 */
+/*! firebase-admin v9.5.0 */
 "use strict";
 /*!
+ * @license
  * Copyright 2017 Google Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -142,8 +143,8 @@ var IAMSigner = /** @class */ (function () {
             _this.serviceAccountId = response.text;
             return response.text;
         }).catch(function (err) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CREDENTIAL, "Failed to determine service account. Make sure to initialize " +
-                "the SDK with a service account credential. Alternatively specify a service " +
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CREDENTIAL, 'Failed to determine service account. Make sure to initialize ' +
+                'the SDK with a service account credential. Alternatively specify a service ' +
                 ("account with iam.serviceAccounts.signBlob permission. Original error: " + err));
         });
     };
@@ -161,7 +162,8 @@ var EmulatedSigner = /** @class */ (function () {
     /**
      * @inheritDoc
      */
-    EmulatedSigner.prototype.sign = function (_) {
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    EmulatedSigner.prototype.sign = function (buffer) {
         return Promise.resolve(Buffer.from(''));
     };
     /**

package/lib/auth/token-verifier.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v9.3.0 */
+/*! firebase-admin v9.5.0 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.
@@ -57,31 +57,31 @@ var FirebaseTokenVerifier = /** @class */ (function () {
         this.tokenInfo = tokenInfo;
         this.app = app;
         if (!validator.isURL(clientCertUrl)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "The provided public client certificate URL is an invalid URL.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The provided public client certificate URL is an invalid URL.');
         }
         else if (!validator.isNonEmptyString(algorithm)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "The provided JWT algorithm is an empty string.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The provided JWT algorithm is an empty string.');
         }
         else if (!validator.isURL(issuer)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "The provided JWT issuer is an invalid URL.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The provided JWT issuer is an invalid URL.');
         }
         else if (!validator.isNonNullObject(tokenInfo)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "The provided JWT information is not an object or null.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The provided JWT information is not an object or null.');
         }
         else if (!validator.isURL(tokenInfo.url)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "The provided JWT verification documentation URL is invalid.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The provided JWT verification documentation URL is invalid.');
         }
         else if (!validator.isNonEmptyString(tokenInfo.verifyApiName)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "The JWT verify API name must be a non-empty string.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The JWT verify API name must be a non-empty string.');
         }
         else if (!validator.isNonEmptyString(tokenInfo.jwtName)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "The JWT public full name must be a non-empty string.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The JWT public full name must be a non-empty string.');
         }
         else if (!validator.isNonEmptyString(tokenInfo.shortName)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "The JWT public short name must be a non-empty string.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The JWT public short name must be a non-empty string.');
         }
         else if (!validator.isNonNullObject(tokenInfo.expiredErrorCode) || !('code' in tokenInfo.expiredErrorCode)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "The JWT expiration error code must be a non-null ErrorInfo object.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The JWT expiration error code must be a non-null ErrorInfo object.');
         }
         this.shortNameArticle = tokenInfo.shortName.charAt(0).match(/[aeiou]/i) ? 'an' : 'a';
         // For backward compatibility, the project ID is validated in the verification call.
@@ -90,30 +90,25 @@ var FirebaseTokenVerifier = /** @class */ (function () {
      * Verifies the format and signature of a Firebase Auth JWT token.
      *
      * @param {string} jwtToken The Firebase Auth JWT token to verify.
+     * @param {boolean=} isEmulator Whether to accept Auth Emulator tokens.
      * @return {Promise<DecodedIdToken>} A promise fulfilled with the decoded claims of the Firebase Auth ID
      *                           token.
      */
-    FirebaseTokenVerifier.prototype.verifyJWT = function (jwtToken) {
+    FirebaseTokenVerifier.prototype.verifyJWT = function (jwtToken, isEmulator) {
         var _this = this;
+        if (isEmulator === void 0) { isEmulator = false; }
         if (!validator.isString(jwtToken)) {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "First argument to " + this.tokenInfo.verifyApiName + " must be a " + this.tokenInfo.jwtName + " string.");
         }
         return util.findProjectId(this.app)
             .then(function (projectId) {
-            return _this.verifyJWTWithProjectId(jwtToken, projectId);
+            return _this.verifyJWTWithProjectId(jwtToken, projectId, isEmulator);
         });
     };
-    /**
-     * Override the JWT signing algorithm.
-     * @param algorithm the new signing algorithm.
-     */
-    FirebaseTokenVerifier.prototype.setAlgorithm = function (algorithm) {
-        this.algorithm = algorithm;
-    };
-    FirebaseTokenVerifier.prototype.verifyJWTWithProjectId = function (jwtToken, projectId) {
+    FirebaseTokenVerifier.prototype.verifyJWTWithProjectId = function (jwtToken, projectId, isEmulator) {
         var _this = this;
         if (!validator.isNonEmptyString(projectId)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CREDENTIAL, "Must initialize app with a cert credential or set your Firebase project ID as the " +
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CREDENTIAL, 'Must initialize app with a cert credential or set your Firebase project ID as the ' +
                 ("GOOGLE_CLOUD_PROJECT environment variable to call " + this.tokenInfo.verifyApiName + "."));
         }
         var fullDecodedToken = jwt.decode(jwtToken, {
@@ -122,7 +117,7 @@ var FirebaseTokenVerifier = /** @class */ (function () {
         var header = fullDecodedToken && fullDecodedToken.header;
         var payload = fullDecodedToken && fullDecodedToken.payload;
         var projectIdMatchMessage = " Make sure the " + this.tokenInfo.shortName + " comes from the same " +
-            "Firebase project as the service account used to authenticate this SDK.";
+            'Firebase project as the service account used to authenticate this SDK.';
         var verifyJwtTokenDocsMessage = " See " + this.tokenInfo.url + " " +
             ("for details on how to retrieve " + this.shortNameArticle + " " + this.tokenInfo.shortName + ".");
         var errorMessage;
@@ -130,7 +125,7 @@ var FirebaseTokenVerifier = /** @class */ (function () {
             errorMessage = "Decoding " + this.tokenInfo.jwtName + " failed. Make sure you passed the entire string JWT " +
                 ("which represents " + this.shortNameArticle + " " + this.tokenInfo.shortName + ".") + verifyJwtTokenDocsMessage;
         }
-        else if (typeof header.kid === 'undefined' && this.algorithm !== 'none') {
+        else if (!isEmulator && typeof header.kid === 'undefined') {
             var isCustomToken = (payload.aud === FIREBASE_AUDIENCE);
             var isLegacyCustomToken = (header.alg === 'HS256' && payload.v === 0 && 'd' in payload && 'uid' in payload.d);
             if (isCustomToken) {
@@ -146,19 +141,19 @@ var FirebaseTokenVerifier = /** @class */ (function () {
             }
             errorMessage += verifyJwtTokenDocsMessage;
         }
-        else if (header.alg !== this.algorithm) {
-            errorMessage = this.tokenInfo.jwtName + " has incorrect algorithm. Expected \"" + this.algorithm + "\" but got " +
-                "\"" + header.alg + "\"." + verifyJwtTokenDocsMessage;
+        else if (!isEmulator && header.alg !== this.algorithm) {
+            errorMessage = this.tokenInfo.jwtName + " has incorrect algorithm. Expected \"" + this.algorithm + '" but got ' +
+                '"' + header.alg + '".' + verifyJwtTokenDocsMessage;
         }
         else if (payload.aud !== projectId) {
             errorMessage = this.tokenInfo.jwtName + " has incorrect \"aud\" (audience) claim. Expected \"" +
-                projectId + "\" but got \"" + payload.aud + "\"." + projectIdMatchMessage +
+                projectId + '" but got "' + payload.aud + '".' + projectIdMatchMessage +
                 verifyJwtTokenDocsMessage;
         }
         else if (payload.iss !== this.issuer + projectId) {
             errorMessage = this.tokenInfo.jwtName + " has incorrect \"iss\" (issuer) claim. Expected " +
-                ("\"" + this.issuer + "\"") + projectId + "\" but got \"" +
-                payload.iss + "\"." + projectIdMatchMessage + verifyJwtTokenDocsMessage;
+                ("\"" + this.issuer) + projectId + '" but got "' +
+                payload.iss + '".' + projectIdMatchMessage + verifyJwtTokenDocsMessage;
         }
         else if (typeof payload.sub !== 'string') {
             errorMessage = this.tokenInfo.jwtName + " has no \"sub\" (subject) claim." + verifyJwtTokenDocsMessage;
@@ -173,16 +168,15 @@ var FirebaseTokenVerifier = /** @class */ (function () {
         if (errorMessage) {
             return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage));
         }
-        // When the algorithm is set to 'none' there will be no signature and therefore we don't check
-        // the public keys.
-        if (this.algorithm === 'none') {
+        if (isEmulator) {
+            // Signature checks skipped for emulator; no need to fetch public keys.
             return this.verifyJwtSignatureWithKey(jwtToken, null);
         }
         return this.fetchPublicKeys().then(function (publicKeys) {
             if (!Object.prototype.hasOwnProperty.call(publicKeys, header.kid)) {
                 return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, _this.tokenInfo.jwtName + " has \"kid\" claim which does not correspond to a known public key. " +
                     ("Most likely the " + _this.tokenInfo.shortName + " is expired, so get a fresh token from your ") +
-                    "client app and try again."));
+                    'client app and try again.'));
             }
             else {
                 return _this.verifyJwtSignatureWithKey(jwtToken, publicKeys[header.kid]);
@@ -201,9 +195,11 @@ var FirebaseTokenVerifier = /** @class */ (function () {
         var verifyJwtTokenDocsMessage = " See " + this.tokenInfo.url + " " +
             ("for details on how to retrieve " + this.shortNameArticle + " " + this.tokenInfo.shortName + ".");
         return new Promise(function (resolve, reject) {
-            jwt.verify(jwtToken, publicKey || "", {
-                algorithms: [_this.algorithm],
-            }, function (error, decodedToken) {
+            var verifyOptions = {};
+            if (publicKey !== null) {
+                verifyOptions.algorithms = [_this.algorithm];
+            }
+            jwt.verify(jwtToken, publicKey || '', verifyOptions, function (error, decodedToken) {
                 if (error) {
                     if (error.name === 'TokenExpiredError') {
                         var errorMessage = _this.tokenInfo.jwtName + " has expired. Get a fresh " + _this.tokenInfo.shortName +

package/lib/auth/user-import-builder.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v9.3.0 */
+/*! firebase-admin v9.5.0 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.
@@ -35,11 +35,11 @@ function convertMultiFactorInfoToServerFormat(multiFactorInfo) {
         }
         else {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ENROLLMENT_TIME, "The second factor \"enrollmentTime\" for \"" + multiFactorInfo.uid + "\" must be a valid " +
-                "UTC date string.");
+                'UTC date string.');
         }
     }
     // Currently only phone second factors are supported.
-    if (multiFactorInfo.factorId === 'phone') {
+    if (isPhoneFactor(multiFactorInfo)) {
         // If any required field is missing or invalid, validation will still fail later.
         var authFactorInfo = {
             mfaEnrollmentId: multiFactorInfo.uid,
@@ -61,6 +61,9 @@ function convertMultiFactorInfoToServerFormat(multiFactorInfo) {
     }
 }
 exports.convertMultiFactorInfoToServerFormat = convertMultiFactorInfoToServerFormat;
+function isPhoneFactor(multiFactorInfo) {
+    return multiFactorInfo.factorId === 'phone';
+}
 /**
  * @param {any} obj The object to check for number field within.
  * @param {string} key The entry key.
@@ -227,11 +230,11 @@ var UserImportBuilder = /** @class */ (function () {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"UserImportOptions" are required when importing users with passwords.');
         }
         if (!validator.isNonNullObject(options.hash)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISSING_HASH_ALGORITHM, "\"hash.algorithm\" is missing from the provided \"UserImportOptions\".");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISSING_HASH_ALGORITHM, '"hash.algorithm" is missing from the provided "UserImportOptions".');
         }
         if (typeof options.hash.algorithm === 'undefined' ||
             !validator.isNonEmptyString(options.hash.algorithm)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ALGORITHM, "\"hash.algorithm\" must be a string matching the list of supported algorithms.");
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ALGORITHM, '"hash.algorithm" must be a string matching the list of supported algorithms.');
         }
         var rounds;
         switch (options.hash.algorithm) {
@@ -240,7 +243,7 @@ var UserImportBuilder = /** @class */ (function () {
             case 'HMAC_SHA1':
             case 'HMAC_MD5':
                 if (!validator.isBuffer(options.hash.key)) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_KEY, "A non-empty \"hash.key\" byte buffer must be provided for " +
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_KEY, 'A non-empty "hash.key" byte buffer must be provided for ' +
                         ("hash algorithm " + options.hash.algorithm + "."));
                 }
                 populatedOptions = {
@@ -269,7 +272,7 @@ var UserImportBuilder = /** @class */ (function () {
             case 'PBKDF2_SHA256':
                 rounds = getNumberField(options.hash, 'rounds');
                 if (isNaN(rounds) || rounds < 0 || rounds > 120000) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ROUNDS, "A valid \"hash.rounds\" number between 0 and 120000 must be provided for " +
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ROUNDS, 'A valid "hash.rounds" number between 0 and 120000 must be provided for ' +
                         ("hash algorithm " + options.hash.algorithm + "."));
                 }
                 populatedOptions = {
@@ -279,22 +282,22 @@ var UserImportBuilder = /** @class */ (function () {
                 break;
             case 'SCRYPT': {
                 if (!validator.isBuffer(options.hash.key)) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_KEY, "A \"hash.key\" byte buffer must be provided for " +
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_KEY, 'A "hash.key" byte buffer must be provided for ' +
                         ("hash algorithm " + options.hash.algorithm + "."));
                 }
                 rounds = getNumberField(options.hash, 'rounds');
                 if (isNaN(rounds) || rounds <= 0 || rounds > 8) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ROUNDS, "A valid \"hash.rounds\" number between 1 and 8 must be provided for " +
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ROUNDS, 'A valid "hash.rounds" number between 1 and 8 must be provided for ' +
                         ("hash algorithm " + options.hash.algorithm + "."));
                 }
                 var memoryCost = getNumberField(options.hash, 'memoryCost');
                 if (isNaN(memoryCost) || memoryCost <= 0 || memoryCost > 14) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_MEMORY_COST, "A valid \"hash.memoryCost\" number between 1 and 14 must be provided for " +
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_MEMORY_COST, 'A valid "hash.memoryCost" number between 1 and 14 must be provided for ' +
                         ("hash algorithm " + options.hash.algorithm + "."));
                 }
                 if (typeof options.hash.saltSeparator !== 'undefined' &&
                     !validator.isBuffer(options.hash.saltSeparator)) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_SALT_SEPARATOR, "\"hash.saltSeparator\" must be a byte buffer.");
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_SALT_SEPARATOR, '"hash.saltSeparator" must be a byte buffer.');
                 }
                 populatedOptions = {
                     hashAlgorithm: options.hash.algorithm,
@@ -313,22 +316,22 @@ var UserImportBuilder = /** @class */ (function () {
             case 'STANDARD_SCRYPT': {
                 var cpuMemCost = getNumberField(options.hash, 'memoryCost');
                 if (isNaN(cpuMemCost)) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_MEMORY_COST, "A valid \"hash.memoryCost\" number must be provided for " +
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_MEMORY_COST, 'A valid "hash.memoryCost" number must be provided for ' +
                         ("hash algorithm " + options.hash.algorithm + "."));
                 }
                 var parallelization = getNumberField(options.hash, 'parallelization');
                 if (isNaN(parallelization)) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_PARALLELIZATION, "A valid \"hash.parallelization\" number must be provided for " +
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_PARALLELIZATION, 'A valid "hash.parallelization" number must be provided for ' +
                         ("hash algorithm " + options.hash.algorithm + "."));
                 }
                 var blockSize = getNumberField(options.hash, 'blockSize');
                 if (isNaN(blockSize)) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_BLOCK_SIZE, "A valid \"hash.blockSize\" number must be provided for " +
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_BLOCK_SIZE, 'A valid "hash.blockSize" number must be provided for ' +
                         ("hash algorithm " + options.hash.algorithm + "."));
                 }
                 var dkLen = getNumberField(options.hash, 'derivedKeyLength');
                 if (isNaN(dkLen)) {
-                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_DERIVED_KEY_LENGTH, "A valid \"hash.derivedKeyLength\" number must be provided for " +
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_DERIVED_KEY_LENGTH, 'A valid "hash.derivedKeyLength" number must be provided for ' +
                         ("hash algorithm " + options.hash.algorithm + "."));
                 }
                 populatedOptions = {

package/lib/auth/user-record.js

@@ -1,6 +1,7 @@
-/*! firebase-admin v9.3.0 */
+/*! firebase-admin v9.5.0 */
 "use strict";
 /*!
+ * @license
  * Copyright 2017 Google Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -29,7 +30,7 @@ var __extends = (this && this.__extends) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.UserRecord = exports.UserInfo = exports.UserMetadata = exports.MultiFactor = exports.PhoneMultiFactorInfo = exports.MultiFactorInfo = exports.MultiFactorId = void 0;
+exports.UserRecord = exports.UserInfo = exports.UserMetadata = exports.MultiFactor = exports.PhoneMultiFactorInfo = exports.MultiFactorInfo = void 0;
 var deep_copy_1 = require("../utils/deep-copy");
 var validator_1 = require("../utils/validator");
 var utils = require("../utils");
@@ -56,11 +57,10 @@ function parseDate(time) {
     }
     return null;
 }
-/** Enums for multi-factor identifiers. */
 var MultiFactorId;
 (function (MultiFactorId) {
     MultiFactorId["Phone"] = "phone";
-})(MultiFactorId = exports.MultiFactorId || (exports.MultiFactorId = {}));
+})(MultiFactorId || (MultiFactorId = {}));
 /**
  * Abstract class representing a multi-factor info interface.
  */

package/lib/credential/credential-internal.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v9.3.0 */
+/*! firebase-admin v9.5.0 */
 "use strict";
 /*!
  * Copyright 2020 Google Inc.
@@ -17,7 +17,6 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getApplicationDefault = exports.isApplicationDefault = exports.RefreshTokenCredential = exports.ComputeEngineCredential = exports.ServiceAccountCredential = void 0;
-// Use untyped import syntax for Node built-ins
 var fs = require("fs");
 var os = require("os");
 var path = require("path");

package/lib/credential/credential.js

@@ -1,6 +1,7 @@
-/*! firebase-admin v9.3.0 */
+/*! firebase-admin v9.5.0 */
 "use strict";
 /*!
+ * @license
  * Copyright 2017 Google Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,138 +22,23 @@ var credential_internal_1 = require("./credential-internal");
 var globalAppDefaultCred;
 var globalCertCreds = {};
 var globalRefreshTokenCreds = {};
-/**
- * Returns a credential created from the
- * {@link
- *    https://developers.google.com/identity/protocols/application-default-credentials
- *    Google Application Default Credentials}
- * that grants admin access to Firebase services. This credential can be used
- * in the call to
- * {@link
- *   https://firebase.google.com/docs/reference/admin/node/admin#.initializeApp
- *  `admin.initializeApp()`}.
- *
- * Google Application Default Credentials are available on any Google
- * infrastructure, such as Google App Engine and Google Compute Engine.
- *
- * See
- * {@link
- *   https://firebase.google.com/docs/admin/setup#initialize_the_sdk
- *   Initialize the SDK}
- * for more details.
- *
- * @example
- * ```javascript
- * admin.initializeApp({
- *   credential: admin.credential.applicationDefault(),
- *   databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
- * });
- * ```
- *
- * @param {!Object=} httpAgent Optional [HTTP Agent](https://nodejs.org/api/http.html#http_class_http_agent)
- *   to be used when retrieving access tokens from Google token servers.
- *
- * @return {!admin.credential.Credential} A credential authenticated via Google
- *   Application Default Credentials that can be used to initialize an app.
- */
-function applicationDefault(httpAgent) {
+exports.applicationDefault = function (httpAgent) {
     if (typeof globalAppDefaultCred === 'undefined') {
         globalAppDefaultCred = credential_internal_1.getApplicationDefault(httpAgent);
     }
     return globalAppDefaultCred;
-}
-exports.applicationDefault = applicationDefault;
-/**
- * Returns a credential created from the provided service account that grants
- * admin access to Firebase services. This credential can be used in the call
- * to
- * {@link
- *   https://firebase.google.com/docs/reference/admin/node/admin#.initializeApp
- *   `admin.initializeApp()`}.
- *
- * See
- * {@link
- *   https://firebase.google.com/docs/admin/setup#initialize_the_sdk
- *   Initialize the SDK}
- * for more details.
- *
- * @example
- * ```javascript
- * // Providing a path to a service account key JSON file
- * var serviceAccount = require("path/to/serviceAccountKey.json");
- * admin.initializeApp({
- *   credential: admin.credential.cert(serviceAccount),
- *   databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
- * });
- * ```
- *
- * @example
- * ```javascript
- * // Providing a service account object inline
- * admin.initializeApp({
- *   credential: admin.credential.cert({
- *     projectId: "<PROJECT_ID>",
- *     clientEmail: "foo@<PROJECT_ID>.iam.gserviceaccount.com",
- *     privateKey: "-----BEGIN PRIVATE KEY-----<KEY>-----END PRIVATE KEY-----\n"
- *   }),
- *   databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
- * });
- * ```
- *
- * @param serviceAccountPathOrObject The path to a service
- *   account key JSON file or an object representing a service account key.
- * @param httpAgent Optional [HTTP Agent](https://nodejs.org/api/http.html#http_class_http_agent)
- *   to be used when retrieving access tokens from Google token servers.
- *
- * @return A credential authenticated via the
- *   provided service account that can be used to initialize an app.
- */
-function cert(serviceAccountPathOrObject, httpAgent) {
+};
+exports.cert = function (serviceAccountPathOrObject, httpAgent) {
     var stringifiedServiceAccount = JSON.stringify(serviceAccountPathOrObject);
     if (!(stringifiedServiceAccount in globalCertCreds)) {
         globalCertCreds[stringifiedServiceAccount] = new credential_internal_1.ServiceAccountCredential(serviceAccountPathOrObject, httpAgent);
     }
     return globalCertCreds[stringifiedServiceAccount];
-}
-exports.cert = cert;
-/**
- * Returns a credential created from the provided refresh token that grants
- * admin access to Firebase services. This credential can be used in the call
- * to
- * {@link
- *   https://firebase.google.com/docs/reference/admin/node/admin#.initializeApp
- *   `admin.initializeApp()`}.
- *
- * See
- * {@link
- *   https://firebase.google.com/docs/admin/setup#initialize_the_sdk
- *   Initialize the SDK}
- * for more details.
- *
- * @example
- * ```javascript
- * // Providing a path to a refresh token JSON file
- * var refreshToken = require("path/to/refreshToken.json");
- * admin.initializeApp({
- *   credential: admin.credential.refreshToken(refreshToken),
- *   databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
- * });
- * ```
- *
- * @param refreshTokenPathOrObject The path to a Google
- *   OAuth2 refresh token JSON file or an object representing a Google OAuth2
- *   refresh token.
- * @param httpAgent Optional [HTTP Agent](https://nodejs.org/api/http.html#http_class_http_agent)
- *   to be used when retrieving access tokens from Google token servers.
- *
- * @return A credential authenticated via the
- *   provided service account that can be used to initialize an app.
- */
-function refreshToken(refreshTokenPathOrObject, httpAgent) {
+};
+exports.refreshToken = function (refreshTokenPathOrObject, httpAgent) {
     var stringifiedRefreshToken = JSON.stringify(refreshTokenPathOrObject);
     if (!(stringifiedRefreshToken in globalRefreshTokenCreds)) {
         globalRefreshTokenCreds[stringifiedRefreshToken] = new credential_internal_1.RefreshTokenCredential(refreshTokenPathOrObject, httpAgent);
     }
     return globalRefreshTokenCreds[stringifiedRefreshToken];
-}
-exports.refreshToken = refreshToken;
+};