firebase-functions 6.5.0 → 7.0.0-rc.0

package/lib/common/providers/identity.js

@@ -1,494 +1,443 @@
-"use strict";
-// The MIT License (MIT)
-//
-// Copyright (c) 2022 Firebase
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in all
-// copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-// SOFTWARE.
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.wrapHandler = exports.getUpdateMask = exports.validateAuthResponse = exports.parseAuthEventContext = exports.generateResponsePayload = exports.parseAuthUserRecord = exports.parseMultiFactor = exports.parseDate = exports.parseProviderData = exports.parseMetadata = exports.isValidRequest = exports.userRecordConstructor = exports.UserRecordMetadata = exports.HttpsError = void 0;
-const auth = require("firebase-admin/auth");
-const logger = require("../../logger");
-const app_1 = require("../app");
-const debug_1 = require("../debug");
-const https_1 = require("./https");
-Object.defineProperty(exports, "HttpsError", { enumerable: true, get: function () { return https_1.HttpsError; } });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.js');
+const require_logger_index = require('../../logger/index.js');
+const require_common_app = require('../app.js');
+const require_common_debug = require('../debug.js');
+const require_common_providers_https = require('./https.js');
+let firebase_admin_auth = require("firebase-admin/auth");
+firebase_admin_auth = require_rolldown_runtime.__toESM(firebase_admin_auth);
+
+//#region src/common/providers/identity.ts
 const DISALLOWED_CUSTOM_CLAIMS = [
-    "acr",
-    "amr",
-    "at_hash",
-    "aud",
-    "auth_time",
-    "azp",
-    "cnf",
-    "c_hash",
-    "exp",
-    "iat",
-    "iss",
-    "jti",
-    "nbf",
-    "nonce",
-    "firebase",
+	"acr",
+	"amr",
+	"at_hash",
+	"aud",
+	"auth_time",
+	"azp",
+	"cnf",
+	"c_hash",
+	"exp",
+	"iat",
+	"iss",
+	"jti",
+	"nbf",
+	"nonce",
+	"firebase"
 ];
-const CLAIMS_MAX_PAYLOAD_SIZE = 1000;
+const CLAIMS_MAX_PAYLOAD_SIZE = 1e3;
 const EVENT_MAPPING = {
-    beforeCreate: "providers/cloud.auth/eventTypes/user.beforeCreate",
-    beforeSignIn: "providers/cloud.auth/eventTypes/user.beforeSignIn",
-    beforeSendEmail: "providers/cloud.auth/eventTypes/user.beforeSendEmail",
-    beforeSendSms: "providers/cloud.auth/eventTypes/user.beforeSendSms",
+	beforeCreate: "providers/cloud.auth/eventTypes/user.beforeCreate",
+	beforeSignIn: "providers/cloud.auth/eventTypes/user.beforeSignIn",
+	beforeSendEmail: "providers/cloud.auth/eventTypes/user.beforeSendEmail",
+	beforeSendSms: "providers/cloud.auth/eventTypes/user.beforeSendSms"
 };
 /**
- * Helper class to create the user metadata in a `UserRecord` object.
- */
-class UserRecordMetadata {
-    constructor(creationTime, lastSignInTime) {
-        this.creationTime = creationTime;
-        this.lastSignInTime = lastSignInTime;
-    }
-    /** Returns a plain JavaScript object with the properties of UserRecordMetadata. */
-    toJSON() {
-        return {
-            creationTime: this.creationTime,
-            lastSignInTime: this.lastSignInTime,
-        };
-    }
-}
-exports.UserRecordMetadata = UserRecordMetadata;
+* Helper class to create the user metadata in a `UserRecord` object.
+*/
+var UserRecordMetadata = class {
+	constructor(creationTime, lastSignInTime) {
+		this.creationTime = creationTime;
+		this.lastSignInTime = lastSignInTime;
+	}
+	/** Returns a plain JavaScript object with the properties of UserRecordMetadata. */
+	toJSON() {
+		return {
+			creationTime: this.creationTime,
+			lastSignInTime: this.lastSignInTime
+		};
+	}
+};
 /**
- * Helper function that creates a `UserRecord` class from data sent over the wire.
- * @param wireData data sent over the wire
- * @returns an instance of `UserRecord` with correct toJSON functions
- */
+* Helper function that creates a `UserRecord` class from data sent over the wire.
+* @param wireData data sent over the wire
+* @returns an instance of `UserRecord` with correct toJSON functions
+*/
 function userRecordConstructor(wireData) {
-    // Falsey values from the wire format proto get lost when converted to JSON, this adds them back.
-    const falseyValues = {
-        email: null,
-        emailVerified: false,
-        displayName: null,
-        photoURL: null,
-        phoneNumber: null,
-        disabled: false,
-        providerData: [],
-        customClaims: {},
-        passwordSalt: null,
-        passwordHash: null,
-        tokensValidAfterTime: null,
-    };
-    const record = { ...falseyValues, ...wireData };
-    const meta = record.metadata;
-    if (meta) {
-        record.metadata = new UserRecordMetadata(meta.createdAt || meta.creationTime, meta.lastSignedInAt || meta.lastSignInTime);
-    }
-    else {
-        record.metadata = new UserRecordMetadata(null, null);
-    }
-    record.toJSON = () => {
-        const { uid, email, emailVerified, displayName, photoURL, phoneNumber, disabled, passwordHash, passwordSalt, tokensValidAfterTime, } = record;
-        const json = {
-            uid,
-            email,
-            emailVerified,
-            displayName,
-            photoURL,
-            phoneNumber,
-            disabled,
-            passwordHash,
-            passwordSalt,
-            tokensValidAfterTime,
-        };
-        json.metadata = record.metadata.toJSON();
-        json.customClaims = JSON.parse(JSON.stringify(record.customClaims));
-        json.providerData = record.providerData.map((entry) => {
-            const newEntry = { ...entry };
-            newEntry.toJSON = () => entry;
-            return newEntry;
-        });
-        return json;
-    };
-    return record;
+	const falseyValues = {
+		email: null,
+		emailVerified: false,
+		displayName: null,
+		photoURL: null,
+		phoneNumber: null,
+		disabled: false,
+		providerData: [],
+		customClaims: {},
+		passwordSalt: null,
+		passwordHash: null,
+		tokensValidAfterTime: null
+	};
+	const record = {
+		...falseyValues,
+		...wireData
+	};
+	const meta = record.metadata;
+	if (meta) {
+		record.metadata = new UserRecordMetadata(meta.createdAt || meta.creationTime, meta.lastSignedInAt || meta.lastSignInTime);
+	} else {
+		record.metadata = new UserRecordMetadata(null, null);
+	}
+	record.toJSON = () => {
+		const { uid, email, emailVerified, displayName, photoURL, phoneNumber, disabled, passwordHash, passwordSalt, tokensValidAfterTime } = record;
+		const json = {
+			uid,
+			email,
+			emailVerified,
+			displayName,
+			photoURL,
+			phoneNumber,
+			disabled,
+			passwordHash,
+			passwordSalt,
+			tokensValidAfterTime
+		};
+		json.metadata = record.metadata.toJSON();
+		json.customClaims = JSON.parse(JSON.stringify(record.customClaims));
+		json.providerData = record.providerData.map((entry) => {
+			const newEntry = { ...entry };
+			newEntry.toJSON = () => entry;
+			return newEntry;
+		});
+		return json;
+	};
+	return record;
 }
-exports.userRecordConstructor = userRecordConstructor;
 /**
- * Checks for a valid identity platform web request, otherwise throws an HttpsError.
- * @internal
- */
+* Checks for a valid identity platform web request, otherwise throws an HttpsError.
+* @internal
+*/
 function isValidRequest(req) {
-    var _a, _b;
-    if (req.method !== "POST") {
-        logger.warn(`Request has invalid method "${req.method}".`);
-        return false;
-    }
-    const contentType = (req.header("Content-Type") || "").toLowerCase();
-    if (!contentType.includes("application/json")) {
-        logger.warn("Request has invalid header Content-Type.");
-        return false;
-    }
-    if (!((_b = (_a = req.body) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.jwt)) {
-        logger.warn("Request has an invalid body.");
-        return false;
-    }
-    return true;
+	if (req.method !== "POST") {
+		require_logger_index.warn(`Request has invalid method "${req.method}".`);
+		return false;
+	}
+	const contentType = (req.header("Content-Type") || "").toLowerCase();
+	if (!contentType.includes("application/json")) {
+		require_logger_index.warn("Request has invalid header Content-Type.");
+		return false;
+	}
+	if (!req.body?.data?.jwt) {
+		require_logger_index.warn("Request has an invalid body.");
+		return false;
+	}
+	return true;
 }
-exports.isValidRequest = isValidRequest;
 /**
- * Decode, but not verify, an Auth Blocking token.
- *
- * Do not use in production. Token should always be verified using the Admin SDK.
- *
- * This is exposed only for testing.
- */
+* Decode, but not verify, an Auth Blocking token.
+*
+* Do not use in production. Token should always be verified using the Admin SDK.
+*
+* This is exposed only for testing.
+*/
 function unsafeDecodeAuthBlockingToken(token) {
-    const decoded = (0, https_1.unsafeDecodeToken)(token);
-    decoded.uid = decoded.sub;
-    return decoded;
+	const decoded = require_common_providers_https.unsafeDecodeToken(token);
+	decoded.uid = decoded.sub;
+	return decoded;
 }
 /**
- * Helper function to parse the decoded metadata object into a `UserMetaData` object
- * @internal
- */
+* Helper function to parse the decoded metadata object into a `UserMetaData` object
+* @internal
+*/
 function parseMetadata(metadata) {
-    const creationTime = (metadata === null || metadata === void 0 ? void 0 : metadata.creation_time)
-        ? new Date(metadata.creation_time).toUTCString()
-        : null;
-    const lastSignInTime = (metadata === null || metadata === void 0 ? void 0 : metadata.last_sign_in_time)
-        ? new Date(metadata.last_sign_in_time).toUTCString()
-        : null;
-    return {
-        creationTime,
-        lastSignInTime,
-    };
+	const creationTime = metadata?.creation_time ? new Date(metadata.creation_time).toUTCString() : null;
+	const lastSignInTime = metadata?.last_sign_in_time ? new Date(metadata.last_sign_in_time).toUTCString() : null;
+	return {
+		creationTime,
+		lastSignInTime
+	};
 }
-exports.parseMetadata = parseMetadata;
 /**
- * Helper function to parse the decoded user info array into an `AuthUserInfo` array.
- * @internal
- */
+* Helper function to parse the decoded user info array into an `AuthUserInfo` array.
+* @internal
+*/
 function parseProviderData(providerData) {
-    const providers = [];
-    for (const provider of providerData) {
-        providers.push({
-            uid: provider.uid,
-            displayName: provider.display_name,
-            email: provider.email,
-            photoURL: provider.photo_url,
-            providerId: provider.provider_id,
-            phoneNumber: provider.phone_number,
-        });
-    }
-    return providers;
+	const providers = [];
+	for (const provider of providerData) {
+		providers.push({
+			uid: provider.uid,
+			displayName: provider.display_name,
+			email: provider.email,
+			photoURL: provider.photo_url,
+			providerId: provider.provider_id,
+			phoneNumber: provider.phone_number
+		});
+	}
+	return providers;
 }
-exports.parseProviderData = parseProviderData;
 /**
- * Helper function to parse the date into a UTC string.
- * @internal
- */
+* Helper function to parse the date into a UTC string.
+* @internal
+*/
 function parseDate(tokensValidAfterTime) {
-    if (!tokensValidAfterTime) {
-        return null;
-    }
-    tokensValidAfterTime = tokensValidAfterTime * 1000;
-    try {
-        const date = new Date(tokensValidAfterTime);
-        if (!isNaN(date.getTime())) {
-            return date.toUTCString();
-        }
-    }
-    catch {
-        // ignore error
-    }
-    return null;
+	if (!tokensValidAfterTime) {
+		return null;
+	}
+	tokensValidAfterTime = tokensValidAfterTime * 1e3;
+	try {
+		const date = new Date(tokensValidAfterTime);
+		if (!isNaN(date.getTime())) {
+			return date.toUTCString();
+		}
+	} catch {}
+	return null;
 }
-exports.parseDate = parseDate;
 /**
- * Helper function to parse the decoded enrolled factors into a valid MultiFactorSettings
- * @internal
- */
+* Helper function to parse the decoded enrolled factors into a valid MultiFactorSettings
+* @internal
+*/
 function parseMultiFactor(multiFactor) {
-    if (!multiFactor) {
-        return null;
-    }
-    const parsedEnrolledFactors = [];
-    for (const factor of multiFactor.enrolled_factors || []) {
-        if (!factor.uid) {
-            throw new https_1.HttpsError("internal", "INTERNAL ASSERT FAILED: Invalid multi-factor info response");
-        }
-        const enrollmentTime = factor.enrollment_time
-            ? new Date(factor.enrollment_time).toUTCString()
-            : null;
-        parsedEnrolledFactors.push({
-            uid: factor.uid,
-            factorId: factor.phone_number ? factor.factor_id || "phone" : factor.factor_id,
-            displayName: factor.display_name,
-            enrollmentTime,
-            phoneNumber: factor.phone_number,
-        });
-    }
-    if (parsedEnrolledFactors.length > 0) {
-        return {
-            enrolledFactors: parsedEnrolledFactors,
-        };
-    }
-    return null;
+	if (!multiFactor) {
+		return null;
+	}
+	const parsedEnrolledFactors = [];
+	for (const factor of multiFactor.enrolled_factors || []) {
+		if (!factor.uid) {
+			throw new require_common_providers_https.HttpsError("internal", "INTERNAL ASSERT FAILED: Invalid multi-factor info response");
+		}
+		const enrollmentTime = factor.enrollment_time ? new Date(factor.enrollment_time).toUTCString() : null;
+		parsedEnrolledFactors.push({
+			uid: factor.uid,
+			factorId: factor.phone_number ? factor.factor_id || "phone" : factor.factor_id,
+			displayName: factor.display_name,
+			enrollmentTime,
+			phoneNumber: factor.phone_number
+		});
+	}
+	if (parsedEnrolledFactors.length > 0) {
+		return { enrolledFactors: parsedEnrolledFactors };
+	}
+	return null;
 }
-exports.parseMultiFactor = parseMultiFactor;
 /**
- * Parses the decoded user record into a valid UserRecord for use in the handler
- * @internal
- */
+* Parses the decoded user record into a valid UserRecord for use in the handler
+* @internal
+*/
 function parseAuthUserRecord(decodedJWTUserRecord) {
-    if (!decodedJWTUserRecord.uid) {
-        throw new https_1.HttpsError("internal", "INTERNAL ASSERT FAILED: Invalid user response");
-    }
-    const disabled = decodedJWTUserRecord.disabled || false;
-    const metadata = parseMetadata(decodedJWTUserRecord.metadata);
-    const providerData = parseProviderData(decodedJWTUserRecord.provider_data);
-    const tokensValidAfterTime = parseDate(decodedJWTUserRecord.tokens_valid_after_time);
-    const multiFactor = parseMultiFactor(decodedJWTUserRecord.multi_factor);
-    return {
-        uid: decodedJWTUserRecord.uid,
-        email: decodedJWTUserRecord.email,
-        emailVerified: decodedJWTUserRecord.email_verified,
-        displayName: decodedJWTUserRecord.display_name,
-        photoURL: decodedJWTUserRecord.photo_url,
-        phoneNumber: decodedJWTUserRecord.phone_number,
-        disabled,
-        metadata,
-        providerData,
-        passwordHash: decodedJWTUserRecord.password_hash,
-        passwordSalt: decodedJWTUserRecord.password_salt,
-        customClaims: decodedJWTUserRecord.custom_claims,
-        tenantId: decodedJWTUserRecord.tenant_id,
-        tokensValidAfterTime,
-        multiFactor,
-    };
+	if (!decodedJWTUserRecord.uid) {
+		throw new require_common_providers_https.HttpsError("internal", "INTERNAL ASSERT FAILED: Invalid user response");
+	}
+	const disabled = decodedJWTUserRecord.disabled || false;
+	const metadata = parseMetadata(decodedJWTUserRecord.metadata);
+	const providerData = parseProviderData(decodedJWTUserRecord.provider_data);
+	const tokensValidAfterTime = parseDate(decodedJWTUserRecord.tokens_valid_after_time);
+	const multiFactor = parseMultiFactor(decodedJWTUserRecord.multi_factor);
+	return {
+		uid: decodedJWTUserRecord.uid,
+		email: decodedJWTUserRecord.email,
+		emailVerified: decodedJWTUserRecord.email_verified,
+		displayName: decodedJWTUserRecord.display_name,
+		photoURL: decodedJWTUserRecord.photo_url,
+		phoneNumber: decodedJWTUserRecord.phone_number,
+		disabled,
+		metadata,
+		providerData,
+		passwordHash: decodedJWTUserRecord.password_hash,
+		passwordSalt: decodedJWTUserRecord.password_salt,
+		customClaims: decodedJWTUserRecord.custom_claims,
+		tenantId: decodedJWTUserRecord.tenant_id,
+		tokensValidAfterTime,
+		multiFactor
+	};
 }
-exports.parseAuthUserRecord = parseAuthUserRecord;
 /** Helper to get the `AdditionalUserInfo` from the decoded JWT */
 function parseAdditionalUserInfo(decodedJWT) {
-    let profile;
-    let username;
-    if (decodedJWT.raw_user_info) {
-        try {
-            profile = JSON.parse(decodedJWT.raw_user_info);
-        }
-        catch (err) {
-            logger.debug(`Parse Error: ${err.message}`);
-        }
-    }
-    if (profile) {
-        if (decodedJWT.sign_in_method === "github.com") {
-            username = profile.login;
-        }
-        if (decodedJWT.sign_in_method === "twitter.com") {
-            username = profile.screen_name;
-        }
-    }
-    return {
-        providerId: decodedJWT.sign_in_method === "emailLink" ? "password" : decodedJWT.sign_in_method,
-        profile,
-        username,
-        isNewUser: decodedJWT.event_type === "beforeCreate" ? true : false,
-        recaptchaScore: decodedJWT.recaptcha_score,
-        email: decodedJWT.email,
-        phoneNumber: decodedJWT.phone_number,
-    };
+	let profile;
+	let username;
+	if (decodedJWT.raw_user_info) {
+		try {
+			profile = JSON.parse(decodedJWT.raw_user_info);
+		} catch (err) {
+			require_logger_index.debug(`Parse Error: ${err.message}`);
+		}
+	}
+	if (profile) {
+		if (decodedJWT.sign_in_method === "github.com") {
+			username = profile.login;
+		}
+		if (decodedJWT.sign_in_method === "twitter.com") {
+			username = profile.screen_name;
+		}
+	}
+	return {
+		providerId: decodedJWT.sign_in_method === "emailLink" ? "password" : decodedJWT.sign_in_method,
+		profile,
+		username,
+		isNewUser: decodedJWT.event_type === "beforeCreate" ? true : false,
+		recaptchaScore: decodedJWT.recaptcha_score,
+		email: decodedJWT.email,
+		phoneNumber: decodedJWT.phone_number
+	};
 }
 /**
- * Helper to generate a response from the blocking function to the Firebase Auth backend.
- * @internal
- */
+* Helper to generate a response from the blocking function to the Firebase Auth backend.
+* @internal
+*/
 function generateResponsePayload(authResponse) {
-    if (!authResponse) {
-        return {};
-    }
-    const { recaptchaActionOverride, ...formattedAuthResponse } = authResponse;
-    const result = {};
-    const updateMask = getUpdateMask(formattedAuthResponse);
-    if (updateMask.length !== 0) {
-        result.userRecord = {
-            ...formattedAuthResponse,
-            updateMask,
-        };
-    }
-    if (recaptchaActionOverride !== undefined) {
-        result.recaptchaActionOverride = recaptchaActionOverride;
-    }
-    return result;
+	if (!authResponse) {
+		return {};
+	}
+	const { recaptchaActionOverride,...formattedAuthResponse } = authResponse;
+	const result = {};
+	const updateMask = getUpdateMask(formattedAuthResponse);
+	if (updateMask.length !== 0) {
+		result.userRecord = {
+			...formattedAuthResponse,
+			updateMask
+		};
+	}
+	if (recaptchaActionOverride !== undefined) {
+		result.recaptchaActionOverride = recaptchaActionOverride;
+	}
+	return result;
 }
-exports.generateResponsePayload = generateResponsePayload;
 /** Helper to get the Credential from the decoded JWT */
 function parseAuthCredential(decodedJWT, time) {
-    if (!decodedJWT.sign_in_attributes &&
-        !decodedJWT.oauth_id_token &&
-        !decodedJWT.oauth_access_token &&
-        !decodedJWT.oauth_refresh_token) {
-        return null;
-    }
-    return {
-        claims: decodedJWT.sign_in_attributes,
-        idToken: decodedJWT.oauth_id_token,
-        accessToken: decodedJWT.oauth_access_token,
-        refreshToken: decodedJWT.oauth_refresh_token,
-        expirationTime: decodedJWT.oauth_expires_in
-            ? new Date(time + decodedJWT.oauth_expires_in * 1000).toUTCString()
-            : undefined,
-        secret: decodedJWT.oauth_token_secret,
-        providerId: decodedJWT.sign_in_method === "emailLink" ? "password" : decodedJWT.sign_in_method,
-        signInMethod: decodedJWT.sign_in_method,
-    };
+	if (!decodedJWT.sign_in_attributes && !decodedJWT.oauth_id_token && !decodedJWT.oauth_access_token && !decodedJWT.oauth_refresh_token) {
+		return null;
+	}
+	return {
+		claims: decodedJWT.sign_in_attributes,
+		idToken: decodedJWT.oauth_id_token,
+		accessToken: decodedJWT.oauth_access_token,
+		refreshToken: decodedJWT.oauth_refresh_token,
+		expirationTime: decodedJWT.oauth_expires_in ? new Date(time + decodedJWT.oauth_expires_in * 1e3).toUTCString() : undefined,
+		secret: decodedJWT.oauth_token_secret,
+		providerId: decodedJWT.sign_in_method === "emailLink" ? "password" : decodedJWT.sign_in_method,
+		signInMethod: decodedJWT.sign_in_method
+	};
 }
 /**
- * Parses the decoded jwt into a valid AuthEventContext for use in the handler
- * @internal
- */
+* Parses the decoded jwt into a valid AuthEventContext for use in the handler
+* @internal
+*/
 function parseAuthEventContext(decodedJWT, projectId, time = new Date().getTime()) {
-    const eventType = (EVENT_MAPPING[decodedJWT.event_type] || decodedJWT.event_type) +
-        (decodedJWT.sign_in_method ? `:${decodedJWT.sign_in_method}` : "");
-    return {
-        locale: decodedJWT.locale,
-        ipAddress: decodedJWT.ip_address,
-        userAgent: decodedJWT.user_agent,
-        eventId: decodedJWT.event_id,
-        eventType,
-        authType: decodedJWT.user_record ? "USER" : "UNAUTHENTICATED",
-        resource: {
-            // TODO(colerogers): figure out the correct service
-            service: "identitytoolkit.googleapis.com",
-            name: decodedJWT.tenant_id
-                ? `projects/${projectId}/tenants/${decodedJWT.tenant_id}`
-                : `projects/${projectId}`,
-        },
-        timestamp: new Date(decodedJWT.iat * 1000).toUTCString(),
-        additionalUserInfo: parseAdditionalUserInfo(decodedJWT),
-        credential: parseAuthCredential(decodedJWT, time),
-        emailType: decodedJWT.email_type,
-        smsType: decodedJWT.sms_type,
-        params: {},
-    };
+	const eventType = (EVENT_MAPPING[decodedJWT.event_type] || decodedJWT.event_type) + (decodedJWT.sign_in_method ? `:${decodedJWT.sign_in_method}` : "");
+	return {
+		locale: decodedJWT.locale,
+		ipAddress: decodedJWT.ip_address,
+		userAgent: decodedJWT.user_agent,
+		eventId: decodedJWT.event_id,
+		eventType,
+		authType: decodedJWT.user_record ? "USER" : "UNAUTHENTICATED",
+		resource: {
+			service: "identitytoolkit.googleapis.com",
+			name: decodedJWT.tenant_id ? `projects/${projectId}/tenants/${decodedJWT.tenant_id}` : `projects/${projectId}`
+		},
+		timestamp: new Date(decodedJWT.iat * 1e3).toUTCString(),
+		additionalUserInfo: parseAdditionalUserInfo(decodedJWT),
+		credential: parseAuthCredential(decodedJWT, time),
+		emailType: decodedJWT.email_type,
+		smsType: decodedJWT.sms_type,
+		params: {}
+	};
 }
-exports.parseAuthEventContext = parseAuthEventContext;
 /**
- * Checks the handler response for invalid customClaims & sessionClaims objects
- * @internal
- */
+* Checks the handler response for invalid customClaims & sessionClaims objects
+* @internal
+*/
 function validateAuthResponse(eventType, authRequest) {
-    if (!authRequest) {
-        authRequest = {};
-    }
-    if (authRequest.customClaims) {
-        const invalidClaims = DISALLOWED_CUSTOM_CLAIMS.filter((claim) => authRequest.customClaims.hasOwnProperty(claim));
-        if (invalidClaims.length > 0) {
-            throw new https_1.HttpsError("invalid-argument", `The customClaims claims "${invalidClaims.join(",")}" are reserved and cannot be specified.`);
-        }
-        if (JSON.stringify(authRequest.customClaims).length > CLAIMS_MAX_PAYLOAD_SIZE) {
-            throw new https_1.HttpsError("invalid-argument", `The customClaims payload should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters.`);
-        }
-    }
-    if (eventType === "beforeSignIn" && authRequest.sessionClaims) {
-        const invalidClaims = DISALLOWED_CUSTOM_CLAIMS.filter((claim) => authRequest.sessionClaims.hasOwnProperty(claim));
-        if (invalidClaims.length > 0) {
-            throw new https_1.HttpsError("invalid-argument", `The sessionClaims claims "${invalidClaims.join(",")}" are reserved and cannot be specified.`);
-        }
-        if (JSON.stringify(authRequest.sessionClaims).length >
-            CLAIMS_MAX_PAYLOAD_SIZE) {
-            throw new https_1.HttpsError("invalid-argument", `The sessionClaims payload should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters.`);
-        }
-        const combinedClaims = {
-            ...authRequest.customClaims,
-            ...authRequest.sessionClaims,
-        };
-        if (JSON.stringify(combinedClaims).length > CLAIMS_MAX_PAYLOAD_SIZE) {
-            throw new https_1.HttpsError("invalid-argument", `The customClaims and sessionClaims payloads should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters combined.`);
-        }
-    }
+	if (!authRequest) {
+		authRequest = {};
+	}
+	if (authRequest.customClaims) {
+		const invalidClaims = DISALLOWED_CUSTOM_CLAIMS.filter((claim) => authRequest.customClaims.hasOwnProperty(claim));
+		if (invalidClaims.length > 0) {
+			throw new require_common_providers_https.HttpsError("invalid-argument", `The customClaims claims "${invalidClaims.join(",")}" are reserved and cannot be specified.`);
+		}
+		if (JSON.stringify(authRequest.customClaims).length > CLAIMS_MAX_PAYLOAD_SIZE) {
+			throw new require_common_providers_https.HttpsError("invalid-argument", `The customClaims payload should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters.`);
+		}
+	}
+	if (eventType === "beforeSignIn" && authRequest.sessionClaims) {
+		const invalidClaims = DISALLOWED_CUSTOM_CLAIMS.filter((claim) => authRequest.sessionClaims.hasOwnProperty(claim));
+		if (invalidClaims.length > 0) {
+			throw new require_common_providers_https.HttpsError("invalid-argument", `The sessionClaims claims "${invalidClaims.join(",")}" are reserved and cannot be specified.`);
+		}
+		if (JSON.stringify(authRequest.sessionClaims).length > CLAIMS_MAX_PAYLOAD_SIZE) {
+			throw new require_common_providers_https.HttpsError("invalid-argument", `The sessionClaims payload should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters.`);
+		}
+		const combinedClaims = {
+			...authRequest.customClaims,
+			...authRequest.sessionClaims
+		};
+		if (JSON.stringify(combinedClaims).length > CLAIMS_MAX_PAYLOAD_SIZE) {
+			throw new require_common_providers_https.HttpsError("invalid-argument", `The customClaims and sessionClaims payloads should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters combined.`);
+		}
+	}
 }
-exports.validateAuthResponse = validateAuthResponse;
 /**
- * Helper function to generate the update mask for the identity platform changed values
- * @internal
- */
+* Helper function to generate the update mask for the identity platform changed values
+* @internal
+*/
 function getUpdateMask(authResponse) {
-    if (!authResponse) {
-        return "";
-    }
-    const updateMask = [];
-    for (const key in authResponse) {
-        if (authResponse.hasOwnProperty(key) && typeof authResponse[key] !== "undefined") {
-            updateMask.push(key);
-        }
-    }
-    return updateMask.join(",");
+	if (!authResponse) {
+		return "";
+	}
+	const updateMask = [];
+	for (const key in authResponse) {
+		if (authResponse.hasOwnProperty(key) && typeof authResponse[key] !== "undefined") {
+			updateMask.push(key);
+		}
+	}
+	return updateMask.join(",");
 }
-exports.getUpdateMask = getUpdateMask;
 /** @internal */
 function wrapHandler(eventType, handler) {
-    return async (req, res) => {
-        try {
-            const projectId = process.env.GCLOUD_PROJECT;
-            if (!isValidRequest(req)) {
-                logger.error("Invalid request, unable to process");
-                throw new https_1.HttpsError("invalid-argument", "Bad Request");
-            }
-            if (!auth.getAuth((0, app_1.getApp)())._verifyAuthBlockingToken) {
-                throw new Error("Cannot validate Auth Blocking token. Please update Firebase Admin SDK to >= v10.1.0");
-            }
-            const decodedPayload = (0, debug_1.isDebugFeatureEnabled)("skipTokenVerification")
-                ? unsafeDecodeAuthBlockingToken(req.body.data.jwt)
-                : handler.platform === "gcfv1"
-                    ? await auth.getAuth((0, app_1.getApp)())._verifyAuthBlockingToken(req.body.data.jwt)
-                    : await auth.getAuth((0, app_1.getApp)())._verifyAuthBlockingToken(req.body.data.jwt, "run.app");
-            let authUserRecord;
-            if (decodedPayload.event_type === "beforeCreate" ||
-                decodedPayload.event_type === "beforeSignIn") {
-                authUserRecord = parseAuthUserRecord(decodedPayload.user_record);
-            }
-            const authEventContext = parseAuthEventContext(decodedPayload, projectId);
-            let authResponse;
-            if (handler.platform === "gcfv1") {
-                authResponse = authUserRecord
-                    ? (await handler(authUserRecord, authEventContext)) || undefined
-                    : (await handler(authEventContext)) || undefined;
-            }
-            else {
-                authResponse =
-                    (await handler({
-                        ...authEventContext,
-                        data: authUserRecord,
-                    })) || undefined;
-            }
-            validateAuthResponse(eventType, authResponse);
-            const result = generateResponsePayload(authResponse);
-            res.status(200);
-            res.setHeader("Content-Type", "application/json");
-            res.send(JSON.stringify(result));
-        }
-        catch (err) {
-            let httpErr = err;
-            if (!(httpErr instanceof https_1.HttpsError)) {
-                // This doesn't count as an 'explicit' error.
-                logger.error("Unhandled error", err);
-                httpErr = new https_1.HttpsError("internal", "An unexpected error occurred.");
-            }
-            const { status } = httpErr.httpErrorCode;
-            const body = { error: httpErr.toJSON() };
-            res.setHeader("Content-Type", "application/json");
-            res.status(status).send(body);
-        }
-    };
+	return async (req, res) => {
+		try {
+			const projectId = process.env.GCLOUD_PROJECT;
+			if (!isValidRequest(req)) {
+				require_logger_index.error("Invalid request, unable to process");
+				throw new require_common_providers_https.HttpsError("invalid-argument", "Bad Request");
+			}
+			if (!firebase_admin_auth.getAuth(require_common_app.getApp())._verifyAuthBlockingToken) {
+				throw new Error("Cannot validate Auth Blocking token. Please update Firebase Admin SDK to >= v10.1.0");
+			}
+			const decodedPayload = require_common_debug.isDebugFeatureEnabled("skipTokenVerification") ? unsafeDecodeAuthBlockingToken(req.body.data.jwt) : handler.platform === "gcfv1" ? await firebase_admin_auth.getAuth(require_common_app.getApp())._verifyAuthBlockingToken(req.body.data.jwt) : await firebase_admin_auth.getAuth(require_common_app.getApp())._verifyAuthBlockingToken(req.body.data.jwt, "run.app");
+			let authUserRecord;
+			if (decodedPayload.event_type === "beforeCreate" || decodedPayload.event_type === "beforeSignIn") {
+				authUserRecord = parseAuthUserRecord(decodedPayload.user_record);
+			}
+			const authEventContext = parseAuthEventContext(decodedPayload, projectId);
+			let authResponse;
+			if (handler.platform === "gcfv1") {
+				authResponse = authUserRecord ? await handler(authUserRecord, authEventContext) || undefined : await handler(authEventContext) || undefined;
+			} else {
+				authResponse = await handler({
+					...authEventContext,
+					data: authUserRecord
+				}) || undefined;
+			}
+			validateAuthResponse(eventType, authResponse);
+			const result = generateResponsePayload(authResponse);
+			res.status(200);
+			res.setHeader("Content-Type", "application/json");
+			res.send(JSON.stringify(result));
+		} catch (err) {
+			let httpErr = err;
+			if (!(httpErr instanceof require_common_providers_https.HttpsError)) {
+				require_logger_index.error("Unhandled error", err);
+				httpErr = new require_common_providers_https.HttpsError("internal", "An unexpected error occurred.");
+			}
+			const { status } = httpErr.httpErrorCode;
+			const body = { error: httpErr.toJSON() };
+			res.setHeader("Content-Type", "application/json");
+			res.status(status).send(body);
+		}
+	};
 }
-exports.wrapHandler = wrapHandler;
+
+//#endregion
+exports.HttpsError = require_common_providers_https.HttpsError;
+exports.UserRecordMetadata = UserRecordMetadata;
+exports.generateResponsePayload = generateResponsePayload;
+exports.getUpdateMask = getUpdateMask;
+exports.isValidRequest = isValidRequest;
+exports.parseAuthEventContext = parseAuthEventContext;
+exports.parseAuthUserRecord = parseAuthUserRecord;
+exports.parseDate = parseDate;
+exports.parseMetadata = parseMetadata;
+exports.parseMultiFactor = parseMultiFactor;
+exports.parseProviderData = parseProviderData;
+exports.userRecordConstructor = userRecordConstructor;
+exports.validateAuthResponse = validateAuthResponse;
+exports.wrapHandler = wrapHandler;