Merge master into release

Author: google-oss-bot

.changeset/brown-beers-tease.md

@@ -0,0 +1,6 @@
+---
+"@firebase/firestore": minor
+"firebase": minor
+---
+
+Introduces a new way to config Firestore SDK Cache.

.changeset/friendly-ads-yell.md

@@ -0,0 +1,6 @@
+---
+'@firebase/firestore': patch
+'firebase': patch
+---
+
+Check that DOMException exists before referencing it, to fix react-native, which was broken by https://github.com/firebase/firebase-js-sdk/pull/7019 in v9.17.2.

.changeset/hot-experts-talk.md

@@ -0,0 +1,5 @@
+---
+'@firebase/auth': patch
+---
+
+Support TOTP as a multi-factor option in Firebase Auth/GCIP.

.changeset/plenty-radios-look.md

@@ -0,0 +1,6 @@
+---
+'@firebase/firestore': patch
+'firebase': patch
+---
+
+Remove the deprecated gapi.auth from FirstPartyToken.

.changeset/sixty-buckets-repeat.md

@@ -0,0 +1,5 @@
+---
+'@firebase/auth': patch
+---
+
+Modify \_fail to use AuthErrorCode.NETWORK_REQUEST_FAILED

.changeset/wet-cooks-doubt.md

@@ -0,0 +1,5 @@
+---
+'@firebase/analytics': patch
+---
+
+Use the Trusted Types API when composing the gtag URL.

.github/workflows/test-changed-auth.yml

@@ -14,9 +14,13 @@ jobs:
     steps:
       # install Chrome first, so the correct version of webdriver can be installed by chromedriver when setting up the repo
       - name: install Chrome stable
+        # Install Chrome version 110.0.5481.177-1 as test starts to fail on version 111.0.5563.64-1.
+        # We will retry to use the latest, once Chrome releases stable version 112 (April 4 ETA).
         run: |
           sudo apt-get update
-          sudo apt-get install google-chrome-stable
+          sudo apt-get install wget
+          sudo wget http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_110.0.5481.177-1_amd64.deb
+          sudo apt-get install -f ./google-chrome-stable_110.0.5481.177-1_amd64.deb --allow-downgrades
       - name: Checkout Repo
         uses: actions/checkout@master
         with:

.github/workflows/update-api-reports.yml

@@ -27,7 +27,7 @@ jobs:
       run: yarn build
       id: update-api-reports
     - name: Commit & Push changes
-      uses: EndBug/add-and-commit@v7
+      uses: EndBug/add-and-commit@v9
       with:
         add: 'common/api-review/*'
         message: 'Update API reports'

common/api-review/auth.api.md

@@ -361,6 +361,7 @@ export class FacebookAuthProvider extends BaseOAuthProvider {
 // @public
 export const FactorId: {
     readonly PHONE: "phone";
+    readonly TOTP: "totp";
 };
 
 // @public
@@ -745,6 +746,41 @@ export function signInWithRedirect(auth: Auth, provider: AuthProvider, resolver?
 // @public
 export function signOut(auth: Auth): Promise<void>;
 
+// @public
+export interface TotpMultiFactorAssertion extends MultiFactorAssertion {
+}
+
+// @public
+export class TotpMultiFactorGenerator {
+    static assertionForEnrollment(secret: TotpSecret, oneTimePassword: string): TotpMultiFactorAssertion;
+    static assertionForSignIn(enrollmentId: string, oneTimePassword: string): TotpMultiFactorAssertion;
+    // Warning: (ae-forgotten-export) The symbol "FactorId" needs to be exported by the entry point index.d.ts
+    static FACTOR_ID: FactorId_2;
+    static generateSecret(session: MultiFactorSession): Promise<TotpSecret>;
+}
+
+// @public
+export interface TotpMultiFactorInfo extends MultiFactorInfo {
+}
+
+// @public
+export class TotpSecret {
+    readonly codeIntervalSeconds: number;
+    readonly codeLength: number;
+    readonly enrollmentCompletionDeadline: string;
+    // Warning: (ae-forgotten-export) The symbol "StartTotpMfaEnrollmentResponse" needs to be exported by the entry point index.d.ts
+    //
+    // @internal (undocumented)
+    static _fromStartTotpMfaEnrollmentResponse(response: StartTotpMfaEnrollmentResponse, auth: AuthInternal): TotpSecret;
+    generateQrCodeUrl(accountName?: string, issuer?: string): string;
+    readonly hashingAlgorithm: string;
+    // Warning: (ae-forgotten-export) The symbol "TotpVerificationInfo" needs to be exported by the entry point index.d.ts
+    //
+    // @internal (undocumented)
+    _makeTotpVerificationInfo(otp: string): TotpVerificationInfo;
+    readonly secretKey: string;
+    }
+
 // @public
 export class TwitterAuthProvider extends BaseOAuthProvider {
     constructor();

common/api-review/firestore.api.md

@@ -163,10 +163,10 @@ export class DocumentSnapshot<T = DocumentData> {
 
 export { EmulatorMockTokenOptions }
 
-// @public
+// @public @deprecated
 export function enableIndexedDbPersistence(firestore: Firestore, persistenceSettings?: PersistenceSettings): Promise<void>;
 
-// @public
+// @public @deprecated
 export function enableMultiTabIndexedDbPersistence(firestore: Firestore): Promise<void>;
 
 // @public
@@ -219,13 +219,17 @@ export class FirestoreError extends FirebaseError {
 // @public
 export type FirestoreErrorCode = 'cancelled' | 'unknown' | 'invalid-argument' | 'deadline-exceeded' | 'not-found' | 'already-exists' | 'permission-denied' | 'resource-exhausted' | 'failed-precondition' | 'aborted' | 'out-of-range' | 'unimplemented' | 'internal' | 'unavailable' | 'data-loss' | 'unauthenticated';
 
+// @public
+export type FirestoreLocalCache = MemoryLocalCache | PersistentLocalCache;
+
 // @public
 export interface FirestoreSettings {
     cacheSizeBytes?: number;
     experimentalAutoDetectLongPolling?: boolean;
     experimentalForceLongPolling?: boolean;
     host?: string;
     ignoreUndefinedProperties?: boolean;
+    localCache?: FirestoreLocalCache;
     ssl?: boolean;
 }
 
@@ -327,6 +331,15 @@ export interface LoadBundleTaskProgress {
 
 export { LogLevel }
 
+// @public
+export interface MemoryLocalCache {
+    // (undocumented)
+    kind: 'memory';
+}
+
+// @public
+export function memoryLocalCache(): MemoryLocalCache;
+
 // @public
 export function namedQuery(firestore: Firestore, name: string): Promise<Query | null>;
 
@@ -404,6 +417,47 @@ export interface PersistenceSettings {
     forceOwnership?: boolean;
 }
 
+// @public
+export interface PersistentCacheSettings {
+    cacheSizeBytes?: number;
+    tabManager?: PersistentTabManager;
+}
+
+// @public
+export interface PersistentLocalCache {
+    // (undocumented)
+    kind: 'persistent';
+}
+
+// @public
+export function persistentLocalCache(settings?: PersistentCacheSettings): PersistentLocalCache;
+
+// @public
+export interface PersistentMultipleTabManager {
+    // (undocumented)
+    kind: 'PersistentMultipleTab';
+}
+
+// @public
+export function persistentMultipleTabManager(): PersistentMultipleTabManager;
+
+// @public
+export interface PersistentSingleTabManager {
+    // (undocumented)
+    kind: 'persistentSingleTab';
+}
+
+// @public
+export function persistentSingleTabManager(settings: PersistentSingleTabManagerSettings | undefined): PersistentSingleTabManager;
+
+// @public
+export interface PersistentSingleTabManagerSettings {
+    forceOwnership?: boolean;
+}
+
+// @public
+export type PersistentTabManager = PersistentSingleTabManager | PersistentMultipleTabManager;
+
 // @public
 export type Primitive = string | number | boolean | undefined | null;
 

docs-devsite/auth.md

@@ -93,6 +93,8 @@ Firebase Authentication
 |  [PhoneMultiFactorGenerator](./auth.phonemultifactorgenerator.md#phonemultifactorgenerator_class) | Provider for generating a [PhoneMultiFactorAssertion](./auth.phonemultifactorassertion.md#phonemultifactorassertion_interface)<!-- -->. |
 |  [RecaptchaVerifier](./auth.recaptchaverifier.md#recaptchaverifier_class) | An [reCAPTCHA](https://www.google.com/recaptcha/)<!-- -->-based application verifier. |
 |  [SAMLAuthProvider](./auth.samlauthprovider.md#samlauthprovider_class) | An [AuthProvider](./auth.authprovider.md#authprovider_interface) for SAML. |
+|  [TotpMultiFactorGenerator](./auth.totpmultifactorgenerator.md#totpmultifactorgenerator_class) | Provider for generating a [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface)<!-- -->. |
+|  [TotpSecret](./auth.totpsecret.md#totpsecret_class) | Provider for generating a [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface)<!-- -->.<!-- -->Stores the shared secret key and other parameters to generate time-based OTPs. Implements methods to retrieve the shared secret key and generate a QR code URL. |
 |  [TwitterAuthProvider](./auth.twitterauthprovider.md#twitterauthprovider_class) | Provider for generating an [OAuthCredential](./auth.oauthcredential.md#oauthcredential_class) for [ProviderId](./auth.md#providerid)<!-- -->.TWITTER. |
 
 ## Interfaces
@@ -130,6 +132,8 @@ Firebase Authentication
 |  [PopupRedirectResolver](./auth.popupredirectresolver.md#popupredirectresolver_interface) | A resolver used for handling DOM specific operations like [signInWithPopup()](./auth.md#signinwithpopup) or [signInWithRedirect()](./auth.md#signinwithredirect)<!-- -->. |
 |  [ReactNativeAsyncStorage](./auth.reactnativeasyncstorage.md#reactnativeasyncstorage_interface) | Interface for a supplied <code>AsyncStorage</code>. |
 |  [RecaptchaParameters](./auth.recaptchaparameters.md#recaptchaparameters_interface) | Interface representing reCAPTCHA parameters.<!-- -->See the \[reCAPTCHA docs\](https://developers.google.com/recaptcha/docs/display\#render\_param) for the list of accepted parameters. All parameters are accepted except for <code>sitekey</code>: Firebase Auth provisions a reCAPTCHA for each project and will configure the site key upon rendering.<!-- -->For an invisible reCAPTCHA, set the <code>size</code> key to <code>invisible</code>. |
+|  [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface) | The class for asserting ownership of a TOTP second factor. Provided by [TotpMultiFactorGenerator.assertionForEnrollment()](./auth.totpmultifactorgenerator.md#totpmultifactorgeneratorassertionforenrollment) and [TotpMultiFactorGenerator.assertionForSignIn()](./auth.totpmultifactorgenerator.md#totpmultifactorgeneratorassertionforsignin)<!-- -->. |
+|  [TotpMultiFactorInfo](./auth.totpmultifactorinfo.md#totpmultifactorinfo_interface) | The subclass of the [MultiFactorInfo](./auth.multifactorinfo.md#multifactorinfo_interface) interface for TOTP second factors. The <code>factorId</code> of this second factor is [FactorId](./auth.md#factorid)<!-- -->.TOTP. |
 |  [User](./auth.user.md#user_interface) | A user account. |
 |  [UserCredential](./auth.usercredential.md#usercredential_interface) | A structure containing a [User](./auth.user.md#user_interface)<!-- -->, the [OperationType](./auth.md#operationtype)<!-- -->, and the provider ID. |
 |  [UserInfo](./auth.userinfo.md#userinfo_interface) | User profile information, visible only to the Firebase project's apps. |
@@ -1855,6 +1859,7 @@ An enum of factors that may be used for multifactor authentication.
 ```typescript
 FactorId: {
     readonly PHONE: "phone";
+    readonly TOTP: "totp";
 }
 ```
 

docs-devsite/auth.totpmultifactorassertion.md

@@ -0,0 +1,21 @@
+Project: /docs/reference/js/_project.yaml
+Book: /docs/reference/_book.yaml
+page_type: reference
+
+{% comment %}
+DO NOT EDIT THIS FILE!
+This is generated by the JS SDK team, and any local changes will be
+overwritten. Changes should be made in the source code at
+https://github.com/firebase/firebase-js-sdk
+{% endcomment %}
+
+# TotpMultiFactorAssertion interface
+The class for asserting ownership of a TOTP second factor. Provided by [TotpMultiFactorGenerator.assertionForEnrollment()](./auth.totpmultifactorgenerator.md#totpmultifactorgeneratorassertionforenrollment) and [TotpMultiFactorGenerator.assertionForSignIn()](./auth.totpmultifactorgenerator.md#totpmultifactorgeneratorassertionforsignin)<!-- -->.
+
+<b>Signature:</b>
+
+```typescript
+export interface TotpMultiFactorAssertion extends MultiFactorAssertion 
+```
+<b>Extends:</b> [MultiFactorAssertion](./auth.multifactorassertion.md#multifactorassertion_interface)
+

docs-devsite/auth.totpmultifactorgenerator.md

@@ -0,0 +1,112 @@
+Project: /docs/reference/js/_project.yaml
+Book: /docs/reference/_book.yaml
+page_type: reference
+
+{% comment %}
+DO NOT EDIT THIS FILE!
+This is generated by the JS SDK team, and any local changes will be
+overwritten. Changes should be made in the source code at
+https://github.com/firebase/firebase-js-sdk
+{% endcomment %}
+
+# TotpMultiFactorGenerator class
+Provider for generating a [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface)<!-- -->.
+
+<b>Signature:</b>
+
+```typescript
+export declare class TotpMultiFactorGenerator 
+```
+
+## Properties
+
+|  Property | Modifiers | Type | Description |
+|  --- | --- | --- | --- |
+|  [FACTOR\_ID](./auth.totpmultifactorgenerator.md#totpmultifactorgeneratorfactor_id) | <code>static</code> | FactorId | The identifier of the TOTP second factor: <code>totp</code>. |
+
+## Methods
+
+|  Method | Modifiers | Description |
+|  --- | --- | --- |
+|  [assertionForEnrollment(secret, oneTimePassword)](./auth.totpmultifactorgenerator.md#totpmultifactorgeneratorassertionforenrollment) | <code>static</code> | Provides a [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface) to confirm ownership of the TOTP (time-based one-time password) second factor. This assertion is used to complete enrollment in TOTP second factor. |
+|  [assertionForSignIn(enrollmentId, oneTimePassword)](./auth.totpmultifactorgenerator.md#totpmultifactorgeneratorassertionforsignin) | <code>static</code> | Provides a [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface) to confirm ownership of the TOTP second factor. This assertion is used to complete signIn with TOTP as the second factor. |
+|  [generateSecret(session)](./auth.totpmultifactorgenerator.md#totpmultifactorgeneratorgeneratesecret) | <code>static</code> | Returns a promise to [TotpSecret](./auth.totpsecret.md#totpsecret_class) which contains the TOTP shared secret key and other parameters. Creates a TOTP secret as part of enrolling a TOTP second factor. Used for generating a QR code URL or inputting into a TOTP app. This method uses the auth instance corresponding to the user in the multiFactorSession. |
+
+## TotpMultiFactorGenerator.FACTOR\_ID
+
+The identifier of the TOTP second factor: `totp`<!-- -->.
+
+<b>Signature:</b>
+
+```typescript
+static FACTOR_ID: FactorId;
+```
+
+## TotpMultiFactorGenerator.assertionForEnrollment()
+
+Provides a [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface) to confirm ownership of the TOTP (time-based one-time password) second factor. This assertion is used to complete enrollment in TOTP second factor.
+
+<b>Signature:</b>
+
+```typescript
+static assertionForEnrollment(secret: TotpSecret, oneTimePassword: string): TotpMultiFactorAssertion;
+```
+
+### Parameters
+
+|  Parameter | Type | Description |
+|  --- | --- | --- |
+|  secret | [TotpSecret](./auth.totpsecret.md#totpsecret_class) | A [TotpSecret](./auth.totpsecret.md#totpsecret_class) containing the shared secret key and other TOTP parameters. |
+|  oneTimePassword | string | One-time password from TOTP App. |
+
+<b>Returns:</b>
+
+[TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface)
+
+A [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface) which can be used with [MultiFactorUser.enroll()](./auth.multifactoruser.md#multifactoruserenroll)<!-- -->.
+
+## TotpMultiFactorGenerator.assertionForSignIn()
+
+Provides a [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface) to confirm ownership of the TOTP second factor. This assertion is used to complete signIn with TOTP as the second factor.
+
+<b>Signature:</b>
+
+```typescript
+static assertionForSignIn(enrollmentId: string, oneTimePassword: string): TotpMultiFactorAssertion;
+```
+
+### Parameters
+
+|  Parameter | Type | Description |
+|  --- | --- | --- |
+|  enrollmentId | string | identifies the enrolled TOTP second factor. |
+|  oneTimePassword | string | One-time password from TOTP App. |
+
+<b>Returns:</b>
+
+[TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface)
+
+A [TotpMultiFactorAssertion](./auth.totpmultifactorassertion.md#totpmultifactorassertion_interface) which can be used with [MultiFactorResolver.resolveSignIn()](./auth.multifactorresolver.md#multifactorresolverresolvesignin)<!-- -->.
+
+## TotpMultiFactorGenerator.generateSecret()
+
+Returns a promise to [TotpSecret](./auth.totpsecret.md#totpsecret_class) which contains the TOTP shared secret key and other parameters. Creates a TOTP secret as part of enrolling a TOTP second factor. Used for generating a QR code URL or inputting into a TOTP app. This method uses the auth instance corresponding to the user in the multiFactorSession.
+
+<b>Signature:</b>
+
+```typescript
+static generateSecret(session: MultiFactorSession): Promise<TotpSecret>;
+```
+
+### Parameters
+
+|  Parameter | Type | Description |
+|  --- | --- | --- |
+|  session | [MultiFactorSession](./auth.multifactorsession.md#multifactorsession_interface) | The [MultiFactorSession](./auth.multifactorsession.md#multifactorsession_interface) that the user is part of. |
+
+<b>Returns:</b>
+
+Promise&lt;[TotpSecret](./auth.totpsecret.md#totpsecret_class)<!-- -->&gt;
+
+A promise to [TotpSecret](./auth.totpsecret.md#totpsecret_class)<!-- -->.
+

docs-devsite/auth.totpmultifactorinfo.md

@@ -0,0 +1,21 @@
+Project: /docs/reference/js/_project.yaml
+Book: /docs/reference/_book.yaml
+page_type: reference
+
+{% comment %}
+DO NOT EDIT THIS FILE!
+This is generated by the JS SDK team, and any local changes will be
+overwritten. Changes should be made in the source code at
+https://github.com/firebase/firebase-js-sdk
+{% endcomment %}
+
+# TotpMultiFactorInfo interface
+The subclass of the [MultiFactorInfo](./auth.multifactorinfo.md#multifactorinfo_interface) interface for TOTP second factors. The `factorId` of this second factor is [FactorId](./auth.md#factorid)<!-- -->.TOTP.
+
+<b>Signature:</b>
+
+```typescript
+export interface TotpMultiFactorInfo extends MultiFactorInfo 
+```
+<b>Extends:</b> [MultiFactorInfo](./auth.multifactorinfo.md#multifactorinfo_interface)
+