firebase
diff --git a/‎packages/app-check/src/api.test.ts
Lines changed: 38 additions & 12 deletions b/‎packages/app-check/src/api.test.ts
Lines changed: 38 additions & 12 deletions
diff --git a/‎packages/app-check/src/api.ts
Lines changed: 18 additions & 11 deletions b/‎packages/app-check/src/api.ts
Lines changed: 18 additions & 11 deletions
diff --git a/‎packages/app-check/src/factory.ts
Lines changed: 8 additions & 2 deletions b/‎packages/app-check/src/factory.ts
Lines changed: 8 additions & 2 deletions
diff --git a/‎packages/app-check/src/index.ts
Lines changed: 4 additions & 0 deletions b/‎packages/app-check/src/index.ts
Lines changed: 4 additions & 0 deletions
diff --git a/‎packages/app-check/src/internal-api.test.ts
Lines changed: 64 additions & 15 deletions b/‎packages/app-check/src/internal-api.test.ts
Lines changed: 64 additions & 15 deletions
@@ -39,6 +39,7 @@ import * as client from './client';
 import * as storage from './storage';
 import * as logger from './logger';
 import * as util from './util';
+import { ReCAPTCHAProvider } from './providers';
 
 describe('api', () => {
   beforeEach(() => {
@@ -53,34 +54,59 @@ describe('api', () => {
 
     it('sets activated to true', () => {
       expect(getState(app).activated).to.equal(false);
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        getFakePlatformLoggingProvider()
+      );
       expect(getState(app).activated).to.equal(true);
     });
 
     it('isTokenAutoRefreshEnabled value defaults to global setting', () => {
       app = getFakeApp({ automaticDataCollectionEnabled: false });
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        getFakePlatformLoggingProvider()
+      );
       expect(getState(app).isTokenAutoRefreshEnabled).to.equal(false);
     });
 
     it('sets isTokenAutoRefreshEnabled correctly, overriding global setting', () => {
       app = getFakeApp({ automaticDataCollectionEnabled: false });
-      activate(app, FAKE_SITE_KEY, true);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        getFakePlatformLoggingProvider(),
+        true
+      );
       expect(getState(app).isTokenAutoRefreshEnabled).to.equal(true);
     });
 
     it('can only be called once', () => {
-      activate(app, FAKE_SITE_KEY);
-      expect(() => activate(app, FAKE_SITE_KEY)).to.throw(
-        /AppCheck can only be activated once/
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        getFakePlatformLoggingProvider()
       );
+      expect(() =>
+        activate(
+          app,
+          new ReCAPTCHAProvider(FAKE_SITE_KEY),
+          getFakePlatformLoggingProvider()
+        )
+      ).to.throw(/AppCheck can only be activated once/);
     });
 
     it('initialize reCAPTCHA when a sitekey is provided', () => {
       const initReCAPTCHAStub = stub(reCAPTCHA, 'initialize').returns(
         Promise.resolve({} as any)
       );
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        getFakePlatformLoggingProvider()
+      );
       expect(initReCAPTCHAStub).to.have.been.calledWithExactly(
         app,
         FAKE_SITE_KEY
@@ -90,8 +116,8 @@ describe('api', () => {
     it('does NOT initialize reCAPTCHA when a custom token provider is provided', () => {
       const fakeCustomTokenProvider = getFakeCustomTokenProvider();
       const initReCAPTCHAStub = stub(reCAPTCHA, 'initialize');
-      activate(app, fakeCustomTokenProvider);
-      expect(getState(app).customProvider).to.equal(fakeCustomTokenProvider);
+      activate(app, fakeCustomTokenProvider, getFakePlatformLoggingProvider());
+      expect(getState(app).provider).to.equal(fakeCustomTokenProvider);
       expect(initReCAPTCHAStub).to.have.not.been.called;
     });
   });
@@ -149,7 +175,7 @@ describe('api', () => {
     });
     it('Listeners work when using top-level parameters pattern', async () => {
       const app = getFakeApp();
-      activate(app, FAKE_SITE_KEY, false);
+      activate(app, new ReCAPTCHAProvider(FAKE_SITE_KEY), false);
       stub(reCAPTCHA, 'getToken').returns(Promise.resolve(fakeRecaptchaToken));
       stub(client, 'exchangeToken').returns(
         Promise.resolve(fakeRecaptchaAppCheckToken)
@@ -193,7 +219,7 @@ describe('api', () => {
 
     it('Listeners work when using Observer pattern', async () => {
       const app = getFakeApp();
-      activate(app, FAKE_SITE_KEY, false);
+      activate(app, new ReCAPTCHAProvider(FAKE_SITE_KEY), false);
       stub(reCAPTCHA, 'getToken').returns(Promise.resolve(fakeRecaptchaToken));
       stub(client, 'exchangeToken').returns(
         Promise.resolve(fakeRecaptchaAppCheckToken)
@@ -238,7 +264,7 @@ describe('api', () => {
     it('onError() catches token errors', async () => {
       stub(logger.logger, 'error');
       const app = getFakeApp();
-      activate(app, FAKE_SITE_KEY, false);
+      activate(app, new ReCAPTCHAProvider(FAKE_SITE_KEY), false);
       stub(reCAPTCHA, 'getToken').returns(Promise.resolve(fakeRecaptchaToken));
       stub(client, 'exchangeToken').rejects('exchange error');
 
 
@@ -20,7 +20,9 @@ import {
   AppCheckTokenResult
 } from '@firebase/app-check-types';
 import { FirebaseApp } from '@firebase/app-types';
+import { Provider } from '@firebase/component';
 import { ERROR_FACTORY, AppCheckError } from './errors';
+import { ReCAPTCHAProvider, ReCAPTCHAProviderInternal } from './providers';
 import { initialize as initializeRecaptcha } from './recaptcha';
 import { getState, setState, AppCheckState, ListenerType } from './state';
 import {
@@ -34,14 +36,15 @@ import { ErrorFn, NextFn, PartialObserver, Unsubscribe } from '@firebase/util';
 /**
  *
  * @param app
- * @param siteKeyOrProvider - optional custom attestation provider
- * or reCAPTCHA siteKey
+ * @param provider - optional custom attestation provider
+ * or reCAPTCHA provider
  * @param isTokenAutoRefreshEnabled - if true, enables auto refresh
  * of appCheck token.
  */
 export function activate(
   app: FirebaseApp,
-  siteKeyOrProvider: string | AppCheckProvider,
+  provider: AppCheckProvider,
+  platformLoggerProvider: Provider<'platform-logger'>,
   isTokenAutoRefreshEnabled?: boolean
 ): void {
   const state = getState(app);
@@ -52,11 +55,7 @@ export function activate(
   }
 
   const newState: AppCheckState = { ...state, activated: true };
-  if (typeof siteKeyOrProvider === 'string') {
-    newState.siteKey = siteKeyOrProvider;
-  } else {
-    newState.customProvider = siteKeyOrProvider;
-  }
+  newState.provider = provider;
 
   // Use value of global `automaticDataCollectionEnabled` (which
   // itself defaults to false if not specified in config) if
@@ -68,9 +67,17 @@ export function activate(
 
   setState(app, newState);
 
-  // initialize reCAPTCHA if siteKey is provided
-  if (newState.siteKey) {
-    initializeRecaptcha(app, newState.siteKey).catch(() => {
+  // initialize reCAPTCHA if provider is a ReCAPTCHAProvider
+  if (newState.provider instanceof ReCAPTCHAProvider) {
+    // Wrap public ReCAPTCHAProvider in an internal class that provides
+    // platform logging and app.
+    const internalProvider = new ReCAPTCHAProviderInternal(
+      app,
+      newState.provider.siteKey,
+      platformLoggerProvider
+    );
+    setState(app, { ...newState, provider: internalProvider });
+    initializeRecaptcha(app, internalProvider.siteKey).catch(() => {
       /* we don't care about the initialization result in activate() */
     });
   }
 
@@ -46,9 +46,15 @@ export function factory(
   return {
     app,
     activate: (
-      siteKeyOrProvider: string | AppCheckProvider,
+      provider: AppCheckProvider,
       isTokenAutoRefreshEnabled?: boolean
-    ) => activate(app, siteKeyOrProvider, isTokenAutoRefreshEnabled),
+    ) =>
+      activate(
+        app,
+        provider,
+        platformLoggerProvider,
+        isTokenAutoRefreshEnabled
+      ),
     setTokenAutoRefreshEnabled: (isTokenAutoRefreshEnabled: boolean) =>
       setTokenAutoRefreshEnabled(app, isTokenAutoRefreshEnabled),
     getToken: forceRefresh =>
 
@@ -26,6 +26,7 @@ import {
   AppCheckComponentName
 } from '@firebase/app-check-types';
 import { factory, internalFactory } from './factory';
+import { ReCAPTCHAProvider } from './providers';
 import { initializeDebugMode } from './debug';
 import { AppCheckInternalComponentName } from '@firebase/app-check-interop-types';
 import { name, version } from '../package.json';
@@ -46,6 +47,9 @@ function registerAppCheck(firebase: _FirebaseNamespace): void {
       },
       ComponentType.PUBLIC
     )
+      .setServiceProps({
+        ReCAPTCHAProvider
+      })
       /**
        * AppCheck can only be initialized by explicitly calling firebase.appCheck()
        * We don't want firebase products that consume AppCheck to gate on AppCheck
 
@@ -48,7 +48,8 @@ import {
   ListenerType
 } from './state';
 import { Deferred } from '@firebase/util';
-import { AppCheckTokenResult } from '../../app-check-interop-types';
+import { ReCAPTCHAProvider } from './providers';
+import { AppCheckTokenResult } from '../../app-check-types';
 
 const fakePlatformLoggingProvider = getFakePlatformLoggingProvider();
 
@@ -89,7 +90,7 @@ describe('internal api', () => {
       const customTokenProvider = getFakeCustomTokenProvider();
       const customProviderSpy = spy(customTokenProvider, 'getToken');
 
-      activate(app, customTokenProvider);
+      activate(app, customTokenProvider, fakePlatformLoggingProvider);
       const token = await getToken(app, fakePlatformLoggingProvider);
 
       expect(customProviderSpy).to.be.called;
@@ -98,8 +99,12 @@ describe('internal api', () => {
       });
     });
 
-    it('uses reCAPTCHA token to exchange for AppCheck token if no customTokenProvider is provided', async () => {
-      activate(app, FAKE_SITE_KEY);
+    it('uses reCAPTCHA token to exchange for AppCheck token if ReCAPTCHAProvider is provided', async () => {
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       const reCAPTCHASpy = stub(reCAPTCHA, 'getToken').resolves(
         fakeRecaptchaToken
@@ -121,7 +126,11 @@ describe('internal api', () => {
 
     it('resolves with a dummy token and an error if failed to get a token', async () => {
       const errorStub = stub(console, 'error');
-      activate(app, FAKE_SITE_KEY, true);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       const reCAPTCHASpy = stub(reCAPTCHA, 'getToken').resolves(
         fakeRecaptchaToken
@@ -144,7 +153,11 @@ describe('internal api', () => {
     });
 
     it('notifies listeners using cached token', async () => {
-      activate(app, FAKE_SITE_KEY, false);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       storageReadStub.resolves(fakeCachedAppCheckToken);
 
       const listener1 = spy();
@@ -173,7 +186,11 @@ describe('internal api', () => {
     });
 
     it('notifies listeners using new token', async () => {
-      activate(app, FAKE_SITE_KEY, false);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       stub(reCAPTCHA, 'getToken').resolves(fakeRecaptchaToken);
       stub(client, 'exchangeToken').resolves(fakeRecaptchaAppCheckToken);
@@ -205,7 +222,11 @@ describe('internal api', () => {
 
     it('calls 3P error handler if there is an error getting a token', async () => {
       stub(logger.logger, 'error');
-      activate(app, FAKE_SITE_KEY, false);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       stub(reCAPTCHA, 'getToken').resolves(fakeRecaptchaToken);
       stub(client, 'exchangeToken').rejects('exchange error');
       const listener1 = spy();
@@ -227,7 +248,11 @@ describe('internal api', () => {
     });
 
     it('ignores listeners that throw', async () => {
-      activate(app, FAKE_SITE_KEY, false);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       stub(reCAPTCHA, 'getToken').resolves(fakeRecaptchaToken);
       stub(client, 'exchangeToken').resolves(fakeRecaptchaAppCheckToken);
       const listener1 = stub().throws(new Error());
@@ -257,7 +282,11 @@ describe('internal api', () => {
     });
 
     it('loads persisted token to memory and returns it', async () => {
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       storageReadStub.resolves(fakeCachedAppCheckToken);
 
@@ -273,7 +302,11 @@ describe('internal api', () => {
     });
 
     it('persists token to storage', async () => {
-      activate(app, FAKE_SITE_KEY, false);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       stub(reCAPTCHA, 'getToken').resolves(fakeRecaptchaToken);
       stub(client, 'exchangeToken').resolves(fakeRecaptchaAppCheckToken);
@@ -286,7 +319,11 @@ describe('internal api', () => {
     });
 
     it('returns the valid token in memory without making network request', async () => {
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       setState(app, { ...getState(app), token: fakeRecaptchaAppCheckToken });
 
       const clientStub = stub(client, 'exchangeToken');
@@ -298,7 +335,11 @@ describe('internal api', () => {
     });
 
     it('force to get new token when forceRefresh is true', async () => {
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       setState(app, { ...getState(app), token: fakeRecaptchaAppCheckToken });
 
       stub(reCAPTCHA, 'getToken').resolves(fakeRecaptchaToken);
@@ -320,7 +361,11 @@ describe('internal api', () => {
       debugState.enabled = true;
       debugState.token = new Deferred();
       debugState.token.resolve('my-debug-token');
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       const token = await getToken(app, fakePlatformLoggingProvider);
       expect(exchangeTokenStub.args[0][0].body['debug_token']).to.equal(
@@ -397,7 +442,11 @@ describe('internal api', () => {
     });
 
     it('notifies the listener with the valid token in storage', done => {
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       storageReadStub.resolves({
         token: `fake-cached-app-check-token`,
         expireTimeMillis: Date.now() + 60000,