passkey config admin changes

etc/firebase-admin.auth.api.md

@@ -51,6 +51,7 @@ export interface AllowlistOnlyWrap {
 export class Auth extends BaseAuth {
     // Warning: (ae-forgotten-export) The symbol "App" needs to be exported by the entry point index.d.ts
     get app(): App;
+    passkeyConfigManager(): PasskeyConfigManager;
     projectConfigManager(): ProjectConfigManager;
     tenantManager(): TenantManager;
 }
@@ -344,6 +345,41 @@ export interface OIDCUpdateAuthProviderRequest {
     responseType?: OAuthResponseType;
 }
 
+// @public (undocumented)
+export class PasskeyConfig {
+    // Warning: (ae-forgotten-export) The symbol "PasskeyConfigServerResponse" needs to be exported by the entry point index.d.ts
+    constructor(response: PasskeyConfigServerResponse);
+    // Warning: (ae-forgotten-export) The symbol "PasskeyConfigClientRequest" needs to be exported by the entry point index.d.ts
+    //
+    // (undocumented)
+    static buildServerRequest(isCreateRequest: boolean, passkeyConfigRequest?: PasskeyConfigRequest, rpId?: string): PasskeyConfigClientRequest;
+    // (undocumented)
+    readonly expectedOrigins?: string[];
+    // (undocumented)
+    readonly name?: string;
+    // (undocumented)
+    readonly rpId?: string;
+    // (undocumented)
+    toJSON(): object;
+}
+
+// @public (undocumented)
+export class PasskeyConfigManager {
+    constructor(app: App);
+    // (undocumented)
+    createPasskeyConfig(rpId: string, passkeyConfigRequest: PasskeyConfigRequest, tenantId?: string): Promise<PasskeyConfigRequest>;
+    // (undocumented)
+    getPasskeyConfig(tenantId?: string): Promise<PasskeyConfig>;
+    // (undocumented)
+    updatePasskeyConfig(passkeyConfigRequest: PasskeyConfigRequest, tenantId?: string): Promise<PasskeyConfigRequest>;
+}
+
+// @public (undocumented)
+export interface PasskeyConfigRequest {
+    // (undocumented)
+    expectedOrigins?: string[];
+}
+
 // @public
 export interface PasswordPolicyConfig {
     constraints?: CustomStrengthOptionsConfig;

package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-admin",
-  "version": "11.10.1",
+  "version": "11.11.0",
   "description": "Firebase admin SDK for Node.js",
   "author": "Firebase <firebase-support@google.com> (https://firebase.google.com/)",
   "license": "Apache-2.0",

src/auth/auth-api-request.ts

@@ -43,6 +43,7 @@ import {
   SAMLUpdateAuthProviderRequest
 } from './auth-config';
 import { ProjectConfig, ProjectConfigServerResponse, UpdateProjectConfigRequest } from './project-config';
+import {PasskeyConfig, PasskeyConfigServerResponse, PasskeyConfigRequest} from './passkey-config';
 
 /** Firebase Auth request header. */
 const FIREBASE_AUTH_HEADER = {
@@ -2070,6 +2071,54 @@ const CREATE_TENANT = new ApiSettings('/tenants', 'POST')
     }
   });
 
+/** Instantiates the getPasskeyConfig endpoint settings. */
+const GET_PASSKEY_CONFIG = new ApiSettings('/passkeyConfig', 'GET')
+  .setResponseValidator((response: any) => {
+    // Response should always contain at least the config name.
+    if (!validator.isNonEmptyString(response.name)) {
+      throw new FirebaseAuthError(
+        AuthClientErrorCode.INTERNAL_ERROR,
+        'INTERNAL ASSERT FAILED: Unable to get project config',
+      );
+    }
+  });
+
+/** Instantiates the getPasskeyConfig endpoint settings. */
+const GET_TENANT_PASSKEY_CONFIG = new ApiSettings('/tenants/{tenantId}/passkeyConfig', 'GET')
+  .setResponseValidator((response: any) => {
+    // Response should always contain at least the config name.
+    if (!validator.isNonEmptyString(response.name)) {
+      throw new FirebaseAuthError(
+        AuthClientErrorCode.INTERNAL_ERROR,
+        'INTERNAL ASSERT FAILED: Unable to get project config',
+      );
+    }
+  });
+
+/** Instantiates the getPasskeyConfig endpoint settings. */
+const UPDATE_PASSKEY_CONFIG = new ApiSettings('/passkeyConfig?updateMask={updateMask}', 'PATCH')
+  .setResponseValidator((response: any) => {
+    // Response should always contain at least the config name.
+    if (!validator.isNonEmptyString(response.name)) {
+      throw new FirebaseAuthError(
+        AuthClientErrorCode.INTERNAL_ERROR,
+        'INTERNAL ASSERT FAILED: Unable to get project config',
+      );
+    }
+  });
+
+/** Instantiates the getPasskeyConfig endpoint settings. */
+const UPDATE_TENANT_PASSKEY_CONFIG = new ApiSettings('/tenant/{tenantId}/passkeyConfig?updateMask={updateMask}', 'PATCH')
+  .setResponseValidator((response: any) => {
+    // Response should always contain at least the config name.
+    if (!validator.isNonEmptyString(response.name)) {
+      throw new FirebaseAuthError(
+        AuthClientErrorCode.INTERNAL_ERROR,
+        'INTERNAL ASSERT FAILED: Unable to get project config',
+      );
+    }
+  });
+
 
 /**
  * Utility for sending requests to Auth server that are Auth instance related. This includes user, tenant,
@@ -2245,6 +2294,27 @@ export class AuthRequestHandler extends AbstractAuthRequestHandler {
       return Promise.reject(e);
     }
   }
+
+  public getPasskeyConfig(tenantId?: string): Promise<PasskeyConfigServerResponse> {
+    return this.invokeRequestHandler(this.authResourceUrlBuilder, tenantId? GET_TENANT_PASSKEY_CONFIG: GET_PASSKEY_CONFIG, {}, {})
+      .then((response: any) => {
+        return response as PasskeyConfigServerResponse;
+      });
+  }
+
+  public updatePasskeyConfig(isCreateRequest: boolean, tenantId?: string, options?: PasskeyConfigRequest, rpId?: string): Promise<PasskeyConfigServerResponse> {
+    try {
+      const request = PasskeyConfig.buildServerRequest(isCreateRequest, options, rpId);
+      const updateMask = utils.generateUpdateMask(request);
+      return this.invokeRequestHandler(
+        this.authResourceUrlBuilder, tenantId? UPDATE_TENANT_PASSKEY_CONFIG: UPDATE_PASSKEY_CONFIG, request, { updateMask: updateMask.join(',') })
+        .then((response: any) => {
+          return response as PasskeyConfigServerResponse;
+        });
+    } catch (e) {
+      return Promise.reject(e);
+    }
+  }
 }
 
 /**

src/auth/auth.ts

@@ -20,6 +20,7 @@ import { AuthRequestHandler } from './auth-api-request';
 import { TenantManager } from './tenant-manager';
 import { BaseAuth } from './base-auth';
 import { ProjectConfigManager } from './project-config-manager';
+import { PasskeyConfigManager } from './passkey-config-manager';
 
 /**
  * Auth service bound to the provided app.
@@ -29,6 +30,7 @@ export class Auth extends BaseAuth {
 
   private readonly tenantManager_: TenantManager;
   private readonly projectConfigManager_: ProjectConfigManager;
+  private readonly passkeyConfigManager_: PasskeyConfigManager;
   private readonly app_: App;
 
   /**
@@ -41,6 +43,7 @@ export class Auth extends BaseAuth {
     this.app_ = app;
     this.tenantManager_ = new TenantManager(app);
     this.projectConfigManager_ = new ProjectConfigManager(app);
+    this.passkeyConfigManager_ = new PasskeyConfigManager(app);
   }
 
   /**
@@ -69,4 +72,13 @@ export class Auth extends BaseAuth {
   public projectConfigManager(): ProjectConfigManager {
     return this.projectConfigManager_;
   }
+
+  /**
+   * Returns the passkey config manager instance.
+   *
+   * @returns The passkey config manager instance .
+   */
+  public passkeyConfigManager(): PasskeyConfigManager {
+    return this.passkeyConfigManager_;
+  }
 }

src/auth/index.ts

@@ -142,6 +142,15 @@ export {
   ProjectConfigManager,
 } from './project-config-manager';
 
+export {
+  PasskeyConfigRequest,
+  PasskeyConfig,
+} from './passkey-config';
+
+export {
+  PasskeyConfigManager,
+} from './passkey-config-manager';
+
 export {
   DecodedIdToken,
   DecodedAuthBlockingToken

src/auth/passkey-config-manager.ts

@@ -0,0 +1,50 @@
+/*!
+ * Copyright 2023 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { App } from '../app';
+import {
+  AuthRequestHandler,
+} from './auth-api-request';
+import {PasskeyConfig, PasskeyConfigClientRequest, PasskeyConfigRequest, PasskeyConfigServerResponse} from './passkey-config';
+
+
+export class PasskeyConfigManager {
+  private readonly authRequestHandler: AuthRequestHandler;
+
+  constructor(app: App) {
+    this.authRequestHandler = new AuthRequestHandler(app);
+  }
+
+  public getPasskeyConfig(tenantId?: string): Promise<PasskeyConfig> {
+    return this.authRequestHandler.getPasskeyConfig()
+      .then((response: PasskeyConfigServerResponse) => {
+        return new PasskeyConfig(response);
+      });
+  }
+
+  public createPasskeyConfig(rpId: string, passkeyConfigRequest: PasskeyConfigRequest, tenantId?: string): Promise<PasskeyConfig> {
+    return this.authRequestHandler.updatePasskeyConfig(true, tenantId, passkeyConfigRequest, rpId)
+      .then((response: PasskeyConfigClientRequest) => {
+        return new PasskeyConfig(response);
+      })
+  }
+
+  public updatePasskeyConfig(passkeyConfigRequest: PasskeyConfigRequest, tenantId?: string): Promise<PasskeyConfig> {
+    return this.authRequestHandler.updatePasskeyConfig(false, tenantId, passkeyConfigRequest)
+      .then((response: PasskeyConfigClientRequest) => {
+        return new PasskeyConfig(response);
+      })
+  }
+}

src/auth/passkey-config.ts

@@ -0,0 +1,131 @@
+/*!
+ * Copyright 2023 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import * as validator from '../utils/validator';
+import { AuthClientErrorCode, FirebaseAuthError } from '../utils/error';
+import {deepCopy} from '../utils/deep-copy';
+
+export interface PasskeyConfigRequest {
+    expectedOrigins?: string[];
+}
+
+export interface PasskeyConfigServerResponse {
+    name?: string;
+    rpId?: string;
+    expectedOrigins?: string[];
+}
+
+export interface PasskeyConfigClientRequest {
+    rpId?: string;
+    expectedOrigins?: string[];
+}
+
+
+export class PasskeyConfig {
+  public readonly name?: string;
+  public readonly rpId?: string;
+  public readonly expectedOrigins?: string[];
+
+  private static validate(isCreateRequest: boolean, passkeyConfigRequest?: PasskeyConfigRequest, rpId?: string) {
+    if(isCreateRequest && !validator.isNonEmptyString(rpId)) {
+        throw new FirebaseAuthError(
+            AuthClientErrorCode.INVALID_ARGUMENT,
+            `'rpId' must be a valid non-empty string'`,
+          );
+    }
+    if(!isCreateRequest && typeof rpId !== 'undefined') {
+        throw new FirebaseAuthError(
+            AuthClientErrorCode.INVALID_ARGUMENT,
+            `'rpId' cannot be changed once created.'`,
+          );
+    }
+    if(!validator.isNonNullObject(passkeyConfigRequest)) {
+        throw new FirebaseAuthError(
+            AuthClientErrorCode.INVALID_ARGUMENT,
+            `'passkeyConfigRequest' must be a valid non-empty object.'`,
+          );
+    }
+    const validKeys = {
+        expectedOrigins: true,
+    };
+    // Check for unsupported top level attributes.
+    for (const key in passkeyConfigRequest) {
+        if (!(key in validKeys)) {
+          throw new FirebaseAuthError(
+            AuthClientErrorCode.INVALID_ARGUMENT,
+            `'${key}' is not a valid PasskeyConfigRequest parameter.`,
+          );
+        }
+      }
+    if(!validator.isNonEmptyArray(passkeyConfigRequest.expectedOrigins) || !validator.isNonNullObject(passkeyConfigRequest.expectedOrigins)) {
+        throw new FirebaseAuthError(
+            AuthClientErrorCode.INVALID_ARGUMENT,
+            `'passkeyConfigRequest.expectedOrigins' must be a valid non-empty array of strings.'`,
+          );
+    }
+    for(const origin in passkeyConfigRequest.expectedOrigins) {
+        if(!validator.isString(origin)) {
+            throw new FirebaseAuthError(
+                AuthClientErrorCode.INVALID_ARGUMENT,
+                `'passkeyConfigRequest.expectedOrigins' must be a valid non-empty array of strings.'`,
+              );
+        }
+    }
+  };
+
+  public static buildServerRequest(isCreateRequest: boolean, passkeyConfigRequest?: PasskeyConfigRequest, rpId?: string): PasskeyConfigClientRequest {
+    PasskeyConfig.validate(isCreateRequest, passkeyConfigRequest, rpId);
+    let request: PasskeyConfigClientRequest = {};
+    if(isCreateRequest && typeof rpId !== 'undefined') {
+        request.rpId = rpId;
+    }
+    if(typeof request.expectedOrigins !== 'undefined') {
+        request.expectedOrigins = passkeyConfigRequest?.expectedOrigins;
+    }
+    return request;
+  };
+
+  constructor(response: PasskeyConfigServerResponse) {
+    if(typeof response.name !== 'undefined') {
+        this.name = response.name;
+    }
+    if(typeof response.rpId !== 'undefined') {
+        this.rpId = response.rpId;
+    };
+    if(typeof response.expectedOrigins !== 'undefined') {
+        this.expectedOrigins = response.expectedOrigins;
+    }
+  };
+
+  public toJSON(): object {
+    const json = {
+      name: deepCopy(this.name),
+      rpId: deepCopy(this.rpId),
+      expectedOrigins: deepCopy(this.expectedOrigins),
+    };
+    if(typeof json.name === 'undefined') {
+      delete json.name;
+    }
+    if(typeof json.rpId === 'undefined') {
+      delete json.rpId;
+    }
+    if(typeof json.expectedOrigins === 'undefined') {
+      delete json.expectedOrigins;
+    }
+    return json;
+  }
+
+};
+