Implement addAuthTokenListener for Regional Auth

.github/workflows/test-all.yml

@@ -23,7 +23,7 @@ env:
   # the behavior to use the new URLs.
   CHROMEDRIVER_CDNURL: https://googlechromelabs.github.io/
   CHROMEDRIVER_CDNBINARIESURL: https://storage.googleapis.com/chrome-for-testing-public
-  CHROME_VALIDATED_VERSION: linux-132.0.6834.110
+  CHROME_VALIDATED_VERSION: linux-141.0.7390.78
   CHROME_VERSION_MISMATCH_MESSAGE: "The Chrome version doesn't match the previously validated version. Consider updating CHROME_VALIDATED_VERSION in the GitHub workflow if tests pass, or rollback the installed Chrome version if tests fail."
   artifactRetentionDays: 14
   # Bump Node memory limit

.github/workflows/test-changed-auth.yml

@@ -23,7 +23,7 @@ env:
   # the behavior to use the new URLs.
   CHROMEDRIVER_CDNURL: https://googlechromelabs.github.io/
   CHROMEDRIVER_CDNBINARIESURL: https://storage.googleapis.com/chrome-for-testing-public
-  CHROME_VALIDATED_VERSION: linux-137.0.7151.119
+  CHROME_VALIDATED_VERSION: linux-141.0.7390.78
   # Bump Node memory limit
   NODE_OPTIONS: "--max_old_space_size=4096"
 

package.json

@@ -82,7 +82,7 @@
     "@types/mz": "2.7.8",
     "@types/node": "18.19.83",
     "@types/request": "2.48.12",
-    "@types/sinon": "9.0.11",
+    "@types/sinon": "10.0.20",
     "@types/sinon-chai": "3.2.12",
     "@types/tmp": "0.2.6",
     "@types/trusted-types": "2.0.7",

packages/auth/src/core/auth/auth_impl.ts

@@ -647,6 +647,7 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
     return this.registerStateListener(
       this.authStateSubscription,
       nextOrObserver,
+      this.currentUser,
       error,
       completed
     );
@@ -667,6 +668,21 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
     return this.registerStateListener(
       this.idTokenSubscription,
       nextOrObserver,
+      this.currentUser,
+      error,
+      completed
+    );
+  }
+
+  onFirebaseTokenChanged(
+    nextOrObserver: NextOrObserver<FirebaseToken | null>,
+    error?: ErrorFn,
+    completed?: CompleteFn
+  ): Unsubscribe {
+    return this.registerStateListener(
+      this.firebaseTokenSubscription,
+      nextOrObserver,
+      this.firebaseToken,
       error,
       completed
     );
@@ -814,9 +830,10 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
     }
   }
 
-  private registerStateListener(
-    subscription: Subscription<User>,
-    nextOrObserver: NextOrObserver<User>,
+  private registerStateListener<T>(
+    subscription: Subscription<T>,
+    nextOrObserver: NextOrObserver<T>,
+    currentValue: T | null,
     error?: ErrorFn,
     completed?: CompleteFn
   ): Unsubscribe {
@@ -841,7 +858,7 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
       if (isUnsubscribed) {
         return;
       }
-      cb(this.currentUser);
+      cb(currentValue);
     });
 
     if (typeof nextOrObserver === 'function') {

packages/auth/src/core/auth/firebase_internal.test.ts

@@ -326,4 +326,70 @@ describe('core/auth/firebase_internal - Regional Firebase Auth', () => {
       expect(await regionalAuthInternal.getToken()).to.eql(null);
     });
   });
+
+  // context('addAuthTokenListener', () => {
+  //   let isProactiveRefresh = false;
+  //   const initialToken = 'initial-regional-token';
+  //   const updatedToken = 'updated-regional-token';
+  //   beforeEach(async () => {
+  //     isProactiveRefresh = false;
+
+  //     sinon
+  //       .stub(regionalAuth as any, '_startProactiveRefresh')
+  //       .callsFake(() => {
+  //         isProactiveRefresh = true;
+  //       });
+  //     sinon.stub(regionalAuth as any, '_stopProactiveRefresh').callsFake(() => {
+  //       isProactiveRefresh = false;
+  //     });
+  //     await regionalAuth._updateFirebaseToken({
+  //       token: initialToken,
+  //       expirationTime: now + 300_000
+  //     });
+  //   });
+
+  //   it('gets called with the current token (or null)', done => {
+  //     let firstCall = true;
+
+  //     regionalAuthInternal.addAuthTokenListener(token => {
+  //       if (firstCall) {
+  //         firstCall = false;
+  //         expect(token).to.eq(initialToken);
+  //         // eslint-disable-next-line @typescript-eslint/no-floating-promises
+  //         regionalAuth._updateFirebaseToken({
+  //           token: updatedToken,
+  //           expirationTime: now + 300_000
+  //         });
+  //         return;
+  //       }
+
+  //       expect(token).to.eq(updatedToken);
+  //       expect(isProactiveRefresh).to.be.true;
+  //       done();
+  //     });
+  //   });
+
+  //   it('gets called on subsequent updates', async () => {
+  //     let regionalCount = 0;
+  //     regionalAuthInternal.addAuthTokenListener(() => {
+  //       regionalCount++;
+  //     });
+
+  //     await regionalAuth.getFirebaseAccessToken();
+  //     await regionalAuth.getFirebaseAccessToken();
+  //     await regionalAuth.getFirebaseAccessToken();
+  //     await regionalAuth.getFirebaseAccessToken();
+
+  //     expect(regionalCount).to.eq(5);
+  //   });
+
+  //   it('errors if Regional Auth is not initialized', () => {
+  //     delete (regionalAuth as unknown as Record<string, unknown>)[
+  //       '_initializationPromise'
+  //     ];
+  //     expect(() =>
+  //       regionalAuthInternal.addAuthTokenListener(() => {})
+  //     ).to.throw(FirebaseError, 'auth/dependent-sdk-initialized-before-auth');
+  //   });
+  // });
 });

packages/auth/src/core/auth/firebase_internal.ts

@@ -18,7 +18,7 @@
 import { Unsubscribe } from '@firebase/util';
 import { FirebaseAuthInternal } from '@firebase/auth-interop-types';
 
-import { AuthInternal } from '../../model/auth';
+import { AuthInternal, FirebaseToken } from '../../model/auth';
 import { UserInternal } from '../../model/user';
 import { _assert } from '../util/assert';
 import { AuthErrorCode } from '../errors';
@@ -62,11 +62,26 @@ export class AuthInterop implements FirebaseAuthInternal {
       return;
     }
 
-    const unsubscribe = this.auth.onIdTokenChanged(user => {
-      listener(
-        (user as UserInternal | null)?.stsTokenManager.accessToken || null
+    let unsubscribe: Unsubscribe;
+    if (this.auth.tenantConfig) {
+      unsubscribe = this.auth.onFirebaseTokenChanged(
+        (firebaseToken: FirebaseToken | null) => {
+          try {
+            listener(firebaseToken?.token || null);
+          } catch (error) {
+            console.error('Failed to retrieve firebase token:', error);
+            listener(null);
+          }
+        }
       );
-    });
+    } else {
+      unsubscribe = this.auth.onIdTokenChanged(user => {
+        listener(
+          (user as UserInternal | null)?.stsTokenManager.accessToken || null
+        );
+      });
+    }
+
     this.internalListeners.set(listener, unsubscribe);
     this.updateProactiveRefresh();
   }

packages/auth/src/model/auth.ts

@@ -18,13 +18,17 @@
 import {
   Auth,
   AuthSettings,
+  CompleteFn,
   Config,
   EmulatorConfig,
+  ErrorFn,
+  NextOrObserver,
   PasswordPolicy,
   PasswordValidationStatus,
   PopupRedirectResolver,
   TenantConfig,
-  User
+  User,
+  Unsubscribe
 } from './public_types';
 import { ErrorFactory } from '@firebase/util';
 import { AuthErrorCode, AuthErrorParams } from '../core/errors';
@@ -77,6 +81,11 @@ export interface AuthInternal extends Auth {
   currentUser: User | null;
   emulatorConfig: EmulatorConfig | null;
   getFirebaseAccessToken(forceRefresh?: boolean): Promise<string | null>;
+  onFirebaseTokenChanged(
+    nextOrObserver: NextOrObserver<FirebaseToken | null>,
+    error?: ErrorFn,
+    completed?: CompleteFn
+  ): Unsubscribe;
   _agentRecaptchaConfig: RecaptchaConfig | null;
   _tenantRecaptchaConfigs: Record<string, RecaptchaConfig>;
   _projectPasswordPolicy: PasswordPolicy | null;