passkey config admin changes

etc/firebase-admin.auth.api.md

@@ -51,6 +51,7 @@ export interface AllowlistOnlyWrap {
 export class Auth extends BaseAuth {
     // Warning: (ae-forgotten-export) The symbol "App" needs to be exported by the entry point index.d.ts
     get app(): App;
+    passkeyConfigManager(): PasskeyConfigManager;
     projectConfigManager(): ProjectConfigManager;
     tenantManager(): TenantManager;
 }
@@ -344,6 +345,26 @@ export interface OIDCUpdateAuthProviderRequest {
     responseType?: OAuthResponseType;
 }
 
+// @public
+export class PasskeyConfig {
+    readonly expectedOrigins?: string[];
+    readonly name?: string;
+    readonly rpId?: string;
+    toJSON(): object;
+}
+
+// @public
+export class PasskeyConfigManager {
+    createPasskeyConfig(rpId: string, passkeyConfigRequest: PasskeyConfigRequest, tenantId?: string): Promise<PasskeyConfig>;
+    getPasskeyConfig(tenantId?: string): Promise<PasskeyConfig>;
+    updatePasskeyConfig(passkeyConfigRequest: PasskeyConfigRequest, tenantId?: string): Promise<PasskeyConfig>;
+}
+
+// @public
+export interface PasskeyConfigRequest {
+    expectedOrigins?: string[];
+}
+
 // @public
 export interface PasswordPolicyConfig {
     constraints?: CustomStrengthOptionsConfig;

src/auth/auth-api-request.ts

@@ -43,6 +43,7 @@ import {
   SAMLUpdateAuthProviderRequest
 } from './auth-config';
 import { ProjectConfig, ProjectConfigServerResponse, UpdateProjectConfigRequest } from './project-config';
+import { PasskeyConfig, PasskeyConfigServerResponse, PasskeyConfigRequest } from './passkey-config';
 
 /** Firebase Auth request header. */
 const FIREBASE_AUTH_HEADER = {
@@ -2070,6 +2071,55 @@ const CREATE_TENANT = new ApiSettings('/tenants', 'POST')
     }
   });
 
+/** Instantiates the GET_PASSKEY_CONFIG endpoint settings. */
+const GET_PASSKEY_CONFIG = new ApiSettings('/passkeyConfig', 'GET')
+  .setResponseValidator((response: any) => {
+    // Validate the response for GET_PASSKEY_CONFIG.
+    if (!validator.isNonEmptyString(response.name)) {
+      throw new FirebaseAuthError(
+        AuthClientErrorCode.INTERNAL_ERROR,
+        'INTERNAL ASSERT FAILED: Unable to get passkey config',
+      );
+    }
+  });
+
+/** Instantiates the GET_TENANT_PASSKEY_CONFIG endpoint settings. */
+const GET_TENANT_PASSKEY_CONFIG = new ApiSettings('/tenants/{tenantId}/passkeyConfig', 'GET')
+  .setResponseValidator((response: any) => {
+    // Validate the response for GET_TENANT_PASSKEY_CONFIG.
+    if (!validator.isNonEmptyString(response.name)) {
+      throw new FirebaseAuthError(
+        AuthClientErrorCode.INTERNAL_ERROR,
+        'INTERNAL ASSERT FAILED: Unable to get tenant passkey config',
+      );
+    }
+  });
+
+/** Instantiates the UPDATE_PASSKEY_CONFIG endpoint settings. */
+const UPDATE_PASSKEY_CONFIG = new ApiSettings('/passkeyConfig?updateMask={updateMask}', 'PATCH')
+  .setResponseValidator((response: any) => {
+    // Validate the response for UPDATE_PASSKEY_CONFIG.
+    if (!validator.isNonEmptyString(response.name)) {
+      throw new FirebaseAuthError(
+        AuthClientErrorCode.INTERNAL_ERROR,
+        'INTERNAL ASSERT FAILED: Unable to update passkey config',
+      );
+    }
+  });
+
+/** Instantiates the UPDATE_TENANT_PASSKEY_CONFIG endpoint settings. */
+const UPDATE_TENANT_PASSKEY_CONFIG = new ApiSettings(
+  '/tenant/{tenantId}/passkeyConfig?updateMask={updateMask}', 'PATCH')
+  .setResponseValidator((response: any) => {
+    // Validate the response for UPDATE_TENANT_PASSKEY_CONFIG.
+    if (!validator.isNonEmptyString(response.name)) {
+      throw new FirebaseAuthError(
+        AuthClientErrorCode.INTERNAL_ERROR,
+        'INTERNAL ASSERT FAILED: Unable to update tenant passkey config',
+      );
+    }
+  });
+
 
 /**
  * Utility for sending requests to Auth server that are Auth instance related. This includes user, tenant,
@@ -2245,6 +2295,30 @@ export class AuthRequestHandler extends AbstractAuthRequestHandler {
       return Promise.reject(e);
     }
   }
+
+  public getPasskeyConfig(tenantId?: string): Promise<PasskeyConfigServerResponse> {
+    return this.invokeRequestHandler(this.authResourceUrlBuilder, 
+      tenantId? GET_TENANT_PASSKEY_CONFIG: GET_PASSKEY_CONFIG, {}, {})
+      .then((response: any) => {
+        return response as PasskeyConfigServerResponse;
+      });
+  }
+
+  public updatePasskeyConfig(isCreateRequest: boolean, tenantId?: string,
+    options?: PasskeyConfigRequest, rpId?: string): Promise<PasskeyConfigServerResponse> {
+    try {
+      const request = PasskeyConfig.buildServerRequest(isCreateRequest, options, rpId);
+      const updateMask = utils.generateUpdateMask(request);
+      return this.invokeRequestHandler(
+        this.authResourceUrlBuilder, tenantId? UPDATE_TENANT_PASSKEY_CONFIG: UPDATE_PASSKEY_CONFIG, 
+        request, { updateMask: updateMask.join(',') })
+        .then((response: any) => {
+          return response as PasskeyConfigServerResponse;
+        });
+    } catch (e) {
+      return Promise.reject(e);
+    }
+  }
 }
 
 /**

src/auth/auth.ts

@@ -20,6 +20,7 @@ import { AuthRequestHandler } from './auth-api-request';
 import { TenantManager } from './tenant-manager';
 import { BaseAuth } from './base-auth';
 import { ProjectConfigManager } from './project-config-manager';
+import { PasskeyConfigManager } from './passkey-config-manager';
 
 /**
  * Auth service bound to the provided app.
@@ -29,6 +30,7 @@ export class Auth extends BaseAuth {
 
   private readonly tenantManager_: TenantManager;
   private readonly projectConfigManager_: ProjectConfigManager;
+  private readonly passkeyConfigManager_: PasskeyConfigManager;
   private readonly app_: App;
 
   /**
@@ -41,6 +43,7 @@ export class Auth extends BaseAuth {
     this.app_ = app;
     this.tenantManager_ = new TenantManager(app);
     this.projectConfigManager_ = new ProjectConfigManager(app);
+    this.passkeyConfigManager_ = new PasskeyConfigManager(app);
   }
 
   /**
@@ -69,4 +72,13 @@ export class Auth extends BaseAuth {
   public projectConfigManager(): ProjectConfigManager {
     return this.projectConfigManager_;
   }
+
+  /**
+   * Returns the passkey config manager instance.
+   *
+   * @returns The passkey config manager instance .
+   */
+  public passkeyConfigManager(): PasskeyConfigManager {
+    return this.passkeyConfigManager_;
+  }
 }

src/auth/index.ts

@@ -142,6 +142,15 @@ export {
   ProjectConfigManager,
 } from './project-config-manager';
 
+export {
+  PasskeyConfigRequest,
+  PasskeyConfig,
+} from './passkey-config';
+
+export {
+  PasskeyConfigManager,
+} from './passkey-config-manager';
+
 export {
   DecodedIdToken,
   DecodedAuthBlockingToken

src/auth/passkey-config-manager.ts

@@ -0,0 +1,87 @@
+/*!
+ * Copyright 2023 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { App } from '../app';
+import {
+  AuthRequestHandler,
+} from './auth-api-request';
+import { 
+  PasskeyConfig, 
+  PasskeyConfigClientRequest, 
+  PasskeyConfigRequest, 
+  PasskeyConfigServerResponse 
+} from './passkey-config';
+
+/**
+ * Manages Passkey configuration for a Firebase app.
+ */
+export class PasskeyConfigManager {
+  private readonly authRequestHandler: AuthRequestHandler;
+
+  /**
+   * Initializes a PasskeyConfigManager instance for a specified FirebaseApp.
+   * 
+   * @param app - The Firebase app associated with this PasskeyConfigManager instance.
+   *
+   * @constructor
+   * @internal
+   */
+  constructor(app: App) {
+    this.authRequestHandler = new AuthRequestHandler(app);
+  }
+
+  /**
+   * Retrieves the Passkey configuration.
+   * 
+   * @param tenantId - (optional) The tenant ID if querying passkeys on a specific tenant.
+   * @returns A promise fulfilled with the passkey configuration.
+   */
+  public getPasskeyConfig(tenantId?: string): Promise<PasskeyConfig> {
+    return this.authRequestHandler.getPasskeyConfig(tenantId)
+      .then((response: PasskeyConfigServerResponse) => {
+        return new PasskeyConfig(response);
+      });
+  }
+
+  /**
+   * Creates a new passkey configuration.
+   * 
+   * @param rpId - The relying party ID.
+   * @param passkeyConfigRequest - Configuration details for the passkey.
+   * @param tenantId - (optional) The tenant ID for which the passkey config is created.
+   * @returns A promise fulfilled with the newly created passkey configuration.
+   */
+  public createPasskeyConfig(rpId: string, passkeyConfigRequest: PasskeyConfigRequest, 
+    tenantId?: string): Promise<PasskeyConfig> {
+    return this.authRequestHandler.updatePasskeyConfig(true, tenantId, passkeyConfigRequest, rpId)
+      .then((response: PasskeyConfigClientRequest) => {
+        return new PasskeyConfig(response);
+      });
+  }
+
+  /**
+   * Updates an existing passkey configuration.
+   * 
+   * @param passkeyConfigRequest - Updated configuration details for the passkey.
+   * @param tenantId - (optional) The tenant ID for which the passkey config is updated.
+   * @returns A promise fulfilled with the updated passkey configuration.
+   */
+  public updatePasskeyConfig(passkeyConfigRequest: PasskeyConfigRequest, tenantId?: string): Promise<PasskeyConfig> {
+    return this.authRequestHandler.updatePasskeyConfig(false, tenantId, passkeyConfigRequest)
+      .then((response: PasskeyConfigClientRequest) => {
+        return new PasskeyConfig(response);
+      });
+  }
+}