Cleanup and add cookieStore fallback

Author: jamesdaniels

packages/auth/package.json

@@ -136,6 +136,7 @@
     "@rollup/plugin-strip": "2.1.0",
     "@types/express": "4.17.21",
     "chromedriver": "119.0.1",
+    "cookie-store": "4.0.0-next.4",
     "rollup": "2.79.2",
     "rollup-plugin-sourcemaps": "0.6.3",
     "rollup-plugin-typescript2": "0.36.0",

packages/auth/src/api/index.ts

@@ -242,9 +242,6 @@ export async function _performSignInRequest<T, V extends IdTokenResponse>(
   request?: T,
   customErrorMap: Partial<ServerErrorMap<ServerError>> = {}
 ): Promise<V> {
-  // TODO(jamedaniels) if auth persistence is cookie, proxy through the server endpoint
-  //                   Q, do we want to allow signIn/Out to work normally on the server if cookie
-  //                   persistence is set and FirebaseServerApp authIdToken is not?
   const serverResponse = await _performApiRequest<T, V | IdTokenMfaResponse>(
     auth,
     method,

packages/auth/src/core/persistence/persistence_user_manager.ts

@@ -75,11 +75,7 @@ export class PersistenceUserManager {
     }
     if (typeof blob === 'string') {
       const response = await getAccountInfo(this.auth, { idToken: blob });
-      return await UserImpl._fromGetAccountInfoResponse(
-        this.auth,
-        response,
-        blob
-      );
+      return UserImpl._fromGetAccountInfoResponse(this.auth, response, blob);
     }
     return UserImpl._fromJSON(this.auth, blob);
   }

packages/auth/src/core/user/user_credential_impl.ts

@@ -44,8 +44,6 @@ export class UserCredentialImpl
     this.operationType = params.operationType;
   }
 
-  // TODO(jamesdaniels) fetch the user credential from the cookie and response returned from the
-  //                    proxy endpoint
   static async _fromIdTokenResponse(
     auth: AuthInternal,
     operationType: OperationType,

packages/auth/src/model/user.ts

@@ -62,8 +62,6 @@ export interface UserInternal extends User {
 
   auth: AuthInternal;
   providerId: ProviderId.FIREBASE;
-  // TODO(jamesdaniels): refreshToken should either be optional or a sentinel value for COOKIE
-  //                     persistence, if refresh token has an identifier maybe that?
   refreshToken: string;
   emailVerified: boolean;
   tenantId: string | null;

packages/auth/src/platform_browser/persistence/cookie_storage.ts

@@ -1,6 +1,6 @@
 /**
  * @license
- * Copyright 2019 Google LLC
+ * Copyright 2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,9 @@
  */
 
 import { Persistence } from '../../model/public_types';
+import type { CookieChangeEvent } from 'cookie-store';
+
+const POLLING_INTERVAL_MS = 1_000;
 
 import {
   PersistenceInternal,
@@ -24,58 +27,116 @@ import {
   StorageEventListener
 } from '../../core/persistence';
 
+const getDocumentCookie = (name: string): string | null => {
+  const escapedName = name.replace(/[\\^$.*+?()[\]{}|]/g, '\\$&');
+  const matcher = RegExp(`${escapedName}=([^;]+)`);
+  return document.cookie.match(matcher)?.[1] ?? null;
+};
+
 export class CookiePersistence implements PersistenceInternal {
   static type: 'COOKIE' = 'COOKIE';
   readonly type = PersistenceType.COOKIE;
-  listeners: Map<StorageEventListener, (e: any) => void> = new Map();
+  cookieStoreListeners: Map<
+    StorageEventListener,
+    (event: CookieChangeEvent) => void
+  > = new Map();
+  cookiePollingIntervals: Map<StorageEventListener, NodeJS.Timeout> = new Map();
 
   async _isAvailable(): Promise<boolean> {
-    return navigator.hasOwnProperty('cookieEnabled') ?
-      navigator.cookieEnabled :
-      true;
+    if (typeof navigator === 'undefined' || typeof document === 'undefined') {
+      return false;
+    }
+    return navigator.cookieEnabled ?? true;
   }
 
   async _set(_key: string, _value: PersistenceValue): Promise<void> {
     return;
   }
 
   async _get<T extends PersistenceValue>(key: string): Promise<T | null> {
-    const cookie = await (window as any).cookieStore.get(key);
-    return cookie?.value;
+    if (!this._isAvailable()) {
+      return null;
+    }
+    if (window.cookieStore) {
+      const cookie = await window.cookieStore.get(key);
+      return cookie?.value as T;
+    } else {
+      return getDocumentCookie(key) as T;
+    }
   }
 
   async _remove(key: string): Promise<void> {
-    const cookie = await (window as any).cookieStore.get(key);
-    if (!cookie) {
+    if (!this._isAvailable()) {
       return;
     }
-    await (window as any).cookieStore.set({ ...cookie, value: "" });
+    if (window.cookieStore) {
+      const cookie = await window.cookieStore.get(key);
+      if (!cookie) {
+        return;
+      }
+      await window.cookieStore.delete(cookie);
+    } else {
+      // TODO how do I get the cookie properties?
+      document.cookie = `${key}=;Max-Age=34560000;Partitioned;Secure;SameSite=Strict;Path=/`;
+    }
     await fetch(`/__cookies__`, { method: 'DELETE' }).catch(() => undefined);
   }
 
-  _addListener(_key: string, _listener: StorageEventListener): void {
-    // TODO fallback to polling if cookieStore is not available
-    const cb = (event: any) => {
-      const cookie = event.changed.find((change: any) => change.name === _key);
-      if (cookie) {
-        _listener(cookie.value);
-      }
-    };
-    this.listeners.set(_listener, cb);
-    (window as any).cookieStore.addEventListener('change', cb);
+  _addListener(key: string, listener: StorageEventListener): void {
+    if (!this._isAvailable()) {
+      return;
+    }
+    if (window.cookieStore) {
+      const cb = (event: CookieChangeEvent): void => {
+        const changedCookie = event.changed.find(change => change.name === key);
+        if (changedCookie) {
+          listener(changedCookie.value as PersistenceValue);
+        }
+        const deletedCookie = event.deleted.find(change => change.name === key);
+        if (deletedCookie) {
+          listener(null);
+        }
+      };
+      this.cookieStoreListeners.set(listener, cb);
+      window.cookieStore.addEventListener('change', cb as EventListener);
+    } else {
+      let lastValue = getDocumentCookie(key);
+      const interval = setInterval(() => {
+        const currentValue = getDocumentCookie(key);
+        if (currentValue !== lastValue) {
+          listener(currentValue as PersistenceValue | null);
+          lastValue = currentValue;
+        }
+      }, POLLING_INTERVAL_MS);
+      this.cookiePollingIntervals.set(listener, interval);
+    }
   }
 
-  _removeListener(_key: string, _listener: StorageEventListener): void {
-    const cb = this.listeners.get(_listener);
-    if (!cb) {
+  // TODO can we tidy this logic up into a single unsubscribe function? () => void;
+  _removeListener(_key: string, listener: StorageEventListener): void {
+    if (!this._isAvailable()) {
       return;
     }
-    (window as any).cookieStore.removeEventListener('change', cb);
+    if (window.cookieStore) {
+      const cb = this.cookieStoreListeners.get(listener);
+      if (!cb) {
+        return;
+      }
+      window.cookieStore.removeEventListener('change', cb as EventListener);
+      this.cookieStoreListeners.delete(listener);
+    } else {
+      const interval = this.cookiePollingIntervals.get(listener);
+      if (!interval) {
+        return;
+      }
+      clearInterval(interval);
+      this.cookiePollingIntervals.delete(listener);
+    }
   }
 }
 
 /**
- * An implementation of {@link Persistence} of type 'NONE'.
+ * An implementation of {@link Persistence} of type 'COOKIE'.
  *
  * @public
  */

yarn.lock

@@ -5893,6 +5893,11 @@ [email protected]:
   resolved "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
   integrity sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==
 
+[email protected]:
+  version "4.0.0-next.4"
+  resolved "https://registry.npmjs.org/cookie-store/-/cookie-store-4.0.0-next.4.tgz#8b13981bfd93e10e30694e9816928f8c478a326b"
+  integrity sha512-RVcIK13cCiAa+rsxAbFhrIThn1eBcgt9WTyLq539zMafDnhdGb6u/O5JdMTC3/pcJVqqHJmctiWxAYPpwT/fxw==
+
 [email protected]:
   version "0.6.0"
   resolved "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz#2798b04b071b0ecbff0dbb62a505a8efa4e19051"