Implement signOut for BYO-CIAM firebaseToken

.github/workflows/test-all.yml

@@ -23,7 +23,7 @@ env:
   # the behavior to use the new URLs.
   CHROMEDRIVER_CDNURL: https://googlechromelabs.github.io/
   CHROMEDRIVER_CDNBINARIESURL: https://storage.googleapis.com/chrome-for-testing-public
-  CHROME_VALIDATED_VERSION: linux-137.0.0.0
+  CHROME_VALIDATED_VERSION: linux-132.0.6834.110
   CHROME_VERSION_MISMATCH_MESSAGE: "The Chrome version doesn't match the previously validated version. Consider updating CHROME_VALIDATED_VERSION in the GitHub workflow if tests pass, or rollback the installed Chrome version if tests fail."
   artifactRetentionDays: 14
   # Bump Node memory limit

packages/auth/demo/public/index.html

@@ -853,6 +853,7 @@
             </div>
             <div class="tab-pane" id="tab-byo-ciam-content">
               <h2>Sign in with your CIAM token</h2>
+              <div id="firebase-token-status">No CIAM token found. User not logged in.</div>
               <input type="text" id="byo-ciam-token"
                      class="form-control" placeholder="Enter CIAM token" />
               <button class="btn btn-block btn-primary"

packages/auth/demo/src/index.js

@@ -1305,6 +1305,7 @@ function onRefreshToken() {
 function onSignOut() {
   setLastUser(auth.currentUser);
   auth.signOut().then(signOut, onAuthError);
+  regionalAuth.signOut();
 }
 
 /**
@@ -1520,16 +1521,17 @@ async function exchangeCIAMToken(token) {
 function onExchangeToken(event) {
   event.preventDefault();
   const byoCiamInput = document.getElementById('byo-ciam-token');
-  const byoCiamResult = document.getElementById('byo-ciam-result');
+  const firebaseTokenStatus = document.getElementById('firebase-token-status');
 
-  byoCiamResult.textContent = 'Exchanging token...';
+  firebaseTokenStatus.textContent = 'Exchanging token...';
 
   exchangeCIAMToken(byoCiamInput.value)
     .then(response => {
-      byoCiamResult.textContent = response;
+      firebaseTokenStatus.textContent = '✅ Firebase token is set: ' + response;
       console.log('Token:', response);
     })
     .catch(error => {
+      (firebaseTokenStatus.textContent = 'Error exchanging token: '), error;
       console.error('Error exchanging token:', error);
     });
 }
@@ -2091,6 +2093,18 @@ function initApp() {
     tenantConfig: tenantConfig
   });
 
+  const firebaseTokenStatus = document.getElementById('firebase-token-status');
+  setTimeout(() => {
+    if (regionalAuth.firebaseToken) {
+      firebaseTokenStatus.textContent =
+        '✅ Firebase token is set: ' + regionalAuth.firebaseToken.token;
+    } else {
+      firebaseTokenStatus.textContent =
+        'No CIAM token found. User not logged in.';
+    }
+    console.log('firebaseToken after delay: ', regionalAuth.firebaseToken);
+  }, 1000);
+
   tempApp = initializeApp(
     {
       apiKey: config.apiKey,

packages/auth/src/core/auth/auth_impl.test.ts

@@ -28,6 +28,7 @@ import {
   FAKE_APP_CHECK_CONTROLLER_PROVIDER,
   FAKE_HEARTBEAT_CONTROLLER,
   FAKE_HEARTBEAT_CONTROLLER_PROVIDER,
+  regionalTestAuth,
   testAuth,
   testUser
 } from '../../../test/helpers/mock_auth';
@@ -308,6 +309,17 @@ describe('core/auth/auth_impl', () => {
       expect(persistenceStub._remove).to.have.been.called;
       expect(auth.currentUser).to.be.null;
     });
+    it('sets currentUser to null, calls remove', async () => {
+      const regionalAuth = await regionalTestAuth();
+      const token: FirebaseToken = {
+        token: 'test-token',
+        expirationTime: 123456789
+      };
+      await regionalAuth._updateFirebaseToken(token);
+      await regionalAuth.signOut();
+      expect(persistenceStub._remove).to.have.been.called;
+      expect(regionalAuth.firebaseToken).to.be.null;
+    });
     it('is blocked if a beforeAuthStateChanged callback throws', async () => {
       await auth._updateCurrentUser(testUser(auth, 'test'));
       auth.beforeAuthStateChanged(sinon.stub().throws());

packages/auth/src/core/auth/auth_impl.ts

@@ -489,7 +489,9 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
     if (this.redirectPersistenceManager || this._popupRedirectResolver) {
       await this._setRedirectUser(null);
     }
-
+    if (this.tenantConfig) {
+      await this._updateFirebaseToken(null);
+    }
     // Prevent callbacks from being called again in _updateCurrentUser, as
     // they were already called in the first line.
     return this._updateCurrentUser(null, /* skipBeforeStateCallbacks */ true);