Implement signOut for BYO-CIAM firebaseToken

.github/workflows/test-changed-auth.yml

@@ -23,7 +23,7 @@ env:
   # the behavior to use the new URLs.
   CHROMEDRIVER_CDNURL: https://googlechromelabs.github.io/
   CHROMEDRIVER_CDNBINARIESURL: https://storage.googleapis.com/chrome-for-testing-public
-  CHROME_VALIDATED_VERSION: linux-137.0.7151.119
+  CHROME_VALIDATED_VERSION: linux-138.0.7204.92
   # Bump Node memory limit
   NODE_OPTIONS: "--max_old_space_size=4096"
 

packages/auth/demo/public/index.html

@@ -853,6 +853,7 @@
             </div>
             <div class="tab-pane" id="tab-byo-ciam-content">
               <h2>Sign in with your CIAM token</h2>
+              <div id="firebase-token-status">No CIAM token found. User not logged in.</div>
               <input type="text" id="byo-ciam-token"
                      class="form-control" placeholder="Enter CIAM token" />
               <button class="btn btn-block btn-primary"

packages/auth/demo/src/index.js

@@ -1305,6 +1305,7 @@ function onRefreshToken() {
 function onSignOut() {
   setLastUser(auth.currentUser);
   auth.signOut().then(signOut, onAuthError);
+  regionalAuth.signOut();
 }
 
 /**
@@ -1520,16 +1521,16 @@ async function exchangeCIAMToken(token) {
 function onExchangeToken(event) {
   event.preventDefault();
   const byoCiamInput = document.getElementById('byo-ciam-token');
-  const byoCiamResult = document.getElementById('byo-ciam-result');
-
-  byoCiamResult.textContent = 'Exchanging token...';
+  const firebaseTokenStatus = document.getElementById('firebase-token-status');
 
+  firebaseTokenStatus.textContent = 'Exchanging token...';
   exchangeCIAMToken(byoCiamInput.value)
     .then(response => {
-      byoCiamResult.textContent = response;
+      firebaseTokenStatus.textContent = '✅ Firebase token is set: ' + response;
       console.log('Token:', response);
     })
     .catch(error => {
+      (firebaseTokenStatus.textContent = 'Error exchanging token: '), error;
       console.error('Error exchanging token:', error);
     });
 }
@@ -2091,6 +2092,17 @@ function initApp() {
     tenantConfig: tenantConfig
   });
 
+  const firebaseTokenStatus = document.getElementById('firebase-token-status');
+  setTimeout(() => {
+    if (regionalAuth.firebaseToken) {
+      firebaseTokenStatus.textContent =
+        '✅ Firebase token is set: ' + regionalAuth.firebaseToken.token;
+    } else {
+      firebaseTokenStatus.textContent =
+        'No CIAM token found. User not logged in.';
+    }
+    console.log('firebaseToken after delay: ', regionalAuth.firebaseToken);
+  }, 1000);
   tempApp = initializeApp(
     {
       apiKey: config.apiKey,

packages/auth/src/core/auth/auth_impl.test.ts

@@ -308,6 +308,16 @@ describe('core/auth/auth_impl', () => {
       expect(persistenceStub._remove).to.have.been.called;
       expect(auth.currentUser).to.be.null;
     });
+    it('sets currentUser to null, calls remove', async () => {
+      const token: FirebaseToken = {
+        token: 'test-token',
+        expirationTime: 123456789
+      };
+      await auth._updateFirebaseToken(token);
+      await auth.signOut();
+      expect(persistenceStub._remove).to.have.been.called;
+      expect(auth.firebaseToken).to.be.null;
+    });
     it('is blocked if a beforeAuthStateChanged callback throws', async () => {
       await auth._updateCurrentUser(testUser(auth, 'test'));
       auth.beforeAuthStateChanged(sinon.stub().throws());

packages/auth/src/core/auth/auth_impl.ts

@@ -490,6 +490,8 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
       await this._setRedirectUser(null);
     }
 
+    // Clear Firebase token for Regional Auth Instance when signOut is called
+    await this._updateFirebaseToken(null);
     // Prevent callbacks from being called again in _updateCurrentUser, as
     // they were already called in the first line.
     return this._updateCurrentUser(null, /* skipBeforeStateCallbacks */ true);