firebase
diff --git a/‎FirebaseAuth/CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions b/‎FirebaseAuth/CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎FirebaseAuth/Sources/Public/FirebaseAuth/FIRAuth.h‎
Lines changed: 7 additions & 0 deletions b/‎FirebaseAuth/Sources/Public/FirebaseAuth/FIRAuth.h‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎FirebaseAuth/Sources/Utilities/FIRAuthWebUtils.h‎
Lines changed: 6 additions & 0 deletions b/‎FirebaseAuth/Sources/Utilities/FIRAuthWebUtils.h‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎FirebaseAuth/Sources/Utilities/FIRAuthWebUtils.m‎
Lines changed: 58 additions & 13 deletions b/‎FirebaseAuth/Sources/Utilities/FIRAuthWebUtils.m‎
Lines changed: 58 additions & 13 deletions
diff --git a/‎FirebaseAuth/Tests/Sample/Sample/MainViewController+Auth.h‎
Lines changed: 2 additions & 0 deletions b/‎FirebaseAuth/Tests/Sample/Sample/MainViewController+Auth.h‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎FirebaseAuth/Tests/Sample/Sample/MainViewController+Auth.m‎
Lines changed: 21 additions & 2 deletions b/‎FirebaseAuth/Tests/Sample/Sample/MainViewController+Auth.m‎
Lines changed: 21 additions & 2 deletions
diff --git a/‎FirebaseAuth/Tests/Unit/FIRAuthWebUtilsTests.m‎
Lines changed: 73 additions & 0 deletions b/‎FirebaseAuth/Tests/Unit/FIRAuthWebUtilsTests.m‎
Lines changed: 73 additions & 0 deletions
@@ -1,3 +1,6 @@
+# 10.16.0
+- [added] Added custom auth domain support in recaptcha v2 authentication flows. (#7553)
+
 # 10.14.0
 - [added] Added reCAPTCHA verification support in email authentication flows. (#11231)
 
 
@@ -355,6 +355,13 @@ NS_SWIFT_NAME(Auth)
  */
 @property(nonatomic, strong, nullable) NSData *APNSToken API_UNAVAILABLE(macos, tvos, watchos);
 
+/**
+ * @property customAuthDomain
+ * @brief The custom authentication domain used to handle all sign-in redirects. End-users will see
+ * this domain when signing in. This domain must be allowlisted in the Firebase Console.
+ */
+@property(nonatomic, copy, nullable) NSString *customAuthDomain;
+
 /** @fn init
  @brief Please access auth instances using `Auth.auth()` and `Auth.auth(app:)`.
  */
 
@@ -59,6 +59,12 @@ typedef void (^FIRFetchAuthDomainCallback)(NSString *_Nullable authDomain,
  authType:(NSString *)authType
  callbackScheme:(NSString *)callbackScheme;
 
+/** @fn extractDomain:urlString
+ @brief Strips url of scheme and path string to extract domain name
+ @param urlString URL string for domain
+ */
++ (NSString *)extractDomain:(NSString *)urlString;
+
 /** @fn fetchAuthDomainWithCompletion:completion:
  @brief Fetches the auth domain associated with the Firebase Project.
  @param completion The callback invoked after the auth domain has been constructed or an error
 
@@ -84,6 +84,31 @@ + (BOOL)isExpectedCallbackURL:(nullable NSURL *)URL
  return NO;
 }
 
++ (NSString *)extractDomain:(NSString *)urlString {
+ // Remove trailing slashes
+ urlString = [urlString
+ stringByTrimmingCharactersInSet:[NSCharacterSet characterSetWithCharactersInString:@"/"]];
+
+ // Check for the presence of a scheme (e.g., http:// or https://)
+ NSRange range = [urlString rangeOfString:@"http://" options:NSCaseInsensitiveSearch];
+ if (range.location != NSNotFound) {
+ urlString = [urlString stringByReplacingCharactersInRange:range withString:@""];
+ } else {
+ range = [urlString rangeOfString:@"https://" options:NSCaseInsensitiveSearch];
+ if (range.location != NSNotFound) {
+ urlString = [urlString stringByReplacingCharactersInRange:range withString:@""];
+ }
+ }
+
+ // Split the URL by "/"
+ NSArray *urlComponents = [urlString componentsSeparatedByString:@"/"];
+
+ // The domain is the first component after removing the scheme
+ NSString *domain = urlComponents[0];
+
+ return domain;
+}
+
 + (void)fetchAuthDomainWithRequestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration
  completion:(FIRFetchAuthDomainCallback)completion {
  if (requestConfiguration.emulatorHostAndPort) {
@@ -104,22 +129,42 @@ + (void)fetchAuthDomainWithRequestConfiguration:(FIRAuthRequestConfiguration *)r
  return;
  }
  // Look up an authorized domain ends with one of the supportedAuthDomains.
- // The sequence of supportedAuthDomains matters. ("firebaseapp.com", "web.app")
- // The searching ends once the first valid suportedAuthDomain is found.
+ // The searching ends once the first valid supportedAuthDomain is found.
  NSString *authDomain;
- for (NSString *domain in response.authorizedDomains) {
-  for (NSString *suportedAuthDomain in [self supportedAuthDomains]) {
-  NSInteger index = domain.length - suportedAuthDomain.length;
-  if (index >= 2) {
-  if ([domain hasSuffix:suportedAuthDomain] &&
-  domain.length >= suportedAuthDomain.length + 2) {
-  authDomain = domain;
-  break;
- }
+ NSString *customAuthDomain = requestConfiguration.auth.customAuthDomain;
+ if (customAuthDomain) {
+ customAuthDomain = [FIRAuthWebUtils extractDomain:customAuthDomain];
+ BOOL isCustomAuthDomainAuthorized = NO;
+ for (NSString *domain in response.authorizedDomains) {
+ if ([customAuthDomain isEqualToString:domain]) {
+ authDomain = customAuthDomain;
+ isCustomAuthDomainAuthorized = YES;
+ break;
  }
  }
- if (authDomain != nil) {
- break;
+ if (!isCustomAuthDomainAuthorized) {
+ NSError *customDomainError =
+ [FIRAuthErrorUtils unauthorizedDomainErrorWithMessage:
+ @"Error while validating application identity: The "
+ @"configured custom domain is not allowlisted."];
+ completion(nil, customDomainError);
+ return;
+ }
+ } else {
+ for (NSString *domain in response.authorizedDomains) {
+ for (NSString *supportedAuthDomain in [self supportedAuthDomains]) {
+ NSInteger index = domain.length - supportedAuthDomain.length;
+ if (index >= 2) {
+ if ([domain hasSuffix:supportedAuthDomain] &&
+ domain.length >= supportedAuthDomain.length + 2) {
+ authDomain = domain;
+ break;
+ }
+ }
+ }
+ if (authDomain != nil) {
+ break;
+ }
  }
  }
  if (!authDomain.length) {
 
@@ -29,6 +29,8 @@ NS_ASSUME_NONNULL_BEGIN
 
 - (void)signInAnonymouslyWithCallback:(nullable FIRAuthDataResultCallback)callback;
 
+- (void)setAuthDomain;
+
 @end
 
 NS_ASSUME_NONNULL_END
@@ -31,8 +31,10 @@ - (StaticContentTableViewSection *)authSection {
  [StaticContentTableViewCell cellWithTitle:@"Sign out"
  action:^{ [weakSelf signOut]; }],
  [StaticContentTableViewCell cellWithTitle:@"Initialize Recaptcha Config"
- action:^{ [weakSelf initializeRecaptchaConfig]; }]
- ]];
+ action:^{ [weakSelf initializeRecaptchaConfig]; }],
+ [StaticContentTableViewCell cellWithTitle:@"Set Auth Domain"
+ action:^{ [weakSelf setAuthDomain]; }]
+ ]];
 }
 
 - (void)signInAnonymously {
@@ -84,6 +86,23 @@ - (void)initializeRecaptchaConfig {
  }];
 }
 
+- (void)setAuthDomain {
+ [self showTextInputPromptWithMessage:@"Auth Domain:"
+ completionBlock:^(BOOL userPressedOK, NSString *_Nullable customAuthDomain) {
+ if (userPressedOK && customAuthDomain.length) {
+ FIRAuth *auth = [AppManager auth];
+ if(!auth) {
+ [self logFailedTest:@"Could not obtain auth object."];
+ return;
+ }
+ auth.customAuthDomain = customAuthDomain;
+ [self logSuccess:[NSString stringWithFormat:@"Successfully set auth domain to: %@", customAuthDomain]];
+ }
+ return;
+ }];
+}
+
+
 @end
 
 NS_ASSUME_NONNULL_END
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#import <XCTest/XCTest.h>
+#import "FirebaseAuth/Sources/Utilities/FIRAuthWebUtils.h"
+
+/** @class FIRAuthWebUtilsTests
+ @brief Tests for the FIRAuthWebUtils class.
+ */
+@interface FIRAuthWebUtilsTests : XCTestCase
+@end
+
+@implementation FIRAuthWebUtilsTests
+
+/** @fn testExtractDomainWithHTTP
+ @brief Test case for extracting the domain from a URL with "http://" scheme.
+ */
+- (void)testExtractDomainWithHTTP {
+ NSString *urlString = @"http://www.example.com/path/to/resource";
+ NSString *domain = [FIRAuthWebUtils extractDomain:urlString];
+ XCTAssertEqualObjects(domain, @"www.example.com");
+}
+
+/** @fn testExtractDomainWithHTTPS
+ @brief Test case for extracting the domain from a URL with "https://" scheme.
+ */
+- (void)testExtractDomainWithHTTPS {
+ NSString *urlString = @"https://www.example.com/path/to/resource";
+ NSString *domain = [FIRAuthWebUtils extractDomain:urlString];
+ XCTAssertEqualObjects(domain, @"www.example.com");
+}
+
+/** @fn testExtractDomainWithoutScheme
+ @brief Test case for extracting the domain from a URL without a scheme (assumes HTTP by default).
+ */
+- (void)testExtractDomainWithoutScheme {
+ NSString *urlString = @"www.example.com/path/to/resource";
+ NSString *domain = [FIRAuthWebUtils extractDomain:urlString];
+ XCTAssertEqualObjects(domain, @"www.example.com");
+}
+
+/** @fn testExtractDomainWithTrailingSlashes
+ @brief Test case for extracting the domain from a URL with trailing slashes.
+ */
+- (void)testExtractDomainWithTrailingSlashes {
+ NSString *urlString = @"http://www.example.com/////";
+ NSString *domain = [FIRAuthWebUtils extractDomain:urlString];
+ XCTAssertEqualObjects(domain, @"www.example.com");
+}
+
+/** @fn testExtractDomainWithStringDomain
+ @brief Test case for extracting the domain from a string that represents just the domain itself.
+ */
+- (void)testExtractDomainWithStringDomain {
+ NSString *urlString = @"example.com";
+ NSString *domain = [FIRAuthWebUtils extractDomain:urlString];
+ XCTAssertEqualObjects(domain, @"example.com");
+}
+
+@end