firebase
diff --git a/‎packages/app-check/src/api.test.ts
+37-10 b/‎packages/app-check/src/api.test.ts
+37-10
diff --git a/‎packages/app-check/src/api.ts
+18-11 b/‎packages/app-check/src/api.ts
+18-11
diff --git a/‎packages/app-check/src/factory.ts
+12-3 b/‎packages/app-check/src/factory.ts
+12-3
diff --git a/‎packages/app-check/src/index.ts
+6-1 b/‎packages/app-check/src/index.ts
+6-1
diff --git a/‎packages/app-check/src/internal-api.test.ts
+68-15 b/‎packages/app-check/src/internal-api.test.ts
+68-15
@@ -21,11 +21,13 @@ import { activate, setTokenAutoRefreshEnabled } from './api';
 import {
   FAKE_SITE_KEY,
   getFakeApp,
-  getFakeCustomTokenProvider
+  getFakeCustomTokenProvider,
+  getFakePlatformLoggingProvider
 } from '../test/util';
 import { getState } from './state';
 import * as reCAPTCHA from './recaptcha';
 import { FirebaseApp } from '@firebase/app-types';
+import { ReCAPTCHAProvider } from './providers';
 
 describe('api', () => {
   describe('activate()', () => {
@@ -37,34 +39,59 @@ describe('api', () => {
 
     it('sets activated to true', () => {
       expect(getState(app).activated).to.equal(false);
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        getFakePlatformLoggingProvider()
+      );
       expect(getState(app).activated).to.equal(true);
     });
 
     it('isTokenAutoRefreshEnabled value defaults to global setting', () => {
       app = getFakeApp({ automaticDataCollectionEnabled: false });
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        getFakePlatformLoggingProvider()
+      );
       expect(getState(app).isTokenAutoRefreshEnabled).to.equal(false);
     });
 
     it('sets isTokenAutoRefreshEnabled correctly, overriding global setting', () => {
       app = getFakeApp({ automaticDataCollectionEnabled: false });
-      activate(app, FAKE_SITE_KEY, true);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        getFakePlatformLoggingProvider(),
+        true
+      );
       expect(getState(app).isTokenAutoRefreshEnabled).to.equal(true);
     });
 
     it('can only be called once', () => {
-      activate(app, FAKE_SITE_KEY);
-      expect(() => activate(app, FAKE_SITE_KEY)).to.throw(
-        /AppCheck can only be activated once/
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        getFakePlatformLoggingProvider()
       );
+      expect(() =>
+        activate(
+          app,
+          new ReCAPTCHAProvider(FAKE_SITE_KEY),
+          getFakePlatformLoggingProvider()
+        )
+      ).to.throw(/AppCheck can only be activated once/);
     });
 
     it('initialize reCAPTCHA when a sitekey is provided', () => {
       const initReCAPTCHAStub = stub(reCAPTCHA, 'initialize').returns(
         Promise.resolve({} as any)
       );
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        getFakePlatformLoggingProvider()
+      );
       expect(initReCAPTCHAStub).to.have.been.calledWithExactly(
         app,
         FAKE_SITE_KEY
@@ -74,8 +101,8 @@ describe('api', () => {
     it('does NOT initialize reCAPTCHA when a custom token provider is provided', () => {
       const fakeCustomTokenProvider = getFakeCustomTokenProvider();
       const initReCAPTCHAStub = stub(reCAPTCHA, 'initialize');
-      activate(app, fakeCustomTokenProvider);
-      expect(getState(app).customProvider).to.equal(fakeCustomTokenProvider);
+      activate(app, fakeCustomTokenProvider, getFakePlatformLoggingProvider());
+      expect(getState(app).provider).to.equal(fakeCustomTokenProvider);
       expect(initReCAPTCHAStub).to.have.not.been.called;
     });
   });
 
@@ -17,21 +17,24 @@
 
 import { AppCheckProvider } from '@firebase/app-check-types';
 import { FirebaseApp } from '@firebase/app-types';
+import { Provider } from '@firebase/component';
 import { ERROR_FACTORY, AppCheckError } from './errors';
+import { ReCAPTCHAProvider, ReCAPTCHAProviderInternal } from './providers';
 import { initialize as initializeRecaptcha } from './recaptcha';
 import { getState, setState, AppCheckState } from './state';
 
 /**
  *
  * @param app
- * @param siteKeyOrProvider - optional custom attestation provider
- * or reCAPTCHA siteKey
+ * @param provider - optional custom attestation provider
+ * or reCAPTCHA provider
  * @param isTokenAutoRefreshEnabled - if true, enables auto refresh
  * of appCheck token.
  */
 export function activate(
   app: FirebaseApp,
-  siteKeyOrProvider: string | AppCheckProvider,
+  provider: AppCheckProvider,
+  platformLoggerProvider: Provider<'platform-logger'>,
   isTokenAutoRefreshEnabled?: boolean
 ): void {
   const state = getState(app);
@@ -42,11 +45,7 @@ export function activate(
   }
 
   const newState: AppCheckState = { ...state, activated: true };
-  if (typeof siteKeyOrProvider === 'string') {
-    newState.siteKey = siteKeyOrProvider;
-  } else {
-    newState.customProvider = siteKeyOrProvider;
-  }
+  newState.provider = provider;
 
   // Use value of global `automaticDataCollectionEnabled` (which
   // itself defaults to false if not specified in config) if
@@ -58,9 +57,17 @@ export function activate(
 
   setState(app, newState);
 
-  // initialize reCAPTCHA if siteKey is provided
-  if (newState.siteKey) {
-    initializeRecaptcha(app, newState.siteKey).catch(() => {
+  // initialize reCAPTCHA if provider is a ReCAPTCHAProvider
+  if (newState.provider instanceof ReCAPTCHAProvider) {
+    // Wrap public ReCAPTCHAProvider in an internal class that provides
+    // platform logging and app.
+    const internalProvider = new ReCAPTCHAProviderInternal(
+      app,
+      newState.provider.siteKey,
+      platformLoggerProvider
+    );
+    setState(app, { ...newState, provider: internalProvider });
+    initializeRecaptcha(app, internalProvider.siteKey).catch(() => {
       /* we don't care about the initialization result in activate() */
     });
   }
 
@@ -26,12 +26,21 @@ import {
 } from './internal-api';
 import { Provider } from '@firebase/component';
 
-export function factory(app: FirebaseApp): FirebaseAppCheck {
+export function factory(
+  app: FirebaseApp,
+  platformLoggerProvider: Provider<'platform-logger'>
+): FirebaseAppCheck {
   return {
     activate: (
-      siteKeyOrProvider: string | AppCheckProvider,
+      provider: AppCheckProvider,
       isTokenAutoRefreshEnabled?: boolean
-    ) => activate(app, siteKeyOrProvider, isTokenAutoRefreshEnabled),
+    ) =>
+      activate(
+        app,
+        provider,
+        platformLoggerProvider,
+        isTokenAutoRefreshEnabled
+      ),
     setTokenAutoRefreshEnabled: (isTokenAutoRefreshEnabled: boolean) =>
       setTokenAutoRefreshEnabled(app, isTokenAutoRefreshEnabled)
   };
 
@@ -26,6 +26,7 @@ import {
   AppCheckComponentName
 } from '@firebase/app-check-types';
 import { factory, internalFactory } from './factory';
+import { ReCAPTCHAProvider } from './providers';
 import { initializeDebugMode } from './debug';
 import { AppCheckInternalComponentName } from '@firebase/app-check-interop-types';
 import { name, version } from '../package.json';
@@ -41,10 +42,14 @@ function registerAppCheck(firebase: _FirebaseNamespace): void {
       container => {
         // getImmediate for FirebaseApp will always succeed
         const app = container.getProvider('app').getImmediate();
-        return factory(app);
+        const platformLoggerProvider = container.getProvider('platform-logger');
+        return factory(app, platformLoggerProvider);
       },
       ComponentType.PUBLIC
     )
+      .setServiceProps({
+        ReCAPTCHAProvider
+      })
       /**
        * AppCheck can only be initialized by explicitly calling firebase.appCheck()
        * We don't want firebase products that consume AppCheck to gate on AppCheck
 
@@ -40,6 +40,7 @@ import * as storage from './storage';
 import { getState, clearState, setState, getDebugState } from './state';
 import { AppCheckTokenListener } from '@firebase/app-check-interop-types';
 import { Deferred } from '@firebase/util';
+import { ReCAPTCHAProvider } from './providers';
 
 const fakePlatformLoggingProvider = getFakePlatformLoggingProvider();
 
@@ -74,7 +75,7 @@ describe('internal api', () => {
       const customTokenProvider = getFakeCustomTokenProvider();
       const customProviderSpy = spy(customTokenProvider, 'getToken');
 
-      activate(app, customTokenProvider);
+      activate(app, customTokenProvider, fakePlatformLoggingProvider);
       const token = await getToken(app, fakePlatformLoggingProvider);
 
       expect(customProviderSpy).to.be.called;
@@ -85,8 +86,12 @@ describe('internal api', () => {
       clock.restore();
     });
 
-    it('uses reCAPTCHA token to exchange for AppCheck token if no customTokenProvider is provided', async () => {
-      activate(app, FAKE_SITE_KEY);
+    it('uses reCAPTCHA token to exchange for AppCheck token if ReCAPTCHAProvider is provided', async () => {
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       const reCAPTCHASpy = stub(reCAPTCHA, 'getToken').returns(
         Promise.resolve(fakeRecaptchaToken)
@@ -108,7 +113,11 @@ describe('internal api', () => {
 
     it('resolves with a dummy token and an error if failed to get a token', async () => {
       const errorStub = stub(console, 'error');
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       const reCAPTCHASpy = stub(reCAPTCHA, 'getToken').returns(
         Promise.resolve(fakeRecaptchaToken)
@@ -131,7 +140,11 @@ describe('internal api', () => {
     });
 
     it('notifies listeners using cached token', async () => {
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       const clock = useFakeTimers();
       stub(storage, 'readTokenFromStorage').returns(
@@ -156,7 +169,11 @@ describe('internal api', () => {
     });
 
     it('notifies listeners using new token', async () => {
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       stub(storage, 'readTokenFromStorage').returns(Promise.resolve(undefined));
       stub(reCAPTCHA, 'getToken').returns(Promise.resolve(fakeRecaptchaToken));
@@ -180,7 +197,11 @@ describe('internal api', () => {
     });
 
     it('ignores listeners that throw', async () => {
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       stub(reCAPTCHA, 'getToken').returns(Promise.resolve(fakeRecaptchaToken));
       stub(client, 'exchangeToken').returns(
         Promise.resolve(fakeRecaptchaAppCheckToken)
@@ -202,7 +223,11 @@ describe('internal api', () => {
 
     it('loads persisted token to memory and returns it', async () => {
       const clock = useFakeTimers();
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       stub(storage, 'readTokenFromStorage').returns(
         Promise.resolve(fakeCachedAppCheckToken)
@@ -221,7 +246,11 @@ describe('internal api', () => {
     });
 
     it('persists token to storage', async () => {
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       stub(storage, 'readTokenFromStorage').returns(Promise.resolve(undefined));
       stub(reCAPTCHA, 'getToken').returns(Promise.resolve(fakeRecaptchaToken));
@@ -239,7 +268,11 @@ describe('internal api', () => {
 
     it('returns the valid token in memory without making network request', async () => {
       const clock = useFakeTimers();
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       setState(app, { ...getState(app), token: fakeRecaptchaAppCheckToken });
 
       const clientStub = stub(client, 'exchangeToken');
@@ -252,7 +285,11 @@ describe('internal api', () => {
     });
 
     it('force to get new token when forceRefresh is true', async () => {
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       setState(app, { ...getState(app), token: fakeRecaptchaAppCheckToken });
 
       stub(reCAPTCHA, 'getToken').returns(Promise.resolve(fakeRecaptchaToken));
@@ -276,7 +313,11 @@ describe('internal api', () => {
       debugState.enabled = true;
       debugState.token = new Deferred();
       debugState.token.resolve('my-debug-token');
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
 
       const token = await getToken(app, fakePlatformLoggingProvider);
       expect(exchangeTokenStub.args[0][0].body['debug_token']).to.equal(
@@ -330,7 +371,11 @@ describe('internal api', () => {
 
     it('notifies the listener with the valid token in storage', done => {
       const clock = useFakeTimers();
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       stub(storage, 'readTokenFromStorage').returns(
         Promise.resolve({
           token: `fake-cached-app-check-token`,
@@ -364,7 +409,11 @@ describe('internal api', () => {
       debugState.token = new Deferred();
       debugState.token.resolve('my-debug-token');
 
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       addTokenListener(app, fakePlatformLoggingProvider, fakeListener);
     });
 
@@ -374,7 +423,11 @@ describe('internal api', () => {
       debugState.token = new Deferred();
       debugState.token.resolve('my-debug-token');
 
-      activate(app, FAKE_SITE_KEY);
+      activate(
+        app,
+        new ReCAPTCHAProvider(FAKE_SITE_KEY),
+        fakePlatformLoggingProvider
+      );
       addTokenListener(app, fakePlatformLoggingProvider, () => {});
 
       const state = getState(app);