Reuse invalid-credential error code for INVALID_LOGIN_CREDENTIALS.

Update SDK method docs and the demo app

Mark 2 SDK methods as deprecated.

Fix error message for the error code and update tests.

Author: prameshj

.changeset/tall-bottles-promise.md renamed to .changeset/silly-islands-join.md

@@ -411,7 +411,7 @@ export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): P
 |  Parameter | Type | Description |
 |  --- | --- | --- |
 |  auth | [Auth](./auth.auth.md#auth_interface) | The [Auth](./auth.auth.md#auth_interface) instance. |
-|  email | string | The user's email address. |
+|  email | string | The user's email address.<!-- -->Deprecated Migrating off of this method is recommended as a security best-practice. |
 
 <b>Returns:</b>
 
@@ -1829,7 +1829,7 @@ AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY: {
     readonly INVALID_EMAIL: "auth/invalid-email";
     readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
     readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
-    readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-login-credentials";
+    readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential";
     readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
     readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
     readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";

docs-devsite/auth.md

@@ -317,7 +317,9 @@ function onAuthError(error) {
       alertError('Token expired, please reauthenticate.');
     }
     if (error.code === 'auth/invalid-credential') {
-      alertError('login credentials invalid. It is possible that the email/password combination does not exist.');
+      alertError(
+        'login credentials invalid. It is possible that the email/password combination does not exist.'
+      );
     }
   }
 }

packages/auth/demo/src/index.js

@@ -83,7 +83,7 @@ describe('api/authentication/signInWithIdp', () => {
 
     await expect(signInWithIdp(auth, request)).to.be.rejectedWith(
       FirebaseError,
-      'Firebase: The supplied auth credential is malformed or has expired. (auth/invalid-credential).'
+      'Firebase: The supplied auth credential is incorrect, malformed or has expired. (auth/invalid-credential).'
     );
     expect(mock.calls[0].request).to.eql(request);
   });

packages/auth/src/api/authentication/idp.test.ts

@@ -85,7 +85,7 @@ describe('api/authentication/startSignInPhoneMfa', () => {
 
     await expect(startSignInPhoneMfa(auth, request)).to.be.rejectedWith(
       FirebaseError,
-      'Firebase: The supplied auth credential is malformed or has expired. (auth/invalid-credential).'
+      'Firebase: The supplied auth credential is incorrect, malformed or has expired. (auth/invalid-credential).'
     );
     expect(mock.calls[0].request).to.eql(request);
   });

packages/auth/src/api/authentication/mfa.test.ts

@@ -142,4 +142,4 @@ describe('requestStsToken', () => {
       'refresh_token': 'old-token'
     });
   });
-});
+});

packages/auth/src/api/authentication/token.test.ts

@@ -147,16 +147,15 @@ export const SERVER_ERROR_MAP: Partial<ServerErrorMap<ServerError>> = {
   [ServerError.MISSING_PASSWORD]: AuthErrorCode.MISSING_PASSWORD,
   // Thrown if Email Enumeration Protection is enabled in the project and the email or password is
   // invalid.
-  [ServerError.INVALID_LOGIN_CREDENTIALS]:
-    AuthErrorCode.INVALID_LOGIN_CREDENTIALS,
+  [ServerError.INVALID_LOGIN_CREDENTIALS]: AuthErrorCode.INVALID_CREDENTIAL,
 
   // Sign up with email and password errors.
   [ServerError.EMAIL_EXISTS]: AuthErrorCode.EMAIL_EXISTS,
   [ServerError.PASSWORD_LOGIN_DISABLED]: AuthErrorCode.OPERATION_NOT_ALLOWED,
 
   // Verify assertion for sign in with credential errors:
-  [ServerError.INVALID_IDP_RESPONSE]: AuthErrorCode.INVALID_IDP_RESPONSE,
-  [ServerError.INVALID_PENDING_TOKEN]: AuthErrorCode.INVALID_IDP_RESPONSE,
+  [ServerError.INVALID_IDP_RESPONSE]: AuthErrorCode.INVALID_CREDENTIAL,
+  [ServerError.INVALID_PENDING_TOKEN]: AuthErrorCode.INVALID_CREDENTIAL,
   [ServerError.FEDERATED_USER_ID_ALREADY_LINKED]:
     AuthErrorCode.CREDENTIAL_ALREADY_IN_USE,
 
@@ -189,7 +188,7 @@ export const SERVER_ERROR_MAP: Partial<ServerErrorMap<ServerError>> = {
   // Phone Auth related errors.
   [ServerError.INVALID_CODE]: AuthErrorCode.INVALID_CODE,
   [ServerError.INVALID_SESSION_INFO]: AuthErrorCode.INVALID_SESSION_INFO,
-  [ServerError.INVALID_TEMPORARY_PROOF]: AuthErrorCode.INVALID_IDP_RESPONSE,
+  [ServerError.INVALID_TEMPORARY_PROOF]: AuthErrorCode.INVALID_CREDENTIAL,
   [ServerError.MISSING_SESSION_INFO]: AuthErrorCode.MISSING_SESSION_INFO,
   [ServerError.SESSION_EXPIRED]: AuthErrorCode.CODE_EXPIRED,
 

packages/auth/src/api/errors.ts

@@ -60,8 +60,7 @@ export const enum AuthErrorCode {
   INVALID_DYNAMIC_LINK_DOMAIN = 'invalid-dynamic-link-domain',
   INVALID_EMAIL = 'invalid-email',
   INVALID_EMULATOR_SCHEME = 'invalid-emulator-scheme',
-  INVALID_IDP_RESPONSE = 'invalid-credential',
-  INVALID_LOGIN_CREDENTIALS = 'invalid-login-credentials',
+  INVALID_CREDENTIAL = 'invalid-credential',
   INVALID_MESSAGE_PAYLOAD = 'invalid-message-payload',
   INVALID_MFA_SESSION = 'invalid-multi-factor-session',
   INVALID_OAUTH_CLIENT_ID = 'invalid-oauth-client-id',
@@ -218,10 +217,8 @@ function _debugErrorMap(): ErrorMap<AuthErrorCode> {
       'Your API key is invalid, please check you have copied it correctly.',
     [AuthErrorCode.INVALID_CERT_HASH]:
       'The SHA-1 certificate hash provided is invalid.',
-    [AuthErrorCode.INVALID_IDP_RESPONSE]:
-      'The supplied auth credential is malformed or has expired.',
-    [AuthErrorCode.INVALID_LOGIN_CREDENTIALS]:
-      'The supplied login credentials are invalid.',
+    [AuthErrorCode.INVALID_CREDENTIAL]:
+      'The supplied auth credential is incorrect, malformed or has expired.',
     [AuthErrorCode.INVALID_MESSAGE_PAYLOAD]:
       'The email template corresponding to this action contains invalid characters in its message. ' +
       'Please fix by going to the Auth email templates section in the Firebase Console.',
@@ -531,7 +528,7 @@ export const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
   INVALID_EMAIL: 'auth/invalid-email',
   INVALID_EMULATOR_SCHEME: 'auth/invalid-emulator-scheme',
   INVALID_IDP_RESPONSE: 'auth/invalid-credential',
-  INVALID_LOGIN_CREDENTIALS: 'auth/invalid-login-credentials',
+  INVALID_LOGIN_CREDENTIALS: 'auth/invalid-credential',
   INVALID_MESSAGE_PAYLOAD: 'auth/invalid-message-payload',
   INVALID_MFA_SESSION: 'auth/invalid-multi-factor-session',
   INVALID_OAUTH_CLIENT_ID: 'auth/invalid-oauth-client-id',

packages/auth/src/core/errors.ts

@@ -46,6 +46,7 @@ import { getModularInstance } from '@firebase/util';
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  *
+ * Deprecated Migrating off of this method is recommended as a security best-practice.
  * @public
  */
 export async function fetchSignInMethodsForEmail(