feat(auth): QR code generation from TOTP secrets

mikehardy · mikehardy · commit e32b6ce920c2 · 2025-08-28T13:43:41.000-05:00
diff --git a/packages/auth/android/src/main/java/io/invertase/firebase/auth/ReactNativeFirebaseAuthModule.java b/packages/auth/android/src/main/java/io/invertase/firebase/auth/ReactNativeFirebaseAuthModule.java
@@ -1305,6 +1305,23 @@ public void finalizeMultiFactorEnrollment(
             });
   }
 
+  @ReactMethod
+  public void generateQrCodeUrl(
+      final String appName,
+      final String secretKey,
+      final String account,
+      final String issuer,
+      final Promise promise) {
+
+    TotpSecret secret = mTotpSecrets.get(secretKey);
+    if (secret == null) {
+      rejectPromiseWithCodeAndMessage(
+          promise, "invalid-multi-factor-secret", "can't find secret for provided key");
+      return;
+    }
+    promise.resolve(secret.generateQrCodeUrl(account, issuer));
+  }
+
   @ReactMethod
   public void finalizeTotpEnrollment(
       final String appName,
diff --git a/packages/auth/ios/RNFBAuth/RNFBAuthModule.m b/packages/auth/ios/RNFBAuth/RNFBAuthModule.m
@@ -1026,6 +1026,21 @@ - (void)invalidate {
                                 }];
 }
 
+RCT_EXPORT_METHOD(generateQrCodeUrl
+                  : (FIRApp *)firebaseApp
+                  : (NSString *)secretKey
+                  : (NSString *)accountName
+                  : (NSString *)issuer
+                  : (RCTPromiseResolveBlock)resolve
+                  : (RCTPromiseRejectBlock)reject) {
+  DLog(@"generateQrCodeUrl using instance resolve generateQrCodeUrl: %@", firebaseApp.name);
+  DLog(@"generateQrCodeUrl using secretKey: %@", secretKey);
+  FIRTOTPSecret *totpSecret = cachedTotpSecrets[secretKey];
+  NSString *url = [totpSecret generateQRCodeURLWithAccountName:accountName issuer:issuer];
+  DLog(@"generateQrCodeUrl got QR Code URL %@", url);
+  resolve(url);
+}
+
 RCT_EXPORT_METHOD(getSession
                   : (FIRApp *)firebaseApp
                   : (RCTPromiseResolveBlock)resolve
diff --git a/packages/auth/lib/TotpSecret.js b/packages/auth/lib/TotpSecret.js
@@ -14,6 +14,8 @@
  * limitations under the License.
  */
 
+import { isString } from '@react-native-firebase/app/lib/common';
+
 export class TotpSecret {
   constructor(secretKey, auth) {
     // The native TotpSecret has many more properties, but they are
@@ -37,17 +39,14 @@ export class TotpSecret {
    *
    * @param accountName the name of the account/app along with a user identifier.
    * @param issuer issuer of the TOTP (likely the app name).
-   * @returns A QR code URL string.
+   * @returns A Promise that resolves to a QR code URL string.
    */
-  generateQrCodeUrl(_accountName, _issuer) {
-    throw new Error('`generateQrCodeUrl` is not supported on the native Firebase SDKs.');
-    // if (!this.hashingAlgorithm || !this.codeLength) {
-    //   return "";
-    // }
-
-    // return (
-    //   `otpauth://totp/${issuer}:${accountName}?secret=${this.secretKey}&issuer=${issuer}` +
-    //   `&algorithm=${this.hashingAlgorithm}&digits=${this.codeLength}`
-    // );
+  async generateQrCodeUrl(accountName, issuer) {
+    // accountName and issure are nullable in the API specification but are
+    // required by tha native SDK. The JS SDK returns '' if they are missing/empty.
+    if (!isString(accountName) || !isString(issuer) || accountName === '' || issuer === '') {
+      return '';
+    }
+    return this.auth.native.generateQrCodeUrl(this.secretKey, accountName, issuer);
   }
 }
