Throw Operation Not Allowed for Invalid Auth Endpoint (#9013)

* Throw not supported exception in _performApiRequest

Author: mansisampat

packages/auth/src/api/index.ts

@@ -54,7 +54,7 @@ export const enum HttpHeader {
   X_FIREBASE_APP_CHECK = 'X-Firebase-AppCheck'
 }
 
-export const enum Endpoint {
+export enum Endpoint {
   CREATE_AUTH_URI = '/v1/accounts:createAuthUri',
   DELETE_ACCOUNT = '/v1/accounts:delete',
   RESET_PASSWORD = '/v1/accounts:resetPassword',
@@ -155,6 +155,7 @@ async function performApiRequest<T, V>(
   request?: T,
   customErrorMap: Partial<ServerErrorMap<ServerError>> = {}
 ): Promise<V> {
+  _assertValidEndpointForAuth(auth, path);
   return _performFetchWithErrorHandling(auth, customErrorMap, async () => {
     let body = {};
     let params = {};
@@ -374,6 +375,22 @@ export function _parseEnforcementState(
   }
 }
 
+function _assertValidEndpointForAuth(
+  auth: Auth,
+  path: Endpoint | RegionalEndpoint
+): void {
+  if (
+    !auth.tenantConfig &&
+    Object.values(RegionalEndpoint).includes(path as RegionalEndpoint)
+  ) {
+    throw _operationNotSupportedForInitializedAuthInstance(auth);
+  }
+
+  if (auth.tenantConfig && Object.values(Endpoint).includes(path as Endpoint)) {
+    throw _operationNotSupportedForInitializedAuthInstance(auth);
+  }
+}
+
 class NetworkTimeout<T> {
   // Node timers and browser timers are fundamentally incompatible, but we
   // don't care about the value here