shallow copy credentials in strategies that store them (#7047)

- add warnings about dead objects in firefox

libs/common/src/auth/login-strategies/auth-request-login.strategy.ts

@@ -58,7 +58,9 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
   }
 
   override async logIn(credentials: AuthRequestLoginCredentials) {
-    this.authRequestCredentials = credentials;
+    // NOTE: To avoid DeadObject references on Firefox, do not set the credentials object directly
+    // Use deep copy in future if objects are added that were created in popup
+    this.authRequestCredentials = { ...credentials };
 
     this.tokenRequest = new PasswordTokenRequest(
       credentials.email,

libs/common/src/auth/login-strategies/webauthn-login.strategy.ts

@@ -61,7 +61,9 @@ export class WebAuthnLoginStrategy extends LoginStrategy {
   }
 
   async logIn(credentials: WebAuthnLoginCredentials) {
-    this.credentials = credentials;
+    // NOTE: To avoid DeadObject references on Firefox, do not set the credentials object directly
+    // Use deep copy in future if objects are added that were created in popup
+    this.credentials = { ...credentials };
 
     this.tokenRequest = new WebAuthnLoginTokenRequest(
       credentials.token,

libs/common/src/auth/services/auth.service.ts

@@ -208,6 +208,8 @@ export class AuthService implements AuthServiceAbstraction {
         break;
     }
 
+    // Note: Do not set the credentials object directly on the strategy. They are
+    // created in the popup and can cause DeadObject references on Firefox.
     const result = await strategy.logIn(credentials as any);
 
     if (result?.requiresTwoFactor) {