poojakhatawate
/
mobileapplicationPassvault
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
mobileapplicationPassvault/node_modules/@firebase/auth/dist/auth.d.ts

4520 lines
155 KiB
TypeScript
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/**
* Firebase Authentication
*
* @packageDocumentation
*/
import { CompleteFn } from '@firebase/util';
import { ErrorFactory } from '@firebase/util';
import { ErrorFn } from '@firebase/util';
import { FirebaseApp } from '@firebase/app';
import { FirebaseError } from '@firebase/util';
import { NextFn } from '@firebase/util';
import { Observer } from '@firebase/util';
import { Unsubscribe } from '@firebase/util';
/**
* A response from {@link checkActionCode}.
*
* @public
*/
export declare interface ActionCodeInfo {
/**
* The data associated with the action code.
*
* @remarks
* For the {@link ActionCodeOperation}.PASSWORD_RESET, {@link ActionCodeOperation}.VERIFY_EMAIL, and
* {@link ActionCodeOperation}.RECOVER_EMAIL actions, this object contains an email field with the address
* the email was sent to.
*
* For the {@link ActionCodeOperation}.RECOVER_EMAIL action, which allows a user to undo an email address
* change, this object also contains a `previousEmail` field with the user account's current
* email address. After the action completes, the user's email address will revert to the value
* in the `email` field from the value in `previousEmail` field.
*
* For the {@link ActionCodeOperation}.VERIFY_AND_CHANGE_EMAIL action, which allows a user to verify the
* email before updating it, this object contains a `previousEmail` field with the user account's
* email address before updating. After the action completes, the user's email address will be
* updated to the value in the `email` field from the value in `previousEmail` field.
*
* For the {@link ActionCodeOperation}.REVERT_SECOND_FACTOR_ADDITION action, which allows a user to
* unenroll a newly added second factor, this object contains a `multiFactorInfo` field with
* the information about the second factor. For phone second factor, the `multiFactorInfo`
* is a {@link MultiFactorInfo} object, which contains the phone number.
*/
data: {
email?: string | null;
multiFactorInfo?: MultiFactorInfo | null;
previousEmail?: string | null;
};
/**
* The type of operation that generated the action code.
*/
operation: (typeof ActionCodeOperation)[keyof typeof ActionCodeOperation];
}
/**
* An enumeration of the possible email action types.
*
* @public
*/
export declare const ActionCodeOperation: {
/** The email link sign-in action. */
readonly EMAIL_SIGNIN: "EMAIL_SIGNIN";
/** The password reset action. */
readonly PASSWORD_RESET: "PASSWORD_RESET";
/** The email revocation action. */
readonly RECOVER_EMAIL: "RECOVER_EMAIL";
/** The revert second factor addition email action. */
readonly REVERT_SECOND_FACTOR_ADDITION: "REVERT_SECOND_FACTOR_ADDITION";
/** The revert second factor addition email action. */
readonly VERIFY_AND_CHANGE_EMAIL: "VERIFY_AND_CHANGE_EMAIL";
/** The email verification action. */
readonly VERIFY_EMAIL: "VERIFY_EMAIL";
};
/**
* An interface that defines the required continue/state URL with optional Android and iOS
* bundle identifiers.
*
* @public
*/
export declare interface ActionCodeSettings {
/**
* Sets the Android package name.
*
* @remarks
* This will try to open the link in an android app if it is
* installed. If `installApp` is passed, it specifies whether to install the Android app if the
* device supports it and the app is not already installed. If this field is provided without
* a `packageName`, an error is thrown explaining that the `packageName` must be provided in
* conjunction with this field. If `minimumVersion` is specified, and an older version of the
* app is installed, the user is taken to the Play Store to upgrade the app.
*/
android?: {
installApp?: boolean;
minimumVersion?: string;
packageName: string;
};
/**
* When set to true, the action code link will be be sent as a Universal Link or Android App
* Link and will be opened by the app if installed.
*
* @remarks
* In the false case, the code will be sent to the web widget first and then on continue will
* redirect to the app if installed.
*
* @defaultValue false
*/
handleCodeInApp?: boolean;
/**
* Sets the iOS bundle ID.
*
* @remarks
* This will try to open the link in an iOS app if it is installed.
*
* App installation is not supported for iOS.
*/
iOS?: {
bundleId: string;
};
/**
* Sets the link continue/state URL.
*
* @remarks
* This has different meanings in different contexts:
* - When the link is handled in the web action widgets, this is the deep link in the
* `continueUrl` query parameter.
* - When the link is handled in the app directly, this is the `continueUrl` query parameter in
* the deep link of the Dynamic Link.
*/
url: string;
/**
* When multiple custom dynamic link domains are defined for a project, specify which one to use
* when the link is to be opened via a specified mobile app (for example, `example.page.link`).
*
*
* @defaultValue The first domain is automatically selected.
*/
dynamicLinkDomain?: string;
}
/**
* @license
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* A utility class to parse email action URLs such as password reset, email verification,
* email link sign in, etc.
*
* @public
*/
export declare class ActionCodeURL {
/**
* The API key of the email action link.
*/
readonly apiKey: string;
/**
* The action code of the email action link.
*/
readonly code: string;
/**
* The continue URL of the email action link. Null if not provided.
*/
readonly continueUrl: string | null;
/**
* The language code of the email action link. Null if not provided.
*/
readonly languageCode: string | null;
/**
* The action performed by the email action link. It returns from one of the types from
* {@link ActionCodeInfo}
*/
readonly operation: string;
/**
* The tenant ID of the email action link. Null if the email action is from the parent project.
*/
readonly tenantId: string | null;
/**
* @param actionLink - The link from which to extract the URL.
* @returns The {@link ActionCodeURL} object, or null if the link is invalid.
*
* @internal
*/
constructor(actionLink: string);
/**
* Parses the email action link string and returns an {@link ActionCodeURL} if the link is valid,
* otherwise returns null.
*
* @param link - The email action link string.
* @returns The {@link ActionCodeURL} object, or null if the link is invalid.
*
* @public
*/
static parseLink(link: string): ActionCodeURL | null;
}
/**
* A structure containing additional user information from a federated identity provider.
*
* @public
*/
export declare interface AdditionalUserInfo {
/**
* Whether the user is new (created via sign-up) or existing (authenticated using sign-in).
*/
readonly isNewUser: boolean;
/**
* Map containing IDP-specific user data.
*/
readonly profile: Record<string, unknown> | null;
/**
* Identifier for the provider used to authenticate this user.
*/
readonly providerId: string | null;
/**
* The username if the provider is GitHub or Twitter.
*/
readonly username?: string | null;
}
declare interface APIUserInfo {
localId?: string;
displayName?: string;
photoUrl?: string;
email?: string;
emailVerified?: boolean;
phoneNumber?: string;
lastLoginAt?: number;
createdAt?: number;
tenantId?: string;
passwordHash?: string;
providerUserInfo?: ProviderUserInfo[];
mfaInfo?: MfaEnrollment[];
}
/**
* A verifier for domain verification and abuse prevention.
*
* @remarks
* Currently, the only implementation is {@link RecaptchaVerifier}.
*
* @public
*/
export declare interface ApplicationVerifier {
/**
* Identifies the type of application verifier (e.g. "recaptcha").
*/
readonly type: string;
/**
* Executes the verification process.
*
* @returns A Promise for a token that can be used to assert the validity of a request.
*/
verify(): Promise<string>;
}
declare interface ApplicationVerifierInternal extends ApplicationVerifier {
/**
* @internal
*/
_reset(): void;
}
/**
* Applies a verification code sent to the user by email or other out-of-band mechanism.
*
* @param auth - The {@link Auth} instance.
* @param oobCode - A verification code sent to the user.
*
* @public
*/
export declare function applyActionCode(auth: Auth, oobCode: string): Promise<void>;
declare type AppName = string;
/**
* Interface representing Firebase Auth service.
*
* @remarks
* See {@link https://firebase.google.com/docs/auth/ | Firebase Authentication} for a full guide
* on how to use the Firebase Auth service.
*
* @public
*/
export declare interface Auth {
/** The {@link @firebase/app#FirebaseApp} associated with the `Auth` service instance. */
readonly app: FirebaseApp;
/** The name of the app associated with the `Auth` service instance. */
readonly name: string;
/** The {@link Config} used to initialize this instance. */
readonly config: Config;
/**
* Changes the type of persistence on the `Auth` instance.
*
* @remarks
* This will affect the currently saved Auth session and applies this type of persistence for
* future sign-in requests, including sign-in with redirect requests.
*
* This makes it easy for a user signing in to specify whether their session should be
* remembered or not. It also makes it easier to never persist the Auth state for applications
* that are shared by other users or have sensitive data.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* auth.setPersistence(browserSessionPersistence);
* ```
*
* @param persistence - The {@link Persistence} to use.
*/
setPersistence(persistence: Persistence): Promise<void>;
/**
* The {@link Auth} instance's language code.
*
* @remarks
* This is a readable/writable property. When set to null, the default Firebase Console language
* setting is applied. The language code will propagate to email action templates (password
* reset, email verification and email change revocation), SMS templates for phone authentication,
* reCAPTCHA verifier and OAuth popup/redirect operations provided the specified providers support
* localization with the language code specified.
*/
languageCode: string | null;
/**
* The {@link Auth} instance's tenant ID.
*
* @remarks
* This is a readable/writable property. When you set the tenant ID of an {@link Auth} instance, all
* future sign-in/sign-up operations will pass this tenant ID and sign in or sign up users to
* the specified tenant project. When set to null, users are signed in to the parent project.
*
* @example
* ```javascript
* // Set the tenant ID on Auth instance.
* auth.tenantId = 'TENANT_PROJECT_ID';
*
* // All future sign-in request now include tenant ID.
* const result = await signInWithEmailAndPassword(auth, email, password);
* // result.user.tenantId should be 'TENANT_PROJECT_ID'.
* ```
*
* @defaultValue null
*/
tenantId: string | null;
/**
* The {@link Auth} instance's settings.
*
* @remarks
* This is used to edit/read configuration related options such as app verification mode for
* phone authentication.
*/
readonly settings: AuthSettings;
/**
* Adds an observer for changes to the user's sign-in state.
*
* @remarks
* To keep the old behavior, see {@link Auth.onIdTokenChanged}.
*
* @param nextOrObserver - callback triggered on change.
* @param error - Deprecated. This callback is never triggered. Errors
* on signing in/out can be caught in promises returned from
* sign-in/sign-out functions.
* @param completed - Deprecated. This callback is never triggered.
*/
onAuthStateChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
/**
* Adds a blocking callback that runs before an auth state change
* sets a new user.
*
* @param callback - callback triggered before new user value is set.
* If this throws, it blocks the user from being set.
* @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
* callback throws, allowing you to undo any side effects.
*/
beforeAuthStateChanged(callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
/**
* Adds an observer for changes to the signed-in user's ID token.
*
* @remarks
* This includes sign-in, sign-out, and token refresh events.
*
* @param nextOrObserver - callback triggered on change.
* @param error - Deprecated. This callback is never triggered. Errors
* on signing in/out can be caught in promises returned from
* sign-in/sign-out functions.
* @param completed - Deprecated. This callback is never triggered.
*/
onIdTokenChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
/**
* returns a promise that resolves immediately when the initial
* auth state is settled. When the promise resolves, the current user might be a valid user
* or `null` if the user signed out.
*/
authStateReady(): Promise<void>;
/** The currently signed-in user (or null). */
readonly currentUser: User | null;
/** The current emulator configuration (or null). */
readonly emulatorConfig: EmulatorConfig | null;
/**
* Asynchronously sets the provided user as {@link Auth.currentUser} on the {@link Auth} instance.
*
* @remarks
* A new instance copy of the user provided will be made and set as currentUser.
*
* This will trigger {@link Auth.onAuthStateChanged} and {@link Auth.onIdTokenChanged} listeners
* like other sign in methods.
*
* The operation fails with an error if the user to be updated belongs to a different Firebase
* project.
*
* @param user - The new {@link User}.
*/
updateCurrentUser(user: User | null): Promise<void>;
/**
* Sets the current language to the default device/browser preference.
*/
useDeviceLanguage(): void;
/**
* Signs out the current user. This does not automatically revoke the user's ID token.
*/
signOut(): Promise<void>;
}
/**
* Interface that represents the credentials returned by an {@link AuthProvider}.
*
* @remarks
* Implementations specify the details about each auth provider's credential requirements.
*
* @public
*/
export declare class AuthCredential {
/**
* The authentication provider ID for the credential.
*
* @remarks
* For example, 'facebook.com', or 'google.com'.
*/
readonly providerId: string;
/**
* The authentication sign in method for the credential.
*
* @remarks
* For example, {@link SignInMethod}.EMAIL_PASSWORD, or
* {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method
* identifier as returned in {@link fetchSignInMethodsForEmail}.
*/
readonly signInMethod: string;
/** @internal */
protected constructor(
/**
* The authentication provider ID for the credential.
*
* @remarks
* For example, 'facebook.com', or 'google.com'.
*/
providerId: string,
/**
* The authentication sign in method for the credential.
*
* @remarks
* For example, {@link SignInMethod}.EMAIL_PASSWORD, or
* {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method
* identifier as returned in {@link fetchSignInMethodsForEmail}.
*/
signInMethod: string);
/**
* Returns a JSON-serializable representation of this object.
*
* @returns a JSON-serializable representation of this object.
*/
toJSON(): object;
/** @internal */
_getIdTokenResponse(_auth: AuthInternal): Promise<PhoneOrOauthTokenResponse>;
/** @internal */
_linkToIdToken(_auth: AuthInternal, _idToken: string): Promise<IdTokenResponse>;
/** @internal */
_getReauthenticationResolver(_auth: AuthInternal): Promise<IdTokenResponse>;
}
/**
* Interface for an `Auth` error.
*
* @public
*/
export declare interface AuthError extends FirebaseError {
/** Details about the Firebase Auth error. */
readonly customData: {
/** The name of the Firebase App which triggered this error. */
readonly appName: string;
/** The email address of the user's account, used for sign-in and linking. */
readonly email?: string;
/** The phone number of the user's account, used for sign-in and linking. */
readonly phoneNumber?: string;
/**
* The tenant ID being used for sign-in and linking.
*
* @remarks
* If you use {@link signInWithRedirect} to sign in,
* you have to set the tenant ID on the {@link Auth} instance again as the tenant ID is not persisted
* after redirection.
*/
readonly tenantId?: string;
};
}
/**
* Enumeration of Firebase Auth error codes.
*
* @internal
*/
declare const enum AuthErrorCode {
ADMIN_ONLY_OPERATION = "admin-restricted-operation",
ARGUMENT_ERROR = "argument-error",
APP_NOT_AUTHORIZED = "app-not-authorized",
APP_NOT_INSTALLED = "app-not-installed",
CAPTCHA_CHECK_FAILED = "captcha-check-failed",
CODE_EXPIRED = "code-expired",
CORDOVA_NOT_READY = "cordova-not-ready",
CORS_UNSUPPORTED = "cors-unsupported",
CREDENTIAL_ALREADY_IN_USE = "credential-already-in-use",
CREDENTIAL_MISMATCH = "custom-token-mismatch",
CREDENTIAL_TOO_OLD_LOGIN_AGAIN = "requires-recent-login",
DEPENDENT_SDK_INIT_BEFORE_AUTH = "dependent-sdk-initialized-before-auth",
DYNAMIC_LINK_NOT_ACTIVATED = "dynamic-link-not-activated",
EMAIL_CHANGE_NEEDS_VERIFICATION = "email-change-needs-verification",
EMAIL_EXISTS = "email-already-in-use",
EMULATOR_CONFIG_FAILED = "emulator-config-failed",
EXPIRED_OOB_CODE = "expired-action-code",
EXPIRED_POPUP_REQUEST = "cancelled-popup-request",
INTERNAL_ERROR = "internal-error",
INVALID_API_KEY = "invalid-api-key",
INVALID_APP_CREDENTIAL = "invalid-app-credential",
INVALID_APP_ID = "invalid-app-id",
INVALID_AUTH = "invalid-user-token",
INVALID_AUTH_EVENT = "invalid-auth-event",
INVALID_CERT_HASH = "invalid-cert-hash",
INVALID_CODE = "invalid-verification-code",
INVALID_CONTINUE_URI = "invalid-continue-uri",
INVALID_CORDOVA_CONFIGURATION = "invalid-cordova-configuration",
INVALID_CUSTOM_TOKEN = "invalid-custom-token",
INVALID_DYNAMIC_LINK_DOMAIN = "invalid-dynamic-link-domain",
INVALID_EMAIL = "invalid-email",
INVALID_EMULATOR_SCHEME = "invalid-emulator-scheme",
INVALID_CREDENTIAL = "invalid-credential",
INVALID_MESSAGE_PAYLOAD = "invalid-message-payload",
INVALID_MFA_SESSION = "invalid-multi-factor-session",
INVALID_OAUTH_CLIENT_ID = "invalid-oauth-client-id",
INVALID_OAUTH_PROVIDER = "invalid-oauth-provider",
INVALID_OOB_CODE = "invalid-action-code",
INVALID_ORIGIN = "unauthorized-domain",
INVALID_PASSWORD = "wrong-password",
INVALID_PERSISTENCE = "invalid-persistence-type",
INVALID_PHONE_NUMBER = "invalid-phone-number",
INVALID_PROVIDER_ID = "invalid-provider-id",
INVALID_RECIPIENT_EMAIL = "invalid-recipient-email",
INVALID_SENDER = "invalid-sender",
INVALID_SESSION_INFO = "invalid-verification-id",
INVALID_TENANT_ID = "invalid-tenant-id",
LOGIN_BLOCKED = "login-blocked",
MFA_INFO_NOT_FOUND = "multi-factor-info-not-found",
MFA_REQUIRED = "multi-factor-auth-required",
MISSING_ANDROID_PACKAGE_NAME = "missing-android-pkg-name",
MISSING_APP_CREDENTIAL = "missing-app-credential",
MISSING_AUTH_DOMAIN = "auth-domain-config-required",
MISSING_CODE = "missing-verification-code",
MISSING_CONTINUE_URI = "missing-continue-uri",
MISSING_IFRAME_START = "missing-iframe-start",
MISSING_IOS_BUNDLE_ID = "missing-ios-bundle-id",
MISSING_OR_INVALID_NONCE = "missing-or-invalid-nonce",
MISSING_MFA_INFO = "missing-multi-factor-info",
MISSING_MFA_SESSION = "missing-multi-factor-session",
MISSING_PHONE_NUMBER = "missing-phone-number",
MISSING_PASSWORD = "missing-password",
MISSING_SESSION_INFO = "missing-verification-id",
MODULE_DESTROYED = "app-deleted",
NEED_CONFIRMATION = "account-exists-with-different-credential",
NETWORK_REQUEST_FAILED = "network-request-failed",
NULL_USER = "null-user",
NO_AUTH_EVENT = "no-auth-event",
NO_SUCH_PROVIDER = "no-such-provider",
OPERATION_NOT_ALLOWED = "operation-not-allowed",
OPERATION_NOT_SUPPORTED = "operation-not-supported-in-this-environment",
POPUP_BLOCKED = "popup-blocked",
POPUP_CLOSED_BY_USER = "popup-closed-by-user",
PROVIDER_ALREADY_LINKED = "provider-already-linked",
QUOTA_EXCEEDED = "quota-exceeded",
REDIRECT_CANCELLED_BY_USER = "redirect-cancelled-by-user",
REDIRECT_OPERATION_PENDING = "redirect-operation-pending",
REJECTED_CREDENTIAL = "rejected-credential",
SECOND_FACTOR_ALREADY_ENROLLED = "second-factor-already-in-use",
SECOND_FACTOR_LIMIT_EXCEEDED = "maximum-second-factor-count-exceeded",
TENANT_ID_MISMATCH = "tenant-id-mismatch",
TIMEOUT = "timeout",
TOKEN_EXPIRED = "user-token-expired",
TOO_MANY_ATTEMPTS_TRY_LATER = "too-many-requests",
UNAUTHORIZED_DOMAIN = "unauthorized-continue-uri",
UNSUPPORTED_FIRST_FACTOR = "unsupported-first-factor",
UNSUPPORTED_PERSISTENCE = "unsupported-persistence-type",
UNSUPPORTED_TENANT_OPERATION = "unsupported-tenant-operation",
UNVERIFIED_EMAIL = "unverified-email",
USER_CANCELLED = "user-cancelled",
USER_DELETED = "user-not-found",
USER_DISABLED = "user-disabled",
USER_MISMATCH = "user-mismatch",
USER_SIGNED_OUT = "user-signed-out",
WEAK_PASSWORD = "weak-password",
WEB_STORAGE_UNSUPPORTED = "web-storage-unsupported",
ALREADY_INITIALIZED = "already-initialized",
RECAPTCHA_NOT_ENABLED = "recaptcha-not-enabled",
MISSING_RECAPTCHA_TOKEN = "missing-recaptcha-token",
INVALID_RECAPTCHA_TOKEN = "invalid-recaptcha-token",
INVALID_RECAPTCHA_ACTION = "invalid-recaptcha-action",
MISSING_CLIENT_TYPE = "missing-client-type",
MISSING_RECAPTCHA_VERSION = "missing-recaptcha-version",
INVALID_RECAPTCHA_VERSION = "invalid-recaptcha-version",
INVALID_REQ_TYPE = "invalid-req-type",
UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION = "unsupported-password-policy-schema-version",
PASSWORD_DOES_NOT_MEET_REQUIREMENTS = "password-does-not-meet-requirements"
}
/**
* A map of potential `Auth` error codes, for easier comparison with errors
* thrown by the SDK.
*
* @remarks
* Note that you can't tree-shake individual keys
* in the map, so by using the map you might substantially increase your
* bundle size.
*
* @public
*/
export declare const AuthErrorCodes: {
readonly ADMIN_ONLY_OPERATION: "auth/admin-restricted-operation";
readonly ARGUMENT_ERROR: "auth/argument-error";
readonly APP_NOT_AUTHORIZED: "auth/app-not-authorized";
readonly APP_NOT_INSTALLED: "auth/app-not-installed";
readonly CAPTCHA_CHECK_FAILED: "auth/captcha-check-failed";
readonly CODE_EXPIRED: "auth/code-expired";
readonly CORDOVA_NOT_READY: "auth/cordova-not-ready";
readonly CORS_UNSUPPORTED: "auth/cors-unsupported";
readonly CREDENTIAL_ALREADY_IN_USE: "auth/credential-already-in-use";
readonly CREDENTIAL_MISMATCH: "auth/custom-token-mismatch";
readonly CREDENTIAL_TOO_OLD_LOGIN_AGAIN: "auth/requires-recent-login";
readonly DEPENDENT_SDK_INIT_BEFORE_AUTH: "auth/dependent-sdk-initialized-before-auth";
readonly DYNAMIC_LINK_NOT_ACTIVATED: "auth/dynamic-link-not-activated";
readonly EMAIL_CHANGE_NEEDS_VERIFICATION: "auth/email-change-needs-verification";
readonly EMAIL_EXISTS: "auth/email-already-in-use";
readonly EMULATOR_CONFIG_FAILED: "auth/emulator-config-failed";
readonly EXPIRED_OOB_CODE: "auth/expired-action-code";
readonly EXPIRED_POPUP_REQUEST: "auth/cancelled-popup-request";
readonly INTERNAL_ERROR: "auth/internal-error";
readonly INVALID_API_KEY: "auth/invalid-api-key";
readonly INVALID_APP_CREDENTIAL: "auth/invalid-app-credential";
readonly INVALID_APP_ID: "auth/invalid-app-id";
readonly INVALID_AUTH: "auth/invalid-user-token";
readonly INVALID_AUTH_EVENT: "auth/invalid-auth-event";
readonly INVALID_CERT_HASH: "auth/invalid-cert-hash";
readonly INVALID_CODE: "auth/invalid-verification-code";
readonly INVALID_CONTINUE_URI: "auth/invalid-continue-uri";
readonly INVALID_CORDOVA_CONFIGURATION: "auth/invalid-cordova-configuration";
readonly INVALID_CUSTOM_TOKEN: "auth/invalid-custom-token";
readonly INVALID_DYNAMIC_LINK_DOMAIN: "auth/invalid-dynamic-link-domain";
readonly INVALID_EMAIL: "auth/invalid-email";
readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential";
readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
readonly INVALID_OAUTH_PROVIDER: "auth/invalid-oauth-provider";
readonly INVALID_OOB_CODE: "auth/invalid-action-code";
readonly INVALID_ORIGIN: "auth/unauthorized-domain";
readonly INVALID_PASSWORD: "auth/wrong-password";
readonly INVALID_PERSISTENCE: "auth/invalid-persistence-type";
readonly INVALID_PHONE_NUMBER: "auth/invalid-phone-number";
readonly INVALID_PROVIDER_ID: "auth/invalid-provider-id";
readonly INVALID_RECIPIENT_EMAIL: "auth/invalid-recipient-email";
readonly INVALID_SENDER: "auth/invalid-sender";
readonly INVALID_SESSION_INFO: "auth/invalid-verification-id";
readonly INVALID_TENANT_ID: "auth/invalid-tenant-id";
readonly MFA_INFO_NOT_FOUND: "auth/multi-factor-info-not-found";
readonly MFA_REQUIRED: "auth/multi-factor-auth-required";
readonly MISSING_ANDROID_PACKAGE_NAME: "auth/missing-android-pkg-name";
readonly MISSING_APP_CREDENTIAL: "auth/missing-app-credential";
readonly MISSING_AUTH_DOMAIN: "auth/auth-domain-config-required";
readonly MISSING_CODE: "auth/missing-verification-code";
readonly MISSING_CONTINUE_URI: "auth/missing-continue-uri";
readonly MISSING_IFRAME_START: "auth/missing-iframe-start";
readonly MISSING_IOS_BUNDLE_ID: "auth/missing-ios-bundle-id";
readonly MISSING_OR_INVALID_NONCE: "auth/missing-or-invalid-nonce";
readonly MISSING_MFA_INFO: "auth/missing-multi-factor-info";
readonly MISSING_MFA_SESSION: "auth/missing-multi-factor-session";
readonly MISSING_PHONE_NUMBER: "auth/missing-phone-number";
readonly MISSING_SESSION_INFO: "auth/missing-verification-id";
readonly MODULE_DESTROYED: "auth/app-deleted";
readonly NEED_CONFIRMATION: "auth/account-exists-with-different-credential";
readonly NETWORK_REQUEST_FAILED: "auth/network-request-failed";
readonly NULL_USER: "auth/null-user";
readonly NO_AUTH_EVENT: "auth/no-auth-event";
readonly NO_SUCH_PROVIDER: "auth/no-such-provider";
readonly OPERATION_NOT_ALLOWED: "auth/operation-not-allowed";
readonly OPERATION_NOT_SUPPORTED: "auth/operation-not-supported-in-this-environment";
readonly POPUP_BLOCKED: "auth/popup-blocked";
readonly POPUP_CLOSED_BY_USER: "auth/popup-closed-by-user";
readonly PROVIDER_ALREADY_LINKED: "auth/provider-already-linked";
readonly QUOTA_EXCEEDED: "auth/quota-exceeded";
readonly REDIRECT_CANCELLED_BY_USER: "auth/redirect-cancelled-by-user";
readonly REDIRECT_OPERATION_PENDING: "auth/redirect-operation-pending";
readonly REJECTED_CREDENTIAL: "auth/rejected-credential";
readonly SECOND_FACTOR_ALREADY_ENROLLED: "auth/second-factor-already-in-use";
readonly SECOND_FACTOR_LIMIT_EXCEEDED: "auth/maximum-second-factor-count-exceeded";
readonly TENANT_ID_MISMATCH: "auth/tenant-id-mismatch";
readonly TIMEOUT: "auth/timeout";
readonly TOKEN_EXPIRED: "auth/user-token-expired";
readonly TOO_MANY_ATTEMPTS_TRY_LATER: "auth/too-many-requests";
readonly UNAUTHORIZED_DOMAIN: "auth/unauthorized-continue-uri";
readonly UNSUPPORTED_FIRST_FACTOR: "auth/unsupported-first-factor";
readonly UNSUPPORTED_PERSISTENCE: "auth/unsupported-persistence-type";
readonly UNSUPPORTED_TENANT_OPERATION: "auth/unsupported-tenant-operation";
readonly UNVERIFIED_EMAIL: "auth/unverified-email";
readonly USER_CANCELLED: "auth/user-cancelled";
readonly USER_DELETED: "auth/user-not-found";
readonly USER_DISABLED: "auth/user-disabled";
readonly USER_MISMATCH: "auth/user-mismatch";
readonly USER_SIGNED_OUT: "auth/user-signed-out";
readonly WEAK_PASSWORD: "auth/weak-password";
readonly WEB_STORAGE_UNSUPPORTED: "auth/web-storage-unsupported";
readonly ALREADY_INITIALIZED: "auth/already-initialized";
readonly RECAPTCHA_NOT_ENABLED: "auth/recaptcha-not-enabled";
readonly MISSING_RECAPTCHA_TOKEN: "auth/missing-recaptcha-token";
readonly INVALID_RECAPTCHA_TOKEN: "auth/invalid-recaptcha-token";
readonly INVALID_RECAPTCHA_ACTION: "auth/invalid-recaptcha-action";
readonly MISSING_CLIENT_TYPE: "auth/missing-client-type";
readonly MISSING_RECAPTCHA_VERSION: "auth/missing-recaptcha-version";
readonly INVALID_RECAPTCHA_VERSION: "auth/invalid-recaptcha-version";
readonly INVALID_REQ_TYPE: "auth/invalid-req-type";
};
/**
* A mapping of error codes to error messages.
*
* @remarks
*
* While error messages are useful for debugging (providing verbose textual
* context around what went wrong), these strings take up a lot of space in the
* compiled code. When deploying code in production, using {@link prodErrorMap}
* will save you roughly 10k compressed/gzipped over {@link debugErrorMap}. You
* can select the error map during initialization:
*
* ```javascript
* initializeAuth(app, {errorMap: debugErrorMap})
* ```
*
* When initializing Auth, {@link prodErrorMap} is default.
*
* @public
*/
export declare interface AuthErrorMap {
}
/**
* @internal
*/
declare interface AuthErrorParams extends GenericAuthErrorParams {
[AuthErrorCode.ARGUMENT_ERROR]: {
appName?: AppName;
};
[AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]: {
appName?: AppName;
};
[AuthErrorCode.INTERNAL_ERROR]: {
appName?: AppName;
};
[AuthErrorCode.LOGIN_BLOCKED]: {
appName?: AppName;
originalMessage?: string;
};
[AuthErrorCode.OPERATION_NOT_SUPPORTED]: {
appName?: AppName;
};
[AuthErrorCode.NO_AUTH_EVENT]: {
appName?: AppName;
};
[AuthErrorCode.MFA_REQUIRED]: {
appName: AppName;
_serverResponse: IdTokenMfaResponse;
};
[AuthErrorCode.INVALID_CORDOVA_CONFIGURATION]: {
appName: AppName;
missingPlugin?: string;
};
}
/**
* @internal
*/
declare interface AuthEvent {
type: AuthEventType;
eventId: string | null;
urlResponse: string | null;
sessionId: string | null;
postBody: string | null;
tenantId: string | null;
error?: AuthEventError;
}
/**
* @internal
*/
declare interface AuthEventConsumer {
readonly filter: AuthEventType[];
eventId: string | null;
onAuthEvent(event: AuthEvent): unknown;
onError(error: FirebaseError): unknown;
}
declare interface AuthEventError extends Error {
code: string;
message: string;
}
/**
* @internal
*/
declare const enum AuthEventType {
LINK_VIA_POPUP = "linkViaPopup",
LINK_VIA_REDIRECT = "linkViaRedirect",
REAUTH_VIA_POPUP = "reauthViaPopup",
REAUTH_VIA_REDIRECT = "reauthViaRedirect",
SIGN_IN_VIA_POPUP = "signInViaPopup",
SIGN_IN_VIA_REDIRECT = "signInViaRedirect",
UNKNOWN = "unknown",
VERIFY_APP = "verifyApp"
}
/**
* UserInternal and AuthInternal reference each other, so both of them are included in the public typings.
* In order to exclude them, we mark them as internal explicitly.
*
* @internal
*/
declare interface AuthInternal extends Auth {
currentUser: User | null;
emulatorConfig: EmulatorConfig | null;
_agentRecaptchaConfig: RecaptchaConfig | null;
_tenantRecaptchaConfigs: Record<string, RecaptchaConfig>;
_projectPasswordPolicy: PasswordPolicy | null;
_tenantPasswordPolicies: Record<string, PasswordPolicy>;
_canInitEmulator: boolean;
_isInitialized: boolean;
_initializationPromise: Promise<void> | null;
_updateCurrentUser(user: UserInternal | null): Promise<void>;
_onStorageEvent(): void;
_notifyListenersIfCurrent(user: UserInternal): void;
_persistUserIfCurrent(user: UserInternal): Promise<void>;
_setRedirectUser(user: UserInternal | null, popupRedirectResolver?: PopupRedirectResolver): Promise<void>;
_redirectUserForId(id: string): Promise<UserInternal | null>;
_popupRedirectResolver: PopupRedirectResolverInternal | null;
_key(): string;
_startProactiveRefresh(): void;
_stopProactiveRefresh(): void;
_getPersistence(): string;
_getRecaptchaConfig(): RecaptchaConfig | null;
_getPasswordPolicyInternal(): PasswordPolicyInternal | null;
_updatePasswordPolicy(): Promise<void>;
_logFramework(framework: string): void;
_getFrameworks(): readonly string[];
_getAdditionalHeaders(): Promise<Record<string, string>>;
_getAppCheckToken(): Promise<string | undefined>;
readonly name: AppName;
readonly config: ConfigInternal;
languageCode: string | null;
tenantId: string | null;
readonly settings: AuthSettings;
_errorFactory: ErrorFactory<AuthErrorCode, AuthErrorParams>;
useDeviceLanguage(): void;
signOut(): Promise<void>;
validatePassword(password: string): Promise<PasswordValidationStatus>;
revokeAccessToken(token: string): Promise<void>;
}
declare class AuthPopup {
readonly window: Window | null;
associatedEvent: string | null;
constructor(window: Window | null);
close(): void;
}
/**
* Interface that represents an auth provider, used to facilitate creating {@link AuthCredential}.
*
* @public
*/
export declare interface AuthProvider {
/**
* Provider for which credentials can be constructed.
*/
readonly providerId: string;
}
/**
* Interface representing an {@link Auth} instance's settings.
*
* @remarks Currently used for enabling/disabling app verification for phone Auth testing.
*
* @public
*/
export declare interface AuthSettings {
/**
* When set, this property disables app verification for the purpose of testing phone
* authentication. For this property to take effect, it needs to be set before rendering a
* reCAPTCHA app verifier. When this is disabled, a mock reCAPTCHA is rendered instead. This is
* useful for manual testing during development or for automated integration tests.
*
* In order to use this feature, you will need to
* {@link https://firebase.google.com/docs/auth/web/phone-auth#test-with-whitelisted-phone-numbers | whitelist your phone number}
* via the Firebase Console.
*
* The default value is false (app verification is enabled).
*/
appVerificationDisabledForTesting: boolean;
}
/**
* MFA Info as returned by the API.
*/
declare interface BaseMfaEnrollment {
mfaEnrollmentId: string;
enrolledAt: number;
displayName?: string;
}
/**
* Common code to all OAuth providers. This is separate from the
* {@link OAuthProvider} so that child providers (like
* {@link GoogleAuthProvider}) don't inherit the `credential` instance method.
* Instead, they rely on a static `credential` method.
*/
declare abstract class BaseOAuthProvider extends FederatedAuthProvider implements AuthProvider {
/** @internal */
private scopes;
/**
* Add an OAuth scope to the credential.
*
* @param scope - Provider OAuth scope to add.
*/
addScope(scope: string): AuthProvider;
/**
* Retrieve the current list of OAuth scopes.
*/
getScopes(): string[];
}
/**
* Adds a blocking callback that runs before an auth state change
* sets a new user.
*
* @param auth - The {@link Auth} instance.
* @param callback - callback triggered before new user value is set.
* If this throws, it blocks the user from being set.
* @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
* callback throws, allowing you to undo any side effects.
*/
export declare function beforeAuthStateChanged(auth: Auth, callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
/**
* An implementation of {@link Persistence} of type `LOCAL` using `localStorage`
* for the underlying storage.
*
* @public
*/
export declare const browserLocalPersistence: Persistence;
/**
* An implementation of {@link PopupRedirectResolver} suitable for browser
* based applications.
*
* @remarks
* This method does not work in a Node.js environment.
*
* @public
*/
export declare const browserPopupRedirectResolver: PopupRedirectResolver;
/**
* An implementation of {@link Persistence} of `SESSION` using `sessionStorage`
* for the underlying storage.
*
* @public
*/
export declare const browserSessionPersistence: Persistence;
/**
* Checks a verification code sent to the user by email or other out-of-band mechanism.
*
* @returns metadata about the code.
*
* @param auth - The {@link Auth} instance.
* @param oobCode - A verification code sent to the user.
*
* @public
*/
export declare function checkActionCode(auth: Auth, oobCode: string): Promise<ActionCodeInfo>;
/**
* @internal
*/
declare const enum ClientPlatform {
BROWSER = "Browser",
NODE = "Node",
REACT_NATIVE = "ReactNative",
CORDOVA = "Cordova",
WORKER = "Worker",
WEB_EXTENSION = "WebExtension"
}
export { CompleteFn }
/**
* Interface representing the `Auth` config.
*
* @public
*/
export declare interface Config {
/**
* The API Key used to communicate with the Firebase Auth backend.
*/
apiKey: string;
/**
* The host at which the Firebase Auth backend is running.
*/
apiHost: string;
/**
* The scheme used to communicate with the Firebase Auth backend.
*/
apiScheme: string;
/**
* The host at which the Secure Token API is running.
*/
tokenApiHost: string;
/**
* The SDK Client Version.
*/
sdkClientVersion: string;
/**
* The domain at which the web widgets are hosted (provided via Firebase Config).
*/
authDomain?: string;
}
/**
* @internal
*/
declare interface ConfigInternal extends Config {
/**
* @readonly
*/
emulator?: {
url: string;
};
/**
* @readonly
*/
clientPlatform: ClientPlatform;
}
/**
* A result from a phone number sign-in, link, or reauthenticate call.
*
* @public
*/
export declare interface ConfirmationResult {
/**
* The phone number authentication operation's verification ID.
*
* @remarks
* This can be used along with the verification code to initialize a
* {@link PhoneAuthCredential}.
*/
readonly verificationId: string;
/**
* Finishes a phone number sign-in, link, or reauthentication.
*
* @example
* ```javascript
* const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
* // Obtain verificationCode from the user.
* const userCredential = await confirmationResult.confirm(verificationCode);
* ```
*
* @param verificationCode - The code that was sent to the user's mobile device.
*/
confirm(verificationCode: string): Promise<UserCredential>;
}
/**
* Completes the password reset process, given a confirmation code and new password.
*
* @param auth - The {@link Auth} instance.
* @param oobCode - A confirmation code sent to the user.
* @param newPassword - The new password.
*
* @public
*/
export declare function confirmPasswordReset(auth: Auth, oobCode: string, newPassword: string): Promise<void>;
/**
* Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
* Firebase Auth services.
*
* @remarks
* This must be called synchronously immediately following the first call to
* {@link initializeAuth}. Do not use with production credentials as emulator
* traffic is not encrypted.
*
*
* @example
* ```javascript
* connectAuthEmulator(auth, 'http://127.0.0.1:9099', { disableWarnings: true });
* ```
*
* @param auth - The {@link Auth} instance.
* @param url - The URL at which the emulator is running (eg, 'http://localhost:9099').
* @param options - Optional. `options.disableWarnings` defaults to `false`. Set it to
* `true` to disable the warning banner attached to the DOM.
*
* @public
*/
export declare function connectAuthEmulator(auth: Auth, url: string, options?: {
disableWarnings: boolean;
}): void;
/**
* Creates a new user account associated with the specified email address and password.
*
* @remarks
* On successful creation of the user account, this user will also be signed in to your application.
*
* User account creation can fail if the account already exists or the password is invalid.
*
* Note: The email address acts as a unique identifier for the user and enables an email-based
* password reset. This function will create a new user account and set the initial user password.
*
* @param auth - The {@link Auth} instance.
* @param email - The user's email address.
* @param password - The user's chosen password.
*
* @public
*/
export declare function createUserWithEmailAndPassword(auth: Auth, email: string, password: string): Promise<UserCredential>;
/**
* Map of OAuth Custom Parameters.
*
* @public
*/
export declare type CustomParameters = Record<string, string>;
/**
* A verbose error map with detailed descriptions for most error codes.
*
* See discussion at {@link AuthErrorMap}
*
* @public
*/
export declare const debugErrorMap: AuthErrorMap;
/**
* Deletes and signs out the user.
*
* @remarks
* Important: this is a security-sensitive operation that requires the user to have recently
* signed in. If this requirement isn't met, ask the user to authenticate again and then call
* {@link reauthenticateWithCredential}.
*
* @param user - The user.
*
* @public
*/
export declare function deleteUser(user: User): Promise<void>;
/**
* The dependencies that can be used to initialize an {@link Auth} instance.
*
* @remarks
*
* The modular SDK enables tree shaking by allowing explicit declarations of
* dependencies. For example, a web app does not need to include code that
* enables Cordova redirect sign in. That functionality is therefore split into
* {@link browserPopupRedirectResolver} and
* {@link cordovaPopupRedirectResolver}. The dependencies object is how Auth is
* configured to reduce bundle sizes.
*
* There are two ways to initialize an {@link Auth} instance: {@link getAuth} and
* {@link initializeAuth}. `getAuth` initializes everything using
* platform-specific configurations, while `initializeAuth` takes a
* `Dependencies` object directly, giving you more control over what is used.
*
* @public
*/
export declare interface Dependencies {
/**
* Which {@link Persistence} to use. If this is an array, the first
* `Persistence` that the device supports is used. The SDK searches for an
* existing account in order and, if one is found in a secondary
* `Persistence`, the account is moved to the primary `Persistence`.
*
* If no persistence is provided, the SDK falls back on
* {@link inMemoryPersistence}.
*/
persistence?: Persistence | Persistence[];
/**
* The {@link PopupRedirectResolver} to use. This value depends on the
* platform. Options are {@link browserPopupRedirectResolver} and
* {@link cordovaPopupRedirectResolver}. This field is optional if neither
* {@link signInWithPopup} or {@link signInWithRedirect} are being used.
*/
popupRedirectResolver?: PopupRedirectResolver;
/**
* Which {@link AuthErrorMap} to use.
*/
errorMap?: AuthErrorMap;
}
/**
* Interface that represents the credentials returned by {@link EmailAuthProvider} for
* {@link ProviderId}.PASSWORD
*
* @remarks
* Covers both {@link SignInMethod}.EMAIL_PASSWORD and
* {@link SignInMethod}.EMAIL_LINK.
*
* @public
*/
export declare class EmailAuthCredential extends AuthCredential {
/** @internal */
readonly _email: string;
/** @internal */
readonly _password: string;
/** @internal */
readonly _tenantId: string | null;
/** @internal */
private constructor();
/** @internal */
static _fromEmailAndPassword(email: string, password: string): EmailAuthCredential;
/** @internal */
static _fromEmailAndCode(email: string, oobCode: string, tenantId?: string | null): EmailAuthCredential;
/** {@inheritdoc AuthCredential.toJSON} */
toJSON(): object;
/**
* Static method to deserialize a JSON representation of an object into an {@link AuthCredential}.
*
* @param json - Either `object` or the stringified representation of the object. When string is
* provided, `JSON.parse` would be called first.
*
* @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
*/
static fromJSON(json: object | string): EmailAuthCredential | null;
/** @internal */
_getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse>;
/** @internal */
_linkToIdToken(auth: AuthInternal, idToken: string): Promise<IdTokenResponse>;
/** @internal */
_getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse>;
}
/**
* Provider for generating {@link EmailAuthCredential}.
*
* @public
*/
export declare class EmailAuthProvider implements AuthProvider {
/**
* Always set to {@link ProviderId}.PASSWORD, even for email link.
*/
static readonly PROVIDER_ID: 'password';
/**
* Always set to {@link SignInMethod}.EMAIL_PASSWORD.
*/
static readonly EMAIL_PASSWORD_SIGN_IN_METHOD: 'password';
/**
* Always set to {@link SignInMethod}.EMAIL_LINK.
*/
static readonly EMAIL_LINK_SIGN_IN_METHOD: 'emailLink';
/**
* Always set to {@link ProviderId}.PASSWORD, even for email link.
*/
readonly providerId: "password";
/**
* Initialize an {@link AuthCredential} using an email and password.
*
* @example
* ```javascript
* const authCredential = EmailAuthProvider.credential(email, password);
* const userCredential = await signInWithCredential(auth, authCredential);
* ```
*
* @example
* ```javascript
* const userCredential = await signInWithEmailAndPassword(auth, email, password);
* ```
*
* @param email - Email address.
* @param password - User account password.
* @returns The auth provider credential.
*/
static credential(email: string, password: string): EmailAuthCredential;
/**
* Initialize an {@link AuthCredential} using an email and an email link after a sign in with
* email link operation.
*
* @example
* ```javascript
* const authCredential = EmailAuthProvider.credentialWithLink(auth, email, emailLink);
* const userCredential = await signInWithCredential(auth, authCredential);
* ```
*
* @example
* ```javascript
* await sendSignInLinkToEmail(auth, email);
* // Obtain emailLink from user.
* const userCredential = await signInWithEmailLink(auth, email, emailLink);
* ```
*
* @param auth - The {@link Auth} instance used to verify the link.
* @param email - Email address.
* @param emailLink - Sign-in email link.
* @returns - The auth provider credential.
*/
static credentialWithLink(email: string, emailLink: string): EmailAuthCredential;
}
/**
* Configuration of Firebase Authentication Emulator.
* @public
*/
export declare interface EmulatorConfig {
/**
* The protocol used to communicate with the emulator ("http"/"https").
*/
readonly protocol: string;
/**
* The hostname of the emulator, which may be a domain ("localhost"), IPv4 address ("127.0.0.1")
* or quoted IPv6 address ("[::1]").
*/
readonly host: string;
/**
* The port of the emulator, or null if port isn't specified (i.e. protocol default).
*/
readonly port: number | null;
/**
* The emulator-specific options.
*/
readonly options: {
/**
* Whether the warning banner attached to the DOM was disabled.
*/
readonly disableWarnings: boolean;
};
}
declare const enum EnforcementState {
ENFORCE = "ENFORCE",
AUDIT = "AUDIT",
OFF = "OFF",
ENFORCEMENT_STATE_UNSPECIFIED = "ENFORCEMENT_STATE_UNSPECIFIED"
}
export { ErrorFn }
/**
* @internal
*/
declare interface EventManager {
registerConsumer(authEventConsumer: AuthEventConsumer): void;
unregisterConsumer(authEventConsumer: AuthEventConsumer): void;
}
/**
* Provider for generating an {@link OAuthCredential} for {@link ProviderId}.FACEBOOK.
*
* @example
* ```javascript
* // Sign in using a redirect.
* const provider = new FacebookAuthProvider();
* // Start a sign in process for an unauthenticated user.
* provider.addScope('user_birthday');
* await signInWithRedirect(auth, provider);
* // This will trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* if (result) {
* // This is the signed-in user
* const user = result.user;
* // This gives you a Facebook Access Token.
* const credential = FacebookAuthProvider.credentialFromResult(result);
* const token = credential.accessToken;
* }
* ```
*
* @example
* ```javascript
* // Sign in using a popup.
* const provider = new FacebookAuthProvider();
* provider.addScope('user_birthday');
* const result = await signInWithPopup(auth, provider);
*
* // The signed-in user info.
* const user = result.user;
* // This gives you a Facebook Access Token.
* const credential = FacebookAuthProvider.credentialFromResult(result);
* const token = credential.accessToken;
* ```
*
* @public
*/
export declare class FacebookAuthProvider extends BaseOAuthProvider {
/** Always set to {@link SignInMethod}.FACEBOOK. */
static readonly FACEBOOK_SIGN_IN_METHOD: 'facebook.com';
/** Always set to {@link ProviderId}.FACEBOOK. */
static readonly PROVIDER_ID: 'facebook.com';
constructor();
/**
* Creates a credential for Facebook.
*
* @example
* ```javascript
* // `event` from the Facebook auth.authResponseChange callback.
* const credential = FacebookAuthProvider.credential(event.authResponse.accessToken);
* const result = await signInWithCredential(credential);
* ```
*
* @param accessToken - Facebook access token.
*/
static credential(accessToken: string): OAuthCredential;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
*
* @param userCredential - The user credential.
*/
static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
* thrown during a sign-in, link, or reauthenticate operation.
*
* @param userCredential - The user credential.
*/
static credentialFromError(error: FirebaseError): OAuthCredential | null;
private static credentialFromTaggedObject;
}
/**
* An enum of factors that may be used for multifactor authentication.
*
* @public
*/
export declare const FactorId: {
/** Phone as second factor */
readonly PHONE: "phone";
readonly TOTP: "totp";
};
/**
* The base class for all Federated providers (OAuth (including OIDC), SAML).
*
* This class is not meant to be instantiated directly.
*
* @public
*/
declare abstract class FederatedAuthProvider implements AuthProvider {
readonly providerId: string;
/** @internal */
defaultLanguageCode: string | null;
/** @internal */
private customParameters;
/**
* Constructor for generic OAuth providers.
*
* @param providerId - Provider for which credentials should be generated.
*/
constructor(providerId: string);
/**
* Set the language gode.
*
* @param languageCode - language code
*/
setDefaultLanguage(languageCode: string | null): void;
/**
* Sets the OAuth custom parameters to pass in an OAuth request for popup and redirect sign-in
* operations.
*
* @remarks
* For a detailed list, check the reserved required OAuth 2.0 parameters such as `client_id`,
* `redirect_uri`, `scope`, `response_type`, and `state` are not allowed and will be ignored.
*
* @param customOAuthParameters - The custom OAuth parameters to pass in the OAuth request.
*/
setCustomParameters(customOAuthParameters: CustomParameters): AuthProvider;
/**
* Retrieve the current list of {@link CustomParameters}.
*/
getCustomParameters(): CustomParameters;
}
/**
* Gets the list of possible sign in methods for the given email address. This method returns an
* empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
* authentication methods available for the given email.
*
* @remarks
* This is useful to differentiate methods of sign-in for the same provider, eg.
* {@link EmailAuthProvider} which has 2 methods of sign-in,
* {@link SignInMethod}.EMAIL_PASSWORD and
* {@link SignInMethod}.EMAIL_LINK.
*
* @param auth - The {@link Auth} instance.
* @param email - The user's email address.
*
* Deprecated. Migrating off of this method is recommended as a security best-practice.
* Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
* @public
*/
export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
declare interface FinalizeMfaResponse {
idToken: string;
refreshToken: string;
}
/**
* @internal
*/
declare type GenericAuthErrorParams = {
[key in Exclude<AuthErrorCode, AuthErrorCode.ARGUMENT_ERROR | AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH | AuthErrorCode.INTERNAL_ERROR | AuthErrorCode.MFA_REQUIRED | AuthErrorCode.NO_AUTH_EVENT | AuthErrorCode.OPERATION_NOT_SUPPORTED>]: {
appName?: AppName;
email?: string;
phoneNumber?: string;
message?: string;
};
};
/**
* Extracts provider specific {@link AdditionalUserInfo} for the given credential.
*
* @param userCredential - The user credential.
*
* @public
*/
export declare function getAdditionalUserInfo(userCredential: UserCredential): AdditionalUserInfo | null;
/**
* Returns the Auth instance associated with the provided {@link @firebase/app#FirebaseApp}.
* If no instance exists, initializes an Auth instance with platform-specific default dependencies.
*
* @param app - The Firebase App.
*
* @public
*/
export declare function getAuth(app?: FirebaseApp): Auth;
/**
* Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.
*
* @remarks
* Returns the current token if it has not expired or if it will not expire in the next five
* minutes. Otherwise, this will refresh the token and return a new one.
*
* @param user - The user.
* @param forceRefresh - Force refresh regardless of token expiration.
*
* @public
*/
export declare function getIdToken(user: User, forceRefresh?: boolean): Promise<string>;
/**
* Returns a deserialized JSON Web Token (JWT) used to identify the user to a Firebase service.
*
* @remarks
* Returns the current token if it has not expired or if it will not expire in the next five
* minutes. Otherwise, this will refresh the token and return a new one.
*
* @param user - The user.
* @param forceRefresh - Force refresh regardless of token expiration.
*
* @public
*/
export declare function getIdTokenResult(user: User, forceRefresh?: boolean): Promise<IdTokenResult>;
/**
* Provides a {@link MultiFactorResolver} suitable for completion of a
* multi-factor flow.
*
* @param auth - The {@link Auth} instance.
* @param error - The {@link MultiFactorError} raised during a sign-in, or
* reauthentication operation.
*
* @public
*/
export declare function getMultiFactorResolver(auth: Auth, error: MultiFactorError): MultiFactorResolver;
declare interface GetRecaptchaConfigResponse {
recaptchaKey: string;
recaptchaEnforcementState: RecaptchaEnforcementProviderState[];
}
/**
* Returns a {@link UserCredential} from the redirect-based sign-in flow.
*
* @remarks
* If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
* error. If no redirect operation was called, returns `null`.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* // Sign in using a redirect.
* const provider = new FacebookAuthProvider();
* // You can add additional scopes to the provider:
* provider.addScope('user_birthday');
* // Start a sign in process for an unauthenticated user.
* await signInWithRedirect(auth, provider);
* // This will trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* if (result) {
* // This is the signed-in user
* const user = result.user;
* // This gives you a Facebook Access Token.
* const credential = provider.credentialFromResult(auth, result);
* const token = credential.accessToken;
* }
* // As this API can be used for sign-in, linking and reauthentication,
* // check the operationType to determine what triggered this redirect
* // operation.
* const operationType = result.operationType;
* ```
*
* @param auth - The {@link Auth} instance.
* @param resolver - An instance of {@link PopupRedirectResolver}, optional
* if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
*
* @public
*/
export declare function getRedirectResult(auth: Auth, resolver?: PopupRedirectResolver): Promise<UserCredential | null>;
/**
* Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GITHUB.
*
* @remarks
* GitHub requires an OAuth 2.0 redirect, so you can either handle the redirect directly, or use
* the {@link signInWithPopup} handler:
*
* @example
* ```javascript
* // Sign in using a redirect.
* const provider = new GithubAuthProvider();
* // Start a sign in process for an unauthenticated user.
* provider.addScope('repo');
* await signInWithRedirect(auth, provider);
* // This will trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* if (result) {
* // This is the signed-in user
* const user = result.user;
* // This gives you a Github Access Token.
* const credential = GithubAuthProvider.credentialFromResult(result);
* const token = credential.accessToken;
* }
* ```
*
* @example
* ```javascript
* // Sign in using a popup.
* const provider = new GithubAuthProvider();
* provider.addScope('repo');
* const result = await signInWithPopup(auth, provider);
*
* // The signed-in user info.
* const user = result.user;
* // This gives you a Github Access Token.
* const credential = GithubAuthProvider.credentialFromResult(result);
* const token = credential.accessToken;
* ```
* @public
*/
export declare class GithubAuthProvider extends BaseOAuthProvider {
/** Always set to {@link SignInMethod}.GITHUB. */
static readonly GITHUB_SIGN_IN_METHOD: 'github.com';
/** Always set to {@link ProviderId}.GITHUB. */
static readonly PROVIDER_ID: 'github.com';
constructor();
/**
* Creates a credential for Github.
*
* @param accessToken - Github access token.
*/
static credential(accessToken: string): OAuthCredential;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
*
* @param userCredential - The user credential.
*/
static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
* thrown during a sign-in, link, or reauthenticate operation.
*
* @param userCredential - The user credential.
*/
static credentialFromError(error: FirebaseError): OAuthCredential | null;
private static credentialFromTaggedObject;
}
/**
* Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GOOGLE.
*
* @example
* ```javascript
* // Sign in using a redirect.
* const provider = new GoogleAuthProvider();
* // Start a sign in process for an unauthenticated user.
* provider.addScope('profile');
* provider.addScope('email');
* await signInWithRedirect(auth, provider);
* // This will trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* if (result) {
* // This is the signed-in user
* const user = result.user;
* // This gives you a Google Access Token.
* const credential = GoogleAuthProvider.credentialFromResult(result);
* const token = credential.accessToken;
* }
* ```
*
* @example
* ```javascript
* // Sign in using a popup.
* const provider = new GoogleAuthProvider();
* provider.addScope('profile');
* provider.addScope('email');
* const result = await signInWithPopup(auth, provider);
*
* // The signed-in user info.
* const user = result.user;
* // This gives you a Google Access Token.
* const credential = GoogleAuthProvider.credentialFromResult(result);
* const token = credential.accessToken;
* ```
*
* @public
*/
export declare class GoogleAuthProvider extends BaseOAuthProvider {
/** Always set to {@link SignInMethod}.GOOGLE. */
static readonly GOOGLE_SIGN_IN_METHOD: 'google.com';
/** Always set to {@link ProviderId}.GOOGLE. */
static readonly PROVIDER_ID: 'google.com';
constructor();
/**
* Creates a credential for Google. At least one of ID token and access token is required.
*
* @example
* ```javascript
* // \`googleUser\` from the onsuccess Google Sign In callback.
* const credential = GoogleAuthProvider.credential(googleUser.getAuthResponse().id_token);
* const result = await signInWithCredential(credential);
* ```
*
* @param idToken - Google ID token.
* @param accessToken - Google access token.
*/
static credential(idToken?: string | null, accessToken?: string | null): OAuthCredential;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
*
* @param userCredential - The user credential.
*/
static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
* thrown during a sign-in, link, or reauthenticate operation.
*
* @param userCredential - The user credential.
*/
static credentialFromError(error: FirebaseError): OAuthCredential | null;
private static credentialFromTaggedObject;
}
/**
* Raw encoded JWT
*
*/
declare type IdToken = string;
/**
* @internal
*/
declare interface IdTokenMfaResponse extends IdTokenResponse {
mfaPendingCredential?: string;
mfaInfo?: MfaEnrollment[];
}
/**
* IdToken as returned by the API
*
* @internal
*/
declare interface IdTokenResponse {
localId: string;
idToken?: IdToken;
refreshToken?: string;
expiresIn?: string;
providerId?: string;
displayName?: string | null;
isNewUser?: boolean;
kind?: IdTokenResponseKind;
photoUrl?: string | null;
rawUserInfo?: string;
screenName?: string | null;
}
/**
* The possible types of the `IdTokenResponse`
*
* @internal
*/
declare const enum IdTokenResponseKind {
CreateAuthUri = "identitytoolkit#CreateAuthUriResponse",
DeleteAccount = "identitytoolkit#DeleteAccountResponse",
DownloadAccount = "identitytoolkit#DownloadAccountResponse",
EmailLinkSignin = "identitytoolkit#EmailLinkSigninResponse",
GetAccountInfo = "identitytoolkit#GetAccountInfoResponse",
GetOobConfirmationCode = "identitytoolkit#GetOobConfirmationCodeResponse",
GetRecaptchaParam = "identitytoolkit#GetRecaptchaParamResponse",
ResetPassword = "identitytoolkit#ResetPasswordResponse",
SetAccountInfo = "identitytoolkit#SetAccountInfoResponse",
SignupNewUser = "identitytoolkit#SignupNewUserResponse",
UploadAccount = "identitytoolkit#UploadAccountResponse",
VerifyAssertion = "identitytoolkit#VerifyAssertionResponse",
VerifyCustomToken = "identitytoolkit#VerifyCustomTokenResponse",
VerifyPassword = "identitytoolkit#VerifyPasswordResponse"
}
/**
* Interface representing ID token result obtained from {@link User.getIdTokenResult}.
*
* @remarks
* `IdTokenResult` contains the ID token JWT string and other helper properties for getting different data
* associated with the token as well as all the decoded payload claims.
*
* Note that these claims are not to be trusted as they are parsed client side. Only server side
* verification can guarantee the integrity of the token claims.
*
* @public
*/
export declare interface IdTokenResult {
/**
* The authentication time formatted as a UTC string.
*
* @remarks
* This is the time the user authenticated (signed in) and not the time the token was refreshed.
*/
authTime: string;
/** The ID token expiration time formatted as a UTC string. */
expirationTime: string;
/** The ID token issuance time formatted as a UTC string. */
issuedAtTime: string;
/**
* The sign-in provider through which the ID token was obtained (anonymous, custom, phone,
* password, etc).
*
* @remarks
* Note, this does not map to provider IDs.
*/
signInProvider: string | null;
/**
* The type of second factor associated with this session, provided the user was multi-factor
* authenticated (eg. phone, etc).
*/
signInSecondFactor: string | null;
/** The Firebase Auth ID token JWT string. */
token: string;
/**
* The entire payload claims of the ID token including the standard reserved claims as well as
* the custom claims.
*/
claims: ParsedToken;
}
/**
* An implementation of {@link Persistence} of type `LOCAL` using `indexedDB`
* for the underlying storage.
*
* @public
*/
export declare const indexedDBLocalPersistence: Persistence;
/**
* Initializes an {@link Auth} instance with fine-grained control over
* {@link Dependencies}.
*
* @remarks
*
* This function allows more control over the {@link Auth} instance than
* {@link getAuth}. `getAuth` uses platform-specific defaults to supply
* the {@link Dependencies}. In general, `getAuth` is the easiest way to
* initialize Auth and works for most use cases. Use `initializeAuth` if you
* need control over which persistence layer is used, or to minimize bundle
* size if you're not using either `signInWithPopup` or `signInWithRedirect`.
*
* For example, if your app only uses anonymous accounts and you only want
* accounts saved for the current session, initialize `Auth` with:
*
* ```js
* const auth = initializeAuth(app, {
* persistence: browserSessionPersistence,
* popupRedirectResolver: undefined,
* });
* ```
*
* @public
*/
export declare function initializeAuth(app: FirebaseApp, deps?: Dependencies): Auth;
/**
* Loads the reCAPTCHA configuration into the `Auth` instance.
*
* @remarks
* This will load the reCAPTCHA config, which indicates whether the reCAPTCHA
* verification flow should be triggered for each auth provider, into the
* current Auth session.
*
* If initializeRecaptchaConfig() is not invoked, the auth flow will always start
* without reCAPTCHA verification. If the provider is configured to require reCAPTCHA
* verification, the SDK will transparently load the reCAPTCHA config and restart the
* auth flows.
*
* Thus, by calling this optional method, you will reduce the latency of future auth flows.
* Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* initializeRecaptchaConfig(auth);
* ```
*
* @param auth - The {@link Auth} instance.
*
* @public
*/
export declare function initializeRecaptchaConfig(auth: Auth): Promise<void>;
/**
* An implementation of {@link Persistence} of type 'NONE'.
*
* @public
*/
export declare const inMemoryPersistence: Persistence;
/**
* Checks if an incoming link is a sign-in with email link suitable for {@link signInWithEmailLink}.
*
* @param auth - The {@link Auth} instance.
* @param emailLink - The link sent to the user's email address.
*
* @public
*/
export declare function isSignInWithEmailLink(auth: Auth, emailLink: string): boolean;
/**
* Links the user account with the given credentials.
*
* @remarks
* An {@link AuthProvider} can be used to generate the credential.
*
* @param user - The user.
* @param credential - The auth credential.
*
* @public
*/
export declare function linkWithCredential(user: User, credential: AuthCredential): Promise<UserCredential>;
/**
* Links the user account with the given phone number.
*
* @remarks
* This method does not work in a Node.js environment.
*
* @param user - The user.
* @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
* @param appVerifier - The {@link ApplicationVerifier}.
*
* @public
*/
export declare function linkWithPhoneNumber(user: User, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
/**
* Links the authenticated provider to the user account using a pop-up based OAuth flow.
*
* @remarks
* If the linking is successful, the returned result will contain the user and the provider's credential.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* // Sign in using some other provider.
* const result = await signInWithEmailAndPassword(auth, email, password);
* // Link using a popup.
* const provider = new FacebookAuthProvider();
* await linkWithPopup(result.user, provider);
* ```
*
* @param user - The user.
* @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
* Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
* @param resolver - An instance of {@link PopupRedirectResolver}, optional
* if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
*
* @public
*/
export declare function linkWithPopup(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<UserCredential>;
/**
* Links the {@link OAuthProvider} to the user account using a full-page redirect flow.
* @remarks
* To handle the results and errors for this operation, refer to {@link getRedirectResult}.
* Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
* | best practices} when using {@link linkWithRedirect}.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* // Sign in using some other provider.
* const result = await signInWithEmailAndPassword(auth, email, password);
* // Link using a redirect.
* const provider = new FacebookAuthProvider();
* await linkWithRedirect(result.user, provider);
* // This will trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* ```
*
* @param user - The user.
* @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
* Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
* @param resolver - An instance of {@link PopupRedirectResolver}, optional
* if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
*
* @public
*/
export declare function linkWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
/**
* MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment and TotpMfaEnrollment are supported.
*/
declare type MfaEnrollment = PhoneMfaEnrollment | TotpMfaEnrollment;
/**
* The {@link MultiFactorUser} corresponding to the user.
*
* @remarks
* This is used to access all multi-factor properties and operations related to the user.
*
* @param user - The user.
*
* @public
*/
export declare function multiFactor(user: User): MultiFactorUser;
/**
* The base class for asserting ownership of a second factor.
*
* @remarks
* This is used to facilitate enrollment of a second factor on an existing user or sign-in of a
* user who already verified the first factor.
*
* @public
*/
export declare interface MultiFactorAssertion {
/** The identifier of the second factor. */
readonly factorId: (typeof FactorId)[keyof typeof FactorId];
}
/**
* The error thrown when the user needs to provide a second factor to sign in successfully.
*
* @remarks
* The error code for this error is `auth/multi-factor-auth-required`.
*
* @example
* ```javascript
* let resolver;
* let multiFactorHints;
*
* signInWithEmailAndPassword(auth, email, password)
* .then((result) => {
* // User signed in. No 2nd factor challenge is needed.
* })
* .catch((error) => {
* if (error.code == 'auth/multi-factor-auth-required') {
* resolver = getMultiFactorResolver(auth, error);
* multiFactorHints = resolver.hints;
* } else {
* // Handle other errors.
* }
* });
*
* // Obtain a multiFactorAssertion by verifying the second factor.
*
* const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
* ```
*
* @public
*/
export declare interface MultiFactorError extends AuthError {
/** Details about the MultiFactorError. */
readonly customData: AuthError['customData'] & {
/**
* The type of operation (sign-in, linking, or re-authentication) that raised the error.
*/
readonly operationType: (typeof OperationType)[keyof typeof OperationType];
};
}
/**
* A structure containing the information of a second factor entity.
*
* @public
*/
export declare interface MultiFactorInfo {
/** The multi-factor enrollment ID. */
readonly uid: string;
/** The user friendly name of the current second factor. */
readonly displayName?: string | null;
/** The enrollment date of the second factor formatted as a UTC string. */
readonly enrollmentTime: string;
/** The identifier of the second factor. */
readonly factorId: (typeof FactorId)[keyof typeof FactorId];
}
/**
* The class used to facilitate recovery from {@link MultiFactorError} when a user needs to
* provide a second factor to sign in.
*
* @example
* ```javascript
* let resolver;
* let multiFactorHints;
*
* signInWithEmailAndPassword(auth, email, password)
* .then((result) => {
* // User signed in. No 2nd factor challenge is needed.
* })
* .catch((error) => {
* if (error.code == 'auth/multi-factor-auth-required') {
* resolver = getMultiFactorResolver(auth, error);
* // Show UI to let user select second factor.
* multiFactorHints = resolver.hints;
* } else {
* // Handle other errors.
* }
* });
*
* // The enrolled second factors that can be used to complete
* // sign-in are returned in the `MultiFactorResolver.hints` list.
* // UI needs to be presented to allow the user to select a second factor
* // from that list.
*
* const selectedHint = // ; selected from multiFactorHints
* const phoneAuthProvider = new PhoneAuthProvider(auth);
* const phoneInfoOptions = {
* multiFactorHint: selectedHint,
* session: resolver.session
* };
* const verificationId = phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
* // Store `verificationId` and show UI to let user enter verification code.
*
* // UI to enter verification code and continue.
* // Continue button click handler
* const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
* const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
* const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
* ```
*
* @public
*/
export declare interface MultiFactorResolver {
/**
* The list of hints for the second factors needed to complete the sign-in for the current
* session.
*/
readonly hints: MultiFactorInfo[];
/**
* The session identifier for the current sign-in flow, which can be used to complete the second
* factor sign-in.
*/
readonly session: MultiFactorSession;
/**
* A helper function to help users complete sign in with a second factor using an
* {@link MultiFactorAssertion} confirming the user successfully completed the second factor
* challenge.
*
* @example
* ```javascript
* const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
* const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
* const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
* ```
*
* @param assertion - The multi-factor assertion to resolve sign-in with.
* @returns The promise that resolves with the user credential object.
*/
resolveSignIn(assertion: MultiFactorAssertion): Promise<UserCredential>;
}
/**
* An interface defining the multi-factor session object used for enrolling a second factor on a
* user or helping sign in an enrolled user with a second factor.
*
* @public
*/
export declare interface MultiFactorSession {
}
/**
* An interface that defines the multi-factor related properties and operations pertaining
* to a {@link User}.
*
* @public
*/
export declare interface MultiFactorUser {
/** Returns a list of the user's enrolled second factors. */
readonly enrolledFactors: MultiFactorInfo[];
/**
* Returns the session identifier for a second factor enrollment operation. This is used to
* identify the user trying to enroll a second factor.
*
* @example
* ```javascript
* const multiFactorUser = multiFactor(auth.currentUser);
* const multiFactorSession = await multiFactorUser.getSession();
*
* // Send verification code.
* const phoneAuthProvider = new PhoneAuthProvider(auth);
* const phoneInfoOptions = {
* phoneNumber: phoneNumber,
* session: multiFactorSession
* };
* const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
*
* // Obtain verification code from user.
* const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
* const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
* await multiFactorUser.enroll(multiFactorAssertion);
* ```
*
* @returns The promise that resolves with the {@link MultiFactorSession}.
*/
getSession(): Promise<MultiFactorSession>;
/**
*
* Enrolls a second factor as identified by the {@link MultiFactorAssertion} for the
* user.
*
* @remarks
* On resolution, the user tokens are updated to reflect the change in the JWT payload.
* Accepts an additional display name parameter used to identify the second factor to the end
* user. Recent re-authentication is required for this operation to succeed. On successful
* enrollment, existing Firebase sessions (refresh tokens) are revoked. When a new factor is
* enrolled, an email notification is sent to the users email.
*
* @example
* ```javascript
* const multiFactorUser = multiFactor(auth.currentUser);
* const multiFactorSession = await multiFactorUser.getSession();
*
* // Send verification code.
* const phoneAuthProvider = new PhoneAuthProvider(auth);
* const phoneInfoOptions = {
* phoneNumber: phoneNumber,
* session: multiFactorSession
* };
* const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
*
* // Obtain verification code from user.
* const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
* const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
* await multiFactorUser.enroll(multiFactorAssertion);
* // Second factor enrolled.
* ```
*
* @param assertion - The multi-factor assertion to enroll with.
* @param displayName - The display name of the second factor.
*/
enroll(assertion: MultiFactorAssertion, displayName?: string | null): Promise<void>;
/**
* Unenrolls the specified second factor.
*
* @remarks
* To specify the factor to remove, pass a {@link MultiFactorInfo} object (retrieved from
* {@link MultiFactorUser.enrolledFactors}) or the
* factor's UID string. Sessions are not revoked when the account is unenrolled. An email
* notification is likely to be sent to the user notifying them of the change. Recent
* re-authentication is required for this operation to succeed. When an existing factor is
* unenrolled, an email notification is sent to the users email.
*
* @example
* ```javascript
* const multiFactorUser = multiFactor(auth.currentUser);
* // Present user the option to choose which factor to unenroll.
* await multiFactorUser.unenroll(multiFactorUser.enrolledFactors[i])
* ```
*
* @param option - The multi-factor option to unenroll.
* @returns - A `Promise` which resolves when the unenroll operation is complete.
*/
unenroll(option: MultiFactorInfo | string): Promise<void>;
}
declare type MutableUserInfo = {
-readonly [K in keyof UserInfo]: UserInfo[K];
};
export { NextFn }
/**
* Type definition for an event callback.
*
* @privateRemarks TODO(avolkovi): should we consolidate with Subscribe<T> since we're changing the API anyway?
*
* @public
*/
export declare type NextOrObserver<T> = NextFn<T | null> | Observer<T | null>;
/**
* Represents the OAuth credentials returned by an {@link OAuthProvider}.
*
* @remarks
* Implementations specify the details about each auth provider's credential requirements.
*
* @public
*/
export declare class OAuthCredential extends AuthCredential {
/**
* The OAuth ID token associated with the credential if it belongs to an OIDC provider,
* such as `google.com`.
* @readonly
*/
idToken?: string;
/**
* The OAuth access token associated with the credential if it belongs to an
* {@link OAuthProvider}, such as `facebook.com`, `twitter.com`, etc.
* @readonly
*/
accessToken?: string;
/**
* The OAuth access token secret associated with the credential if it belongs to an OAuth 1.0
* provider, such as `twitter.com`.
* @readonly
*/
secret?: string;
private nonce?;
private pendingToken;
/** @internal */
static _fromParams(params: OAuthCredentialParams): OAuthCredential;
/** {@inheritdoc AuthCredential.toJSON} */
toJSON(): object;
/**
* Static method to deserialize a JSON representation of an object into an
* {@link AuthCredential}.
*
* @param json - Input can be either Object or the stringified representation of the object.
* When string is provided, JSON.parse would be called first.
*
* @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
*/
static fromJSON(json: string | object): OAuthCredential | null;
/** @internal */
_getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse>;
/** @internal */
_linkToIdToken(auth: AuthInternal, idToken: string): Promise<IdTokenResponse>;
/** @internal */
_getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse>;
private buildRequest;
}
/**
* Defines the options for initializing an {@link OAuthCredential}.
*
* @remarks
* For ID tokens with nonce claim, the raw nonce has to also be provided.
*
* @public
*/
export declare interface OAuthCredentialOptions {
/**
* The OAuth ID token used to initialize the {@link OAuthCredential}.
*/
idToken?: string;
/**
* The OAuth access token used to initialize the {@link OAuthCredential}.
*/
accessToken?: string;
/**
* The raw nonce associated with the ID token.
*
* @remarks
* It is required when an ID token with a nonce field is provided. The SHA-256 hash of the
* raw nonce must match the nonce field in the ID token.
*/
rawNonce?: string;
}
declare interface OAuthCredentialParams {
idToken?: string | null;
accessToken?: string | null;
oauthToken?: string;
secret?: string;
oauthTokenSecret?: string;
nonce?: string;
pendingToken?: string;
providerId: string;
signInMethod: string;
}
/**
* Provider for generating generic {@link OAuthCredential}.
*
* @example
* ```javascript
* // Sign in using a redirect.
* const provider = new OAuthProvider('google.com');
* // Start a sign in process for an unauthenticated user.
* provider.addScope('profile');
* provider.addScope('email');
* await signInWithRedirect(auth, provider);
* // This will trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* if (result) {
* // This is the signed-in user
* const user = result.user;
* // This gives you a OAuth Access Token for the provider.
* const credential = provider.credentialFromResult(auth, result);
* const token = credential.accessToken;
* }
* ```
*
* @example
* ```javascript
* // Sign in using a popup.
* const provider = new OAuthProvider('google.com');
* provider.addScope('profile');
* provider.addScope('email');
* const result = await signInWithPopup(auth, provider);
*
* // The signed-in user info.
* const user = result.user;
* // This gives you a OAuth Access Token for the provider.
* const credential = provider.credentialFromResult(auth, result);
* const token = credential.accessToken;
* ```
* @public
*/
export declare class OAuthProvider extends BaseOAuthProvider {
/**
* Creates an {@link OAuthCredential} from a JSON string or a plain object.
* @param json - A plain object or a JSON string
*/
static credentialFromJSON(json: object | string): OAuthCredential;
/**
* Creates a {@link OAuthCredential} from a generic OAuth provider's access token or ID token.
*
* @remarks
* The raw nonce is required when an ID token with a nonce field is provided. The SHA-256 hash of
* the raw nonce must match the nonce field in the ID token.
*
* @example
* ```javascript
* // `googleUser` from the onsuccess Google Sign In callback.
* // Initialize a generate OAuth provider with a `google.com` providerId.
* const provider = new OAuthProvider('google.com');
* const credential = provider.credential({
* idToken: googleUser.getAuthResponse().id_token,
* });
* const result = await signInWithCredential(credential);
* ```
*
* @param params - Either the options object containing the ID token, access token and raw nonce
* or the ID token string.
*/
credential(params: OAuthCredentialOptions): OAuthCredential;
/** An internal credential method that accepts more permissive options */
private _credential;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
*
* @param userCredential - The user credential.
*/
static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
* thrown during a sign-in, link, or reauthenticate operation.
*
* @param userCredential - The user credential.
*/
static credentialFromError(error: FirebaseError): OAuthCredential | null;
private static oauthCredentialFromTaggedObject;
}
/**
* Adds an observer for changes to the user's sign-in state.
*
* @remarks
* To keep the old behavior, see {@link onIdTokenChanged}.
*
* @param auth - The {@link Auth} instance.
* @param nextOrObserver - callback triggered on change.
* @param error - Deprecated. This callback is never triggered. Errors
* on signing in/out can be caught in promises returned from
* sign-in/sign-out functions.
* @param completed - Deprecated. This callback is never triggered.
*
* @public
*/
export declare function onAuthStateChanged(auth: Auth, nextOrObserver: NextOrObserver<User>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
/**
* Adds an observer for changes to the signed-in user's ID token.
*
* @remarks
* This includes sign-in, sign-out, and token refresh events.
* This will not be triggered automatically upon ID token expiration. Use {@link User.getIdToken} to refresh the ID token.
*
* @param auth - The {@link Auth} instance.
* @param nextOrObserver - callback triggered on change.
* @param error - Deprecated. This callback is never triggered. Errors
* on signing in/out can be caught in promises returned from
* sign-in/sign-out functions.
* @param completed - Deprecated. This callback is never triggered.
*
* @public
*/
export declare function onIdTokenChanged(auth: Auth, nextOrObserver: NextOrObserver<User>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
/**
* Enumeration of supported operation types.
*
* @public
*/
export declare const OperationType: {
/** Operation involving linking an additional provider to an already signed-in user. */
readonly LINK: "link";
/** Operation involving using a provider to reauthenticate an already signed-in user. */
readonly REAUTHENTICATE: "reauthenticate";
/** Operation involving signing in a user. */
readonly SIGN_IN: "signIn";
};
/**
* Parses the email action link string and returns an {@link ActionCodeURL} if
* the link is valid, otherwise returns null.
*
* @public
*/
export declare function parseActionCodeURL(link: string): ActionCodeURL | null;
/**
* Interface representing a parsed ID token.
*
* @privateRemarks TODO(avolkovi): consolidate with parsed_token in implementation.
*
* @public
*/
export declare interface ParsedToken {
/** Expiration time of the token. */
'exp'?: string;
/** UID of the user. */
'sub'?: string;
/** Time at which authentication was performed. */
'auth_time'?: string;
/** Issuance time of the token. */
'iat'?: string;
/** Firebase specific claims, containing the provider(s) used to authenticate the user. */
'firebase'?: {
'sign_in_provider'?: string;
'sign_in_second_factor'?: string;
'identities'?: Record<string, string>;
};
/** Map of any additional custom claims. */
[key: string]: unknown;
}
/**
* A structure specifying password policy requirements.
*
* @public
*/
export declare interface PasswordPolicy {
/**
* Requirements enforced by this password policy.
*/
readonly customStrengthOptions: {
/**
* Minimum password length, or undefined if not configured.
*/
readonly minPasswordLength?: number;
/**
* Maximum password length, or undefined if not configured.
*/
readonly maxPasswordLength?: number;
/**
* Whether the password should contain a lowercase letter, or undefined if not configured.
*/
readonly containsLowercaseLetter?: boolean;
/**
* Whether the password should contain an uppercase letter, or undefined if not configured.
*/
readonly containsUppercaseLetter?: boolean;
/**
* Whether the password should contain a numeric character, or undefined if not configured.
*/
readonly containsNumericCharacter?: boolean;
/**
* Whether the password should contain a non-alphanumeric character, or undefined if not configured.
*/
readonly containsNonAlphanumericCharacter?: boolean;
};
/**
* List of characters that are considered non-alphanumeric during validation.
*/
readonly allowedNonAlphanumericCharacters: string;
/**
* The enforcement state of the policy. Can be 'OFF' or 'ENFORCE'.
*/
readonly enforcementState: string;
/**
* Whether existing passwords must meet the policy.
*/
readonly forceUpgradeOnSignin: boolean;
}
/**
* Internal typing of the password policy custom strength options that is modifiable. This
* allows us to construct the strength options before storing them in the policy.
*
* @internal
*/
declare interface PasswordPolicyCustomStrengthOptions {
/**
* Minimum password length.
*/
minPasswordLength?: number;
/**
* Maximum password length.
*/
maxPasswordLength?: number;
/**
* Whether the password should contain a lowercase letter.
*/
containsLowercaseLetter?: boolean;
/**
* Whether the password should contain an uppercase letter.
*/
containsUppercaseLetter?: boolean;
/**
* Whether the password should contain a numeric character.
*/
containsNumericCharacter?: boolean;
/**
* Whether the password should contain a non-alphanumeric character.
*/
containsNonAlphanumericCharacter?: boolean;
}
/**
* Internal typing of password policy that includes the schema version and methods for
* validating that a password meets the policy. The developer does not need access to
* these properties and methods, so they are excluded from the public typing.
*
* @internal
*/
declare interface PasswordPolicyInternal extends PasswordPolicy {
/**
* Requirements enforced by the password policy.
*/
readonly customStrengthOptions: PasswordPolicyCustomStrengthOptions;
/**
* Schema version of the password policy.
*/
readonly schemaVersion: number;
/**
* Validates the password against the policy.
* @param password Password to validate.
*/
validatePassword(password: string): PasswordValidationStatus;
}
/**
* A structure indicating which password policy requirements were met or violated and what the
* requirements are.
*
* @public
*/
export declare interface PasswordValidationStatus {
/**
* Whether the password meets all requirements.
*/
readonly isValid: boolean;
/**
* Whether the password meets the minimum password length, or undefined if not required.
*/
readonly meetsMinPasswordLength?: boolean;
/**
* Whether the password meets the maximum password length, or undefined if not required.
*/
readonly meetsMaxPasswordLength?: boolean;
/**
* Whether the password contains a lowercase letter, or undefined if not required.
*/
readonly containsLowercaseLetter?: boolean;
/**
* Whether the password contains an uppercase letter, or undefined if not required.
*/
readonly containsUppercaseLetter?: boolean;
/**
* Whether the password contains a numeric character, or undefined if not required.
*/
readonly containsNumericCharacter?: boolean;
/**
* Whether the password contains a non-alphanumeric character, or undefined if not required.
*/
readonly containsNonAlphanumericCharacter?: boolean;
/**
* The policy used to validate the password.
*/
readonly passwordPolicy: PasswordPolicy;
}
declare type PersistedBlob = Record<string, unknown>;
/**
* An interface covering the possible persistence mechanism types.
*
* @public
*/
export declare interface Persistence {
/**
* Type of Persistence.
* - 'SESSION' is used for temporary persistence such as `sessionStorage`.
* - 'LOCAL' is used for long term persistence such as `localStorage` or `IndexedDB`.
* - 'NONE' is used for in-memory, or no persistence.
*/
readonly type: 'SESSION' | 'LOCAL' | 'NONE';
}
/**
* Represents the credentials returned by {@link PhoneAuthProvider}.
*
* @public
*/
export declare class PhoneAuthCredential extends AuthCredential {
private readonly params;
private constructor();
/** @internal */
static _fromVerification(verificationId: string, verificationCode: string): PhoneAuthCredential;
/** @internal */
static _fromTokenResponse(phoneNumber: string, temporaryProof: string): PhoneAuthCredential;
/** @internal */
_getIdTokenResponse(auth: AuthInternal): Promise<PhoneOrOauthTokenResponse>;
/** @internal */
_linkToIdToken(auth: AuthInternal, idToken: string): Promise<IdTokenResponse>;
/** @internal */
_getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse>;
/** @internal */
_makeVerificationRequest(): SignInWithPhoneNumberRequest;
/** {@inheritdoc AuthCredential.toJSON} */
toJSON(): object;
/** Generates a phone credential based on a plain object or a JSON string. */
static fromJSON(json: object | string): PhoneAuthCredential | null;
}
/**
* Provider for generating an {@link PhoneAuthCredential}.
*
* @remarks
* `PhoneAuthProvider` does not work in a Node.js environment.
*
* @example
* ```javascript
* // 'recaptcha-container' is the ID of an element in the DOM.
* const applicationVerifier = new RecaptchaVerifier('recaptcha-container');
* const provider = new PhoneAuthProvider(auth);
* const verificationId = await provider.verifyPhoneNumber('+16505550101', applicationVerifier);
* // Obtain the verificationCode from the user.
* const phoneCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
* const userCredential = await signInWithCredential(auth, phoneCredential);
* ```
*
* @public
*/
export declare class PhoneAuthProvider {
/** Always set to {@link ProviderId}.PHONE. */
static readonly PROVIDER_ID: 'phone';
/** Always set to {@link SignInMethod}.PHONE. */
static readonly PHONE_SIGN_IN_METHOD: 'phone';
/** Always set to {@link ProviderId}.PHONE. */
readonly providerId: "phone";
private readonly auth;
/**
* @param auth - The Firebase {@link Auth} instance in which sign-ins should occur.
*
*/
constructor(auth: Auth);
/**
*
* Starts a phone number authentication flow by sending a verification code to the given phone
* number.
*
* @example
* ```javascript
* const provider = new PhoneAuthProvider(auth);
* const verificationId = await provider.verifyPhoneNumber(phoneNumber, applicationVerifier);
* // Obtain verificationCode from the user.
* const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
* const userCredential = await signInWithCredential(auth, authCredential);
* ```
*
* @example
* An alternative flow is provided using the `signInWithPhoneNumber` method.
* ```javascript
* const confirmationResult = signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
* // Obtain verificationCode from the user.
* const userCredential = confirmationResult.confirm(verificationCode);
* ```
*
* @param phoneInfoOptions - The user's {@link PhoneInfoOptions}. The phone number should be in
* E.164 format (e.g. +16505550101).
* @param applicationVerifier - For abuse prevention, this method also requires a
* {@link ApplicationVerifier}. This SDK includes a reCAPTCHA-based implementation,
* {@link RecaptchaVerifier}.
*
* @returns A Promise for a verification ID that can be passed to
* {@link PhoneAuthProvider.credential} to identify this flow..
*/
verifyPhoneNumber(phoneOptions: PhoneInfoOptions | string, applicationVerifier: ApplicationVerifier): Promise<string>;
/**
* Creates a phone auth credential, given the verification ID from
* {@link PhoneAuthProvider.verifyPhoneNumber} and the code that was sent to the user's
* mobile device.
*
* @example
* ```javascript
* const provider = new PhoneAuthProvider(auth);
* const verificationId = provider.verifyPhoneNumber(phoneNumber, applicationVerifier);
* // Obtain verificationCode from the user.
* const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
* const userCredential = signInWithCredential(auth, authCredential);
* ```
*
* @example
* An alternative flow is provided using the `signInWithPhoneNumber` method.
* ```javascript
* const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
* // Obtain verificationCode from the user.
* const userCredential = await confirmationResult.confirm(verificationCode);
* ```
*
* @param verificationId - The verification ID returned from {@link PhoneAuthProvider.verifyPhoneNumber}.
* @param verificationCode - The verification code sent to the user's mobile device.
*
* @returns The auth provider credential.
*/
static credential(verificationId: string, verificationCode: string): PhoneAuthCredential;
/**
* Generates an {@link AuthCredential} from a {@link UserCredential}.
* @param userCredential - The user credential.
*/
static credentialFromResult(userCredential: UserCredential): AuthCredential | null;
/**
* Returns an {@link AuthCredential} when passed an error.
*
* @remarks
*
* This method works for errors like
* `auth/account-exists-with-different-credentials`. This is useful for
* recovering when attempting to set a user's phone number but the number
* in question is already tied to another account. For example, the following
* code tries to update the current user's phone number, and if that
* fails, links the user with the account associated with that number:
*
* ```js
* const provider = new PhoneAuthProvider(auth);
* const verificationId = await provider.verifyPhoneNumber(number, verifier);
* try {
* const code = ''; // Prompt the user for the verification code
* await updatePhoneNumber(
* auth.currentUser,
* PhoneAuthProvider.credential(verificationId, code));
* } catch (e) {
* if ((e as FirebaseError)?.code === 'auth/account-exists-with-different-credential') {
* const cred = PhoneAuthProvider.credentialFromError(e);
* await linkWithCredential(auth.currentUser, cred);
* }
* }
*
* // At this point, auth.currentUser.phoneNumber === number.
* ```
*
* @param error - The error to generate a credential from.
*/
static credentialFromError(error: FirebaseError): AuthCredential | null;
private static credentialFromTaggedObject;
}
/**
* The information required to verify the ownership of a phone number.
*
* @remarks
* The information that's required depends on whether you are doing single-factor sign-in,
* multi-factor enrollment or multi-factor sign-in.
*
* @public
*/
export declare type PhoneInfoOptions = PhoneSingleFactorInfoOptions | PhoneMultiFactorEnrollInfoOptions | PhoneMultiFactorSignInInfoOptions;
/**
* An MFA provided by SMS verification.
*/
declare interface PhoneMfaEnrollment extends BaseMfaEnrollment {
phoneInfo: string;
}
/**
* The class for asserting ownership of a phone second factor. Provided by
* {@link PhoneMultiFactorGenerator.assertion}.
*
* @public
*/
export declare interface PhoneMultiFactorAssertion extends MultiFactorAssertion {
}
/**
* Options used for enrolling a second factor.
*
* @public
*/
export declare interface PhoneMultiFactorEnrollInfoOptions {
/** Phone number to send a verification code to. */
phoneNumber: string;
/** The {@link MultiFactorSession} obtained via {@link MultiFactorUser.getSession}. */
session: MultiFactorSession;
}
/**
* Provider for generating a {@link PhoneMultiFactorAssertion}.
*
* @public
*/
export declare class PhoneMultiFactorGenerator {
private constructor();
/**
* Provides a {@link PhoneMultiFactorAssertion} to confirm ownership of the phone second factor.
*
* @remarks
* This method does not work in a Node.js environment.
*
* @param phoneAuthCredential - A credential provided by {@link PhoneAuthProvider.credential}.
* @returns A {@link PhoneMultiFactorAssertion} which can be used with
* {@link MultiFactorResolver.resolveSignIn}
*/
static assertion(credential: PhoneAuthCredential): PhoneMultiFactorAssertion;
/**
* The identifier of the phone second factor: `phone`.
*/
static FACTOR_ID: string;
}
/**
* The subclass of the {@link MultiFactorInfo} interface for phone number
* second factors. The `factorId` of this second factor is {@link FactorId}.PHONE.
* @public
*/
export declare interface PhoneMultiFactorInfo extends MultiFactorInfo {
/** The phone number associated with the current second factor. */
readonly phoneNumber: string;
}
/**
* Options used for signing in with a second factor.
*
* @public
*/
export declare interface PhoneMultiFactorSignInInfoOptions {
/**
* The {@link MultiFactorInfo} obtained via {@link MultiFactorResolver.hints}.
*
* One of `multiFactorHint` or `multiFactorUid` is required.
*/
multiFactorHint?: MultiFactorInfo;
/**
* The uid of the second factor.
*
* One of `multiFactorHint` or `multiFactorUid` is required.
*/
multiFactorUid?: string;
/** The {@link MultiFactorSession} obtained via {@link MultiFactorResolver.session}. */
session: MultiFactorSession;
}
/**
* @internal
*/
declare type PhoneOrOauthTokenResponse = SignInWithPhoneNumberResponse | SignInWithIdpResponse | IdTokenResponse;
/**
* Options used for single-factor sign-in.
*
* @public
*/
export declare interface PhoneSingleFactorInfoOptions {
/** Phone number to send a verification code to. */
phoneNumber: string;
}
/**
* A resolver used for handling DOM specific operations like {@link signInWithPopup}
* or {@link signInWithRedirect}.
*
* @public
*/
export declare interface PopupRedirectResolver {
}
/**
* We need to mark this interface as internal explicitly to exclude it in the public typings, because
* it references AuthInternal which has a circular dependency with UserInternal.
*
* @internal
*/
declare interface PopupRedirectResolverInternal extends PopupRedirectResolver {
_shouldInitProactively: boolean;
_initialize(auth: AuthInternal): Promise<EventManager>;
_openPopup(auth: AuthInternal, provider: AuthProvider, authType: AuthEventType, eventId?: string): Promise<AuthPopup>;
_openRedirect(auth: AuthInternal, provider: AuthProvider, authType: AuthEventType, eventId?: string): Promise<void | never>;
_isIframeWebStorageSupported(auth: AuthInternal, cb: (support: boolean) => unknown): void;
_redirectPersistence: Persistence;
_originValidation(auth: Auth): Promise<void>;
_completeRedirectFn: (auth: Auth, resolver: PopupRedirectResolver, bypassAuthState: boolean) => Promise<UserCredential | null>;
_overrideRedirectResult: (auth: AuthInternal, resultGetter: () => Promise<UserCredentialInternal | null>) => void;
}
/**
* A minimal error map with all verbose error messages stripped.
*
* See discussion at {@link AuthErrorMap}
*
* @public
*/
export declare const prodErrorMap: AuthErrorMap;
/**
* Enumeration of supported providers.
*
* @public
*/
export declare const ProviderId: {
/** Facebook provider ID */
readonly FACEBOOK: "facebook.com";
/** GitHub provider ID */
readonly GITHUB: "github.com";
/** Google provider ID */
readonly GOOGLE: "google.com";
/** Password provider */
readonly PASSWORD: "password";
/** Phone provider */
readonly PHONE: "phone";
/** Twitter provider ID */
readonly TWITTER: "twitter.com";
};
/**
* @license
* Copyright 2021 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Enumeration of supported providers.
* @internal
*/
declare const enum ProviderId_2 {
/** @internal */
ANONYMOUS = "anonymous",
/** @internal */
CUSTOM = "custom",
/** Facebook provider ID */
FACEBOOK = "facebook.com",
/** @internal */
FIREBASE = "firebase",
/** GitHub provider ID */
GITHUB = "github.com",
/** Google provider ID */
GOOGLE = "google.com",
/** Password provider */
PASSWORD = "password",
/** Phone provider */
PHONE = "phone",
/** Twitter provider ID */
TWITTER = "twitter.com"
}
declare interface ProviderUserInfo {
providerId: string;
rawId?: string;
email?: string;
displayName?: string;
photoUrl?: string;
phoneNumber?: string;
}
/**
* Interface for a supplied `AsyncStorage`.
*
* @public
*/
export declare interface ReactNativeAsyncStorage {
/**
* Persist an item in storage.
*
* @param key - storage key.
* @param value - storage value.
*/
setItem(key: string, value: string): Promise<void>;
/**
* Retrieve an item from storage.
*
* @param key - storage key.
*/
getItem(key: string): Promise<string | null>;
/**
* Remove an item from storage.
*
* @param key - storage key.
*/
removeItem(key: string): Promise<void>;
}
/**
* Re-authenticates a user using a fresh credential.
*
* @remarks
* Use before operations such as {@link updatePassword} that require tokens from recent sign-in
* attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error
* or a `TOKEN_EXPIRED` error.
*
* @param user - The user.
* @param credential - The auth credential.
*
* @public
*/
export declare function reauthenticateWithCredential(user: User, credential: AuthCredential): Promise<UserCredential>;
/**
* Re-authenticates a user using a fresh phone credential.
*
* @remarks
* Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.
*
* This method does not work in a Node.js environment.
*
* @param user - The user.
* @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
* @param appVerifier - The {@link ApplicationVerifier}.
*
* @public
*/
export declare function reauthenticateWithPhoneNumber(user: User, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
/**
* Reauthenticates the current user with the specified {@link OAuthProvider} using a pop-up based
* OAuth flow.
*
* @remarks
* If the reauthentication is successful, the returned result will contain the user and the
* provider's credential.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* // Sign in using a popup.
* const provider = new FacebookAuthProvider();
* const result = await signInWithPopup(auth, provider);
* // Reauthenticate using a popup.
* await reauthenticateWithPopup(result.user, provider);
* ```
*
* @param user - The user.
* @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
* Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
* @param resolver - An instance of {@link PopupRedirectResolver}, optional
* if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
*
* @public
*/
export declare function reauthenticateWithPopup(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<UserCredential>;
/**
* Reauthenticates the current user with the specified {@link OAuthProvider} using a full-page redirect flow.
* @remarks
* To handle the results and errors for this operation, refer to {@link getRedirectResult}.
* Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
* | best practices} when using {@link reauthenticateWithRedirect}.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* // Sign in using a redirect.
* const provider = new FacebookAuthProvider();
* const result = await signInWithRedirect(auth, provider);
* // This will trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* // Reauthenticate using a redirect.
* await reauthenticateWithRedirect(result.user, provider);
* // This will again trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* ```
*
* @param user - The user.
* @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
* Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
* @param resolver - An instance of {@link PopupRedirectResolver}, optional
* if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
*
* @public
*/
export declare function reauthenticateWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
declare interface Recaptcha {
render: (container: HTMLElement, parameters: RecaptchaParameters) => number;
getResponse: (id: number) => string;
execute: (id: number) => unknown;
reset: (id: number) => unknown;
}
declare class RecaptchaConfig {
/**
* The reCAPTCHA site key.
*/
siteKey: string;
/**
* The list of providers and their enablement status for reCAPTCHA Enterprise.
*/
recaptchaEnforcementState: RecaptchaEnforcementProviderState[];
constructor(response: GetRecaptchaConfigResponse);
/**
* Returns the reCAPTCHA Enterprise enforcement state for the given provider.
*
* @param providerStr - The provider whose enforcement state is to be returned.
* @returns The reCAPTCHA Enterprise enforcement state for the given provider.
*/
getProviderEnforcementState(providerStr: string): EnforcementState | null;
/**
* Returns true if the reCAPTCHA Enterprise enforcement state for the provider is set to ENFORCE or AUDIT.
*
* @param providerStr - The provider whose enablement state is to be returned.
* @returns Whether or not reCAPTCHA Enterprise protection is enabled for the given provider.
*/
isProviderEnabled(providerStr: string): boolean;
}
declare interface RecaptchaEnforcementProviderState {
provider: string;
enforcementState: string;
}
/**
* We need to mark this interface as internal explicitly to exclude it in the public typings, because
* it references AuthInternal which has a circular dependency with UserInternal.
*
* @internal
*/
declare interface ReCaptchaLoader {
load(auth: AuthInternal, hl?: string): Promise<Recaptcha>;
clearedOneInstance(): void;
}
/**
* Interface representing reCAPTCHA parameters.
*
* See the [reCAPTCHA docs](https://developers.google.com/recaptcha/docs/display#render_param)
* for the list of accepted parameters. All parameters are accepted except for `sitekey`: Firebase Auth
* provisions a reCAPTCHA for each project and will configure the site key upon rendering.
*
* For an invisible reCAPTCHA, set the `size` key to `invisible`.
*
* @public
*/
export declare interface RecaptchaParameters {
[key: string]: any;
}
/**
* An {@link https://www.google.com/recaptcha/ | reCAPTCHA}-based application verifier.
*
* @remarks
* `RecaptchaVerifier` does not work in a Node.js environment.
*
* @public
*/
export declare class RecaptchaVerifier implements ApplicationVerifierInternal {
private readonly parameters;
/**
* The application verifier type.
*
* @remarks
* For a reCAPTCHA verifier, this is 'recaptcha'.
*/
readonly type = "recaptcha";
private destroyed;
private widgetId;
private readonly container;
private readonly isInvisible;
private readonly tokenChangeListeners;
private renderPromise;
private readonly auth;
/** @internal */
readonly _recaptchaLoader: ReCaptchaLoader;
private recaptcha;
/**
* @param authExtern - The corresponding Firebase {@link Auth} instance.
*
* @param containerOrId - The reCAPTCHA container parameter.
*
* @remarks
* This has different meaning depending on whether the reCAPTCHA is hidden or visible. For a
* visible reCAPTCHA the container must be empty. If a string is used, it has to correspond to
* an element ID. The corresponding element must also must be in the DOM at the time of
* initialization.
*
* @param parameters - The optional reCAPTCHA parameters.
*
* @remarks
* Check the reCAPTCHA docs for a comprehensive list. All parameters are accepted except for
* the sitekey. Firebase Auth backend provisions a reCAPTCHA for each project and will
* configure this upon rendering. For an invisible reCAPTCHA, a size key must have the value
* 'invisible'.
*/
constructor(authExtern: Auth, containerOrId: HTMLElement | string, parameters?: RecaptchaParameters);
/**
* Waits for the user to solve the reCAPTCHA and resolves with the reCAPTCHA token.
*
* @returns A Promise for the reCAPTCHA token.
*/
verify(): Promise<string>;
/**
* Renders the reCAPTCHA widget on the page.
*
* @returns A Promise that resolves with the reCAPTCHA widget ID.
*/
render(): Promise<number>;
/** @internal */
_reset(): void;
/**
* Clears the reCAPTCHA widget from the page and destroys the instance.
*/
clear(): void;
private validateStartingState;
private makeTokenCallback;
private assertNotDestroyed;
private makeRenderPromise;
private init;
private getAssertedRecaptcha;
}
/**
* Reloads user account data, if signed in.
*
* @param user - The user.
*
* @public
*/
export declare function reload(user: User): Promise<void>;
/**
* Revokes the given access token. Currently only supports Apple OAuth access tokens.
*
* @param auth - The {@link Auth} instance.
* @param token - The Apple OAuth access token.
*
* @public
*/
export declare function revokeAccessToken(auth: Auth, token: string): Promise<void>;
/**
* An {@link AuthProvider} for SAML.
*
* @public
*/
export declare class SAMLAuthProvider extends FederatedAuthProvider {
/**
* Constructor. The providerId must start with "saml."
* @param providerId - SAML provider ID.
*/
constructor(providerId: string);
/**
* Generates an {@link AuthCredential} from a {@link UserCredential} after a
* successful SAML flow completes.
*
* @remarks
*
* For example, to get an {@link AuthCredential}, you could write the
* following code:
*
* ```js
* const userCredential = await signInWithPopup(auth, samlProvider);
* const credential = SAMLAuthProvider.credentialFromResult(userCredential);
* ```
*
* @param userCredential - The user credential.
*/
static credentialFromResult(userCredential: UserCredential): AuthCredential | null;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
* thrown during a sign-in, link, or reauthenticate operation.
*
* @param userCredential - The user credential.
*/
static credentialFromError(error: FirebaseError): AuthCredential | null;
/**
* Creates an {@link AuthCredential} from a JSON string or a plain object.
* @param json - A plain object or a JSON string
*/
static credentialFromJSON(json: string | object): AuthCredential;
private static samlCredentialFromTaggedObject;
}
/**
* Sends a verification email to a user.
*
* @remarks
* The verification process is completed by calling {@link applyActionCode}.
*
* @example
* ```javascript
* const actionCodeSettings = {
* url: 'https://www.example.com/?email=user@example.com',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true
* };
* await sendEmailVerification(user, actionCodeSettings);
* // Obtain code from the user.
* await applyActionCode(auth, code);
* ```
*
* @param user - The user.
* @param actionCodeSettings - The {@link ActionCodeSettings}.
*
* @public
*/
export declare function sendEmailVerification(user: User, actionCodeSettings?: ActionCodeSettings | null): Promise<void>;
/**
* Sends a password reset email to the given email address. This method does not throw an error when
* there's no user account with the given email address and
* [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
*
* @remarks
* To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
* the email sent to the user, along with the new password specified by the user.
*
* @example
* ```javascript
* const actionCodeSettings = {
* url: 'https://www.example.com/?email=user@example.com',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true
* };
* await sendPasswordResetEmail(auth, 'user@example.com', actionCodeSettings);
* // Obtain code from user.
* await confirmPasswordReset('user@example.com', code);
* ```
*
* @param auth - The {@link Auth} instance.
* @param email - The user's email address.
* @param actionCodeSettings - The {@link ActionCodeSettings}.
*
* @public
*/
export declare function sendPasswordResetEmail(auth: Auth, email: string, actionCodeSettings?: ActionCodeSettings): Promise<void>;
/**
* Sends a sign-in email link to the user with the specified email.
*
* @remarks
* The sign-in operation has to always be completed in the app unlike other out of band email
* actions (password reset and email verifications). This is because, at the end of the flow,
* the user is expected to be signed in and their Auth state persisted within the app.
*
* To complete sign in with the email link, call {@link signInWithEmailLink} with the email
* address and the email link supplied in the email sent to the user.
*
* @example
* ```javascript
* const actionCodeSettings = {
* url: 'https://www.example.com/?email=user@example.com',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true
* };
* await sendSignInLinkToEmail(auth, 'user@example.com', actionCodeSettings);
* // Obtain emailLink from the user.
* if(isSignInWithEmailLink(auth, emailLink)) {
* await signInWithEmailLink(auth, 'user@example.com', emailLink);
* }
* ```
*
* @param authInternal - The {@link Auth} instance.
* @param email - The user's email address.
* @param actionCodeSettings - The {@link ActionCodeSettings}.
*
* @public
*/
export declare function sendSignInLinkToEmail(auth: Auth, email: string, actionCodeSettings: ActionCodeSettings): Promise<void>;
/**
* Changes the type of persistence on the {@link Auth} instance for the currently saved
* `Auth` session and applies this type of persistence for future sign-in requests, including
* sign-in with redirect requests.
*
* @remarks
* This makes it easy for a user signing in to specify whether their session should be
* remembered or not. It also makes it easier to never persist the `Auth` state for applications
* that are shared by other users or have sensitive data.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* setPersistence(auth, browserSessionPersistence);
* ```
*
* @param auth - The {@link Auth} instance.
* @param persistence - The {@link Persistence} to use.
* @returns A `Promise` that resolves once the persistence change has completed
*
* @public
*/
export declare function setPersistence(auth: Auth, persistence: Persistence): Promise<void>;
/**
* Asynchronously signs in as an anonymous user.
*
* @remarks
* If there is already an anonymous user signed in, that user will be returned; otherwise, a
* new anonymous user identity will be created and returned.
*
* @param auth - The {@link Auth} instance.
*
* @public
*/
export declare function signInAnonymously(auth: Auth): Promise<UserCredential>;
/**
* Enumeration of supported sign-in methods.
*
* @public
*/
export declare const SignInMethod: {
/** Email link sign in method */
readonly EMAIL_LINK: "emailLink";
/** Email/password sign in method */
readonly EMAIL_PASSWORD: "password";
/** Facebook sign in method */
readonly FACEBOOK: "facebook.com";
/** GitHub sign in method */
readonly GITHUB: "github.com";
/** Google sign in method */
readonly GOOGLE: "google.com";
/** Phone sign in method */
readonly PHONE: "phone";
/** Twitter sign in method */
readonly TWITTER: "twitter.com";
};
/**
* Asynchronously signs in with the given credentials.
*
* @remarks
* An {@link AuthProvider} can be used to generate the credential.
*
* @param auth - The {@link Auth} instance.
* @param credential - The auth credential.
*
* @public
*/
export declare function signInWithCredential(auth: Auth, credential: AuthCredential): Promise<UserCredential>;
/**
* Asynchronously signs in using a custom token.
*
* @remarks
* Custom tokens are used to integrate Firebase Auth with existing auth systems, and must
* be generated by an auth backend using the
* {@link https://firebase.google.com/docs/reference/admin/node/admin.auth.Auth#createcustomtoken | createCustomToken}
* method in the {@link https://firebase.google.com/docs/auth/admin | Admin SDK} .
*
* Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.
*
* @param auth - The {@link Auth} instance.
* @param customToken - The custom token to sign in with.
*
* @public
*/
export declare function signInWithCustomToken(auth: Auth, customToken: string): Promise<UserCredential>;
/**
* Asynchronously signs in using an email and password.
*
* @remarks
* Fails with an error if the email address and password do not match.
* When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
* this method fails with "auth/invalid-credential" in case of an invalid email/password.
*
* Note: The user's password is NOT the password used to access the user's email account. The
* email address serves as a unique identifier for the user, and the password is used to access
* the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.
*
* @param auth - The {@link Auth} instance.
* @param email - The users email address.
* @param password - The users password.
*
* @public
*/
export declare function signInWithEmailAndPassword(auth: Auth, email: string, password: string): Promise<UserCredential>;
/**
* Asynchronously signs in using an email and sign-in email link.
*
* @remarks
* If no link is passed, the link is inferred from the current URL.
*
* Fails with an error if the email address is invalid or OTP in email link expires.
*
* Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.
*
* @example
* ```javascript
* const actionCodeSettings = {
* url: 'https://www.example.com/?email=user@example.com',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true
* };
* await sendSignInLinkToEmail(auth, 'user@example.com', actionCodeSettings);
* // Obtain emailLink from the user.
* if(isSignInWithEmailLink(auth, emailLink)) {
* await signInWithEmailLink(auth, 'user@example.com', emailLink);
* }
* ```
*
* @param auth - The {@link Auth} instance.
* @param email - The user's email address.
* @param emailLink - The link sent to the user's email address.
*
* @public
*/
export declare function signInWithEmailLink(auth: Auth, email: string, emailLink?: string): Promise<UserCredential>;
/**
* @internal
*/
declare interface SignInWithIdpResponse extends IdTokenResponse {
oauthAccessToken?: string;
oauthTokenSecret?: string;
nonce?: string;
oauthIdToken?: string;
pendingToken?: string;
}
/**
* Asynchronously signs in using a phone number.
*
* @remarks
* This method sends a code via SMS to the given
* phone number, and returns a {@link ConfirmationResult}. After the user
* provides the code sent to their phone, call {@link ConfirmationResult.confirm}
* with the code to sign the user in.
*
* For abuse prevention, this method also requires a {@link ApplicationVerifier}.
* This SDK includes a reCAPTCHA-based implementation, {@link RecaptchaVerifier}.
* This function can work on other platforms that do not support the
* {@link RecaptchaVerifier} (like React Native), but you need to use a
* third-party {@link ApplicationVerifier} implementation.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* // 'recaptcha-container' is the ID of an element in the DOM.
* const applicationVerifier = new firebase.auth.RecaptchaVerifier('recaptcha-container');
* const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
* // Obtain a verificationCode from the user.
* const credential = await confirmationResult.confirm(verificationCode);
* ```
*
* @param auth - The {@link Auth} instance.
* @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
* @param appVerifier - The {@link ApplicationVerifier}.
*
* @public
*/
export declare function signInWithPhoneNumber(auth: Auth, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
/**
* @internal
*/
declare interface SignInWithPhoneNumberRequest {
temporaryProof?: string;
phoneNumber?: string;
sessionInfo?: string;
code?: string;
tenantId?: string;
}
/**
* @internal
*/
declare interface SignInWithPhoneNumberResponse extends IdTokenResponse {
temporaryProof?: string;
phoneNumber?: string;
}
/**
* Authenticates a Firebase client using a popup-based OAuth authentication flow.
*
* @remarks
* If succeeds, returns the signed in user along with the provider's credential. If sign in was
* unsuccessful, returns an error object containing additional information about the error.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* // Sign in using a popup.
* const provider = new FacebookAuthProvider();
* const result = await signInWithPopup(auth, provider);
*
* // The signed-in user info.
* const user = result.user;
* // This gives you a Facebook Access Token.
* const credential = provider.credentialFromResult(auth, result);
* const token = credential.accessToken;
* ```
*
* @param auth - The {@link Auth} instance.
* @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
* Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
* @param resolver - An instance of {@link PopupRedirectResolver}, optional
* if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
*
* @public
*/
export declare function signInWithPopup(auth: Auth, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<UserCredential>;
/**
* Authenticates a Firebase client using a full-page redirect flow.
*
* @remarks
* To handle the results and errors for this operation, refer to {@link getRedirectResult}.
* Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
* | best practices} when using {@link signInWithRedirect}.
*
* This method does not work in a Node.js environment.
*
* @example
* ```javascript
* // Sign in using a redirect.
* const provider = new FacebookAuthProvider();
* // You can add additional scopes to the provider:
* provider.addScope('user_birthday');
* // Start a sign in process for an unauthenticated user.
* await signInWithRedirect(auth, provider);
* // This will trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* if (result) {
* // This is the signed-in user
* const user = result.user;
* // This gives you a Facebook Access Token.
* const credential = provider.credentialFromResult(auth, result);
* const token = credential.accessToken;
* }
* // As this API can be used for sign-in, linking and reauthentication,
* // check the operationType to determine what triggered this redirect
* // operation.
* const operationType = result.operationType;
* ```
*
* @param auth - The {@link Auth} instance.
* @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
* Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
* @param resolver - An instance of {@link PopupRedirectResolver}, optional
* if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
*
* @public
*/
export declare function signInWithRedirect(auth: Auth, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
/**
* Signs out the current user.
*
* @param auth - The {@link Auth} instance.
*
* @public
*/
export declare function signOut(auth: Auth): Promise<void>;
declare interface StartTotpMfaEnrollmentResponse {
totpSessionInfo: {
sharedSecretKey: string;
verificationCodeLength: number;
hashingAlgorithm: string;
periodSec: number;
sessionInfo: string;
finalizeEnrollmentTime: number;
};
}
/**
* We need to mark this class as internal explicitly to exclude it in the public typings, because
* it references AuthInternal which has a circular dependency with UserInternal.
*
* @internal
*/
declare class StsTokenManager {
refreshToken: string | null;
accessToken: string | null;
expirationTime: number | null;
get isExpired(): boolean;
updateFromServerResponse(response: IdTokenResponse | FinalizeMfaResponse): void;
getToken(auth: AuthInternal, forceRefresh?: boolean): Promise<string | null>;
clearRefreshToken(): void;
private refresh;
private updateTokensAndExpiration;
static fromJSON(appName: string, object: PersistedBlob): StsTokenManager;
toJSON(): object;
_assign(stsTokenManager: StsTokenManager): void;
_clone(): StsTokenManager;
_performRefresh(): never;
}
/**
* @internal
*/
declare interface TaggedWithTokenResponse {
_tokenResponse?: PhoneOrOauthTokenResponse;
}
/**
* An MFA provided by TOTP (Time-based One Time Password).
*/
declare interface TotpMfaEnrollment extends BaseMfaEnrollment {
}
/**
* The class for asserting ownership of a TOTP second factor. Provided by
* {@link TotpMultiFactorGenerator.assertionForEnrollment} and
* {@link TotpMultiFactorGenerator.assertionForSignIn}.
*
* @public
*/
export declare interface TotpMultiFactorAssertion extends MultiFactorAssertion {
}
/**
* Provider for generating a {@link TotpMultiFactorAssertion}.
*
* @public
*/
export declare class TotpMultiFactorGenerator {
/**
* Provides a {@link TotpMultiFactorAssertion} to confirm ownership of
* the TOTP (time-based one-time password) second factor.
* This assertion is used to complete enrollment in TOTP second factor.
*
* @param secret A {@link TotpSecret} containing the shared secret key and other TOTP parameters.
* @param oneTimePassword One-time password from TOTP App.
* @returns A {@link TotpMultiFactorAssertion} which can be used with
* {@link MultiFactorUser.enroll}.
*/
static assertionForEnrollment(secret: TotpSecret, oneTimePassword: string): TotpMultiFactorAssertion;
/**
* Provides a {@link TotpMultiFactorAssertion} to confirm ownership of the TOTP second factor.
* This assertion is used to complete signIn with TOTP as the second factor.
*
* @param enrollmentId identifies the enrolled TOTP second factor.
* @param oneTimePassword One-time password from TOTP App.
* @returns A {@link TotpMultiFactorAssertion} which can be used with
* {@link MultiFactorResolver.resolveSignIn}.
*/
static assertionForSignIn(enrollmentId: string, oneTimePassword: string): TotpMultiFactorAssertion;
/**
* Returns a promise to {@link TotpSecret} which contains the TOTP shared secret key and other parameters.
* Creates a TOTP secret as part of enrolling a TOTP second factor.
* Used for generating a QR code URL or inputting into a TOTP app.
* This method uses the auth instance corresponding to the user in the multiFactorSession.
*
* @param session The {@link MultiFactorSession} that the user is part of.
* @returns A promise to {@link TotpSecret}.
*/
static generateSecret(session: MultiFactorSession): Promise<TotpSecret>;
/**
* The identifier of the TOTP second factor: `totp`.
*/
static FACTOR_ID: 'totp';
}
/**
* The subclass of the {@link MultiFactorInfo} interface for TOTP
* second factors. The `factorId` of this second factor is {@link FactorId}.TOTP.
* @public
*/
export declare interface TotpMultiFactorInfo extends MultiFactorInfo {
}
/**
* Provider for generating a {@link TotpMultiFactorAssertion}.
*
* Stores the shared secret key and other parameters to generate time-based OTPs.
* Implements methods to retrieve the shared secret key and generate a QR code URL.
* @public
*/
export declare class TotpSecret {
private readonly sessionInfo;
private readonly auth;
/**
* Shared secret key/seed used for enrolling in TOTP MFA and generating OTPs.
*/
readonly secretKey: string;
/**
* Hashing algorithm used.
*/
readonly hashingAlgorithm: string;
/**
* Length of the one-time passwords to be generated.
*/
readonly codeLength: number;
/**
* The interval (in seconds) when the OTP codes should change.
*/
readonly codeIntervalSeconds: number;
/**
* The timestamp (UTC string) by which TOTP enrollment should be completed.
*/
readonly enrollmentCompletionDeadline: string;
private constructor();
/** @internal */
static _fromStartTotpMfaEnrollmentResponse(response: StartTotpMfaEnrollmentResponse, auth: AuthInternal): TotpSecret;
/** @internal */
_makeTotpVerificationInfo(otp: string): TotpVerificationInfo;
/**
* Returns a QR code URL as described in
* https://github.com/google/google-authenticator/wiki/Key-Uri-Format
* This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator.
* If the optional parameters are unspecified, an accountName of <userEmail> and issuer of <firebaseAppName> are used.
*
* @param accountName the name of the account/app along with a user identifier.
* @param issuer issuer of the TOTP (likely the app name).
* @returns A QR code URL string.
*/
generateQrCodeUrl(accountName?: string, issuer?: string): string;
}
declare interface TotpVerificationInfo {
sessionInfo: string;
verificationCode: string;
}
/**
* Provider for generating an {@link OAuthCredential} for {@link ProviderId}.TWITTER.
*
* @example
* ```javascript
* // Sign in using a redirect.
* const provider = new TwitterAuthProvider();
* // Start a sign in process for an unauthenticated user.
* await signInWithRedirect(auth, provider);
* // This will trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* if (result) {
* // This is the signed-in user
* const user = result.user;
* // This gives you a Twitter Access Token and Secret.
* const credential = TwitterAuthProvider.credentialFromResult(result);
* const token = credential.accessToken;
* const secret = credential.secret;
* }
* ```
*
* @example
* ```javascript
* // Sign in using a popup.
* const provider = new TwitterAuthProvider();
* const result = await signInWithPopup(auth, provider);
*
* // The signed-in user info.
* const user = result.user;
* // This gives you a Twitter Access Token and Secret.
* const credential = TwitterAuthProvider.credentialFromResult(result);
* const token = credential.accessToken;
* const secret = credential.secret;
* ```
*
* @public
*/
export declare class TwitterAuthProvider extends BaseOAuthProvider {
/** Always set to {@link SignInMethod}.TWITTER. */
static readonly TWITTER_SIGN_IN_METHOD: 'twitter.com';
/** Always set to {@link ProviderId}.TWITTER. */
static readonly PROVIDER_ID: 'twitter.com';
constructor();
/**
* Creates a credential for Twitter.
*
* @param token - Twitter access token.
* @param secret - Twitter secret.
*/
static credential(token: string, secret: string): OAuthCredential;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
*
* @param userCredential - The user credential.
*/
static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
/**
* Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
* thrown during a sign-in, link, or reauthenticate operation.
*
* @param userCredential - The user credential.
*/
static credentialFromError(error: FirebaseError): OAuthCredential | null;
private static credentialFromTaggedObject;
}
/**
* Unlinks a provider from a user account.
*
* @param user - The user.
* @param providerId - The provider to unlink.
*
* @public
*/
export declare function unlink(user: User, providerId: string): Promise<User>;
export { Unsubscribe }
/**
* Asynchronously sets the provided user as {@link Auth.currentUser} on the
* {@link Auth} instance.
*
* @remarks
* A new instance copy of the user provided will be made and set as currentUser.
*
* This will trigger {@link onAuthStateChanged} and {@link onIdTokenChanged} listeners
* like other sign in methods.
*
* The operation fails with an error if the user to be updated belongs to a different Firebase
* project.
*
* @param auth - The {@link Auth} instance.
* @param user - The new {@link User}.
*
* @public
*/
export declare function updateCurrentUser(auth: Auth, user: User | null): Promise<void>;
/**
* Updates the user's email address.
*
* @remarks
* An email will be sent to the original email address (if it was set) that allows to revoke the
* email address change, in order to protect them from account hijacking.
*
* Important: this is a security sensitive operation that requires the user to have recently signed
* in. If this requirement isn't met, ask the user to authenticate again and then call
* {@link reauthenticateWithCredential}.
*
* @param user - The user.
* @param newEmail - The new email address.
*
* Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
* Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
*
* @public
*/
export declare function updateEmail(user: User, newEmail: string): Promise<void>;
/**
* Updates the user's password.
*
* @remarks
* Important: this is a security sensitive operation that requires the user to have recently signed
* in. If this requirement isn't met, ask the user to authenticate again and then call
* {@link reauthenticateWithCredential}.
*
* @param user - The user.
* @param newPassword - The new password.
*
* @public
*/
export declare function updatePassword(user: User, newPassword: string): Promise<void>;
/**
* Updates the user's phone number.
*
* @remarks
* This method does not work in a Node.js environment.
*
* @example
* ```
* // 'recaptcha-container' is the ID of an element in the DOM.
* const applicationVerifier = new RecaptchaVerifier('recaptcha-container');
* const provider = new PhoneAuthProvider(auth);
* const verificationId = await provider.verifyPhoneNumber('+16505550101', applicationVerifier);
* // Obtain the verificationCode from the user.
* const phoneCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
* await updatePhoneNumber(user, phoneCredential);
* ```
*
* @param user - The user.
* @param credential - A credential authenticating the new phone number.
*
* @public
*/
export declare function updatePhoneNumber(user: User, credential: PhoneAuthCredential): Promise<void>;
/**
* Updates a user's profile data.
*
* @param user - The user.
* @param profile - The profile's `displayName` and `photoURL` to update.
*
* @public
*/
export declare function updateProfile(user: User, { displayName, photoURL: photoUrl }: {
displayName?: string | null;
photoURL?: string | null;
}): Promise<void>;
/**
* Sets the current language to the default device/browser preference.
*
* @param auth - The {@link Auth} instance.
*
* @public
*/
export declare function useDeviceLanguage(auth: Auth): void;
/**
* A user account.
*
* @public
*/
export declare interface User extends UserInfo {
/**
* Whether the email has been verified with {@link sendEmailVerification} and
* {@link applyActionCode}.
*/
readonly emailVerified: boolean;
/**
* Whether the user is authenticated using the {@link ProviderId}.ANONYMOUS provider.
*/
readonly isAnonymous: boolean;
/**
* Additional metadata around user creation and sign-in times.
*/
readonly metadata: UserMetadata;
/**
* Additional per provider such as displayName and profile information.
*/
readonly providerData: UserInfo[];
/**
* Refresh token used to reauthenticate the user. Avoid using this directly and prefer
* {@link User.getIdToken} to refresh the ID token instead.
*/
readonly refreshToken: string;
/**
* The user's tenant ID.
*
* @remarks
* This is a read-only property, which indicates the tenant ID
* used to sign in the user. This is null if the user is signed in from the parent
* project.
*
* @example
* ```javascript
* // Set the tenant ID on Auth instance.
* auth.tenantId = 'TENANT_PROJECT_ID';
*
* // All future sign-in request now include tenant ID.
* const result = await signInWithEmailAndPassword(auth, email, password);
* // result.user.tenantId should be 'TENANT_PROJECT_ID'.
* ```
*/
readonly tenantId: string | null;
/**
* Deletes and signs out the user.
*
* @remarks
* Important: this is a security-sensitive operation that requires the user to have recently
* signed in. If this requirement isn't met, ask the user to authenticate again and then call
* one of the reauthentication methods like {@link reauthenticateWithCredential}.
*/
delete(): Promise<void>;
/**
* Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.
*
* @remarks
* Returns the current token if it has not expired or if it will not expire in the next five
* minutes. Otherwise, this will refresh the token and return a new one.
*
* @param forceRefresh - Force refresh regardless of token expiration.
*/
getIdToken(forceRefresh?: boolean): Promise<string>;
/**
* Returns a deserialized JSON Web Token (JWT) used to identify the user to a Firebase service.
*
* @remarks
* Returns the current token if it has not expired or if it will not expire in the next five
* minutes. Otherwise, this will refresh the token and return a new one.
*
* @param forceRefresh - Force refresh regardless of token expiration.
*/
getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult>;
/**
* Refreshes the user, if signed in.
*/
reload(): Promise<void>;
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON(): object;
}
/**
* A structure containing a {@link User}, the {@link OperationType}, and the provider ID.
*
* @remarks
* `operationType` could be {@link OperationType}.SIGN_IN for a sign-in operation,
* {@link OperationType}.LINK for a linking operation and {@link OperationType}.REAUTHENTICATE for
* a reauthentication operation.
*
* @public
*/
export declare interface UserCredential {
/**
* The user authenticated by this credential.
*/
user: User;
/**
* The provider which was used to authenticate the user.
*/
providerId: string | null;
/**
* The type of operation which was used to authenticate the user (such as sign-in or link).
*/
operationType: (typeof OperationType)[keyof typeof OperationType];
}
/**
* @internal
*/
declare interface UserCredentialInternal extends UserCredential, TaggedWithTokenResponse {
user: UserInternal;
}
/**
* User profile information, visible only to the Firebase project's apps.
*
* @public
*/
export declare interface UserInfo {
/**
* The display name of the user.
*/
readonly displayName: string | null;
/**
* The email of the user.
*/
readonly email: string | null;
/**
* The phone number normalized based on the E.164 standard (e.g. +16505550101) for the
* user.
*
* @remarks
* This is null if the user has no phone credential linked to the account.
*/
readonly phoneNumber: string | null;
/**
* The profile photo URL of the user.
*/
readonly photoURL: string | null;
/**
* The provider used to authenticate the user.
*/
readonly providerId: string;
/**
* The user's unique ID, scoped to the project.
*/
readonly uid: string;
}
/**
* UserInternal and AuthInternal reference each other, so both of them are included in the public typings.
* In order to exclude them, we mark them as internal explicitly.
*
* @internal
*/
declare interface UserInternal extends User {
displayName: string | null;
email: string | null;
phoneNumber: string | null;
photoURL: string | null;
auth: AuthInternal;
providerId: ProviderId_2.FIREBASE;
refreshToken: string;
emailVerified: boolean;
tenantId: string | null;
providerData: MutableUserInfo[];
metadata: UserMetadata_2;
stsTokenManager: StsTokenManager;
_redirectEventId?: string;
_updateTokensIfNecessary(response: IdTokenResponse | FinalizeMfaResponse, reload?: boolean): Promise<void>;
_assign(user: UserInternal): void;
_clone(auth: AuthInternal): UserInternal;
_onReload: (cb: NextFn<APIUserInfo>) => void;
_notifyReloadListener: NextFn<APIUserInfo>;
_startProactiveRefresh: () => void;
_stopProactiveRefresh: () => void;
getIdToken(forceRefresh?: boolean): Promise<string>;
getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult>;
reload(): Promise<void>;
delete(): Promise<void>;
toJSON(): PersistedBlob;
}
/**
* Interface representing a user's metadata.
*
* @public
*/
export declare interface UserMetadata {
/** Time the user was created. */
readonly creationTime?: string;
/** Time the user last signed in. */
readonly lastSignInTime?: string;
}
declare class UserMetadata_2 implements UserMetadata {
private createdAt?;
private lastLoginAt?;
creationTime?: string;
lastSignInTime?: string;
constructor(createdAt?: string | number | undefined, lastLoginAt?: string | number | undefined);
private _initializeTime;
_copy(metadata: UserMetadata_2): void;
toJSON(): object;
}
/**
* User profile used in {@link AdditionalUserInfo}.
*
* @public
*/
export declare type UserProfile = Record<string, unknown>;
/**
* Validates the password against the password policy configured for the project or tenant.
*
* @remarks
* If no tenant ID is set on the `Auth` instance, then this method will use the password
* policy configured for the project. Otherwise, this method will use the policy configured
* for the tenant. If a password policy has not been configured, then the default policy
* configured for all projects will be used.
*
* If an auth flow fails because a submitted password does not meet the password policy
* requirements and this method has previously been called, then this method will use the
* most recent policy available when called again.
*
* @example
* ```javascript
* validatePassword(auth, 'some-password');
* ```
*
* @param auth The {@link Auth} instance.
* @param password The password to validate.
*
* @public
*/
export declare function validatePassword(auth: Auth, password: string): Promise<PasswordValidationStatus>;
/**
* Sends a verification email to a new email address.
*
* @remarks
* The user's email will be updated to the new one after being verified.
*
* If you have a custom email action handler, you can complete the verification process by calling
* {@link applyActionCode}.
*
* @example
* ```javascript
* const actionCodeSettings = {
* url: 'https://www.example.com/?email=user@example.com',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true
* };
* await verifyBeforeUpdateEmail(user, 'newemail@example.com', actionCodeSettings);
* // Obtain code from the user.
* await applyActionCode(auth, code);
* ```
*
* @param user - The user.
* @param newEmail - The new email address to be verified before update.
* @param actionCodeSettings - The {@link ActionCodeSettings}.
*
* @public
*/
export declare function verifyBeforeUpdateEmail(user: User, newEmail: string, actionCodeSettings?: ActionCodeSettings | null): Promise<void>;
/**
* Checks a password reset code sent to the user by email or other out-of-band mechanism.
*
* @returns the user's email address if valid.
*
* @param auth - The {@link Auth} instance.
* @param code - A verification code sent to the user.
*
* @public
*/
export declare function verifyPasswordResetCode(auth: Auth, code: string): Promise<string>;
export { }
Reference in New Issue View Git Blame Copy Permalink