@firebase/auth
Version:
The Firebase Authenticaton component of the Firebase JS SDK.
1,394 lines (1,345 loc) • 140 kB
TypeScript
/**
* Firebase Authentication
*
* @packageDocumentation
*/
import { CompleteFn } from '@firebase/util';
import { ErrorFactory } from '@firebase/util';
import { ErrorFn } from '@firebase/util';
import { FirebaseApp } from '@firebase/app';
import { FirebaseError } from '@firebase/util';
import { NextFn } from '@firebase/util';
import { Observer } from '@firebase/util';
import { Unsubscribe } from '@firebase/util';
/**
* A response from {@link checkActionCode}.
*
* @public
*/
export declare interface ActionCodeInfo {
/**
* The data associated with the action code.
*
* @remarks
* For the {@link ActionCodeOperation}.PASSWORD_RESET, {@link ActionCodeOperation}.VERIFY_EMAIL, and
* {@link ActionCodeOperation}.RECOVER_EMAIL actions, this object contains an email field with the address
* the email was sent to.
*
* For the {@link ActionCodeOperation}.RECOVER_EMAIL action, which allows a user to undo an email address
* change, this object also contains a `previousEmail` field with the user account's current
* email address. After the action completes, the user's email address will revert to the value
* in the `email` field from the value in `previousEmail` field.
*
* For the {@link ActionCodeOperation}.VERIFY_AND_CHANGE_EMAIL action, which allows a user to verify the
* email before updating it, this object contains a `previousEmail` field with the user account's
* email address before updating. After the action completes, the user's email address will be
* updated to the value in the `email` field from the value in `previousEmail` field.
*
* For the {@link ActionCodeOperation}.REVERT_SECOND_FACTOR_ADDITION action, which allows a user to
* unenroll a newly added second factor, this object contains a `multiFactorInfo` field with
* the information about the second factor. For phone second factor, the `multiFactorInfo`
* is a {@link MultiFactorInfo} object, which contains the phone number.
*/
data: {
email?: string | null;
multiFactorInfo?: MultiFactorInfo | null;
previousEmail?: string | null;
};
/**
* The type of operation that generated the action code.
*/
operation: typeof ActionCodeOperation[keyof typeof ActionCodeOperation];
}
/**
* An enumeration of the possible email action types.
*
* @public
*/
export declare const ActionCodeOperation: {
/** The email link sign-in action. */
readonly EMAIL_SIGNIN: "EMAIL_SIGNIN";
/** The password reset action. */
readonly PASSWORD_RESET: "PASSWORD_RESET";
/** The email revocation action. */
readonly RECOVER_EMAIL: "RECOVER_EMAIL";
/** The revert second factor addition email action. */
readonly REVERT_SECOND_FACTOR_ADDITION: "REVERT_SECOND_FACTOR_ADDITION";
/** The revert second factor addition email action. */
readonly VERIFY_AND_CHANGE_EMAIL: "VERIFY_AND_CHANGE_EMAIL";
/** The email verification action. */
readonly VERIFY_EMAIL: "VERIFY_EMAIL";
};
/**
* An interface that defines the required continue/state URL with optional Android and iOS
* bundle identifiers.
*
* @public
*/
export declare interface ActionCodeSettings {
/**
* Sets the Android package name.
*
* @remarks
* This will try to open the link in an android app if it is
* installed. If `installApp` is passed, it specifies whether to install the Android app if the
* device supports it and the app is not already installed. If this field is provided without
* a `packageName`, an error is thrown explaining that the `packageName` must be provided in
* conjunction with this field. If `minimumVersion` is specified, and an older version of the
* app is installed, the user is taken to the Play Store to upgrade the app.
*/
android?: {
installApp?: boolean;
minimumVersion?: string;
packageName: string;
};
/**
* When set to true, the action code link will be be sent as a Universal Link or Android App
* Link and will be opened by the app if installed.
*
* @remarks
* In the false case, the code will be sent to the web widget first and then on continue will
* redirect to the app if installed.
*
* @defaultValue false
*/
handleCodeInApp?: boolean;
/**
* Sets the iOS bundle ID.
*
* @remarks
* This will try to open the link in an iOS app if it is installed.
*
* App installation is not supported for iOS.
*/
iOS?: {
bundleId: string;
};
/**
* Sets the link continue/state URL.
*
* @remarks
* This has different meanings in different contexts:
* - When the link is handled in the web action widgets, this is the deep link in the
* `continueUrl` query parameter.
* - When the link is handled in the app directly, this is the `continueUrl` query parameter in
* the deep link of the Dynamic Link.
*/
url: string;
/**
* When multiple custom dynamic link domains are defined for a project, specify which one to use
* when the link is to be opened via a specified mobile app (for example, `example.page.link`).
*
*
* @defaultValue The first domain is automatically selected.
*/
dynamicLinkDomain?: string;
}
/**
* @license
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* A utility class to parse email action URLs such as password reset, email verification,
* email link sign in, etc.
*
* @public
*/
export declare class ActionCodeURL {
/**
* The API key of the email action link.
*/
readonly apiKey: string;
/**
* The action code of the email action link.
*/
readonly code: string;
/**
* The continue URL of the email action link. Null if not provided.
*/
readonly continueUrl: string | null;
/**
* The language code of the email action link. Null if not provided.
*/
readonly languageCode: string | null;
/**
* The action performed by the email action link. It returns from one of the types from
* {@link ActionCodeInfo}
*/
readonly operation: string;
/**
* The tenant ID of the email action link. Null if the email action is from the parent project.
*/
readonly tenantId: string | null;
/**
* @param actionLink - The link from which to extract the URL.
* @returns The {@link ActionCodeURL} object, or null if the link is invalid.
*
* @internal
*/
constructor(actionLink: string);
/**
* Parses the email action link string and returns an {@link ActionCodeURL} if the link is valid,
* otherwise returns null.
*
* @param link - The email action link string.
* @returns The {@link ActionCodeURL} object, or null if the link is invalid.
*
* @public
*/
static parseLink(link: string): ActionCodeURL | null;
}
/**
* A structure containing additional user information from a federated identity provider.
*
* @public
*/
export declare interface AdditionalUserInfo {
/**
* Whether the user is new (created via sign-up) or existing (authenticated using sign-in).
*/
readonly isNewUser: boolean;
/**
* Map containing IDP-specific user data.
*/
readonly profile: Record<string, unknown> | null;
/**
* Identifier for the provider used to authenticate this user.
*/
readonly providerId: string | null;
/**
* The username if the provider is GitHub or Twitter.
*/
readonly username?: string | null;
}
declare interface APIUserInfo {
localId?: string;
displayName?: string;
photoUrl?: string;
email?: string;
emailVerified?: boolean;
phoneNumber?: string;
lastLoginAt?: number;
createdAt?: number;
tenantId?: string;
passwordHash?: string;
providerUserInfo?: ProviderUserInfo[];
mfaInfo?: MfaEnrollment[];
}
/**
* A verifier for domain verification and abuse prevention.
*
* @remarks
* Currently, the only implementation is {@link RecaptchaVerifier}.
*
* @public
*/
export declare interface ApplicationVerifier {
/**
* Identifies the type of application verifier (e.g. "recaptcha").
*/
readonly type: string;
/**
* Executes the verification process.
*
* @returns A Promise for a token that can be used to assert the validity of a request.
*/
verify(): Promise<string>;
}
declare interface ApplicationVerifierInternal extends ApplicationVerifier {
/**
* @internal
*/
_reset(): void;
}
/**
* Applies a verification code sent to the user by email or other out-of-band mechanism.
*
* @param auth - The {@link Auth} instance.
* @param oobCode - A verification code sent to the user.
*
* @public
*/
export declare function applyActionCode(auth: Auth, oobCode: string): Promise<void>;
declare type AppName = string;
/**
* Interface representing Firebase Auth service.
*
* @remarks
* See {@link https://firebase.google.com/docs/auth/ | Firebase Authentication} for a full guide
* on how to use the Firebase Auth service.
*
* @public
*/
export declare interface Auth {
/** The {@link @firebase/app#FirebaseApp} associated with the `Auth` service instance. */
readonly app: FirebaseApp;
/** The name of the app associated with the `Auth` service instance. */
readonly name: string;
/** The {@link Config} used to initialize this instance. */
readonly config: Config;
/**
* Changes the type of persistence on the `Auth` instance.
*
* @remarks
* This will affect the currently saved Auth session and applies this type of persistence for
* future sign-in requests, including sign-in with redirect requests.
*
* This makes it easy for a user signing in to specify whether their session should be
* remembered or not. It also makes it easier to never persist the Auth state for applications
* that are shared by other users or have sensitive data.
*
* @example
* ```javascript
* auth.setPersistence(browserSessionPersistence);
* ```
*
* @param persistence - The {@link Persistence} to use.
*/
setPersistence(persistence: Persistence): Promise<void>;
/**
* The {@link Auth} instance's language code.
*
* @remarks
* This is a readable/writable property. When set to null, the default Firebase Console language
* setting is applied. The language code will propagate to email action templates (password
* reset, email verification and email change revocation), SMS templates for phone authentication,
* reCAPTCHA verifier and OAuth popup/redirect operations provided the specified providers support
* localization with the language code specified.
*/
languageCode: string | null;
/**
* The {@link Auth} instance's tenant ID.
*
* @remarks
* This is a readable/writable property. When you set the tenant ID of an {@link Auth} instance, all
* future sign-in/sign-up operations will pass this tenant ID and sign in or sign up users to
* the specified tenant project. When set to null, users are signed in to the parent project.
*
* @example
* ```javascript
* // Set the tenant ID on Auth instance.
* auth.tenantId = 'TENANT_PROJECT_ID';
*
* // All future sign-in request now include tenant ID.
* const result = await signInWithEmailAndPassword(auth, email, password);
* // result.user.tenantId should be 'TENANT_PROJECT_ID'.
* ```
*
* @defaultValue null
*/
tenantId: string | null;
/**
* The {@link Auth} instance's settings.
*
* @remarks
* This is used to edit/read configuration related options such as app verification mode for
* phone authentication.
*/
readonly settings: AuthSettings;
/**
* Adds an observer for changes to the user's sign-in state.
*
* @remarks
* To keep the old behavior, see {@link Auth.onIdTokenChanged}.
*
* @param nextOrObserver - callback triggered on change.
* @param error - callback triggered on error.
* @param completed - callback triggered when observer is removed.
*/
onAuthStateChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
/**
* Adds a blocking callback that runs before an auth state change
* sets a new user.
*
* @param callback - callback triggered before new user value is set.
* If this throws, it blocks the user from being set.
* @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
* callback throws, allowing you to undo any side effects.
*/
beforeAuthStateChanged(callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
/**
* Adds an observer for changes to the signed-in user's ID token.
*
* @remarks
* This includes sign-in, sign-out, and token refresh events.
*
* @param nextOrObserver - callback triggered on change.
* @param error - callback triggered on error.
* @param completed - callback triggered when observer is removed.
*/
onIdTokenChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
/** The currently signed-in user (or null). */
readonly currentUser: User | null;
/** The current emulator configuration (or null). */
readonly emulatorConfig: EmulatorConfig | null;
/**
* Asynchronously sets the provided user as {@link Auth.currentUser} on the {@link Auth} instance.
*
* @remarks
* A new instance copy of the user provided will be made and set as currentUser.
*
* This will trigger {@link Auth.onAuthStateChanged} and {@link Auth.onIdTokenChanged} listeners
* like other sign in methods.
*
* The operation fails with an error if the user to be updated belongs to a different Firebase
* project.
*
* @param user - The new {@link User}.
*/
updateCurrentUser(user: User | null): Promise<void>;
/**
* Sets the current language to the default device/browser preference.
*/
useDeviceLanguage(): void;
/**
* Signs out the current user.
*/
signOut(): Promise<void>;
}
/**
* Interface that represents the credentials returned by an {@link AuthProvider}.
*
* @remarks
* Implementations specify the details about each auth provider's credential requirements.
*
* @public
*/
export declare class AuthCredential {
/**
* The authentication provider ID for the credential.
*
* @remarks
* For example, 'facebook.com', or 'google.com'.
*/
readonly providerId: string;
/**
* The authentication sign in method for the credential.
*
* @remarks
* For example, {@link SignInMethod}.EMAIL_PASSWORD, or
* {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method
* identifier as returned in {@link fetchSignInMethodsForEmail}.
*/
readonly signInMethod: string;
/** @internal */
protected constructor(
/**
* The authentication provider ID for the credential.
*
* @remarks
* For example, 'facebook.com', or 'google.com'.
*/
providerId: string,
/**
* The authentication sign in method for the credential.
*
* @remarks
* For example, {@link SignInMethod}.EMAIL_PASSWORD, or
* {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method
* identifier as returned in {@link fetchSignInMethodsForEmail}.
*/
signInMethod: string);
/**
* Returns a JSON-serializable representation of this object.
*
* @returns a JSON-serializable representation of this object.
*/
toJSON(): object;
/** @internal */
_getIdTokenResponse(_auth: AuthInternal): Promise<PhoneOrOauthTokenResponse>;
/** @internal */
_linkToIdToken(_auth: AuthInternal, _idToken: string): Promise<IdTokenResponse>;
/** @internal */
_getReauthenticationResolver(_auth: AuthInternal): Promise<IdTokenResponse>;
}
/**
* Interface for an `Auth` error.
*
* @public
*/
export declare interface AuthError extends FirebaseError {
/** Details about the Firebase Auth error. */
readonly customData: {
/** The name of the Firebase App which triggered this error. */
readonly appName: string;
/** The email address of the user's account, used for sign-in and linking. */
readonly email?: string;
/** The phone number of the user's account, used for sign-in and linking. */
readonly phoneNumber?: string;
/**
* The tenant ID being used for sign-in and linking.
*
* @remarks
* If you use {@link signInWithRedirect} to sign in,
* you have to set the tenant ID on the {@link Auth} instance again as the tenant ID is not persisted
* after redirection.
*/
readonly tenantId?: string;
};
}
/**
* Enumeration of Firebase Auth error codes.
*
* @internal
*/
declare const enum AuthErrorCode {
ADMIN_ONLY_OPERATION = "admin-restricted-operation",
ARGUMENT_ERROR = "argument-error",
APP_NOT_AUTHORIZED = "app-not-authorized",
APP_NOT_INSTALLED = "app-not-installed",
CAPTCHA_CHECK_FAILED = "captcha-check-failed",
CODE_EXPIRED = "code-expired",
CORDOVA_NOT_READY = "cordova-not-ready",
CORS_UNSUPPORTED = "cors-unsupported",
CREDENTIAL_ALREADY_IN_USE = "credential-already-in-use",
CREDENTIAL_MISMATCH = "custom-token-mismatch",
CREDENTIAL_TOO_OLD_LOGIN_AGAIN = "requires-recent-login",
DEPENDENT_SDK_INIT_BEFORE_AUTH = "dependent-sdk-initialized-before-auth",
DYNAMIC_LINK_NOT_ACTIVATED = "dynamic-link-not-activated",
EMAIL_CHANGE_NEEDS_VERIFICATION = "email-change-needs-verification",
EMAIL_EXISTS = "email-already-in-use",
EMULATOR_CONFIG_FAILED = "emulator-config-failed",
EXPIRED_OOB_CODE = "expired-action-code",
EXPIRED_POPUP_REQUEST = "cancelled-popup-request",
INTERNAL_ERROR = "internal-error",
INVALID_API_KEY = "invalid-api-key",
INVALID_APP_CREDENTIAL = "invalid-app-credential",
INVALID_APP_ID = "invalid-app-id",
INVALID_AUTH = "invalid-user-token",
INVALID_AUTH_EVENT = "invalid-auth-event",
INVALID_CERT_HASH = "invalid-cert-hash",
INVALID_CODE = "invalid-verification-code",
INVALID_CONTINUE_URI = "invalid-continue-uri",
INVALID_CORDOVA_CONFIGURATION = "invalid-cordova-configuration",
INVALID_CUSTOM_TOKEN = "invalid-custom-token",
INVALID_DYNAMIC_LINK_DOMAIN = "invalid-dynamic-link-domain",
INVALID_EMAIL = "invalid-email",
INVALID_EMULATOR_SCHEME = "invalid-emulator-scheme",
INVALID_IDP_RESPONSE = "invalid-credential",
INVALID_MESSAGE_PAYLOAD = "invalid-message-payload",
INVALID_MFA_SESSION = "invalid-multi-factor-session",
INVALID_OAUTH_CLIENT_ID = "invalid-oauth-client-id",
INVALID_OAUTH_PROVIDER = "invalid-oauth-provider",
INVALID_OOB_CODE = "invalid-action-code",
INVALID_ORIGIN = "unauthorized-domain",
INVALID_PASSWORD = "wrong-password",
INVALID_PERSISTENCE = "invalid-persistence-type",
INVALID_PHONE_NUMBER = "invalid-phone-number",
INVALID_PROVIDER_ID = "invalid-provider-id",
INVALID_RECIPIENT_EMAIL = "invalid-recipient-email",
INVALID_SENDER = "invalid-sender",
INVALID_SESSION_INFO = "invalid-verification-id",
INVALID_TENANT_ID = "invalid-tenant-id",
LOGIN_BLOCKED = "login-blocked",
MFA_INFO_NOT_FOUND = "multi-factor-info-not-found",
MFA_REQUIRED = "multi-factor-auth-required",
MISSING_ANDROID_PACKAGE_NAME = "missing-android-pkg-name",
MISSING_APP_CREDENTIAL = "missing-app-credential",
MISSING_AUTH_DOMAIN = "auth-domain-config-required",
MISSING_CODE = "missing-verification-code",
MISSING_CONTINUE_URI = "missing-continue-uri",
MISSING_IFRAME_START = "missing-iframe-start",
MISSING_IOS_BUNDLE_ID = "missing-ios-bundle-id",
MISSING_OR_INVALID_NONCE = "missing-or-invalid-nonce",
MISSING_MFA_INFO = "missing-multi-factor-info",
MISSING_MFA_SESSION = "missing-multi-factor-session",
MISSING_PHONE_NUMBER = "missing-phone-number",
MISSING_SESSION_INFO = "missing-verification-id",
MODULE_DESTROYED = "app-deleted",
NEED_CONFIRMATION = "account-exists-with-different-credential",
NETWORK_REQUEST_FAILED = "network-request-failed",
NULL_USER = "null-user",
NO_AUTH_EVENT = "no-auth-event",
NO_SUCH_PROVIDER = "no-such-provider",
OPERATION_NOT_ALLOWED = "operation-not-allowed",
OPERATION_NOT_SUPPORTED = "operation-not-supported-in-this-environment",
POPUP_BLOCKED = "popup-blocked",
POPUP_CLOSED_BY_USER = "popup-closed-by-user",
PROVIDER_ALREADY_LINKED = "provider-already-linked",
QUOTA_EXCEEDED = "quota-exceeded",
REDIRECT_CANCELLED_BY_USER = "redirect-cancelled-by-user",
REDIRECT_OPERATION_PENDING = "redirect-operation-pending",
REJECTED_CREDENTIAL = "rejected-credential",
SECOND_FACTOR_ALREADY_ENROLLED = "second-factor-already-in-use",
SECOND_FACTOR_LIMIT_EXCEEDED = "maximum-second-factor-count-exceeded",
TENANT_ID_MISMATCH = "tenant-id-mismatch",
TIMEOUT = "timeout",
TOKEN_EXPIRED = "user-token-expired",
TOO_MANY_ATTEMPTS_TRY_LATER = "too-many-requests",
UNAUTHORIZED_DOMAIN = "unauthorized-continue-uri",
UNSUPPORTED_FIRST_FACTOR = "unsupported-first-factor",
UNSUPPORTED_PERSISTENCE = "unsupported-persistence-type",
UNSUPPORTED_TENANT_OPERATION = "unsupported-tenant-operation",
UNVERIFIED_EMAIL = "unverified-email",
USER_CANCELLED = "user-cancelled",
USER_DELETED = "user-not-found",
USER_DISABLED = "user-disabled",
USER_MISMATCH = "user-mismatch",
USER_SIGNED_OUT = "user-signed-out",
WEAK_PASSWORD = "weak-password",
WEB_STORAGE_UNSUPPORTED = "web-storage-unsupported",
ALREADY_INITIALIZED = "already-initialized"
}
/**
* A map of potential `Auth` error codes, for easier comparison with errors
* thrown by the SDK.
*
* @remarks
* Note that you can't tree-shake individual keys
* in the map, so by using the map you might substantially increase your
* bundle size.
*
* @public
*/
export declare const AuthErrorCodes: {
readonly ADMIN_ONLY_OPERATION: "auth/admin-restricted-operation";
readonly ARGUMENT_ERROR: "auth/argument-error";
readonly APP_NOT_AUTHORIZED: "auth/app-not-authorized";
readonly APP_NOT_INSTALLED: "auth/app-not-installed";
readonly CAPTCHA_CHECK_FAILED: "auth/captcha-check-failed";
readonly CODE_EXPIRED: "auth/code-expired";
readonly CORDOVA_NOT_READY: "auth/cordova-not-ready";
readonly CORS_UNSUPPORTED: "auth/cors-unsupported";
readonly CREDENTIAL_ALREADY_IN_USE: "auth/credential-already-in-use";
readonly CREDENTIAL_MISMATCH: "auth/custom-token-mismatch";
readonly CREDENTIAL_TOO_OLD_LOGIN_AGAIN: "auth/requires-recent-login";
readonly DEPENDENT_SDK_INIT_BEFORE_AUTH: "auth/dependent-sdk-initialized-before-auth";
readonly DYNAMIC_LINK_NOT_ACTIVATED: "auth/dynamic-link-not-activated";
readonly EMAIL_CHANGE_NEEDS_VERIFICATION: "auth/email-change-needs-verification";
readonly EMAIL_EXISTS: "auth/email-already-in-use";
readonly EMULATOR_CONFIG_FAILED: "auth/emulator-config-failed";
readonly EXPIRED_OOB_CODE: "auth/expired-action-code";
readonly EXPIRED_POPUP_REQUEST: "auth/cancelled-popup-request";
readonly INTERNAL_ERROR: "auth/internal-error";
readonly INVALID_API_KEY: "auth/invalid-api-key";
readonly INVALID_APP_CREDENTIAL: "auth/invalid-app-credential";
readonly INVALID_APP_ID: "auth/invalid-app-id";
readonly INVALID_AUTH: "auth/invalid-user-token";
readonly INVALID_AUTH_EVENT: "auth/invalid-auth-event";
readonly INVALID_CERT_HASH: "auth/invalid-cert-hash";
readonly INVALID_CODE: "auth/invalid-verification-code";
readonly INVALID_CONTINUE_URI: "auth/invalid-continue-uri";
readonly INVALID_CORDOVA_CONFIGURATION: "auth/invalid-cordova-configuration";
readonly INVALID_CUSTOM_TOKEN: "auth/invalid-custom-token";
readonly INVALID_DYNAMIC_LINK_DOMAIN: "auth/invalid-dynamic-link-domain";
readonly INVALID_EMAIL: "auth/invalid-email";
readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
readonly INVALID_OAUTH_PROVIDER: "auth/invalid-oauth-provider";
readonly INVALID_OOB_CODE: "auth/invalid-action-code";
readonly INVALID_ORIGIN: "auth/unauthorized-domain";
readonly INVALID_PASSWORD: "auth/wrong-password";
readonly INVALID_PERSISTENCE: "auth/invalid-persistence-type";
readonly INVALID_PHONE_NUMBER: "auth/invalid-phone-number";
readonly INVALID_PROVIDER_ID: "auth/invalid-provider-id";
readonly INVALID_RECIPIENT_EMAIL: "auth/invalid-recipient-email";
readonly INVALID_SENDER: "auth/invalid-sender";
readonly INVALID_SESSION_INFO: "auth/invalid-verification-id";
readonly INVALID_TENANT_ID: "auth/invalid-tenant-id";
readonly MFA_INFO_NOT_FOUND: "auth/multi-factor-info-not-found";
readonly MFA_REQUIRED: "auth/multi-factor-auth-required";
readonly MISSING_ANDROID_PACKAGE_NAME: "auth/missing-android-pkg-name";
readonly MISSING_APP_CREDENTIAL: "auth/missing-app-credential";
readonly MISSING_AUTH_DOMAIN: "auth/auth-domain-config-required";
readonly MISSING_CODE: "auth/missing-verification-code";
readonly MISSING_CONTINUE_URI: "auth/missing-continue-uri";
readonly MISSING_IFRAME_START: "auth/missing-iframe-start";
readonly MISSING_IOS_BUNDLE_ID: "auth/missing-ios-bundle-id";
readonly MISSING_OR_INVALID_NONCE: "auth/missing-or-invalid-nonce";
readonly MISSING_MFA_INFO: "auth/missing-multi-factor-info";
readonly MISSING_MFA_SESSION: "auth/missing-multi-factor-session";
readonly MISSING_PHONE_NUMBER: "auth/missing-phone-number";
readonly MISSING_SESSION_INFO: "auth/missing-verification-id";
readonly MODULE_DESTROYED: "auth/app-deleted";
readonly NEED_CONFIRMATION: "auth/account-exists-with-different-credential";
readonly NETWORK_REQUEST_FAILED: "auth/network-request-failed";
readonly NULL_USER: "auth/null-user";
readonly NO_AUTH_EVENT: "auth/no-auth-event";
readonly NO_SUCH_PROVIDER: "auth/no-such-provider";
readonly OPERATION_NOT_ALLOWED: "auth/operation-not-allowed";
readonly OPERATION_NOT_SUPPORTED: "auth/operation-not-supported-in-this-environment";
readonly POPUP_BLOCKED: "auth/popup-blocked";
readonly POPUP_CLOSED_BY_USER: "auth/popup-closed-by-user";
readonly PROVIDER_ALREADY_LINKED: "auth/provider-already-linked";
readonly QUOTA_EXCEEDED: "auth/quota-exceeded";
readonly REDIRECT_CANCELLED_BY_USER: "auth/redirect-cancelled-by-user";
readonly REDIRECT_OPERATION_PENDING: "auth/redirect-operation-pending";
readonly REJECTED_CREDENTIAL: "auth/rejected-credential";
readonly SECOND_FACTOR_ALREADY_ENROLLED: "auth/second-factor-already-in-use";
readonly SECOND_FACTOR_LIMIT_EXCEEDED: "auth/maximum-second-factor-count-exceeded";
readonly TENANT_ID_MISMATCH: "auth/tenant-id-mismatch";
readonly TIMEOUT: "auth/timeout";
readonly TOKEN_EXPIRED: "auth/user-token-expired";
readonly TOO_MANY_ATTEMPTS_TRY_LATER: "auth/too-many-requests";
readonly UNAUTHORIZED_DOMAIN: "auth/unauthorized-continue-uri";
readonly UNSUPPORTED_FIRST_FACTOR: "auth/unsupported-first-factor";
readonly UNSUPPORTED_PERSISTENCE: "auth/unsupported-persistence-type";
readonly UNSUPPORTED_TENANT_OPERATION: "auth/unsupported-tenant-operation";
readonly UNVERIFIED_EMAIL: "auth/unverified-email";
readonly USER_CANCELLED: "auth/user-cancelled";
readonly USER_DELETED: "auth/user-not-found";
readonly USER_DISABLED: "auth/user-disabled";
readonly USER_MISMATCH: "auth/user-mismatch";
readonly USER_SIGNED_OUT: "auth/user-signed-out";
readonly WEAK_PASSWORD: "auth/weak-password";
readonly WEB_STORAGE_UNSUPPORTED: "auth/web-storage-unsupported";
readonly ALREADY_INITIALIZED: "auth/already-initialized";
};
/**
* A mapping of error codes to error messages.
*
* @remarks
*
* While error messages are useful for debugging (providing verbose textual
* context around what went wrong), these strings take up a lot of space in the
* compiled code. When deploying code in production, using {@link prodErrorMap}
* will save you roughly 10k compressed/gzipped over {@link debugErrorMap}. You
* can select the error map during initialization:
*
* ```javascript
* initializeAuth(app, {errorMap: debugErrorMap})
* ```
*
* When initializing Auth, {@link prodErrorMap} is default.
*
* @public
*/
export declare interface AuthErrorMap {
}
/**
* @internal
*/
declare interface AuthErrorParams extends GenericAuthErrorParams {
[AuthErrorCode.ARGUMENT_ERROR]: {
appName?: AppName;
};
[AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]: {
appName?: AppName;
};
[AuthErrorCode.INTERNAL_ERROR]: {
appName?: AppName;
};
[AuthErrorCode.LOGIN_BLOCKED]: {
appName?: AppName;
originalMessage?: string;
};
[AuthErrorCode.OPERATION_NOT_SUPPORTED]: {
appName?: AppName;
};
[AuthErrorCode.NO_AUTH_EVENT]: {
appName?: AppName;
};
[AuthErrorCode.MFA_REQUIRED]: {
appName: AppName;
_serverResponse: IdTokenMfaResponse;
};
[AuthErrorCode.INVALID_CORDOVA_CONFIGURATION]: {
appName: AppName;
missingPlugin?: string;
};
}
/**
* @internal
*/
declare interface AuthEvent {
type: AuthEventType;
eventId: string | null;
urlResponse: string | null;
sessionId: string | null;
postBody: string | null;
tenantId: string | null;
error?: AuthEventError;
}
/**
* @internal
*/
declare interface AuthEventConsumer {
readonly filter: AuthEventType[];
eventId: string | null;
onAuthEvent(event: AuthEvent): unknown;
onError(error: FirebaseError): unknown;
}
declare interface AuthEventError extends Error {
code: string;
message: string;
}
/**
* @internal
*/
declare const enum AuthEventType {
LINK_VIA_POPUP = "linkViaPopup",
LINK_VIA_REDIRECT = "linkViaRedirect",
REAUTH_VIA_POPUP = "reauthViaPopup",
REAUTH_VIA_REDIRECT = "reauthViaRedirect",
SIGN_IN_VIA_POPUP = "signInViaPopup",
SIGN_IN_VIA_REDIRECT = "signInViaRedirect",
UNKNOWN = "unknown",
VERIFY_APP = "verifyApp"
}
/**
* UserInternal and AuthInternal reference each other, so both of them are included in the public typings.
* In order to exclude them, we mark them as internal explicitly.
*
* @internal
*/
declare interface AuthInternal extends Auth {
currentUser: User | null;
emulatorConfig: EmulatorConfig | null;
_canInitEmulator: boolean;
_isInitialized: boolean;
_initializationPromise: Promise<void> | null;
_updateCurrentUser(user: UserInternal | null): Promise<void>;
_onStorageEvent(): void;
_notifyListenersIfCurrent(user: UserInternal): void;
_persistUserIfCurrent(user: UserInternal): Promise<void>;
_setRedirectUser(user: UserInternal | null, popupRedirectResolver?: PopupRedirectResolver): Promise<void>;
_redirectUserForId(id: string): Promise<UserInternal | null>;
_popupRedirectResolver: PopupRedirectResolverInternal | null;
_key(): string;
_startProactiveRefresh(): void;
_stopProactiveRefresh(): void;
_getPersistence(): string;
_logFramework(framework: string): void;
_getFrameworks(): readonly string[];
_getAdditionalHeaders(): Promise<Record<string, string>>;
readonly name: AppName;
readonly config: ConfigInternal;
languageCode: string | null;
tenantId: string | null;
readonly settings: AuthSettings;
_errorFactory: ErrorFactory<AuthErrorCode, AuthErrorParams>;
useDeviceLanguage(): void;
signOut(): Promise<void>;
}
declare class AuthPopup {
readonly window: Window | null;
associatedEvent: string | null;
constructor(window: Window | null);
close(): void;
}
/**
* Interface that represents an auth provider, used to facilitate creating {@link AuthCredential}.
*
* @public
*/
export declare interface AuthProvider {
/**
* Provider for which credentials can be constructed.
*/
readonly providerId: string;
}
/**
* Interface representing an {@link Auth} instance's settings.
*
* @remarks Currently used for enabling/disabling app verification for phone Auth testing.
*
* @public
*/
export declare interface AuthSettings {
/**
* When set, this property disables app verification for the purpose of testing phone
* authentication. For this property to take effect, it needs to be set before rendering a
* reCAPTCHA app verifier. When this is disabled, a mock reCAPTCHA is rendered instead. This is
* useful for manual testing during development or for automated integration tests.
*
* In order to use this feature, you will need to
* {@link https://firebase.google.com/docs/auth/web/phone-auth#test-with-whitelisted-phone-numbers | whitelist your phone number}
* via the Firebase Console.
*
* The default value is false (app verification is enabled).
*/
appVerificationDisabledForTesting: boolean;
}
/**
* MFA Info as returned by the API
*/
declare interface BaseMfaEnrollment {
mfaEnrollmentId: string;
enrolledAt: number;
displayName?: string;
}
/**
* Common code to all OAuth providers. This is separate from the
* {@link OAuthProvider} so that child providers (like
* {@link GoogleAuthProvider}) don't inherit the `credential` instance method.
* Instead, they rely on a static `credential` method.
*/
declare abstract class BaseOAuthProvider extends FederatedAuthProvider implements AuthProvider {
/** @internal */
private scopes;
/**
* Add an OAuth scope to the credential.
*
* @param scope - Provider OAuth scope to add.
*/
addScope(scope: string): AuthProvider;
/**
* Retrieve the current list of OAuth scopes.
*/
getScopes(): string[];
}
/**
* Adds a blocking callback that runs before an auth state change
* sets a new user.
*
* @param auth - The {@link Auth} instance.
* @param callback - callback triggered before new user value is set.
* If this throws, it blocks the user from being set.
* @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
* callback throws, allowing you to undo any side effects.
*/
export declare function beforeAuthStateChanged(auth: Auth, callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
/**
* An implementation of {@link Persistence} of type `LOCAL` using `localStorage`
* for the underlying storage.
*
* @public
*/
export declare const browserLocalPersistence: Persistence;
/**
* An implementation of {@link PopupRedirectResolver} suitable for browser
* based applications.
*
* @public
*/
export declare const browserPopupRedirectResolver: PopupRedirectResolver;
/**
* An implementation of {@link Persistence} of `SESSION` using `sessionStorage`
* for the underlying storage.
*
* @public
*/
export declare const browserSessionPersistence: Persistence;
/**
* Checks a verification code sent to the user by email or other out-of-band mechanism.
*
* @returns metadata about the code.
*
* @param auth - The {@link Auth} instance.
* @param oobCode - A verification code sent to the user.
*
* @public
*/
export declare function checkActionCode(auth: Auth, oobCode: string): Promise<ActionCodeInfo>;
/**
* @internal
*/
declare const enum ClientPlatform {
BROWSER = "Browser",
NODE = "Node",
REACT_NATIVE = "ReactNative",
CORDOVA = "Cordova",
WORKER = "Worker"
}
export { CompleteFn }
/**
* Interface representing the `Auth` config.
*
* @public
*/
export declare interface Config {
/**
* The API Key used to communicate with the Firebase Auth backend.
*/
apiKey: string;
/**
* The host at which the Firebase Auth backend is running.
*/
apiHost: string;
/**
* The scheme used to communicate with the Firebase Auth backend.
*/
apiScheme: string;
/**
* The host at which the Secure Token API is running.
*/
tokenApiHost: string;
/**
* The SDK Client Version.
*/
sdkClientVersion: string;
/**
* The domain at which the web widgets are hosted (provided via Firebase Config).
*/
authDomain?: string;
}
/**
* @internal
*/
declare interface ConfigInternal extends Config {
/**
* @readonly
*/
emulator?: {
url: string;
};
/**
* @readonly
*/
clientPlatform: ClientPlatform;
}
/**
* A result from a phone number sign-in, link, or reauthenticate call.
*
* @public
*/
export declare interface ConfirmationResult {
/**
* The phone number authentication operation's verification ID.
*
* @remarks
* This can be used along with the verification code to initialize a
* {@link PhoneAuthCredential}.
*/
readonly verificationId: string;
/**
* Finishes a phone number sign-in, link, or reauthentication.
*
* @example
* ```javascript
* const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
* // Obtain verificationCode from the user.
* const userCredential = await confirmationResult.confirm(verificationCode);
* ```
*
* @param verificationCode - The code that was sent to the user's mobile device.
*/
confirm(verificationCode: string): Promise<UserCredential>;
}
/**
* Completes the password reset process, given a confirmation code and new password.
*
* @param auth - The {@link Auth} instance.
* @param oobCode - A confirmation code sent to the user.
* @param newPassword - The new password.
*
* @public
*/
export declare function confirmPasswordReset(auth: Auth, oobCode: string, newPassword: string): Promise<void>;
/**
* Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
* Firebase Auth services.
*
* @remarks
* This must be called synchronously immediately following the first call to
* {@link initializeAuth}. Do not use with production credentials as emulator
* traffic is not encrypted.
*
*
* @example
* ```javascript
* connectAuthEmulator(auth, 'http://127.0.0.1:9099', { disableWarnings: true });
* ```
*
* @param auth - The {@link Auth} instance.
* @param url - The URL at which the emulator is running (eg, 'http://localhost:9099').
* @param options - Optional. `options.disableWarnings` defaults to `false`. Set it to
* `true` to disable the warning banner attached to the DOM.
*
* @public
*/
export declare function connectAuthEmulator(auth: Auth, url: string, options?: {
disableWarnings: boolean;
}): void;
/**
* Creates a new user account associated with the specified email address and password.
*
* @remarks
* On successful creation of the user account, this user will also be signed in to your application.
*
* User account creation can fail if the account already exists or the password is invalid.
*
* Note: The email address acts as a unique identifier for the user and enables an email-based
* password reset. This function will create a new user account and set the initial user password.
*
* @param auth - The {@link Auth} instance.
* @param email - The user's email address.
* @param password - The user's chosen password.
*
* @public
*/
export declare function createUserWithEmailAndPassword(auth: Auth, email: string, password: string): Promise<UserCredential>;
/**
* Map of OAuth Custom Parameters.
*
* @public
*/
export declare type CustomParameters = Record<string, string>;
/**
* A verbose error map with detailed descriptions for most error codes.
*
* See discussion at {@link AuthErrorMap}
*
* @public
*/
export declare const debugErrorMap: AuthErrorMap;
/**
* Deletes and signs out the user.
*
* @remarks
* Important: this is a security-sensitive operation that requires the user to have recently
* signed in. If this requirement isn't met, ask the user to authenticate again and then call
* {@link reauthenticateWithCredential}.
*
* @param user - The user.
*
* @public
*/
export declare function deleteUser(user: User): Promise<void>;
/**
* The dependencies that can be used to initialize an {@link Auth} instance.
*
* @remarks
*
* The modular SDK enables tree shaking by allowing explicit declarations of
* dependencies. For example, a web app does not need to include code that
* enables Cordova redirect sign in. That functionality is therefore split into
* {@link browserPopupRedirectResolver} and
* {@link cordovaPopupRedirectResolver}. The dependencies object is how Auth is
* configured to reduce bundle sizes.
*
* There are two ways to initialize an {@link Auth} instance: {@link getAuth} and
* {@link initializeAuth}. `getAuth` initializes everything using
* platform-specific configurations, while `initializeAuth` takes a
* `Dependencies` object directly, giving you more control over what is used.
*
* @public
*/
export declare interface Dependencies {
/**
* Which {@link Persistence} to use. If this is an array, the first
* `Persistence` that the device supports is used. The SDK searches for an
* existing account in order and, if one is found in a secondary
* `Persistence`, the account is moved to the primary `Persistence`.
*
* If no persistence is provided, the SDK falls back on
* {@link inMemoryPersistence}.
*/
persistence?: Persistence | Persistence[];
/**
* The {@link PopupRedirectResolver} to use. This value depends on the
* platform. Options are {@link browserPopupRedirectResolver} and
* {@link cordovaPopupRedirectResolver}. This field is optional if neither
* {@link signInWithPopup} or {@link signInWithRedirect} are being used.
*/
popupRedirectResolver?: PopupRedirectResolver;
/**
* Which {@link AuthErrorMap} to use.
*/
errorMap?: AuthErrorMap;
}
/**
* Interface that represents the credentials returned by {@link EmailAuthProvider} for
* {@link ProviderId}.PASSWORD
*
* @remarks
* Covers both {@link SignInMethod}.EMAIL_PASSWORD and
* {@link SignInMethod}.EMAIL_LINK.
*
* @public
*/
export declare class EmailAuthCredential extends AuthCredential {
/** @internal */
readonly _email: string;
/** @internal */
readonly _password: string;
/** @internal */
readonly _tenantId: string | null;
/** @internal */
private constructor();
/** @internal */
static _fromEmailAndPassword(email: string, password: string): EmailAuthCredential;
/** @internal */
static _fromEmailAndCode(email: string, oobCode: string, tenantId?: string | null): EmailAuthCredential;
/** {@inheritdoc AuthCredential.toJSON} */
toJSON(): object;
/**
* Static method to deserialize a JSON representation of an object into an {@link AuthCredential}.
*
* @param json - Either `object` or the stringified representation of the object. When string is
* provided, `JSON.parse` would be called first.
*
* @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
*/
static fromJSON(json: object | string): EmailAuthCredential | null;
/** @internal */
_getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse>;
/** @internal */
_linkToIdToken(auth: AuthInternal, idToken: string): Promise<IdTokenResponse>;
/** @internal */
_getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse>;
}
/**
* Provider for generating {@link EmailAuthCredential}.
*
* @public
*/
export declare class EmailAuthProvider implements AuthProvider {
/**
* Always set to {@link ProviderId}.PASSWORD, even for email link.
*/
static readonly PROVIDER_ID: 'password';
/**
* Always set to {@link SignInMethod}.EMAIL_PASSWORD.
*/
static readonly EMAIL_PASSWORD_SIGN_IN_METHOD: 'password';
/**
* Always set to {@link SignInMethod}.EMAIL_LINK.
*/
static readonly EMAIL_LINK_SIGN_IN_METHOD: 'emailLink';
/**
* Always set to {@link ProviderId}.PASSWORD, even for email link.
*/
readonly providerId: "password";
/**
* Initialize an {@link AuthCredential} using an email and password.
*
* @example
* ```javascript
* const authCredential = EmailAuthProvider.credential(email, password);
* const userCredential = await signInWithCredential(auth, authCredential);
* ```
*
* @example
* ```javascript
* const userCredential = await signInWithEmailAndPassword(auth, email, password);
* ```
*
* @param email - Email address.
* @param password - User account password.
* @returns The auth provider credential.
*/
static credential(email: string, password: string): EmailAuthCredential;
/**
* Initialize an {@link AuthCredential} using an email and an email link after a sign in with
* email link operation.
*
* @example
* ```javascript
* const authCredential = EmailAuthProvider.credentialWithLink(auth, email, emailLink);
* const userCredential = await signInWithCredential(auth, authCredential);
* ```
*
* @example
* ```javascript
* await sendSignInLinkToEmail(auth, email);
* // Obtain emailLink from user.
* const userCredential = await signInWithEmailLink(auth, email, emailLink);
* ```
*
* @param auth - The {@link Auth} instance used to verify the link.
* @param email - Email address.
* @param emailLink - Sign-in email link.
* @returns - The auth provider credential.
*/
static credentialWithLink(email: string, emailLink: string): EmailAuthCredential;
}
/**
* Configuration of Firebase Authentication Emulator.
* @public
*/
export declare interface EmulatorConfig {
/**
* The protocol used to communicate with the emulator ("http"/"https").
*/
readonly protocol: string;
/**
* The hostname of the emulator, which may be a domain ("localhost"), IPv4 address ("127.0.0.1")
* or quoted IPv6 address ("[::1]").
*/
readonly host: string;
/**
* The port of the emulator, or null if port isn't specified (i.e. protocol default).
*/
readonly port: number | null;
/**
* The emulator-specific options.
*/
readonly options: {
/**
* Whether the warning banner attached to the DOM was disabled.
*/
readonly disableWarnings: boolean;
};
}
export { ErrorFn }
/**
* @internal
*/
declare interface EventManager {
registerConsumer(authEventConsumer: AuthEventConsumer): void;
unregisterConsumer(authEventConsumer: AuthEventConsumer): void;
}
/**
* Provider for generating an {@link OAuthCredential} for {@link ProviderId}.FACEBOOK.
*
* @example
* ```javascript
* // Sign in using a redirect.
* const provider = new FacebookAuthProvider();
* // Start a sign in process for an unauthenticated user.
* provider.addScope('user_birthday');
* await signInWithRedirect(auth, provider);
* // This will trigger a full page redirect away from your app
*
* // After returning from the redirect when your app initializes you can obtain the result
* const result = await getRedirectResult(auth);
* if (result) {
* // This is the signed-in user
* const user = result.user;
* // This gives you a Facebook Access Token.
* const credential = FacebookAuthProvider.credentialFromResult(result);
* const token = credential.accessToken;
* }
* ```
*
* @example
* ```javascript
* // Sign in using a popup.
* const provider = new FacebookAuthProvider();
* provider.addScope('user_birthday');
* const result = await signInWithPopup(auth, provider);
*
* // The signed-in user info.
* const user = result.user;
* // This gives you a Facebook Access Token.
* const credential = FacebookAuthProvider.credentialFromResult(result);
* const token = credential.accessToken;
* ```
*
* @public
*/
export declare class FacebookAuthProvider extends BaseOAuthProvider {
/** Always set to {@link SignInMethod}.FACEBOOK. */
static readonly FACEBOOK_SIGN_IN_METHOD: 'facebook.com';
/** Always set to {@link ProviderId}.FACEBOOK. */
static readonly PROVIDER_ID: 'facebook.com';
constructor();
/**
* Creates a credential for Facebook.
*
* @example
* ```javascript
* // `event` from the Facebook auth.authResponseChange callback.
* const credential = FacebookAuthProvider.credential(event.authResponse.accessToken);
* const result = await signInWithCredential(credential);
* ```
*
* @param accessToken - Facebook access token.
*/
static credential(accessToken: st