UNPKG

firebase-admin

Version:

Firebase admin SDK for Node.js

firebase.google.com

firebase/firebase-admin-node

220 lines (219 loc) 7.65 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
/*! firebase-admin v13.2.0 */ /*! * Copyright 2018 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * Interface representing a decoded Firebase ID token, returned from the * {@link BaseAuth.verifyIdToken} method. * * Firebase ID tokens are OpenID Connect spec-compliant JSON Web Tokens (JWTs). * See the * [ID Token section of the OpenID Connect spec](http://openid.net/specs/openid-connect-core-1_0.html#IDToken) * for more information about the specific properties below. */ export interface DecodedIdToken { /** * The audience for which this token is intended. * * This value is a string equal to your Firebase project ID, the unique * identifier for your Firebase project, which can be found in [your project's * settings](https://console.firebase.google.com/project/_/settings/general/android:com.random.android). */ aud: string; /** * Time, in seconds since the Unix epoch, when the end-user authentication * occurred. * * This value is not set when this particular ID token was created, but when the * user initially logged in to this session. In a single session, the Firebase * SDKs will refresh a user's ID tokens every hour. Each ID token will have a * different [`iat`](#iat) value, but the same `auth_time` value. */ auth_time: number; /** * The email of the user to whom the ID token belongs, if available. */ email?: string; /** * Whether or not the email of the user to whom the ID token belongs is * verified, provided the user has an email. */ email_verified?: boolean; /** * The ID token's expiration time, in seconds since the Unix epoch. That is, the * time at which this ID token expires and should no longer be considered valid. * * The Firebase SDKs transparently refresh ID tokens every hour, issuing a new * ID token with up to a one hour expiration. */ exp: number; /** * Information about the sign in event, including which sign in provider was * used and provider-specific identity details. * * This data is provided by the Firebase Authentication service and is a * reserved claim in the ID token. */ firebase: { /** * Provider-specific identity details corresponding * to the provider used to sign in the user. */ identities: { [key: string]: any; }; /** * The ID of the provider used to sign in the user. * One of `"anonymous"`, `"password"`, `"facebook.com"`, `"github.com"`, * `"google.com"`, `"twitter.com"`, `"apple.com"`, `"microsoft.com"`, * `"yahoo.com"`, `"phone"`, `"playgames.google.com"`, `"gc.apple.com"`, * or `"custom"`. * * Additional Identity Platform provider IDs include `"linkedin.com"`, * OIDC and SAML identity providers prefixed with `"saml."` and `"oidc."` * respectively. */ sign_in_provider: string; /** * The type identifier or `factorId` of the second factor, provided the * ID token was obtained from a multi-factor authenticated user. * For phone, this is `"phone"`. */ sign_in_second_factor?: string; /** * The `uid` of the second factor used to sign in, provided the * ID token was obtained from a multi-factor authenticated user. */ second_factor_identifier?: string; /** * The ID of the tenant the user belongs to, if available. */ tenant?: string; [key: string]: any; }; /** * The ID token's issued-at time, in seconds since the Unix epoch. That is, the * time at which this ID token was issued and should start to be considered * valid. * * The Firebase SDKs transparently refresh ID tokens every hour, issuing a new * ID token with a new issued-at time. If you want to get the time at which the * user session corresponding to the ID token initially occurred, see the * [`auth_time`](#auth_time) property. */ iat: number; /** * The issuer identifier for the issuer of the response. * * This value is a URL with the format * `https://securetoken.google.com/<PROJECT_ID>`, where `<PROJECT_ID>` is the * same project ID specified in the [`aud`](#aud) property. */ iss: string; /** * The phone number of the user to whom the ID token belongs, if available. */ phone_number?: string; /** * The photo URL for the user to whom the ID token belongs, if available. */ picture?: string; /** * The `uid` corresponding to the user who the ID token belonged to. * * As a convenience, this value is copied over to the [`uid`](#uid) property. */ sub: string; /** * The `uid` corresponding to the user who the ID token belonged to. * * This value is not actually in the JWT token claims itself. It is added as a * convenience, and is set as the value of the [`sub`](#sub) property. */ uid: string; /** * Other arbitrary claims included in the ID token. */ [key: string]: any; } /** @alpha */ export interface DecodedAuthBlockingSharedUserInfo { uid: string; display_name?: string; email?: string; photo_url?: string; phone_number?: string; } /** @alpha */ export interface DecodedAuthBlockingMetadata { creation_time?: number; last_sign_in_time?: number; } /** @alpha */ export interface DecodedAuthBlockingUserInfo extends DecodedAuthBlockingSharedUserInfo { provider_id: string; } /** @alpha */ export interface DecodedAuthBlockingMfaInfo { uid: string; display_name?: string; phone_number?: string; enrollment_time?: string; factor_id?: string; } /** @alpha */ export interface DecodedAuthBlockingEnrolledFactors { enrolled_factors?: DecodedAuthBlockingMfaInfo[]; } /** @alpha */ export interface DecodedAuthBlockingUserRecord extends DecodedAuthBlockingSharedUserInfo { email_verified?: boolean; disabled?: boolean; metadata?: DecodedAuthBlockingMetadata; password_hash?: string; password_salt?: string; provider_data?: DecodedAuthBlockingUserInfo[]; multi_factor?: DecodedAuthBlockingEnrolledFactors; custom_claims?: any; tokens_valid_after_time?: number; tenant_id?: string; [key: string]: any; } /** @alpha */ export interface DecodedAuthBlockingToken { aud: string; exp: number; iat: number; iss: string; sub: string; event_id: string; event_type: string; ip_address: string; user_agent?: string; locale?: string; sign_in_method?: string; user_record?: DecodedAuthBlockingUserRecord; tenant_id?: string; raw_user_info?: string; sign_in_attributes?: { [key: string]: any; }; oauth_id_token?: string; oauth_access_token?: string; oauth_refresh_token?: string; oauth_token_secret?: string; oauth_expires_in?: number; [key: string]: any; }