googleapis

import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace firebaseappcheck_v1 { export interface Options extends GlobalOptions { version: 'v1'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Firebase App Check API * * Firebase App Check works alongside other Firebase services to help protect your backend resources from abuse, such as billing fraud or phishing. * * @example * ```js * const {google} = require('googleapis'); * const firebaseappcheck = google.firebaseappcheck('v1'); * ``` */ export class Firebaseappcheck { context: APIRequestContext; jwks: Resource$Jwks; oauthClients: Resource$Oauthclients; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * An app's App Attest configuration object. This configuration controls certain properties of the `AppCheckToken` returned by ExchangeAppAttestAttestation and ExchangeAppAttestAssertion, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v11/projects.iosApps/patch). */ export interface Schema$GoogleFirebaseAppcheckV1AppAttestConfig { /** * Required. The relative resource name of the App Attest configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/appAttestConfig ``` */ name?: string | null; /** * Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * Encapsulates an *App Check token*, which are used to access backend services protected by App Check. */ export interface Schema$GoogleFirebaseAppcheckV1AppCheckToken { /** * The App Check token. App Check tokens are signed [JWTs](https://tools.ietf.org/html/rfc7519) containing claims that identify the attested app and GCP project. This token is used to access Google services protected by App Check. These tokens can also be [verified by your own custom backends](https://firebase.google.com/docs/app-check/custom-resource-backend) using the Firebase Admin SDK or third-party libraries. */ token?: string | null; /** * The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration. */ ttl?: string | null; } /** * Response message for the BatchGetAppAttestConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1BatchGetAppAttestConfigsResponse { /** * AppAttestConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1AppAttestConfig[]; } /** * Response message for the BatchGetDeviceCheckConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1BatchGetDeviceCheckConfigsResponse { /** * DeviceCheckConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1DeviceCheckConfig[]; } /** * Response message for the BatchGetPlayIntegrityConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1BatchGetPlayIntegrityConfigsResponse { /** * PlayIntegrityConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1PlayIntegrityConfig[]; } /** * Response message for the BatchGetRecaptchaEnterpriseConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1BatchGetRecaptchaEnterpriseConfigsResponse { /** * RecaptchaEnterpriseConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1RecaptchaEnterpriseConfig[]; } /** * Response message for the BatchGetRecaptchaV3Configs method. */ export interface Schema$GoogleFirebaseAppcheckV1BatchGetRecaptchaV3ConfigsResponse { /** * RecaptchaV3Configs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1RecaptchaV3Config[]; } /** * Response message for the BatchGetSafetyNetConfigs method. */ export interface Schema$GoogleFirebaseAppcheckV1BatchGetSafetyNetConfigsResponse { /** * SafetyNetConfigs retrieved. */ configs?: Schema$GoogleFirebaseAppcheckV1SafetyNetConfig[]; } /** * Request message for the BatchUpdateResourcePolicies method. */ export interface Schema$GoogleFirebaseAppcheckV1BatchUpdateResourcePoliciesRequest { /** * Required. The request messages specifying the ResourcePolicy objects to update. A maximum of 100 objects can be updated in a batch. */ requests?: Schema$GoogleFirebaseAppcheckV1UpdateResourcePolicyRequest[]; /** * Optional. A comma-separated list of names of fields in the ResourcePolicy objects to update. Example: `enforcement_mode`. If this field is present, the `update_mask` field in the UpdateResourcePolicyRequest messages must all match this field, or the entire batch fails and no updates will be committed. */ updateMask?: string | null; } /** * Response message for the BatchUpdateResourcePolicies method. */ export interface Schema$GoogleFirebaseAppcheckV1BatchUpdateResourcePoliciesResponse { /** * ResourcePolicy objects after the updates have been applied. */ resourcePolicies?: Schema$GoogleFirebaseAppcheckV1ResourcePolicy[]; } /** * Request message for the BatchUpdateServices method. */ export interface Schema$GoogleFirebaseAppcheckV1BatchUpdateServicesRequest { /** * Required. The request messages specifying the Services to update. A maximum of 100 objects can be updated in a batch. */ requests?: Schema$GoogleFirebaseAppcheckV1UpdateServiceRequest[]; /** * Optional. A comma-separated list of names of fields in the Services to update. Example: `display_name`. If the `update_mask` field is set in both this request and any of the UpdateServiceRequest messages, they must match or the entire batch fails and no updates will be committed. */ updateMask?: string | null; } /** * Response message for the BatchUpdateServices method. */ export interface Schema$GoogleFirebaseAppcheckV1BatchUpdateServicesResponse { /** * Service objects after the updates have been applied. */ services?: Schema$GoogleFirebaseAppcheckV1Service[]; } /** * A *debug token* is a secret used during the development or integration testing of an app. It essentially allows the development or integration testing to bypass app attestation while still allowing App Check to enforce protection on supported production Firebase services. */ export interface Schema$GoogleFirebaseAppcheckV1DebugToken { /** * Required. A human readable display name used to identify this debug token. */ displayName?: string | null; /** * Required. The relative resource name of the debug token, in the format: ``` projects/{project_number\}/apps/{app_id\}/debugTokens/{debug_token_id\} ``` */ name?: string | null; /** * Required. Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response. */ token?: string | null; /** * Output only. Timestamp when this debug token was most recently updated. */ updateTime?: string | null; } /** * An app's DeviceCheck configuration object. This configuration is used by ExchangeDeviceCheckToken to validate device tokens issued to apps by DeviceCheck. It also controls certain properties of the returned `AppCheckToken`, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v11/projects.iosApps/patch). */ export interface Schema$GoogleFirebaseAppcheckV1DeviceCheckConfig { /** * Required. The key identifier of a private key enabled with DeviceCheck, created in your Apple Developer account. */ keyId?: string | null; /** * Required. The relative resource name of the DeviceCheck configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/deviceCheckConfig ``` */ name?: string | null; /** * Required. Input only. The contents of the private key (`.p8`) file associated with the key specified by `key_id`. For security reasons, this field will never be populated in any response. */ privateKey?: string | null; /** * Output only. Whether the `private_key` field was previously set. Since we will never return the `private_key` field, this field is the only way to find out whether it was previously set. */ privateKeySet?: boolean | null; /** * Specifies the duration for which App Check tokens exchanged from DeviceCheck tokens will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * Request message for the ExchangeAppAttestAssertion method. */ export interface Schema$GoogleFirebaseAppcheckV1ExchangeAppAttestAssertionRequest { /** * Required. The artifact returned by a previous call to ExchangeAppAttestAttestation. */ artifact?: string | null; /** * Required. The CBOR-encoded assertion returned by the client-side App Attest API. */ assertion?: string | null; /** * Required. A one-time challenge returned by an immediately prior call to GenerateAppAttestChallenge. */ challenge?: string | null; /** * Specifies whether this attestation is for use in a *limited use* (`true`) or *session based* (`false`) context. To enable this attestation to be used with the *replay protection* feature, set this to `true`. The default value is `false`. */ limitedUse?: boolean | null; } /** * Request message for the ExchangeAppAttestAttestation method. */ export interface Schema$GoogleFirebaseAppcheckV1ExchangeAppAttestAttestationRequest { /** * Required. The App Attest statement returned by the client-side App Attest API. This is a base64url encoded CBOR object in the JSON response. */ attestationStatement?: string | null; /** * Required. A one-time challenge returned by an immediately prior call to GenerateAppAttestChallenge. */ challenge?: string | null; /** * Required. The key ID generated by App Attest for the client app. */ keyId?: string | null; /** * Specifies whether this attestation is for use in a *limited use* (`true`) or *session based* (`false`) context. To enable this attestation to be used with the *replay protection* feature, set this to `true`. The default value is `false`. */ limitedUse?: boolean | null; } /** * Response message for the ExchangeAppAttestAttestation method. */ export interface Schema$GoogleFirebaseAppcheckV1ExchangeAppAttestAttestationResponse { /** * Encapsulates an App Check token. */ appCheckToken?: Schema$GoogleFirebaseAppcheckV1AppCheckToken; /** * An artifact that can be used in future calls to ExchangeAppAttestAssertion. */ artifact?: string | null; } /** * Request message for the ExchangeCustomToken method. */ export interface Schema$GoogleFirebaseAppcheckV1ExchangeCustomTokenRequest { /** * Required. A custom token signed using your project's Admin SDK service account credentials. */ customToken?: string | null; /** * Specifies whether this attestation is for use in a *limited use* (`true`) or *session based* (`false`) context. To enable this attestation to be used with the *replay protection* feature, set this to `true`. The default value is `false`. */ limitedUse?: boolean | null; } /** * Request message for the ExchangeDebugToken method. */ export interface Schema$GoogleFirebaseAppcheckV1ExchangeDebugTokenRequest { /** * Required. A debug token secret. This string must match a debug token secret previously created using CreateDebugToken. */ debugToken?: string | null; /** * Specifies whether this attestation is for use in a *limited use* (`true`) or *session based* (`false`) context. To enable this attestation to be used with the *replay protection* feature, set this to `true`. The default value is `false`. */ limitedUse?: boolean | null; } /** * Request message for the ExchangeDeviceCheckToken method. */ export interface Schema$GoogleFirebaseAppcheckV1ExchangeDeviceCheckTokenRequest { /** * Required. The `device_token` as returned by Apple's client-side [DeviceCheck API](https://developer.apple.com/documentation/devicecheck/dcdevice). This is the base64 encoded `Data` (Swift) or `NSData` (ObjC) object. */ deviceToken?: string | null; /** * Specifies whether this attestation is for use in a *limited use* (`true`) or *session based* (`false`) context. To enable this attestation to be used with the *replay protection* feature, set this to `true`. The default value is `false`. */ limitedUse?: boolean | null; } /** * Request message for the ExchangePlayIntegrityToken method. */ export interface Schema$GoogleFirebaseAppcheckV1ExchangePlayIntegrityTokenRequest { /** * Specifies whether this attestation is for use in a *limited use* (`true`) or *session based* (`false`) context. To enable this attestation to be used with the *replay protection* feature, set this to `true`. The default value is `false`. */ limitedUse?: boolean | null; /** * Required. The [integrity verdict response token from Play Integrity](https://developer.android.com/google/play/integrity/verdict#decrypt-verify) issued to your app. */ playIntegrityToken?: string | null; } /** * Request message for the ExchangeRecaptchaEnterpriseToken method. */ export interface Schema$GoogleFirebaseAppcheckV1ExchangeRecaptchaEnterpriseTokenRequest { /** * Specifies whether this attestation is for use in a *limited use* (`true`) or *session based* (`false`) context. To enable this attestation to be used with the *replay protection* feature, set this to `true`. The default value is `false`. */ limitedUse?: boolean | null; /** * Required. The reCAPTCHA token as returned by the [reCAPTCHA Enterprise JavaScript API](https://cloud.google.com/recaptcha-enterprise/docs/instrument-web-pages). */ recaptchaEnterpriseToken?: string | null; } /** * Request message for the ExchangeRecaptchaV3Token method. */ export interface Schema$GoogleFirebaseAppcheckV1ExchangeRecaptchaV3TokenRequest { /** * Specifies whether this attestation is for use in a *limited use* (`true`) or *session based* (`false`) context. To enable this attestation to be used with the *replay protection* feature, set this to `true`. The default value is `false`. */ limitedUse?: boolean | null; /** * Required. The reCAPTCHA token as returned by the [reCAPTCHA v3 JavaScript API](https://developers.google.com/recaptcha/docs/v3). */ recaptchaV3Token?: string | null; } /** * Request message for the ExchangeSafetyNetToken method. */ export interface Schema$GoogleFirebaseAppcheckV1ExchangeSafetyNetTokenRequest { /** * Required. The [SafetyNet attestation response](https://developer.android.com/training/safetynet/attestation#request-attestation-step) issued to your app. */ safetyNetToken?: string | null; } /** * Request message for the GenerateAppAttestChallenge method. */ export interface Schema$GoogleFirebaseAppcheckV1GenerateAppAttestChallengeRequest { } /** * Response message for the GenerateAppAttestChallenge method. */ export interface Schema$GoogleFirebaseAppcheckV1GenerateAppAttestChallengeResponse { /** * A one-time use challenge for the client to pass to the App Attest API. */ challenge?: string | null; /** * The duration from the time this challenge is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration. */ ttl?: string | null; } /** * Request message for the GeneratePlayIntegrityChallenge method. */ export interface Schema$GoogleFirebaseAppcheckV1GeneratePlayIntegrityChallengeRequest { } /** * Response message for the GeneratePlayIntegrityChallenge method. */ export interface Schema$GoogleFirebaseAppcheckV1GeneratePlayIntegrityChallengeResponse { /** * A one-time use [challenge](https://developer.android.com/google/play/integrity/verdict#protect-against-replay-attacks) for the client to pass to the Play Integrity API. */ challenge?: string | null; /** * The duration from the time this challenge is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration. */ ttl?: string | null; } /** * Response message for the ListDebugTokens method. */ export interface Schema$GoogleFirebaseAppcheckV1ListDebugTokensResponse { /** * The DebugTokens retrieved. */ debugTokens?: Schema$GoogleFirebaseAppcheckV1DebugToken[]; /** * If the result list is too large to fit in a single response, then a token is returned. If the string is empty or omitted, then this response is the last page of results. This token can be used in a subsequent call to ListDebugTokens to find the next group of DebugTokens. Page tokens are short-lived and should not be persisted. */ nextPageToken?: string | null; } /** * Response message for the ListResourcePolicies method. */ export interface Schema$GoogleFirebaseAppcheckV1ListResourcePoliciesResponse { /** * If the result list is too large to fit in a single response, then a token is returned. If the string is empty or omitted, then this response is the last page of results. This token can be used in a subsequent call to ListResourcePolicies to find the next group of ResourcePolicy objects. Page tokens are short-lived and should not be persisted. */ nextPageToken?: string | null; /** * The ResourcePolicy objects retrieved. */ resourcePolicies?: Schema$GoogleFirebaseAppcheckV1ResourcePolicy[]; } /** * Response message for the ListServices method. */ export interface Schema$GoogleFirebaseAppcheckV1ListServicesResponse { /** * If the result list is too large to fit in a single response, then a token is returned. If the string is empty or omitted, then this response is the last page of results. This token can be used in a subsequent call to ListServices to find the next group of Services. Page tokens are short-lived and should not be persisted. */ nextPageToken?: string | null; /** * The Services retrieved. */ services?: Schema$GoogleFirebaseAppcheckV1Service[]; } /** * An app's Play Integrity configuration object. This configuration controls certain properties of the `AppCheckToken` returned by ExchangePlayIntegrityToken, such as its ttl. Note that your registered SHA-256 certificate fingerprints are used to validate tokens issued by the Play Integrity API; please register them via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.androidApps.sha/create). */ export interface Schema$GoogleFirebaseAppcheckV1PlayIntegrityConfig { /** * Specifies account requirements for Android devices running your app. These settings correspond to requirements on the [**account details** field](https://developer.android.com/google/play/integrity/verdicts#account-details-field) obtained from the Play Integrity API. See the [default responses table](https://developer.android.com/google/play/integrity/setup#default) for a quick summary. The default values for these settings work for most apps, and are recommended. */ accountDetails?: Schema$GoogleFirebaseAppcheckV1PlayIntegrityConfigAccountDetails; /** * Specifies application integrity requirements for Android devices running your app. These settings correspond to requirements on the [**application integrity** field](https://developer.android.com/google/play/integrity/verdicts#application-integrity-field) obtained from the Play Integrity API. See the [default responses table](https://developer.android.com/google/play/integrity/setup#default) for a quick summary. The default values for these settings work for most apps, and are recommended. */ appIntegrity?: Schema$GoogleFirebaseAppcheckV1PlayIntegrityConfigAppIntegrity; /** * Specifies device integrity requirements for Android devices running your app. These settings correspond to requirements on the [**device integrity** field](https://developer.android.com/google/play/integrity/verdicts#device-integrity-field) obtained from the Play Integrity API. See the [default responses table](https://developer.android.com/google/play/integrity/setup#default) for a quick summary. Warning: There are also [conditional](https://developer.android.com/google/play/integrity/setup#conditional) as well as [optional](https://developer.android.com/google/play/integrity/setup#optional_device_information) responses that you can receive, but requires additional explicit opt-in from you. The App Check API is **not** responsible for any such opt-ins. The default values for these settings work for most apps, and are recommended. */ deviceIntegrity?: Schema$GoogleFirebaseAppcheckV1PlayIntegrityConfigDeviceIntegrity; /** * Required. The relative resource name of the Play Integrity configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/playIntegrityConfig ``` */ name?: string | null; /** * Specifies the duration for which App Check tokens exchanged from Play Integrity tokens will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * A settings object specifying account requirements for Android devices running your app. These settings correspond to requirements on the [**account details** field](https://developer.android.com/google/play/integrity/verdicts#account-details-field) obtained from the Play Integrity API. See the [default responses table](https://developer.android.com/google/play/integrity/setup#default) for a quick summary. The default values for these settings work for most apps, and are recommended. */ export interface Schema$GoogleFirebaseAppcheckV1PlayIntegrityConfigAccountDetails { /** * Specifies whether the caller must have received the [`LICENSED` verdict](https://developer.android.com/google/play/integrity/verdicts#account-details-field). For additional details about scenarios where your users will receive this `LICENSED` label, see [the default responses table](https://developer.android.com/google/play/integrity/setup#default). If set to `true`, apps without the `LICENSED` app licensing verdict will be rejected. If set to `false`, any app licensing verdict is allowed. The default value is `false`. */ requireLicensed?: boolean | null; } /** * A settings object specifying application integrity requirements for Android devices running your app. These settings correspond to requirements on the [**application integrity** field](https://developer.android.com/google/play/integrity/verdicts#application-integrity-field) obtained from the Play Integrity API. See the [default responses table](https://developer.android.com/google/play/integrity/setup#default) for a quick summary. The default values for these settings work for most apps, and are recommended. */ export interface Schema$GoogleFirebaseAppcheckV1PlayIntegrityConfigAppIntegrity { /** * Specifies whether your running app is allowed to have the `UNRECOGNIZED_VERSION` [app recognition verdict](https://developer.android.com/google/play/integrity/verdicts#application-integrity-field). Note that the app recognition verdict `PLAY_RECOGNIZED` is a strong, comprehensive integrity signal that takes into account various other signals, including conditional and optional device integrity responses that you have opted into. If your app is published off-Play, this field should be set to `true` to allow instances of your app installed from off-Play sources to function. If set to `false`, only `PLAY_RECOGNIZED` verdicts are allowed, and both `UNRECOGNIZED_VERSION` and `UNEVALUATED` will be rejected. If set to `true`, any app recognition verdict is allowed. The default value is `false`. */ allowUnrecognizedVersion?: boolean | null; } /** * A settings object specifying device integrity requirements for Android devices running your app. These settings correspond to requirements on the [**device integrity** field](https://developer.android.com/google/play/integrity/verdicts#device-integrity-field) obtained from the Play Integrity API. See the [default responses table](https://developer.android.com/google/play/integrity/setup#default) for a quick summary. Warning: There are also [conditional](https://developer.android.com/google/play/integrity/setup#conditional) as well as [optional](https://developer.android.com/google/play/integrity/setup#optional_device_information) responses that you can receive, but requires additional explicit opt-in from you. The App Check API is **not** responsible for any such opt-ins. The default values for these settings work for most apps, and are recommended. */ export interface Schema$GoogleFirebaseAppcheckV1PlayIntegrityConfigDeviceIntegrity { /** * Specifies the minimum device integrity level in order for the device to be considered valid. Any device with a device recognition verdict lower than this level will be rejected. If this is unspecified, the default level is `NO_INTEGRITY`. */ minDeviceRecognitionLevel?: string | null; } /** * A JWK as specified by [section 4 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4) and [section 6.3.1 of RFC 7518](https://tools.ietf.org/html/rfc7518#section-6.3.1). */ export interface Schema$GoogleFirebaseAppcheckV1PublicJwk { /** * See [section 4.4 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4.4). */ alg?: string | null; /** * See [section 6.3.1.2 of RFC 7518](https://tools.ietf.org/html/rfc7518#section-6.3.1.2). */ e?: string | null; /** * See [section 4.5 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4.5). */ kid?: string | null; /** * See [section 4.1 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4.1). */ kty?: string | null; /** * See [section 6.3.1.1 of RFC 7518](https://tools.ietf.org/html/rfc7518#section-6.3.1.1). */ n?: string | null; /** * See [section 4.2 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4.2). */ use?: string | null; } /** * The currently active set of public keys that can be used to verify App Check tokens. This object is a JWK set as specified by [section 5 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-5). For security, the response **must not** be cached for longer than six hours. */ export interface Schema$GoogleFirebaseAppcheckV1PublicJwkSet { /** * The set of public keys. See [section 5.1 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-5). */ keys?: Schema$GoogleFirebaseAppcheckV1PublicJwk[]; } /** * An app's reCAPTCHA Enterprise configuration object. This configuration is used by ExchangeRecaptchaEnterpriseToken to validate reCAPTCHA tokens issued to apps by reCAPTCHA Enterprise. It also controls certain properties of the returned `AppCheckToken`, such as its ttl. */ export interface Schema$GoogleFirebaseAppcheckV1RecaptchaEnterpriseConfig { /** * Required. The relative resource name of the reCAPTCHA Enterprise configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/recaptchaEnterpriseConfig ``` */ name?: string | null; /** * Specifies risk tolerance and requirements for your application. These settings correspond to requirements on the [**`riskAnalysis`**](https://cloud.google.com/recaptcha/docs/interpret-assessment-website#interpret_assessment) tuple in the assessment obtained from reCAPTCHA Enterprise. The default values for these settings work for most apps, and are recommended. */ riskAnalysis?: Schema$GoogleFirebaseAppcheckV1RecaptchaEnterpriseConfigRiskAnalysis; /** * The score-based site key [created in reCAPTCHA Enterprise](https://cloud.google.com/recaptcha-enterprise/docs/create-key#creating_a_site_key) used to [invoke reCAPTCHA and generate the reCAPTCHA tokens](https://cloud.google.com/recaptcha-enterprise/docs/instrument-web-pages) for your application. Important: This is *not* the `site_secret` (as it is in reCAPTCHA v3), but rather your score-based reCAPTCHA Enterprise site key. */ siteKey?: string | null; /** * Specifies the duration for which App Check tokens exchanged from reCAPTCHA Enterprise tokens will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * A settings object specifying risk tolerance and requirements for your application. These settings correspond to requirements on the [**`riskAnalysis`**](https://cloud.google.com/recaptcha/docs/interpret-assessment-website#interpret_assessment) tuple in the assessment obtained from reCAPTCHA Enterprise. The default values for these settings work for most apps, and are recommended. */ export interface Schema$GoogleFirebaseAppcheckV1RecaptchaEnterpriseConfigRiskAnalysis { /** * Specifies a minimum score required for a reCAPTCHA token to be considered valid. If its score is greater than or equal to this value, it will be accepted; otherwise, it will be rejected. The value must be between 0.0 and 1.0. The default value is 0.5. */ minValidScore?: number | null; } /** * An app's reCAPTCHA v3 configuration object. This configuration is used by ExchangeRecaptchaV3Token to validate reCAPTCHA tokens issued to apps by reCAPTCHA v3. It also controls certain properties of the returned `AppCheckToken`, such as its ttl. */ export interface Schema$GoogleFirebaseAppcheckV1RecaptchaV3Config { /** * Specifies a minimum score required for a reCAPTCHA token to be considered valid. If its score is greater than or equal to this value, it will be accepted; otherwise, it will be rejected. The value must be between 0.0 and 1.0. The default value is 0.5. */ minValidScore?: number | null; /** * Required. The relative resource name of the reCAPTCHA v3 configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/recaptchaV3Config ``` */ name?: string | null; /** * Required. Input only. The site secret used to identify your service for reCAPTCHA v3 verification. For security reasons, this field will never be populated in any response. */ siteSecret?: string | null; /** * Output only. Whether the `site_secret` field was previously set. Since we will never return the `site_secret` field, this field is the only way to find out whether it was previously set. */ siteSecretSet?: boolean | null; /** * Specifies the duration for which App Check tokens exchanged from reCAPTCHA tokens will be valid. If unset, a default value of 1 day is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * App Check enforcement policy for a specific resource of a Google service supported by App Check. Note that this policy will override the service-level configuration. */ export interface Schema$GoogleFirebaseAppcheckV1ResourcePolicy { /** * Required. The App Check enforcement mode for this resource. This will override the EnforcementMode setting on the service. */ enforcementMode?: string | null; /** * This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. This etag is strongly validated as defined by RFC 7232. */ etag?: string | null; /** * Required. Identifier. The relative name of the resource policy object, in the format: ``` projects/{project_number\}/services/{service_id\}/resourcePolicies/{resource_policy_id\} ``` Note that the `service_id` element must be a supported service ID. Currently, the following service IDs are supported: * `oauth2.googleapis.com` (Google Identity for iOS) `resource_policy_id` is a system-generated UID. */ name?: string | null; /** * Required. Service specific name of the resource object to which this policy applies, in the format: * **iOS OAuth clients** (Google Identity for iOS): `//oauth2.googleapis.com/projects/{project_number\}/oauthClients/{oauth_client_id\}` Note that the resource must belong to the service specified in the `name` and be from the same project as this policy, but the resource is allowed to be missing at the time of creation of this policy; in that case, we make a best-effort attempt at respecting this policy, but it may not have any effect until the resource is fully created. */ targetResource?: string | null; /** * Output only. Timestamp when this resource policy configuration object was most recently updated. */ updateTime?: string | null; } /** * An app's SafetyNet configuration object. This configuration controls certain properties of the `AppCheckToken` returned by ExchangeSafetyNetToken, such as its ttl. Note that your registered SHA-256 certificate fingerprints are used to validate tokens issued by SafetyNet; please register them via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v11/projects.androidApps.sha/create). */ export interface Schema$GoogleFirebaseAppcheckV1SafetyNetConfig { /** * Required. The relative resource name of the SafetyNet configuration object, in the format: ``` projects/{project_number\}/apps/{app_id\}/safetyNetConfig ``` */ name?: string | null; /** * Specifies the duration for which App Check tokens exchanged from SafetyNet tokens will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. */ tokenTtl?: string | null; } /** * The enforcement configuration for a Firebase service supported by App Check. */ export interface Schema$GoogleFirebaseAppcheckV1Service { /** * Required. The App Check enforcement mode for this service. */ enforcementMode?: string | null; /** * Required. The relative resource name of the service configuration object, in the format: ``` projects/{project_number\}/services/{service_id\} ``` Note that the `service_id` element must be a supported service ID. Currently, the following service IDs are supported: * `firebasestorage.googleapis.com` (Cloud Storage for Firebase) * `firebasedatabase.googleapis.com` (Firebase Realtime Database) * `firestore.googleapis.com` (Cloud Firestore) * `oauth2.googleapis.com` (Google Identity for iOS) */ name?: string | null; } /** * Request message for the UpdateResourcePolicy method as well as an individual update message for the BatchUpdateResourcePolicies method. */ export interface Schema$GoogleFirebaseAppcheckV1UpdateResourcePolicyRequest { /** * Required. The ResourcePolicy to update. The ResourcePolicy's `name` field is used to identify the ResourcePolicy to be updated, in the format: ``` projects/{project_number\}/services/{service_id\}/resourcePolicies/{resource_policy_id\} ``` Note that the `service_id` element must be a supported service ID. Currently, the following service IDs are supported: * `oauth2.googleapis.com` (Google Identity for iOS) */ resourcePolicy?: Schema$GoogleFirebaseAppcheckV1ResourcePolicy; /** * Required. A comma-separated list of names of fields in the ResourcePolicy to update. Example: `enforcement_mode`. */ updateMask?: string | null; } /** * Request message for the UpdateService method as well as an individual update message for the BatchUpdateServices method. */ export interface Schema$GoogleFirebaseAppcheckV1UpdateServiceRequest { /** * Required. The Service to update. The Service's `name` field is used to identify the Service to be updated, in the format: ``` projects/{project_number\}/services/{service_id\} ``` Note that the `service_id` element must be a supported service ID. Currently, the following service IDs are supported: * `firebasestorage.googleapis.com` (Cloud Storage for Firebase) * `firebasedatabase.googleapis.com` (Firebase Realtime Database) * `firestore.googleapis.com` (Cloud Firestore) * `oauth2.googleapis.com` (Google Identity for iOS) */ service?: Schema$GoogleFirebaseAppcheckV1Service; /** * Required. A comma-separated list of names of fields in the Service to update. Example: `enforcement_mode`. */ updateMask?: string | null; } /** * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); \} */ export interface Schema$GoogleProtobufEmpty { } export class Resource$Jwks { context: APIRequestContext; constructor(context: APIRequestContext); /** * Returns a public JWK set as specified by [RFC 7517](https://tools.ietf.org/html/rfc7517) that can be used to verify App Check tokens. Exactly one of the public keys in the returned set will successfully validate any App Check token that is currently valid. * @example * ```js * // Before running the sample: * // - Enable the API at: * // https://console.developers.google.com/apis/api/firebaseappcheck.googleapis.com * // - Login into gcloud by running: * // ```sh * // $ gcloud auth application-default login * // ``` * // - Install the npm module by running: * // ```sh * // $ npm install googleapis * // ``` * * const {google} = require('googleapis'); * const firebaseappcheck = google.firebaseappcheck('v1'); * * async function main() { * const auth = new google.auth.GoogleAuth({ * // Scopes can be specified either as an array or as a single, space-delimited string. * scopes: [ * 'https://www.googleapis.com/auth/cloud-platform', * 'https://www.googleapis.com/auth/firebase', * ], * }); * * // Acquire an auth client, and bind it to all future calls * const authClient = await auth.getClient(); * google.options({auth: authClient}); * * // Do the magic * const res = await firebaseappcheck.jwks.get({ * // Required. The relative resource name to the public JWK set. Must always be exactly the string `jwks`. * name: 'jwks', * }); * console.log(res.data); * * // Example response * // { * // "keys": [] * // } * } * * main().catch(e => { * console.error(e); * throw e; * }); * * ``` * * @param params - Parameters for request * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. * @param callback - Optional callback that handles the response. * @returns A promise if used with async/await, or void if used with a callback. */ get(params: Params$Resource$Jwks$Get, options: StreamMethodOptions): Promise<GaxiosResponseWithHTTP2<Readable>>; get(params?: Params$Resource$Jwks$Get, options?: MethodOptions): Promise<GaxiosResponseWithHTTP2<Schema$GoogleFirebaseAppcheckV1PublicJwkSet>>; get(params: Params$Resource$Jwks$Get, options: StreamMethodOptions | BodyResponseCallback<Readable>, callback: BodyResponseCallback<Readable>): void; get(params: Params$Resource$Jwks$Get, options: MethodOptions | BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1PublicJwkSet>, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1PublicJwkSet>): void; get(params: Params$Resource$Jwks$Get, callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1PublicJwkSet>): void; get(callback: BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1PublicJwkSet>): void; } export interface Params$Resource$Jwks$Get extends StandardParameters { /** * Required. The relative resource name to the public JWK set. Must always be exactly the string `jwks`. */ name?: string; } export class Resource$Oauthclients { context: APIRequestContext; constructor(context: APIRequestContext); /** * Accepts an App Attest assertion and an artifact previously obtained from ExchangeAppAttestAttestation and verifies those with Apple. If valid, returns an AppCheckToken. * @example * ```js * // Before running the sample: * // - Enable the API at: * // https://console.developers.google.com/apis/api/firebaseappcheck.googleapis.com * // - Login into gcloud by running: * // ```sh * // $ gcloud auth application-default login * // ``` * // - Install the npm module by running: * // ```sh * // $ npm install googleapis * // ``` * * const {google} = require('googleapis'); * const firebaseappcheck = google.firebaseappcheck('v1'); * * async function main() { * const auth = new google.auth.GoogleAuth({ * // Scopes can be specified either as an array or as a single, space-delimited string. * scopes: [ * 'https://www.googleapis.com/auth/cloud-platform', * 'https://www.googleapis.com/auth/firebase', * ], * }); * * // Acquire an auth client, and bind it to all future calls * const authClient = await auth.getClient(); * google.options({auth: authClient}); * * // Do the magic * const res = await firebaseappcheck.oauthClients.exchangeAppAttestAssertion({ * // Required. The relative resource name of the iOS app, in the format: ``` projects/{project_number\}/apps/{app_id\} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's [AIP 2510](https://google.aip.dev/cloud/2510) standard. * app: 'oauthClients/my-oauthClient', * * // Request body metadata * requestBody: { * // request body parameters * // { * // "artifact": "my_artifact", * // "assertion": "my_assertion", * // "challenge": "my_challenge", * // "limitedUse": false * // } * }, * }); * console.log(res.data); * * // Example response * // { * // "token": "my_token", * // "ttl": "my_ttl" * // } * } * * main().catch(e => { * console.error(e); * throw e; * }); * * ``` * * @param params - Parameters for request * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. * @param callback - Optional callback that handles the response. * @returns A promise if used with async/await, or void if used with a callback. */ exchangeAppAttestAssertion(params: Params$Resource$Oauthclients$Exchangeappattestassertion, options: StreamMethodOptions): Promise<GaxiosResponseWithHTTP2<Readable>>; exchangeAppAttestAssertion(params?: Params$Resource$Oauthclients$Exchangeappattestassertion, options?: MethodOptions): Promise<GaxiosResponseWithHTTP2<Schema$GoogleFirebaseAppcheckV1AppCheckToken>>; exchangeAppAttestAssertion(params: Params$Resource$Oauthclients$Exchangeappattestassertion, options: StreamMethodOptions | BodyResponseCallback<Readable>, callback: BodyResponseCallback<Readable>): void; exchangeAppAttestAssertion(params: Params$Resource$Oauthclients$Exchangeappattestassertion, options: MethodOptions | BodyResponseCallback<Schema$GoogleFirebaseAppcheckV1AppCheckToken>, callback: BodyResponseCallback<