UNPKG

125 kBTypeScriptView Raw
1/**
2 * Firebase Authentication
3 *
4 * @packageDocumentation
5 */
6
7import { CompleteFn } from '@firebase/util';
8import { ErrorFactory } from '@firebase/util';
9import { ErrorFn } from '@firebase/util';
10import { FirebaseApp } from '@firebase/app';
11import { FirebaseError } from '@firebase/util';
12import { NextFn } from '@firebase/util';
13import { Observer } from '@firebase/util';
14import { Unsubscribe } from '@firebase/util';
15
16/**
17 * A response from {@link checkActionCode}.
18 *
19 * @public
20 */
21export declare interface ActionCodeInfo {
22 /**
23 * The data associated with the action code.
24 *
25 * @remarks
26 * For the {@link ActionCodeOperation}.PASSWORD_RESET, {@link ActionCodeOperation}.VERIFY_EMAIL, and
27 * {@link ActionCodeOperation}.RECOVER_EMAIL actions, this object contains an email field with the address
28 * the email was sent to.
29 *
30 * For the {@link ActionCodeOperation}.RECOVER_EMAIL action, which allows a user to undo an email address
31 * change, this object also contains a `previousEmail` field with the user account's current
32 * email address. After the action completes, the user's email address will revert to the value
33 * in the `email` field from the value in `previousEmail` field.
34 *
35 * For the {@link ActionCodeOperation}.VERIFY_AND_CHANGE_EMAIL action, which allows a user to verify the
36 * email before updating it, this object contains a `previousEmail` field with the user account's
37 * email address before updating. After the action completes, the user's email address will be
38 * updated to the value in the `email` field from the value in `previousEmail` field.
39 *
40 * For the {@link ActionCodeOperation}.REVERT_SECOND_FACTOR_ADDITION action, which allows a user to
41 * unenroll a newly added second factor, this object contains a `multiFactorInfo` field with
42 * the information about the second factor. For phone second factor, the `multiFactorInfo`
43 * is a {@link MultiFactorInfo} object, which contains the phone number.
44 */
45 data: {
46 email?: string | null;
47 multiFactorInfo?: MultiFactorInfo | null;
48 previousEmail?: string | null;
49 };
50 /**
51 * The type of operation that generated the action code.
52 */
53 operation: typeof ActionCodeOperation[keyof typeof ActionCodeOperation];
54}
55
56/**
57 * An enumeration of the possible email action types.
58 *
59 * @public
60 */
61export declare const ActionCodeOperation: {
62 /** The email link sign-in action. */
63 readonly EMAIL_SIGNIN: "EMAIL_SIGNIN";
64 /** The password reset action. */
65 readonly PASSWORD_RESET: "PASSWORD_RESET";
66 /** The email revocation action. */
67 readonly RECOVER_EMAIL: "RECOVER_EMAIL";
68 /** The revert second factor addition email action. */
69 readonly REVERT_SECOND_FACTOR_ADDITION: "REVERT_SECOND_FACTOR_ADDITION";
70 /** The revert second factor addition email action. */
71 readonly VERIFY_AND_CHANGE_EMAIL: "VERIFY_AND_CHANGE_EMAIL";
72 /** The email verification action. */
73 readonly VERIFY_EMAIL: "VERIFY_EMAIL";
74};
75
76/**
77 * An interface that defines the required continue/state URL with optional Android and iOS
78 * bundle identifiers.
79 *
80 * @public
81 */
82export declare interface ActionCodeSettings {
83 /**
84 * Sets the Android package name.
85 *
86 * @remarks
87 * This will try to open the link in an android app if it is
88 * installed. If `installApp` is passed, it specifies whether to install the Android app if the
89 * device supports it and the app is not already installed. If this field is provided without
90 * a `packageName`, an error is thrown explaining that the `packageName` must be provided in
91 * conjunction with this field. If `minimumVersion` is specified, and an older version of the
92 * app is installed, the user is taken to the Play Store to upgrade the app.
93 */
94 android?: {
95 installApp?: boolean;
96 minimumVersion?: string;
97 packageName: string;
98 };
99 /**
100 * When set to true, the action code link will be be sent as a Universal Link or Android App
101 * Link and will be opened by the app if installed.
102 *
103 * @remarks
104 * In the false case, the code will be sent to the web widget first and then on continue will
105 * redirect to the app if installed.
106 *
107 * @defaultValue false
108 */
109 handleCodeInApp?: boolean;
110 /**
111 * Sets the iOS bundle ID.
112 *
113 * @remarks
114 * This will try to open the link in an iOS app if it is installed.
115 *
116 * App installation is not supported for iOS.
117 */
118 iOS?: {
119 bundleId: string;
120 };
121 /**
122 * Sets the link continue/state URL.
123 *
124 * @remarks
125 * This has different meanings in different contexts:
126 * - When the link is handled in the web action widgets, this is the deep link in the
127 * `continueUrl` query parameter.
128 * - When the link is handled in the app directly, this is the `continueUrl` query parameter in
129 * the deep link of the Dynamic Link.
130 */
131 url: string;
132 /**
133 * When multiple custom dynamic link domains are defined for a project, specify which one to use
134 * when the link is to be opened via a specified mobile app (for example, `example.page.link`).
135 *
136 *
137 * @defaultValue The first domain is automatically selected.
138 */
139 dynamicLinkDomain?: string;
140}
141
142/**
143 * @license
144 * Copyright 2020 Google LLC
145 *
146 * Licensed under the Apache License, Version 2.0 (the "License");
147 * you may not use this file except in compliance with the License.
148 * You may obtain a copy of the License at
149 *
150 * http://www.apache.org/licenses/LICENSE-2.0
151 *
152 * Unless required by applicable law or agreed to in writing, software
153 * distributed under the License is distributed on an "AS IS" BASIS,
154 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
155 * See the License for the specific language governing permissions and
156 * limitations under the License.
157 */
158/**
159 * A utility class to parse email action URLs such as password reset, email verification,
160 * email link sign in, etc.
161 *
162 * @public
163 */
164export declare class ActionCodeURL {
165 /**
166 * The API key of the email action link.
167 */
168 readonly apiKey: string;
169 /**
170 * The action code of the email action link.
171 */
172 readonly code: string;
173 /**
174 * The continue URL of the email action link. Null if not provided.
175 */
176 readonly continueUrl: string | null;
177 /**
178 * The language code of the email action link. Null if not provided.
179 */
180 readonly languageCode: string | null;
181 /**
182 * The action performed by the email action link. It returns from one of the types from
183 * {@link ActionCodeInfo}
184 */
185 readonly operation: string;
186 /**
187 * The tenant ID of the email action link. Null if the email action is from the parent project.
188 */
189 readonly tenantId: string | null;
190 /* Excluded from this release type: __constructor */
191 /**
192 * Parses the email action link string and returns an {@link ActionCodeURL} if the link is valid,
193 * otherwise returns null.
194 *
195 * @param link - The email action link string.
196 * @returns The {@link ActionCodeURL} object, or null if the link is invalid.
197 *
198 * @public
199 */
200 static parseLink(link: string): ActionCodeURL | null;
201}
202
203/**
204 * A structure containing additional user information from a federated identity provider.
205 *
206 * @public
207 */
208export declare interface AdditionalUserInfo {
209 /**
210 * Whether the user is new (created via sign-up) or existing (authenticated using sign-in).
211 */
212 readonly isNewUser: boolean;
213 /**
214 * Map containing IDP-specific user data.
215 */
216 readonly profile: Record<string, unknown> | null;
217 /**
218 * Identifier for the provider used to authenticate this user.
219 */
220 readonly providerId: string | null;
221 /**
222 * The username if the provider is GitHub or Twitter.
223 */
224 readonly username?: string | null;
225}
226
227declare interface APIUserInfo {
228 localId?: string;
229 displayName?: string;
230 photoUrl?: string;
231 email?: string;
232 emailVerified?: boolean;
233 phoneNumber?: string;
234 lastLoginAt?: number;
235 createdAt?: number;
236 tenantId?: string;
237 passwordHash?: string;
238 providerUserInfo?: ProviderUserInfo[];
239 mfaInfo?: MfaEnrollment[];
240}
241
242/**
243 * A verifier for domain verification and abuse prevention.
244 *
245 * @remarks
246 * Currently, the only implementation is {@link RecaptchaVerifier}.
247 *
248 * @public
249 */
250export declare interface ApplicationVerifier {
251 /**
252 * Identifies the type of application verifier (e.g. "recaptcha").
253 */
254 readonly type: string;
255 /**
256 * Executes the verification process.
257 *
258 * @returns A Promise for a token that can be used to assert the validity of a request.
259 */
260 verify(): Promise<string>;
261}
262
263declare interface ApplicationVerifierInternal extends ApplicationVerifier {
264 /* Excluded from this release type: _reset */
265}
266
267/**
268 * Applies a verification code sent to the user by email or other out-of-band mechanism.
269 *
270 * @param auth - The {@link Auth} instance.
271 * @param oobCode - A verification code sent to the user.
272 *
273 * @public
274 */
275export declare function applyActionCode(auth: Auth, oobCode: string): Promise<void>;
276
277declare type AppName = string;
278
279/**
280 * Interface representing Firebase Auth service.
281 *
282 * @remarks
283 * See {@link https://firebase.google.com/docs/auth/ | Firebase Authentication} for a full guide
284 * on how to use the Firebase Auth service.
285 *
286 * @public
287 */
288export declare interface Auth {
289 /** The {@link @firebase/app#FirebaseApp} associated with the `Auth` service instance. */
290 readonly app: FirebaseApp;
291 /** The name of the app associated with the `Auth` service instance. */
292 readonly name: string;
293 /** The {@link Config} used to initialize this instance. */
294 readonly config: Config;
295 /**
296 * Changes the type of persistence on the `Auth` instance.
297 *
298 * @remarks
299 * This will affect the currently saved Auth session and applies this type of persistence for
300 * future sign-in requests, including sign-in with redirect requests.
301 *
302 * This makes it easy for a user signing in to specify whether their session should be
303 * remembered or not. It also makes it easier to never persist the Auth state for applications
304 * that are shared by other users or have sensitive data.
305 *
306 * @example
307 * ```javascript
308 * auth.setPersistence(browserSessionPersistence);
309 * ```
310 *
311 * @param persistence - The {@link Persistence} to use.
312 */
313 setPersistence(persistence: Persistence): Promise<void>;
314 /**
315 * The {@link Auth} instance's language code.
316 *
317 * @remarks
318 * This is a readable/writable property. When set to null, the default Firebase Console language
319 * setting is applied. The language code will propagate to email action templates (password
320 * reset, email verification and email change revocation), SMS templates for phone authentication,
321 * reCAPTCHA verifier and OAuth popup/redirect operations provided the specified providers support
322 * localization with the language code specified.
323 */
324 languageCode: string | null;
325 /**
326 * The {@link Auth} instance's tenant ID.
327 *
328 * @remarks
329 * This is a readable/writable property. When you set the tenant ID of an {@link Auth} instance, all
330 * future sign-in/sign-up operations will pass this tenant ID and sign in or sign up users to
331 * the specified tenant project. When set to null, users are signed in to the parent project.
332 *
333 * @example
334 * ```javascript
335 * // Set the tenant ID on Auth instance.
336 * auth.tenantId = 'TENANT_PROJECT_ID';
337 *
338 * // All future sign-in request now include tenant ID.
339 * const result = await signInWithEmailAndPassword(auth, email, password);
340 * // result.user.tenantId should be 'TENANT_PROJECT_ID'.
341 * ```
342 *
343 * @defaultValue null
344 */
345 tenantId: string | null;
346 /**
347 * The {@link Auth} instance's settings.
348 *
349 * @remarks
350 * This is used to edit/read configuration related options such as app verification mode for
351 * phone authentication.
352 */
353 readonly settings: AuthSettings;
354 /**
355 * Adds an observer for changes to the user's sign-in state.
356 *
357 * @remarks
358 * To keep the old behavior, see {@link Auth.onIdTokenChanged}.
359 *
360 * @param nextOrObserver - callback triggered on change.
361 * @param error - callback triggered on error.
362 * @param completed - callback triggered when observer is removed.
363 */
364 onAuthStateChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
365 /**
366 * Adds an observer for changes to the signed-in user's ID token.
367 *
368 * @remarks
369 * This includes sign-in, sign-out, and token refresh events.
370 *
371 * @param nextOrObserver - callback triggered on change.
372 * @param error - callback triggered on error.
373 * @param completed - callback triggered when observer is removed.
374 */
375 onIdTokenChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
376 /** The currently signed-in user (or null). */
377 readonly currentUser: User | null;
378 /** The current emulator configuration (or null). */
379 readonly emulatorConfig: EmulatorConfig | null;
380 /**
381 * Asynchronously sets the provided user as {@link Auth.currentUser} on the {@link Auth} instance.
382 *
383 * @remarks
384 * A new instance copy of the user provided will be made and set as currentUser.
385 *
386 * This will trigger {@link Auth.onAuthStateChanged} and {@link Auth.onIdTokenChanged} listeners
387 * like other sign in methods.
388 *
389 * The operation fails with an error if the user to be updated belongs to a different Firebase
390 * project.
391 *
392 * @param user - The new {@link User}.
393 */
394 updateCurrentUser(user: User | null): Promise<void>;
395 /**
396 * Sets the current language to the default device/browser preference.
397 */
398 useDeviceLanguage(): void;
399 /**
400 * Signs out the current user.
401 */
402 signOut(): Promise<void>;
403}
404
405/**
406 * Interface that represents the credentials returned by an {@link AuthProvider}.
407 *
408 * @remarks
409 * Implementations specify the details about each auth provider's credential requirements.
410 *
411 * @public
412 */
413export declare class AuthCredential {
414 /**
415 * The authentication provider ID for the credential.
416 *
417 * @remarks
418 * For example, 'facebook.com', or 'google.com'.
419 */
420 readonly providerId: string;
421 /**
422 * The authentication sign in method for the credential.
423 *
424 * @remarks
425 * For example, {@link SignInMethod}.EMAIL_PASSWORD, or
426 * {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method
427 * identifier as returned in {@link fetchSignInMethodsForEmail}.
428 */
429 readonly signInMethod: string;
430 /* Excluded from this release type: __constructor */
431 /**
432 * Returns a JSON-serializable representation of this object.
433 *
434 * @returns a JSON-serializable representation of this object.
435 */
436 toJSON(): object;
437 /* Excluded from this release type: _getIdTokenResponse */
438 /* Excluded from this release type: _linkToIdToken */
439 /* Excluded from this release type: _getReauthenticationResolver */
440}
441
442/**
443 * Interface for an `Auth` error.
444 *
445 * @public
446 */
447export declare interface AuthError extends FirebaseError {
448 /** The name of the Firebase App which triggered this error. */
449 readonly appName: string;
450 /** The email of the user's account, used for sign-in/linking. */
451 readonly email?: string;
452 /** The phone number of the user's account, used for sign-in/linking. */
453 readonly phoneNumber?: string;
454 /**
455 * The tenant ID being used for sign-in/linking.
456 *
457 * @remarks
458 * If you use {@link signInWithRedirect} to sign in,
459 * you have to set the tenant ID on {@link Auth} instance again as the tenant ID is not persisted
460 * after redirection.
461 */
462 readonly tenantid?: string;
463}
464
465/* Excluded from this release type: AuthErrorCode */
466
467/**
468 * A map of potential `Auth` error codes, for easier comparison with errors
469 * thrown by the SDK.
470 *
471 * @remarks
472 * Note that you can't tree-shake individual keys
473 * in the map, so by using the map you might substantially increase your
474 * bundle size.
475 *
476 * @public
477 */
478export declare const AuthErrorCodes: {
479 readonly ADMIN_ONLY_OPERATION: "auth/admin-restricted-operation";
480 readonly ARGUMENT_ERROR: "auth/argument-error";
481 readonly APP_NOT_AUTHORIZED: "auth/app-not-authorized";
482 readonly APP_NOT_INSTALLED: "auth/app-not-installed";
483 readonly CAPTCHA_CHECK_FAILED: "auth/captcha-check-failed";
484 readonly CODE_EXPIRED: "auth/code-expired";
485 readonly CORDOVA_NOT_READY: "auth/cordova-not-ready";
486 readonly CORS_UNSUPPORTED: "auth/cors-unsupported";
487 readonly CREDENTIAL_ALREADY_IN_USE: "auth/credential-already-in-use";
488 readonly CREDENTIAL_MISMATCH: "auth/custom-token-mismatch";
489 readonly CREDENTIAL_TOO_OLD_LOGIN_AGAIN: "auth/requires-recent-login";
490 readonly DEPENDENT_SDK_INIT_BEFORE_AUTH: "auth/dependent-sdk-initialized-before-auth";
491 readonly DYNAMIC_LINK_NOT_ACTIVATED: "auth/dynamic-link-not-activated";
492 readonly EMAIL_CHANGE_NEEDS_VERIFICATION: "auth/email-change-needs-verification";
493 readonly EMAIL_EXISTS: "auth/email-already-in-use";
494 readonly EMULATOR_CONFIG_FAILED: "auth/emulator-config-failed";
495 readonly EXPIRED_OOB_CODE: "auth/expired-action-code";
496 readonly EXPIRED_POPUP_REQUEST: "auth/cancelled-popup-request";
497 readonly INTERNAL_ERROR: "auth/internal-error";
498 readonly INVALID_API_KEY: "auth/invalid-api-key";
499 readonly INVALID_APP_CREDENTIAL: "auth/invalid-app-credential";
500 readonly INVALID_APP_ID: "auth/invalid-app-id";
501 readonly INVALID_AUTH: "auth/invalid-user-token";
502 readonly INVALID_AUTH_EVENT: "auth/invalid-auth-event";
503 readonly INVALID_CERT_HASH: "auth/invalid-cert-hash";
504 readonly INVALID_CODE: "auth/invalid-verification-code";
505 readonly INVALID_CONTINUE_URI: "auth/invalid-continue-uri";
506 readonly INVALID_CORDOVA_CONFIGURATION: "auth/invalid-cordova-configuration";
507 readonly INVALID_CUSTOM_TOKEN: "auth/invalid-custom-token";
508 readonly INVALID_DYNAMIC_LINK_DOMAIN: "auth/invalid-dynamic-link-domain";
509 readonly INVALID_EMAIL: "auth/invalid-email";
510 readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
511 readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
512 readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
513 readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
514 readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
515 readonly INVALID_OAUTH_PROVIDER: "auth/invalid-oauth-provider";
516 readonly INVALID_OOB_CODE: "auth/invalid-action-code";
517 readonly INVALID_ORIGIN: "auth/unauthorized-domain";
518 readonly INVALID_PASSWORD: "auth/wrong-password";
519 readonly INVALID_PERSISTENCE: "auth/invalid-persistence-type";
520 readonly INVALID_PHONE_NUMBER: "auth/invalid-phone-number";
521 readonly INVALID_PROVIDER_ID: "auth/invalid-provider-id";
522 readonly INVALID_RECIPIENT_EMAIL: "auth/invalid-recipient-email";
523 readonly INVALID_SENDER: "auth/invalid-sender";
524 readonly INVALID_SESSION_INFO: "auth/invalid-verification-id";
525 readonly INVALID_TENANT_ID: "auth/invalid-tenant-id";
526 readonly MFA_INFO_NOT_FOUND: "auth/multi-factor-info-not-found";
527 readonly MFA_REQUIRED: "auth/multi-factor-auth-required";
528 readonly MISSING_ANDROID_PACKAGE_NAME: "auth/missing-android-pkg-name";
529 readonly MISSING_APP_CREDENTIAL: "auth/missing-app-credential";
530 readonly MISSING_AUTH_DOMAIN: "auth/auth-domain-config-required";
531 readonly MISSING_CODE: "auth/missing-verification-code";
532 readonly MISSING_CONTINUE_URI: "auth/missing-continue-uri";
533 readonly MISSING_IFRAME_START: "auth/missing-iframe-start";
534 readonly MISSING_IOS_BUNDLE_ID: "auth/missing-ios-bundle-id";
535 readonly MISSING_OR_INVALID_NONCE: "auth/missing-or-invalid-nonce";
536 readonly MISSING_MFA_INFO: "auth/missing-multi-factor-info";
537 readonly MISSING_MFA_SESSION: "auth/missing-multi-factor-session";
538 readonly MISSING_PHONE_NUMBER: "auth/missing-phone-number";
539 readonly MISSING_SESSION_INFO: "auth/missing-verification-id";
540 readonly MODULE_DESTROYED: "auth/app-deleted";
541 readonly NEED_CONFIRMATION: "auth/account-exists-with-different-credential";
542 readonly NETWORK_REQUEST_FAILED: "auth/network-request-failed";
543 readonly NULL_USER: "auth/null-user";
544 readonly NO_AUTH_EVENT: "auth/no-auth-event";
545 readonly NO_SUCH_PROVIDER: "auth/no-such-provider";
546 readonly OPERATION_NOT_ALLOWED: "auth/operation-not-allowed";
547 readonly OPERATION_NOT_SUPPORTED: "auth/operation-not-supported-in-this-environment";
548 readonly POPUP_BLOCKED: "auth/popup-blocked";
549 readonly POPUP_CLOSED_BY_USER: "auth/popup-closed-by-user";
550 readonly PROVIDER_ALREADY_LINKED: "auth/provider-already-linked";
551 readonly QUOTA_EXCEEDED: "auth/quota-exceeded";
552 readonly REDIRECT_CANCELLED_BY_USER: "auth/redirect-cancelled-by-user";
553 readonly REDIRECT_OPERATION_PENDING: "auth/redirect-operation-pending";
554 readonly REJECTED_CREDENTIAL: "auth/rejected-credential";
555 readonly SECOND_FACTOR_ALREADY_ENROLLED: "auth/second-factor-already-in-use";
556 readonly SECOND_FACTOR_LIMIT_EXCEEDED: "auth/maximum-second-factor-count-exceeded";
557 readonly TENANT_ID_MISMATCH: "auth/tenant-id-mismatch";
558 readonly TIMEOUT: "auth/timeout";
559 readonly TOKEN_EXPIRED: "auth/user-token-expired";
560 readonly TOO_MANY_ATTEMPTS_TRY_LATER: "auth/too-many-requests";
561 readonly UNAUTHORIZED_DOMAIN: "auth/unauthorized-continue-uri";
562 readonly UNSUPPORTED_FIRST_FACTOR: "auth/unsupported-first-factor";
563 readonly UNSUPPORTED_PERSISTENCE: "auth/unsupported-persistence-type";
564 readonly UNSUPPORTED_TENANT_OPERATION: "auth/unsupported-tenant-operation";
565 readonly UNVERIFIED_EMAIL: "auth/unverified-email";
566 readonly USER_CANCELLED: "auth/user-cancelled";
567 readonly USER_DELETED: "auth/user-not-found";
568 readonly USER_DISABLED: "auth/user-disabled";
569 readonly USER_MISMATCH: "auth/user-mismatch";
570 readonly USER_SIGNED_OUT: "auth/user-signed-out";
571 readonly WEAK_PASSWORD: "auth/weak-password";
572 readonly WEB_STORAGE_UNSUPPORTED: "auth/web-storage-unsupported";
573 readonly ALREADY_INITIALIZED: "auth/already-initialized";
574};
575
576/**
577 * A mapping of error codes to error messages.
578 *
579 * @remarks
580 *
581 * While error messages are useful for debugging (providing verbose textual
582 * context around what went wrong), these strings take up a lot of space in the
583 * compiled code. When deploying code in production, using {@link prodErrorMap}
584 * will save you roughly 10k compressed/gzipped over {@link debugErrorMap}. You
585 * can select the error map during initialization:
586 *
587 * ```javascript
588 * initializeAuth(app, {errorMap: debugErrorMap})
589 * ```
590 *
591 * When initializing Auth, {@link prodErrorMap} is default.
592 *
593 * @public
594 */
595export declare interface AuthErrorMap {
596}
597
598/* Excluded from this release type: AuthErrorParams */
599
600/* Excluded from this release type: AuthEvent */
601
602/* Excluded from this release type: AuthEventConsumer */
603
604declare interface AuthEventError extends Error {
605 code: string;
606 message: string;
607}
608
609/* Excluded from this release type: AuthEventType */
610
611/* Excluded from this release type: AuthInternal */
612
613declare class AuthPopup {
614 readonly window: Window | null;
615 associatedEvent: string | null;
616 constructor(window: Window | null);
617 close(): void;
618}
619
620/**
621 * Interface that represents an auth provider, used to facilitate creating {@link AuthCredential}.
622 *
623 * @public
624 */
625export declare interface AuthProvider {
626 /**
627 * Provider for which credentials can be constructed.
628 */
629 readonly providerId: string;
630}
631
632/**
633 * Interface representing an {@link Auth} instance's settings.
634 *
635 * @remarks Currently used for enabling/disabling app verification for phone Auth testing.
636 *
637 * @public
638 */
639export declare interface AuthSettings {
640 /**
641 * When set, this property disables app verification for the purpose of testing phone
642 * authentication. For this property to take effect, it needs to be set before rendering a
643 * reCAPTCHA app verifier. When this is disabled, a mock reCAPTCHA is rendered instead. This is
644 * useful for manual testing during development or for automated integration tests.
645 *
646 * In order to use this feature, you will need to
647 * {@link https://firebase.google.com/docs/auth/web/phone-auth#test-with-whitelisted-phone-numbers | whitelist your phone number}
648 * via the Firebase Console.
649 *
650 * The default value is false (app verification is enabled).
651 */
652 appVerificationDisabledForTesting: boolean;
653}
654
655/**
656 * MFA Info as returned by the API
657 */
658declare interface BaseMfaEnrollment {
659 mfaEnrollmentId: string;
660 enrolledAt: number;
661 displayName?: string;
662}
663
664/**
665 * Common code to all OAuth providers. This is separate from the
666 * {@link OAuthProvider} so that child providers (like
667 * {@link GoogleAuthProvider}) don't inherit the `credential` instance method.
668 * Instead, they rely on a static `credential` method.
669 */
670declare abstract class BaseOAuthProvider extends FederatedAuthProvider implements AuthProvider {
671 /* Excluded from this release type: scopes */
672 /**
673 * Add an OAuth scope to the credential.
674 *
675 * @param scope - Provider OAuth scope to add.
676 */
677 addScope(scope: string): AuthProvider;
678 /**
679 * Retrieve the current list of OAuth scopes.
680 */
681 getScopes(): string[];
682}
683
684/**
685 * An implementation of {@link Persistence} of type `LOCAL` using `localStorage`
686 * for the underlying storage.
687 *
688 * @public
689 */
690export declare const browserLocalPersistence: Persistence;
691
692/**
693 * An implementation of {@link PopupRedirectResolver} suitable for browser
694 * based applications.
695 *
696 * @public
697 */
698export declare const browserPopupRedirectResolver: PopupRedirectResolver;
699
700/**
701 * An implementation of {@link Persistence} of `SESSION` using `sessionStorage`
702 * for the underlying storage.
703 *
704 * @public
705 */
706export declare const browserSessionPersistence: Persistence;
707
708/**
709 * Checks a verification code sent to the user by email or other out-of-band mechanism.
710 *
711 * @returns metadata about the code.
712 *
713 * @param auth - The {@link Auth} instance.
714 * @param oobCode - A verification code sent to the user.
715 *
716 * @public
717 */
718export declare function checkActionCode(auth: Auth, oobCode: string): Promise<ActionCodeInfo>;
719
720/* Excluded from this release type: ClientPlatform */
721export { CompleteFn }
722
723/**
724 * Interface representing the `Auth` config.
725 *
726 * @public
727 */
728export declare interface Config {
729 /**
730 * The API Key used to communicate with the Firebase Auth backend.
731 */
732 apiKey: string;
733 /**
734 * The host at which the Firebase Auth backend is running.
735 */
736 apiHost: string;
737 /**
738 * The scheme used to communicate with the Firebase Auth backend.
739 */
740 apiScheme: string;
741 /**
742 * The host at which the Secure Token API is running.
743 */
744 tokenApiHost: string;
745 /**
746 * The SDK Client Version.
747 */
748 sdkClientVersion: string;
749 /**
750 * The domain at which the web widgets are hosted (provided via Firebase Config).
751 */
752 authDomain?: string;
753}
754
755/* Excluded from this release type: ConfigInternal */
756
757/**
758 * A result from a phone number sign-in, link, or reauthenticate call.
759 *
760 * @public
761 */
762export declare interface ConfirmationResult {
763 /**
764 * The phone number authentication operation's verification ID.
765 *
766 * @remarks
767 * This can be used along with the verification code to initialize a
768 * {@link PhoneAuthCredential}.
769 */
770 readonly verificationId: string;
771 /**
772 * Finishes a phone number sign-in, link, or reauthentication.
773 *
774 * @example
775 * ```javascript
776 * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
777 * // Obtain verificationCode from the user.
778 * const userCredential = await confirmationResult.confirm(verificationCode);
779 * ```
780 *
781 * @param verificationCode - The code that was sent to the user's mobile device.
782 */
783 confirm(verificationCode: string): Promise<UserCredential>;
784}
785
786/**
787 * Completes the password reset process, given a confirmation code and new password.
788 *
789 * @param auth - The {@link Auth} instance.
790 * @param oobCode - A confirmation code sent to the user.
791 * @param newPassword - The new password.
792 *
793 * @public
794 */
795export declare function confirmPasswordReset(auth: Auth, oobCode: string, newPassword: string): Promise<void>;
796
797/**
798 * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
799 * Firebase Auth services.
800 *
801 * @remarks
802 * This must be called synchronously immediately following the first call to
803 * {@link initializeAuth}. Do not use with production credentials as emulator
804 * traffic is not encrypted.
805 *
806 *
807 * @example
808 * ```javascript
809 * connectAuthEmulator(auth, 'http://127.0.0.1:9099', { disableWarnings: true });
810 * ```
811 *
812 * @param auth - The {@link Auth} instance.
813 * @param url - The URL at which the emulator is running (eg, 'http://localhost:9099').
814 * @param options - Optional. `options.disableWarnings` defaults to `false`. Set it to
815 * `true` to disable the warning banner attached to the DOM.
816 *
817 * @public
818 */
819export declare function connectAuthEmulator(auth: Auth, url: string, options?: {
820 disableWarnings: boolean;
821}): void;
822
823/**
824 * Creates a new user account associated with the specified email address and password.
825 *
826 * @remarks
827 * On successful creation of the user account, this user will also be signed in to your application.
828 *
829 * User account creation can fail if the account already exists or the password is invalid.
830 *
831 * Note: The email address acts as a unique identifier for the user and enables an email-based
832 * password reset. This function will create a new user account and set the initial user password.
833 *
834 * @param auth - The {@link Auth} instance.
835 * @param email - The user's email address.
836 * @param password - The user's chosen password.
837 *
838 * @public
839 */
840export declare function createUserWithEmailAndPassword(auth: Auth, email: string, password: string): Promise<UserCredential>;
841
842/**
843 * Map of OAuth Custom Parameters.
844 *
845 * @public
846 */
847export declare type CustomParameters = Record<string, string>;
848
849/**
850 * A verbose error map with detailed descriptions for most error codes.
851 *
852 * See discussion at {@link AuthErrorMap}
853 *
854 * @public
855 */
856export declare const debugErrorMap: AuthErrorMap;
857
858/**
859 * Deletes and signs out the user.
860 *
861 * @remarks
862 * Important: this is a security-sensitive operation that requires the user to have recently
863 * signed in. If this requirement isn't met, ask the user to authenticate again and then call
864 * {@link reauthenticateWithCredential}.
865 *
866 * @param user - The user.
867 *
868 * @public
869 */
870export declare function deleteUser(user: User): Promise<void>;
871
872/**
873 * The dependencies that can be used to initialize an {@link Auth} instance.
874 *
875 * @remarks
876 *
877 * The modular SDK enables tree shaking by allowing explicit declarations of
878 * dependencies. For example, a web app does not need to include code that
879 * enables Cordova redirect sign in. That functionality is therefore split into
880 * {@link browserPopupRedirectResolver} and
881 * {@link cordovaPopupRedirectResolver}. The dependencies object is how Auth is
882 * configured to reduce bundle sizes.
883 *
884 * There are two ways to initialize an {@link Auth} instance: {@link getAuth} and
885 * {@link initializeAuth}. `getAuth` initializes everything using
886 * platform-specific configurations, while `initializeAuth` takes a
887 * `Dependencies` object directly, giving you more control over what is used.
888 *
889 * @public
890 */
891export declare interface Dependencies {
892 /**
893 * Which {@link Persistence} to use. If this is an array, the first
894 * `Persistence` that the device supports is used. The SDK searches for an
895 * existing account in order and, if one is found in a secondary
896 * `Persistence`, the account is moved to the primary `Persistence`.
897 *
898 * If no persistence is provided, the SDK falls back on
899 * {@link inMemoryPersistence}.
900 */
901 persistence?: Persistence | Persistence[];
902 /**
903 * The {@link PopupRedirectResolver} to use. This value depends on the
904 * platform. Options are {@link browserPopupRedirectResolver} and
905 * {@link cordovaPopupRedirectResolver}. This field is optional if neither
906 * {@link signInWithPopup} or {@link signInWithRedirect} are being used.
907 */
908 popupRedirectResolver?: PopupRedirectResolver;
909 /**
910 * Which {@link AuthErrorMap} to use.
911 */
912 errorMap?: AuthErrorMap;
913}
914
915/**
916 * Interface that represents the credentials returned by {@link EmailAuthProvider} for
917 * {@link ProviderId}.PASSWORD
918 *
919 * @remarks
920 * Covers both {@link SignInMethod}.EMAIL_PASSWORD and
921 * {@link SignInMethod}.EMAIL_LINK.
922 *
923 * @public
924 */
925export declare class EmailAuthCredential extends AuthCredential {
926 /* Excluded from this release type: _email */
927 /* Excluded from this release type: _password */
928 /* Excluded from this release type: _tenantId */
929 /* Excluded from this release type: __constructor */
930 /* Excluded from this release type: _fromEmailAndPassword */
931 /* Excluded from this release type: _fromEmailAndCode */
932 /** {@inheritdoc AuthCredential.toJSON} */
933 toJSON(): object;
934 /**
935 * Static method to deserialize a JSON representation of an object into an {@link AuthCredential}.
936 *
937 * @param json - Either `object` or the stringified representation of the object. When string is
938 * provided, `JSON.parse` would be called first.
939 *
940 * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
941 */
942 static fromJSON(json: object | string): EmailAuthCredential | null;
943 /* Excluded from this release type: _getIdTokenResponse */
944 /* Excluded from this release type: _linkToIdToken */
945 /* Excluded from this release type: _getReauthenticationResolver */
946}
947
948/**
949 * Provider for generating {@link EmailAuthCredential}.
950 *
951 * @public
952 */
953export declare class EmailAuthProvider implements AuthProvider {
954 /**
955 * Always set to {@link ProviderId}.PASSWORD, even for email link.
956 */
957 static readonly PROVIDER_ID: 'password';
958 /**
959 * Always set to {@link SignInMethod}.EMAIL_PASSWORD.
960 */
961 static readonly EMAIL_PASSWORD_SIGN_IN_METHOD: 'password';
962 /**
963 * Always set to {@link SignInMethod}.EMAIL_LINK.
964 */
965 static readonly EMAIL_LINK_SIGN_IN_METHOD: 'emailLink';
966 /**
967 * Always set to {@link ProviderId}.PASSWORD, even for email link.
968 */
969 readonly providerId: "password";
970 /**
971 * Initialize an {@link AuthCredential} using an email and password.
972 *
973 * @example
974 * ```javascript
975 * const authCredential = EmailAuthProvider.credential(email, password);
976 * const userCredential = await signInWithCredential(auth, authCredential);
977 * ```
978 *
979 * @example
980 * ```javascript
981 * const userCredential = await signInWithEmailAndPassword(auth, email, password);
982 * ```
983 *
984 * @param email - Email address.
985 * @param password - User account password.
986 * @returns The auth provider credential.
987 */
988 static credential(email: string, password: string): EmailAuthCredential;
989 /**
990 * Initialize an {@link AuthCredential} using an email and an email link after a sign in with
991 * email link operation.
992 *
993 * @example
994 * ```javascript
995 * const authCredential = EmailAuthProvider.credentialWithLink(auth, email, emailLink);
996 * const userCredential = await signInWithCredential(auth, authCredential);
997 * ```
998 *
999 * @example
1000 * ```javascript
1001 * await sendSignInLinkToEmail(auth, email);
1002 * // Obtain emailLink from user.
1003 * const userCredential = await signInWithEmailLink(auth, email, emailLink);
1004 * ```
1005 *
1006 * @param auth - The {@link Auth} instance used to verify the link.
1007 * @param email - Email address.
1008 * @param emailLink - Sign-in email link.
1009 * @returns - The auth provider credential.
1010 */
1011 static credentialWithLink(email: string, emailLink: string): EmailAuthCredential;
1012}
1013
1014/**
1015 * Configuration of Firebase Authentication Emulator.
1016 * @public
1017 */
1018export declare interface EmulatorConfig {
1019 /**
1020 * The protocol used to communicate with the emulator ("http"/"https").
1021 */
1022 readonly protocol: string;
1023 /**
1024 * The hostname of the emulator, which may be a domain ("localhost"), IPv4 address ("127.0.0.1")
1025 * or quoted IPv6 address ("[::1]").
1026 */
1027 readonly host: string;
1028 /**
1029 * The port of the emulator, or null if port isn't specified (i.e. protocol default).
1030 */
1031 readonly port: number | null;
1032 /**
1033 * The emulator-specific options.
1034 */
1035 readonly options: {
1036 /**
1037 * Whether the warning banner attached to the DOM was disabled.
1038 */
1039 readonly disableWarnings: boolean;
1040 };
1041}
1042export { ErrorFn }
1043
1044/* Excluded from this release type: EventManager */
1045
1046/**
1047 * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.FACEBOOK.
1048 *
1049 * @example
1050 * ```javascript
1051 * // Sign in using a redirect.
1052 * const provider = new FacebookAuthProvider();
1053 * // Start a sign in process for an unauthenticated user.
1054 * provider.addScope('user_birthday');
1055 * await signInWithRedirect(auth, provider);
1056 * // This will trigger a full page redirect away from your app
1057 *
1058 * // After returning from the redirect when your app initializes you can obtain the result
1059 * const result = await getRedirectResult(auth);
1060 * if (result) {
1061 * // This is the signed-in user
1062 * const user = result.user;
1063 * // This gives you a Facebook Access Token.
1064 * const credential = provider.credentialFromResult(auth, result);
1065 * const token = credential.accessToken;
1066 * }
1067 * ```
1068 *
1069 * @example
1070 * ```javascript
1071 * // Sign in using a popup.
1072 * const provider = new FacebookAuthProvider();
1073 * provider.addScope('user_birthday');
1074 * const result = await signInWithPopup(auth, provider);
1075 *
1076 * // The signed-in user info.
1077 * const user = result.user;
1078 * // This gives you a Facebook Access Token.
1079 * const credential = provider.credentialFromResult(auth, result);
1080 * const token = credential.accessToken;
1081 * ```
1082 *
1083 * @public
1084 */
1085export declare class FacebookAuthProvider extends BaseOAuthProvider {
1086 /** Always set to {@link SignInMethod}.FACEBOOK. */
1087 static readonly FACEBOOK_SIGN_IN_METHOD: 'facebook.com';
1088 /** Always set to {@link ProviderId}.FACEBOOK. */
1089 static readonly PROVIDER_ID: 'facebook.com';
1090 constructor();
1091 /**
1092 * Creates a credential for Facebook.
1093 *
1094 * @example
1095 * ```javascript
1096 * // `event` from the Facebook auth.authResponseChange callback.
1097 * const credential = FacebookAuthProvider.credential(event.authResponse.accessToken);
1098 * const result = await signInWithCredential(credential);
1099 * ```
1100 *
1101 * @param accessToken - Facebook access token.
1102 */
1103 static credential(accessToken: string): OAuthCredential;
1104 /**
1105 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1106 *
1107 * @param userCredential - The user credential.
1108 */
1109 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1110 /**
1111 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1112 * thrown during a sign-in, link, or reauthenticate operation.
1113 *
1114 * @param userCredential - The user credential.
1115 */
1116 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1117 private static credentialFromTaggedObject;
1118}
1119
1120/**
1121 * An enum of factors that may be used for multifactor authentication.
1122 *
1123 * @public
1124 */
1125export declare const FactorId: {
1126 /** Phone as second factor */
1127 readonly PHONE: "phone";
1128};
1129
1130/**
1131 * The base class for all Federated providers (OAuth (including OIDC), SAML).
1132 *
1133 * This class is not meant to be instantiated directly.
1134 *
1135 * @public
1136 */
1137declare abstract class FederatedAuthProvider implements AuthProvider {
1138 readonly providerId: string;
1139 /* Excluded from this release type: defaultLanguageCode */
1140 /* Excluded from this release type: customParameters */
1141 /**
1142 * Constructor for generic OAuth providers.
1143 *
1144 * @param providerId - Provider for which credentials should be generated.
1145 */
1146 constructor(providerId: string);
1147 /**
1148 * Set the language gode.
1149 *
1150 * @param languageCode - language code
1151 */
1152 setDefaultLanguage(languageCode: string | null): void;
1153 /**
1154 * Sets the OAuth custom parameters to pass in an OAuth request for popup and redirect sign-in
1155 * operations.
1156 *
1157 * @remarks
1158 * For a detailed list, check the reserved required OAuth 2.0 parameters such as `client_id`,
1159 * `redirect_uri`, `scope`, `response_type`, and `state` are not allowed and will be ignored.
1160 *
1161 * @param customOAuthParameters - The custom OAuth parameters to pass in the OAuth request.
1162 */
1163 setCustomParameters(customOAuthParameters: CustomParameters): AuthProvider;
1164 /**
1165 * Retrieve the current list of {@link CustomParameters}.
1166 */
1167 getCustomParameters(): CustomParameters;
1168}
1169
1170/**
1171 * Gets the list of possible sign in methods for the given email address.
1172 *
1173 * @remarks
1174 * This is useful to differentiate methods of sign-in for the same provider, eg.
1175 * {@link EmailAuthProvider} which has 2 methods of sign-in,
1176 * {@link SignInMethod}.EMAIL_PASSWORD and
1177 * {@link SignInMethod}.EMAIL_LINK.
1178 *
1179 * @param auth - The {@link Auth} instance.
1180 * @param email - The user's email address.
1181 *
1182 * @public
1183 */
1184export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
1185
1186declare interface FinalizeMfaResponse {
1187 idToken: string;
1188 refreshToken: string;
1189}
1190
1191/* Excluded from this release type: GenericAuthErrorParams */
1192
1193/**
1194 * Extracts provider specific {@link AdditionalUserInfo} for the given credential.
1195 *
1196 * @param userCredential - The user credential.
1197 *
1198 * @public
1199 */
1200export declare function getAdditionalUserInfo(userCredential: UserCredential): AdditionalUserInfo | null;
1201
1202/**
1203 * Returns the Auth instance associated with the provided {@link @firebase/app#FirebaseApp}.
1204 * If no instance exists, initializes an Auth instance with platform-specific default dependencies.
1205 *
1206 * @param app - The Firebase App.
1207 *
1208 * @public
1209 */
1210export declare function getAuth(app?: FirebaseApp): Auth;
1211
1212/**
1213 * Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.
1214 *
1215 * @remarks
1216 * Returns the current token if it has not expired or if it will not expire in the next five
1217 * minutes. Otherwise, this will refresh the token and return a new one.
1218 *
1219 * @param user - The user.
1220 * @param forceRefresh - Force refresh regardless of token expiration.
1221 *
1222 * @public
1223 */
1224export declare function getIdToken(user: User, forceRefresh?: boolean): Promise<string>;
1225
1226/**
1227 * Returns a deserialized JSON Web Token (JWT) used to identitfy the user to a Firebase service.
1228 *
1229 * @remarks
1230 * Returns the current token if it has not expired or if it will not expire in the next five
1231 * minutes. Otherwise, this will refresh the token and return a new one.
1232 *
1233 * @param user - The user.
1234 * @param forceRefresh - Force refresh regardless of token expiration.
1235 *
1236 * @public
1237 */
1238export declare function getIdTokenResult(user: User, forceRefresh?: boolean): Promise<IdTokenResult>;
1239
1240/**
1241 * Provides a {@link MultiFactorResolver} suitable for completion of a
1242 * multi-factor flow.
1243 *
1244 * @param auth - The {@link Auth} instance.
1245 * @param error - The {@link MultiFactorError} raised during a sign-in, or
1246 * reauthentication operation.
1247 *
1248 * @public
1249 */
1250export declare function getMultiFactorResolver(auth: Auth, error: MultiFactorError): MultiFactorResolver;
1251
1252/**
1253 * Returns a {@link UserCredential} from the redirect-based sign-in flow.
1254 *
1255 * @remarks
1256 * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
1257 * error. If no redirect operation was called, returns a {@link UserCredential}
1258 * with a null `user`.
1259 *
1260 * @example
1261 * ```javascript
1262 * // Sign in using a redirect.
1263 * const provider = new FacebookAuthProvider();
1264 * // You can add additional scopes to the provider:
1265 * provider.addScope('user_birthday');
1266 * // Start a sign in process for an unauthenticated user.
1267 * await signInWithRedirect(auth, provider);
1268 * // This will trigger a full page redirect away from your app
1269 *
1270 * // After returning from the redirect when your app initializes you can obtain the result
1271 * const result = await getRedirectResult(auth);
1272 * if (result) {
1273 * // This is the signed-in user
1274 * const user = result.user;
1275 * // This gives you a Facebook Access Token.
1276 * const credential = provider.credentialFromResult(auth, result);
1277 * const token = credential.accessToken;
1278 * }
1279 * // As this API can be used for sign-in, linking and reauthentication,
1280 * // check the operationType to determine what triggered this redirect
1281 * // operation.
1282 * const operationType = result.operationType;
1283 * ```
1284 *
1285 * @param auth - The {@link Auth} instance.
1286 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1287 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1288 *
1289 * @public
1290 */
1291export declare function getRedirectResult(auth: Auth, resolver?: PopupRedirectResolver): Promise<UserCredential | null>;
1292
1293/**
1294 * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GITHUB.
1295 *
1296 * @remarks
1297 * GitHub requires an OAuth 2.0 redirect, so you can either handle the redirect directly, or use
1298 * the {@link signInWithPopup} handler:
1299 *
1300 * @example
1301 * ```javascript
1302 * // Sign in using a redirect.
1303 * const provider = new GithubAuthProvider();
1304 * // Start a sign in process for an unauthenticated user.
1305 * provider.addScope('repo');
1306 * await signInWithRedirect(auth, provider);
1307 * // This will trigger a full page redirect away from your app
1308 *
1309 * // After returning from the redirect when your app initializes you can obtain the result
1310 * const result = await getRedirectResult(auth);
1311 * if (result) {
1312 * // This is the signed-in user
1313 * const user = result.user;
1314 * // This gives you a Github Access Token.
1315 * const credential = provider.credentialFromResult(auth, result);
1316 * const token = credential.accessToken;
1317 * }
1318 * ```
1319 *
1320 * @example
1321 * ```javascript
1322 * // Sign in using a popup.
1323 * const provider = new GithubAuthProvider();
1324 * provider.addScope('repo');
1325 * const result = await signInWithPopup(auth, provider);
1326 *
1327 * // The signed-in user info.
1328 * const user = result.user;
1329 * // This gives you a Github Access Token.
1330 * const credential = provider.credentialFromResult(auth, result);
1331 * const token = credential.accessToken;
1332 * ```
1333 * @public
1334 */
1335export declare class GithubAuthProvider extends BaseOAuthProvider {
1336 /** Always set to {@link SignInMethod}.GITHUB. */
1337 static readonly GITHUB_SIGN_IN_METHOD: 'github.com';
1338 /** Always set to {@link ProviderId}.GITHUB. */
1339 static readonly PROVIDER_ID: 'github.com';
1340 constructor();
1341 /**
1342 * Creates a credential for Github.
1343 *
1344 * @param accessToken - Github access token.
1345 */
1346 static credential(accessToken: string): OAuthCredential;
1347 /**
1348 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1349 *
1350 * @param userCredential - The user credential.
1351 */
1352 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1353 /**
1354 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1355 * thrown during a sign-in, link, or reauthenticate operation.
1356 *
1357 * @param userCredential - The user credential.
1358 */
1359 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1360 private static credentialFromTaggedObject;
1361}
1362
1363/**
1364 * Provider for generating an an {@link OAuthCredential} for {@link ProviderId}.GOOGLE.
1365 *
1366 * @example
1367 * ```javascript
1368 * // Sign in using a redirect.
1369 * const provider = new GoogleAuthProvider();
1370 * // Start a sign in process for an unauthenticated user.
1371 * provider.addScope('profile');
1372 * provider.addScope('email');
1373 * await signInWithRedirect(auth, provider);
1374 * // This will trigger a full page redirect away from your app
1375 *
1376 * // After returning from the redirect when your app initializes you can obtain the result
1377 * const result = await getRedirectResult(auth);
1378 * if (result) {
1379 * // This is the signed-in user
1380 * const user = result.user;
1381 * // This gives you a Google Access Token.
1382 * const credential = provider.credentialFromResult(auth, result);
1383 * const token = credential.accessToken;
1384 * }
1385 * ```
1386 *
1387 * @example
1388 * ```javascript
1389 * // Sign in using a popup.
1390 * const provider = new GoogleAuthProvider();
1391 * provider.addScope('profile');
1392 * provider.addScope('email');
1393 * const result = await signInWithPopup(auth, provider);
1394 *
1395 * // The signed-in user info.
1396 * const user = result.user;
1397 * // This gives you a Google Access Token.
1398 * const credential = provider.credentialFromResult(auth, result);
1399 * const token = credential.accessToken;
1400 * ```
1401 *
1402 * @public
1403 */
1404export declare class GoogleAuthProvider extends BaseOAuthProvider {
1405 /** Always set to {@link SignInMethod}.GOOGLE. */
1406 static readonly GOOGLE_SIGN_IN_METHOD: 'google.com';
1407 /** Always set to {@link ProviderId}.GOOGLE. */
1408 static readonly PROVIDER_ID: 'google.com';
1409 constructor();
1410 /**
1411 * Creates a credential for Google. At least one of ID token and access token is required.
1412 *
1413 * @example
1414 * ```javascript
1415 * // \`googleUser\` from the onsuccess Google Sign In callback.
1416 * const credential = GoogleAuthProvider.credential(googleUser.getAuthResponse().id_token);
1417 * const result = await signInWithCredential(credential);
1418 * ```
1419 *
1420 * @param idToken - Google ID token.
1421 * @param accessToken - Google access token.
1422 */
1423 static credential(idToken?: string | null, accessToken?: string | null): OAuthCredential;
1424 /**
1425 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1426 *
1427 * @param userCredential - The user credential.
1428 */
1429 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1430 /**
1431 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1432 * thrown during a sign-in, link, or reauthenticate operation.
1433 *
1434 * @param userCredential - The user credential.
1435 */
1436 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1437 private static credentialFromTaggedObject;
1438}
1439
1440/**
1441 * Raw encoded JWT
1442 *
1443 */
1444declare type IdToken = string;
1445
1446/* Excluded from this release type: IdTokenMfaResponse */
1447
1448/* Excluded from this release type: IdTokenResponse */
1449
1450/* Excluded from this release type: IdTokenResponseKind */
1451
1452/**
1453 * Interface representing ID token result obtained from {@link User.getIdTokenResult}.
1454 *
1455 * @remarks
1456 * `IdTokenResult` contains the ID token JWT string and other helper properties for getting different data
1457 * associated with the token as well as all the decoded payload claims.
1458 *
1459 * Note that these claims are not to be trusted as they are parsed client side. Only server side
1460 * verification can guarantee the integrity of the token claims.
1461 *
1462 * @public
1463 */
1464export declare interface IdTokenResult {
1465 /**
1466 * The authentication time formatted as a UTC string.
1467 *
1468 * @remarks
1469 * This is the time the user authenticated (signed in) and not the time the token was refreshed.
1470 */
1471 authTime: string;
1472 /** The ID token expiration time formatted as a UTC string. */
1473 expirationTime: string;
1474 /** The ID token issuance time formatted as a UTC string. */
1475 issuedAtTime: string;
1476 /**
1477 * The sign-in provider through which the ID token was obtained (anonymous, custom, phone,
1478 * password, etc).
1479 *
1480 * @remarks
1481 * Note, this does not map to provider IDs.
1482 */
1483 signInProvider: string | null;
1484 /**
1485 * The type of second factor associated with this session, provided the user was multi-factor
1486 * authenticated (eg. phone, etc).
1487 */
1488 signInSecondFactor: string | null;
1489 /** The Firebase Auth ID token JWT string. */
1490 token: string;
1491 /**
1492 * The entire payload claims of the ID token including the standard reserved claims as well as
1493 * the custom claims.
1494 */
1495 claims: ParsedToken;
1496}
1497
1498/**
1499 * An implementation of {@link Persistence} of type `LOCAL` using `indexedDB`
1500 * for the underlying storage.
1501 *
1502 * @public
1503 */
1504export declare const indexedDBLocalPersistence: Persistence;
1505
1506/**
1507 * Initializes an {@link Auth} instance with fine-grained control over
1508 * {@link Dependencies}.
1509 *
1510 * @remarks
1511 *
1512 * This function allows more control over the {@link Auth} instance than
1513 * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
1514 * the {@link Dependencies}. In general, `getAuth` is the easiest way to
1515 * initialize Auth and works for most use cases. Use `initializeAuth` if you
1516 * need control over which persistence layer is used, or to minimize bundle
1517 * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
1518 *
1519 * For example, if your app only uses anonymous accounts and you only want
1520 * accounts saved for the current session, initialize `Auth` with:
1521 *
1522 * ```js
1523 * const auth = initializeAuth(app, {
1524 * persistence: browserSessionPersistence,
1525 * popupRedirectResolver: undefined,
1526 * });
1527 * ```
1528 *
1529 * @public
1530 */
1531export declare function initializeAuth(app: FirebaseApp, deps?: Dependencies): Auth;
1532
1533/**
1534 * An implementation of {@link Persistence} of type 'NONE'.
1535 *
1536 * @public
1537 */
1538export declare const inMemoryPersistence: Persistence;
1539
1540/**
1541 * Checks if an incoming link is a sign-in with email link suitable for {@link signInWithEmailLink}.
1542 *
1543 * @param auth - The {@link Auth} instance.
1544 * @param emailLink - The link sent to the user's email address.
1545 *
1546 * @public
1547 */
1548export declare function isSignInWithEmailLink(auth: Auth, emailLink: string): boolean;
1549
1550/**
1551 * Links the user account with the given credentials.
1552 *
1553 * @remarks
1554 * An {@link AuthProvider} can be used to generate the credential.
1555 *
1556 * @param user - The user.
1557 * @param credential - The auth credential.
1558 *
1559 * @public
1560 */
1561export declare function linkWithCredential(user: User, credential: AuthCredential): Promise<UserCredential>;
1562
1563/**
1564 * Links the user account with the given phone number.
1565 *
1566 * @param user - The user.
1567 * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
1568 * @param appVerifier - The {@link ApplicationVerifier}.
1569 *
1570 * @public
1571 */
1572export declare function linkWithPhoneNumber(user: User, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
1573
1574/**
1575 * Links the authenticated provider to the user account using a pop-up based OAuth flow.
1576 *
1577 * @remarks
1578 * If the linking is successful, the returned result will contain the user and the provider's credential.
1579 *
1580 *
1581 * @example
1582 * ```javascript
1583 * // Sign in using some other provider.
1584 * const result = await signInWithEmailAndPassword(auth, email, password);
1585 * // Link using a popup.
1586 * const provider = new FacebookAuthProvider();
1587 * await linkWithPopup(result.user, provider);
1588 * ```
1589 *
1590 * @param user - The user.
1591 * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
1592 * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
1593 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1594 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1595 *
1596 * @public
1597 */
1598export declare function linkWithPopup(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<UserCredential>;
1599
1600/**
1601 * Links the {@link OAuthProvider} to the user account using a full-page redirect flow.
1602 *
1603 * @example
1604 * ```javascript
1605 * // Sign in using some other provider.
1606 * const result = await signInWithEmailAndPassword(auth, email, password);
1607 * // Link using a redirect.
1608 * const provider = new FacebookAuthProvider();
1609 * await linkWithRedirect(result.user, provider);
1610 * // This will trigger a full page redirect away from your app
1611 *
1612 * // After returning from the redirect when your app initializes you can obtain the result
1613 * const result = await getRedirectResult(auth);
1614 * ```
1615 *
1616 * @param user - The user.
1617 * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
1618 * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
1619 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1620 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1621 *
1622 *
1623 * @public
1624 */
1625export declare function linkWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
1626
1627/**
1628 * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment is supported
1629 */
1630declare type MfaEnrollment = PhoneMfaEnrollment;
1631
1632/**
1633 * The {@link MultiFactorUser} corresponding to the user.
1634 *
1635 * @remarks
1636 * This is used to access all multi-factor properties and operations related to the user.
1637 *
1638 * @param user - The user.
1639 *
1640 * @public
1641 */
1642export declare function multiFactor(user: User): MultiFactorUser;
1643
1644/**
1645 * The base class for asserting ownership of a second factor.
1646 *
1647 * @remarks
1648 * This is used to facilitate enrollment of a second factor on an existing user or sign-in of a
1649 * user who already verified the first factor.
1650 *
1651 * @public
1652 */
1653export declare interface MultiFactorAssertion {
1654 /** The identifier of the second factor. */
1655 readonly factorId: typeof FactorId[keyof typeof FactorId];
1656}
1657
1658/**
1659 * The error thrown when the user needs to provide a second factor to sign in successfully.
1660 *
1661 * @remarks
1662 * The error code for this error is `auth/multi-factor-auth-required`.
1663 *
1664 * @example
1665 * ```javascript
1666 * let resolver;
1667 * let multiFactorHints;
1668 *
1669 * signInWithEmailAndPassword(auth, email, password)
1670 * .then((result) => {
1671 * // User signed in. No 2nd factor challenge is needed.
1672 * })
1673 * .catch((error) => {
1674 * if (error.code == 'auth/multi-factor-auth-required') {
1675 * resolver = getMultiFactorResolver(auth, error);
1676 * multiFactorHints = resolver.hints;
1677 * } else {
1678 * // Handle other errors.
1679 * }
1680 * });
1681 *
1682 * // Obtain a multiFactorAssertion by verifying the second factor.
1683 *
1684 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
1685 * ```
1686 *
1687 * @public
1688 */
1689export declare interface MultiFactorError extends AuthError {
1690 /**
1691 * The type of operation (e.g., sign-in, link, or reauthenticate) during which the error was raised.
1692 */
1693 readonly operationType: typeof OperationType[keyof typeof OperationType];
1694}
1695
1696/**
1697 * A structure containing the information of a second factor entity.
1698 *
1699 * @public
1700 */
1701export declare interface MultiFactorInfo {
1702 /** The multi-factor enrollment ID. */
1703 readonly uid: string;
1704 /** The user friendly name of the current second factor. */
1705 readonly displayName?: string | null;
1706 /** The enrollment date of the second factor formatted as a UTC string. */
1707 readonly enrollmentTime: string;
1708 /** The identifier of the second factor. */
1709 readonly factorId: typeof FactorId[keyof typeof FactorId];
1710}
1711
1712/**
1713 * The class used to facilitate recovery from {@link MultiFactorError} when a user needs to
1714 * provide a second factor to sign in.
1715 *
1716 * @example
1717 * ```javascript
1718 * let resolver;
1719 * let multiFactorHints;
1720 *
1721 * signInWithEmailAndPassword(auth, email, password)
1722 * .then((result) => {
1723 * // User signed in. No 2nd factor challenge is needed.
1724 * })
1725 * .catch((error) => {
1726 * if (error.code == 'auth/multi-factor-auth-required') {
1727 * resolver = getMultiFactorResolver(auth, error);
1728 * // Show UI to let user select second factor.
1729 * multiFactorHints = resolver.hints;
1730 * } else {
1731 * // Handle other errors.
1732 * }
1733 * });
1734 *
1735 * // The enrolled second factors that can be used to complete
1736 * // sign-in are returned in the `MultiFactorResolver.hints` list.
1737 * // UI needs to be presented to allow the user to select a second factor
1738 * // from that list.
1739 *
1740 * const selectedHint = // ; selected from multiFactorHints
1741 * const phoneAuthProvider = new PhoneAuthProvider(auth);
1742 * const phoneInfoOptions = {
1743 * multiFactorHint: selectedHint,
1744 * session: resolver.session
1745 * };
1746 * const verificationId = phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
1747 * // Store `verificationId` and show UI to let user enter verification code.
1748 *
1749 * // UI to enter verification code and continue.
1750 * // Continue button click handler
1751 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1752 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1753 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
1754 * ```
1755 *
1756 * @public
1757 */
1758export declare interface MultiFactorResolver {
1759 /**
1760 * The list of hints for the second factors needed to complete the sign-in for the current
1761 * session.
1762 */
1763 readonly hints: MultiFactorInfo[];
1764 /**
1765 * The session identifier for the current sign-in flow, which can be used to complete the second
1766 * factor sign-in.
1767 */
1768 readonly session: MultiFactorSession;
1769 /**
1770 * A helper function to help users complete sign in with a second factor using an
1771 * {@link MultiFactorAssertion} confirming the user successfully completed the second factor
1772 * challenge.
1773 *
1774 * @example
1775 * ```javascript
1776 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1777 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1778 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
1779 * ```
1780 *
1781 * @param assertion - The multi-factor assertion to resolve sign-in with.
1782 * @returns The promise that resolves with the user credential object.
1783 */
1784 resolveSignIn(assertion: MultiFactorAssertion): Promise<UserCredential>;
1785}
1786
1787/**
1788 * An interface defining the multi-factor session object used for enrolling a second factor on a
1789 * user or helping sign in an enrolled user with a second factor.
1790 *
1791 * @public
1792 */
1793export declare interface MultiFactorSession {
1794}
1795
1796/**
1797 * An interface that defines the multi-factor related properties and operations pertaining
1798 * to a {@link User}.
1799 *
1800 * @public
1801 */
1802export declare interface MultiFactorUser {
1803 /** Returns a list of the user's enrolled second factors. */
1804 readonly enrolledFactors: MultiFactorInfo[];
1805 /**
1806 * Returns the session identifier for a second factor enrollment operation. This is used to
1807 * identify the user trying to enroll a second factor.
1808 *
1809 * @example
1810 * ```javascript
1811 * const multiFactorUser = multiFactor(auth.currentUser);
1812 * const multiFactorSession = await multiFactorUser.getSession();
1813 *
1814 * // Send verification code.
1815 * const phoneAuthProvider = new PhoneAuthProvider(auth);
1816 * const phoneInfoOptions = {
1817 * phoneNumber: phoneNumber,
1818 * session: multiFactorSession
1819 * };
1820 * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
1821 *
1822 * // Obtain verification code from user.
1823 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1824 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1825 * await multiFactorUser.enroll(multiFactorAssertion);
1826 * ```
1827 *
1828 * @returns The promise that resolves with the {@link MultiFactorSession}.
1829 */
1830 getSession(): Promise<MultiFactorSession>;
1831 /**
1832 *
1833 * Enrolls a second factor as identified by the {@link MultiFactorAssertion} for the
1834 * user.
1835 *
1836 * @remarks
1837 * On resolution, the user tokens are updated to reflect the change in the JWT payload.
1838 * Accepts an additional display name parameter used to identify the second factor to the end
1839 * user. Recent re-authentication is required for this operation to succeed. On successful
1840 * enrollment, existing Firebase sessions (refresh tokens) are revoked. When a new factor is
1841 * enrolled, an email notification is sent to the user’s email.
1842 *
1843 * @example
1844 * ```javascript
1845 * const multiFactorUser = multiFactor(auth.currentUser);
1846 * const multiFactorSession = await multiFactorUser.getSession();
1847 *
1848 * // Send verification code.
1849 * const phoneAuthProvider = new PhoneAuthProvider(auth);
1850 * const phoneInfoOptions = {
1851 * phoneNumber: phoneNumber,
1852 * session: multiFactorSession
1853 * };
1854 * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
1855 *
1856 * // Obtain verification code from user.
1857 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1858 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1859 * await multiFactorUser.enroll(multiFactorAssertion);
1860 * // Second factor enrolled.
1861 * ```
1862 *
1863 * @param assertion - The multi-factor assertion to enroll with.
1864 * @param displayName - The display name of the second factor.
1865 */
1866 enroll(assertion: MultiFactorAssertion, displayName?: string | null): Promise<void>;
1867 /**
1868 * Unenrolls the specified second factor.
1869 *
1870 * @remarks
1871 * To specify the factor to remove, pass a {@link MultiFactorInfo} object (retrieved from
1872 * {@link MultiFactorUser.enrolledFactors}) or the
1873 * factor's UID string. Sessions are not revoked when the account is unenrolled. An email
1874 * notification is likely to be sent to the user notifying them of the change. Recent
1875 * re-authentication is required for this operation to succeed. When an existing factor is
1876 * unenrolled, an email notification is sent to the user’s email.
1877 *
1878 * @example
1879 * ```javascript
1880 * const multiFactorUser = multiFactor(auth.currentUser);
1881 * // Present user the option to choose which factor to unenroll.
1882 * await multiFactorUser.unenroll(multiFactorUser.enrolledFactors[i])
1883 * ```
1884 *
1885 * @param option - The multi-factor option to unenroll.
1886 * @returns - A `Promise` which resolves when the unenroll operation is complete.
1887 */
1888 unenroll(option: MultiFactorInfo | string): Promise<void>;
1889}
1890
1891declare type MutableUserInfo = {
1892 -readonly [K in keyof UserInfo]: UserInfo[K];
1893};
1894export { NextFn }
1895
1896/**
1897 * Type definition for an event callback.
1898 *
1899 * @privateRemarks TODO(avolkovi): should we consolidate with Subscribe<T> since we're changing the API anyway?
1900 *
1901 * @public
1902 */
1903export declare type NextOrObserver<T> = NextFn<T | null> | Observer<T | null>;
1904
1905/**
1906 * Represents the OAuth credentials returned by an {@link OAuthProvider}.
1907 *
1908 * @remarks
1909 * Implementations specify the details about each auth provider's credential requirements.
1910 *
1911 * @public
1912 */
1913export declare class OAuthCredential extends AuthCredential {
1914 /**
1915 * The OAuth ID token associated with the credential if it belongs to an OIDC provider,
1916 * such as `google.com`.
1917 * @readonly
1918 */
1919 idToken?: string;
1920 /**
1921 * The OAuth access token associated with the credential if it belongs to an
1922 * {@link OAuthProvider}, such as `facebook.com`, `twitter.com`, etc.
1923 * @readonly
1924 */
1925 accessToken?: string;
1926 /**
1927 * The OAuth access token secret associated with the credential if it belongs to an OAuth 1.0
1928 * provider, such as `twitter.com`.
1929 * @readonly
1930 */
1931 secret?: string;
1932 private nonce?;
1933 private pendingToken;
1934 /* Excluded from this release type: _fromParams */
1935 /** {@inheritdoc AuthCredential.toJSON} */
1936 toJSON(): object;
1937 /**
1938 * Static method to deserialize a JSON representation of an object into an
1939 * {@link AuthCredential}.
1940 *
1941 * @param json - Input can be either Object or the stringified representation of the object.
1942 * When string is provided, JSON.parse would be called first.
1943 *
1944 * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
1945 */
1946 static fromJSON(json: string | object): OAuthCredential | null;
1947 /* Excluded from this release type: _getIdTokenResponse */
1948 /* Excluded from this release type: _linkToIdToken */
1949 /* Excluded from this release type: _getReauthenticationResolver */
1950 private buildRequest;
1951}
1952
1953/**
1954 * Defines the options for initializing an {@link OAuthCredential}.
1955 *
1956 * @remarks
1957 * For ID tokens with nonce claim, the raw nonce has to also be provided.
1958 *
1959 * @public
1960 */
1961export declare interface OAuthCredentialOptions {
1962 /**
1963 * The OAuth ID token used to initialize the {@link OAuthCredential}.
1964 */
1965 idToken?: string;
1966 /**
1967 * The OAuth access token used to initialize the {@link OAuthCredential}.
1968 */
1969 accessToken?: string;
1970 /**
1971 * The raw nonce associated with the ID token.
1972 *
1973 * @remarks
1974 * It is required when an ID token with a nonce field is provided. The SHA-256 hash of the
1975 * raw nonce must match the nonce field in the ID token.
1976 */
1977 rawNonce?: string;
1978}
1979
1980declare interface OAuthCredentialParams {
1981 idToken?: string | null;
1982 accessToken?: string | null;
1983 oauthToken?: string;
1984 secret?: string;
1985 oauthTokenSecret?: string;
1986 nonce?: string;
1987 pendingToken?: string;
1988 providerId: string;
1989 signInMethod: string;
1990}
1991
1992/**
1993 * Provider for generating generic {@link OAuthCredential}.
1994 *
1995 * @example
1996 * ```javascript
1997 * // Sign in using a redirect.
1998 * const provider = new OAuthProvider('google.com');
1999 * // Start a sign in process for an unauthenticated user.
2000 * provider.addScope('profile');
2001 * provider.addScope('email');
2002 * await signInWithRedirect(auth, provider);
2003 * // This will trigger a full page redirect away from your app
2004 *
2005 * // After returning from the redirect when your app initializes you can obtain the result
2006 * const result = await getRedirectResult(auth);
2007 * if (result) {
2008 * // This is the signed-in user
2009 * const user = result.user;
2010 * // This gives you a OAuth Access Token for the provider.
2011 * const credential = provider.credentialFromResult(auth, result);
2012 * const token = credential.accessToken;
2013 * }
2014 * ```
2015 *
2016 * @example
2017 * ```javascript
2018 * // Sign in using a popup.
2019 * const provider = new OAuthProvider('google.com');
2020 * provider.addScope('profile');
2021 * provider.addScope('email');
2022 * const result = await signInWithPopup(auth, provider);
2023 *
2024 * // The signed-in user info.
2025 * const user = result.user;
2026 * // This gives you a OAuth Access Token for the provider.
2027 * const credential = provider.credentialFromResult(auth, result);
2028 * const token = credential.accessToken;
2029 * ```
2030 * @public
2031 */
2032export declare class OAuthProvider extends BaseOAuthProvider {
2033 /**
2034 * Creates an {@link OAuthCredential} from a JSON string or a plain object.
2035 * @param json - A plain object or a JSON string
2036 */
2037 static credentialFromJSON(json: object | string): OAuthCredential;
2038 /**
2039 * Creates a {@link OAuthCredential} from a generic OAuth provider's access token or ID token.
2040 *
2041 * @remarks
2042 * The raw nonce is required when an ID token with a nonce field is provided. The SHA-256 hash of
2043 * the raw nonce must match the nonce field in the ID token.
2044 *
2045 * @example
2046 * ```javascript
2047 * // `googleUser` from the onsuccess Google Sign In callback.
2048 * // Initialize a generate OAuth provider with a `google.com` providerId.
2049 * const provider = new OAuthProvider('google.com');
2050 * const credential = provider.credential({
2051 * idToken: googleUser.getAuthResponse().id_token,
2052 * });
2053 * const result = await signInWithCredential(credential);
2054 * ```
2055 *
2056 * @param params - Either the options object containing the ID token, access token and raw nonce
2057 * or the ID token string.
2058 */
2059 credential(params: OAuthCredentialOptions): OAuthCredential;
2060 /** An internal credential method that accepts more permissive options */
2061 private _credential;
2062 /**
2063 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
2064 *
2065 * @param userCredential - The user credential.
2066 */
2067 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
2068 /**
2069 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
2070 * thrown during a sign-in, link, or reauthenticate operation.
2071 *
2072 * @param userCredential - The user credential.
2073 */
2074 static credentialFromError(error: FirebaseError): OAuthCredential | null;
2075 private static oauthCredentialFromTaggedObject;
2076}
2077
2078/**
2079 * Adds an observer for changes to the user's sign-in state.
2080 *
2081 * @remarks
2082 * To keep the old behavior, see {@link onIdTokenChanged}.
2083 *
2084 * @param auth - The {@link Auth} instance.
2085 * @param nextOrObserver - callback triggered on change.
2086 * @param error - callback triggered on error.
2087 * @param completed - callback triggered when observer is removed.
2088 *
2089 * @public
2090 */
2091export declare function onAuthStateChanged(auth: Auth, nextOrObserver: NextOrObserver<User>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
2092
2093/**
2094 * Adds an observer for changes to the signed-in user's ID token, which includes sign-in,
2095 * sign-out, and token refresh events.
2096 *
2097 * @param auth - The {@link Auth} instance.
2098 * @param nextOrObserver - callback triggered on change.
2099 * @param error - callback triggered on error.
2100 * @param completed - callback triggered when observer is removed.
2101 *
2102 * @public
2103 */
2104export declare function onIdTokenChanged(auth: Auth, nextOrObserver: NextOrObserver<User>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
2105
2106/**
2107 * Enumeration of supported operation types.
2108 *
2109 * @public
2110 */
2111export declare const OperationType: {
2112 /** Operation involving linking an additional provider to an already signed-in user. */
2113 readonly LINK: "link";
2114 /** Operation involving using a provider to reauthenticate an already signed-in user. */
2115 readonly REAUTHENTICATE: "reauthenticate";
2116 /** Operation involving signing in a user. */
2117 readonly SIGN_IN: "signIn";
2118};
2119
2120/**
2121 * Parses the email action link string and returns an {@link ActionCodeURL} if
2122 * the link is valid, otherwise returns null.
2123 *
2124 * @public
2125 */
2126export declare function parseActionCodeURL(link: string): ActionCodeURL | null;
2127
2128/**
2129 * Interface representing a parsed ID token.
2130 *
2131 * @privateRemarks TODO(avolkovi): consolidate with parsed_token in implementation.
2132 *
2133 * @public
2134 */
2135export declare interface ParsedToken {
2136 /** Expiration time of the token. */
2137 'exp'?: string;
2138 /** UID of the user. */
2139 'sub'?: string;
2140 /** Time at which authentication was performed. */
2141 'auth_time'?: string;
2142 /** Issuance time of the token. */
2143 'iat'?: string;
2144 /** Firebase specific claims, containing the provider(s) used to authenticate the user. */
2145 'firebase'?: {
2146 'sign_in_provider'?: string;
2147 'sign_in_second_factor'?: string;
2148 };
2149 /** Map of any additional custom claims. */
2150 [key: string]: string | object | undefined;
2151}
2152
2153declare type PersistedBlob = Record<string, unknown>;
2154
2155/**
2156 * An interface covering the possible persistence mechanism types.
2157 *
2158 * @public
2159 */
2160export declare interface Persistence {
2161 /**
2162 * Type of Persistence.
2163 * - 'SESSION' is used for temporary persistence such as `sessionStorage`.
2164 * - 'LOCAL' is used for long term persistence such as `localStorage` or `IndexedDB`.
2165 * - 'NONE' is used for in-memory, or no persistence.
2166 */
2167 readonly type: 'SESSION' | 'LOCAL' | 'NONE';
2168}
2169
2170/**
2171 * Represents the credentials returned by {@link PhoneAuthProvider}.
2172 *
2173 * @public
2174 */
2175export declare class PhoneAuthCredential extends AuthCredential {
2176 private readonly params;
2177 private constructor();
2178 /* Excluded from this release type: _fromVerification */
2179 /* Excluded from this release type: _fromTokenResponse */
2180 /* Excluded from this release type: _getIdTokenResponse */
2181 /* Excluded from this release type: _linkToIdToken */
2182 /* Excluded from this release type: _getReauthenticationResolver */
2183 /* Excluded from this release type: _makeVerificationRequest */
2184 /** {@inheritdoc AuthCredential.toJSON} */
2185 toJSON(): object;
2186 /** Generates a phone credential based on a plain object or a JSON string. */
2187 static fromJSON(json: object | string): PhoneAuthCredential | null;
2188}
2189
2190/**
2191 * Provider for generating an {@link PhoneAuthCredential}.
2192 *
2193 * @example
2194 * ```javascript
2195 * // 'recaptcha-container' is the ID of an element in the DOM.
2196 * const applicationVerifier = new RecaptchaVerifier('recaptcha-container');
2197 * const provider = new PhoneAuthProvider(auth);
2198 * const verificationId = await provider.verifyPhoneNumber('+16505550101', applicationVerifier);
2199 * // Obtain the verificationCode from the user.
2200 * const phoneCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
2201 * const userCredential = await signInWithCredential(auth, phoneCredential);
2202 * ```
2203 *
2204 * @public
2205 */
2206export declare class PhoneAuthProvider {
2207 /** Always set to {@link ProviderId}.PHONE. */
2208 static readonly PROVIDER_ID: 'phone';
2209 /** Always set to {@link SignInMethod}.PHONE. */
2210 static readonly PHONE_SIGN_IN_METHOD: 'phone';
2211 /** Always set to {@link ProviderId}.PHONE. */
2212 readonly providerId: "phone";
2213 private readonly auth;
2214 /**
2215 * @param auth - The Firebase {@link Auth} instance in which sign-ins should occur.
2216 *
2217 */
2218 constructor(auth: Auth);
2219 /**
2220 *
2221 * Starts a phone number authentication flow by sending a verification code to the given phone
2222 * number.
2223 *
2224 * @example
2225 * ```javascript
2226 * const provider = new PhoneAuthProvider(auth);
2227 * const verificationId = await provider.verifyPhoneNumber(phoneNumber, applicationVerifier);
2228 * // Obtain verificationCode from the user.
2229 * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
2230 * const userCredential = await signInWithCredential(auth, authCredential);
2231 * ```
2232 *
2233 * @example
2234 * An alternative flow is provided using the `signInWithPhoneNumber` method.
2235 * ```javascript
2236 * const confirmationResult = signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
2237 * // Obtain verificationCode from the user.
2238 * const userCredential = confirmationResult.confirm(verificationCode);
2239 * ```
2240 *
2241 * @param phoneInfoOptions - The user's {@link PhoneInfoOptions}. The phone number should be in
2242 * E.164 format (e.g. +16505550101).
2243 * @param applicationVerifier - For abuse prevention, this method also requires a
2244 * {@link ApplicationVerifier}. This SDK includes a reCAPTCHA-based implementation,
2245 * {@link RecaptchaVerifier}.
2246 *
2247 * @returns A Promise for a verification ID that can be passed to
2248 * {@link PhoneAuthProvider.credential} to identify this flow..
2249 */
2250 verifyPhoneNumber(phoneOptions: PhoneInfoOptions | string, applicationVerifier: ApplicationVerifier): Promise<string>;
2251 /**
2252 * Creates a phone auth credential, given the verification ID from
2253 * {@link PhoneAuthProvider.verifyPhoneNumber} and the code that was sent to the user's
2254 * mobile device.
2255 *
2256 * @example
2257 * ```javascript
2258 * const provider = new PhoneAuthProvider(auth);
2259 * const verificationId = provider.verifyPhoneNumber(phoneNumber, applicationVerifier);
2260 * // Obtain verificationCode from the user.
2261 * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
2262 * const userCredential = signInWithCredential(auth, authCredential);
2263 * ```
2264 *
2265 * @example
2266 * An alternative flow is provided using the `signInWithPhoneNumber` method.
2267 * ```javascript
2268 * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
2269 * // Obtain verificationCode from the user.
2270 * const userCredential = await confirmationResult.confirm(verificationCode);
2271 * ```
2272 *
2273 * @param verificationId - The verification ID returned from {@link PhoneAuthProvider.verifyPhoneNumber}.
2274 * @param verificationCode - The verification code sent to the user's mobile device.
2275 *
2276 * @returns The auth provider credential.
2277 */
2278 static credential(verificationId: string, verificationCode: string): PhoneAuthCredential;
2279 /**
2280 * Generates an {@link AuthCredential} from a {@link UserCredential}.
2281 * @param userCredential - The user credential.
2282 */
2283 static credentialFromResult(userCredential: UserCredential): AuthCredential | null;
2284 /**
2285 * Returns an {@link AuthCredential} when passed an error.
2286 *
2287 * @remarks
2288 *
2289 * This method works for errors like
2290 * `auth/account-exists-with-different-credentials`. This is useful for
2291 * recovering when attempting to set a user's phone number but the number
2292 * in question is already tied to another account. For example, the following
2293 * code tries to update the current user's phone number, and if that
2294 * fails, links the user with the account associated with that number:
2295 *
2296 * ```js
2297 * const provider = new PhoneAuthProvider(auth);
2298 * const verificationId = await provider.verifyPhoneNumber(number, verifier);
2299 * try {
2300 * const code = ''; // Prompt the user for the verification code
2301 * await updatePhoneNumber(
2302 * auth.currentUser,
2303 * PhoneAuthProvider.credential(verificationId, code));
2304 * } catch (e) {
2305 * if (e.code === 'auth/account-exists-with-different-credential') {
2306 * const cred = PhoneAuthProvider.credentialFromError(e);
2307 * await linkWithCredential(auth.currentUser, cred);
2308 * }
2309 * }
2310 *
2311 * // At this point, auth.currentUser.phoneNumber === number.
2312 * ```
2313 *
2314 * @param error - The error to generate a credential from.
2315 */
2316 static credentialFromError(error: FirebaseError): AuthCredential | null;
2317 private static credentialFromTaggedObject;
2318}
2319
2320/**
2321 * The information required to verify the ownership of a phone number.
2322 *
2323 * @remarks
2324 * The information that's required depends on whether you are doing single-factor sign-in,
2325 * multi-factor enrollment or multi-factor sign-in.
2326 *
2327 * @public
2328 */
2329export declare type PhoneInfoOptions = PhoneSingleFactorInfoOptions | PhoneMultiFactorEnrollInfoOptions | PhoneMultiFactorSignInInfoOptions;
2330
2331/**
2332 * An MFA provided by SMS verification
2333 */
2334declare interface PhoneMfaEnrollment extends BaseMfaEnrollment {
2335 phoneInfo: string;
2336}
2337
2338/**
2339 * The class for asserting ownership of a phone second factor. Provided by
2340 * {@link PhoneMultiFactorGenerator.assertion}.
2341 *
2342 * @public
2343 */
2344export declare interface PhoneMultiFactorAssertion extends MultiFactorAssertion {
2345}
2346
2347/**
2348 * Options used for enrolling a second factor.
2349 *
2350 * @public
2351 */
2352export declare interface PhoneMultiFactorEnrollInfoOptions {
2353 /** Phone number to send a verification code to. */
2354 phoneNumber: string;
2355 /** The {@link MultiFactorSession} obtained via {@link MultiFactorUser.getSession}. */
2356 session: MultiFactorSession;
2357}
2358
2359/**
2360 * Provider for generating a {@link PhoneMultiFactorAssertion}.
2361 *
2362 * @public
2363 */
2364export declare class PhoneMultiFactorGenerator {
2365 private constructor();
2366 /**
2367 * Provides a {@link PhoneMultiFactorAssertion} to confirm ownership of the phone second factor.
2368 *
2369 * @param phoneAuthCredential - A credential provided by {@link PhoneAuthProvider.credential}.
2370 * @returns A {@link PhoneMultiFactorAssertion} which can be used with
2371 * {@link MultiFactorResolver.resolveSignIn}
2372 */
2373 static assertion(credential: PhoneAuthCredential): PhoneMultiFactorAssertion;
2374 /**
2375 * The identifier of the phone second factor: `phone`.
2376 */
2377 static FACTOR_ID: string;
2378}
2379
2380/**
2381 * Options used for signing-in with a second factor.
2382 *
2383 * @public
2384 */
2385export declare interface PhoneMultiFactorSignInInfoOptions {
2386 /**
2387 * The {@link MultiFactorInfo} obtained via {@link MultiFactorResolver.hints}.
2388 *
2389 * One of `multiFactorHint` or `multiFactorUid` is required.
2390 */
2391 multiFactorHint?: MultiFactorInfo;
2392 /**
2393 * The uid of the second factor.
2394 *
2395 * One of `multiFactorHint` or `multiFactorUid` is required.
2396 */
2397 multiFactorUid?: string;
2398 /** The {@link MultiFactorSession} obtained via {@link MultiFactorResolver.session}. */
2399 session: MultiFactorSession;
2400}
2401
2402/* Excluded from this release type: PhoneOrOauthTokenResponse */
2403
2404/**
2405 * Options used for single-factor sign-in.
2406 *
2407 * @public
2408 */
2409export declare interface PhoneSingleFactorInfoOptions {
2410 /** Phone number to send a verification code to. */
2411 phoneNumber: string;
2412}
2413
2414/**
2415 * A resolver used for handling DOM specific operations like {@link signInWithPopup}
2416 * or {@link signInWithRedirect}.
2417 *
2418 * @public
2419 */
2420export declare interface PopupRedirectResolver {
2421}
2422
2423/* Excluded from this release type: PopupRedirectResolverInternal */
2424
2425/**
2426 * A minimal error map with all verbose error messages stripped.
2427 *
2428 * See discussion at {@link AuthErrorMap}
2429 *
2430 * @public
2431 */
2432export declare const prodErrorMap: AuthErrorMap;
2433
2434/**
2435 * Enumeration of supported providers.
2436 *
2437 * @public
2438 */
2439export declare const ProviderId: {
2440 /** Facebook provider ID */
2441 readonly FACEBOOK: "facebook.com";
2442 /** GitHub provider ID */
2443 readonly GITHUB: "github.com";
2444 /** Google provider ID */
2445 readonly GOOGLE: "google.com";
2446 /** Password provider */
2447 readonly PASSWORD: "password";
2448 /** Phone provider */
2449 readonly PHONE: "phone";
2450 /** Twitter provider ID */
2451 readonly TWITTER: "twitter.com";
2452};
2453
2454/* Excluded from this release type: ProviderId_2 */
2455
2456declare interface ProviderUserInfo {
2457 providerId: string;
2458 rawId?: string;
2459 email?: string;
2460 displayName?: string;
2461 photoUrl?: string;
2462 phoneNumber?: string;
2463}
2464
2465/**
2466 * Interface for a supplied `AsyncStorage`.
2467 *
2468 * @public
2469 */
2470export declare interface ReactNativeAsyncStorage {
2471 /**
2472 * Persist an item in storage.
2473 *
2474 * @param key - storage key.
2475 * @param value - storage value.
2476 */
2477 setItem(key: string, value: string): Promise<void>;
2478 /**
2479 * Retrieve an item from storage.
2480 *
2481 * @param key - storage key.
2482 */
2483 getItem(key: string): Promise<string | null>;
2484 /**
2485 * Remove an item from storage.
2486 *
2487 * @param key - storage key.
2488 */
2489 removeItem(key: string): Promise<void>;
2490}
2491
2492/**
2493 * Re-authenticates a user using a fresh credential.
2494 *
2495 * @remarks
2496 * Use before operations such as {@link updatePassword} that require tokens from recent sign-in
2497 * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error.
2498 *
2499 * @param user - The user.
2500 * @param credential - The auth credential.
2501 *
2502 * @public
2503 */
2504export declare function reauthenticateWithCredential(user: User, credential: AuthCredential): Promise<UserCredential>;
2505
2506/**
2507 * Re-authenticates a user using a fresh phone credential.
2508 *
2509 * @remarks Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.
2510 *
2511 * @param user - The user.
2512 * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
2513 * @param appVerifier - The {@link ApplicationVerifier}.
2514 *
2515 * @public
2516 */
2517export declare function reauthenticateWithPhoneNumber(user: User, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
2518
2519/**
2520 * Reauthenticates the current user with the specified {@link OAuthProvider} using a pop-up based
2521 * OAuth flow.
2522 *
2523 * @remarks
2524 * If the reauthentication is successful, the returned result will contain the user and the
2525 * provider's credential.
2526 *
2527 * @example
2528 * ```javascript
2529 * // Sign in using a popup.
2530 * const provider = new FacebookAuthProvider();
2531 * const result = await signInWithPopup(auth, provider);
2532 * // Reauthenticate using a popup.
2533 * await reauthenticateWithPopup(result.user, provider);
2534 * ```
2535 *
2536 * @param user - The user.
2537 * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
2538 * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
2539 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
2540 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
2541 *
2542 * @public
2543 */
2544export declare function reauthenticateWithPopup(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<UserCredential>;
2545
2546/**
2547 * Reauthenticates the current user with the specified {@link OAuthProvider} using a full-page redirect flow.
2548 *
2549 * @example
2550 * ```javascript
2551 * // Sign in using a redirect.
2552 * const provider = new FacebookAuthProvider();
2553 * const result = await signInWithRedirect(auth, provider);
2554 * // This will trigger a full page redirect away from your app
2555 *
2556 * // After returning from the redirect when your app initializes you can obtain the result
2557 * const result = await getRedirectResult(auth);
2558 * // Link using a redirect.
2559 * await linkWithRedirect(result.user, provider);
2560 * // This will again trigger a full page redirect away from your app
2561 *
2562 * // After returning from the redirect when your app initializes you can obtain the result
2563 * const result = await getRedirectResult(auth);
2564 * ```
2565 *
2566 * @param user - The user.
2567 * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
2568 * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
2569 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
2570 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
2571 *
2572 * @public
2573 */
2574export declare function reauthenticateWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
2575
2576declare interface Recaptcha {
2577 render: (container: HTMLElement, parameters: RecaptchaParameters) => number;
2578 getResponse: (id: number) => string;
2579 execute: (id: number) => unknown;
2580 reset: (id: number) => unknown;
2581}
2582
2583/* Excluded from this release type: ReCaptchaLoader */
2584
2585/**
2586 * Interface representing reCAPTCHA parameters.
2587 *
2588 * See the [reCAPTCHA docs](https://developers.google.com/recaptcha/docs/display#render_param)
2589 * for the list of accepted parameters. All parameters are accepted except for `sitekey`: Firebase Auth
2590 * provisions a reCAPTCHA for each project and will configure the site key upon rendering.
2591 *
2592 * For an invisible reCAPTCHA, set the `size` key to `invisible`.
2593 *
2594 * @public
2595 */
2596export declare interface RecaptchaParameters {
2597 [key: string]: any;
2598}
2599
2600/**
2601 * An {@link https://www.google.com/recaptcha/ | reCAPTCHA}-based application verifier.
2602 *
2603 * @public
2604 */
2605export declare class RecaptchaVerifier implements ApplicationVerifierInternal {
2606 private readonly parameters;
2607 /**
2608 * The application verifier type.
2609 *
2610 * @remarks
2611 * For a reCAPTCHA verifier, this is 'recaptcha'.
2612 */
2613 readonly type = "recaptcha";
2614 private destroyed;
2615 private widgetId;
2616 private readonly container;
2617 private readonly isInvisible;
2618 private readonly tokenChangeListeners;
2619 private renderPromise;
2620 private readonly auth;
2621 /* Excluded from this release type: _recaptchaLoader */
2622 private recaptcha;
2623 /**
2624 *
2625 * @param containerOrId - The reCAPTCHA container parameter.
2626 *
2627 * @remarks
2628 * This has different meaning depending on whether the reCAPTCHA is hidden or visible. For a
2629 * visible reCAPTCHA the container must be empty. If a string is used, it has to correspond to
2630 * an element ID. The corresponding element must also must be in the DOM at the time of
2631 * initialization.
2632 *
2633 * @param parameters - The optional reCAPTCHA parameters.
2634 *
2635 * @remarks
2636 * Check the reCAPTCHA docs for a comprehensive list. All parameters are accepted except for
2637 * the sitekey. Firebase Auth backend provisions a reCAPTCHA for each project and will
2638 * configure this upon rendering. For an invisible reCAPTCHA, a size key must have the value
2639 * 'invisible'.
2640 *
2641 * @param authExtern - The corresponding Firebase {@link Auth} instance.
2642 *
2643 * @remarks
2644 * If none is provided, the default Firebase {@link Auth} instance is used. A Firebase {@link Auth} instance
2645 * must be initialized with an API key, otherwise an error will be thrown.
2646 */
2647 constructor(containerOrId: HTMLElement | string, parameters: RecaptchaParameters, authExtern: Auth);
2648 /**
2649 * Waits for the user to solve the reCAPTCHA and resolves with the reCAPTCHA token.
2650 *
2651 * @returns A Promise for the reCAPTCHA token.
2652 */
2653 verify(): Promise<string>;
2654 /**
2655 * Renders the reCAPTCHA widget on the page.
2656 *
2657 * @returns A Promise that resolves with the reCAPTCHA widget ID.
2658 */
2659 render(): Promise<number>;
2660 /* Excluded from this release type: _reset */
2661 /**
2662 * Clears the reCAPTCHA widget from the page and destroys the instance.
2663 */
2664 clear(): void;
2665 private validateStartingState;
2666 private makeTokenCallback;
2667 private assertNotDestroyed;
2668 private makeRenderPromise;
2669 private init;
2670 private getAssertedRecaptcha;
2671}
2672
2673/**
2674 * Reloads user account data, if signed in.
2675 *
2676 * @param user - The user.
2677 *
2678 * @public
2679 */
2680export declare function reload(user: User): Promise<void>;
2681
2682/**
2683 * An {@link AuthProvider} for SAML.
2684 *
2685 * @public
2686 */
2687export declare class SAMLAuthProvider extends FederatedAuthProvider {
2688 /**
2689 * Constructor. The providerId must start with "saml."
2690 * @param providerId - SAML provider ID.
2691 */
2692 constructor(providerId: string);
2693 /**
2694 * Generates an {@link AuthCredential} from a {@link UserCredential} after a
2695 * successful SAML flow completes.
2696 *
2697 * @remarks
2698 *
2699 * For example, to get an {@link AuthCredential}, you could write the
2700 * following code:
2701 *
2702 * ```js
2703 * const userCredential = await signInWithPopup(auth, samlProvider);
2704 * const credential = SAMLAuthProvider.credentialFromResult(userCredential);
2705 * ```
2706 *
2707 * @param userCredential - The user credential.
2708 */
2709 static credentialFromResult(userCredential: UserCredential): AuthCredential | null;
2710 /**
2711 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
2712 * thrown during a sign-in, link, or reauthenticate operation.
2713 *
2714 * @param userCredential - The user credential.
2715 */
2716 static credentialFromError(error: FirebaseError): AuthCredential | null;
2717 /**
2718 * Creates an {@link AuthCredential} from a JSON string or a plain object.
2719 * @param json - A plain object or a JSON string
2720 */
2721 static credentialFromJSON(json: string | object): AuthCredential;
2722 private static samlCredentialFromTaggedObject;
2723}
2724
2725/**
2726 * Sends a verification email to a user.
2727 *
2728 * @remarks
2729 * The verification process is completed by calling {@link applyActionCode}.
2730 *
2731 * @example
2732 * ```javascript
2733 * const actionCodeSettings = {
2734 * url: 'https://www.example.com/?email=user@example.com',
2735 * iOS: {
2736 * bundleId: 'com.example.ios'
2737 * },
2738 * android: {
2739 * packageName: 'com.example.android',
2740 * installApp: true,
2741 * minimumVersion: '12'
2742 * },
2743 * handleCodeInApp: true
2744 * };
2745 * await sendEmailVerification(user, actionCodeSettings);
2746 * // Obtain code from the user.
2747 * await applyActionCode(auth, code);
2748 * ```
2749 *
2750 * @param user - The user.
2751 * @param actionCodeSettings - The {@link ActionCodeSettings}.
2752 *
2753 * @public
2754 */
2755export declare function sendEmailVerification(user: User, actionCodeSettings?: ActionCodeSettings | null): Promise<void>;
2756
2757/**
2758 * Sends a password reset email to the given email address.
2759 *
2760 * @remarks
2761 * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
2762 * the email sent to the user, along with the new password specified by the user.
2763 *
2764 * @example
2765 * ```javascript
2766 * const actionCodeSettings = {
2767 * url: 'https://www.example.com/?email=user@example.com',
2768 * iOS: {
2769 * bundleId: 'com.example.ios'
2770 * },
2771 * android: {
2772 * packageName: 'com.example.android',
2773 * installApp: true,
2774 * minimumVersion: '12'
2775 * },
2776 * handleCodeInApp: true
2777 * };
2778 * await sendPasswordResetEmail(auth, 'user@example.com', actionCodeSettings);
2779 * // Obtain code from user.
2780 * await confirmPasswordReset('user@example.com', code);
2781 * ```
2782 *
2783 * @param auth - The {@link Auth} instance.
2784 * @param email - The user's email address.
2785 * @param actionCodeSettings - The {@link ActionCodeSettings}.
2786 *
2787 * @public
2788 */
2789export declare function sendPasswordResetEmail(auth: Auth, email: string, actionCodeSettings?: ActionCodeSettings): Promise<void>;
2790
2791/**
2792 * Sends a sign-in email link to the user with the specified email.
2793 *
2794 * @remarks
2795 * The sign-in operation has to always be completed in the app unlike other out of band email
2796 * actions (password reset and email verifications). This is because, at the end of the flow,
2797 * the user is expected to be signed in and their Auth state persisted within the app.
2798 *
2799 * To complete sign in with the email link, call {@link signInWithEmailLink} with the email
2800 * address and the email link supplied in the email sent to the user.
2801 *
2802 * @example
2803 * ```javascript
2804 * const actionCodeSettings = {
2805 * url: 'https://www.example.com/?email=user@example.com',
2806 * iOS: {
2807 * bundleId: 'com.example.ios'
2808 * },
2809 * android: {
2810 * packageName: 'com.example.android',
2811 * installApp: true,
2812 * minimumVersion: '12'
2813 * },
2814 * handleCodeInApp: true
2815 * };
2816 * await sendSignInLinkToEmail(auth, 'user@example.com', actionCodeSettings);
2817 * // Obtain emailLink from the user.
2818 * if(isSignInWithEmailLink(auth, emailLink)) {
2819 * await signInWithEmailLink('user@example.com', 'user@example.com', emailLink);
2820 * }
2821 * ```
2822 *
2823 * @param authInternal - The {@link Auth} instance.
2824 * @param email - The user's email address.
2825 * @param actionCodeSettings - The {@link ActionCodeSettings}.
2826 *
2827 * @public
2828 */
2829export declare function sendSignInLinkToEmail(auth: Auth, email: string, actionCodeSettings: ActionCodeSettings): Promise<void>;
2830
2831/**
2832 * Changes the type of persistence on the {@link Auth} instance for the currently saved
2833 * `Auth` session and applies this type of persistence for future sign-in requests, including
2834 * sign-in with redirect requests.
2835 *
2836 * @remarks
2837 * This makes it easy for a user signing in to specify whether their session should be
2838 * remembered or not. It also makes it easier to never persist the `Auth` state for applications
2839 * that are shared by other users or have sensitive data.
2840 *
2841 * @example
2842 * ```javascript
2843 * setPersistence(auth, browserSessionPersistence);
2844 * ```
2845 *
2846 * @param auth - The {@link Auth} instance.
2847 * @param persistence - The {@link Persistence} to use.
2848 * @returns A `Promise` that resolves once the persistence change has completed
2849 *
2850 * @public
2851 */
2852export declare function setPersistence(auth: Auth, persistence: Persistence): Promise<void>;
2853
2854/**
2855 * Asynchronously signs in as an anonymous user.
2856 *
2857 * @remarks
2858 * If there is already an anonymous user signed in, that user will be returned; otherwise, a
2859 * new anonymous user identity will be created and returned.
2860 *
2861 * @param auth - The {@link Auth} instance.
2862 *
2863 * @public
2864 */
2865export declare function signInAnonymously(auth: Auth): Promise<UserCredential>;
2866
2867/**
2868 * Enumeration of supported sign-in methods.
2869 *
2870 * @public
2871 */
2872export declare const SignInMethod: {
2873 /** Email link sign in method */
2874 readonly EMAIL_LINK: "emailLink";
2875 /** Email/password sign in method