UNPKG

123 kBTypeScriptView Raw
1/**
2 * Firebase Authentication
3 *
4 * @packageDocumentation
5 */
6
7import { CompleteFn } from '@firebase/util';
8import { ErrorFactory } from '@firebase/util';
9import { ErrorFn } from '@firebase/util';
10import { FirebaseApp } from '@firebase/app';
11import { FirebaseError } from '@firebase/util';
12import { NextFn } from '@firebase/util';
13import { Observer } from '@firebase/util';
14import { Unsubscribe } from '@firebase/util';
15
16/**
17 * A response from {@link checkActionCode}.
18 *
19 * @public
20 */
21export declare interface ActionCodeInfo {
22 /**
23 * The data associated with the action code.
24 *
25 * @remarks
26 * For the {@link ActionCodeOperation}.PASSWORD_RESET, {@link ActionCodeOperation}.VERIFY_EMAIL, and
27 * {@link ActionCodeOperation}.RECOVER_EMAIL actions, this object contains an email field with the address
28 * the email was sent to.
29 *
30 * For the {@link ActionCodeOperation}.RECOVER_EMAIL action, which allows a user to undo an email address
31 * change, this object also contains a `previousEmail` field with the user account's current
32 * email address. After the action completes, the user's email address will revert to the value
33 * in the `email` field from the value in `previousEmail` field.
34 *
35 * For the {@link ActionCodeOperation}.VERIFY_AND_CHANGE_EMAIL action, which allows a user to verify the
36 * email before updating it, this object contains a `previousEmail` field with the user account's
37 * email address before updating. After the action completes, the user's email address will be
38 * updated to the value in the `email` field from the value in `previousEmail` field.
39 *
40 * For the {@link ActionCodeOperation}.REVERT_SECOND_FACTOR_ADDITION action, which allows a user to
41 * unenroll a newly added second factor, this object contains a `multiFactorInfo` field with
42 * the information about the second factor. For phone second factor, the `multiFactorInfo`
43 * is a {@link MultiFactorInfo} object, which contains the phone number.
44 */
45 data: {
46 email?: string | null;
47 multiFactorInfo?: MultiFactorInfo | null;
48 previousEmail?: string | null;
49 };
50 /**
51 * The type of operation that generated the action code.
52 */
53 operation: typeof ActionCodeOperation[keyof typeof ActionCodeOperation];
54}
55
56/**
57 * An enumeration of the possible email action types.
58 *
59 * @public
60 */
61export declare const ActionCodeOperation: {
62 /** The email link sign-in action. */
63 readonly EMAIL_SIGNIN: "EMAIL_SIGNIN";
64 /** The password reset action. */
65 readonly PASSWORD_RESET: "PASSWORD_RESET";
66 /** The email revocation action. */
67 readonly RECOVER_EMAIL: "RECOVER_EMAIL";
68 /** The revert second factor addition email action. */
69 readonly REVERT_SECOND_FACTOR_ADDITION: "REVERT_SECOND_FACTOR_ADDITION";
70 /** The revert second factor addition email action. */
71 readonly VERIFY_AND_CHANGE_EMAIL: "VERIFY_AND_CHANGE_EMAIL";
72 /** The email verification action. */
73 readonly VERIFY_EMAIL: "VERIFY_EMAIL";
74};
75
76/**
77 * An interface that defines the required continue/state URL with optional Android and iOS
78 * bundle identifiers.
79 *
80 * @public
81 */
82export declare interface ActionCodeSettings {
83 /**
84 * Sets the Android package name.
85 *
86 * @remarks
87 * This will try to open the link in an android app if it is
88 * installed. If `installApp` is passed, it specifies whether to install the Android app if the
89 * device supports it and the app is not already installed. If this field is provided without
90 * a `packageName`, an error is thrown explaining that the `packageName` must be provided in
91 * conjunction with this field. If `minimumVersion` is specified, and an older version of the
92 * app is installed, the user is taken to the Play Store to upgrade the app.
93 */
94 android?: {
95 installApp?: boolean;
96 minimumVersion?: string;
97 packageName: string;
98 };
99 /**
100 * When set to true, the action code link will be be sent as a Universal Link or Android App
101 * Link and will be opened by the app if installed.
102 *
103 * @remarks
104 * In the false case, the code will be sent to the web widget first and then on continue will
105 * redirect to the app if installed.
106 *
107 * @defaultValue false
108 */
109 handleCodeInApp?: boolean;
110 /**
111 * Sets the iOS bundle ID.
112 *
113 * @remarks
114 * This will try to open the link in an iOS app if it is installed.
115 *
116 * App installation is not supported for iOS.
117 */
118 iOS?: {
119 bundleId: string;
120 };
121 /**
122 * Sets the link continue/state URL.
123 *
124 * @remarks
125 * This has different meanings in different contexts:
126 * - When the link is handled in the web action widgets, this is the deep link in the
127 * `continueUrl` query parameter.
128 * - When the link is handled in the app directly, this is the `continueUrl` query parameter in
129 * the deep link of the Dynamic Link.
130 */
131 url: string;
132 /**
133 * When multiple custom dynamic link domains are defined for a project, specify which one to use
134 * when the link is to be opened via a specified mobile app (for example, `example.page.link`).
135 *
136 *
137 * @defaultValue The first domain is automatically selected.
138 */
139 dynamicLinkDomain?: string;
140}
141
142/**
143 * @license
144 * Copyright 2020 Google LLC
145 *
146 * Licensed under the Apache License, Version 2.0 (the "License");
147 * you may not use this file except in compliance with the License.
148 * You may obtain a copy of the License at
149 *
150 * http://www.apache.org/licenses/LICENSE-2.0
151 *
152 * Unless required by applicable law or agreed to in writing, software
153 * distributed under the License is distributed on an "AS IS" BASIS,
154 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
155 * See the License for the specific language governing permissions and
156 * limitations under the License.
157 */
158/**
159 * A utility class to parse email action URLs such as password reset, email verification,
160 * email link sign in, etc.
161 *
162 * @public
163 */
164export declare class ActionCodeURL {
165 /**
166 * The API key of the email action link.
167 */
168 readonly apiKey: string;
169 /**
170 * The action code of the email action link.
171 */
172 readonly code: string;
173 /**
174 * The continue URL of the email action link. Null if not provided.
175 */
176 readonly continueUrl: string | null;
177 /**
178 * The language code of the email action link. Null if not provided.
179 */
180 readonly languageCode: string | null;
181 /**
182 * The action performed by the email action link. It returns from one of the types from
183 * {@link ActionCodeInfo}
184 */
185 readonly operation: string;
186 /**
187 * The tenant ID of the email action link. Null if the email action is from the parent project.
188 */
189 readonly tenantId: string | null;
190 /* Excluded from this release type: __constructor */
191 /**
192 * Parses the email action link string and returns an {@link ActionCodeURL} if the link is valid,
193 * otherwise returns null.
194 *
195 * @param link - The email action link string.
196 * @returns The {@link ActionCodeURL} object, or null if the link is invalid.
197 *
198 * @public
199 */
200 static parseLink(link: string): ActionCodeURL | null;
201}
202
203/**
204 * A structure containing additional user information from a federated identity provider.
205 *
206 * @public
207 */
208export declare interface AdditionalUserInfo {
209 /**
210 * Whether the user is new (created via sign-up) or existing (authenticated using sign-in).
211 */
212 readonly isNewUser: boolean;
213 /**
214 * Map containing IDP-specific user data.
215 */
216 readonly profile: Record<string, unknown> | null;
217 /**
218 * Identifier for the provider used to authenticate this user.
219 */
220 readonly providerId: string | null;
221 /**
222 * The username if the provider is GitHub or Twitter.
223 */
224 readonly username?: string | null;
225}
226
227declare interface APIUserInfo {
228 localId?: string;
229 displayName?: string;
230 photoUrl?: string;
231 email?: string;
232 emailVerified?: boolean;
233 phoneNumber?: string;
234 lastLoginAt?: number;
235 createdAt?: number;
236 tenantId?: string;
237 passwordHash?: string;
238 providerUserInfo?: ProviderUserInfo[];
239 mfaInfo?: MfaEnrollment[];
240}
241
242/**
243 * A verifier for domain verification and abuse prevention.
244 *
245 * @remarks
246 * Currently, the only implementation is {@link RecaptchaVerifier}.
247 *
248 * @public
249 */
250export declare interface ApplicationVerifier {
251 /**
252 * Identifies the type of application verifier (e.g. "recaptcha").
253 */
254 readonly type: string;
255 /**
256 * Executes the verification process.
257 *
258 * @returns A Promise for a token that can be used to assert the validity of a request.
259 */
260 verify(): Promise<string>;
261}
262
263declare interface ApplicationVerifierInternal extends ApplicationVerifier {
264 /* Excluded from this release type: _reset */
265}
266
267/**
268 * Applies a verification code sent to the user by email or other out-of-band mechanism.
269 *
270 * @param auth - The {@link Auth} instance.
271 * @param oobCode - A verification code sent to the user.
272 *
273 * @public
274 */
275export declare function applyActionCode(auth: Auth, oobCode: string): Promise<void>;
276
277declare type AppName = string;
278
279/**
280 * Interface representing Firebase Auth service.
281 *
282 * @remarks
283 * See {@link https://firebase.google.com/docs/auth/ | Firebase Authentication} for a full guide
284 * on how to use the Firebase Auth service.
285 *
286 * @public
287 */
288export declare interface Auth {
289 /** The {@link @firebase/app#FirebaseApp} associated with the `Auth` service instance. */
290 readonly app: FirebaseApp;
291 /** The name of the app associated with the `Auth` service instance. */
292 readonly name: string;
293 /** The {@link Config} used to initialize this instance. */
294 readonly config: Config;
295 /**
296 * Changes the type of persistence on the `Auth` instance.
297 *
298 * @remarks
299 * This will affect the currently saved Auth session and applies this type of persistence for
300 * future sign-in requests, including sign-in with redirect requests.
301 *
302 * This makes it easy for a user signing in to specify whether their session should be
303 * remembered or not. It also makes it easier to never persist the Auth state for applications
304 * that are shared by other users or have sensitive data.
305 *
306 * @example
307 * ```javascript
308 * auth.setPersistence(browserSessionPersistence);
309 * ```
310 *
311 * @param persistence - The {@link Persistence} to use.
312 */
313 setPersistence(persistence: Persistence): Promise<void>;
314 /**
315 * The {@link Auth} instance's language code.
316 *
317 * @remarks
318 * This is a readable/writable property. When set to null, the default Firebase Console language
319 * setting is applied. The language code will propagate to email action templates (password
320 * reset, email verification and email change revocation), SMS templates for phone authentication,
321 * reCAPTCHA verifier and OAuth popup/redirect operations provided the specified providers support
322 * localization with the language code specified.
323 */
324 languageCode: string | null;
325 /**
326 * The {@link Auth} instance's tenant ID.
327 *
328 * @remarks
329 * This is a readable/writable property. When you set the tenant ID of an {@link Auth} instance, all
330 * future sign-in/sign-up operations will pass this tenant ID and sign in or sign up users to
331 * the specified tenant project. When set to null, users are signed in to the parent project.
332 *
333 * @example
334 * ```javascript
335 * // Set the tenant ID on Auth instance.
336 * auth.tenantId = 'TENANT_PROJECT_ID';
337 *
338 * // All future sign-in request now include tenant ID.
339 * const result = await signInWithEmailAndPassword(auth, email, password);
340 * // result.user.tenantId should be 'TENANT_PROJECT_ID'.
341 * ```
342 *
343 * @defaultValue null
344 */
345 tenantId: string | null;
346 /**
347 * The {@link Auth} instance's settings.
348 *
349 * @remarks
350 * This is used to edit/read configuration related options such as app verification mode for
351 * phone authentication.
352 */
353 readonly settings: AuthSettings;
354 /**
355 * Adds an observer for changes to the user's sign-in state.
356 *
357 * @remarks
358 * To keep the old behavior, see {@link Auth.onIdTokenChanged}.
359 *
360 * @param nextOrObserver - callback triggered on change.
361 * @param error - callback triggered on error.
362 * @param completed - callback triggered when observer is removed.
363 */
364 onAuthStateChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
365 /**
366 * Adds a blocking callback that runs before an auth state change
367 * sets a new user.
368 *
369 * @param callback - callback triggered before new user value is set.
370 * If this throws, it blocks the user from being set.
371 * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
372 * callback throws, allowing you to undo any side effects.
373 */
374 beforeAuthStateChanged(callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
375 /**
376 * Adds an observer for changes to the signed-in user's ID token.
377 *
378 * @remarks
379 * This includes sign-in, sign-out, and token refresh events.
380 *
381 * @param nextOrObserver - callback triggered on change.
382 * @param error - callback triggered on error.
383 * @param completed - callback triggered when observer is removed.
384 */
385 onIdTokenChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
386 /** The currently signed-in user (or null). */
387 readonly currentUser: User | null;
388 /** The current emulator configuration (or null). */
389 readonly emulatorConfig: EmulatorConfig | null;
390 /**
391 * Asynchronously sets the provided user as {@link Auth.currentUser} on the {@link Auth} instance.
392 *
393 * @remarks
394 * A new instance copy of the user provided will be made and set as currentUser.
395 *
396 * This will trigger {@link Auth.onAuthStateChanged} and {@link Auth.onIdTokenChanged} listeners
397 * like other sign in methods.
398 *
399 * The operation fails with an error if the user to be updated belongs to a different Firebase
400 * project.
401 *
402 * @param user - The new {@link User}.
403 */
404 updateCurrentUser(user: User | null): Promise<void>;
405 /**
406 * Sets the current language to the default device/browser preference.
407 */
408 useDeviceLanguage(): void;
409 /**
410 * Signs out the current user.
411 */
412 signOut(): Promise<void>;
413}
414
415/**
416 * Interface that represents the credentials returned by an {@link AuthProvider}.
417 *
418 * @remarks
419 * Implementations specify the details about each auth provider's credential requirements.
420 *
421 * @public
422 */
423export declare class AuthCredential {
424 /**
425 * The authentication provider ID for the credential.
426 *
427 * @remarks
428 * For example, 'facebook.com', or 'google.com'.
429 */
430 readonly providerId: string;
431 /**
432 * The authentication sign in method for the credential.
433 *
434 * @remarks
435 * For example, {@link SignInMethod}.EMAIL_PASSWORD, or
436 * {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method
437 * identifier as returned in {@link fetchSignInMethodsForEmail}.
438 */
439 readonly signInMethod: string;
440 /* Excluded from this release type: __constructor */
441 /**
442 * Returns a JSON-serializable representation of this object.
443 *
444 * @returns a JSON-serializable representation of this object.
445 */
446 toJSON(): object;
447 /* Excluded from this release type: _getIdTokenResponse */
448 /* Excluded from this release type: _linkToIdToken */
449 /* Excluded from this release type: _getReauthenticationResolver */
450}
451
452/**
453 * Interface for an `Auth` error.
454 *
455 * @public
456 */
457export declare interface AuthError extends FirebaseError {
458 /** Details about the Firebase Auth error. */
459 readonly customData: {
460 /** The name of the Firebase App which triggered this error. */
461 readonly appName: string;
462 /** The email address of the user's account, used for sign-in and linking. */
463 readonly email?: string;
464 /** The phone number of the user's account, used for sign-in and linking. */
465 readonly phoneNumber?: string;
466 /**
467 * The tenant ID being used for sign-in and linking.
468 *
469 * @remarks
470 * If you use {@link signInWithRedirect} to sign in,
471 * you have to set the tenant ID on the {@link Auth} instance again as the tenant ID is not persisted
472 * after redirection.
473 */
474 readonly tenantId?: string;
475 };
476}
477
478/* Excluded from this release type: AuthErrorCode */
479
480/**
481 * A map of potential `Auth` error codes, for easier comparison with errors
482 * thrown by the SDK.
483 *
484 * @remarks
485 * Note that you can't tree-shake individual keys
486 * in the map, so by using the map you might substantially increase your
487 * bundle size.
488 *
489 * @public
490 */
491export declare const AuthErrorCodes: {
492 readonly ADMIN_ONLY_OPERATION: "auth/admin-restricted-operation";
493 readonly ARGUMENT_ERROR: "auth/argument-error";
494 readonly APP_NOT_AUTHORIZED: "auth/app-not-authorized";
495 readonly APP_NOT_INSTALLED: "auth/app-not-installed";
496 readonly CAPTCHA_CHECK_FAILED: "auth/captcha-check-failed";
497 readonly CODE_EXPIRED: "auth/code-expired";
498 readonly CORDOVA_NOT_READY: "auth/cordova-not-ready";
499 readonly CORS_UNSUPPORTED: "auth/cors-unsupported";
500 readonly CREDENTIAL_ALREADY_IN_USE: "auth/credential-already-in-use";
501 readonly CREDENTIAL_MISMATCH: "auth/custom-token-mismatch";
502 readonly CREDENTIAL_TOO_OLD_LOGIN_AGAIN: "auth/requires-recent-login";
503 readonly DEPENDENT_SDK_INIT_BEFORE_AUTH: "auth/dependent-sdk-initialized-before-auth";
504 readonly DYNAMIC_LINK_NOT_ACTIVATED: "auth/dynamic-link-not-activated";
505 readonly EMAIL_CHANGE_NEEDS_VERIFICATION: "auth/email-change-needs-verification";
506 readonly EMAIL_EXISTS: "auth/email-already-in-use";
507 readonly EMULATOR_CONFIG_FAILED: "auth/emulator-config-failed";
508 readonly EXPIRED_OOB_CODE: "auth/expired-action-code";
509 readonly EXPIRED_POPUP_REQUEST: "auth/cancelled-popup-request";
510 readonly INTERNAL_ERROR: "auth/internal-error";
511 readonly INVALID_API_KEY: "auth/invalid-api-key";
512 readonly INVALID_APP_CREDENTIAL: "auth/invalid-app-credential";
513 readonly INVALID_APP_ID: "auth/invalid-app-id";
514 readonly INVALID_AUTH: "auth/invalid-user-token";
515 readonly INVALID_AUTH_EVENT: "auth/invalid-auth-event";
516 readonly INVALID_CERT_HASH: "auth/invalid-cert-hash";
517 readonly INVALID_CODE: "auth/invalid-verification-code";
518 readonly INVALID_CONTINUE_URI: "auth/invalid-continue-uri";
519 readonly INVALID_CORDOVA_CONFIGURATION: "auth/invalid-cordova-configuration";
520 readonly INVALID_CUSTOM_TOKEN: "auth/invalid-custom-token";
521 readonly INVALID_DYNAMIC_LINK_DOMAIN: "auth/invalid-dynamic-link-domain";
522 readonly INVALID_EMAIL: "auth/invalid-email";
523 readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
524 readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
525 readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
526 readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
527 readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
528 readonly INVALID_OAUTH_PROVIDER: "auth/invalid-oauth-provider";
529 readonly INVALID_OOB_CODE: "auth/invalid-action-code";
530 readonly INVALID_ORIGIN: "auth/unauthorized-domain";
531 readonly INVALID_PASSWORD: "auth/wrong-password";
532 readonly INVALID_PERSISTENCE: "auth/invalid-persistence-type";
533 readonly INVALID_PHONE_NUMBER: "auth/invalid-phone-number";
534 readonly INVALID_PROVIDER_ID: "auth/invalid-provider-id";
535 readonly INVALID_RECIPIENT_EMAIL: "auth/invalid-recipient-email";
536 readonly INVALID_SENDER: "auth/invalid-sender";
537 readonly INVALID_SESSION_INFO: "auth/invalid-verification-id";
538 readonly INVALID_TENANT_ID: "auth/invalid-tenant-id";
539 readonly MFA_INFO_NOT_FOUND: "auth/multi-factor-info-not-found";
540 readonly MFA_REQUIRED: "auth/multi-factor-auth-required";
541 readonly MISSING_ANDROID_PACKAGE_NAME: "auth/missing-android-pkg-name";
542 readonly MISSING_APP_CREDENTIAL: "auth/missing-app-credential";
543 readonly MISSING_AUTH_DOMAIN: "auth/auth-domain-config-required";
544 readonly MISSING_CODE: "auth/missing-verification-code";
545 readonly MISSING_CONTINUE_URI: "auth/missing-continue-uri";
546 readonly MISSING_IFRAME_START: "auth/missing-iframe-start";
547 readonly MISSING_IOS_BUNDLE_ID: "auth/missing-ios-bundle-id";
548 readonly MISSING_OR_INVALID_NONCE: "auth/missing-or-invalid-nonce";
549 readonly MISSING_MFA_INFO: "auth/missing-multi-factor-info";
550 readonly MISSING_MFA_SESSION: "auth/missing-multi-factor-session";
551 readonly MISSING_PHONE_NUMBER: "auth/missing-phone-number";
552 readonly MISSING_SESSION_INFO: "auth/missing-verification-id";
553 readonly MODULE_DESTROYED: "auth/app-deleted";
554 readonly NEED_CONFIRMATION: "auth/account-exists-with-different-credential";
555 readonly NETWORK_REQUEST_FAILED: "auth/network-request-failed";
556 readonly NULL_USER: "auth/null-user";
557 readonly NO_AUTH_EVENT: "auth/no-auth-event";
558 readonly NO_SUCH_PROVIDER: "auth/no-such-provider";
559 readonly OPERATION_NOT_ALLOWED: "auth/operation-not-allowed";
560 readonly OPERATION_NOT_SUPPORTED: "auth/operation-not-supported-in-this-environment";
561 readonly POPUP_BLOCKED: "auth/popup-blocked";
562 readonly POPUP_CLOSED_BY_USER: "auth/popup-closed-by-user";
563 readonly PROVIDER_ALREADY_LINKED: "auth/provider-already-linked";
564 readonly QUOTA_EXCEEDED: "auth/quota-exceeded";
565 readonly REDIRECT_CANCELLED_BY_USER: "auth/redirect-cancelled-by-user";
566 readonly REDIRECT_OPERATION_PENDING: "auth/redirect-operation-pending";
567 readonly REJECTED_CREDENTIAL: "auth/rejected-credential";
568 readonly SECOND_FACTOR_ALREADY_ENROLLED: "auth/second-factor-already-in-use";
569 readonly SECOND_FACTOR_LIMIT_EXCEEDED: "auth/maximum-second-factor-count-exceeded";
570 readonly TENANT_ID_MISMATCH: "auth/tenant-id-mismatch";
571 readonly TIMEOUT: "auth/timeout";
572 readonly TOKEN_EXPIRED: "auth/user-token-expired";
573 readonly TOO_MANY_ATTEMPTS_TRY_LATER: "auth/too-many-requests";
574 readonly UNAUTHORIZED_DOMAIN: "auth/unauthorized-continue-uri";
575 readonly UNSUPPORTED_FIRST_FACTOR: "auth/unsupported-first-factor";
576 readonly UNSUPPORTED_PERSISTENCE: "auth/unsupported-persistence-type";
577 readonly UNSUPPORTED_TENANT_OPERATION: "auth/unsupported-tenant-operation";
578 readonly UNVERIFIED_EMAIL: "auth/unverified-email";
579 readonly USER_CANCELLED: "auth/user-cancelled";
580 readonly USER_DELETED: "auth/user-not-found";
581 readonly USER_DISABLED: "auth/user-disabled";
582 readonly USER_MISMATCH: "auth/user-mismatch";
583 readonly USER_SIGNED_OUT: "auth/user-signed-out";
584 readonly WEAK_PASSWORD: "auth/weak-password";
585 readonly WEB_STORAGE_UNSUPPORTED: "auth/web-storage-unsupported";
586 readonly ALREADY_INITIALIZED: "auth/already-initialized";
587};
588
589/**
590 * A mapping of error codes to error messages.
591 *
592 * @remarks
593 *
594 * While error messages are useful for debugging (providing verbose textual
595 * context around what went wrong), these strings take up a lot of space in the
596 * compiled code. When deploying code in production, using {@link prodErrorMap}
597 * will save you roughly 10k compressed/gzipped over {@link debugErrorMap}. You
598 * can select the error map during initialization:
599 *
600 * ```javascript
601 * initializeAuth(app, {errorMap: debugErrorMap})
602 * ```
603 *
604 * When initializing Auth, {@link prodErrorMap} is default.
605 *
606 * @public
607 */
608export declare interface AuthErrorMap {
609}
610
611/* Excluded from this release type: AuthErrorParams */
612
613/* Excluded from this release type: AuthEvent */
614
615/* Excluded from this release type: AuthEventConsumer */
616
617declare interface AuthEventError extends Error {
618 code: string;
619 message: string;
620}
621
622/* Excluded from this release type: AuthEventType */
623
624/* Excluded from this release type: AuthInternal */
625
626declare class AuthPopup {
627 readonly window: Window | null;
628 associatedEvent: string | null;
629 constructor(window: Window | null);
630 close(): void;
631}
632
633/**
634 * Interface that represents an auth provider, used to facilitate creating {@link AuthCredential}.
635 *
636 * @public
637 */
638export declare interface AuthProvider {
639 /**
640 * Provider for which credentials can be constructed.
641 */
642 readonly providerId: string;
643}
644
645/**
646 * Interface representing an {@link Auth} instance's settings.
647 *
648 * @remarks Currently used for enabling/disabling app verification for phone Auth testing.
649 *
650 * @public
651 */
652export declare interface AuthSettings {
653 /**
654 * When set, this property disables app verification for the purpose of testing phone
655 * authentication. For this property to take effect, it needs to be set before rendering a
656 * reCAPTCHA app verifier. When this is disabled, a mock reCAPTCHA is rendered instead. This is
657 * useful for manual testing during development or for automated integration tests.
658 *
659 * In order to use this feature, you will need to
660 * {@link https://firebase.google.com/docs/auth/web/phone-auth#test-with-whitelisted-phone-numbers | whitelist your phone number}
661 * via the Firebase Console.
662 *
663 * The default value is false (app verification is enabled).
664 */
665 appVerificationDisabledForTesting: boolean;
666}
667
668/**
669 * MFA Info as returned by the API
670 */
671declare interface BaseMfaEnrollment {
672 mfaEnrollmentId: string;
673 enrolledAt: number;
674 displayName?: string;
675}
676
677/**
678 * Common code to all OAuth providers. This is separate from the
679 * {@link OAuthProvider} so that child providers (like
680 * {@link GoogleAuthProvider}) don't inherit the `credential` instance method.
681 * Instead, they rely on a static `credential` method.
682 */
683declare abstract class BaseOAuthProvider extends FederatedAuthProvider implements AuthProvider {
684 /* Excluded from this release type: scopes */
685 /**
686 * Add an OAuth scope to the credential.
687 *
688 * @param scope - Provider OAuth scope to add.
689 */
690 addScope(scope: string): AuthProvider;
691 /**
692 * Retrieve the current list of OAuth scopes.
693 */
694 getScopes(): string[];
695}
696
697/**
698 * Adds a blocking callback that runs before an auth state change
699 * sets a new user.
700 *
701 * @param auth - The {@link Auth} instance.
702 * @param callback - callback triggered before new user value is set.
703 * If this throws, it blocks the user from being set.
704 * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
705 * callback throws, allowing you to undo any side effects.
706 */
707export declare function beforeAuthStateChanged(auth: Auth, callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
708
709/**
710 * An implementation of {@link Persistence} of type `LOCAL` using `localStorage`
711 * for the underlying storage.
712 *
713 * @public
714 */
715export declare const browserLocalPersistence: Persistence;
716
717/**
718 * An implementation of {@link PopupRedirectResolver} suitable for browser
719 * based applications.
720 *
721 * @public
722 */
723export declare const browserPopupRedirectResolver: PopupRedirectResolver;
724
725/**
726 * An implementation of {@link Persistence} of `SESSION` using `sessionStorage`
727 * for the underlying storage.
728 *
729 * @public
730 */
731export declare const browserSessionPersistence: Persistence;
732
733/**
734 * Checks a verification code sent to the user by email or other out-of-band mechanism.
735 *
736 * @returns metadata about the code.
737 *
738 * @param auth - The {@link Auth} instance.
739 * @param oobCode - A verification code sent to the user.
740 *
741 * @public
742 */
743export declare function checkActionCode(auth: Auth, oobCode: string): Promise<ActionCodeInfo>;
744
745/* Excluded from this release type: ClientPlatform */
746export { CompleteFn }
747
748/**
749 * Interface representing the `Auth` config.
750 *
751 * @public
752 */
753export declare interface Config {
754 /**
755 * The API Key used to communicate with the Firebase Auth backend.
756 */
757 apiKey: string;
758 /**
759 * The host at which the Firebase Auth backend is running.
760 */
761 apiHost: string;
762 /**
763 * The scheme used to communicate with the Firebase Auth backend.
764 */
765 apiScheme: string;
766 /**
767 * The host at which the Secure Token API is running.
768 */
769 tokenApiHost: string;
770 /**
771 * The SDK Client Version.
772 */
773 sdkClientVersion: string;
774 /**
775 * The domain at which the web widgets are hosted (provided via Firebase Config).
776 */
777 authDomain?: string;
778}
779
780/* Excluded from this release type: ConfigInternal */
781
782/**
783 * A result from a phone number sign-in, link, or reauthenticate call.
784 *
785 * @public
786 */
787export declare interface ConfirmationResult {
788 /**
789 * The phone number authentication operation's verification ID.
790 *
791 * @remarks
792 * This can be used along with the verification code to initialize a
793 * {@link PhoneAuthCredential}.
794 */
795 readonly verificationId: string;
796 /**
797 * Finishes a phone number sign-in, link, or reauthentication.
798 *
799 * @example
800 * ```javascript
801 * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
802 * // Obtain verificationCode from the user.
803 * const userCredential = await confirmationResult.confirm(verificationCode);
804 * ```
805 *
806 * @param verificationCode - The code that was sent to the user's mobile device.
807 */
808 confirm(verificationCode: string): Promise<UserCredential>;
809}
810
811/**
812 * Completes the password reset process, given a confirmation code and new password.
813 *
814 * @param auth - The {@link Auth} instance.
815 * @param oobCode - A confirmation code sent to the user.
816 * @param newPassword - The new password.
817 *
818 * @public
819 */
820export declare function confirmPasswordReset(auth: Auth, oobCode: string, newPassword: string): Promise<void>;
821
822/**
823 * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
824 * Firebase Auth services.
825 *
826 * @remarks
827 * This must be called synchronously immediately following the first call to
828 * {@link initializeAuth}. Do not use with production credentials as emulator
829 * traffic is not encrypted.
830 *
831 *
832 * @example
833 * ```javascript
834 * connectAuthEmulator(auth, 'http://127.0.0.1:9099', { disableWarnings: true });
835 * ```
836 *
837 * @param auth - The {@link Auth} instance.
838 * @param url - The URL at which the emulator is running (eg, 'http://localhost:9099').
839 * @param options - Optional. `options.disableWarnings` defaults to `false`. Set it to
840 * `true` to disable the warning banner attached to the DOM.
841 *
842 * @public
843 */
844export declare function connectAuthEmulator(auth: Auth, url: string, options?: {
845 disableWarnings: boolean;
846}): void;
847
848/**
849 * Creates a new user account associated with the specified email address and password.
850 *
851 * @remarks
852 * On successful creation of the user account, this user will also be signed in to your application.
853 *
854 * User account creation can fail if the account already exists or the password is invalid.
855 *
856 * Note: The email address acts as a unique identifier for the user and enables an email-based
857 * password reset. This function will create a new user account and set the initial user password.
858 *
859 * @param auth - The {@link Auth} instance.
860 * @param email - The user's email address.
861 * @param password - The user's chosen password.
862 *
863 * @public
864 */
865export declare function createUserWithEmailAndPassword(auth: Auth, email: string, password: string): Promise<UserCredential>;
866
867/**
868 * Map of OAuth Custom Parameters.
869 *
870 * @public
871 */
872export declare type CustomParameters = Record<string, string>;
873
874/**
875 * A verbose error map with detailed descriptions for most error codes.
876 *
877 * See discussion at {@link AuthErrorMap}
878 *
879 * @public
880 */
881export declare const debugErrorMap: AuthErrorMap;
882
883/**
884 * Deletes and signs out the user.
885 *
886 * @remarks
887 * Important: this is a security-sensitive operation that requires the user to have recently
888 * signed in. If this requirement isn't met, ask the user to authenticate again and then call
889 * {@link reauthenticateWithCredential}.
890 *
891 * @param user - The user.
892 *
893 * @public
894 */
895export declare function deleteUser(user: User): Promise<void>;
896
897/**
898 * The dependencies that can be used to initialize an {@link Auth} instance.
899 *
900 * @remarks
901 *
902 * The modular SDK enables tree shaking by allowing explicit declarations of
903 * dependencies. For example, a web app does not need to include code that
904 * enables Cordova redirect sign in. That functionality is therefore split into
905 * {@link browserPopupRedirectResolver} and
906 * {@link cordovaPopupRedirectResolver}. The dependencies object is how Auth is
907 * configured to reduce bundle sizes.
908 *
909 * There are two ways to initialize an {@link Auth} instance: {@link getAuth} and
910 * {@link initializeAuth}. `getAuth` initializes everything using
911 * platform-specific configurations, while `initializeAuth` takes a
912 * `Dependencies` object directly, giving you more control over what is used.
913 *
914 * @public
915 */
916export declare interface Dependencies {
917 /**
918 * Which {@link Persistence} to use. If this is an array, the first
919 * `Persistence` that the device supports is used. The SDK searches for an
920 * existing account in order and, if one is found in a secondary
921 * `Persistence`, the account is moved to the primary `Persistence`.
922 *
923 * If no persistence is provided, the SDK falls back on
924 * {@link inMemoryPersistence}.
925 */
926 persistence?: Persistence | Persistence[];
927 /**
928 * The {@link PopupRedirectResolver} to use. This value depends on the
929 * platform. Options are {@link browserPopupRedirectResolver} and
930 * {@link cordovaPopupRedirectResolver}. This field is optional if neither
931 * {@link signInWithPopup} or {@link signInWithRedirect} are being used.
932 */
933 popupRedirectResolver?: PopupRedirectResolver;
934 /**
935 * Which {@link AuthErrorMap} to use.
936 */
937 errorMap?: AuthErrorMap;
938}
939
940/**
941 * Interface that represents the credentials returned by {@link EmailAuthProvider} for
942 * {@link ProviderId}.PASSWORD
943 *
944 * @remarks
945 * Covers both {@link SignInMethod}.EMAIL_PASSWORD and
946 * {@link SignInMethod}.EMAIL_LINK.
947 *
948 * @public
949 */
950export declare class EmailAuthCredential extends AuthCredential {
951 /* Excluded from this release type: _email */
952 /* Excluded from this release type: _password */
953 /* Excluded from this release type: _tenantId */
954 /* Excluded from this release type: __constructor */
955 /* Excluded from this release type: _fromEmailAndPassword */
956 /* Excluded from this release type: _fromEmailAndCode */
957 /** {@inheritdoc AuthCredential.toJSON} */
958 toJSON(): object;
959 /**
960 * Static method to deserialize a JSON representation of an object into an {@link AuthCredential}.
961 *
962 * @param json - Either `object` or the stringified representation of the object. When string is
963 * provided, `JSON.parse` would be called first.
964 *
965 * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
966 */
967 static fromJSON(json: object | string): EmailAuthCredential | null;
968 /* Excluded from this release type: _getIdTokenResponse */
969 /* Excluded from this release type: _linkToIdToken */
970 /* Excluded from this release type: _getReauthenticationResolver */
971}
972
973/**
974 * Provider for generating {@link EmailAuthCredential}.
975 *
976 * @public
977 */
978export declare class EmailAuthProvider implements AuthProvider {
979 /**
980 * Always set to {@link ProviderId}.PASSWORD, even for email link.
981 */
982 static readonly PROVIDER_ID: 'password';
983 /**
984 * Always set to {@link SignInMethod}.EMAIL_PASSWORD.
985 */
986 static readonly EMAIL_PASSWORD_SIGN_IN_METHOD: 'password';
987 /**
988 * Always set to {@link SignInMethod}.EMAIL_LINK.
989 */
990 static readonly EMAIL_LINK_SIGN_IN_METHOD: 'emailLink';
991 /**
992 * Always set to {@link ProviderId}.PASSWORD, even for email link.
993 */
994 readonly providerId: "password";
995 /**
996 * Initialize an {@link AuthCredential} using an email and password.
997 *
998 * @example
999 * ```javascript
1000 * const authCredential = EmailAuthProvider.credential(email, password);
1001 * const userCredential = await signInWithCredential(auth, authCredential);
1002 * ```
1003 *
1004 * @example
1005 * ```javascript
1006 * const userCredential = await signInWithEmailAndPassword(auth, email, password);
1007 * ```
1008 *
1009 * @param email - Email address.
1010 * @param password - User account password.
1011 * @returns The auth provider credential.
1012 */
1013 static credential(email: string, password: string): EmailAuthCredential;
1014 /**
1015 * Initialize an {@link AuthCredential} using an email and an email link after a sign in with
1016 * email link operation.
1017 *
1018 * @example
1019 * ```javascript
1020 * const authCredential = EmailAuthProvider.credentialWithLink(auth, email, emailLink);
1021 * const userCredential = await signInWithCredential(auth, authCredential);
1022 * ```
1023 *
1024 * @example
1025 * ```javascript
1026 * await sendSignInLinkToEmail(auth, email);
1027 * // Obtain emailLink from user.
1028 * const userCredential = await signInWithEmailLink(auth, email, emailLink);
1029 * ```
1030 *
1031 * @param auth - The {@link Auth} instance used to verify the link.
1032 * @param email - Email address.
1033 * @param emailLink - Sign-in email link.
1034 * @returns - The auth provider credential.
1035 */
1036 static credentialWithLink(email: string, emailLink: string): EmailAuthCredential;
1037}
1038
1039/**
1040 * Configuration of Firebase Authentication Emulator.
1041 * @public
1042 */
1043export declare interface EmulatorConfig {
1044 /**
1045 * The protocol used to communicate with the emulator ("http"/"https").
1046 */
1047 readonly protocol: string;
1048 /**
1049 * The hostname of the emulator, which may be a domain ("localhost"), IPv4 address ("127.0.0.1")
1050 * or quoted IPv6 address ("[::1]").
1051 */
1052 readonly host: string;
1053 /**
1054 * The port of the emulator, or null if port isn't specified (i.e. protocol default).
1055 */
1056 readonly port: number | null;
1057 /**
1058 * The emulator-specific options.
1059 */
1060 readonly options: {
1061 /**
1062 * Whether the warning banner attached to the DOM was disabled.
1063 */
1064 readonly disableWarnings: boolean;
1065 };
1066}
1067export { ErrorFn }
1068
1069/* Excluded from this release type: EventManager */
1070
1071/**
1072 * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.FACEBOOK.
1073 *
1074 * @example
1075 * ```javascript
1076 * // Sign in using a redirect.
1077 * const provider = new FacebookAuthProvider();
1078 * // Start a sign in process for an unauthenticated user.
1079 * provider.addScope('user_birthday');
1080 * await signInWithRedirect(auth, provider);
1081 * // This will trigger a full page redirect away from your app
1082 *
1083 * // After returning from the redirect when your app initializes you can obtain the result
1084 * const result = await getRedirectResult(auth);
1085 * if (result) {
1086 * // This is the signed-in user
1087 * const user = result.user;
1088 * // This gives you a Facebook Access Token.
1089 * const credential = FacebookAuthProvider.credentialFromResult(result);
1090 * const token = credential.accessToken;
1091 * }
1092 * ```
1093 *
1094 * @example
1095 * ```javascript
1096 * // Sign in using a popup.
1097 * const provider = new FacebookAuthProvider();
1098 * provider.addScope('user_birthday');
1099 * const result = await signInWithPopup(auth, provider);
1100 *
1101 * // The signed-in user info.
1102 * const user = result.user;
1103 * // This gives you a Facebook Access Token.
1104 * const credential = FacebookAuthProvider.credentialFromResult(result);
1105 * const token = credential.accessToken;
1106 * ```
1107 *
1108 * @public
1109 */
1110export declare class FacebookAuthProvider extends BaseOAuthProvider {
1111 /** Always set to {@link SignInMethod}.FACEBOOK. */
1112 static readonly FACEBOOK_SIGN_IN_METHOD: 'facebook.com';
1113 /** Always set to {@link ProviderId}.FACEBOOK. */
1114 static readonly PROVIDER_ID: 'facebook.com';
1115 constructor();
1116 /**
1117 * Creates a credential for Facebook.
1118 *
1119 * @example
1120 * ```javascript
1121 * // `event` from the Facebook auth.authResponseChange callback.
1122 * const credential = FacebookAuthProvider.credential(event.authResponse.accessToken);
1123 * const result = await signInWithCredential(credential);
1124 * ```
1125 *
1126 * @param accessToken - Facebook access token.
1127 */
1128 static credential(accessToken: string): OAuthCredential;
1129 /**
1130 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1131 *
1132 * @param userCredential - The user credential.
1133 */
1134 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1135 /**
1136 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1137 * thrown during a sign-in, link, or reauthenticate operation.
1138 *
1139 * @param userCredential - The user credential.
1140 */
1141 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1142 private static credentialFromTaggedObject;
1143}
1144
1145/**
1146 * An enum of factors that may be used for multifactor authentication.
1147 *
1148 * @public
1149 */
1150export declare const FactorId: {
1151 /** Phone as second factor */
1152 readonly PHONE: "phone";
1153};
1154
1155/**
1156 * The base class for all Federated providers (OAuth (including OIDC), SAML).
1157 *
1158 * This class is not meant to be instantiated directly.
1159 *
1160 * @public
1161 */
1162declare abstract class FederatedAuthProvider implements AuthProvider {
1163 readonly providerId: string;
1164 /* Excluded from this release type: defaultLanguageCode */
1165 /* Excluded from this release type: customParameters */
1166 /**
1167 * Constructor for generic OAuth providers.
1168 *
1169 * @param providerId - Provider for which credentials should be generated.
1170 */
1171 constructor(providerId: string);
1172 /**
1173 * Set the language gode.
1174 *
1175 * @param languageCode - language code
1176 */
1177 setDefaultLanguage(languageCode: string | null): void;
1178 /**
1179 * Sets the OAuth custom parameters to pass in an OAuth request for popup and redirect sign-in
1180 * operations.
1181 *
1182 * @remarks
1183 * For a detailed list, check the reserved required OAuth 2.0 parameters such as `client_id`,
1184 * `redirect_uri`, `scope`, `response_type`, and `state` are not allowed and will be ignored.
1185 *
1186 * @param customOAuthParameters - The custom OAuth parameters to pass in the OAuth request.
1187 */
1188 setCustomParameters(customOAuthParameters: CustomParameters): AuthProvider;
1189 /**
1190 * Retrieve the current list of {@link CustomParameters}.
1191 */
1192 getCustomParameters(): CustomParameters;
1193}
1194
1195/**
1196 * Gets the list of possible sign in methods for the given email address.
1197 *
1198 * @remarks
1199 * This is useful to differentiate methods of sign-in for the same provider, eg.
1200 * {@link EmailAuthProvider} which has 2 methods of sign-in,
1201 * {@link SignInMethod}.EMAIL_PASSWORD and
1202 * {@link SignInMethod}.EMAIL_LINK.
1203 *
1204 * @param auth - The {@link Auth} instance.
1205 * @param email - The user's email address.
1206 *
1207 * @public
1208 */
1209export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
1210
1211declare interface FinalizeMfaResponse {
1212 idToken: string;
1213 refreshToken: string;
1214}
1215
1216/* Excluded from this release type: GenericAuthErrorParams */
1217
1218/**
1219 * Extracts provider specific {@link AdditionalUserInfo} for the given credential.
1220 *
1221 * @param userCredential - The user credential.
1222 *
1223 * @public
1224 */
1225export declare function getAdditionalUserInfo(userCredential: UserCredential): AdditionalUserInfo | null;
1226
1227/**
1228 * Returns the Auth instance associated with the provided {@link @firebase/app#FirebaseApp}.
1229 * If no instance exists, initializes an Auth instance with platform-specific default dependencies.
1230 *
1231 * @param app - The Firebase App.
1232 *
1233 * @public
1234 */
1235export declare function getAuth(app?: FirebaseApp): Auth;
1236
1237/**
1238 * Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.
1239 *
1240 * @remarks
1241 * Returns the current token if it has not expired or if it will not expire in the next five
1242 * minutes. Otherwise, this will refresh the token and return a new one.
1243 *
1244 * @param user - The user.
1245 * @param forceRefresh - Force refresh regardless of token expiration.
1246 *
1247 * @public
1248 */
1249export declare function getIdToken(user: User, forceRefresh?: boolean): Promise<string>;
1250
1251/**
1252 * Returns a deserialized JSON Web Token (JWT) used to identitfy the user to a Firebase service.
1253 *
1254 * @remarks
1255 * Returns the current token if it has not expired or if it will not expire in the next five
1256 * minutes. Otherwise, this will refresh the token and return a new one.
1257 *
1258 * @param user - The user.
1259 * @param forceRefresh - Force refresh regardless of token expiration.
1260 *
1261 * @public
1262 */
1263export declare function getIdTokenResult(user: User, forceRefresh?: boolean): Promise<IdTokenResult>;
1264
1265/**
1266 * Provides a {@link MultiFactorResolver} suitable for completion of a
1267 * multi-factor flow.
1268 *
1269 * @param auth - The {@link Auth} instance.
1270 * @param error - The {@link MultiFactorError} raised during a sign-in, or
1271 * reauthentication operation.
1272 *
1273 * @public
1274 */
1275export declare function getMultiFactorResolver(auth: Auth, error: MultiFactorError): MultiFactorResolver;
1276
1277/**
1278 * Returns a {@link UserCredential} from the redirect-based sign-in flow.
1279 *
1280 * @remarks
1281 * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
1282 * error. If no redirect operation was called, returns a {@link UserCredential}
1283 * with a null `user`.
1284 *
1285 * @example
1286 * ```javascript
1287 * // Sign in using a redirect.
1288 * const provider = new FacebookAuthProvider();
1289 * // You can add additional scopes to the provider:
1290 * provider.addScope('user_birthday');
1291 * // Start a sign in process for an unauthenticated user.
1292 * await signInWithRedirect(auth, provider);
1293 * // This will trigger a full page redirect away from your app
1294 *
1295 * // After returning from the redirect when your app initializes you can obtain the result
1296 * const result = await getRedirectResult(auth);
1297 * if (result) {
1298 * // This is the signed-in user
1299 * const user = result.user;
1300 * // This gives you a Facebook Access Token.
1301 * const credential = provider.credentialFromResult(auth, result);
1302 * const token = credential.accessToken;
1303 * }
1304 * // As this API can be used for sign-in, linking and reauthentication,
1305 * // check the operationType to determine what triggered this redirect
1306 * // operation.
1307 * const operationType = result.operationType;
1308 * ```
1309 *
1310 * @param auth - The {@link Auth} instance.
1311 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1312 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1313 *
1314 * @public
1315 */
1316export declare function getRedirectResult(auth: Auth, resolver?: PopupRedirectResolver): Promise<UserCredential | null>;
1317
1318/**
1319 * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GITHUB.
1320 *
1321 * @remarks
1322 * GitHub requires an OAuth 2.0 redirect, so you can either handle the redirect directly, or use
1323 * the {@link signInWithPopup} handler:
1324 *
1325 * @example
1326 * ```javascript
1327 * // Sign in using a redirect.
1328 * const provider = new GithubAuthProvider();
1329 * // Start a sign in process for an unauthenticated user.
1330 * provider.addScope('repo');
1331 * await signInWithRedirect(auth, provider);
1332 * // This will trigger a full page redirect away from your app
1333 *
1334 * // After returning from the redirect when your app initializes you can obtain the result
1335 * const result = await getRedirectResult(auth);
1336 * if (result) {
1337 * // This is the signed-in user
1338 * const user = result.user;
1339 * // This gives you a Github Access Token.
1340 * const credential = GithubAuthProvider.credentialFromResult(result);
1341 * const token = credential.accessToken;
1342 * }
1343 * ```
1344 *
1345 * @example
1346 * ```javascript
1347 * // Sign in using a popup.
1348 * const provider = new GithubAuthProvider();
1349 * provider.addScope('repo');
1350 * const result = await signInWithPopup(auth, provider);
1351 *
1352 * // The signed-in user info.
1353 * const user = result.user;
1354 * // This gives you a Github Access Token.
1355 * const credential = GithubAuthProvider.credentialFromResult(result);
1356 * const token = credential.accessToken;
1357 * ```
1358 * @public
1359 */
1360export declare class GithubAuthProvider extends BaseOAuthProvider {
1361 /** Always set to {@link SignInMethod}.GITHUB. */
1362 static readonly GITHUB_SIGN_IN_METHOD: 'github.com';
1363 /** Always set to {@link ProviderId}.GITHUB. */
1364 static readonly PROVIDER_ID: 'github.com';
1365 constructor();
1366 /**
1367 * Creates a credential for Github.
1368 *
1369 * @param accessToken - Github access token.
1370 */
1371 static credential(accessToken: string): OAuthCredential;
1372 /**
1373 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1374 *
1375 * @param userCredential - The user credential.
1376 */
1377 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1378 /**
1379 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1380 * thrown during a sign-in, link, or reauthenticate operation.
1381 *
1382 * @param userCredential - The user credential.
1383 */
1384 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1385 private static credentialFromTaggedObject;
1386}
1387
1388/**
1389 * Provider for generating an an {@link OAuthCredential} for {@link ProviderId}.GOOGLE.
1390 *
1391 * @example
1392 * ```javascript
1393 * // Sign in using a redirect.
1394 * const provider = new GoogleAuthProvider();
1395 * // Start a sign in process for an unauthenticated user.
1396 * provider.addScope('profile');
1397 * provider.addScope('email');
1398 * await signInWithRedirect(auth, provider);
1399 * // This will trigger a full page redirect away from your app
1400 *
1401 * // After returning from the redirect when your app initializes you can obtain the result
1402 * const result = await getRedirectResult(auth);
1403 * if (result) {
1404 * // This is the signed-in user
1405 * const user = result.user;
1406 * // This gives you a Google Access Token.
1407 * const credential = GoogleAuthProvider.credentialFromResult(result);
1408 * const token = credential.accessToken;
1409 * }
1410 * ```
1411 *
1412 * @example
1413 * ```javascript
1414 * // Sign in using a popup.
1415 * const provider = new GoogleAuthProvider();
1416 * provider.addScope('profile');
1417 * provider.addScope('email');
1418 * const result = await signInWithPopup(auth, provider);
1419 *
1420 * // The signed-in user info.
1421 * const user = result.user;
1422 * // This gives you a Google Access Token.
1423 * const credential = GoogleAuthProvider.credentialFromResult(result);
1424 * const token = credential.accessToken;
1425 * ```
1426 *
1427 * @public
1428 */
1429export declare class GoogleAuthProvider extends BaseOAuthProvider {
1430 /** Always set to {@link SignInMethod}.GOOGLE. */
1431 static readonly GOOGLE_SIGN_IN_METHOD: 'google.com';
1432 /** Always set to {@link ProviderId}.GOOGLE. */
1433 static readonly PROVIDER_ID: 'google.com';
1434 constructor();
1435 /**
1436 * Creates a credential for Google. At least one of ID token and access token is required.
1437 *
1438 * @example
1439 * ```javascript
1440 * // \`googleUser\` from the onsuccess Google Sign In callback.
1441 * const credential = GoogleAuthProvider.credential(googleUser.getAuthResponse().id_token);
1442 * const result = await signInWithCredential(credential);
1443 * ```
1444 *
1445 * @param idToken - Google ID token.
1446 * @param accessToken - Google access token.
1447 */
1448 static credential(idToken?: string | null, accessToken?: string | null): OAuthCredential;
1449 /**
1450 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1451 *
1452 * @param userCredential - The user credential.
1453 */
1454 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1455 /**
1456 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1457 * thrown during a sign-in, link, or reauthenticate operation.
1458 *
1459 * @param userCredential - The user credential.
1460 */
1461 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1462 private static credentialFromTaggedObject;
1463}
1464
1465/**
1466 * Raw encoded JWT
1467 *
1468 */
1469declare type IdToken = string;
1470
1471/* Excluded from this release type: IdTokenMfaResponse */
1472
1473/* Excluded from this release type: IdTokenResponse */
1474
1475/* Excluded from this release type: IdTokenResponseKind */
1476
1477/**
1478 * Interface representing ID token result obtained from {@link User.getIdTokenResult}.
1479 *
1480 * @remarks
1481 * `IdTokenResult` contains the ID token JWT string and other helper properties for getting different data
1482 * associated with the token as well as all the decoded payload claims.
1483 *
1484 * Note that these claims are not to be trusted as they are parsed client side. Only server side
1485 * verification can guarantee the integrity of the token claims.
1486 *
1487 * @public
1488 */
1489export declare interface IdTokenResult {
1490 /**
1491 * The authentication time formatted as a UTC string.
1492 *
1493 * @remarks
1494 * This is the time the user authenticated (signed in) and not the time the token was refreshed.
1495 */
1496 authTime: string;
1497 /** The ID token expiration time formatted as a UTC string. */
1498 expirationTime: string;
1499 /** The ID token issuance time formatted as a UTC string. */
1500 issuedAtTime: string;
1501 /**
1502 * The sign-in provider through which the ID token was obtained (anonymous, custom, phone,
1503 * password, etc).
1504 *
1505 * @remarks
1506 * Note, this does not map to provider IDs.
1507 */
1508 signInProvider: string | null;
1509 /**
1510 * The type of second factor associated with this session, provided the user was multi-factor
1511 * authenticated (eg. phone, etc).
1512 */
1513 signInSecondFactor: string | null;
1514 /** The Firebase Auth ID token JWT string. */
1515 token: string;
1516 /**
1517 * The entire payload claims of the ID token including the standard reserved claims as well as
1518 * the custom claims.
1519 */
1520 claims: ParsedToken;
1521}
1522
1523/**
1524 * An implementation of {@link Persistence} of type `LOCAL` using `indexedDB`
1525 * for the underlying storage.
1526 *
1527 * @public
1528 */
1529export declare const indexedDBLocalPersistence: Persistence;
1530
1531/**
1532 * Initializes an {@link Auth} instance with fine-grained control over
1533 * {@link Dependencies}.
1534 *
1535 * @remarks
1536 *
1537 * This function allows more control over the {@link Auth} instance than
1538 * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
1539 * the {@link Dependencies}. In general, `getAuth` is the easiest way to
1540 * initialize Auth and works for most use cases. Use `initializeAuth` if you
1541 * need control over which persistence layer is used, or to minimize bundle
1542 * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
1543 *
1544 * For example, if your app only uses anonymous accounts and you only want
1545 * accounts saved for the current session, initialize `Auth` with:
1546 *
1547 * ```js
1548 * const auth = initializeAuth(app, {
1549 * persistence: browserSessionPersistence,
1550 * popupRedirectResolver: undefined,
1551 * });
1552 * ```
1553 *
1554 * @public
1555 */
1556export declare function initializeAuth(app: FirebaseApp, deps?: Dependencies): Auth;
1557
1558/**
1559 * An implementation of {@link Persistence} of type 'NONE'.
1560 *
1561 * @public
1562 */
1563export declare const inMemoryPersistence: Persistence;
1564
1565/**
1566 * Checks if an incoming link is a sign-in with email link suitable for {@link signInWithEmailLink}.
1567 *
1568 * @param auth - The {@link Auth} instance.
1569 * @param emailLink - The link sent to the user's email address.
1570 *
1571 * @public
1572 */
1573export declare function isSignInWithEmailLink(auth: Auth, emailLink: string): boolean;
1574
1575/**
1576 * Links the user account with the given credentials.
1577 *
1578 * @remarks
1579 * An {@link AuthProvider} can be used to generate the credential.
1580 *
1581 * @param user - The user.
1582 * @param credential - The auth credential.
1583 *
1584 * @public
1585 */
1586export declare function linkWithCredential(user: User, credential: AuthCredential): Promise<UserCredential>;
1587
1588/**
1589 * Links the user account with the given phone number.
1590 *
1591 * @param user - The user.
1592 * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
1593 * @param appVerifier - The {@link ApplicationVerifier}.
1594 *
1595 * @public
1596 */
1597export declare function linkWithPhoneNumber(user: User, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
1598
1599/**
1600 * Links the authenticated provider to the user account using a pop-up based OAuth flow.
1601 *
1602 * @remarks
1603 * If the linking is successful, the returned result will contain the user and the provider's credential.
1604 *
1605 *
1606 * @example
1607 * ```javascript
1608 * // Sign in using some other provider.
1609 * const result = await signInWithEmailAndPassword(auth, email, password);
1610 * // Link using a popup.
1611 * const provider = new FacebookAuthProvider();
1612 * await linkWithPopup(result.user, provider);
1613 * ```
1614 *
1615 * @param user - The user.
1616 * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
1617 * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
1618 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1619 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1620 *
1621 * @public
1622 */
1623export declare function linkWithPopup(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<UserCredential>;
1624
1625/**
1626 * Links the {@link OAuthProvider} to the user account using a full-page redirect flow.
1627 *
1628 * @example
1629 * ```javascript
1630 * // Sign in using some other provider.
1631 * const result = await signInWithEmailAndPassword(auth, email, password);
1632 * // Link using a redirect.
1633 * const provider = new FacebookAuthProvider();
1634 * await linkWithRedirect(result.user, provider);
1635 * // This will trigger a full page redirect away from your app
1636 *
1637 * // After returning from the redirect when your app initializes you can obtain the result
1638 * const result = await getRedirectResult(auth);
1639 * ```
1640 *
1641 * @param user - The user.
1642 * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
1643 * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
1644 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1645 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1646 *
1647 *
1648 * @public
1649 */
1650export declare function linkWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
1651
1652/**
1653 * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment is supported
1654 */
1655declare type MfaEnrollment = PhoneMfaEnrollment;
1656
1657/**
1658 * The {@link MultiFactorUser} corresponding to the user.
1659 *
1660 * @remarks
1661 * This is used to access all multi-factor properties and operations related to the user.
1662 *
1663 * @param user - The user.
1664 *
1665 * @public
1666 */
1667export declare function multiFactor(user: User): MultiFactorUser;
1668
1669/**
1670 * The base class for asserting ownership of a second factor.
1671 *
1672 * @remarks
1673 * This is used to facilitate enrollment of a second factor on an existing user or sign-in of a
1674 * user who already verified the first factor.
1675 *
1676 * @public
1677 */
1678export declare interface MultiFactorAssertion {
1679 /** The identifier of the second factor. */
1680 readonly factorId: typeof FactorId[keyof typeof FactorId];
1681}
1682
1683/**
1684 * The error thrown when the user needs to provide a second factor to sign in successfully.
1685 *
1686 * @remarks
1687 * The error code for this error is `auth/multi-factor-auth-required`.
1688 *
1689 * @example
1690 * ```javascript
1691 * let resolver;
1692 * let multiFactorHints;
1693 *
1694 * signInWithEmailAndPassword(auth, email, password)
1695 * .then((result) => {
1696 * // User signed in. No 2nd factor challenge is needed.
1697 * })
1698 * .catch((error) => {
1699 * if (error.code == 'auth/multi-factor-auth-required') {
1700 * resolver = getMultiFactorResolver(auth, error);
1701 * multiFactorHints = resolver.hints;
1702 * } else {
1703 * // Handle other errors.
1704 * }
1705 * });
1706 *
1707 * // Obtain a multiFactorAssertion by verifying the second factor.
1708 *
1709 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
1710 * ```
1711 *
1712 * @public
1713 */
1714export declare interface MultiFactorError extends AuthError {
1715 /** Details about the MultiFactorError. */
1716 readonly customData: AuthError['customData'] & {
1717 /**
1718 * The type of operation (sign-in, linking, or re-authentication) that raised the error.
1719 */
1720 readonly operationType: typeof OperationType[keyof typeof OperationType];
1721 };
1722}
1723
1724/**
1725 * A structure containing the information of a second factor entity.
1726 *
1727 * @public
1728 */
1729export declare interface MultiFactorInfo {
1730 /** The multi-factor enrollment ID. */
1731 readonly uid: string;
1732 /** The user friendly name of the current second factor. */
1733 readonly displayName?: string | null;
1734 /** The enrollment date of the second factor formatted as a UTC string. */
1735 readonly enrollmentTime: string;
1736 /** The identifier of the second factor. */
1737 readonly factorId: typeof FactorId[keyof typeof FactorId];
1738}
1739
1740/**
1741 * The class used to facilitate recovery from {@link MultiFactorError} when a user needs to
1742 * provide a second factor to sign in.
1743 *
1744 * @example
1745 * ```javascript
1746 * let resolver;
1747 * let multiFactorHints;
1748 *
1749 * signInWithEmailAndPassword(auth, email, password)
1750 * .then((result) => {
1751 * // User signed in. No 2nd factor challenge is needed.
1752 * })
1753 * .catch((error) => {
1754 * if (error.code == 'auth/multi-factor-auth-required') {
1755 * resolver = getMultiFactorResolver(auth, error);
1756 * // Show UI to let user select second factor.
1757 * multiFactorHints = resolver.hints;
1758 * } else {
1759 * // Handle other errors.
1760 * }
1761 * });
1762 *
1763 * // The enrolled second factors that can be used to complete
1764 * // sign-in are returned in the `MultiFactorResolver.hints` list.
1765 * // UI needs to be presented to allow the user to select a second factor
1766 * // from that list.
1767 *
1768 * const selectedHint = // ; selected from multiFactorHints
1769 * const phoneAuthProvider = new PhoneAuthProvider(auth);
1770 * const phoneInfoOptions = {
1771 * multiFactorHint: selectedHint,
1772 * session: resolver.session
1773 * };
1774 * const verificationId = phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
1775 * // Store `verificationId` and show UI to let user enter verification code.
1776 *
1777 * // UI to enter verification code and continue.
1778 * // Continue button click handler
1779 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1780 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1781 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
1782 * ```
1783 *
1784 * @public
1785 */
1786export declare interface MultiFactorResolver {
1787 /**
1788 * The list of hints for the second factors needed to complete the sign-in for the current
1789 * session.
1790 */
1791 readonly hints: MultiFactorInfo[];
1792 /**
1793 * The session identifier for the current sign-in flow, which can be used to complete the second
1794 * factor sign-in.
1795 */
1796 readonly session: MultiFactorSession;
1797 /**
1798 * A helper function to help users complete sign in with a second factor using an
1799 * {@link MultiFactorAssertion} confirming the user successfully completed the second factor
1800 * challenge.
1801 *
1802 * @example
1803 * ```javascript
1804 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1805 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1806 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
1807 * ```
1808 *
1809 * @param assertion - The multi-factor assertion to resolve sign-in with.
1810 * @returns The promise that resolves with the user credential object.
1811 */
1812 resolveSignIn(assertion: MultiFactorAssertion): Promise<UserCredential>;
1813}
1814
1815/**
1816 * An interface defining the multi-factor session object used for enrolling a second factor on a
1817 * user or helping sign in an enrolled user with a second factor.
1818 *
1819 * @public
1820 */
1821export declare interface MultiFactorSession {
1822}
1823
1824/**
1825 * An interface that defines the multi-factor related properties and operations pertaining
1826 * to a {@link User}.
1827 *
1828 * @public
1829 */
1830export declare interface MultiFactorUser {
1831 /** Returns a list of the user's enrolled second factors. */
1832 readonly enrolledFactors: MultiFactorInfo[];
1833 /**
1834 * Returns the session identifier for a second factor enrollment operation. This is used to
1835 * identify the user trying to enroll a second factor.
1836 *
1837 * @example
1838 * ```javascript
1839 * const multiFactorUser = multiFactor(auth.currentUser);
1840 * const multiFactorSession = await multiFactorUser.getSession();
1841 *
1842 * // Send verification code.
1843 * const phoneAuthProvider = new PhoneAuthProvider(auth);
1844 * const phoneInfoOptions = {
1845 * phoneNumber: phoneNumber,
1846 * session: multiFactorSession
1847 * };
1848 * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
1849 *
1850 * // Obtain verification code from user.
1851 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1852 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1853 * await multiFactorUser.enroll(multiFactorAssertion);
1854 * ```
1855 *
1856 * @returns The promise that resolves with the {@link MultiFactorSession}.
1857 */
1858 getSession(): Promise<MultiFactorSession>;
1859 /**
1860 *
1861 * Enrolls a second factor as identified by the {@link MultiFactorAssertion} for the
1862 * user.
1863 *
1864 * @remarks
1865 * On resolution, the user tokens are updated to reflect the change in the JWT payload.
1866 * Accepts an additional display name parameter used to identify the second factor to the end
1867 * user. Recent re-authentication is required for this operation to succeed. On successful
1868 * enrollment, existing Firebase sessions (refresh tokens) are revoked. When a new factor is
1869 * enrolled, an email notification is sent to the user’s email.
1870 *
1871 * @example
1872 * ```javascript
1873 * const multiFactorUser = multiFactor(auth.currentUser);
1874 * const multiFactorSession = await multiFactorUser.getSession();
1875 *
1876 * // Send verification code.
1877 * const phoneAuthProvider = new PhoneAuthProvider(auth);
1878 * const phoneInfoOptions = {
1879 * phoneNumber: phoneNumber,
1880 * session: multiFactorSession
1881 * };
1882 * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
1883 *
1884 * // Obtain verification code from user.
1885 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1886 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1887 * await multiFactorUser.enroll(multiFactorAssertion);
1888 * // Second factor enrolled.
1889 * ```
1890 *
1891 * @param assertion - The multi-factor assertion to enroll with.
1892 * @param displayName - The display name of the second factor.
1893 */
1894 enroll(assertion: MultiFactorAssertion, displayName?: string | null): Promise<void>;
1895 /**
1896 * Unenrolls the specified second factor.
1897 *
1898 * @remarks
1899 * To specify the factor to remove, pass a {@link MultiFactorInfo} object (retrieved from
1900 * {@link MultiFactorUser.enrolledFactors}) or the
1901 * factor's UID string. Sessions are not revoked when the account is unenrolled. An email
1902 * notification is likely to be sent to the user notifying them of the change. Recent
1903 * re-authentication is required for this operation to succeed. When an existing factor is
1904 * unenrolled, an email notification is sent to the user’s email.
1905 *
1906 * @example
1907 * ```javascript
1908 * const multiFactorUser = multiFactor(auth.currentUser);
1909 * // Present user the option to choose which factor to unenroll.
1910 * await multiFactorUser.unenroll(multiFactorUser.enrolledFactors[i])
1911 * ```
1912 *
1913 * @param option - The multi-factor option to unenroll.
1914 * @returns - A `Promise` which resolves when the unenroll operation is complete.
1915 */
1916 unenroll(option: MultiFactorInfo | string): Promise<void>;
1917}
1918
1919declare type MutableUserInfo = {
1920 -readonly [K in keyof UserInfo]: UserInfo[K];
1921};
1922export { NextFn }
1923
1924/**
1925 * Type definition for an event callback.
1926 *
1927 * @privateRemarks TODO(avolkovi): should we consolidate with Subscribe<T> since we're changing the API anyway?
1928 *
1929 * @public
1930 */
1931export declare type NextOrObserver<T> = NextFn<T | null> | Observer<T | null>;
1932
1933/**
1934 * Represents the OAuth credentials returned by an {@link OAuthProvider}.
1935 *
1936 * @remarks
1937 * Implementations specify the details about each auth provider's credential requirements.
1938 *
1939 * @public
1940 */
1941export declare class OAuthCredential extends AuthCredential {
1942 /**
1943 * The OAuth ID token associated with the credential if it belongs to an OIDC provider,
1944 * such as `google.com`.
1945 * @readonly
1946 */
1947 idToken?: string;
1948 /**
1949 * The OAuth access token associated with the credential if it belongs to an
1950 * {@link OAuthProvider}, such as `facebook.com`, `twitter.com`, etc.
1951 * @readonly
1952 */
1953 accessToken?: string;
1954 /**
1955 * The OAuth access token secret associated with the credential if it belongs to an OAuth 1.0
1956 * provider, such as `twitter.com`.
1957 * @readonly
1958 */
1959 secret?: string;
1960 private nonce?;
1961 private pendingToken;
1962 /* Excluded from this release type: _fromParams */
1963 /** {@inheritdoc AuthCredential.toJSON} */
1964 toJSON(): object;
1965 /**
1966 * Static method to deserialize a JSON representation of an object into an
1967 * {@link AuthCredential}.
1968 *
1969 * @param json - Input can be either Object or the stringified representation of the object.
1970 * When string is provided, JSON.parse would be called first.
1971 *
1972 * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
1973 */
1974 static fromJSON(json: string | object): OAuthCredential | null;
1975 /* Excluded from this release type: _getIdTokenResponse */
1976 /* Excluded from this release type: _linkToIdToken */
1977 /* Excluded from this release type: _getReauthenticationResolver */
1978 private buildRequest;
1979}
1980
1981/**
1982 * Defines the options for initializing an {@link OAuthCredential}.
1983 *
1984 * @remarks
1985 * For ID tokens with nonce claim, the raw nonce has to also be provided.
1986 *
1987 * @public
1988 */
1989export declare interface OAuthCredentialOptions {
1990 /**
1991 * The OAuth ID token used to initialize the {@link OAuthCredential}.
1992 */
1993 idToken?: string;
1994 /**
1995 * The OAuth access token used to initialize the {@link OAuthCredential}.
1996 */
1997 accessToken?: string;
1998 /**
1999 * The raw nonce associated with the ID token.
2000 *
2001 * @remarks
2002 * It is required when an ID token with a nonce field is provided. The SHA-256 hash of the
2003 * raw nonce must match the nonce field in the ID token.
2004 */
2005 rawNonce?: string;
2006}
2007
2008declare interface OAuthCredentialParams {
2009 idToken?: string | null;
2010 accessToken?: string | null;
2011 oauthToken?: string;
2012 secret?: string;
2013 oauthTokenSecret?: string;
2014 nonce?: string;
2015 pendingToken?: string;
2016 providerId: string;
2017 signInMethod: string;
2018}
2019
2020/**
2021 * Provider for generating generic {@link OAuthCredential}.
2022 *
2023 * @example
2024 * ```javascript
2025 * // Sign in using a redirect.
2026 * const provider = new OAuthProvider('google.com');
2027 * // Start a sign in process for an unauthenticated user.
2028 * provider.addScope('profile');
2029 * provider.addScope('email');
2030 * await signInWithRedirect(auth, provider);
2031 * // This will trigger a full page redirect away from your app
2032 *
2033 * // After returning from the redirect when your app initializes you can obtain the result
2034 * const result = await getRedirectResult(auth);
2035 * if (result) {
2036 * // This is the signed-in user
2037 * const user = result.user;
2038 * // This gives you a OAuth Access Token for the provider.
2039 * const credential = provider.credentialFromResult(auth, result);
2040 * const token = credential.accessToken;
2041 * }
2042 * ```
2043 *
2044 * @example
2045 * ```javascript
2046 * // Sign in using a popup.
2047 * const provider = new OAuthProvider('google.com');
2048 * provider.addScope('profile');
2049 * provider.addScope('email');
2050 * const result = await signInWithPopup(auth, provider);
2051 *
2052 * // The signed-in user info.
2053 * const user = result.user;
2054 * // This gives you a OAuth Access Token for the provider.
2055 * const credential = provider.credentialFromResult(auth, result);
2056 * const token = credential.accessToken;
2057 * ```
2058 * @public
2059 */
2060export declare class OAuthProvider extends BaseOAuthProvider {
2061 /**
2062 * Creates an {@link OAuthCredential} from a JSON string or a plain object.
2063 * @param json - A plain object or a JSON string
2064 */
2065 static credentialFromJSON(json: object | string): OAuthCredential;
2066 /**
2067 * Creates a {@link OAuthCredential} from a generic OAuth provider's access token or ID token.
2068 *
2069 * @remarks
2070 * The raw nonce is required when an ID token with a nonce field is provided. The SHA-256 hash of
2071 * the raw nonce must match the nonce field in the ID token.
2072 *
2073 * @example
2074 * ```javascript
2075 * // `googleUser` from the onsuccess Google Sign In callback.
2076 * // Initialize a generate OAuth provider with a `google.com` providerId.
2077 * const provider = new OAuthProvider('google.com');
2078 * const credential = provider.credential({
2079 * idToken: googleUser.getAuthResponse().id_token,
2080 * });
2081 * const result = await signInWithCredential(credential);
2082 * ```
2083 *
2084 * @param params - Either the options object containing the ID token, access token and raw nonce
2085 * or the ID token string.
2086 */
2087 credential(params: OAuthCredentialOptions): OAuthCredential;
2088 /** An internal credential method that accepts more permissive options */
2089 private _credential;
2090 /**
2091 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
2092 *
2093 * @param userCredential - The user credential.
2094 */
2095 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
2096 /**
2097 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
2098 * thrown during a sign-in, link, or reauthenticate operation.
2099 *
2100 * @param userCredential - The user credential.
2101 */
2102 static credentialFromError(error: FirebaseError): OAuthCredential | null;
2103 private static oauthCredentialFromTaggedObject;
2104}
2105
2106/**
2107 * Adds an observer for changes to the user's sign-in state.
2108 *
2109 * @remarks
2110 * To keep the old behavior, see {@link onIdTokenChanged}.
2111 *
2112 * @param auth - The {@link Auth} instance.
2113 * @param nextOrObserver - callback triggered on change.
2114 * @param error - callback triggered on error.
2115 * @param completed - callback triggered when observer is removed.
2116 *
2117 * @public
2118 */
2119export declare function onAuthStateChanged(auth: Auth, nextOrObserver: NextOrObserver<User>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
2120
2121/**
2122 * Adds an observer for changes to the signed-in user's ID token, which includes sign-in,
2123 * sign-out, and token refresh events.
2124 *
2125 * @param auth - The {@link Auth} instance.
2126 * @param nextOrObserver - callback triggered on change.
2127 * @param error - callback triggered on error.
2128 * @param completed - callback triggered when observer is removed.
2129 *
2130 * @public
2131 */
2132export declare function onIdTokenChanged(auth: Auth, nextOrObserver: NextOrObserver<User>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
2133
2134/**
2135 * Enumeration of supported operation types.
2136 *
2137 * @public
2138 */
2139export declare const OperationType: {
2140 /** Operation involving linking an additional provider to an already signed-in user. */
2141 readonly LINK: "link";
2142 /** Operation involving using a provider to reauthenticate an already signed-in user. */
2143 readonly REAUTHENTICATE: "reauthenticate";
2144 /** Operation involving signing in a user. */
2145 readonly SIGN_IN: "signIn";
2146};
2147
2148/**
2149 * Parses the email action link string and returns an {@link ActionCodeURL} if
2150 * the link is valid, otherwise returns null.
2151 *
2152 * @public
2153 */
2154export declare function parseActionCodeURL(link: string): ActionCodeURL | null;
2155
2156/**
2157 * Interface representing a parsed ID token.
2158 *
2159 * @privateRemarks TODO(avolkovi): consolidate with parsed_token in implementation.
2160 *
2161 * @public
2162 */
2163export declare interface ParsedToken {
2164 /** Expiration time of the token. */
2165 'exp'?: string;
2166 /** UID of the user. */
2167 'sub'?: string;
2168 /** Time at which authentication was performed. */
2169 'auth_time'?: string;
2170 /** Issuance time of the token. */
2171 'iat'?: string;
2172 /** Firebase specific claims, containing the provider(s) used to authenticate the user. */
2173 'firebase'?: {
2174 'sign_in_provider'?: string;
2175 'sign_in_second_factor'?: string;
2176 };
2177 /** Map of any additional custom claims. */
2178 [key: string]: string | object | undefined;
2179}
2180
2181declare type PersistedBlob = Record<string, unknown>;
2182
2183/**
2184 * An interface covering the possible persistence mechanism types.
2185 *
2186 * @public
2187 */
2188export declare interface Persistence {
2189 /**
2190 * Type of Persistence.
2191 * - 'SESSION' is used for temporary persistence such as `sessionStorage`.
2192 * - 'LOCAL' is used for long term persistence such as `localStorage` or `IndexedDB`.
2193 * - 'NONE' is used for in-memory, or no persistence.
2194 */
2195 readonly type: 'SESSION' | 'LOCAL' | 'NONE';
2196}
2197
2198/**
2199 * Represents the credentials returned by {@link PhoneAuthProvider}.
2200 *
2201 * @public
2202 */
2203export declare class PhoneAuthCredential extends AuthCredential {
2204 private readonly params;
2205 private constructor();
2206 /* Excluded from this release type: _fromVerification */
2207 /* Excluded from this release type: _fromTokenResponse */
2208 /* Excluded from this release type: _getIdTokenResponse */
2209 /* Excluded from this release type: _linkToIdToken */
2210 /* Excluded from this release type: _getReauthenticationResolver */
2211 /* Excluded from this release type: _makeVerificationRequest */
2212 /** {@inheritdoc AuthCredential.toJSON} */
2213 toJSON(): object;
2214 /** Generates a phone credential based on a plain object or a JSON string. */
2215 static fromJSON(json: object | string): PhoneAuthCredential | null;
2216}
2217
2218/**
2219 * Provider for generating an {@link PhoneAuthCredential}.
2220 *
2221 * @example
2222 * ```javascript
2223 * // 'recaptcha-container' is the ID of an element in the DOM.
2224 * const applicationVerifier = new RecaptchaVerifier('recaptcha-container');
2225 * const provider = new PhoneAuthProvider(auth);
2226 * const verificationId = await provider.verifyPhoneNumber('+16505550101', applicationVerifier);
2227 * // Obtain the verificationCode from the user.
2228 * const phoneCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
2229 * const userCredential = await signInWithCredential(auth, phoneCredential);
2230 * ```
2231 *
2232 * @public
2233 */
2234export declare class PhoneAuthProvider {
2235 /** Always set to {@link ProviderId}.PHONE. */
2236 static readonly PROVIDER_ID: 'phone';
2237 /** Always set to {@link SignInMethod}.PHONE. */
2238 static readonly PHONE_SIGN_IN_METHOD: 'phone';
2239 /** Always set to {@link ProviderId}.PHONE. */
2240 readonly providerId: "phone";
2241 private readonly auth;
2242 /**
2243 * @param auth - The Firebase {@link Auth} instance in which sign-ins should occur.
2244 *
2245 */
2246 constructor(auth: Auth);
2247 /**
2248 *
2249 * Starts a phone number authentication flow by sending a verification code to the given phone
2250 * number.
2251 *
2252 * @example
2253 * ```javascript
2254 * const provider = new PhoneAuthProvider(auth);
2255 * const verificationId = await provider.verifyPhoneNumber(phoneNumber, applicationVerifier);
2256 * // Obtain verificationCode from the user.
2257 * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
2258 * const userCredential = await signInWithCredential(auth, authCredential);
2259 * ```
2260 *
2261 * @example
2262 * An alternative flow is provided using the `signInWithPhoneNumber` method.
2263 * ```javascript
2264 * const confirmationResult = signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
2265 * // Obtain verificationCode from the user.
2266 * const userCredential = confirmationResult.confirm(verificationCode);
2267 * ```
2268 *
2269 * @param phoneInfoOptions - The user's {@link PhoneInfoOptions}. The phone number should be in
2270 * E.164 format (e.g. +16505550101).
2271 * @param applicationVerifier - For abuse prevention, this method also requires a
2272 * {@link ApplicationVerifier}. This SDK includes a reCAPTCHA-based implementation,
2273 * {@link RecaptchaVerifier}.
2274 *
2275 * @returns A Promise for a verification ID that can be passed to
2276 * {@link PhoneAuthProvider.credential} to identify this flow..
2277 */
2278 verifyPhoneNumber(phoneOptions: PhoneInfoOptions | string, applicationVerifier: ApplicationVerifier): Promise<string>;
2279 /**
2280 * Creates a phone auth credential, given the verification ID from
2281 * {@link PhoneAuthProvider.verifyPhoneNumber} and the code that was sent to the user's
2282 * mobile device.
2283 *
2284 * @example
2285 * ```javascript
2286 * const provider = new PhoneAuthProvider(auth);
2287 * const verificationId = provider.verifyPhoneNumber(phoneNumber, applicationVerifier);
2288 * // Obtain verificationCode from the user.
2289 * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
2290 * const userCredential = signInWithCredential(auth, authCredential);
2291 * ```
2292 *
2293 * @example
2294 * An alternative flow is provided using the `signInWithPhoneNumber` method.
2295 * ```javascript
2296 * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
2297 * // Obtain verificationCode from the user.
2298 * const userCredential = await confirmationResult.confirm(verificationCode);
2299 * ```
2300 *
2301 * @param verificationId - The verification ID returned from {@link PhoneAuthProvider.verifyPhoneNumber}.
2302 * @param verificationCode - The verification code sent to the user's mobile device.
2303 *
2304 * @returns The auth provider credential.
2305 */
2306 static credential(verificationId: string, verificationCode: string): PhoneAuthCredential;
2307 /**
2308 * Generates an {@link AuthCredential} from a {@link UserCredential}.
2309 * @param userCredential - The user credential.
2310 */
2311 static credentialFromResult(userCredential: UserCredential): AuthCredential | null;
2312 /**
2313 * Returns an {@link AuthCredential} when passed an error.
2314 *
2315 * @remarks
2316 *
2317 * This method works for errors like
2318 * `auth/account-exists-with-different-credentials`. This is useful for
2319 * recovering when attempting to set a user's phone number but the number
2320 * in question is already tied to another account. For example, the following
2321 * code tries to update the current user's phone number, and if that
2322 * fails, links the user with the account associated with that number:
2323 *
2324 * ```js
2325 * const provider = new PhoneAuthProvider(auth);
2326 * const verificationId = await provider.verifyPhoneNumber(number, verifier);
2327 * try {
2328 * const code = ''; // Prompt the user for the verification code
2329 * await updatePhoneNumber(
2330 * auth.currentUser,
2331 * PhoneAuthProvider.credential(verificationId, code));
2332 * } catch (e) {
2333 * if (e.code === 'auth/account-exists-with-different-credential') {
2334 * const cred = PhoneAuthProvider.credentialFromError(e);
2335 * await linkWithCredential(auth.currentUser, cred);
2336 * }
2337 * }
2338 *
2339 * // At this point, auth.currentUser.phoneNumber === number.
2340 * ```
2341 *
2342 * @param error - The error to generate a credential from.
2343 */
2344 static credentialFromError(error: FirebaseError): AuthCredential | null;
2345 private static credentialFromTaggedObject;
2346}
2347
2348/**
2349 * The information required to verify the ownership of a phone number.
2350 *
2351 * @remarks
2352 * The information that's required depends on whether you are doing single-factor sign-in,
2353 * multi-factor enrollment or multi-factor sign-in.
2354 *
2355 * @public
2356 */
2357export declare type PhoneInfoOptions = PhoneSingleFactorInfoOptions | PhoneMultiFactorEnrollInfoOptions | PhoneMultiFactorSignInInfoOptions;
2358
2359/**
2360 * An MFA provided by SMS verification
2361 */
2362declare interface PhoneMfaEnrollment extends BaseMfaEnrollment {
2363 phoneInfo: string;
2364}
2365
2366/**
2367 * The class for asserting ownership of a phone second factor. Provided by
2368 * {@link PhoneMultiFactorGenerator.assertion}.
2369 *
2370 * @public
2371 */
2372export declare interface PhoneMultiFactorAssertion extends MultiFactorAssertion {
2373}
2374
2375/**
2376 * Options used for enrolling a second factor.
2377 *
2378 * @public
2379 */
2380export declare interface PhoneMultiFactorEnrollInfoOptions {
2381 /** Phone number to send a verification code to. */
2382 phoneNumber: string;
2383 /** The {@link MultiFactorSession} obtained via {@link MultiFactorUser.getSession}. */
2384 session: MultiFactorSession;
2385}
2386
2387/**
2388<