UNPKG

140 kBTypeScriptView Raw
1/**
2 * Firebase Authentication
3 *
4 * @packageDocumentation
5 */
6
7import { CompleteFn } from '@firebase/util';
8import { ErrorFactory } from '@firebase/util';
9import { ErrorFn } from '@firebase/util';
10import { FirebaseApp } from '@firebase/app';
11import { FirebaseError } from '@firebase/util';
12import { NextFn } from '@firebase/util';
13import { Observer } from '@firebase/util';
14import { Unsubscribe } from '@firebase/util';
15
16/**
17 * A response from {@link checkActionCode}.
18 *
19 * @public
20 */
21export declare interface ActionCodeInfo {
22 /**
23 * The data associated with the action code.
24 *
25 * @remarks
26 * For the {@link ActionCodeOperation}.PASSWORD_RESET, {@link ActionCodeOperation}.VERIFY_EMAIL, and
27 * {@link ActionCodeOperation}.RECOVER_EMAIL actions, this object contains an email field with the address
28 * the email was sent to.
29 *
30 * For the {@link ActionCodeOperation}.RECOVER_EMAIL action, which allows a user to undo an email address
31 * change, this object also contains a `previousEmail` field with the user account's current
32 * email address. After the action completes, the user's email address will revert to the value
33 * in the `email` field from the value in `previousEmail` field.
34 *
35 * For the {@link ActionCodeOperation}.VERIFY_AND_CHANGE_EMAIL action, which allows a user to verify the
36 * email before updating it, this object contains a `previousEmail` field with the user account's
37 * email address before updating. After the action completes, the user's email address will be
38 * updated to the value in the `email` field from the value in `previousEmail` field.
39 *
40 * For the {@link ActionCodeOperation}.REVERT_SECOND_FACTOR_ADDITION action, which allows a user to
41 * unenroll a newly added second factor, this object contains a `multiFactorInfo` field with
42 * the information about the second factor. For phone second factor, the `multiFactorInfo`
43 * is a {@link MultiFactorInfo} object, which contains the phone number.
44 */
45 data: {
46 email?: string | null;
47 multiFactorInfo?: MultiFactorInfo | null;
48 previousEmail?: string | null;
49 };
50 /**
51 * The type of operation that generated the action code.
52 */
53 operation: typeof ActionCodeOperation[keyof typeof ActionCodeOperation];
54}
55
56/**
57 * An enumeration of the possible email action types.
58 *
59 * @public
60 */
61export declare const ActionCodeOperation: {
62 /** The email link sign-in action. */
63 readonly EMAIL_SIGNIN: "EMAIL_SIGNIN";
64 /** The password reset action. */
65 readonly PASSWORD_RESET: "PASSWORD_RESET";
66 /** The email revocation action. */
67 readonly RECOVER_EMAIL: "RECOVER_EMAIL";
68 /** The revert second factor addition email action. */
69 readonly REVERT_SECOND_FACTOR_ADDITION: "REVERT_SECOND_FACTOR_ADDITION";
70 /** The revert second factor addition email action. */
71 readonly VERIFY_AND_CHANGE_EMAIL: "VERIFY_AND_CHANGE_EMAIL";
72 /** The email verification action. */
73 readonly VERIFY_EMAIL: "VERIFY_EMAIL";
74};
75
76/**
77 * An interface that defines the required continue/state URL with optional Android and iOS
78 * bundle identifiers.
79 *
80 * @public
81 */
82export declare interface ActionCodeSettings {
83 /**
84 * Sets the Android package name.
85 *
86 * @remarks
87 * This will try to open the link in an android app if it is
88 * installed. If `installApp` is passed, it specifies whether to install the Android app if the
89 * device supports it and the app is not already installed. If this field is provided without
90 * a `packageName`, an error is thrown explaining that the `packageName` must be provided in
91 * conjunction with this field. If `minimumVersion` is specified, and an older version of the
92 * app is installed, the user is taken to the Play Store to upgrade the app.
93 */
94 android?: {
95 installApp?: boolean;
96 minimumVersion?: string;
97 packageName: string;
98 };
99 /**
100 * When set to true, the action code link will be be sent as a Universal Link or Android App
101 * Link and will be opened by the app if installed.
102 *
103 * @remarks
104 * In the false case, the code will be sent to the web widget first and then on continue will
105 * redirect to the app if installed.
106 *
107 * @defaultValue false
108 */
109 handleCodeInApp?: boolean;
110 /**
111 * Sets the iOS bundle ID.
112 *
113 * @remarks
114 * This will try to open the link in an iOS app if it is installed.
115 *
116 * App installation is not supported for iOS.
117 */
118 iOS?: {
119 bundleId: string;
120 };
121 /**
122 * Sets the link continue/state URL.
123 *
124 * @remarks
125 * This has different meanings in different contexts:
126 * - When the link is handled in the web action widgets, this is the deep link in the
127 * `continueUrl` query parameter.
128 * - When the link is handled in the app directly, this is the `continueUrl` query parameter in
129 * the deep link of the Dynamic Link.
130 */
131 url: string;
132 /**
133 * When multiple custom dynamic link domains are defined for a project, specify which one to use
134 * when the link is to be opened via a specified mobile app (for example, `example.page.link`).
135 *
136 *
137 * @defaultValue The first domain is automatically selected.
138 */
139 dynamicLinkDomain?: string;
140}
141
142/**
143 * @license
144 * Copyright 2020 Google LLC
145 *
146 * Licensed under the Apache License, Version 2.0 (the "License");
147 * you may not use this file except in compliance with the License.
148 * You may obtain a copy of the License at
149 *
150 * http://www.apache.org/licenses/LICENSE-2.0
151 *
152 * Unless required by applicable law or agreed to in writing, software
153 * distributed under the License is distributed on an "AS IS" BASIS,
154 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
155 * See the License for the specific language governing permissions and
156 * limitations under the License.
157 */
158/**
159 * A utility class to parse email action URLs such as password reset, email verification,
160 * email link sign in, etc.
161 *
162 * @public
163 */
164export declare class ActionCodeURL {
165 /**
166 * The API key of the email action link.
167 */
168 readonly apiKey: string;
169 /**
170 * The action code of the email action link.
171 */
172 readonly code: string;
173 /**
174 * The continue URL of the email action link. Null if not provided.
175 */
176 readonly continueUrl: string | null;
177 /**
178 * The language code of the email action link. Null if not provided.
179 */
180 readonly languageCode: string | null;
181 /**
182 * The action performed by the email action link. It returns from one of the types from
183 * {@link ActionCodeInfo}
184 */
185 readonly operation: string;
186 /**
187 * The tenant ID of the email action link. Null if the email action is from the parent project.
188 */
189 readonly tenantId: string | null;
190 /**
191 * @param actionLink - The link from which to extract the URL.
192 * @returns The {@link ActionCodeURL} object, or null if the link is invalid.
193 *
194 * @internal
195 */
196 constructor(actionLink: string);
197 /**
198 * Parses the email action link string and returns an {@link ActionCodeURL} if the link is valid,
199 * otherwise returns null.
200 *
201 * @param link - The email action link string.
202 * @returns The {@link ActionCodeURL} object, or null if the link is invalid.
203 *
204 * @public
205 */
206 static parseLink(link: string): ActionCodeURL | null;
207}
208
209/**
210 * A structure containing additional user information from a federated identity provider.
211 *
212 * @public
213 */
214export declare interface AdditionalUserInfo {
215 /**
216 * Whether the user is new (created via sign-up) or existing (authenticated using sign-in).
217 */
218 readonly isNewUser: boolean;
219 /**
220 * Map containing IDP-specific user data.
221 */
222 readonly profile: Record<string, unknown> | null;
223 /**
224 * Identifier for the provider used to authenticate this user.
225 */
226 readonly providerId: string | null;
227 /**
228 * The username if the provider is GitHub or Twitter.
229 */
230 readonly username?: string | null;
231}
232
233declare interface APIUserInfo {
234 localId?: string;
235 displayName?: string;
236 photoUrl?: string;
237 email?: string;
238 emailVerified?: boolean;
239 phoneNumber?: string;
240 lastLoginAt?: number;
241 createdAt?: number;
242 tenantId?: string;
243 passwordHash?: string;
244 providerUserInfo?: ProviderUserInfo[];
245 mfaInfo?: MfaEnrollment[];
246}
247
248/**
249 * A verifier for domain verification and abuse prevention.
250 *
251 * @remarks
252 * Currently, the only implementation is {@link RecaptchaVerifier}.
253 *
254 * @public
255 */
256export declare interface ApplicationVerifier {
257 /**
258 * Identifies the type of application verifier (e.g. "recaptcha").
259 */
260 readonly type: string;
261 /**
262 * Executes the verification process.
263 *
264 * @returns A Promise for a token that can be used to assert the validity of a request.
265 */
266 verify(): Promise<string>;
267}
268
269declare interface ApplicationVerifierInternal extends ApplicationVerifier {
270 /**
271 * @internal
272 */
273 _reset(): void;
274}
275
276/**
277 * Applies a verification code sent to the user by email or other out-of-band mechanism.
278 *
279 * @param auth - The {@link Auth} instance.
280 * @param oobCode - A verification code sent to the user.
281 *
282 * @public
283 */
284export declare function applyActionCode(auth: Auth, oobCode: string): Promise<void>;
285
286declare type AppName = string;
287
288/**
289 * Interface representing Firebase Auth service.
290 *
291 * @remarks
292 * See {@link https://firebase.google.com/docs/auth/ | Firebase Authentication} for a full guide
293 * on how to use the Firebase Auth service.
294 *
295 * @public
296 */
297export declare interface Auth {
298 /** The {@link @firebase/app#FirebaseApp} associated with the `Auth` service instance. */
299 readonly app: FirebaseApp;
300 /** The name of the app associated with the `Auth` service instance. */
301 readonly name: string;
302 /** The {@link Config} used to initialize this instance. */
303 readonly config: Config;
304 /**
305 * Changes the type of persistence on the `Auth` instance.
306 *
307 * @remarks
308 * This will affect the currently saved Auth session and applies this type of persistence for
309 * future sign-in requests, including sign-in with redirect requests.
310 *
311 * This makes it easy for a user signing in to specify whether their session should be
312 * remembered or not. It also makes it easier to never persist the Auth state for applications
313 * that are shared by other users or have sensitive data.
314 *
315 * @example
316 * ```javascript
317 * auth.setPersistence(browserSessionPersistence);
318 * ```
319 *
320 * @param persistence - The {@link Persistence} to use.
321 */
322 setPersistence(persistence: Persistence): Promise<void>;
323 /**
324 * The {@link Auth} instance's language code.
325 *
326 * @remarks
327 * This is a readable/writable property. When set to null, the default Firebase Console language
328 * setting is applied. The language code will propagate to email action templates (password
329 * reset, email verification and email change revocation), SMS templates for phone authentication,
330 * reCAPTCHA verifier and OAuth popup/redirect operations provided the specified providers support
331 * localization with the language code specified.
332 */
333 languageCode: string | null;
334 /**
335 * The {@link Auth} instance's tenant ID.
336 *
337 * @remarks
338 * This is a readable/writable property. When you set the tenant ID of an {@link Auth} instance, all
339 * future sign-in/sign-up operations will pass this tenant ID and sign in or sign up users to
340 * the specified tenant project. When set to null, users are signed in to the parent project.
341 *
342 * @example
343 * ```javascript
344 * // Set the tenant ID on Auth instance.
345 * auth.tenantId = 'TENANT_PROJECT_ID';
346 *
347 * // All future sign-in request now include tenant ID.
348 * const result = await signInWithEmailAndPassword(auth, email, password);
349 * // result.user.tenantId should be 'TENANT_PROJECT_ID'.
350 * ```
351 *
352 * @defaultValue null
353 */
354 tenantId: string | null;
355 /**
356 * The {@link Auth} instance's settings.
357 *
358 * @remarks
359 * This is used to edit/read configuration related options such as app verification mode for
360 * phone authentication.
361 */
362 readonly settings: AuthSettings;
363 /**
364 * Adds an observer for changes to the user's sign-in state.
365 *
366 * @remarks
367 * To keep the old behavior, see {@link Auth.onIdTokenChanged}.
368 *
369 * @param nextOrObserver - callback triggered on change.
370 * @param error - callback triggered on error.
371 * @param completed - callback triggered when observer is removed.
372 */
373 onAuthStateChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
374 /**
375 * Adds a blocking callback that runs before an auth state change
376 * sets a new user.
377 *
378 * @param callback - callback triggered before new user value is set.
379 * If this throws, it blocks the user from being set.
380 * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
381 * callback throws, allowing you to undo any side effects.
382 */
383 beforeAuthStateChanged(callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
384 /**
385 * Adds an observer for changes to the signed-in user's ID token.
386 *
387 * @remarks
388 * This includes sign-in, sign-out, and token refresh events.
389 *
390 * @param nextOrObserver - callback triggered on change.
391 * @param error - callback triggered on error.
392 * @param completed - callback triggered when observer is removed.
393 */
394 onIdTokenChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
395 /** The currently signed-in user (or null). */
396 readonly currentUser: User | null;
397 /** The current emulator configuration (or null). */
398 readonly emulatorConfig: EmulatorConfig | null;
399 /**
400 * Asynchronously sets the provided user as {@link Auth.currentUser} on the {@link Auth} instance.
401 *
402 * @remarks
403 * A new instance copy of the user provided will be made and set as currentUser.
404 *
405 * This will trigger {@link Auth.onAuthStateChanged} and {@link Auth.onIdTokenChanged} listeners
406 * like other sign in methods.
407 *
408 * The operation fails with an error if the user to be updated belongs to a different Firebase
409 * project.
410 *
411 * @param user - The new {@link User}.
412 */
413 updateCurrentUser(user: User | null): Promise<void>;
414 /**
415 * Sets the current language to the default device/browser preference.
416 */
417 useDeviceLanguage(): void;
418 /**
419 * Signs out the current user.
420 */
421 signOut(): Promise<void>;
422}
423
424/**
425 * Interface that represents the credentials returned by an {@link AuthProvider}.
426 *
427 * @remarks
428 * Implementations specify the details about each auth provider's credential requirements.
429 *
430 * @public
431 */
432export declare class AuthCredential {
433 /**
434 * The authentication provider ID for the credential.
435 *
436 * @remarks
437 * For example, 'facebook.com', or 'google.com'.
438 */
439 readonly providerId: string;
440 /**
441 * The authentication sign in method for the credential.
442 *
443 * @remarks
444 * For example, {@link SignInMethod}.EMAIL_PASSWORD, or
445 * {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method
446 * identifier as returned in {@link fetchSignInMethodsForEmail}.
447 */
448 readonly signInMethod: string;
449 /** @internal */
450 protected constructor(
451 /**
452 * The authentication provider ID for the credential.
453 *
454 * @remarks
455 * For example, 'facebook.com', or 'google.com'.
456 */
457 providerId: string,
458 /**
459 * The authentication sign in method for the credential.
460 *
461 * @remarks
462 * For example, {@link SignInMethod}.EMAIL_PASSWORD, or
463 * {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method
464 * identifier as returned in {@link fetchSignInMethodsForEmail}.
465 */
466 signInMethod: string);
467 /**
468 * Returns a JSON-serializable representation of this object.
469 *
470 * @returns a JSON-serializable representation of this object.
471 */
472 toJSON(): object;
473 /** @internal */
474 _getIdTokenResponse(_auth: AuthInternal): Promise<PhoneOrOauthTokenResponse>;
475 /** @internal */
476 _linkToIdToken(_auth: AuthInternal, _idToken: string): Promise<IdTokenResponse>;
477 /** @internal */
478 _getReauthenticationResolver(_auth: AuthInternal): Promise<IdTokenResponse>;
479}
480
481/**
482 * Interface for an `Auth` error.
483 *
484 * @public
485 */
486export declare interface AuthError extends FirebaseError {
487 /** Details about the Firebase Auth error. */
488 readonly customData: {
489 /** The name of the Firebase App which triggered this error. */
490 readonly appName: string;
491 /** The email address of the user's account, used for sign-in and linking. */
492 readonly email?: string;
493 /** The phone number of the user's account, used for sign-in and linking. */
494 readonly phoneNumber?: string;
495 /**
496 * The tenant ID being used for sign-in and linking.
497 *
498 * @remarks
499 * If you use {@link signInWithRedirect} to sign in,
500 * you have to set the tenant ID on the {@link Auth} instance again as the tenant ID is not persisted
501 * after redirection.
502 */
503 readonly tenantId?: string;
504 };
505}
506
507/**
508 * Enumeration of Firebase Auth error codes.
509 *
510 * @internal
511 */
512declare const enum AuthErrorCode {
513 ADMIN_ONLY_OPERATION = "admin-restricted-operation",
514 ARGUMENT_ERROR = "argument-error",
515 APP_NOT_AUTHORIZED = "app-not-authorized",
516 APP_NOT_INSTALLED = "app-not-installed",
517 CAPTCHA_CHECK_FAILED = "captcha-check-failed",
518 CODE_EXPIRED = "code-expired",
519 CORDOVA_NOT_READY = "cordova-not-ready",
520 CORS_UNSUPPORTED = "cors-unsupported",
521 CREDENTIAL_ALREADY_IN_USE = "credential-already-in-use",
522 CREDENTIAL_MISMATCH = "custom-token-mismatch",
523 CREDENTIAL_TOO_OLD_LOGIN_AGAIN = "requires-recent-login",
524 DEPENDENT_SDK_INIT_BEFORE_AUTH = "dependent-sdk-initialized-before-auth",
525 DYNAMIC_LINK_NOT_ACTIVATED = "dynamic-link-not-activated",
526 EMAIL_CHANGE_NEEDS_VERIFICATION = "email-change-needs-verification",
527 EMAIL_EXISTS = "email-already-in-use",
528 EMULATOR_CONFIG_FAILED = "emulator-config-failed",
529 EXPIRED_OOB_CODE = "expired-action-code",
530 EXPIRED_POPUP_REQUEST = "cancelled-popup-request",
531 INTERNAL_ERROR = "internal-error",
532 INVALID_API_KEY = "invalid-api-key",
533 INVALID_APP_CREDENTIAL = "invalid-app-credential",
534 INVALID_APP_ID = "invalid-app-id",
535 INVALID_AUTH = "invalid-user-token",
536 INVALID_AUTH_EVENT = "invalid-auth-event",
537 INVALID_CERT_HASH = "invalid-cert-hash",
538 INVALID_CODE = "invalid-verification-code",
539 INVALID_CONTINUE_URI = "invalid-continue-uri",
540 INVALID_CORDOVA_CONFIGURATION = "invalid-cordova-configuration",
541 INVALID_CUSTOM_TOKEN = "invalid-custom-token",
542 INVALID_DYNAMIC_LINK_DOMAIN = "invalid-dynamic-link-domain",
543 INVALID_EMAIL = "invalid-email",
544 INVALID_EMULATOR_SCHEME = "invalid-emulator-scheme",
545 INVALID_IDP_RESPONSE = "invalid-credential",
546 INVALID_MESSAGE_PAYLOAD = "invalid-message-payload",
547 INVALID_MFA_SESSION = "invalid-multi-factor-session",
548 INVALID_OAUTH_CLIENT_ID = "invalid-oauth-client-id",
549 INVALID_OAUTH_PROVIDER = "invalid-oauth-provider",
550 INVALID_OOB_CODE = "invalid-action-code",
551 INVALID_ORIGIN = "unauthorized-domain",
552 INVALID_PASSWORD = "wrong-password",
553 INVALID_PERSISTENCE = "invalid-persistence-type",
554 INVALID_PHONE_NUMBER = "invalid-phone-number",
555 INVALID_PROVIDER_ID = "invalid-provider-id",
556 INVALID_RECIPIENT_EMAIL = "invalid-recipient-email",
557 INVALID_SENDER = "invalid-sender",
558 INVALID_SESSION_INFO = "invalid-verification-id",
559 INVALID_TENANT_ID = "invalid-tenant-id",
560 LOGIN_BLOCKED = "login-blocked",
561 MFA_INFO_NOT_FOUND = "multi-factor-info-not-found",
562 MFA_REQUIRED = "multi-factor-auth-required",
563 MISSING_ANDROID_PACKAGE_NAME = "missing-android-pkg-name",
564 MISSING_APP_CREDENTIAL = "missing-app-credential",
565 MISSING_AUTH_DOMAIN = "auth-domain-config-required",
566 MISSING_CODE = "missing-verification-code",
567 MISSING_CONTINUE_URI = "missing-continue-uri",
568 MISSING_IFRAME_START = "missing-iframe-start",
569 MISSING_IOS_BUNDLE_ID = "missing-ios-bundle-id",
570 MISSING_OR_INVALID_NONCE = "missing-or-invalid-nonce",
571 MISSING_MFA_INFO = "missing-multi-factor-info",
572 MISSING_MFA_SESSION = "missing-multi-factor-session",
573 MISSING_PHONE_NUMBER = "missing-phone-number",
574 MISSING_SESSION_INFO = "missing-verification-id",
575 MODULE_DESTROYED = "app-deleted",
576 NEED_CONFIRMATION = "account-exists-with-different-credential",
577 NETWORK_REQUEST_FAILED = "network-request-failed",
578 NULL_USER = "null-user",
579 NO_AUTH_EVENT = "no-auth-event",
580 NO_SUCH_PROVIDER = "no-such-provider",
581 OPERATION_NOT_ALLOWED = "operation-not-allowed",
582 OPERATION_NOT_SUPPORTED = "operation-not-supported-in-this-environment",
583 POPUP_BLOCKED = "popup-blocked",
584 POPUP_CLOSED_BY_USER = "popup-closed-by-user",
585 PROVIDER_ALREADY_LINKED = "provider-already-linked",
586 QUOTA_EXCEEDED = "quota-exceeded",
587 REDIRECT_CANCELLED_BY_USER = "redirect-cancelled-by-user",
588 REDIRECT_OPERATION_PENDING = "redirect-operation-pending",
589 REJECTED_CREDENTIAL = "rejected-credential",
590 SECOND_FACTOR_ALREADY_ENROLLED = "second-factor-already-in-use",
591 SECOND_FACTOR_LIMIT_EXCEEDED = "maximum-second-factor-count-exceeded",
592 TENANT_ID_MISMATCH = "tenant-id-mismatch",
593 TIMEOUT = "timeout",
594 TOKEN_EXPIRED = "user-token-expired",
595 TOO_MANY_ATTEMPTS_TRY_LATER = "too-many-requests",
596 UNAUTHORIZED_DOMAIN = "unauthorized-continue-uri",
597 UNSUPPORTED_FIRST_FACTOR = "unsupported-first-factor",
598 UNSUPPORTED_PERSISTENCE = "unsupported-persistence-type",
599 UNSUPPORTED_TENANT_OPERATION = "unsupported-tenant-operation",
600 UNVERIFIED_EMAIL = "unverified-email",
601 USER_CANCELLED = "user-cancelled",
602 USER_DELETED = "user-not-found",
603 USER_DISABLED = "user-disabled",
604 USER_MISMATCH = "user-mismatch",
605 USER_SIGNED_OUT = "user-signed-out",
606 WEAK_PASSWORD = "weak-password",
607 WEB_STORAGE_UNSUPPORTED = "web-storage-unsupported",
608 ALREADY_INITIALIZED = "already-initialized"
609}
610
611/**
612 * A map of potential `Auth` error codes, for easier comparison with errors
613 * thrown by the SDK.
614 *
615 * @remarks
616 * Note that you can't tree-shake individual keys
617 * in the map, so by using the map you might substantially increase your
618 * bundle size.
619 *
620 * @public
621 */
622export declare const AuthErrorCodes: {
623 readonly ADMIN_ONLY_OPERATION: "auth/admin-restricted-operation";
624 readonly ARGUMENT_ERROR: "auth/argument-error";
625 readonly APP_NOT_AUTHORIZED: "auth/app-not-authorized";
626 readonly APP_NOT_INSTALLED: "auth/app-not-installed";
627 readonly CAPTCHA_CHECK_FAILED: "auth/captcha-check-failed";
628 readonly CODE_EXPIRED: "auth/code-expired";
629 readonly CORDOVA_NOT_READY: "auth/cordova-not-ready";
630 readonly CORS_UNSUPPORTED: "auth/cors-unsupported";
631 readonly CREDENTIAL_ALREADY_IN_USE: "auth/credential-already-in-use";
632 readonly CREDENTIAL_MISMATCH: "auth/custom-token-mismatch";
633 readonly CREDENTIAL_TOO_OLD_LOGIN_AGAIN: "auth/requires-recent-login";
634 readonly DEPENDENT_SDK_INIT_BEFORE_AUTH: "auth/dependent-sdk-initialized-before-auth";
635 readonly DYNAMIC_LINK_NOT_ACTIVATED: "auth/dynamic-link-not-activated";
636 readonly EMAIL_CHANGE_NEEDS_VERIFICATION: "auth/email-change-needs-verification";
637 readonly EMAIL_EXISTS: "auth/email-already-in-use";
638 readonly EMULATOR_CONFIG_FAILED: "auth/emulator-config-failed";
639 readonly EXPIRED_OOB_CODE: "auth/expired-action-code";
640 readonly EXPIRED_POPUP_REQUEST: "auth/cancelled-popup-request";
641 readonly INTERNAL_ERROR: "auth/internal-error";
642 readonly INVALID_API_KEY: "auth/invalid-api-key";
643 readonly INVALID_APP_CREDENTIAL: "auth/invalid-app-credential";
644 readonly INVALID_APP_ID: "auth/invalid-app-id";
645 readonly INVALID_AUTH: "auth/invalid-user-token";
646 readonly INVALID_AUTH_EVENT: "auth/invalid-auth-event";
647 readonly INVALID_CERT_HASH: "auth/invalid-cert-hash";
648 readonly INVALID_CODE: "auth/invalid-verification-code";
649 readonly INVALID_CONTINUE_URI: "auth/invalid-continue-uri";
650 readonly INVALID_CORDOVA_CONFIGURATION: "auth/invalid-cordova-configuration";
651 readonly INVALID_CUSTOM_TOKEN: "auth/invalid-custom-token";
652 readonly INVALID_DYNAMIC_LINK_DOMAIN: "auth/invalid-dynamic-link-domain";
653 readonly INVALID_EMAIL: "auth/invalid-email";
654 readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
655 readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
656 readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
657 readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
658 readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
659 readonly INVALID_OAUTH_PROVIDER: "auth/invalid-oauth-provider";
660 readonly INVALID_OOB_CODE: "auth/invalid-action-code";
661 readonly INVALID_ORIGIN: "auth/unauthorized-domain";
662 readonly INVALID_PASSWORD: "auth/wrong-password";
663 readonly INVALID_PERSISTENCE: "auth/invalid-persistence-type";
664 readonly INVALID_PHONE_NUMBER: "auth/invalid-phone-number";
665 readonly INVALID_PROVIDER_ID: "auth/invalid-provider-id";
666 readonly INVALID_RECIPIENT_EMAIL: "auth/invalid-recipient-email";
667 readonly INVALID_SENDER: "auth/invalid-sender";
668 readonly INVALID_SESSION_INFO: "auth/invalid-verification-id";
669 readonly INVALID_TENANT_ID: "auth/invalid-tenant-id";
670 readonly MFA_INFO_NOT_FOUND: "auth/multi-factor-info-not-found";
671 readonly MFA_REQUIRED: "auth/multi-factor-auth-required";
672 readonly MISSING_ANDROID_PACKAGE_NAME: "auth/missing-android-pkg-name";
673 readonly MISSING_APP_CREDENTIAL: "auth/missing-app-credential";
674 readonly MISSING_AUTH_DOMAIN: "auth/auth-domain-config-required";
675 readonly MISSING_CODE: "auth/missing-verification-code";
676 readonly MISSING_CONTINUE_URI: "auth/missing-continue-uri";
677 readonly MISSING_IFRAME_START: "auth/missing-iframe-start";
678 readonly MISSING_IOS_BUNDLE_ID: "auth/missing-ios-bundle-id";
679 readonly MISSING_OR_INVALID_NONCE: "auth/missing-or-invalid-nonce";
680 readonly MISSING_MFA_INFO: "auth/missing-multi-factor-info";
681 readonly MISSING_MFA_SESSION: "auth/missing-multi-factor-session";
682 readonly MISSING_PHONE_NUMBER: "auth/missing-phone-number";
683 readonly MISSING_SESSION_INFO: "auth/missing-verification-id";
684 readonly MODULE_DESTROYED: "auth/app-deleted";
685 readonly NEED_CONFIRMATION: "auth/account-exists-with-different-credential";
686 readonly NETWORK_REQUEST_FAILED: "auth/network-request-failed";
687 readonly NULL_USER: "auth/null-user";
688 readonly NO_AUTH_EVENT: "auth/no-auth-event";
689 readonly NO_SUCH_PROVIDER: "auth/no-such-provider";
690 readonly OPERATION_NOT_ALLOWED: "auth/operation-not-allowed";
691 readonly OPERATION_NOT_SUPPORTED: "auth/operation-not-supported-in-this-environment";
692 readonly POPUP_BLOCKED: "auth/popup-blocked";
693 readonly POPUP_CLOSED_BY_USER: "auth/popup-closed-by-user";
694 readonly PROVIDER_ALREADY_LINKED: "auth/provider-already-linked";
695 readonly QUOTA_EXCEEDED: "auth/quota-exceeded";
696 readonly REDIRECT_CANCELLED_BY_USER: "auth/redirect-cancelled-by-user";
697 readonly REDIRECT_OPERATION_PENDING: "auth/redirect-operation-pending";
698 readonly REJECTED_CREDENTIAL: "auth/rejected-credential";
699 readonly SECOND_FACTOR_ALREADY_ENROLLED: "auth/second-factor-already-in-use";
700 readonly SECOND_FACTOR_LIMIT_EXCEEDED: "auth/maximum-second-factor-count-exceeded";
701 readonly TENANT_ID_MISMATCH: "auth/tenant-id-mismatch";
702 readonly TIMEOUT: "auth/timeout";
703 readonly TOKEN_EXPIRED: "auth/user-token-expired";
704 readonly TOO_MANY_ATTEMPTS_TRY_LATER: "auth/too-many-requests";
705 readonly UNAUTHORIZED_DOMAIN: "auth/unauthorized-continue-uri";
706 readonly UNSUPPORTED_FIRST_FACTOR: "auth/unsupported-first-factor";
707 readonly UNSUPPORTED_PERSISTENCE: "auth/unsupported-persistence-type";
708 readonly UNSUPPORTED_TENANT_OPERATION: "auth/unsupported-tenant-operation";
709 readonly UNVERIFIED_EMAIL: "auth/unverified-email";
710 readonly USER_CANCELLED: "auth/user-cancelled";
711 readonly USER_DELETED: "auth/user-not-found";
712 readonly USER_DISABLED: "auth/user-disabled";
713 readonly USER_MISMATCH: "auth/user-mismatch";
714 readonly USER_SIGNED_OUT: "auth/user-signed-out";
715 readonly WEAK_PASSWORD: "auth/weak-password";
716 readonly WEB_STORAGE_UNSUPPORTED: "auth/web-storage-unsupported";
717 readonly ALREADY_INITIALIZED: "auth/already-initialized";
718};
719
720/**
721 * A mapping of error codes to error messages.
722 *
723 * @remarks
724 *
725 * While error messages are useful for debugging (providing verbose textual
726 * context around what went wrong), these strings take up a lot of space in the
727 * compiled code. When deploying code in production, using {@link prodErrorMap}
728 * will save you roughly 10k compressed/gzipped over {@link debugErrorMap}. You
729 * can select the error map during initialization:
730 *
731 * ```javascript
732 * initializeAuth(app, {errorMap: debugErrorMap})
733 * ```
734 *
735 * When initializing Auth, {@link prodErrorMap} is default.
736 *
737 * @public
738 */
739export declare interface AuthErrorMap {
740}
741
742/**
743 * @internal
744 */
745declare interface AuthErrorParams extends GenericAuthErrorParams {
746 [AuthErrorCode.ARGUMENT_ERROR]: {
747 appName?: AppName;
748 };
749 [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]: {
750 appName?: AppName;
751 };
752 [AuthErrorCode.INTERNAL_ERROR]: {
753 appName?: AppName;
754 };
755 [AuthErrorCode.LOGIN_BLOCKED]: {
756 appName?: AppName;
757 originalMessage?: string;
758 };
759 [AuthErrorCode.OPERATION_NOT_SUPPORTED]: {
760 appName?: AppName;
761 };
762 [AuthErrorCode.NO_AUTH_EVENT]: {
763 appName?: AppName;
764 };
765 [AuthErrorCode.MFA_REQUIRED]: {
766 appName: AppName;
767 _serverResponse: IdTokenMfaResponse;
768 };
769 [AuthErrorCode.INVALID_CORDOVA_CONFIGURATION]: {
770 appName: AppName;
771 missingPlugin?: string;
772 };
773}
774
775/**
776 * @internal
777 */
778declare interface AuthEvent {
779 type: AuthEventType;
780 eventId: string | null;
781 urlResponse: string | null;
782 sessionId: string | null;
783 postBody: string | null;
784 tenantId: string | null;
785 error?: AuthEventError;
786}
787
788/**
789 * @internal
790 */
791declare interface AuthEventConsumer {
792 readonly filter: AuthEventType[];
793 eventId: string | null;
794 onAuthEvent(event: AuthEvent): unknown;
795 onError(error: FirebaseError): unknown;
796}
797
798declare interface AuthEventError extends Error {
799 code: string;
800 message: string;
801}
802
803/**
804 * @internal
805 */
806declare const enum AuthEventType {
807 LINK_VIA_POPUP = "linkViaPopup",
808 LINK_VIA_REDIRECT = "linkViaRedirect",
809 REAUTH_VIA_POPUP = "reauthViaPopup",
810 REAUTH_VIA_REDIRECT = "reauthViaRedirect",
811 SIGN_IN_VIA_POPUP = "signInViaPopup",
812 SIGN_IN_VIA_REDIRECT = "signInViaRedirect",
813 UNKNOWN = "unknown",
814 VERIFY_APP = "verifyApp"
815}
816
817/**
818 * UserInternal and AuthInternal reference each other, so both of them are included in the public typings.
819 * In order to exclude them, we mark them as internal explicitly.
820 *
821 * @internal
822 */
823declare interface AuthInternal extends Auth {
824 currentUser: User | null;
825 emulatorConfig: EmulatorConfig | null;
826 _canInitEmulator: boolean;
827 _isInitialized: boolean;
828 _initializationPromise: Promise<void> | null;
829 _updateCurrentUser(user: UserInternal | null): Promise<void>;
830 _onStorageEvent(): void;
831 _notifyListenersIfCurrent(user: UserInternal): void;
832 _persistUserIfCurrent(user: UserInternal): Promise<void>;
833 _setRedirectUser(user: UserInternal | null, popupRedirectResolver?: PopupRedirectResolver): Promise<void>;
834 _redirectUserForId(id: string): Promise<UserInternal | null>;
835 _popupRedirectResolver: PopupRedirectResolverInternal | null;
836 _key(): string;
837 _startProactiveRefresh(): void;
838 _stopProactiveRefresh(): void;
839 _getPersistence(): string;
840 _logFramework(framework: string): void;
841 _getFrameworks(): readonly string[];
842 _getAdditionalHeaders(): Promise<Record<string, string>>;
843 readonly name: AppName;
844 readonly config: ConfigInternal;
845 languageCode: string | null;
846 tenantId: string | null;
847 readonly settings: AuthSettings;
848 _errorFactory: ErrorFactory<AuthErrorCode, AuthErrorParams>;
849 useDeviceLanguage(): void;
850 signOut(): Promise<void>;
851}
852
853declare class AuthPopup {
854 readonly window: Window | null;
855 associatedEvent: string | null;
856 constructor(window: Window | null);
857 close(): void;
858}
859
860/**
861 * Interface that represents an auth provider, used to facilitate creating {@link AuthCredential}.
862 *
863 * @public
864 */
865export declare interface AuthProvider {
866 /**
867 * Provider for which credentials can be constructed.
868 */
869 readonly providerId: string;
870}
871
872/**
873 * Interface representing an {@link Auth} instance's settings.
874 *
875 * @remarks Currently used for enabling/disabling app verification for phone Auth testing.
876 *
877 * @public
878 */
879export declare interface AuthSettings {
880 /**
881 * When set, this property disables app verification for the purpose of testing phone
882 * authentication. For this property to take effect, it needs to be set before rendering a
883 * reCAPTCHA app verifier. When this is disabled, a mock reCAPTCHA is rendered instead. This is
884 * useful for manual testing during development or for automated integration tests.
885 *
886 * In order to use this feature, you will need to
887 * {@link https://firebase.google.com/docs/auth/web/phone-auth#test-with-whitelisted-phone-numbers | whitelist your phone number}
888 * via the Firebase Console.
889 *
890 * The default value is false (app verification is enabled).
891 */
892 appVerificationDisabledForTesting: boolean;
893}
894
895/**
896 * MFA Info as returned by the API
897 */
898declare interface BaseMfaEnrollment {
899 mfaEnrollmentId: string;
900 enrolledAt: number;
901 displayName?: string;
902}
903
904/**
905 * Common code to all OAuth providers. This is separate from the
906 * {@link OAuthProvider} so that child providers (like
907 * {@link GoogleAuthProvider}) don't inherit the `credential` instance method.
908 * Instead, they rely on a static `credential` method.
909 */
910declare abstract class BaseOAuthProvider extends FederatedAuthProvider implements AuthProvider {
911 /** @internal */
912 private scopes;
913 /**
914 * Add an OAuth scope to the credential.
915 *
916 * @param scope - Provider OAuth scope to add.
917 */
918 addScope(scope: string): AuthProvider;
919 /**
920 * Retrieve the current list of OAuth scopes.
921 */
922 getScopes(): string[];
923}
924
925/**
926 * Adds a blocking callback that runs before an auth state change
927 * sets a new user.
928 *
929 * @param auth - The {@link Auth} instance.
930 * @param callback - callback triggered before new user value is set.
931 * If this throws, it blocks the user from being set.
932 * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
933 * callback throws, allowing you to undo any side effects.
934 */
935export declare function beforeAuthStateChanged(auth: Auth, callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
936
937/**
938 * An implementation of {@link Persistence} of type `LOCAL` using `localStorage`
939 * for the underlying storage.
940 *
941 * @public
942 */
943export declare const browserLocalPersistence: Persistence;
944
945/**
946 * An implementation of {@link PopupRedirectResolver} suitable for browser
947 * based applications.
948 *
949 * @public
950 */
951export declare const browserPopupRedirectResolver: PopupRedirectResolver;
952
953/**
954 * An implementation of {@link Persistence} of `SESSION` using `sessionStorage`
955 * for the underlying storage.
956 *
957 * @public
958 */
959export declare const browserSessionPersistence: Persistence;
960
961/**
962 * Checks a verification code sent to the user by email or other out-of-band mechanism.
963 *
964 * @returns metadata about the code.
965 *
966 * @param auth - The {@link Auth} instance.
967 * @param oobCode - A verification code sent to the user.
968 *
969 * @public
970 */
971export declare function checkActionCode(auth: Auth, oobCode: string): Promise<ActionCodeInfo>;
972
973/**
974 * @internal
975 */
976declare const enum ClientPlatform {
977 BROWSER = "Browser",
978 NODE = "Node",
979 REACT_NATIVE = "ReactNative",
980 CORDOVA = "Cordova",
981 WORKER = "Worker"
982}
983export { CompleteFn }
984
985/**
986 * Interface representing the `Auth` config.
987 *
988 * @public
989 */
990export declare interface Config {
991 /**
992 * The API Key used to communicate with the Firebase Auth backend.
993 */
994 apiKey: string;
995 /**
996 * The host at which the Firebase Auth backend is running.
997 */
998 apiHost: string;
999 /**
1000 * The scheme used to communicate with the Firebase Auth backend.
1001 */
1002 apiScheme: string;
1003 /**
1004 * The host at which the Secure Token API is running.
1005 */
1006 tokenApiHost: string;
1007 /**
1008 * The SDK Client Version.
1009 */
1010 sdkClientVersion: string;
1011 /**
1012 * The domain at which the web widgets are hosted (provided via Firebase Config).
1013 */
1014 authDomain?: string;
1015}
1016
1017/**
1018 * @internal
1019 */
1020declare interface ConfigInternal extends Config {
1021 /**
1022 * @readonly
1023 */
1024 emulator?: {
1025 url: string;
1026 };
1027 /**
1028 * @readonly
1029 */
1030 clientPlatform: ClientPlatform;
1031}
1032
1033/**
1034 * A result from a phone number sign-in, link, or reauthenticate call.
1035 *
1036 * @public
1037 */
1038export declare interface ConfirmationResult {
1039 /**
1040 * The phone number authentication operation's verification ID.
1041 *
1042 * @remarks
1043 * This can be used along with the verification code to initialize a
1044 * {@link PhoneAuthCredential}.
1045 */
1046 readonly verificationId: string;
1047 /**
1048 * Finishes a phone number sign-in, link, or reauthentication.
1049 *
1050 * @example
1051 * ```javascript
1052 * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
1053 * // Obtain verificationCode from the user.
1054 * const userCredential = await confirmationResult.confirm(verificationCode);
1055 * ```
1056 *
1057 * @param verificationCode - The code that was sent to the user's mobile device.
1058 */
1059 confirm(verificationCode: string): Promise<UserCredential>;
1060}
1061
1062/**
1063 * Completes the password reset process, given a confirmation code and new password.
1064 *
1065 * @param auth - The {@link Auth} instance.
1066 * @param oobCode - A confirmation code sent to the user.
1067 * @param newPassword - The new password.
1068 *
1069 * @public
1070 */
1071export declare function confirmPasswordReset(auth: Auth, oobCode: string, newPassword: string): Promise<void>;
1072
1073/**
1074 * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
1075 * Firebase Auth services.
1076 *
1077 * @remarks
1078 * This must be called synchronously immediately following the first call to
1079 * {@link initializeAuth}. Do not use with production credentials as emulator
1080 * traffic is not encrypted.
1081 *
1082 *
1083 * @example
1084 * ```javascript
1085 * connectAuthEmulator(auth, 'http://127.0.0.1:9099', { disableWarnings: true });
1086 * ```
1087 *
1088 * @param auth - The {@link Auth} instance.
1089 * @param url - The URL at which the emulator is running (eg, 'http://localhost:9099').
1090 * @param options - Optional. `options.disableWarnings` defaults to `false`. Set it to
1091 * `true` to disable the warning banner attached to the DOM.
1092 *
1093 * @public
1094 */
1095export declare function connectAuthEmulator(auth: Auth, url: string, options?: {
1096 disableWarnings: boolean;
1097}): void;
1098
1099/**
1100 * Creates a new user account associated with the specified email address and password.
1101 *
1102 * @remarks
1103 * On successful creation of the user account, this user will also be signed in to your application.
1104 *
1105 * User account creation can fail if the account already exists or the password is invalid.
1106 *
1107 * Note: The email address acts as a unique identifier for the user and enables an email-based
1108 * password reset. This function will create a new user account and set the initial user password.
1109 *
1110 * @param auth - The {@link Auth} instance.
1111 * @param email - The user's email address.
1112 * @param password - The user's chosen password.
1113 *
1114 * @public
1115 */
1116export declare function createUserWithEmailAndPassword(auth: Auth, email: string, password: string): Promise<UserCredential>;
1117
1118/**
1119 * Map of OAuth Custom Parameters.
1120 *
1121 * @public
1122 */
1123export declare type CustomParameters = Record<string, string>;
1124
1125/**
1126 * A verbose error map with detailed descriptions for most error codes.
1127 *
1128 * See discussion at {@link AuthErrorMap}
1129 *
1130 * @public
1131 */
1132export declare const debugErrorMap: AuthErrorMap;
1133
1134/**
1135 * Deletes and signs out the user.
1136 *
1137 * @remarks
1138 * Important: this is a security-sensitive operation that requires the user to have recently
1139 * signed in. If this requirement isn't met, ask the user to authenticate again and then call
1140 * {@link reauthenticateWithCredential}.
1141 *
1142 * @param user - The user.
1143 *
1144 * @public
1145 */
1146export declare function deleteUser(user: User): Promise<void>;
1147
1148/**
1149 * The dependencies that can be used to initialize an {@link Auth} instance.
1150 *
1151 * @remarks
1152 *
1153 * The modular SDK enables tree shaking by allowing explicit declarations of
1154 * dependencies. For example, a web app does not need to include code that
1155 * enables Cordova redirect sign in. That functionality is therefore split into
1156 * {@link browserPopupRedirectResolver} and
1157 * {@link cordovaPopupRedirectResolver}. The dependencies object is how Auth is
1158 * configured to reduce bundle sizes.
1159 *
1160 * There are two ways to initialize an {@link Auth} instance: {@link getAuth} and
1161 * {@link initializeAuth}. `getAuth` initializes everything using
1162 * platform-specific configurations, while `initializeAuth` takes a
1163 * `Dependencies` object directly, giving you more control over what is used.
1164 *
1165 * @public
1166 */
1167export declare interface Dependencies {
1168 /**
1169 * Which {@link Persistence} to use. If this is an array, the first
1170 * `Persistence` that the device supports is used. The SDK searches for an
1171 * existing account in order and, if one is found in a secondary
1172 * `Persistence`, the account is moved to the primary `Persistence`.
1173 *
1174 * If no persistence is provided, the SDK falls back on
1175 * {@link inMemoryPersistence}.
1176 */
1177 persistence?: Persistence | Persistence[];
1178 /**
1179 * The {@link PopupRedirectResolver} to use. This value depends on the
1180 * platform. Options are {@link browserPopupRedirectResolver} and
1181 * {@link cordovaPopupRedirectResolver}. This field is optional if neither
1182 * {@link signInWithPopup} or {@link signInWithRedirect} are being used.
1183 */
1184 popupRedirectResolver?: PopupRedirectResolver;
1185 /**
1186 * Which {@link AuthErrorMap} to use.
1187 */
1188 errorMap?: AuthErrorMap;
1189}
1190
1191/**
1192 * Interface that represents the credentials returned by {@link EmailAuthProvider} for
1193 * {@link ProviderId}.PASSWORD
1194 *
1195 * @remarks
1196 * Covers both {@link SignInMethod}.EMAIL_PASSWORD and
1197 * {@link SignInMethod}.EMAIL_LINK.
1198 *
1199 * @public
1200 */
1201export declare class EmailAuthCredential extends AuthCredential {
1202 /** @internal */
1203 readonly _email: string;
1204 /** @internal */
1205 readonly _password: string;
1206 /** @internal */
1207 readonly _tenantId: string | null;
1208 /** @internal */
1209 private constructor();
1210 /** @internal */
1211 static _fromEmailAndPassword(email: string, password: string): EmailAuthCredential;
1212 /** @internal */
1213 static _fromEmailAndCode(email: string, oobCode: string, tenantId?: string | null): EmailAuthCredential;
1214 /** {@inheritdoc AuthCredential.toJSON} */
1215 toJSON(): object;
1216 /**
1217 * Static method to deserialize a JSON representation of an object into an {@link AuthCredential}.
1218 *
1219 * @param json - Either `object` or the stringified representation of the object. When string is
1220 * provided, `JSON.parse` would be called first.
1221 *
1222 * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
1223 */
1224 static fromJSON(json: object | string): EmailAuthCredential | null;
1225 /** @internal */
1226 _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse>;
1227 /** @internal */
1228 _linkToIdToken(auth: AuthInternal, idToken: string): Promise<IdTokenResponse>;
1229 /** @internal */
1230 _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse>;
1231}
1232
1233/**
1234 * Provider for generating {@link EmailAuthCredential}.
1235 *
1236 * @public
1237 */
1238export declare class EmailAuthProvider implements AuthProvider {
1239 /**
1240 * Always set to {@link ProviderId}.PASSWORD, even for email link.
1241 */
1242 static readonly PROVIDER_ID: 'password';
1243 /**
1244 * Always set to {@link SignInMethod}.EMAIL_PASSWORD.
1245 */
1246 static readonly EMAIL_PASSWORD_SIGN_IN_METHOD: 'password';
1247 /**
1248 * Always set to {@link SignInMethod}.EMAIL_LINK.
1249 */
1250 static readonly EMAIL_LINK_SIGN_IN_METHOD: 'emailLink';
1251 /**
1252 * Always set to {@link ProviderId}.PASSWORD, even for email link.
1253 */
1254 readonly providerId: "password";
1255 /**
1256 * Initialize an {@link AuthCredential} using an email and password.
1257 *
1258 * @example
1259 * ```javascript
1260 * const authCredential = EmailAuthProvider.credential(email, password);
1261 * const userCredential = await signInWithCredential(auth, authCredential);
1262 * ```
1263 *
1264 * @example
1265 * ```javascript
1266 * const userCredential = await signInWithEmailAndPassword(auth, email, password);
1267 * ```
1268 *
1269 * @param email - Email address.
1270 * @param password - User account password.
1271 * @returns The auth provider credential.
1272 */
1273 static credential(email: string, password: string): EmailAuthCredential;
1274 /**
1275 * Initialize an {@link AuthCredential} using an email and an email link after a sign in with
1276 * email link operation.
1277 *
1278 * @example
1279 * ```javascript
1280 * const authCredential = EmailAuthProvider.credentialWithLink(auth, email, emailLink);
1281 * const userCredential = await signInWithCredential(auth, authCredential);
1282 * ```
1283 *
1284 * @example
1285 * ```javascript
1286 * await sendSignInLinkToEmail(auth, email);
1287 * // Obtain emailLink from user.
1288 * const userCredential = await signInWithEmailLink(auth, email, emailLink);
1289 * ```
1290 *
1291 * @param auth - The {@link Auth} instance used to verify the link.
1292 * @param email - Email address.
1293 * @param emailLink - Sign-in email link.
1294 * @returns - The auth provider credential.
1295 */
1296 static credentialWithLink(email: string, emailLink: string): EmailAuthCredential;
1297}
1298
1299/**
1300 * Configuration of Firebase Authentication Emulator.
1301 * @public
1302 */
1303export declare interface EmulatorConfig {
1304 /**
1305 * The protocol used to communicate with the emulator ("http"/"https").
1306 */
1307 readonly protocol: string;
1308 /**
1309 * The hostname of the emulator, which may be a domain ("localhost"), IPv4 address ("127.0.0.1")
1310 * or quoted IPv6 address ("[::1]").
1311 */
1312 readonly host: string;
1313 /**
1314 * The port of the emulator, or null if port isn't specified (i.e. protocol default).
1315 */
1316 readonly port: number | null;
1317 /**
1318 * The emulator-specific options.
1319 */
1320 readonly options: {
1321 /**
1322 * Whether the warning banner attached to the DOM was disabled.
1323 */
1324 readonly disableWarnings: boolean;
1325 };
1326}
1327export { ErrorFn }
1328
1329/**
1330 * @internal
1331 */
1332declare interface EventManager {
1333 registerConsumer(authEventConsumer: AuthEventConsumer): void;
1334 unregisterConsumer(authEventConsumer: AuthEventConsumer): void;
1335}
1336
1337/**
1338 * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.FACEBOOK.
1339 *
1340 * @example
1341 * ```javascript
1342 * // Sign in using a redirect.
1343 * const provider = new FacebookAuthProvider();
1344 * // Start a sign in process for an unauthenticated user.
1345 * provider.addScope('user_birthday');
1346 * await signInWithRedirect(auth, provider);
1347 * // This will trigger a full page redirect away from your app
1348 *
1349 * // After returning from the redirect when your app initializes you can obtain the result
1350 * const result = await getRedirectResult(auth);
1351 * if (result) {
1352 * // This is the signed-in user
1353 * const user = result.user;
1354 * // This gives you a Facebook Access Token.
1355 * const credential = FacebookAuthProvider.credentialFromResult(result);
1356 * const token = credential.accessToken;
1357 * }
1358 * ```
1359 *
1360 * @example
1361 * ```javascript
1362 * // Sign in using a popup.
1363 * const provider = new FacebookAuthProvider();
1364 * provider.addScope('user_birthday');
1365 * const result = await signInWithPopup(auth, provider);
1366 *
1367 * // The signed-in user info.
1368 * const user = result.user;
1369 * // This gives you a Facebook Access Token.
1370 * const credential = FacebookAuthProvider.credentialFromResult(result);
1371 * const token = credential.accessToken;
1372 * ```
1373 *
1374 * @public
1375 */
1376export declare class FacebookAuthProvider extends BaseOAuthProvider {
1377 /** Always set to {@link SignInMethod}.FACEBOOK. */
1378 static readonly FACEBOOK_SIGN_IN_METHOD: 'facebook.com';
1379 /** Always set to {@link ProviderId}.FACEBOOK. */
1380 static readonly PROVIDER_ID: 'facebook.com';
1381 constructor();
1382 /**
1383 * Creates a credential for Facebook.
1384 *
1385 * @example
1386 * ```javascript
1387 * // `event` from the Facebook auth.authResponseChange callback.
1388 * const credential = FacebookAuthProvider.credential(event.authResponse.accessToken);
1389 * const result = await signInWithCredential(credential);
1390 * ```
1391 *
1392 * @param accessToken - Facebook access token.
1393 */
1394 static credential(accessToken: string): OAuthCredential;
1395 /**
1396 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1397 *
1398 * @param userCredential - The user credential.
1399 */
1400 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1401 /**
1402 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1403 * thrown during a sign-in, link, or reauthenticate operation.
1404 *
1405 * @param userCredential - The user credential.
1406 */
1407 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1408 private static credentialFromTaggedObject;
1409}
1410
1411/**
1412 * An enum of factors that may be used for multifactor authentication.
1413 *
1414 * @public
1415 */
1416export declare const FactorId: {
1417 /** Phone as second factor */
1418 readonly PHONE: "phone";
1419};
1420
1421/**
1422 * The base class for all Federated providers (OAuth (including OIDC), SAML).
1423 *
1424 * This class is not meant to be instantiated directly.
1425 *
1426 * @public
1427 */
1428declare abstract class FederatedAuthProvider implements AuthProvider {
1429 readonly providerId: string;
1430 /** @internal */
1431 defaultLanguageCode: string | null;
1432 /** @internal */
1433 private customParameters;
1434 /**
1435 * Constructor for generic OAuth providers.
1436 *
1437 * @param providerId - Provider for which credentials should be generated.
1438 */
1439 constructor(providerId: string);
1440 /**
1441 * Set the language gode.
1442 *
1443 * @param languageCode - language code
1444 */
1445 setDefaultLanguage(languageCode: string | null): void;
1446 /**
1447 * Sets the OAuth custom parameters to pass in an OAuth request for popup and redirect sign-in
1448 * operations.
1449 *
1450 * @remarks
1451 * For a detailed list, check the reserved required OAuth 2.0 parameters such as `client_id`,
1452 * `redirect_uri`, `scope`, `response_type`, and `state` are not allowed and will be ignored.
1453 *
1454 * @param customOAuthParameters - The custom OAuth parameters to pass in the OAuth request.
1455 */
1456 setCustomParameters(customOAuthParameters: CustomParameters): AuthProvider;
1457 /**
1458 * Retrieve the current list of {@link CustomParameters}.
1459 */
1460 getCustomParameters(): CustomParameters;
1461}
1462
1463/**
1464 * Gets the list of possible sign in methods for the given email address.
1465 *
1466 * @remarks
1467 * This is useful to differentiate methods of sign-in for the same provider, eg.
1468 * {@link EmailAuthProvider} which has 2 methods of sign-in,
1469 * {@link SignInMethod}.EMAIL_PASSWORD and
1470 * {@link SignInMethod}.EMAIL_LINK.
1471 *
1472 * @param auth - The {@link Auth} instance.
1473 * @param email - The user's email address.
1474 *
1475 * @public
1476 */
1477export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
1478
1479declare interface FinalizeMfaResponse {
1480 idToken: string;
1481 refreshToken: string;
1482}
1483
1484/**
1485 * @internal
1486 */
1487declare type GenericAuthErrorParams = {
1488 [key in Exclude<AuthErrorCode, AuthErrorCode.ARGUMENT_ERROR | AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH | AuthErrorCode.INTERNAL_ERROR | AuthErrorCode.MFA_REQUIRED | AuthErrorCode.NO_AUTH_EVENT | AuthErrorCode.OPERATION_NOT_SUPPORTED>]: {
1489 appName?: AppName;
1490 email?: string;
1491 phoneNumber?: string;
1492 message?: string;
1493 };
1494};
1495
1496/**
1497 * Extracts provider specific {@link AdditionalUserInfo} for the given credential.
1498 *
1499 * @param userCredential - The user credential.
1500 *
1501 * @public
1502 */
1503export declare function getAdditionalUserInfo(userCredential: UserCredential): AdditionalUserInfo | null;
1504
1505/**
1506 * Returns the Auth instance associated with the provided {@link @firebase/app#FirebaseApp}.
1507 * If no instance exists, initializes an Auth instance with platform-specific default dependencies.
1508 *
1509 * @param app - The Firebase App.
1510 *
1511 * @public
1512 */
1513export declare function getAuth(app?: FirebaseApp): Auth;
1514
1515/**
1516 * Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.
1517 *
1518 * @remarks
1519 * Returns the current token if it has not expired or if it will not expire in the next five
1520 * minutes. Otherwise, this will refresh the token and return a new one.
1521 *
1522 * @param user - The user.
1523 * @param forceRefresh - Force refresh regardless of token expiration.
1524 *
1525 * @public
1526 */
1527export declare function getIdToken(user: User, forceRefresh?: boolean): Promise<string>;
1528
1529/**
1530 * Returns a deserialized JSON Web Token (JWT) used to identitfy the user to a Firebase service.
1531 *
1532 * @remarks
1533 * Returns the current token if it has not expired or if it will not expire in the next five
1534 * minutes. Otherwise, this will refresh the token and return a new one.
1535 *
1536 * @param user - The user.
1537 * @param forceRefresh - Force refresh regardless of token expiration.
1538 *
1539 * @public
1540 */
1541export declare function getIdTokenResult(user: User, forceRefresh?: boolean): Promise<IdTokenResult>;
1542
1543/**
1544 * Provides a {@link MultiFactorResolver} suitable for completion of a
1545 * multi-factor flow.
1546 *
1547 * @param auth - The {@link Auth} instance.
1548 * @param error - The {@link MultiFactorError} raised during a sign-in, or
1549 * reauthentication operation.
1550 *
1551 * @public
1552 */
1553export declare function getMultiFactorResolver(auth: Auth, error: MultiFactorError): MultiFactorResolver;
1554
1555/**
1556 * Returns a {@link UserCredential} from the redirect-based sign-in flow.
1557 *
1558 * @remarks
1559 * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
1560 * error. If no redirect operation was called, returns a {@link UserCredential}
1561 * with a null `user`.
1562 *
1563 * @example
1564 * ```javascript
1565 * // Sign in using a redirect.
1566 * const provider = new FacebookAuthProvider();
1567 * // You can add additional scopes to the provider:
1568 * provider.addScope('user_birthday');
1569 * // Start a sign in process for an unauthenticated user.
1570 * await signInWithRedirect(auth, provider);
1571 * // This will trigger a full page redirect away from your app
1572 *
1573 * // After returning from the redirect when your app initializes you can obtain the result
1574 * const result = await getRedirectResult(auth);
1575 * if (result) {
1576 * // This is the signed-in user
1577 * const user = result.user;
1578 * // This gives you a Facebook Access Token.
1579 * const credential = provider.credentialFromResult(auth, result);
1580 * const token = credential.accessToken;
1581 * }
1582 * // As this API can be used for sign-in, linking and reauthentication,
1583 * // check the operationType to determine what triggered this redirect
1584 * // operation.
1585 * const operationType = result.operationType;
1586 * ```
1587 *
1588 * @param auth - The {@link Auth} instance.
1589 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1590 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1591 *
1592 * @public
1593 */
1594export declare function getRedirectResult(auth: Auth, resolver?: PopupRedirectResolver): Promise<UserCredential | null>;
1595
1596/**
1597 * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GITHUB.
1598 *
1599 * @remarks
1600 * GitHub requires an OAuth 2.0 redirect, so you can either handle the redirect directly, or use
1601 * the {@link signInWithPopup} handler:
1602 *
1603 * @example
1604 * ```javascript
1605 * // Sign in using a redirect.
1606 * const provider = new GithubAuthProvider();
1607 * // Start a sign in process for an unauthenticated user.
1608 * provider.addScope('repo');
1609 * await signInWithRedirect(auth, provider);
1610 * // This will trigger a full page redirect away from your app
1611 *
1612 * // After returning from the redirect when your app initializes you can obtain the result
1613 * const result = await getRedirectResult(auth);
1614 * if (result) {
1615 * // This is the signed-in user
1616 * const user = result.user;
1617 * // This gives you a Github Access Token.
1618 * const credential = GithubAuthProvider.credentialFromResult(result);
1619 * const token = credential.accessToken;
1620 * }
1621 * ```
1622 *
1623 * @example
1624 * ```javascript
1625 * // Sign in using a popup.
1626 * const provider = new GithubAuthProvider();
1627 * provider.addScope('repo');
1628 * const result = await signInWithPopup(auth, provider);
1629 *
1630 * // The signed-in user info.
1631 * const user = result.user;
1632 * // This gives you a Github Access Token.
1633 * const credential = GithubAuthProvider.credentialFromResult(result);
1634 * const token = credential.accessToken;
1635 * ```
1636 * @public
1637 */
1638export declare class GithubAuthProvider extends BaseOAuthProvider {
1639 /** Always set to {@link SignInMethod}.GITHUB. */
1640 static readonly GITHUB_SIGN_IN_METHOD: 'github.com';
1641 /** Always set to {@link ProviderId}.GITHUB. */
1642 static readonly PROVIDER_ID: 'github.com';
1643 constructor();
1644 /**
1645 * Creates a credential for Github.
1646 *
1647 * @param accessToken - Github access token.
1648 */
1649 static credential(accessToken: string): OAuthCredential;
1650 /**
1651 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1652 *
1653 * @param userCredential - The user credential.
1654 */
1655 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1656 /**
1657 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1658 * thrown during a sign-in, link, or reauthenticate operation.
1659 *
1660 * @param userCredential - The user credential.
1661 */
1662 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1663 private static credentialFromTaggedObject;
1664}
1665
1666/**
1667 * Provider for generating an an {@link OAuthCredential} for {@link ProviderId}.GOOGLE.
1668 *
1669 * @example
1670 * ```javascript
1671 * // Sign in using a redirect.
1672 * const provider = new GoogleAuthProvider();
1673 * // Start a sign in process for an unauthenticated user.
1674 * provider.addScope('profile');
1675 * provider.addScope('email');
1676 * await signInWithRedirect(auth, provider);
1677 * // This will trigger a full page redirect away from your app
1678 *
1679 * // After returning from the redirect when your app initializes you can obtain the result
1680 * const result = await getRedirectResult(auth);
1681 * if (result) {
1682 * // This is the signed-in user
1683 * const user = result.user;
1684 * // This gives you a Google Access Token.
1685 * const credential = GoogleAuthProvider.credentialFromResult(result);
1686 * const token = credential.accessToken;
1687 * }
1688 * ```
1689 *
1690 * @example
1691 * ```javascript
1692 * // Sign in using a popup.
1693 * const provider = new GoogleAuthProvider();
1694 * provider.addScope('profile');
1695 * provider.addScope('email');
1696 * const result = await signInWithPopup(auth, provider);
1697 *
1698 * // The signed-in user info.
1699 * const user = result.user;
1700 * // This gives you a Google Access Token.
1701 * const credential = GoogleAuthProvider.credentialFromResult(result);
1702 * const token = credential.accessToken;
1703 * ```
1704 *
1705 * @public
1706 */
1707export declare class GoogleAuthProvider extends BaseOAuthProvider {
1708 /** Always set to {@link SignInMethod}.GOOGLE. */
1709 static readonly GOOGLE_SIGN_IN_METHOD: 'google.com';
1710 /** Always set to {@link ProviderId}.GOOGLE. */
1711 static readonly PROVIDER_ID: 'google.com';
1712 constructor();
1713 /**
1714 * Creates a credential for Google. At least one of ID token and access token is required.
1715 *
1716 * @example
1717 * ```javascript
1718 * // \`googleUser\` from the onsuccess Google Sign In callback.
1719 * const credential = GoogleAuthProvider.credential(googleUser.getAuthResponse().id_token);
1720 * const result = await signInWithCredential(credential);
1721 * ```
1722 *
1723 * @param idToken - Google ID token.
1724 * @param accessToken - Google access token.
1725 */
1726 static credential(idToken?: string | null, accessToken?: string | null): OAuthCredential;
1727 /**
1728 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1729 *
1730 * @param userCredential - The user credential.
1731 */
1732 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1733 /**
1734 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1735 * thrown during a sign-in, link, or reauthenticate operation.
1736 *
1737 * @param userCredential - The user credential.
1738 */
1739 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1740 private static credentialFromTaggedObject;
1741}
1742
1743/**
1744 * Raw encoded JWT
1745 *
1746 */
1747declare type IdToken = string;
1748
1749/**
1750 * @internal
1751 */
1752declare interface IdTokenMfaResponse extends IdTokenResponse {
1753 mfaPendingCredential?: string;
1754 mfaInfo?: MfaEnrollment[];
1755}
1756
1757/**
1758 * IdToken as returned by the API
1759 *
1760 * @internal
1761 */
1762declare interface IdTokenResponse {
1763 localId: string;
1764 idToken?: IdToken;
1765 refreshToken?: string;
1766 expiresIn?: string;
1767 providerId?: string;
1768 displayName?: string | null;
1769 isNewUser?: boolean;
1770 kind?: IdTokenResponseKind;
1771 photoUrl?: string | null;
1772 rawUserInfo?: string;
1773 screenName?: string | null;
1774}
1775
1776/**
1777 * The possible types of the `IdTokenResponse`
1778 *
1779 * @internal
1780 */
1781declare const enum IdTokenResponseKind {
1782 CreateAuthUri = "identitytoolkit#CreateAuthUriResponse",
1783 DeleteAccount = "identitytoolkit#DeleteAccountResponse",
1784 DownloadAccount = "identitytoolkit#DownloadAccountResponse",
1785 EmailLinkSignin = "identitytoolkit#EmailLinkSigninResponse",
1786 GetAccountInfo = "identitytoolkit#GetAccountInfoResponse",
1787 GetOobConfirmationCode = "identitytoolkit#GetOobConfirmationCodeResponse",
1788 GetRecaptchaParam = "identitytoolkit#GetRecaptchaParamResponse",
1789 ResetPassword = "identitytoolkit#ResetPasswordResponse",
1790 SetAccountInfo = "identitytoolkit#SetAccountInfoResponse",
1791 SignupNewUser = "identitytoolkit#SignupNewUserResponse",
1792 UploadAccount = "identitytoolkit#UploadAccountResponse",
1793 VerifyAssertion = "identitytoolkit#VerifyAssertionResponse",
1794 VerifyCustomToken = "identitytoolkit#VerifyCustomTokenResponse",
1795 VerifyPassword = "identitytoolkit#VerifyPasswordResponse"
1796}
1797
1798/**
1799 * Interface representing ID token result obtained from {@link User.getIdTokenResult}.
1800 *
1801 * @remarks
1802 * `IdTokenResult` contains the ID token JWT string and other helper properties for getting different data
1803 * associated with the token as well as all the decoded payload claims.
1804 *
1805 * Note that these claims are not to be trusted as they are parsed client side. Only server side
1806 * verification can guarantee the integrity of the token claims.
1807 *
1808 * @public
1809 */
1810export declare interface IdTokenResult {
1811 /**
1812 * The authentication time formatted as a UTC string.
1813 *
1814 * @remarks
1815 * This is the time the user authenticated (signed in) and not the time the token was refreshed.
1816 */
1817 authTime: string;
1818 /** The ID token expiration time formatted as a UTC string. */
1819 expirationTime: string;
1820 /** The ID token issuance time formatted as a UTC string. */
1821 issuedAtTime: string;
1822 /**
1823 * The sign-in provider through which the ID token was obtained (anonymous, custom, phone,
1824 * password, etc).
1825 *
1826 * @remarks
1827 * Note, this does not map to provider IDs.
1828 */
1829 signInProvider: string | null;
1830 /**
1831 * The type of second factor associated with this session, provided the user was multi-factor
1832 * authenticated (eg. phone, etc).
1833 */
1834 signInSecondFactor: string | null;
1835 /** The Firebase Auth ID token JWT string. */
1836 token: string;
1837 /**
1838 * The entire payload claims of the ID token including the standard reserved claims as well as
1839 * the custom claims.
1840 */
1841 claims: ParsedToken;
1842}
1843
1844/**
1845 * An implementation of {@link Persistence} of type `LOCAL` using `indexedDB`
1846 * for the underlying storage.
1847 *
1848 * @public
1849 */
1850export declare const indexedDBLocalPersistence: Persistence;
1851
1852/**
1853 * Initializes an {@link Auth} instance with fine-grained control over
1854 * {@link Dependencies}.
1855 *
1856 * @remarks
1857 *
1858 * This function allows more control over the {@link Auth} instance than
1859 * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
1860 * the {@link Dependencies}. In general, `getAuth` is the easiest way to
1861 * initialize Auth and works for most use cases. Use `initializeAuth` if you
1862 * need control over which persistence layer is used, or to minimize bundle
1863 * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
1864 *
1865 * For example, if your app only uses anonymous accounts and you only want
1866 * accounts saved for the current session, initialize `Auth` with:
1867 *
1868 * ```js
1869 * const auth = initializeAuth(app, {
1870 * persistence: browserSessionPersistence,
1871 * popupRedirectResolver: undefined,
1872 * });
1873 * ```
1874 *
1875 * @public
1876 */
1877export declare function initializeAuth(app: FirebaseApp, deps?: Dependencies): Auth;
1878
1879/**
1880 * An implementation of {@link Persistence} of type 'NONE'.
1881 *
1882 * @public
1883 */
1884export declare const inMemoryPersistence: Persistence;
1885
1886/**
1887 * Checks if an incoming link is a sign-in with email link suitable for {@link signInWithEmailLink}.
1888 *
1889 * @param auth - The {@link Auth} instance.
1890 * @param emailLink - The link sent to the user's email address.
1891 *
1892 * @public
1893 */
1894export declare function isSignInWithEmailLink(auth: Auth, emailLink: string): boolean;
1895
1896/**
1897 * Links the user account with the given credentials.
1898 *
1899 * @remarks
1900 * An {@link AuthProvider} can be used to generate the credential.
1901 *
1902 * @param user - The user.
1903 * @param credential - The auth credential.
1904 *
1905 * @public
1906 */
1907export declare function linkWithCredential(user: User, credential: AuthCredential): Promise<UserCredential>;
1908
1909/**
1910 * Links the user account with the given phone number.
1911 *
1912 * @param user - The user.
1913 * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
1914 * @param appVerifier - The {@link ApplicationVerifier}.
1915 *
1916 * @public
1917 */
1918export declare function linkWithPhoneNumber(user: User, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
1919
1920/**
1921 * Links the authenticated provider to the user account using a pop-up based OAuth flow.
1922 *
1923 * @remarks
1924 * If the linking is successful, the returned result will contain the user and the provider's credential.
1925 *
1926 *
1927 * @example
1928 * ```javascript
1929 * // Sign in using some other provider.
1930 * const result = await signInWithEmailAndPassword(auth, email, password);
1931 * // Link using a popup.
1932 * const provider = new FacebookAuthProvider();
1933 * await linkWithPopup(result.user, provider);
1934 * ```
1935 *
1936 * @param user - The user.
1937 * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
1938 * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
1939 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1940 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1941 *
1942 * @public
1943 */
1944export declare function linkWithPopup(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<UserCredential>;
1945
1946/**
1947 * Links the {@link OAuthProvider} to the user account using a full-page redirect flow.
1948 *
1949 * @example
1950 * ```javascript
1951 * // Sign in using some other provider.
1952 * const result = await signInWithEmailAndPassword(auth, email, password);
1953 * // Link using a redirect.
1954 * const provider = new FacebookAuthProvider();
1955 * await linkWithRedirect(result.user, provider);
1956 * // This will trigger a full page redirect away from your app
1957 *
1958 * // After returning from the redirect when your app initializes you can obtain the result
1959 * const result = await getRedirectResult(auth);
1960 * ```
1961 *
1962 * @param user - The user.
1963 * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
1964 * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
1965 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1966 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1967 *
1968 *
1969 * @public
1970 */
1971export declare function linkWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
1972
1973/**
1974 * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment is supported
1975 */
1976declare type MfaEnrollment = PhoneMfaEnrollment;
1977
1978/**
1979 * The {@link MultiFactorUser} corresponding to the user.
1980 *
1981 * @remarks
1982 * This is used to access all multi-factor properties and operations related to the user.
1983 *
1984 * @param user - The user.
1985 *
1986 * @public
1987 */
1988export declare function multiFactor(user: User): MultiFactorUser;
1989
1990/**
1991 * The base class for asserting ownership of a second factor.
1992 *
1993 * @remarks
1994 * This is used to facilitate enrollment of a second factor on an existing user or sign-in of a
1995 * user who already verified the first factor.
1996 *
1997 * @public
1998 */
1999export declare interface MultiFactorAssertion {
2000 /** The identifier of the second factor. */
2001 readonly factorId: typeof FactorId[keyof typeof FactorId];
2002}
2003
2004/**
2005 * The error thrown when the user needs to provide a second factor to sign in successfully.
2006 *
2007 * @remarks
2008 * The error code for this error is `auth/multi-factor-auth-required`.
2009 *
2010 * @example
2011 * ```javascript
2012 * let resolver;
2013 * let multiFactorHints;
2014 *
2015 * signInWithEmailAndPassword(auth, email, password)
2016 * .then((result) => {
2017 * // User signed in. No 2nd factor challenge is needed.
2018 * })
2019 * .catch((error) => {
2020 * if (error.code == 'auth/multi-factor-auth-required') {
2021 * resolver = getMultiFactorResolver(auth, error);
2022 * multiFactorHints = resolver.hints;
2023 * } else {
2024 * // Handle other errors.
2025 * }
2026 * });
2027 *
2028 * // Obtain a multiFactorAssertion by verifying the second factor.
2029 *
2030 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
2031 * ```
2032 *
2033 * @public
2034 */
2035export declare interface MultiFactorError extends AuthError {
2036 /** Details about the MultiFactorError. */
2037 readonly customData: AuthError['customData'] & {
2038 /**
2039 * The type of operation (sign-in, linking, or re-authentication) that raised the error.
2040 */
2041 readonly operationType: typeof OperationType[keyof typeof OperationType];
2042 };
2043}
2044
2045/**
2046 * A structure containing the information of a second factor entity.
2047 *
2048 * @public
2049 */
2050export declare interface MultiFactorInfo {
2051 /** The multi-factor enrollment ID. */
2052 readonly uid: string;
2053 /** The user friendly name of the current second factor. */
2054 readonly displayName?: string | null;
2055 /** The enrollment date of the second factor formatted as a UTC string. */
2056 readonly enrollmentTime: string;
2057 /** The identifier of the second factor. */
2058 readonly factorId: typeof FactorId[keyof typeof FactorId];
2059}
2060
2061/**
2062 * The class used to facilitate recovery from {@link MultiFactorError} when a user needs to
2063 * provide a second factor to sign in.
2064 *
2065 * @example
2066 * ```javascript
2067 * let resolver;
2068 * let multiFactorHints;
2069 *
2070 * signInWithEmailAndPassword(auth, email, password)
2071 * .then((result) => {
2072 * // User signed in. No 2nd factor challenge is needed.
2073 * })
2074 * .catch((error) => {
2075 * if (error.code == 'auth/multi-factor-auth-required') {
2076 * resolver = getMultiFactorResolver(auth, error);
2077 * // Show UI to let user select second factor.
2078 * multiFactorHints = resolver.hints;
2079 * } else {
2080 * // Handle other errors.
2081 * }
2082 * });
2083 *
2084 * // The enrolled second factors that can be used to complete
2085 * // sign-in are returned in the `MultiFactorResolver.hints` list.
2086 * // UI needs to be presented to allow the user to select a second factor
2087 * // from that list.
2088 *
2089 * const selectedHint = // ; selected from multiFactorHints
2090 * const phoneAuthProvider = new PhoneAuthProvider(auth);
2091 * const phoneInfoOptions = {
2092 * multiFactorHint: selectedHint,
2093 * session: resolver.session
2094 * };
2095 * const verificationId = phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
2096 * // Store `verificationId` and show UI to let user enter verification code.
2097 *
2098 * // UI to enter verification code and continue.
2099 * // Continue button click handler
2100 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
2101 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
2102 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
2103 * ```
2104 *
2105 * @public
2106 */
2107export declare interface MultiFactorResolver {
2108 /**
2109 * The list of hints for the second factors needed to complete the sign-in for the current
2110 * session.
2111 */
2112 readonly hints: MultiFactorInfo[];
2113 /**
2114 * The session identifier for the current sign-in flow, which can be used to complete the second
2115 * factor sign-in.
2116 */
2117 readonly session: MultiFactorSession;
2118 /**
2119 * A helper function to help users complete sign in with a second factor using an
2120 * {@link MultiFactorAssertion} confirming the user successfully completed the second factor
2121 * challenge.
2122 *
2123 * @example
2124 * ```javascript
2125 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
2126 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
2127 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
2128 * ```
2129 *
2130 * @param assertion - The multi-factor assertion to resolve sign-in with.
2131 * @returns The promise that resolves with the user credential object.
2132 */
2133 resolveSignIn(assertion: MultiFactorAssertion): Promise<UserCredential>;
2134}
2135
2136/**
2137 * An interface defining the multi-factor session object used for enrolling a second factor on a
2138 * user or helping sign in an enrolled user with a second factor.
2139 *
2140 * @public
2141 */
2142export declare interface MultiFactorSession {
2143}
2144
2145/**
2146 * An interface that defines the multi-factor related properties and operations pertaining
2147 * to a {@link User}.
2148 *
2149 * @public
2150 */
2151export declare interface MultiFactorUser {
2152 /** Returns a list of the user's enrolled second factors. */
2153 readonly enrolledFactors: MultiFactorInfo[];
2154 /**
2155 * Returns the session identifier for a second factor enrollment operation. This is used to
2156 * identify the user trying to enroll a second factor.
2157 *
2158 * @example
2159 * ```javascript
2160 * const multiFactorUser = multiFactor(auth.currentUser);
2161 * const multiFactorSession = await multiFactorUser.getSession();
2162 *
2163 * // Send verification code.
2164 * const phoneAuthProvider = new PhoneAuthProvider(auth);
2165 * const phoneInfoOptions = {
2166 * phoneNumber: phoneNumber,
2167 * session: multiFactorSession
2168 * };
2169 * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
2170 *
2171 * // Obtain verification code from user.
2172 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
2173 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
2174 * await multiFactorUser.enroll(multiFactorAssertion);
2175 * ```
2176 *
2177 * @returns The promise that resolves with the {@link MultiFactorSession}.
2178 */
2179 getSession(): Promise<MultiFactorSession>;
2180 /**
2181 *
2182 * Enrolls a second factor as identified by the {@link MultiFactorAssertion} for the
2183 * user.
2184 *
2185 * @remarks
2186 * On resolution, the user tokens are updated to reflect the change in the JWT payload.
2187 * Accepts an additional display name parameter used to identify the second factor to the end
2188 * user. Recent re-authentication is required for this operation to succeed. On successful
2189 * enrollment, existing Firebase sessions (refresh tokens) are revoked. When a new factor is
2190 * enrolled, an email notification is sent to the user’s email.
2191 *
2192 * @example
2193 * ```javascript
2194 * const multiFactorUser = multiFactor(auth.currentUser);
2195 * const multiFactorSession = await multiFactorUser.getSession();
2196 *
2197 * // Send verification code.
2198 * const phoneAuthProvider = new PhoneAuthProvider(auth);
2199 * const phoneInfoOptions = {
2200 * phoneNumber: phoneNumber,
2201 * session: multiFactorSession
2202 * };
2203 * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
2204 *
2205 * // Obtain verification code from user.
2206 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
2207 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
2208 * await multiFactorUser.enroll(multiFactorAssertion);
2209 * // Second factor enrolled.
2210 * ```
2211 *
2212 * @param assertion - The multi-factor assertion to enroll with.
2213 * @param displayName - The display name of the second factor.
2214 */
2215 enroll(assertion: MultiFactorAssertion, displayName?: string | null): Promise<void>;
2216 /**
2217 * Unenrolls the specified second factor.
2218 *
2219 * @remarks
2220 * To specify the factor to remove, pass a {@link MultiFactorInfo} object (retrieved from
2221 * {@link MultiFactorUser.enrolledFactors}) or the
2222 * factor's UID string. Sessions are not revoked when the account is unenrolled. An email
2223 * notification is likely to be sent to the user notifying them of the change. Recent
2224 * re-authentication is required for this operation to succeed. When an existing factor is
2225 * unenrolled, an email notification is sent to the user’s email.
2226 *
2227 * @example
2228 * ```javascript
2229 * const multiFactorUser = multiFactor(auth.currentUser);
2230 * // Present user the option to choose which factor to unenroll.
2231 * await multiFactorUser.unenroll(multiFactorUser.enrolledFactors[i])
2232 * ```
2233 *
2234 * @param option - The multi-factor option to unenroll.
2235 * @returns - A `Promise` which resolves when the unenroll operation is complete.
2236 */
2237 unenroll(option: MultiFactorInfo | string): Promise<void>;
2238}
2239
2240declare type MutableUserInfo = {
2241 -readonly [K in keyof UserInfo]: UserInfo[K];
2242};
2243export { NextFn }
2244
2245/**
2246 * Type definition for an event callback.
2247 *
2248 * @privateRemarks TODO(avolkovi): should we consolidate with Subscribe<T> since we're changing the API anyway?
2249 *
2250 * @public
2251 */
2252export declare type NextOrObserver<T> = NextFn<T | null> | Observer<T | null>;
2253
2254/**
2255 * Represents the OAuth credentials returned by an {@link OAuthProvider}.
2256 *
2257 * @remarks
2258 * Implementations specify the details about each auth provider's credential requirements.
2259 *
2260 * @public
2261 */
2262export declare class OAuthCredential extends AuthCredential {
2263 /**
2264 * The OAuth ID token associated with the credential if it belongs to an OIDC provider,
2265 * such as `google.com`.
2266 * @readonly
2267 */
2268 idToken?: string;
2269 /**
2270 * The OAuth access token associated with the credential if it belongs to an
2271 * {@link OAuthProvider}, such as `facebook.com`, `twitter.com`, etc.
2272 * @readonly
2273 */
2274 accessToken?: string;
2275 /**
2276 * The OAuth access token secret associated with the credential if it belongs to an OAuth 1.0
2277 * provider, such as `twitter.com`.
2278 * @readonly
2279 */
2280 secret?: string;
2281 private nonce?;
2282 private pendingToken;
2283 /** @internal */
2284 static _fromParams(params: OAuthCredentialParams): OAuthCredential;
2285 /** {@inheritdoc AuthCredential.toJSON} */
2286 toJSON(): object;
2287 /**
2288 * Static method to deserialize a JSON representation of an object into an
2289 * {@link AuthCredential}.
2290 *
2291 * @param json - Input can be either Object or the stringified representation of the object.
2292 * When string is provided, JSON.parse would be called first.
2293 *
2294 * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
2295 */
2296 static fromJSON(json: string | object): OAuthCredential | null;
2297 /** @internal */
2298 _getIdTokenResponse(auth: AuthInternal): Promise<IdTokenResponse>;
2299 /** @internal */
2300 _linkToIdToken(auth: AuthInternal, idToken: string): Promise<IdTokenResponse>;
2301 /** @internal */
2302 _getReauthenticationResolver(auth: AuthInternal): Promise<IdTokenResponse>;
2303 private buildRequest;
2304}
2305
2306/**
2307 * Defines the options for initializing an {@link OAuthCredential}.
2308 *
2309 * @remarks
2310 * For ID tokens with nonce claim, the raw nonce has to also be provided.
2311 *
2312 * @public
2313 */
2314export declare interface OAuthCredentialOptions {
2315 /**
2316 * The OAuth ID token used to initialize the {@link OAuthCredential}.
2317 */
2318 idToken?: string;
2319 /**
2320 * The OAuth access token used to initialize the {@link OAuthCredential}.
2321 */
2322 accessToken?: string;
2323 /**
2324 * The raw nonce associated with the ID token.
2325 *
2326 * @remarks
2327 * It is required when an ID token with a nonce field is provided. The SHA-256 hash of the
2328 * raw nonce must match the nonce field in the ID token.
2329 */
2330 rawNonce?: string;
2331}
2332
2333declare interface OAuthCredentialParams {
2334 idToken?: string | null;
2335 accessToken?: string | null;
2336 oauthToken?: string;
2337 secret?: string;
2338 oauthTokenSecret?: string;
2339 nonce?: string;
2340 pendingToken?: string;
2341 providerId: string;
2342 signInMethod: string;
2343}
2344
2345/**
2346 * Provider for generating generic {@link OAuthCredential}.
2347 *
2348 * @example
2349 * ```javascript
2350 * // Sign in using a redirect.
2351 * const provider = new OAuthProvider('google.com');
2352 * // Start a sign in process for an unauthenticated user.
2353 * provider.addScope('profile');
2354 * provider.addScope('email');
2355 * await signInWithRedirect(auth, provider);
2356 * // This will trigger a full page redirect away from your app
2357 *
2358 * // After returning from the redirect when your app initializes you can obtain the result
2359 * const result = await getRedirectResult(auth);
2360 * if (result) {
2361 * // This is the signed-in user
2362 * const user = result.user;
2363 * // This gives you a OAuth Access Token for the provider.
2364 * const credential = provider.credentialFromResult(auth, result);
2365 * const token = credential.accessToken;
2366 * }
2367 * ```
2368 *
2369 * @example
2370 * ```javascript
2371 * // Sign in using a popup.
2372 * const provider = new OAuthProvider('google.com');
2373 * provider.addScope('profile');
2374 * provider.addScope('email');
2375 * const result = await signInWithPopup(auth, provider);
2376 *
2377 * // The signed-in user info.
2378 * const user = result.user;
2379 * // This gives you a OAuth Access Token for the provider.
2380 * const credential = provider.credentialFromResult(auth, result);
2381 * const token = credential.accessToken;
2382 * ```
2383 * @public
2384 */
2385export declare class OAuthProvider extends BaseOAuthProvider {
2386 /**
2387 * Creates an {@link OAuthCredential} from a JSON string or a plain object.
2388 * @param json - A plain object or a JSON string
2389 */
2390 static credentialFromJSON(json: object | string): OAuthCredential;
2391 /**
2392 * Creates a {@link OAuthCredential} from a generic OAuth provider's access token or ID token.
2393 *
2394 * @remarks
2395 * The raw nonce is required when an ID token with a nonce field is provided. The SHA-256 hash of
2396 * the raw nonce must match the nonce field in the ID token.
2397 *
2398 * @example
2399 * ```javascript
2400 * // `googleUser` from the onsuccess Google Sign In callback.
2401 * // Initialize a generate OAuth provider with a `google.com` providerId.
2402 * const provider = new OAuthProvider('google.com');
2403 * const credential = provider.credential({
2404 * idToken: googleUser.getAuthResponse().id_token,
2405 * });
2406 * const result = await signInWithCredential(credential);
2407 * ```
2408 *
2409 * @param params - Either the options object containing the ID token, access token and raw nonce
2410 * or the ID token string.
2411 */
2412 credential(params: OAuthCredentialOptions): OAuthCredential;
2413 /** An internal credential method that accepts more permissive options */
2414 private _credential;
2415 /**
2416 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
2417 *
2418 * @param userCredential - The user credential.
2419 */
2420 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
2421 /**
2422 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
2423 * thrown during a sign-in, link, or reauthenticate operation.
2424 *
2425 * @param userCredential - The user credential.
2426 */
2427 static credentialFromError(error: FirebaseError): OAuthCredential | null;
2428 private static oauthCredentialFromTaggedObject;
2429}
2430
2431/**
2432 * Adds an observer for changes to the user's sign-in state.
2433 *
2434 * @remarks
2435 * To keep the old behavior, see {@link onIdTokenChanged}.
2436 *
2437 * @param auth - The {@link Auth} instance.
2438 * @param nextOrObserver - callback triggered on change.
2439 * @param error - callback triggered on error.
2440 * @param completed - callback triggered when observer is removed.
2441 *
2442 * @public
2443 */
2444export declare function onAuthStateChanged(auth: Auth, nextOrObserver: NextOrObserver<User>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
2445
2446/**
2447 * Adds an observer for changes to the signed-in user's ID token, which includes sign-in,
2448 * sign-out, and token refresh events.
2449 *
2450 * @param auth - The {@link Auth} instance.
2451 * @param nextOrObserver - callback triggered on change.
2452 * @param error - callback triggered on error.
2453 * @param completed - callback triggered when observer is removed.
2454 *
2455 * @public
2456 */
2457export declare function onIdTokenChanged(auth: Auth, nextOrObserver: NextOrObserver<User>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
2458
2459/**
2460 * Enumeration of supported operation types.
2461 *
2462 * @public
2463 */
2464export declare const OperationType: {
2465 /** Operation involving linking an additional provider to an already signed-in user. */
2466 readonly LINK: "link";
2467 /** Operation involving using a provider to reauthenticate an already signed-in user. */
2468 readonly REAUTHENTICATE: "reauthenticate";
2469 /** Operation involving signing in a user. */
2470 readonly SIGN_IN: "signIn";
2471};
2472
2473/**
2474 * Parses the email action link string and returns an {@link ActionCodeURL} if
2475 * the link is valid, otherwise returns null.
2476 *
2477 * @public
2478 */
2479export declare function parseActionCodeURL(link: string): ActionCodeURL | null;
2480
2481/**
2482 * Interface representing a parsed ID token.
2483 *
2484 * @privateRemarks TODO(avolkovi): consolidate with parsed_token in implementation.
2485 *
2486 * @public
2487 */
2488export declare interface ParsedToken {
2489 /** Expiration time of the token. */
2490 'exp'?: string;
2491 /** UID of the user. */
2492 'sub'?: string;
2493 /** Time at which authentication was performed. */
2494 'auth_time'?: string;
2495 /** Issuance time of the token. */
2496 'iat'?: string;
2497 /** Firebase specific claims, containing the provider(s) used to authenticate the user. */
2498 'firebase'?: {
2499 'sign_in_provider'?: string;
2500 'sign_in_second_factor'?: string;
2501 };
2502 /** Map of any additional custom claims. */
2503 [key: string]: string | object | undefined;
2504}
2505
2506declare type PersistedBlob = Record<string, unknown>;
2507
2508/**
2509 * An interface covering the possible persistence mechanism types.
2510 *
2511 * @public
2512 */
2513export declare interface Persistence {
2514 /**
2515 * Type of Persistence.
2516 * - 'SESSION' is used for temporary persistence such as `sessionStorage`.
2517 * - 'LOCAL' is used for long term persistence such as `localStorage` or `IndexedDB`.
2518 * - 'NONE' is used for in-memory, or no persistence.
2519 */
2520 readonly type: 'SESSION' | 'LOCAL' | 'NONE';
2521}
2522</