UNPKG

41.6 kBTypeScriptView Raw
1/**
2 * @license
3 * Copyright 2019 Google LLC
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17import { FirebaseApp } from '@firebase/app';
18import { CompleteFn, ErrorFn, FirebaseError, NextFn, Observer, Unsubscribe } from '@firebase/util';
19import { FactorId as FactorIdMap, OperationType as OperationTypeMap, ActionCodeOperation as ActionCodeOperationMap } from './enum_maps';
20export { CompleteFn, ErrorFn, NextFn, Unsubscribe };
21/**
22 * Interface representing the `Auth` config.
23 *
24 * @public
25 */
26export interface Config {
27 /**
28 * The API Key used to communicate with the Firebase Auth backend.
29 */
30 apiKey: string;
31 /**
32 * The host at which the Firebase Auth backend is running.
33 */
34 apiHost: string;
35 /**
36 * The scheme used to communicate with the Firebase Auth backend.
37 */
38 apiScheme: string;
39 /**
40 * The host at which the Secure Token API is running.
41 */
42 tokenApiHost: string;
43 /**
44 * The SDK Client Version.
45 */
46 sdkClientVersion: string;
47 /**
48 * The domain at which the web widgets are hosted (provided via Firebase Config).
49 */
50 authDomain?: string;
51}
52/**
53 * Interface representing reCAPTCHA parameters.
54 *
55 * See the [reCAPTCHA docs](https://developers.google.com/recaptcha/docs/display#render_param)
56 * for the list of accepted parameters. All parameters are accepted except for `sitekey`: Firebase Auth
57 * provisions a reCAPTCHA for each project and will configure the site key upon rendering.
58 *
59 * For an invisible reCAPTCHA, set the `size` key to `invisible`.
60 *
61 * @public
62 */
63export interface RecaptchaParameters {
64 [key: string]: any;
65}
66/**
67 * Interface representing a parsed ID token.
68 *
69 * @privateRemarks TODO(avolkovi): consolidate with parsed_token in implementation.
70 *
71 * @public
72 */
73export interface ParsedToken {
74 /** Expiration time of the token. */
75 'exp'?: string;
76 /** UID of the user. */
77 'sub'?: string;
78 /** Time at which authentication was performed. */
79 'auth_time'?: string;
80 /** Issuance time of the token. */
81 'iat'?: string;
82 /** Firebase specific claims, containing the provider(s) used to authenticate the user. */
83 'firebase'?: {
84 'sign_in_provider'?: string;
85 'sign_in_second_factor'?: string;
86 };
87 /** Map of any additional custom claims. */
88 [key: string]: string | object | undefined;
89}
90/**
91 * Type definition for an event callback.
92 *
93 * @privateRemarks TODO(avolkovi): should we consolidate with Subscribe<T> since we're changing the API anyway?
94 *
95 * @public
96 */
97export declare type NextOrObserver<T> = NextFn<T | null> | Observer<T | null>;
98/**
99 * Interface for an `Auth` error.
100 *
101 * @public
102 */
103export interface AuthError extends FirebaseError {
104 /** Details about the Firebase Auth error. */
105 readonly customData: {
106 /** The name of the Firebase App which triggered this error. */
107 readonly appName: string;
108 /** The email address of the user's account, used for sign-in and linking. */
109 readonly email?: string;
110 /** The phone number of the user's account, used for sign-in and linking. */
111 readonly phoneNumber?: string;
112 /**
113 * The tenant ID being used for sign-in and linking.
114 *
115 * @remarks
116 * If you use {@link signInWithRedirect} to sign in,
117 * you have to set the tenant ID on the {@link Auth} instance again as the tenant ID is not persisted
118 * after redirection.
119 */
120 readonly tenantId?: string;
121 };
122}
123/**
124 * Interface representing an {@link Auth} instance's settings.
125 *
126 * @remarks Currently used for enabling/disabling app verification for phone Auth testing.
127 *
128 * @public
129 */
130export interface AuthSettings {
131 /**
132 * When set, this property disables app verification for the purpose of testing phone
133 * authentication. For this property to take effect, it needs to be set before rendering a
134 * reCAPTCHA app verifier. When this is disabled, a mock reCAPTCHA is rendered instead. This is
135 * useful for manual testing during development or for automated integration tests.
136 *
137 * In order to use this feature, you will need to
138 * {@link https://firebase.google.com/docs/auth/web/phone-auth#test-with-whitelisted-phone-numbers | whitelist your phone number}
139 * via the Firebase Console.
140 *
141 * The default value is false (app verification is enabled).
142 */
143 appVerificationDisabledForTesting: boolean;
144}
145/**
146 * Interface representing Firebase Auth service.
147 *
148 * @remarks
149 * See {@link https://firebase.google.com/docs/auth/ | Firebase Authentication} for a full guide
150 * on how to use the Firebase Auth service.
151 *
152 * @public
153 */
154export interface Auth {
155 /** The {@link @firebase/app#FirebaseApp} associated with the `Auth` service instance. */
156 readonly app: FirebaseApp;
157 /** The name of the app associated with the `Auth` service instance. */
158 readonly name: string;
159 /** The {@link Config} used to initialize this instance. */
160 readonly config: Config;
161 /**
162 * Changes the type of persistence on the `Auth` instance.
163 *
164 * @remarks
165 * This will affect the currently saved Auth session and applies this type of persistence for
166 * future sign-in requests, including sign-in with redirect requests.
167 *
168 * This makes it easy for a user signing in to specify whether their session should be
169 * remembered or not. It also makes it easier to never persist the Auth state for applications
170 * that are shared by other users or have sensitive data.
171 *
172 * @example
173 * ```javascript
174 * auth.setPersistence(browserSessionPersistence);
175 * ```
176 *
177 * @param persistence - The {@link Persistence} to use.
178 */
179 setPersistence(persistence: Persistence): Promise<void>;
180 /**
181 * The {@link Auth} instance's language code.
182 *
183 * @remarks
184 * This is a readable/writable property. When set to null, the default Firebase Console language
185 * setting is applied. The language code will propagate to email action templates (password
186 * reset, email verification and email change revocation), SMS templates for phone authentication,
187 * reCAPTCHA verifier and OAuth popup/redirect operations provided the specified providers support
188 * localization with the language code specified.
189 */
190 languageCode: string | null;
191 /**
192 * The {@link Auth} instance's tenant ID.
193 *
194 * @remarks
195 * This is a readable/writable property. When you set the tenant ID of an {@link Auth} instance, all
196 * future sign-in/sign-up operations will pass this tenant ID and sign in or sign up users to
197 * the specified tenant project. When set to null, users are signed in to the parent project.
198 *
199 * @example
200 * ```javascript
201 * // Set the tenant ID on Auth instance.
202 * auth.tenantId = 'TENANT_PROJECT_ID';
203 *
204 * // All future sign-in request now include tenant ID.
205 * const result = await signInWithEmailAndPassword(auth, email, password);
206 * // result.user.tenantId should be 'TENANT_PROJECT_ID'.
207 * ```
208 *
209 * @defaultValue null
210 */
211 tenantId: string | null;
212 /**
213 * The {@link Auth} instance's settings.
214 *
215 * @remarks
216 * This is used to edit/read configuration related options such as app verification mode for
217 * phone authentication.
218 */
219 readonly settings: AuthSettings;
220 /**
221 * Adds an observer for changes to the user's sign-in state.
222 *
223 * @remarks
224 * To keep the old behavior, see {@link Auth.onIdTokenChanged}.
225 *
226 * @param nextOrObserver - callback triggered on change.
227 * @param error - callback triggered on error.
228 * @param completed - callback triggered when observer is removed.
229 */
230 onAuthStateChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
231 /**
232 * Adds a blocking callback that runs before an auth state change
233 * sets a new user.
234 *
235 * @param callback - callback triggered before new user value is set.
236 * If this throws, it blocks the user from being set.
237 * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
238 * callback throws, allowing you to undo any side effects.
239 */
240 beforeAuthStateChanged(callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
241 /**
242 * Adds an observer for changes to the signed-in user's ID token.
243 *
244 * @remarks
245 * This includes sign-in, sign-out, and token refresh events.
246 *
247 * @param nextOrObserver - callback triggered on change.
248 * @param error - callback triggered on error.
249 * @param completed - callback triggered when observer is removed.
250 */
251 onIdTokenChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
252 /** The currently signed-in user (or null). */
253 readonly currentUser: User | null;
254 /** The current emulator configuration (or null). */
255 readonly emulatorConfig: EmulatorConfig | null;
256 /**
257 * Asynchronously sets the provided user as {@link Auth.currentUser} on the {@link Auth} instance.
258 *
259 * @remarks
260 * A new instance copy of the user provided will be made and set as currentUser.
261 *
262 * This will trigger {@link Auth.onAuthStateChanged} and {@link Auth.onIdTokenChanged} listeners
263 * like other sign in methods.
264 *
265 * The operation fails with an error if the user to be updated belongs to a different Firebase
266 * project.
267 *
268 * @param user - The new {@link User}.
269 */
270 updateCurrentUser(user: User | null): Promise<void>;
271 /**
272 * Sets the current language to the default device/browser preference.
273 */
274 useDeviceLanguage(): void;
275 /**
276 * Signs out the current user.
277 */
278 signOut(): Promise<void>;
279}
280/**
281 * An interface covering the possible persistence mechanism types.
282 *
283 * @public
284 */
285export interface Persistence {
286 /**
287 * Type of Persistence.
288 * - 'SESSION' is used for temporary persistence such as `sessionStorage`.
289 * - 'LOCAL' is used for long term persistence such as `localStorage` or `IndexedDB`.
290 * - 'NONE' is used for in-memory, or no persistence.
291 */
292 readonly type: 'SESSION' | 'LOCAL' | 'NONE';
293}
294/**
295 * Interface representing ID token result obtained from {@link User.getIdTokenResult}.
296 *
297 * @remarks
298 * `IdTokenResult` contains the ID token JWT string and other helper properties for getting different data
299 * associated with the token as well as all the decoded payload claims.
300 *
301 * Note that these claims are not to be trusted as they are parsed client side. Only server side
302 * verification can guarantee the integrity of the token claims.
303 *
304 * @public
305 */
306export interface IdTokenResult {
307 /**
308 * The authentication time formatted as a UTC string.
309 *
310 * @remarks
311 * This is the time the user authenticated (signed in) and not the time the token was refreshed.
312 */
313 authTime: string;
314 /** The ID token expiration time formatted as a UTC string. */
315 expirationTime: string;
316 /** The ID token issuance time formatted as a UTC string. */
317 issuedAtTime: string;
318 /**
319 * The sign-in provider through which the ID token was obtained (anonymous, custom, phone,
320 * password, etc).
321 *
322 * @remarks
323 * Note, this does not map to provider IDs.
324 */
325 signInProvider: string | null;
326 /**
327 * The type of second factor associated with this session, provided the user was multi-factor
328 * authenticated (eg. phone, etc).
329 */
330 signInSecondFactor: string | null;
331 /** The Firebase Auth ID token JWT string. */
332 token: string;
333 /**
334 * The entire payload claims of the ID token including the standard reserved claims as well as
335 * the custom claims.
336 */
337 claims: ParsedToken;
338}
339/**
340 * A response from {@link checkActionCode}.
341 *
342 * @public
343 */
344export interface ActionCodeInfo {
345 /**
346 * The data associated with the action code.
347 *
348 * @remarks
349 * For the {@link ActionCodeOperation}.PASSWORD_RESET, {@link ActionCodeOperation}.VERIFY_EMAIL, and
350 * {@link ActionCodeOperation}.RECOVER_EMAIL actions, this object contains an email field with the address
351 * the email was sent to.
352 *
353 * For the {@link ActionCodeOperation}.RECOVER_EMAIL action, which allows a user to undo an email address
354 * change, this object also contains a `previousEmail` field with the user account's current
355 * email address. After the action completes, the user's email address will revert to the value
356 * in the `email` field from the value in `previousEmail` field.
357 *
358 * For the {@link ActionCodeOperation}.VERIFY_AND_CHANGE_EMAIL action, which allows a user to verify the
359 * email before updating it, this object contains a `previousEmail` field with the user account's
360 * email address before updating. After the action completes, the user's email address will be
361 * updated to the value in the `email` field from the value in `previousEmail` field.
362 *
363 * For the {@link ActionCodeOperation}.REVERT_SECOND_FACTOR_ADDITION action, which allows a user to
364 * unenroll a newly added second factor, this object contains a `multiFactorInfo` field with
365 * the information about the second factor. For phone second factor, the `multiFactorInfo`
366 * is a {@link MultiFactorInfo} object, which contains the phone number.
367 */
368 data: {
369 email?: string | null;
370 multiFactorInfo?: MultiFactorInfo | null;
371 previousEmail?: string | null;
372 };
373 /**
374 * The type of operation that generated the action code.
375 */
376 operation: typeof ActionCodeOperationMap[keyof typeof ActionCodeOperationMap];
377}
378/**
379 * An enumeration of the possible email action types.
380 *
381 * @internal
382 */
383export declare const enum ActionCodeOperation {
384 /** The email link sign-in action. */
385 EMAIL_SIGNIN = "EMAIL_SIGNIN",
386 /** The password reset action. */
387 PASSWORD_RESET = "PASSWORD_RESET",
388 /** The email revocation action. */
389 RECOVER_EMAIL = "RECOVER_EMAIL",
390 /** The revert second factor addition email action. */
391 REVERT_SECOND_FACTOR_ADDITION = "REVERT_SECOND_FACTOR_ADDITION",
392 /** The revert second factor addition email action. */
393 VERIFY_AND_CHANGE_EMAIL = "VERIFY_AND_CHANGE_EMAIL",
394 /** The email verification action. */
395 VERIFY_EMAIL = "VERIFY_EMAIL"
396}
397/**
398 * An interface that defines the required continue/state URL with optional Android and iOS
399 * bundle identifiers.
400 *
401 * @public
402 */
403export interface ActionCodeSettings {
404 /**
405 * Sets the Android package name.
406 *
407 * @remarks
408 * This will try to open the link in an android app if it is
409 * installed. If `installApp` is passed, it specifies whether to install the Android app if the
410 * device supports it and the app is not already installed. If this field is provided without
411 * a `packageName`, an error is thrown explaining that the `packageName` must be provided in
412 * conjunction with this field. If `minimumVersion` is specified, and an older version of the
413 * app is installed, the user is taken to the Play Store to upgrade the app.
414 */
415 android?: {
416 installApp?: boolean;
417 minimumVersion?: string;
418 packageName: string;
419 };
420 /**
421 * When set to true, the action code link will be be sent as a Universal Link or Android App
422 * Link and will be opened by the app if installed.
423 *
424 * @remarks
425 * In the false case, the code will be sent to the web widget first and then on continue will
426 * redirect to the app if installed.
427 *
428 * @defaultValue false
429 */
430 handleCodeInApp?: boolean;
431 /**
432 * Sets the iOS bundle ID.
433 *
434 * @remarks
435 * This will try to open the link in an iOS app if it is installed.
436 *
437 * App installation is not supported for iOS.
438 */
439 iOS?: {
440 bundleId: string;
441 };
442 /**
443 * Sets the link continue/state URL.
444 *
445 * @remarks
446 * This has different meanings in different contexts:
447 * - When the link is handled in the web action widgets, this is the deep link in the
448 * `continueUrl` query parameter.
449 * - When the link is handled in the app directly, this is the `continueUrl` query parameter in
450 * the deep link of the Dynamic Link.
451 */
452 url: string;
453 /**
454 * When multiple custom dynamic link domains are defined for a project, specify which one to use
455 * when the link is to be opened via a specified mobile app (for example, `example.page.link`).
456 *
457 *
458 * @defaultValue The first domain is automatically selected.
459 */
460 dynamicLinkDomain?: string;
461}
462/**
463 * A verifier for domain verification and abuse prevention.
464 *
465 * @remarks
466 * Currently, the only implementation is {@link RecaptchaVerifier}.
467 *
468 * @public
469 */
470export interface ApplicationVerifier {
471 /**
472 * Identifies the type of application verifier (e.g. "recaptcha").
473 */
474 readonly type: string;
475 /**
476 * Executes the verification process.
477 *
478 * @returns A Promise for a token that can be used to assert the validity of a request.
479 */
480 verify(): Promise<string>;
481}
482/**
483 * Interface that represents an auth provider, used to facilitate creating {@link AuthCredential}.
484 *
485 * @public
486 */
487export interface AuthProvider {
488 /**
489 * Provider for which credentials can be constructed.
490 */
491 readonly providerId: string;
492}
493/**
494 * An enum of factors that may be used for multifactor authentication.
495 *
496 * @internal
497 */
498export declare const enum FactorId {
499 /** Phone as second factor */
500 PHONE = "phone"
501}
502/**
503 * A result from a phone number sign-in, link, or reauthenticate call.
504 *
505 * @public
506 */
507export interface ConfirmationResult {
508 /**
509 * The phone number authentication operation's verification ID.
510 *
511 * @remarks
512 * This can be used along with the verification code to initialize a
513 * {@link PhoneAuthCredential}.
514 */
515 readonly verificationId: string;
516 /**
517 * Finishes a phone number sign-in, link, or reauthentication.
518 *
519 * @example
520 * ```javascript
521 * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
522 * // Obtain verificationCode from the user.
523 * const userCredential = await confirmationResult.confirm(verificationCode);
524 * ```
525 *
526 * @param verificationCode - The code that was sent to the user's mobile device.
527 */
528 confirm(verificationCode: string): Promise<UserCredential>;
529}
530/**
531 * The base class for asserting ownership of a second factor.
532 *
533 * @remarks
534 * This is used to facilitate enrollment of a second factor on an existing user or sign-in of a
535 * user who already verified the first factor.
536 *
537 * @public
538 */
539export interface MultiFactorAssertion {
540 /** The identifier of the second factor. */
541 readonly factorId: typeof FactorIdMap[keyof typeof FactorIdMap];
542}
543/**
544 * The error thrown when the user needs to provide a second factor to sign in successfully.
545 *
546 * @remarks
547 * The error code for this error is `auth/multi-factor-auth-required`.
548 *
549 * @example
550 * ```javascript
551 * let resolver;
552 * let multiFactorHints;
553 *
554 * signInWithEmailAndPassword(auth, email, password)
555 * .then((result) => {
556 * // User signed in. No 2nd factor challenge is needed.
557 * })
558 * .catch((error) => {
559 * if (error.code == 'auth/multi-factor-auth-required') {
560 * resolver = getMultiFactorResolver(auth, error);
561 * multiFactorHints = resolver.hints;
562 * } else {
563 * // Handle other errors.
564 * }
565 * });
566 *
567 * // Obtain a multiFactorAssertion by verifying the second factor.
568 *
569 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
570 * ```
571 *
572 * @public
573 */
574export interface MultiFactorError extends AuthError {
575 /** Details about the MultiFactorError. */
576 readonly customData: AuthError['customData'] & {
577 /**
578 * The type of operation (sign-in, linking, or re-authentication) that raised the error.
579 */
580 readonly operationType: typeof OperationTypeMap[keyof typeof OperationTypeMap];
581 };
582}
583/**
584 * A structure containing the information of a second factor entity.
585 *
586 * @public
587 */
588export interface MultiFactorInfo {
589 /** The multi-factor enrollment ID. */
590 readonly uid: string;
591 /** The user friendly name of the current second factor. */
592 readonly displayName?: string | null;
593 /** The enrollment date of the second factor formatted as a UTC string. */
594 readonly enrollmentTime: string;
595 /** The identifier of the second factor. */
596 readonly factorId: typeof FactorIdMap[keyof typeof FactorIdMap];
597}
598/**
599 * The subclass of the {@link MultiFactorInfo} interface for phone number
600 * second factors. The `factorId` of this second factor is {@link FactorId}.PHONE.
601 * @public
602 */
603export interface PhoneMultiFactorInfo extends MultiFactorInfo {
604 /** The phone number associated with the current second factor. */
605 readonly phoneNumber: string;
606}
607/**
608 * The class used to facilitate recovery from {@link MultiFactorError} when a user needs to
609 * provide a second factor to sign in.
610 *
611 * @example
612 * ```javascript
613 * let resolver;
614 * let multiFactorHints;
615 *
616 * signInWithEmailAndPassword(auth, email, password)
617 * .then((result) => {
618 * // User signed in. No 2nd factor challenge is needed.
619 * })
620 * .catch((error) => {
621 * if (error.code == 'auth/multi-factor-auth-required') {
622 * resolver = getMultiFactorResolver(auth, error);
623 * // Show UI to let user select second factor.
624 * multiFactorHints = resolver.hints;
625 * } else {
626 * // Handle other errors.
627 * }
628 * });
629 *
630 * // The enrolled second factors that can be used to complete
631 * // sign-in are returned in the `MultiFactorResolver.hints` list.
632 * // UI needs to be presented to allow the user to select a second factor
633 * // from that list.
634 *
635 * const selectedHint = // ; selected from multiFactorHints
636 * const phoneAuthProvider = new PhoneAuthProvider(auth);
637 * const phoneInfoOptions = {
638 * multiFactorHint: selectedHint,
639 * session: resolver.session
640 * };
641 * const verificationId = phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
642 * // Store `verificationId` and show UI to let user enter verification code.
643 *
644 * // UI to enter verification code and continue.
645 * // Continue button click handler
646 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
647 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
648 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
649 * ```
650 *
651 * @public
652 */
653export interface MultiFactorResolver {
654 /**
655 * The list of hints for the second factors needed to complete the sign-in for the current
656 * session.
657 */
658 readonly hints: MultiFactorInfo[];
659 /**
660 * The session identifier for the current sign-in flow, which can be used to complete the second
661 * factor sign-in.
662 */
663 readonly session: MultiFactorSession;
664 /**
665 * A helper function to help users complete sign in with a second factor using an
666 * {@link MultiFactorAssertion} confirming the user successfully completed the second factor
667 * challenge.
668 *
669 * @example
670 * ```javascript
671 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
672 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
673 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
674 * ```
675 *
676 * @param assertion - The multi-factor assertion to resolve sign-in with.
677 * @returns The promise that resolves with the user credential object.
678 */
679 resolveSignIn(assertion: MultiFactorAssertion): Promise<UserCredential>;
680}
681/**
682 * An interface defining the multi-factor session object used for enrolling a second factor on a
683 * user or helping sign in an enrolled user with a second factor.
684 *
685 * @public
686 */
687export interface MultiFactorSession {
688}
689/**
690 * An interface that defines the multi-factor related properties and operations pertaining
691 * to a {@link User}.
692 *
693 * @public
694 */
695export interface MultiFactorUser {
696 /** Returns a list of the user's enrolled second factors. */
697 readonly enrolledFactors: MultiFactorInfo[];
698 /**
699 * Returns the session identifier for a second factor enrollment operation. This is used to
700 * identify the user trying to enroll a second factor.
701 *
702 * @example
703 * ```javascript
704 * const multiFactorUser = multiFactor(auth.currentUser);
705 * const multiFactorSession = await multiFactorUser.getSession();
706 *
707 * // Send verification code.
708 * const phoneAuthProvider = new PhoneAuthProvider(auth);
709 * const phoneInfoOptions = {
710 * phoneNumber: phoneNumber,
711 * session: multiFactorSession
712 * };
713 * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
714 *
715 * // Obtain verification code from user.
716 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
717 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
718 * await multiFactorUser.enroll(multiFactorAssertion);
719 * ```
720 *
721 * @returns The promise that resolves with the {@link MultiFactorSession}.
722 */
723 getSession(): Promise<MultiFactorSession>;
724 /**
725 *
726 * Enrolls a second factor as identified by the {@link MultiFactorAssertion} for the
727 * user.
728 *
729 * @remarks
730 * On resolution, the user tokens are updated to reflect the change in the JWT payload.
731 * Accepts an additional display name parameter used to identify the second factor to the end
732 * user. Recent re-authentication is required for this operation to succeed. On successful
733 * enrollment, existing Firebase sessions (refresh tokens) are revoked. When a new factor is
734 * enrolled, an email notification is sent to the user’s email.
735 *
736 * @example
737 * ```javascript
738 * const multiFactorUser = multiFactor(auth.currentUser);
739 * const multiFactorSession = await multiFactorUser.getSession();
740 *
741 * // Send verification code.
742 * const phoneAuthProvider = new PhoneAuthProvider(auth);
743 * const phoneInfoOptions = {
744 * phoneNumber: phoneNumber,
745 * session: multiFactorSession
746 * };
747 * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
748 *
749 * // Obtain verification code from user.
750 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
751 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
752 * await multiFactorUser.enroll(multiFactorAssertion);
753 * // Second factor enrolled.
754 * ```
755 *
756 * @param assertion - The multi-factor assertion to enroll with.
757 * @param displayName - The display name of the second factor.
758 */
759 enroll(assertion: MultiFactorAssertion, displayName?: string | null): Promise<void>;
760 /**
761 * Unenrolls the specified second factor.
762 *
763 * @remarks
764 * To specify the factor to remove, pass a {@link MultiFactorInfo} object (retrieved from
765 * {@link MultiFactorUser.enrolledFactors}) or the
766 * factor's UID string. Sessions are not revoked when the account is unenrolled. An email
767 * notification is likely to be sent to the user notifying them of the change. Recent
768 * re-authentication is required for this operation to succeed. When an existing factor is
769 * unenrolled, an email notification is sent to the user’s email.
770 *
771 * @example
772 * ```javascript
773 * const multiFactorUser = multiFactor(auth.currentUser);
774 * // Present user the option to choose which factor to unenroll.
775 * await multiFactorUser.unenroll(multiFactorUser.enrolledFactors[i])
776 * ```
777 *
778 * @param option - The multi-factor option to unenroll.
779 * @returns - A `Promise` which resolves when the unenroll operation is complete.
780 */
781 unenroll(option: MultiFactorInfo | string): Promise<void>;
782}
783/**
784 * The class for asserting ownership of a phone second factor. Provided by
785 * {@link PhoneMultiFactorGenerator.assertion}.
786 *
787 * @public
788 */
789export interface PhoneMultiFactorAssertion extends MultiFactorAssertion {
790}
791/**
792 * The information required to verify the ownership of a phone number.
793 *
794 * @remarks
795 * The information that's required depends on whether you are doing single-factor sign-in,
796 * multi-factor enrollment or multi-factor sign-in.
797 *
798 * @public
799 */
800export declare type PhoneInfoOptions = PhoneSingleFactorInfoOptions | PhoneMultiFactorEnrollInfoOptions | PhoneMultiFactorSignInInfoOptions;
801/**
802 * Options used for single-factor sign-in.
803 *
804 * @public
805 */
806export interface PhoneSingleFactorInfoOptions {
807 /** Phone number to send a verification code to. */
808 phoneNumber: string;
809}
810/**
811 * Options used for enrolling a second factor.
812 *
813 * @public
814 */
815export interface PhoneMultiFactorEnrollInfoOptions {
816 /** Phone number to send a verification code to. */
817 phoneNumber: string;
818 /** The {@link MultiFactorSession} obtained via {@link MultiFactorUser.getSession}. */
819 session: MultiFactorSession;
820}
821/**
822 * Options used for signing in with a second factor.
823 *
824 * @public
825 */
826export interface PhoneMultiFactorSignInInfoOptions {
827 /**
828 * The {@link MultiFactorInfo} obtained via {@link MultiFactorResolver.hints}.
829 *
830 * One of `multiFactorHint` or `multiFactorUid` is required.
831 */
832 multiFactorHint?: MultiFactorInfo;
833 /**
834 * The uid of the second factor.
835 *
836 * One of `multiFactorHint` or `multiFactorUid` is required.
837 */
838 multiFactorUid?: string;
839 /** The {@link MultiFactorSession} obtained via {@link MultiFactorResolver.session}. */
840 session: MultiFactorSession;
841}
842/**
843 * Interface for a supplied `AsyncStorage`.
844 *
845 * @public
846 */
847export interface ReactNativeAsyncStorage {
848 /**
849 * Persist an item in storage.
850 *
851 * @param key - storage key.
852 * @param value - storage value.
853 */
854 setItem(key: string, value: string): Promise<void>;
855 /**
856 * Retrieve an item from storage.
857 *
858 * @param key - storage key.
859 */
860 getItem(key: string): Promise<string | null>;
861 /**
862 * Remove an item from storage.
863 *
864 * @param key - storage key.
865 */
866 removeItem(key: string): Promise<void>;
867}
868/**
869 * A user account.
870 *
871 * @public
872 */
873export interface User extends UserInfo {
874 /**
875 * Whether the email has been verified with {@link sendEmailVerification} and
876 * {@link applyActionCode}.
877 */
878 readonly emailVerified: boolean;
879 /**
880 * Whether the user is authenticated using the {@link ProviderId}.ANONYMOUS provider.
881 */
882 readonly isAnonymous: boolean;
883 /**
884 * Additional metadata around user creation and sign-in times.
885 */
886 readonly metadata: UserMetadata;
887 /**
888 * Additional per provider such as displayName and profile information.
889 */
890 readonly providerData: UserInfo[];
891 /**
892 * Refresh token used to reauthenticate the user. Avoid using this directly and prefer
893 * {@link User.getIdToken} to refresh the ID token instead.
894 */
895 readonly refreshToken: string;
896 /**
897 * The user's tenant ID.
898 *
899 * @remarks
900 * This is a read-only property, which indicates the tenant ID
901 * used to sign in the user. This is null if the user is signed in from the parent
902 * project.
903 *
904 * @example
905 * ```javascript
906 * // Set the tenant ID on Auth instance.
907 * auth.tenantId = 'TENANT_PROJECT_ID';
908 *
909 * // All future sign-in request now include tenant ID.
910 * const result = await signInWithEmailAndPassword(auth, email, password);
911 * // result.user.tenantId should be 'TENANT_PROJECT_ID'.
912 * ```
913 */
914 readonly tenantId: string | null;
915 /**
916 * Deletes and signs out the user.
917 *
918 * @remarks
919 * Important: this is a security-sensitive operation that requires the user to have recently
920 * signed in. If this requirement isn't met, ask the user to authenticate again and then call
921 * one of the reauthentication methods like {@link reauthenticateWithCredential}.
922 */
923 delete(): Promise<void>;
924 /**
925 * Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.
926 *
927 * @remarks
928 * Returns the current token if it has not expired or if it will not expire in the next five
929 * minutes. Otherwise, this will refresh the token and return a new one.
930 *
931 * @param forceRefresh - Force refresh regardless of token expiration.
932 */
933 getIdToken(forceRefresh?: boolean): Promise<string>;
934 /**
935 * Returns a deserialized JSON Web Token (JWT) used to identitfy the user to a Firebase service.
936 *
937 * @remarks
938 * Returns the current token if it has not expired or if it will not expire in the next five
939 * minutes. Otherwise, this will refresh the token and return a new one.
940 *
941 * @param forceRefresh - Force refresh regardless of token expiration.
942 */
943 getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult>;
944 /**
945 * Refreshes the user, if signed in.
946 */
947 reload(): Promise<void>;
948 /**
949 * Returns a JSON-serializable representation of this object.
950 *
951 * @returns A JSON-serializable representation of this object.
952 */
953 toJSON(): object;
954}
955/**
956 * A structure containing a {@link User}, the {@link OperationType}, and the provider ID.
957 *
958 * @remarks
959 * `operationType` could be {@link OperationType}.SIGN_IN for a sign-in operation,
960 * {@link OperationType}.LINK for a linking operation and {@link OperationType}.REAUTHENTICATE for
961 * a reauthentication operation.
962 *
963 * @public
964 */
965export interface UserCredential {
966 /**
967 * The user authenticated by this credential.
968 */
969 user: User;
970 /**
971 * The provider which was used to authenticate the user.
972 */
973 providerId: string | null;
974 /**
975 * The type of operation which was used to authenticate the user (such as sign-in or link).
976 */
977 operationType: typeof OperationTypeMap[keyof typeof OperationTypeMap];
978}
979/**
980 * User profile information, visible only to the Firebase project's apps.
981 *
982 * @public
983 */
984export interface UserInfo {
985 /**
986 * The display name of the user.
987 */
988 readonly displayName: string | null;
989 /**
990 * The email of the user.
991 */
992 readonly email: string | null;
993 /**
994 * The phone number normalized based on the E.164 standard (e.g. +16505550101) for the
995 * user.
996 *
997 * @remarks
998 * This is null if the user has no phone credential linked to the account.
999 */
1000 readonly phoneNumber: string | null;
1001 /**
1002 * The profile photo URL of the user.
1003 */
1004 readonly photoURL: string | null;
1005 /**
1006 * The provider used to authenticate the user.
1007 */
1008 readonly providerId: string;
1009 /**
1010 * The user's unique ID, scoped to the project.
1011 */
1012 readonly uid: string;
1013}
1014/**
1015 * Interface representing a user's metadata.
1016 *
1017 * @public
1018 */
1019export interface UserMetadata {
1020 /** Time the user was created. */
1021 readonly creationTime?: string;
1022 /** Time the user last signed in. */
1023 readonly lastSignInTime?: string;
1024}
1025/**
1026 * A structure containing additional user information from a federated identity provider.
1027 *
1028 * @public
1029 */
1030export interface AdditionalUserInfo {
1031 /**
1032 * Whether the user is new (created via sign-up) or existing (authenticated using sign-in).
1033 */
1034 readonly isNewUser: boolean;
1035 /**
1036 * Map containing IDP-specific user data.
1037 */
1038 readonly profile: Record<string, unknown> | null;
1039 /**
1040 * Identifier for the provider used to authenticate this user.
1041 */
1042 readonly providerId: string | null;
1043 /**
1044 * The username if the provider is GitHub or Twitter.
1045 */
1046 readonly username?: string | null;
1047}
1048/**
1049 * User profile used in {@link AdditionalUserInfo}.
1050 *
1051 * @public
1052 */
1053export declare type UserProfile = Record<string, unknown>;
1054/**
1055 * A resolver used for handling DOM specific operations like {@link signInWithPopup}
1056 * or {@link signInWithRedirect}.
1057 *
1058 * @public
1059 */
1060export interface PopupRedirectResolver {
1061}
1062declare module '@firebase/component' {
1063 interface NameServiceMapping {
1064 'auth': Auth;
1065 }
1066}
1067/**
1068 * Configuration of Firebase Authentication Emulator.
1069 * @public
1070 */
1071export interface EmulatorConfig {
1072 /**
1073 * The protocol used to communicate with the emulator ("http"/"https").
1074 */
1075 readonly protocol: string;
1076 /**
1077 * The hostname of the emulator, which may be a domain ("localhost"), IPv4 address ("127.0.0.1")
1078 * or quoted IPv6 address ("[::1]").
1079 */
1080 readonly host: string;
1081 /**
1082 * The port of the emulator, or null if port isn't specified (i.e. protocol default).
1083 */
1084 readonly port: number | null;
1085 /**
1086 * The emulator-specific options.
1087 */
1088 readonly options: {
1089 /**
1090 * Whether the warning banner attached to the DOM was disabled.
1091 */
1092 readonly disableWarnings: boolean;
1093 };
1094}
1095/**
1096 * A mapping of error codes to error messages.
1097 *
1098 * @remarks
1099 *
1100 * While error messages are useful for debugging (providing verbose textual
1101 * context around what went wrong), these strings take up a lot of space in the
1102 * compiled code. When deploying code in production, using {@link prodErrorMap}
1103 * will save you roughly 10k compressed/gzipped over {@link debugErrorMap}. You
1104 * can select the error map during initialization:
1105 *
1106 * ```javascript
1107 * initializeAuth(app, {errorMap: debugErrorMap})
1108 * ```
1109 *
1110 * When initializing Auth, {@link prodErrorMap} is default.
1111 *
1112 * @public
1113 */
1114export interface AuthErrorMap {
1115}
1116/**
1117 * The dependencies that can be used to initialize an {@link Auth} instance.
1118 *
1119 * @remarks
1120 *
1121 * The modular SDK enables tree shaking by allowing explicit declarations of
1122 * dependencies. For example, a web app does not need to include code that
1123 * enables Cordova redirect sign in. That functionality is therefore split into
1124 * {@link browserPopupRedirectResolver} and
1125 * {@link cordovaPopupRedirectResolver}. The dependencies object is how Auth is
1126 * configured to reduce bundle sizes.
1127 *
1128 * There are two ways to initialize an {@link Auth} instance: {@link getAuth} and
1129 * {@link initializeAuth}. `getAuth` initializes everything using
1130 * platform-specific configurations, while `initializeAuth` takes a
1131 * `Dependencies` object directly, giving you more control over what is used.
1132 *
1133 * @public
1134 */
1135export interface Dependencies {
1136 /**
1137 * Which {@link Persistence} to use. If this is an array, the first
1138 * `Persistence` that the device supports is used. The SDK searches for an
1139 * existing account in order and, if one is found in a secondary
1140 * `Persistence`, the account is moved to the primary `Persistence`.
1141 *
1142 * If no persistence is provided, the SDK falls back on
1143 * {@link inMemoryPersistence}.
1144 */
1145 persistence?: Persistence | Persistence[];
1146 /**
1147 * The {@link PopupRedirectResolver} to use. This value depends on the
1148 * platform. Options are {@link browserPopupRedirectResolver} and
1149 * {@link cordovaPopupRedirectResolver}. This field is optional if neither
1150 * {@link signInWithPopup} or {@link signInWithRedirect} are being used.
1151 */
1152 popupRedirectResolver?: PopupRedirectResolver;
1153 /**
1154 * Which {@link AuthErrorMap} to use.
1155 */
1156 errorMap?: AuthErrorMap;
1157}