1 | /**
|
2 | * @license
|
3 | * Copyright 2019 Google LLC
|
4 | *
|
5 | * Licensed under the Apache License, Version 2.0 (the "License");
|
6 | * you may not use this file except in compliance with the License.
|
7 | * You may obtain a copy of the License at
|
8 | *
|
9 | * http://www.apache.org/licenses/LICENSE-2.0
|
10 | *
|
11 | * Unless required by applicable law or agreed to in writing, software
|
12 | * distributed under the License is distributed on an "AS IS" BASIS,
|
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14 | * See the License for the specific language governing permissions and
|
15 | * limitations under the License.
|
16 | */
|
17 | import { FirebaseApp } from '@firebase/app';
|
18 | import { CompleteFn, ErrorFn, FirebaseError, NextFn, Observer, Unsubscribe } from '@firebase/util';
|
19 | import { FactorId as FactorIdMap, OperationType as OperationTypeMap, ActionCodeOperation as ActionCodeOperationMap } from './enum_maps';
|
20 | export { CompleteFn, ErrorFn, NextFn, Unsubscribe };
|
21 | /**
|
22 | * Interface representing the `Auth` config.
|
23 | *
|
24 | * @public
|
25 | */
|
26 | export interface Config {
|
27 | /**
|
28 | * The API Key used to communicate with the Firebase Auth backend.
|
29 | */
|
30 | apiKey: string;
|
31 | /**
|
32 | * The host at which the Firebase Auth backend is running.
|
33 | */
|
34 | apiHost: string;
|
35 | /**
|
36 | * The scheme used to communicate with the Firebase Auth backend.
|
37 | */
|
38 | apiScheme: string;
|
39 | /**
|
40 | * The host at which the Secure Token API is running.
|
41 | */
|
42 | tokenApiHost: string;
|
43 | /**
|
44 | * The SDK Client Version.
|
45 | */
|
46 | sdkClientVersion: string;
|
47 | /**
|
48 | * The domain at which the web widgets are hosted (provided via Firebase Config).
|
49 | */
|
50 | authDomain?: string;
|
51 | }
|
52 | /**
|
53 | * Interface representing reCAPTCHA parameters.
|
54 | *
|
55 | * See the [reCAPTCHA docs](https://developers.google.com/recaptcha/docs/display#render_param)
|
56 | * for the list of accepted parameters. All parameters are accepted except for `sitekey`: Firebase Auth
|
57 | * provisions a reCAPTCHA for each project and will configure the site key upon rendering.
|
58 | *
|
59 | * For an invisible reCAPTCHA, set the `size` key to `invisible`.
|
60 | *
|
61 | * @public
|
62 | */
|
63 | export interface RecaptchaParameters {
|
64 | [key: string]: any;
|
65 | }
|
66 | /**
|
67 | * Interface representing a parsed ID token.
|
68 | *
|
69 | * @privateRemarks TODO(avolkovi): consolidate with parsed_token in implementation.
|
70 | *
|
71 | * @public
|
72 | */
|
73 | export interface ParsedToken {
|
74 | /** Expiration time of the token. */
|
75 | 'exp'?: string;
|
76 | /** UID of the user. */
|
77 | 'sub'?: string;
|
78 | /** Time at which authentication was performed. */
|
79 | 'auth_time'?: string;
|
80 | /** Issuance time of the token. */
|
81 | 'iat'?: string;
|
82 | /** Firebase specific claims, containing the provider(s) used to authenticate the user. */
|
83 | 'firebase'?: {
|
84 | 'sign_in_provider'?: string;
|
85 | 'sign_in_second_factor'?: string;
|
86 | };
|
87 | /** Map of any additional custom claims. */
|
88 | [key: string]: string | object | undefined;
|
89 | }
|
90 | /**
|
91 | * Type definition for an event callback.
|
92 | *
|
93 | * @privateRemarks TODO(avolkovi): should we consolidate with Subscribe<T> since we're changing the API anyway?
|
94 | *
|
95 | * @public
|
96 | */
|
97 | export declare type NextOrObserver<T> = NextFn<T | null> | Observer<T | null>;
|
98 | /**
|
99 | * Interface for an `Auth` error.
|
100 | *
|
101 | * @public
|
102 | */
|
103 | export interface AuthError extends FirebaseError {
|
104 | /** Details about the Firebase Auth error. */
|
105 | readonly customData: {
|
106 | /** The name of the Firebase App which triggered this error. */
|
107 | readonly appName: string;
|
108 | /** The email address of the user's account, used for sign-in and linking. */
|
109 | readonly email?: string;
|
110 | /** The phone number of the user's account, used for sign-in and linking. */
|
111 | readonly phoneNumber?: string;
|
112 | /**
|
113 | * The tenant ID being used for sign-in and linking.
|
114 | *
|
115 | * @remarks
|
116 | * If you use {@link signInWithRedirect} to sign in,
|
117 | * you have to set the tenant ID on the {@link Auth} instance again as the tenant ID is not persisted
|
118 | * after redirection.
|
119 | */
|
120 | readonly tenantId?: string;
|
121 | };
|
122 | }
|
123 | /**
|
124 | * Interface representing an {@link Auth} instance's settings.
|
125 | *
|
126 | * @remarks Currently used for enabling/disabling app verification for phone Auth testing.
|
127 | *
|
128 | * @public
|
129 | */
|
130 | export interface AuthSettings {
|
131 | /**
|
132 | * When set, this property disables app verification for the purpose of testing phone
|
133 | * authentication. For this property to take effect, it needs to be set before rendering a
|
134 | * reCAPTCHA app verifier. When this is disabled, a mock reCAPTCHA is rendered instead. This is
|
135 | * useful for manual testing during development or for automated integration tests.
|
136 | *
|
137 | * In order to use this feature, you will need to
|
138 | * {@link https://firebase.google.com/docs/auth/web/phone-auth#test-with-whitelisted-phone-numbers | whitelist your phone number}
|
139 | * via the Firebase Console.
|
140 | *
|
141 | * The default value is false (app verification is enabled).
|
142 | */
|
143 | appVerificationDisabledForTesting: boolean;
|
144 | }
|
145 | /**
|
146 | * Interface representing Firebase Auth service.
|
147 | *
|
148 | * @remarks
|
149 | * See {@link https://firebase.google.com/docs/auth/ | Firebase Authentication} for a full guide
|
150 | * on how to use the Firebase Auth service.
|
151 | *
|
152 | * @public
|
153 | */
|
154 | export interface Auth {
|
155 | /** The {@link @firebase/app#FirebaseApp} associated with the `Auth` service instance. */
|
156 | readonly app: FirebaseApp;
|
157 | /** The name of the app associated with the `Auth` service instance. */
|
158 | readonly name: string;
|
159 | /** The {@link Config} used to initialize this instance. */
|
160 | readonly config: Config;
|
161 | /**
|
162 | * Changes the type of persistence on the `Auth` instance.
|
163 | *
|
164 | * @remarks
|
165 | * This will affect the currently saved Auth session and applies this type of persistence for
|
166 | * future sign-in requests, including sign-in with redirect requests.
|
167 | *
|
168 | * This makes it easy for a user signing in to specify whether their session should be
|
169 | * remembered or not. It also makes it easier to never persist the Auth state for applications
|
170 | * that are shared by other users or have sensitive data.
|
171 | *
|
172 | * @example
|
173 | * ```javascript
|
174 | * auth.setPersistence(browserSessionPersistence);
|
175 | * ```
|
176 | *
|
177 | * @param persistence - The {@link Persistence} to use.
|
178 | */
|
179 | setPersistence(persistence: Persistence): Promise<void>;
|
180 | /**
|
181 | * The {@link Auth} instance's language code.
|
182 | *
|
183 | * @remarks
|
184 | * This is a readable/writable property. When set to null, the default Firebase Console language
|
185 | * setting is applied. The language code will propagate to email action templates (password
|
186 | * reset, email verification and email change revocation), SMS templates for phone authentication,
|
187 | * reCAPTCHA verifier and OAuth popup/redirect operations provided the specified providers support
|
188 | * localization with the language code specified.
|
189 | */
|
190 | languageCode: string | null;
|
191 | /**
|
192 | * The {@link Auth} instance's tenant ID.
|
193 | *
|
194 | * @remarks
|
195 | * This is a readable/writable property. When you set the tenant ID of an {@link Auth} instance, all
|
196 | * future sign-in/sign-up operations will pass this tenant ID and sign in or sign up users to
|
197 | * the specified tenant project. When set to null, users are signed in to the parent project.
|
198 | *
|
199 | * @example
|
200 | * ```javascript
|
201 | * // Set the tenant ID on Auth instance.
|
202 | * auth.tenantId = 'TENANT_PROJECT_ID';
|
203 | *
|
204 | * // All future sign-in request now include tenant ID.
|
205 | * const result = await signInWithEmailAndPassword(auth, email, password);
|
206 | * // result.user.tenantId should be 'TENANT_PROJECT_ID'.
|
207 | * ```
|
208 | *
|
209 | * @defaultValue null
|
210 | */
|
211 | tenantId: string | null;
|
212 | /**
|
213 | * The {@link Auth} instance's settings.
|
214 | *
|
215 | * @remarks
|
216 | * This is used to edit/read configuration related options such as app verification mode for
|
217 | * phone authentication.
|
218 | */
|
219 | readonly settings: AuthSettings;
|
220 | /**
|
221 | * Adds an observer for changes to the user's sign-in state.
|
222 | *
|
223 | * @remarks
|
224 | * To keep the old behavior, see {@link Auth.onIdTokenChanged}.
|
225 | *
|
226 | * @param nextOrObserver - callback triggered on change.
|
227 | * @param error - callback triggered on error.
|
228 | * @param completed - callback triggered when observer is removed.
|
229 | */
|
230 | onAuthStateChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
|
231 | /**
|
232 | * Adds a blocking callback that runs before an auth state change
|
233 | * sets a new user.
|
234 | *
|
235 | * @param callback - callback triggered before new user value is set.
|
236 | * If this throws, it blocks the user from being set.
|
237 | * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
|
238 | * callback throws, allowing you to undo any side effects.
|
239 | */
|
240 | beforeAuthStateChanged(callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
|
241 | /**
|
242 | * Adds an observer for changes to the signed-in user's ID token.
|
243 | *
|
244 | * @remarks
|
245 | * This includes sign-in, sign-out, and token refresh events.
|
246 | *
|
247 | * @param nextOrObserver - callback triggered on change.
|
248 | * @param error - callback triggered on error.
|
249 | * @param completed - callback triggered when observer is removed.
|
250 | */
|
251 | onIdTokenChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
|
252 | /** The currently signed-in user (or null). */
|
253 | readonly currentUser: User | null;
|
254 | /** The current emulator configuration (or null). */
|
255 | readonly emulatorConfig: EmulatorConfig | null;
|
256 | /**
|
257 | * Asynchronously sets the provided user as {@link Auth.currentUser} on the {@link Auth} instance.
|
258 | *
|
259 | * @remarks
|
260 | * A new instance copy of the user provided will be made and set as currentUser.
|
261 | *
|
262 | * This will trigger {@link Auth.onAuthStateChanged} and {@link Auth.onIdTokenChanged} listeners
|
263 | * like other sign in methods.
|
264 | *
|
265 | * The operation fails with an error if the user to be updated belongs to a different Firebase
|
266 | * project.
|
267 | *
|
268 | * @param user - The new {@link User}.
|
269 | */
|
270 | updateCurrentUser(user: User | null): Promise<void>;
|
271 | /**
|
272 | * Sets the current language to the default device/browser preference.
|
273 | */
|
274 | useDeviceLanguage(): void;
|
275 | /**
|
276 | * Signs out the current user.
|
277 | */
|
278 | signOut(): Promise<void>;
|
279 | }
|
280 | /**
|
281 | * An interface covering the possible persistence mechanism types.
|
282 | *
|
283 | * @public
|
284 | */
|
285 | export interface Persistence {
|
286 | /**
|
287 | * Type of Persistence.
|
288 | * - 'SESSION' is used for temporary persistence such as `sessionStorage`.
|
289 | * - 'LOCAL' is used for long term persistence such as `localStorage` or `IndexedDB`.
|
290 | * - 'NONE' is used for in-memory, or no persistence.
|
291 | */
|
292 | readonly type: 'SESSION' | 'LOCAL' | 'NONE';
|
293 | }
|
294 | /**
|
295 | * Interface representing ID token result obtained from {@link User.getIdTokenResult}.
|
296 | *
|
297 | * @remarks
|
298 | * `IdTokenResult` contains the ID token JWT string and other helper properties for getting different data
|
299 | * associated with the token as well as all the decoded payload claims.
|
300 | *
|
301 | * Note that these claims are not to be trusted as they are parsed client side. Only server side
|
302 | * verification can guarantee the integrity of the token claims.
|
303 | *
|
304 | * @public
|
305 | */
|
306 | export interface IdTokenResult {
|
307 | /**
|
308 | * The authentication time formatted as a UTC string.
|
309 | *
|
310 | * @remarks
|
311 | * This is the time the user authenticated (signed in) and not the time the token was refreshed.
|
312 | */
|
313 | authTime: string;
|
314 | /** The ID token expiration time formatted as a UTC string. */
|
315 | expirationTime: string;
|
316 | /** The ID token issuance time formatted as a UTC string. */
|
317 | issuedAtTime: string;
|
318 | /**
|
319 | * The sign-in provider through which the ID token was obtained (anonymous, custom, phone,
|
320 | * password, etc).
|
321 | *
|
322 | * @remarks
|
323 | * Note, this does not map to provider IDs.
|
324 | */
|
325 | signInProvider: string | null;
|
326 | /**
|
327 | * The type of second factor associated with this session, provided the user was multi-factor
|
328 | * authenticated (eg. phone, etc).
|
329 | */
|
330 | signInSecondFactor: string | null;
|
331 | /** The Firebase Auth ID token JWT string. */
|
332 | token: string;
|
333 | /**
|
334 | * The entire payload claims of the ID token including the standard reserved claims as well as
|
335 | * the custom claims.
|
336 | */
|
337 | claims: ParsedToken;
|
338 | }
|
339 | /**
|
340 | * A response from {@link checkActionCode}.
|
341 | *
|
342 | * @public
|
343 | */
|
344 | export interface ActionCodeInfo {
|
345 | /**
|
346 | * The data associated with the action code.
|
347 | *
|
348 | * @remarks
|
349 | * For the {@link ActionCodeOperation}.PASSWORD_RESET, {@link ActionCodeOperation}.VERIFY_EMAIL, and
|
350 | * {@link ActionCodeOperation}.RECOVER_EMAIL actions, this object contains an email field with the address
|
351 | * the email was sent to.
|
352 | *
|
353 | * For the {@link ActionCodeOperation}.RECOVER_EMAIL action, which allows a user to undo an email address
|
354 | * change, this object also contains a `previousEmail` field with the user account's current
|
355 | * email address. After the action completes, the user's email address will revert to the value
|
356 | * in the `email` field from the value in `previousEmail` field.
|
357 | *
|
358 | * For the {@link ActionCodeOperation}.VERIFY_AND_CHANGE_EMAIL action, which allows a user to verify the
|
359 | * email before updating it, this object contains a `previousEmail` field with the user account's
|
360 | * email address before updating. After the action completes, the user's email address will be
|
361 | * updated to the value in the `email` field from the value in `previousEmail` field.
|
362 | *
|
363 | * For the {@link ActionCodeOperation}.REVERT_SECOND_FACTOR_ADDITION action, which allows a user to
|
364 | * unenroll a newly added second factor, this object contains a `multiFactorInfo` field with
|
365 | * the information about the second factor. For phone second factor, the `multiFactorInfo`
|
366 | * is a {@link MultiFactorInfo} object, which contains the phone number.
|
367 | */
|
368 | data: {
|
369 | email?: string | null;
|
370 | multiFactorInfo?: MultiFactorInfo | null;
|
371 | previousEmail?: string | null;
|
372 | };
|
373 | /**
|
374 | * The type of operation that generated the action code.
|
375 | */
|
376 | operation: typeof ActionCodeOperationMap[keyof typeof ActionCodeOperationMap];
|
377 | }
|
378 | /**
|
379 | * An enumeration of the possible email action types.
|
380 | *
|
381 | * @internal
|
382 | */
|
383 | export declare const enum ActionCodeOperation {
|
384 | /** The email link sign-in action. */
|
385 | EMAIL_SIGNIN = "EMAIL_SIGNIN",
|
386 | /** The password reset action. */
|
387 | PASSWORD_RESET = "PASSWORD_RESET",
|
388 | /** The email revocation action. */
|
389 | RECOVER_EMAIL = "RECOVER_EMAIL",
|
390 | /** The revert second factor addition email action. */
|
391 | REVERT_SECOND_FACTOR_ADDITION = "REVERT_SECOND_FACTOR_ADDITION",
|
392 | /** The revert second factor addition email action. */
|
393 | VERIFY_AND_CHANGE_EMAIL = "VERIFY_AND_CHANGE_EMAIL",
|
394 | /** The email verification action. */
|
395 | VERIFY_EMAIL = "VERIFY_EMAIL"
|
396 | }
|
397 | /**
|
398 | * An interface that defines the required continue/state URL with optional Android and iOS
|
399 | * bundle identifiers.
|
400 | *
|
401 | * @public
|
402 | */
|
403 | export interface ActionCodeSettings {
|
404 | /**
|
405 | * Sets the Android package name.
|
406 | *
|
407 | * @remarks
|
408 | * This will try to open the link in an android app if it is
|
409 | * installed. If `installApp` is passed, it specifies whether to install the Android app if the
|
410 | * device supports it and the app is not already installed. If this field is provided without
|
411 | * a `packageName`, an error is thrown explaining that the `packageName` must be provided in
|
412 | * conjunction with this field. If `minimumVersion` is specified, and an older version of the
|
413 | * app is installed, the user is taken to the Play Store to upgrade the app.
|
414 | */
|
415 | android?: {
|
416 | installApp?: boolean;
|
417 | minimumVersion?: string;
|
418 | packageName: string;
|
419 | };
|
420 | /**
|
421 | * When set to true, the action code link will be be sent as a Universal Link or Android App
|
422 | * Link and will be opened by the app if installed.
|
423 | *
|
424 | * @remarks
|
425 | * In the false case, the code will be sent to the web widget first and then on continue will
|
426 | * redirect to the app if installed.
|
427 | *
|
428 | * @defaultValue false
|
429 | */
|
430 | handleCodeInApp?: boolean;
|
431 | /**
|
432 | * Sets the iOS bundle ID.
|
433 | *
|
434 | * @remarks
|
435 | * This will try to open the link in an iOS app if it is installed.
|
436 | *
|
437 | * App installation is not supported for iOS.
|
438 | */
|
439 | iOS?: {
|
440 | bundleId: string;
|
441 | };
|
442 | /**
|
443 | * Sets the link continue/state URL.
|
444 | *
|
445 | * @remarks
|
446 | * This has different meanings in different contexts:
|
447 | * - When the link is handled in the web action widgets, this is the deep link in the
|
448 | * `continueUrl` query parameter.
|
449 | * - When the link is handled in the app directly, this is the `continueUrl` query parameter in
|
450 | * the deep link of the Dynamic Link.
|
451 | */
|
452 | url: string;
|
453 | /**
|
454 | * When multiple custom dynamic link domains are defined for a project, specify which one to use
|
455 | * when the link is to be opened via a specified mobile app (for example, `example.page.link`).
|
456 | *
|
457 | *
|
458 | * @defaultValue The first domain is automatically selected.
|
459 | */
|
460 | dynamicLinkDomain?: string;
|
461 | }
|
462 | /**
|
463 | * A verifier for domain verification and abuse prevention.
|
464 | *
|
465 | * @remarks
|
466 | * Currently, the only implementation is {@link RecaptchaVerifier}.
|
467 | *
|
468 | * @public
|
469 | */
|
470 | export interface ApplicationVerifier {
|
471 | /**
|
472 | * Identifies the type of application verifier (e.g. "recaptcha").
|
473 | */
|
474 | readonly type: string;
|
475 | /**
|
476 | * Executes the verification process.
|
477 | *
|
478 | * @returns A Promise for a token that can be used to assert the validity of a request.
|
479 | */
|
480 | verify(): Promise<string>;
|
481 | }
|
482 | /**
|
483 | * Interface that represents an auth provider, used to facilitate creating {@link AuthCredential}.
|
484 | *
|
485 | * @public
|
486 | */
|
487 | export interface AuthProvider {
|
488 | /**
|
489 | * Provider for which credentials can be constructed.
|
490 | */
|
491 | readonly providerId: string;
|
492 | }
|
493 | /**
|
494 | * An enum of factors that may be used for multifactor authentication.
|
495 | *
|
496 | * @internal
|
497 | */
|
498 | export declare const enum FactorId {
|
499 | /** Phone as second factor */
|
500 | PHONE = "phone"
|
501 | }
|
502 | /**
|
503 | * A result from a phone number sign-in, link, or reauthenticate call.
|
504 | *
|
505 | * @public
|
506 | */
|
507 | export interface ConfirmationResult {
|
508 | /**
|
509 | * The phone number authentication operation's verification ID.
|
510 | *
|
511 | * @remarks
|
512 | * This can be used along with the verification code to initialize a
|
513 | * {@link PhoneAuthCredential}.
|
514 | */
|
515 | readonly verificationId: string;
|
516 | /**
|
517 | * Finishes a phone number sign-in, link, or reauthentication.
|
518 | *
|
519 | * @example
|
520 | * ```javascript
|
521 | * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
|
522 | * // Obtain verificationCode from the user.
|
523 | * const userCredential = await confirmationResult.confirm(verificationCode);
|
524 | * ```
|
525 | *
|
526 | * @param verificationCode - The code that was sent to the user's mobile device.
|
527 | */
|
528 | confirm(verificationCode: string): Promise<UserCredential>;
|
529 | }
|
530 | /**
|
531 | * The base class for asserting ownership of a second factor.
|
532 | *
|
533 | * @remarks
|
534 | * This is used to facilitate enrollment of a second factor on an existing user or sign-in of a
|
535 | * user who already verified the first factor.
|
536 | *
|
537 | * @public
|
538 | */
|
539 | export interface MultiFactorAssertion {
|
540 | /** The identifier of the second factor. */
|
541 | readonly factorId: typeof FactorIdMap[keyof typeof FactorIdMap];
|
542 | }
|
543 | /**
|
544 | * The error thrown when the user needs to provide a second factor to sign in successfully.
|
545 | *
|
546 | * @remarks
|
547 | * The error code for this error is `auth/multi-factor-auth-required`.
|
548 | *
|
549 | * @example
|
550 | * ```javascript
|
551 | * let resolver;
|
552 | * let multiFactorHints;
|
553 | *
|
554 | * signInWithEmailAndPassword(auth, email, password)
|
555 | * .then((result) => {
|
556 | * // User signed in. No 2nd factor challenge is needed.
|
557 | * })
|
558 | * .catch((error) => {
|
559 | * if (error.code == 'auth/multi-factor-auth-required') {
|
560 | * resolver = getMultiFactorResolver(auth, error);
|
561 | * multiFactorHints = resolver.hints;
|
562 | * } else {
|
563 | * // Handle other errors.
|
564 | * }
|
565 | * });
|
566 | *
|
567 | * // Obtain a multiFactorAssertion by verifying the second factor.
|
568 | *
|
569 | * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
|
570 | * ```
|
571 | *
|
572 | * @public
|
573 | */
|
574 | export interface MultiFactorError extends AuthError {
|
575 | /** Details about the MultiFactorError. */
|
576 | readonly customData: AuthError['customData'] & {
|
577 | /**
|
578 | * The type of operation (sign-in, linking, or re-authentication) that raised the error.
|
579 | */
|
580 | readonly operationType: typeof OperationTypeMap[keyof typeof OperationTypeMap];
|
581 | };
|
582 | }
|
583 | /**
|
584 | * A structure containing the information of a second factor entity.
|
585 | *
|
586 | * @public
|
587 | */
|
588 | export interface MultiFactorInfo {
|
589 | /** The multi-factor enrollment ID. */
|
590 | readonly uid: string;
|
591 | /** The user friendly name of the current second factor. */
|
592 | readonly displayName?: string | null;
|
593 | /** The enrollment date of the second factor formatted as a UTC string. */
|
594 | readonly enrollmentTime: string;
|
595 | /** The identifier of the second factor. */
|
596 | readonly factorId: typeof FactorIdMap[keyof typeof FactorIdMap];
|
597 | }
|
598 | /**
|
599 | * The subclass of the {@link MultiFactorInfo} interface for phone number
|
600 | * second factors. The `factorId` of this second factor is {@link FactorId}.PHONE.
|
601 | * @public
|
602 | */
|
603 | export interface PhoneMultiFactorInfo extends MultiFactorInfo {
|
604 | /** The phone number associated with the current second factor. */
|
605 | readonly phoneNumber: string;
|
606 | }
|
607 | /**
|
608 | * The class used to facilitate recovery from {@link MultiFactorError} when a user needs to
|
609 | * provide a second factor to sign in.
|
610 | *
|
611 | * @example
|
612 | * ```javascript
|
613 | * let resolver;
|
614 | * let multiFactorHints;
|
615 | *
|
616 | * signInWithEmailAndPassword(auth, email, password)
|
617 | * .then((result) => {
|
618 | * // User signed in. No 2nd factor challenge is needed.
|
619 | * })
|
620 | * .catch((error) => {
|
621 | * if (error.code == 'auth/multi-factor-auth-required') {
|
622 | * resolver = getMultiFactorResolver(auth, error);
|
623 | * // Show UI to let user select second factor.
|
624 | * multiFactorHints = resolver.hints;
|
625 | * } else {
|
626 | * // Handle other errors.
|
627 | * }
|
628 | * });
|
629 | *
|
630 | * // The enrolled second factors that can be used to complete
|
631 | * // sign-in are returned in the `MultiFactorResolver.hints` list.
|
632 | * // UI needs to be presented to allow the user to select a second factor
|
633 | * // from that list.
|
634 | *
|
635 | * const selectedHint = // ; selected from multiFactorHints
|
636 | * const phoneAuthProvider = new PhoneAuthProvider(auth);
|
637 | * const phoneInfoOptions = {
|
638 | * multiFactorHint: selectedHint,
|
639 | * session: resolver.session
|
640 | * };
|
641 | * const verificationId = phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
|
642 | * // Store `verificationId` and show UI to let user enter verification code.
|
643 | *
|
644 | * // UI to enter verification code and continue.
|
645 | * // Continue button click handler
|
646 | * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
|
647 | * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
|
648 | * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
|
649 | * ```
|
650 | *
|
651 | * @public
|
652 | */
|
653 | export interface MultiFactorResolver {
|
654 | /**
|
655 | * The list of hints for the second factors needed to complete the sign-in for the current
|
656 | * session.
|
657 | */
|
658 | readonly hints: MultiFactorInfo[];
|
659 | /**
|
660 | * The session identifier for the current sign-in flow, which can be used to complete the second
|
661 | * factor sign-in.
|
662 | */
|
663 | readonly session: MultiFactorSession;
|
664 | /**
|
665 | * A helper function to help users complete sign in with a second factor using an
|
666 | * {@link MultiFactorAssertion} confirming the user successfully completed the second factor
|
667 | * challenge.
|
668 | *
|
669 | * @example
|
670 | * ```javascript
|
671 | * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
|
672 | * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
|
673 | * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
|
674 | * ```
|
675 | *
|
676 | * @param assertion - The multi-factor assertion to resolve sign-in with.
|
677 | * @returns The promise that resolves with the user credential object.
|
678 | */
|
679 | resolveSignIn(assertion: MultiFactorAssertion): Promise<UserCredential>;
|
680 | }
|
681 | /**
|
682 | * An interface defining the multi-factor session object used for enrolling a second factor on a
|
683 | * user or helping sign in an enrolled user with a second factor.
|
684 | *
|
685 | * @public
|
686 | */
|
687 | export interface MultiFactorSession {
|
688 | }
|
689 | /**
|
690 | * An interface that defines the multi-factor related properties and operations pertaining
|
691 | * to a {@link User}.
|
692 | *
|
693 | * @public
|
694 | */
|
695 | export interface MultiFactorUser {
|
696 | /** Returns a list of the user's enrolled second factors. */
|
697 | readonly enrolledFactors: MultiFactorInfo[];
|
698 | /**
|
699 | * Returns the session identifier for a second factor enrollment operation. This is used to
|
700 | * identify the user trying to enroll a second factor.
|
701 | *
|
702 | * @example
|
703 | * ```javascript
|
704 | * const multiFactorUser = multiFactor(auth.currentUser);
|
705 | * const multiFactorSession = await multiFactorUser.getSession();
|
706 | *
|
707 | * // Send verification code.
|
708 | * const phoneAuthProvider = new PhoneAuthProvider(auth);
|
709 | * const phoneInfoOptions = {
|
710 | * phoneNumber: phoneNumber,
|
711 | * session: multiFactorSession
|
712 | * };
|
713 | * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
|
714 | *
|
715 | * // Obtain verification code from user.
|
716 | * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
|
717 | * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
|
718 | * await multiFactorUser.enroll(multiFactorAssertion);
|
719 | * ```
|
720 | *
|
721 | * @returns The promise that resolves with the {@link MultiFactorSession}.
|
722 | */
|
723 | getSession(): Promise<MultiFactorSession>;
|
724 | /**
|
725 | *
|
726 | * Enrolls a second factor as identified by the {@link MultiFactorAssertion} for the
|
727 | * user.
|
728 | *
|
729 | * @remarks
|
730 | * On resolution, the user tokens are updated to reflect the change in the JWT payload.
|
731 | * Accepts an additional display name parameter used to identify the second factor to the end
|
732 | * user. Recent re-authentication is required for this operation to succeed. On successful
|
733 | * enrollment, existing Firebase sessions (refresh tokens) are revoked. When a new factor is
|
734 | * enrolled, an email notification is sent to the user’s email.
|
735 | *
|
736 | * @example
|
737 | * ```javascript
|
738 | * const multiFactorUser = multiFactor(auth.currentUser);
|
739 | * const multiFactorSession = await multiFactorUser.getSession();
|
740 | *
|
741 | * // Send verification code.
|
742 | * const phoneAuthProvider = new PhoneAuthProvider(auth);
|
743 | * const phoneInfoOptions = {
|
744 | * phoneNumber: phoneNumber,
|
745 | * session: multiFactorSession
|
746 | * };
|
747 | * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
|
748 | *
|
749 | * // Obtain verification code from user.
|
750 | * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
|
751 | * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
|
752 | * await multiFactorUser.enroll(multiFactorAssertion);
|
753 | * // Second factor enrolled.
|
754 | * ```
|
755 | *
|
756 | * @param assertion - The multi-factor assertion to enroll with.
|
757 | * @param displayName - The display name of the second factor.
|
758 | */
|
759 | enroll(assertion: MultiFactorAssertion, displayName?: string | null): Promise<void>;
|
760 | /**
|
761 | * Unenrolls the specified second factor.
|
762 | *
|
763 | * @remarks
|
764 | * To specify the factor to remove, pass a {@link MultiFactorInfo} object (retrieved from
|
765 | * {@link MultiFactorUser.enrolledFactors}) or the
|
766 | * factor's UID string. Sessions are not revoked when the account is unenrolled. An email
|
767 | * notification is likely to be sent to the user notifying them of the change. Recent
|
768 | * re-authentication is required for this operation to succeed. When an existing factor is
|
769 | * unenrolled, an email notification is sent to the user’s email.
|
770 | *
|
771 | * @example
|
772 | * ```javascript
|
773 | * const multiFactorUser = multiFactor(auth.currentUser);
|
774 | * // Present user the option to choose which factor to unenroll.
|
775 | * await multiFactorUser.unenroll(multiFactorUser.enrolledFactors[i])
|
776 | * ```
|
777 | *
|
778 | * @param option - The multi-factor option to unenroll.
|
779 | * @returns - A `Promise` which resolves when the unenroll operation is complete.
|
780 | */
|
781 | unenroll(option: MultiFactorInfo | string): Promise<void>;
|
782 | }
|
783 | /**
|
784 | * The class for asserting ownership of a phone second factor. Provided by
|
785 | * {@link PhoneMultiFactorGenerator.assertion}.
|
786 | *
|
787 | * @public
|
788 | */
|
789 | export interface PhoneMultiFactorAssertion extends MultiFactorAssertion {
|
790 | }
|
791 | /**
|
792 | * The information required to verify the ownership of a phone number.
|
793 | *
|
794 | * @remarks
|
795 | * The information that's required depends on whether you are doing single-factor sign-in,
|
796 | * multi-factor enrollment or multi-factor sign-in.
|
797 | *
|
798 | * @public
|
799 | */
|
800 | export declare type PhoneInfoOptions = PhoneSingleFactorInfoOptions | PhoneMultiFactorEnrollInfoOptions | PhoneMultiFactorSignInInfoOptions;
|
801 | /**
|
802 | * Options used for single-factor sign-in.
|
803 | *
|
804 | * @public
|
805 | */
|
806 | export interface PhoneSingleFactorInfoOptions {
|
807 | /** Phone number to send a verification code to. */
|
808 | phoneNumber: string;
|
809 | }
|
810 | /**
|
811 | * Options used for enrolling a second factor.
|
812 | *
|
813 | * @public
|
814 | */
|
815 | export interface PhoneMultiFactorEnrollInfoOptions {
|
816 | /** Phone number to send a verification code to. */
|
817 | phoneNumber: string;
|
818 | /** The {@link MultiFactorSession} obtained via {@link MultiFactorUser.getSession}. */
|
819 | session: MultiFactorSession;
|
820 | }
|
821 | /**
|
822 | * Options used for signing in with a second factor.
|
823 | *
|
824 | * @public
|
825 | */
|
826 | export interface PhoneMultiFactorSignInInfoOptions {
|
827 | /**
|
828 | * The {@link MultiFactorInfo} obtained via {@link MultiFactorResolver.hints}.
|
829 | *
|
830 | * One of `multiFactorHint` or `multiFactorUid` is required.
|
831 | */
|
832 | multiFactorHint?: MultiFactorInfo;
|
833 | /**
|
834 | * The uid of the second factor.
|
835 | *
|
836 | * One of `multiFactorHint` or `multiFactorUid` is required.
|
837 | */
|
838 | multiFactorUid?: string;
|
839 | /** The {@link MultiFactorSession} obtained via {@link MultiFactorResolver.session}. */
|
840 | session: MultiFactorSession;
|
841 | }
|
842 | /**
|
843 | * Interface for a supplied `AsyncStorage`.
|
844 | *
|
845 | * @public
|
846 | */
|
847 | export interface ReactNativeAsyncStorage {
|
848 | /**
|
849 | * Persist an item in storage.
|
850 | *
|
851 | * @param key - storage key.
|
852 | * @param value - storage value.
|
853 | */
|
854 | setItem(key: string, value: string): Promise<void>;
|
855 | /**
|
856 | * Retrieve an item from storage.
|
857 | *
|
858 | * @param key - storage key.
|
859 | */
|
860 | getItem(key: string): Promise<string | null>;
|
861 | /**
|
862 | * Remove an item from storage.
|
863 | *
|
864 | * @param key - storage key.
|
865 | */
|
866 | removeItem(key: string): Promise<void>;
|
867 | }
|
868 | /**
|
869 | * A user account.
|
870 | *
|
871 | * @public
|
872 | */
|
873 | export interface User extends UserInfo {
|
874 | /**
|
875 | * Whether the email has been verified with {@link sendEmailVerification} and
|
876 | * {@link applyActionCode}.
|
877 | */
|
878 | readonly emailVerified: boolean;
|
879 | /**
|
880 | * Whether the user is authenticated using the {@link ProviderId}.ANONYMOUS provider.
|
881 | */
|
882 | readonly isAnonymous: boolean;
|
883 | /**
|
884 | * Additional metadata around user creation and sign-in times.
|
885 | */
|
886 | readonly metadata: UserMetadata;
|
887 | /**
|
888 | * Additional per provider such as displayName and profile information.
|
889 | */
|
890 | readonly providerData: UserInfo[];
|
891 | /**
|
892 | * Refresh token used to reauthenticate the user. Avoid using this directly and prefer
|
893 | * {@link User.getIdToken} to refresh the ID token instead.
|
894 | */
|
895 | readonly refreshToken: string;
|
896 | /**
|
897 | * The user's tenant ID.
|
898 | *
|
899 | * @remarks
|
900 | * This is a read-only property, which indicates the tenant ID
|
901 | * used to sign in the user. This is null if the user is signed in from the parent
|
902 | * project.
|
903 | *
|
904 | * @example
|
905 | * ```javascript
|
906 | * // Set the tenant ID on Auth instance.
|
907 | * auth.tenantId = 'TENANT_PROJECT_ID';
|
908 | *
|
909 | * // All future sign-in request now include tenant ID.
|
910 | * const result = await signInWithEmailAndPassword(auth, email, password);
|
911 | * // result.user.tenantId should be 'TENANT_PROJECT_ID'.
|
912 | * ```
|
913 | */
|
914 | readonly tenantId: string | null;
|
915 | /**
|
916 | * Deletes and signs out the user.
|
917 | *
|
918 | * @remarks
|
919 | * Important: this is a security-sensitive operation that requires the user to have recently
|
920 | * signed in. If this requirement isn't met, ask the user to authenticate again and then call
|
921 | * one of the reauthentication methods like {@link reauthenticateWithCredential}.
|
922 | */
|
923 | delete(): Promise<void>;
|
924 | /**
|
925 | * Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.
|
926 | *
|
927 | * @remarks
|
928 | * Returns the current token if it has not expired or if it will not expire in the next five
|
929 | * minutes. Otherwise, this will refresh the token and return a new one.
|
930 | *
|
931 | * @param forceRefresh - Force refresh regardless of token expiration.
|
932 | */
|
933 | getIdToken(forceRefresh?: boolean): Promise<string>;
|
934 | /**
|
935 | * Returns a deserialized JSON Web Token (JWT) used to identitfy the user to a Firebase service.
|
936 | *
|
937 | * @remarks
|
938 | * Returns the current token if it has not expired or if it will not expire in the next five
|
939 | * minutes. Otherwise, this will refresh the token and return a new one.
|
940 | *
|
941 | * @param forceRefresh - Force refresh regardless of token expiration.
|
942 | */
|
943 | getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult>;
|
944 | /**
|
945 | * Refreshes the user, if signed in.
|
946 | */
|
947 | reload(): Promise<void>;
|
948 | /**
|
949 | * Returns a JSON-serializable representation of this object.
|
950 | *
|
951 | * @returns A JSON-serializable representation of this object.
|
952 | */
|
953 | toJSON(): object;
|
954 | }
|
955 | /**
|
956 | * A structure containing a {@link User}, the {@link OperationType}, and the provider ID.
|
957 | *
|
958 | * @remarks
|
959 | * `operationType` could be {@link OperationType}.SIGN_IN for a sign-in operation,
|
960 | * {@link OperationType}.LINK for a linking operation and {@link OperationType}.REAUTHENTICATE for
|
961 | * a reauthentication operation.
|
962 | *
|
963 | * @public
|
964 | */
|
965 | export interface UserCredential {
|
966 | /**
|
967 | * The user authenticated by this credential.
|
968 | */
|
969 | user: User;
|
970 | /**
|
971 | * The provider which was used to authenticate the user.
|
972 | */
|
973 | providerId: string | null;
|
974 | /**
|
975 | * The type of operation which was used to authenticate the user (such as sign-in or link).
|
976 | */
|
977 | operationType: typeof OperationTypeMap[keyof typeof OperationTypeMap];
|
978 | }
|
979 | /**
|
980 | * User profile information, visible only to the Firebase project's apps.
|
981 | *
|
982 | * @public
|
983 | */
|
984 | export interface UserInfo {
|
985 | /**
|
986 | * The display name of the user.
|
987 | */
|
988 | readonly displayName: string | null;
|
989 | /**
|
990 | * The email of the user.
|
991 | */
|
992 | readonly email: string | null;
|
993 | /**
|
994 | * The phone number normalized based on the E.164 standard (e.g. +16505550101) for the
|
995 | * user.
|
996 | *
|
997 | * @remarks
|
998 | * This is null if the user has no phone credential linked to the account.
|
999 | */
|
1000 | readonly phoneNumber: string | null;
|
1001 | /**
|
1002 | * The profile photo URL of the user.
|
1003 | */
|
1004 | readonly photoURL: string | null;
|
1005 | /**
|
1006 | * The provider used to authenticate the user.
|
1007 | */
|
1008 | readonly providerId: string;
|
1009 | /**
|
1010 | * The user's unique ID, scoped to the project.
|
1011 | */
|
1012 | readonly uid: string;
|
1013 | }
|
1014 | /**
|
1015 | * Interface representing a user's metadata.
|
1016 | *
|
1017 | * @public
|
1018 | */
|
1019 | export interface UserMetadata {
|
1020 | /** Time the user was created. */
|
1021 | readonly creationTime?: string;
|
1022 | /** Time the user last signed in. */
|
1023 | readonly lastSignInTime?: string;
|
1024 | }
|
1025 | /**
|
1026 | * A structure containing additional user information from a federated identity provider.
|
1027 | *
|
1028 | * @public
|
1029 | */
|
1030 | export interface AdditionalUserInfo {
|
1031 | /**
|
1032 | * Whether the user is new (created via sign-up) or existing (authenticated using sign-in).
|
1033 | */
|
1034 | readonly isNewUser: boolean;
|
1035 | /**
|
1036 | * Map containing IDP-specific user data.
|
1037 | */
|
1038 | readonly profile: Record<string, unknown> | null;
|
1039 | /**
|
1040 | * Identifier for the provider used to authenticate this user.
|
1041 | */
|
1042 | readonly providerId: string | null;
|
1043 | /**
|
1044 | * The username if the provider is GitHub or Twitter.
|
1045 | */
|
1046 | readonly username?: string | null;
|
1047 | }
|
1048 | /**
|
1049 | * User profile used in {@link AdditionalUserInfo}.
|
1050 | *
|
1051 | * @public
|
1052 | */
|
1053 | export declare type UserProfile = Record<string, unknown>;
|
1054 | /**
|
1055 | * A resolver used for handling DOM specific operations like {@link signInWithPopup}
|
1056 | * or {@link signInWithRedirect}.
|
1057 | *
|
1058 | * @public
|
1059 | */
|
1060 | export interface PopupRedirectResolver {
|
1061 | }
|
1062 | declare module '@firebase/component' {
|
1063 | interface NameServiceMapping {
|
1064 | 'auth': Auth;
|
1065 | }
|
1066 | }
|
1067 | /**
|
1068 | * Configuration of Firebase Authentication Emulator.
|
1069 | * @public
|
1070 | */
|
1071 | export interface EmulatorConfig {
|
1072 | /**
|
1073 | * The protocol used to communicate with the emulator ("http"/"https").
|
1074 | */
|
1075 | readonly protocol: string;
|
1076 | /**
|
1077 | * The hostname of the emulator, which may be a domain ("localhost"), IPv4 address ("127.0.0.1")
|
1078 | * or quoted IPv6 address ("[::1]").
|
1079 | */
|
1080 | readonly host: string;
|
1081 | /**
|
1082 | * The port of the emulator, or null if port isn't specified (i.e. protocol default).
|
1083 | */
|
1084 | readonly port: number | null;
|
1085 | /**
|
1086 | * The emulator-specific options.
|
1087 | */
|
1088 | readonly options: {
|
1089 | /**
|
1090 | * Whether the warning banner attached to the DOM was disabled.
|
1091 | */
|
1092 | readonly disableWarnings: boolean;
|
1093 | };
|
1094 | }
|
1095 | /**
|
1096 | * A mapping of error codes to error messages.
|
1097 | *
|
1098 | * @remarks
|
1099 | *
|
1100 | * While error messages are useful for debugging (providing verbose textual
|
1101 | * context around what went wrong), these strings take up a lot of space in the
|
1102 | * compiled code. When deploying code in production, using {@link prodErrorMap}
|
1103 | * will save you roughly 10k compressed/gzipped over {@link debugErrorMap}. You
|
1104 | * can select the error map during initialization:
|
1105 | *
|
1106 | * ```javascript
|
1107 | * initializeAuth(app, {errorMap: debugErrorMap})
|
1108 | * ```
|
1109 | *
|
1110 | * When initializing Auth, {@link prodErrorMap} is default.
|
1111 | *
|
1112 | * @public
|
1113 | */
|
1114 | export interface AuthErrorMap {
|
1115 | }
|
1116 | /**
|
1117 | * The dependencies that can be used to initialize an {@link Auth} instance.
|
1118 | *
|
1119 | * @remarks
|
1120 | *
|
1121 | * The modular SDK enables tree shaking by allowing explicit declarations of
|
1122 | * dependencies. For example, a web app does not need to include code that
|
1123 | * enables Cordova redirect sign in. That functionality is therefore split into
|
1124 | * {@link browserPopupRedirectResolver} and
|
1125 | * {@link cordovaPopupRedirectResolver}. The dependencies object is how Auth is
|
1126 | * configured to reduce bundle sizes.
|
1127 | *
|
1128 | * There are two ways to initialize an {@link Auth} instance: {@link getAuth} and
|
1129 | * {@link initializeAuth}. `getAuth` initializes everything using
|
1130 | * platform-specific configurations, while `initializeAuth` takes a
|
1131 | * `Dependencies` object directly, giving you more control over what is used.
|
1132 | *
|
1133 | * @public
|
1134 | */
|
1135 | export interface Dependencies {
|
1136 | /**
|
1137 | * Which {@link Persistence} to use. If this is an array, the first
|
1138 | * `Persistence` that the device supports is used. The SDK searches for an
|
1139 | * existing account in order and, if one is found in a secondary
|
1140 | * `Persistence`, the account is moved to the primary `Persistence`.
|
1141 | *
|
1142 | * If no persistence is provided, the SDK falls back on
|
1143 | * {@link inMemoryPersistence}.
|
1144 | */
|
1145 | persistence?: Persistence | Persistence[];
|
1146 | /**
|
1147 | * The {@link PopupRedirectResolver} to use. This value depends on the
|
1148 | * platform. Options are {@link browserPopupRedirectResolver} and
|
1149 | * {@link cordovaPopupRedirectResolver}. This field is optional if neither
|
1150 | * {@link signInWithPopup} or {@link signInWithRedirect} are being used.
|
1151 | */
|
1152 | popupRedirectResolver?: PopupRedirectResolver;
|
1153 | /**
|
1154 | * Which {@link AuthErrorMap} to use.
|
1155 | */
|
1156 | errorMap?: AuthErrorMap;
|
1157 | }
|