UNPKG

142 kBTypeScriptView Raw
<
1/**
2 * Firebase Authentication
3 *
4 * @packageDocumentation
5 */
6
7import { CompleteFn } from '@firebase/util';
8import { ErrorFactory } from '@firebase/util';
9import { ErrorFn } from '@firebase/util';
10import { FirebaseApp } from '@firebase/app';
11import { FirebaseError } from '@firebase/util';
12import { NextFn } from '@firebase/util';
13import { Observer } from '@firebase/util';
14import { Unsubscribe } from '@firebase/util';
15
16/**
17 * A response from {@link checkActionCode}.
18 *
19 * @public
20 */
21export declare interface ActionCodeInfo {
22 /**
23 * The data associated with the action code.
24 *
25 * @remarks
26 * For the {@link ActionCodeOperation}.PASSWORD_RESET, {@link ActionCodeOperation}.VERIFY_EMAIL, and
27 * {@link ActionCodeOperation}.RECOVER_EMAIL actions, this object contains an email field with the address
28 * the email was sent to.
29 *
30 * For the {@link ActionCodeOperation}.RECOVER_EMAIL action, which allows a user to undo an email address
31 * change, this object also contains a `previousEmail` field with the user account's current
32 * email address. After the action completes, the user's email address will revert to the value
33 * in the `email` field from the value in `previousEmail` field.
34 *
35 * For the {@link ActionCodeOperation}.VERIFY_AND_CHANGE_EMAIL action, which allows a user to verify the
36 * email before updating it, this object contains a `previousEmail` field with the user account's
37 * email address before updating. After the action completes, the user's email address will be
38 * updated to the value in the `email` field from the value in `previousEmail` field.
39 *
40 * For the {@link ActionCodeOperation}.REVERT_SECOND_FACTOR_ADDITION action, which allows a user to
41 * unenroll a newly added second factor, this object contains a `multiFactorInfo` field with
42 * the information about the second factor. For phone second factor, the `multiFactorInfo`
43 * is a {@link MultiFactorInfo} object, which contains the phone number.
44 */
45 data: {
46 email?: string | null;
47 multiFactorInfo?: MultiFactorInfo | null;
48 previousEmail?: string | null;
49 };
50 /**
51 * The type of operation that generated the action code.
52 */
53 operation: (typeof ActionCodeOperation)[keyof typeof ActionCodeOperation];
54}
55
56/**
57 * An enumeration of the possible email action types.
58 *
59 * @public
60 */
61export declare const ActionCodeOperation: {
62 /** The email link sign-in action. */
63 readonly EMAIL_SIGNIN: "EMAIL_SIGNIN";
64 /** The password reset action. */
65 readonly PASSWORD_RESET: "PASSWORD_RESET";
66 /** The email revocation action. */
67 readonly RECOVER_EMAIL: "RECOVER_EMAIL";
68 /** The revert second factor addition email action. */
69 readonly REVERT_SECOND_FACTOR_ADDITION: "REVERT_SECOND_FACTOR_ADDITION";
70 /** The revert second factor addition email action. */
71 readonly VERIFY_AND_CHANGE_EMAIL: "VERIFY_AND_CHANGE_EMAIL";
72 /** The email verification action. */
73 readonly VERIFY_EMAIL: "VERIFY_EMAIL";
74};
75
76/**
77 * An interface that defines the required continue/state URL with optional Android and iOS
78 * bundle identifiers.
79 *
80 * @public
81 */
82export declare interface ActionCodeSettings {
83 /**
84 * Sets the Android package name.
85 *
86 * @remarks
87 * This will try to open the link in an android app if it is
88 * installed. If `installApp` is passed, it specifies whether to install the Android app if the
89 * device supports it and the app is not already installed. If this field is provided without
90 * a `packageName`, an error is thrown explaining that the `packageName` must be provided in
91 * conjunction with this field. If `minimumVersion` is specified, and an older version of the
92 * app is installed, the user is taken to the Play Store to upgrade the app.
93 */
94 android?: {
95 installApp?: boolean;
96 minimumVersion?: string;
97 packageName: string;
98 };
99 /**
100 * When set to true, the action code link will be be sent as a Universal Link or Android App
101 * Link and will be opened by the app if installed.
102 *
103 * @remarks
104 * In the false case, the code will be sent to the web widget first and then on continue will
105 * redirect to the app if installed.
106 *
107 * @defaultValue false
108 */
109 handleCodeInApp?: boolean;
110 /**
111 * Sets the iOS bundle ID.
112 *
113 * @remarks
114 * This will try to open the link in an iOS app if it is installed.
115 *
116 * App installation is not supported for iOS.
117 */
118 iOS?: {
119 bundleId: string;
120 };
121 /**
122 * Sets the link continue/state URL.
123 *
124 * @remarks
125 * This has different meanings in different contexts:
126 * - When the link is handled in the web action widgets, this is the deep link in the
127 * `continueUrl` query parameter.
128 * - When the link is handled in the app directly, this is the `continueUrl` query parameter in
129 * the deep link of the Dynamic Link.
130 */
131 url: string;
132 /**
133 * When multiple custom dynamic link domains are defined for a project, specify which one to use
134 * when the link is to be opened via a specified mobile app (for example, `example.page.link`).
135 *
136 *
137 * @defaultValue The first domain is automatically selected.
138 */
139 dynamicLinkDomain?: string;
140}
141
142/**
143 * @license
144 * Copyright 2020 Google LLC
145 *
146 * Licensed under the Apache License, Version 2.0 (the "License");
147 * you may not use this file except in compliance with the License.
148 * You may obtain a copy of the License at
149 *
150 * http://www.apache.org/licenses/LICENSE-2.0
151 *
152 * Unless required by applicable law or agreed to in writing, software
153 * distributed under the License is distributed on an "AS IS" BASIS,
154 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
155 * See the License for the specific language governing permissions and
156 * limitations under the License.
157 */
158/**
159 * A utility class to parse email action URLs such as password reset, email verification,
160 * email link sign in, etc.
161 *
162 * @public
163 */
164export declare class ActionCodeURL {
165 /**
166 * The API key of the email action link.
167 */
168 readonly apiKey: string;
169 /**
170 * The action code of the email action link.
171 */
172 readonly code: string;
173 /**
174 * The continue URL of the email action link. Null if not provided.
175 */
176 readonly continueUrl: string | null;
177 /**
178 * The language code of the email action link. Null if not provided.
179 */
180 readonly languageCode: string | null;
181 /**
182 * The action performed by the email action link. It returns from one of the types from
183 * {@link ActionCodeInfo}
184 */
185 readonly operation: string;
186 /**
187 * The tenant ID of the email action link. Null if the email action is from the parent project.
188 */
189 readonly tenantId: string | null;
190 /* Excluded from this release type: __constructor */
191 /**
192 * Parses the email action link string and returns an {@link ActionCodeURL} if the link is valid,
193 * otherwise returns null.
194 *
195 * @param link - The email action link string.
196 * @returns The {@link ActionCodeURL} object, or null if the link is invalid.
197 *
198 * @public
199 */
200 static parseLink(link: string): ActionCodeURL | null;
201}
202
203/**
204 * A structure containing additional user information from a federated identity provider.
205 *
206 * @public
207 */
208export declare interface AdditionalUserInfo {
209 /**
210 * Whether the user is new (created via sign-up) or existing (authenticated using sign-in).
211 */
212 readonly isNewUser: boolean;
213 /**
214 * Map containing IDP-specific user data.
215 */
216 readonly profile: Record<string, unknown> | null;
217 /**
218 * Identifier for the provider used to authenticate this user.
219 */
220 readonly providerId: string | null;
221 /**
222 * The username if the provider is GitHub or Twitter.
223 */
224 readonly username?: string | null;
225}
226
227declare interface APIUserInfo {
228 localId?: string;
229 displayName?: string;
230 photoUrl?: string;
231 email?: string;
232 emailVerified?: boolean;
233 phoneNumber?: string;
234 lastLoginAt?: number;
235 createdAt?: number;
236 tenantId?: string;
237 passwordHash?: string;
238 providerUserInfo?: ProviderUserInfo[];
239 mfaInfo?: MfaEnrollment[];
240}
241
242/**
243 * A verifier for domain verification and abuse prevention.
244 *
245 * @remarks
246 * Currently, the only implementation is {@link RecaptchaVerifier}.
247 *
248 * @public
249 */
250export declare interface ApplicationVerifier {
251 /**
252 * Identifies the type of application verifier (e.g. "recaptcha").
253 */
254 readonly type: string;
255 /**
256 * Executes the verification process.
257 *
258 * @returns A Promise for a token that can be used to assert the validity of a request.
259 */
260 verify(): Promise<string>;
261}
262
263declare interface ApplicationVerifierInternal extends ApplicationVerifier {
264 /* Excluded from this release type: _reset */
265}
266
267/**
268 * Applies a verification code sent to the user by email or other out-of-band mechanism.
269 *
270 * @param auth - The {@link Auth} instance.
271 * @param oobCode - A verification code sent to the user.
272 *
273 * @public
274 */
275export declare function applyActionCode(auth: Auth, oobCode: string): Promise<void>;
276
277declare type AppName = string;
278
279/**
280 * Interface representing Firebase Auth service.
281 *
282 * @remarks
283 * See {@link https://firebase.google.com/docs/auth/ | Firebase Authentication} for a full guide
284 * on how to use the Firebase Auth service.
285 *
286 * @public
287 */
288export declare interface Auth {
289 /** The {@link @firebase/app#FirebaseApp} associated with the `Auth` service instance. */
290 readonly app: FirebaseApp;
291 /** The name of the app associated with the `Auth` service instance. */
292 readonly name: string;
293 /** The {@link Config} used to initialize this instance. */
294 readonly config: Config;
295 /**
296 * Changes the type of persistence on the `Auth` instance.
297 *
298 * @remarks
299 * This will affect the currently saved Auth session and applies this type of persistence for
300 * future sign-in requests, including sign-in with redirect requests.
301 *
302 * This makes it easy for a user signing in to specify whether their session should be
303 * remembered or not. It also makes it easier to never persist the Auth state for applications
304 * that are shared by other users or have sensitive data.
305 *
306 * This method does not work in a Node.js environment.
307 *
308 * @example
309 * ```javascript
310 * auth.setPersistence(browserSessionPersistence);
311 * ```
312 *
313 * @param persistence - The {@link Persistence} to use.
314 */
315 setPersistence(persistence: Persistence): Promise<void>;
316 /**
317 * The {@link Auth} instance's language code.
318 *
319 * @remarks
320 * This is a readable/writable property. When set to null, the default Firebase Console language
321 * setting is applied. The language code will propagate to email action templates (password
322 * reset, email verification and email change revocation), SMS templates for phone authentication,
323 * reCAPTCHA verifier and OAuth popup/redirect operations provided the specified providers support
324 * localization with the language code specified.
325 */
326 languageCode: string | null;
327 /**
328 * The {@link Auth} instance's tenant ID.
329 *
330 * @remarks
331 * This is a readable/writable property. When you set the tenant ID of an {@link Auth} instance, all
332 * future sign-in/sign-up operations will pass this tenant ID and sign in or sign up users to
333 * the specified tenant project. When set to null, users are signed in to the parent project.
334 *
335 * @example
336 * ```javascript
337 * // Set the tenant ID on Auth instance.
338 * auth.tenantId = 'TENANT_PROJECT_ID';
339 *
340 * // All future sign-in request now include tenant ID.
341 * const result = await signInWithEmailAndPassword(auth, email, password);
342 * // result.user.tenantId should be 'TENANT_PROJECT_ID'.
343 * ```
344 *
345 * @defaultValue null
346 */
347 tenantId: string | null;
348 /**
349 * The {@link Auth} instance's settings.
350 *
351 * @remarks
352 * This is used to edit/read configuration related options such as app verification mode for
353 * phone authentication.
354 */
355 readonly settings: AuthSettings;
356 /**
357 * Adds an observer for changes to the user's sign-in state.
358 *
359 * @remarks
360 * To keep the old behavior, see {@link Auth.onIdTokenChanged}.
361 *
362 * @param nextOrObserver - callback triggered on change.
363 * @param error - Deprecated. This callback is never triggered. Errors
364 * on signing in/out can be caught in promises returned from
365 * sign-in/sign-out functions.
366 * @param completed - Deprecated. This callback is never triggered.
367 */
368 onAuthStateChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
369 /**
370 * Adds a blocking callback that runs before an auth state change
371 * sets a new user.
372 *
373 * @param callback - callback triggered before new user value is set.
374 * If this throws, it blocks the user from being set.
375 * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
376 * callback throws, allowing you to undo any side effects.
377 */
378 beforeAuthStateChanged(callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
379 /**
380 * Adds an observer for changes to the signed-in user's ID token.
381 *
382 * @remarks
383 * This includes sign-in, sign-out, and token refresh events.
384 *
385 * @param nextOrObserver - callback triggered on change.
386 * @param error - Deprecated. This callback is never triggered. Errors
387 * on signing in/out can be caught in promises returned from
388 * sign-in/sign-out functions.
389 * @param completed - Deprecated. This callback is never triggered.
390 */
391 onIdTokenChanged(nextOrObserver: NextOrObserver<User | null>, error?: ErrorFn, completed?: CompleteFn): Unsubscribe;
392 /**
393 * returns a promise that resolves immediately when the initial
394 * auth state is settled. When the promise resolves, the current user might be a valid user
395 * or `null` if the user signed out.
396 */
397 authStateReady(): Promise<void>;
398 /** The currently signed-in user (or null). */
399 readonly currentUser: User | null;
400 /** The current emulator configuration (or null). */
401 readonly emulatorConfig: EmulatorConfig | null;
402 /**
403 * Asynchronously sets the provided user as {@link Auth.currentUser} on the {@link Auth} instance.
404 *
405 * @remarks
406 * A new instance copy of the user provided will be made and set as currentUser.
407 *
408 * This will trigger {@link Auth.onAuthStateChanged} and {@link Auth.onIdTokenChanged} listeners
409 * like other sign in methods.
410 *
411 * The operation fails with an error if the user to be updated belongs to a different Firebase
412 * project.
413 *
414 * @param user - The new {@link User}.
415 */
416 updateCurrentUser(user: User | null): Promise<void>;
417 /**
418 * Sets the current language to the default device/browser preference.
419 */
420 useDeviceLanguage(): void;
421 /**
422 * Signs out the current user. This does not automatically revoke the user's ID token.
423 *
424 * @remarks
425 * This method is not supported by {@link Auth} instances created with a
426 * {@link @firebase/app#FirebaseServerApp}.
427 */
428 signOut(): Promise<void>;
429}
430
431/**
432 * Interface that represents the credentials returned by an {@link AuthProvider}.
433 *
434 * @remarks
435 * Implementations specify the details about each auth provider's credential requirements.
436 *
437 * @public
438 */
439export declare class AuthCredential {
440 /**
441 * The authentication provider ID for the credential.
442 *
443 * @remarks
444 * For example, 'facebook.com', or 'google.com'.
445 */
446 readonly providerId: string;
447 /**
448 * The authentication sign in method for the credential.
449 *
450 * @remarks
451 * For example, {@link SignInMethod}.EMAIL_PASSWORD, or
452 * {@link SignInMethod}.EMAIL_LINK. This corresponds to the sign-in method
453 * identifier as returned in {@link fetchSignInMethodsForEmail}.
454 */
455 readonly signInMethod: string;
456 /* Excluded from this release type: __constructor */
457 /**
458 * Returns a JSON-serializable representation of this object.
459 *
460 * @returns a JSON-serializable representation of this object.
461 */
462 toJSON(): object;
463 /* Excluded from this release type: _getIdTokenResponse */
464 /* Excluded from this release type: _linkToIdToken */
465 /* Excluded from this release type: _getReauthenticationResolver */
466}
467
468/**
469 * Interface for an `Auth` error.
470 *
471 * @public
472 */
473export declare interface AuthError extends FirebaseError {
474 /** Details about the Firebase Auth error. */
475 readonly customData: {
476 /** The name of the Firebase App which triggered this error. */
477 readonly appName: string;
478 /** The email address of the user's account, used for sign-in and linking. */
479 readonly email?: string;
480 /** The phone number of the user's account, used for sign-in and linking. */
481 readonly phoneNumber?: string;
482 /**
483 * The tenant ID being used for sign-in and linking.
484 *
485 * @remarks
486 * If you use {@link signInWithRedirect} to sign in,
487 * you have to set the tenant ID on the {@link Auth} instance again as the tenant ID is not persisted
488 * after redirection.
489 */
490 readonly tenantId?: string;
491 };
492}
493
494/* Excluded from this release type: AuthErrorCode */
495
496/**
497 * A map of potential `Auth` error codes, for easier comparison with errors
498 * thrown by the SDK.
499 *
500 * @remarks
501 * Note that you can't tree-shake individual keys
502 * in the map, so by using the map you might substantially increase your
503 * bundle size.
504 *
505 * @public
506 */
507export declare const AuthErrorCodes: {
508 readonly ADMIN_ONLY_OPERATION: "auth/admin-restricted-operation";
509 readonly ARGUMENT_ERROR: "auth/argument-error";
510 readonly APP_NOT_AUTHORIZED: "auth/app-not-authorized";
511 readonly APP_NOT_INSTALLED: "auth/app-not-installed";
512 readonly CAPTCHA_CHECK_FAILED: "auth/captcha-check-failed";
513 readonly CODE_EXPIRED: "auth/code-expired";
514 readonly CORDOVA_NOT_READY: "auth/cordova-not-ready";
515 readonly CORS_UNSUPPORTED: "auth/cors-unsupported";
516 readonly CREDENTIAL_ALREADY_IN_USE: "auth/credential-already-in-use";
517 readonly CREDENTIAL_MISMATCH: "auth/custom-token-mismatch";
518 readonly CREDENTIAL_TOO_OLD_LOGIN_AGAIN: "auth/requires-recent-login";
519 readonly DEPENDENT_SDK_INIT_BEFORE_AUTH: "auth/dependent-sdk-initialized-before-auth";
520 readonly DYNAMIC_LINK_NOT_ACTIVATED: "auth/dynamic-link-not-activated";
521 readonly EMAIL_CHANGE_NEEDS_VERIFICATION: "auth/email-change-needs-verification";
522 readonly EMAIL_EXISTS: "auth/email-already-in-use";
523 readonly EMULATOR_CONFIG_FAILED: "auth/emulator-config-failed";
524 readonly EXPIRED_OOB_CODE: "auth/expired-action-code";
525 readonly EXPIRED_POPUP_REQUEST: "auth/cancelled-popup-request";
526 readonly INTERNAL_ERROR: "auth/internal-error";
527 readonly INVALID_API_KEY: "auth/invalid-api-key";
528 readonly INVALID_APP_CREDENTIAL: "auth/invalid-app-credential";
529 readonly INVALID_APP_ID: "auth/invalid-app-id";
530 readonly INVALID_AUTH: "auth/invalid-user-token";
531 readonly INVALID_AUTH_EVENT: "auth/invalid-auth-event";
532 readonly INVALID_CERT_HASH: "auth/invalid-cert-hash";
533 readonly INVALID_CODE: "auth/invalid-verification-code";
534 readonly INVALID_CONTINUE_URI: "auth/invalid-continue-uri";
535 readonly INVALID_CORDOVA_CONFIGURATION: "auth/invalid-cordova-configuration";
536 readonly INVALID_CUSTOM_TOKEN: "auth/invalid-custom-token";
537 readonly INVALID_DYNAMIC_LINK_DOMAIN: "auth/invalid-dynamic-link-domain";
538 readonly INVALID_EMAIL: "auth/invalid-email";
539 readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
540 readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
541 readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential";
542 readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
543 readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
544 readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
545 readonly INVALID_OAUTH_PROVIDER: "auth/invalid-oauth-provider";
546 readonly INVALID_OOB_CODE: "auth/invalid-action-code";
547 readonly INVALID_ORIGIN: "auth/unauthorized-domain";
548 readonly INVALID_PASSWORD: "auth/wrong-password";
549 readonly INVALID_PERSISTENCE: "auth/invalid-persistence-type";
550 readonly INVALID_PHONE_NUMBER: "auth/invalid-phone-number";
551 readonly INVALID_PROVIDER_ID: "auth/invalid-provider-id";
552 readonly INVALID_RECIPIENT_EMAIL: "auth/invalid-recipient-email";
553 readonly INVALID_SENDER: "auth/invalid-sender";
554 readonly INVALID_SESSION_INFO: "auth/invalid-verification-id";
555 readonly INVALID_TENANT_ID: "auth/invalid-tenant-id";
556 readonly MFA_INFO_NOT_FOUND: "auth/multi-factor-info-not-found";
557 readonly MFA_REQUIRED: "auth/multi-factor-auth-required";
558 readonly MISSING_ANDROID_PACKAGE_NAME: "auth/missing-android-pkg-name";
559 readonly MISSING_APP_CREDENTIAL: "auth/missing-app-credential";
560 readonly MISSING_AUTH_DOMAIN: "auth/auth-domain-config-required";
561 readonly MISSING_CODE: "auth/missing-verification-code";
562 readonly MISSING_CONTINUE_URI: "auth/missing-continue-uri";
563 readonly MISSING_IFRAME_START: "auth/missing-iframe-start";
564 readonly MISSING_IOS_BUNDLE_ID: "auth/missing-ios-bundle-id";
565 readonly MISSING_OR_INVALID_NONCE: "auth/missing-or-invalid-nonce";
566 readonly MISSING_MFA_INFO: "auth/missing-multi-factor-info";
567 readonly MISSING_MFA_SESSION: "auth/missing-multi-factor-session";
568 readonly MISSING_PHONE_NUMBER: "auth/missing-phone-number";
569 readonly MISSING_SESSION_INFO: "auth/missing-verification-id";
570 readonly MODULE_DESTROYED: "auth/app-deleted";
571 readonly NEED_CONFIRMATION: "auth/account-exists-with-different-credential";
572 readonly NETWORK_REQUEST_FAILED: "auth/network-request-failed";
573 readonly NULL_USER: "auth/null-user";
574 readonly NO_AUTH_EVENT: "auth/no-auth-event";
575 readonly NO_SUCH_PROVIDER: "auth/no-such-provider";
576 readonly OPERATION_NOT_ALLOWED: "auth/operation-not-allowed";
577 readonly OPERATION_NOT_SUPPORTED: "auth/operation-not-supported-in-this-environment";
578 readonly POPUP_BLOCKED: "auth/popup-blocked";
579 readonly POPUP_CLOSED_BY_USER: "auth/popup-closed-by-user";
580 readonly PROVIDER_ALREADY_LINKED: "auth/provider-already-linked";
581 readonly QUOTA_EXCEEDED: "auth/quota-exceeded";
582 readonly REDIRECT_CANCELLED_BY_USER: "auth/redirect-cancelled-by-user";
583 readonly REDIRECT_OPERATION_PENDING: "auth/redirect-operation-pending";
584 readonly REJECTED_CREDENTIAL: "auth/rejected-credential";
585 readonly SECOND_FACTOR_ALREADY_ENROLLED: "auth/second-factor-already-in-use";
586 readonly SECOND_FACTOR_LIMIT_EXCEEDED: "auth/maximum-second-factor-count-exceeded";
587 readonly TENANT_ID_MISMATCH: "auth/tenant-id-mismatch";
588 readonly TIMEOUT: "auth/timeout";
589 readonly TOKEN_EXPIRED: "auth/user-token-expired";
590 readonly TOO_MANY_ATTEMPTS_TRY_LATER: "auth/too-many-requests";
591 readonly UNAUTHORIZED_DOMAIN: "auth/unauthorized-continue-uri";
592 readonly UNSUPPORTED_FIRST_FACTOR: "auth/unsupported-first-factor";
593 readonly UNSUPPORTED_PERSISTENCE: "auth/unsupported-persistence-type";
594 readonly UNSUPPORTED_TENANT_OPERATION: "auth/unsupported-tenant-operation";
595 readonly UNVERIFIED_EMAIL: "auth/unverified-email";
596 readonly USER_CANCELLED: "auth/user-cancelled";
597 readonly USER_DELETED: "auth/user-not-found";
598 readonly USER_DISABLED: "auth/user-disabled";
599 readonly USER_MISMATCH: "auth/user-mismatch";
600 readonly USER_SIGNED_OUT: "auth/user-signed-out";
601 readonly WEAK_PASSWORD: "auth/weak-password";
602 readonly WEB_STORAGE_UNSUPPORTED: "auth/web-storage-unsupported";
603 readonly ALREADY_INITIALIZED: "auth/already-initialized";
604 readonly RECAPTCHA_NOT_ENABLED: "auth/recaptcha-not-enabled";
605 readonly MISSING_RECAPTCHA_TOKEN: "auth/missing-recaptcha-token";
606 readonly INVALID_RECAPTCHA_TOKEN: "auth/invalid-recaptcha-token";
607 readonly INVALID_RECAPTCHA_ACTION: "auth/invalid-recaptcha-action";
608 readonly MISSING_CLIENT_TYPE: "auth/missing-client-type";
609 readonly MISSING_RECAPTCHA_VERSION: "auth/missing-recaptcha-version";
610 readonly INVALID_RECAPTCHA_VERSION: "auth/invalid-recaptcha-version";
611 readonly INVALID_REQ_TYPE: "auth/invalid-req-type";
612};
613
614/**
615 * A mapping of error codes to error messages.
616 *
617 * @remarks
618 *
619 * While error messages are useful for debugging (providing verbose textual
620 * context around what went wrong), these strings take up a lot of space in the
621 * compiled code. When deploying code in production, using {@link prodErrorMap}
622 * will save you roughly 10k compressed/gzipped over {@link debugErrorMap}. You
623 * can select the error map during initialization:
624 *
625 * ```javascript
626 * initializeAuth(app, {errorMap: debugErrorMap})
627 * ```
628 *
629 * When initializing Auth, {@link prodErrorMap} is default.
630 *
631 * @public
632 */
633export declare interface AuthErrorMap {
634}
635
636/* Excluded from this release type: AuthErrorParams */
637
638/* Excluded from this release type: AuthEvent */
639
640/* Excluded from this release type: AuthEventConsumer */
641
642declare interface AuthEventError extends Error {
643 code: string;
644 message: string;
645}
646
647/* Excluded from this release type: AuthEventType */
648
649/* Excluded from this release type: AuthInternal */
650
651declare class AuthPopup {
652 readonly window: Window | null;
653 associatedEvent: string | null;
654 constructor(window: Window | null);
655 close(): void;
656}
657
658/**
659 * Interface that represents an auth provider, used to facilitate creating {@link AuthCredential}.
660 *
661 * @public
662 */
663export declare interface AuthProvider {
664 /**
665 * Provider for which credentials can be constructed.
666 */
667 readonly providerId: string;
668}
669
670/**
671 * Interface representing an {@link Auth} instance's settings.
672 *
673 * @remarks Currently used for enabling/disabling app verification for phone Auth testing.
674 *
675 * @public
676 */
677export declare interface AuthSettings {
678 /**
679 * When set, this property disables app verification for the purpose of testing phone
680 * authentication. For this property to take effect, it needs to be set before rendering a
681 * reCAPTCHA app verifier. When this is disabled, a mock reCAPTCHA is rendered instead. This is
682 * useful for manual testing during development or for automated integration tests.
683 *
684 * In order to use this feature, you will need to
685 * {@link https://firebase.google.com/docs/auth/web/phone-auth#test-with-whitelisted-phone-numbers | whitelist your phone number}
686 * via the Firebase Console.
687 *
688 * The default value is false (app verification is enabled).
689 */
690 appVerificationDisabledForTesting: boolean;
691}
692
693/**
694 * MFA Info as returned by the API.
695 */
696declare interface BaseMfaEnrollment {
697 mfaEnrollmentId: string;
698 enrolledAt: number;
699 displayName?: string;
700}
701
702/**
703 * Common code to all OAuth providers. This is separate from the
704 * {@link OAuthProvider} so that child providers (like
705 * {@link GoogleAuthProvider}) don't inherit the `credential` instance method.
706 * Instead, they rely on a static `credential` method.
707 */
708declare abstract class BaseOAuthProvider extends FederatedAuthProvider implements AuthProvider {
709 /* Excluded from this release type: scopes */
710 /**
711 * Add an OAuth scope to the credential.
712 *
713 * @param scope - Provider OAuth scope to add.
714 */
715 addScope(scope: string): AuthProvider;
716 /**
717 * Retrieve the current list of OAuth scopes.
718 */
719 getScopes(): string[];
720}
721
722/**
723 * Adds a blocking callback that runs before an auth state change
724 * sets a new user.
725 *
726 * @param auth - The {@link Auth} instance.
727 * @param callback - callback triggered before new user value is set.
728 * If this throws, it blocks the user from being set.
729 * @param onAbort - callback triggered if a later `beforeAuthStateChanged()`
730 * callback throws, allowing you to undo any side effects.
731 */
732export declare function beforeAuthStateChanged(auth: Auth, callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
733
734/**
735 * An implementation of {@link Persistence} of type `LOCAL` using `localStorage`
736 * for the underlying storage.
737 *
738 * @public
739 */
740export declare const browserLocalPersistence: Persistence;
741
742/**
743 * An implementation of {@link PopupRedirectResolver} suitable for browser
744 * based applications.
745 *
746 * @remarks
747 * This method does not work in a Node.js environment.
748 *
749 * @public
750 */
751export declare const browserPopupRedirectResolver: PopupRedirectResolver;
752
753/**
754 * An implementation of {@link Persistence} of `SESSION` using `sessionStorage`
755 * for the underlying storage.
756 *
757 * @public
758 */
759export declare const browserSessionPersistence: Persistence;
760
761/**
762 * Checks a verification code sent to the user by email or other out-of-band mechanism.
763 *
764 * @returns metadata about the code.
765 *
766 * @param auth - The {@link Auth} instance.
767 * @param oobCode - A verification code sent to the user.
768 *
769 * @public
770 */
771export declare function checkActionCode(auth: Auth, oobCode: string): Promise<ActionCodeInfo>;
772
773/* Excluded from this release type: ClientPlatform */
774export { CompleteFn }
775
776/**
777 * Interface representing the `Auth` config.
778 *
779 * @public
780 */
781export declare interface Config {
782 /**
783 * The API Key used to communicate with the Firebase Auth backend.
784 */
785 apiKey: string;
786 /**
787 * The host at which the Firebase Auth backend is running.
788 */
789 apiHost: string;
790 /**
791 * The scheme used to communicate with the Firebase Auth backend.
792 */
793 apiScheme: string;
794 /**
795 * The host at which the Secure Token API is running.
796 */
797 tokenApiHost: string;
798 /**
799 * The SDK Client Version.
800 */
801 sdkClientVersion: string;
802 /**
803 * The domain at which the web widgets are hosted (provided via Firebase Config).
804 */
805 authDomain?: string;
806}
807
808/* Excluded from this release type: ConfigInternal */
809
810/**
811 * A result from a phone number sign-in, link, or reauthenticate call.
812 *
813 * @public
814 */
815export declare interface ConfirmationResult {
816 /**
817 * The phone number authentication operation's verification ID.
818 *
819 * @remarks
820 * This can be used along with the verification code to initialize a
821 * {@link PhoneAuthCredential}.
822 */
823 readonly verificationId: string;
824 /**
825 * Finishes a phone number sign-in, link, or reauthentication.
826 *
827 * @example
828 * ```javascript
829 * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier);
830 * // Obtain verificationCode from the user.
831 * const userCredential = await confirmationResult.confirm(verificationCode);
832 * ```
833 *
834 * @param verificationCode - The code that was sent to the user's mobile device.
835 */
836 confirm(verificationCode: string): Promise<UserCredential>;
837}
838
839/**
840 * Completes the password reset process, given a confirmation code and new password.
841 *
842 * @param auth - The {@link Auth} instance.
843 * @param oobCode - A confirmation code sent to the user.
844 * @param newPassword - The new password.
845 *
846 * @public
847 */
848export declare function confirmPasswordReset(auth: Auth, oobCode: string, newPassword: string): Promise<void>;
849
850/**
851 * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
852 * Firebase Auth services.
853 *
854 * @remarks
855 * This must be called synchronously immediately following the first call to
856 * {@link initializeAuth}. Do not use with production credentials as emulator
857 * traffic is not encrypted.
858 *
859 *
860 * @example
861 * ```javascript
862 * connectAuthEmulator(auth, 'http://127.0.0.1:9099', { disableWarnings: true });
863 * ```
864 *
865 * @param auth - The {@link Auth} instance.
866 * @param url - The URL at which the emulator is running (eg, 'http://localhost:9099').
867 * @param options - Optional. `options.disableWarnings` defaults to `false`. Set it to
868 * `true` to disable the warning banner attached to the DOM.
869 *
870 * @public
871 */
872export declare function connectAuthEmulator(auth: Auth, url: string, options?: {
873 disableWarnings: boolean;
874}): void;
875
876/**
877 * Creates a new user account associated with the specified email address and password.
878 *
879 * @remarks
880 * On successful creation of the user account, this user will also be signed in to your application.
881 *
882 * User account creation can fail if the account already exists or the password is invalid.
883 *
884 * This method is not supported on {@link Auth} instances created with a
885 * {@link @firebase/app#FirebaseServerApp}.
886 *
887 * Note: The email address acts as a unique identifier for the user and enables an email-based
888 * password reset. This function will create a new user account and set the initial user password.
889 *
890 * @param auth - The {@link Auth} instance.
891 * @param email - The user's email address.
892 * @param password - The user's chosen password.
893 *
894 * @public
895 */
896export declare function createUserWithEmailAndPassword(auth: Auth, email: string, password: string): Promise<UserCredential>;
897
898/**
899 * Map of OAuth Custom Parameters.
900 *
901 * @public
902 */
903export declare type CustomParameters = Record<string, string>;
904
905/**
906 * A verbose error map with detailed descriptions for most error codes.
907 *
908 * See discussion at {@link AuthErrorMap}
909 *
910 * @public
911 */
912export declare const debugErrorMap: AuthErrorMap;
913
914/**
915 * Deletes and signs out the user.
916 *
917 * @remarks
918 * Important: this is a security-sensitive operation that requires the user to have recently
919 * signed in. If this requirement isn't met, ask the user to authenticate again and then call
920 * {@link reauthenticateWithCredential}.
921 *
922 * @param user - The user.
923 *
924 * @public
925 */
926export declare function deleteUser(user: User): Promise<void>;
927
928/**
929 * The dependencies that can be used to initialize an {@link Auth} instance.
930 *
931 * @remarks
932 *
933 * The modular SDK enables tree shaking by allowing explicit declarations of
934 * dependencies. For example, a web app does not need to include code that
935 * enables Cordova redirect sign in. That functionality is therefore split into
936 * {@link browserPopupRedirectResolver} and
937 * {@link cordovaPopupRedirectResolver}. The dependencies object is how Auth is
938 * configured to reduce bundle sizes.
939 *
940 * There are two ways to initialize an {@link Auth} instance: {@link getAuth} and
941 * {@link initializeAuth}. `getAuth` initializes everything using
942 * platform-specific configurations, while `initializeAuth` takes a
943 * `Dependencies` object directly, giving you more control over what is used.
944 *
945 * @public
946 */
947export declare interface Dependencies {
948 /**
949 * Which {@link Persistence} to use. If this is an array, the first
950 * `Persistence` that the device supports is used. The SDK searches for an
951 * existing account in order and, if one is found in a secondary
952 * `Persistence`, the account is moved to the primary `Persistence`.
953 *
954 * If no persistence is provided, the SDK falls back on
955 * {@link inMemoryPersistence}.
956 */
957 persistence?: Persistence | Persistence[];
958 /**
959 * The {@link PopupRedirectResolver} to use. This value depends on the
960 * platform. Options are {@link browserPopupRedirectResolver} and
961 * {@link cordovaPopupRedirectResolver}. This field is optional if neither
962 * {@link signInWithPopup} or {@link signInWithRedirect} are being used.
963 */
964 popupRedirectResolver?: PopupRedirectResolver;
965 /**
966 * Which {@link AuthErrorMap} to use.
967 */
968 errorMap?: AuthErrorMap;
969}
970
971/**
972 * Interface that represents the credentials returned by {@link EmailAuthProvider} for
973 * {@link ProviderId}.PASSWORD
974 *
975 * @remarks
976 * Covers both {@link SignInMethod}.EMAIL_PASSWORD and
977 * {@link SignInMethod}.EMAIL_LINK.
978 *
979 * @public
980 */
981export declare class EmailAuthCredential extends AuthCredential {
982 /* Excluded from this release type: _email */
983 /* Excluded from this release type: _password */
984 /* Excluded from this release type: _tenantId */
985 /* Excluded from this release type: __constructor */
986 /* Excluded from this release type: _fromEmailAndPassword */
987 /* Excluded from this release type: _fromEmailAndCode */
988 /** {@inheritdoc AuthCredential.toJSON} */
989 toJSON(): object;
990 /**
991 * Static method to deserialize a JSON representation of an object into an {@link AuthCredential}.
992 *
993 * @param json - Either `object` or the stringified representation of the object. When string is
994 * provided, `JSON.parse` would be called first.
995 *
996 * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
997 */
998 static fromJSON(json: object | string): EmailAuthCredential | null;
999 /* Excluded from this release type: _getIdTokenResponse */
1000 /* Excluded from this release type: _linkToIdToken */
1001 /* Excluded from this release type: _getReauthenticationResolver */
1002}
1003
1004/**
1005 * Provider for generating {@link EmailAuthCredential}.
1006 *
1007 * @public
1008 */
1009export declare class EmailAuthProvider implements AuthProvider {
1010 /**
1011 * Always set to {@link ProviderId}.PASSWORD, even for email link.
1012 */
1013 static readonly PROVIDER_ID: 'password';
1014 /**
1015 * Always set to {@link SignInMethod}.EMAIL_PASSWORD.
1016 */
1017 static readonly EMAIL_PASSWORD_SIGN_IN_METHOD: 'password';
1018 /**
1019 * Always set to {@link SignInMethod}.EMAIL_LINK.
1020 */
1021 static readonly EMAIL_LINK_SIGN_IN_METHOD: 'emailLink';
1022 /**
1023 * Always set to {@link ProviderId}.PASSWORD, even for email link.
1024 */
1025 readonly providerId: "password";
1026 /**
1027 * Initialize an {@link AuthCredential} using an email and password.
1028 *
1029 * @example
1030 * ```javascript
1031 * const authCredential = EmailAuthProvider.credential(email, password);
1032 * const userCredential = await signInWithCredential(auth, authCredential);
1033 * ```
1034 *
1035 * @example
1036 * ```javascript
1037 * const userCredential = await signInWithEmailAndPassword(auth, email, password);
1038 * ```
1039 *
1040 * @param email - Email address.
1041 * @param password - User account password.
1042 * @returns The auth provider credential.
1043 */
1044 static credential(email: string, password: string): EmailAuthCredential;
1045 /**
1046 * Initialize an {@link AuthCredential} using an email and an email link after a sign in with
1047 * email link operation.
1048 *
1049 * @example
1050 * ```javascript
1051 * const authCredential = EmailAuthProvider.credentialWithLink(auth, email, emailLink);
1052 * const userCredential = await signInWithCredential(auth, authCredential);
1053 * ```
1054 *
1055 * @example
1056 * ```javascript
1057 * await sendSignInLinkToEmail(auth, email);
1058 * // Obtain emailLink from user.
1059 * const userCredential = await signInWithEmailLink(auth, email, emailLink);
1060 * ```
1061 *
1062 * @param auth - The {@link Auth} instance used to verify the link.
1063 * @param email - Email address.
1064 * @param emailLink - Sign-in email link.
1065 * @returns - The auth provider credential.
1066 */
1067 static credentialWithLink(email: string, emailLink: string): EmailAuthCredential;
1068}
1069
1070/**
1071 * Configuration of Firebase Authentication Emulator.
1072 * @public
1073 */
1074export declare interface EmulatorConfig {
1075 /**
1076 * The protocol used to communicate with the emulator ("http"/"https").
1077 */
1078 readonly protocol: string;
1079 /**
1080 * The hostname of the emulator, which may be a domain ("localhost"), IPv4 address ("127.0.0.1")
1081 * or quoted IPv6 address ("[::1]").
1082 */
1083 readonly host: string;
1084 /**
1085 * The port of the emulator, or null if port isn't specified (i.e. protocol default).
1086 */
1087 readonly port: number | null;
1088 /**
1089 * The emulator-specific options.
1090 */
1091 readonly options: {
1092 /**
1093 * Whether the warning banner attached to the DOM was disabled.
1094 */
1095 readonly disableWarnings: boolean;
1096 };
1097}
1098
1099declare const enum EnforcementState {
1100 ENFORCE = "ENFORCE",
1101 AUDIT = "AUDIT",
1102 OFF = "OFF",
1103 ENFORCEMENT_STATE_UNSPECIFIED = "ENFORCEMENT_STATE_UNSPECIFIED"
1104}
1105export { ErrorFn }
1106
1107/* Excluded from this release type: EventManager */
1108
1109/**
1110 * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.FACEBOOK.
1111 *
1112 * @example
1113 * ```javascript
1114 * // Sign in using a redirect.
1115 * const provider = new FacebookAuthProvider();
1116 * // Start a sign in process for an unauthenticated user.
1117 * provider.addScope('user_birthday');
1118 * await signInWithRedirect(auth, provider);
1119 * // This will trigger a full page redirect away from your app
1120 *
1121 * // After returning from the redirect when your app initializes you can obtain the result
1122 * const result = await getRedirectResult(auth);
1123 * if (result) {
1124 * // This is the signed-in user
1125 * const user = result.user;
1126 * // This gives you a Facebook Access Token.
1127 * const credential = FacebookAuthProvider.credentialFromResult(result);
1128 * const token = credential.accessToken;
1129 * }
1130 * ```
1131 *
1132 * @example
1133 * ```javascript
1134 * // Sign in using a popup.
1135 * const provider = new FacebookAuthProvider();
1136 * provider.addScope('user_birthday');
1137 * const result = await signInWithPopup(auth, provider);
1138 *
1139 * // The signed-in user info.
1140 * const user = result.user;
1141 * // This gives you a Facebook Access Token.
1142 * const credential = FacebookAuthProvider.credentialFromResult(result);
1143 * const token = credential.accessToken;
1144 * ```
1145 *
1146 * @public
1147 */
1148export declare class FacebookAuthProvider extends BaseOAuthProvider {
1149 /** Always set to {@link SignInMethod}.FACEBOOK. */
1150 static readonly FACEBOOK_SIGN_IN_METHOD: 'facebook.com';
1151 /** Always set to {@link ProviderId}.FACEBOOK. */
1152 static readonly PROVIDER_ID: 'facebook.com';
1153 constructor();
1154 /**
1155 * Creates a credential for Facebook.
1156 *
1157 * @example
1158 * ```javascript
1159 * // `event` from the Facebook auth.authResponseChange callback.
1160 * const credential = FacebookAuthProvider.credential(event.authResponse.accessToken);
1161 * const result = await signInWithCredential(credential);
1162 * ```
1163 *
1164 * @param accessToken - Facebook access token.
1165 */
1166 static credential(accessToken: string): OAuthCredential;
1167 /**
1168 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1169 *
1170 * @param userCredential - The user credential.
1171 */
1172 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1173 /**
1174 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1175 * thrown during a sign-in, link, or reauthenticate operation.
1176 *
1177 * @param userCredential - The user credential.
1178 */
1179 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1180 private static credentialFromTaggedObject;
1181}
1182
1183/**
1184 * An enum of factors that may be used for multifactor authentication.
1185 *
1186 * @public
1187 */
1188export declare const FactorId: {
1189 /** Phone as second factor */
1190 readonly PHONE: "phone";
1191 readonly TOTP: "totp";
1192};
1193
1194/**
1195 * The base class for all Federated providers (OAuth (including OIDC), SAML).
1196 *
1197 * This class is not meant to be instantiated directly.
1198 *
1199 * @public
1200 */
1201declare abstract class FederatedAuthProvider implements AuthProvider {
1202 readonly providerId: string;
1203 /* Excluded from this release type: defaultLanguageCode */
1204 /* Excluded from this release type: customParameters */
1205 /**
1206 * Constructor for generic OAuth providers.
1207 *
1208 * @param providerId - Provider for which credentials should be generated.
1209 */
1210 constructor(providerId: string);
1211 /**
1212 * Set the language gode.
1213 *
1214 * @param languageCode - language code
1215 */
1216 setDefaultLanguage(languageCode: string | null): void;
1217 /**
1218 * Sets the OAuth custom parameters to pass in an OAuth request for popup and redirect sign-in
1219 * operations.
1220 *
1221 * @remarks
1222 * For a detailed list, check the reserved required OAuth 2.0 parameters such as `client_id`,
1223 * `redirect_uri`, `scope`, `response_type`, and `state` are not allowed and will be ignored.
1224 *
1225 * @param customOAuthParameters - The custom OAuth parameters to pass in the OAuth request.
1226 */
1227 setCustomParameters(customOAuthParameters: CustomParameters): AuthProvider;
1228 /**
1229 * Retrieve the current list of {@link CustomParameters}.
1230 */
1231 getCustomParameters(): CustomParameters;
1232}
1233
1234/**
1235 * Gets the list of possible sign in methods for the given email address. This method returns an
1236 * empty list when
1237 * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}
1238 * is enabled, irrespective of the number of authentication methods available for the given email.
1239 *
1240 * @remarks
1241 * This is useful to differentiate methods of sign-in for the same provider, eg.
1242 * {@link EmailAuthProvider} which has 2 methods of sign-in,
1243 * {@link SignInMethod}.EMAIL_PASSWORD and
1244 * {@link SignInMethod}.EMAIL_LINK.
1245 *
1246 * @param auth - The {@link Auth} instance.
1247 * @param email - The user's email address.
1248 *
1249 * Deprecated. Migrating off of this method is recommended as a security best-practice.
1250 * Learn more in the Identity Platform documentation for
1251 * {@link https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection | Email Enumeration Protection}.
1252 * @public
1253 */
1254export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
1255
1256declare interface FinalizeMfaResponse {
1257 idToken: string;
1258 refreshToken: string;
1259}
1260
1261/* Excluded from this release type: GenericAuthErrorParams */
1262
1263/**
1264 * Extracts provider specific {@link AdditionalUserInfo} for the given credential.
1265 *
1266 * @param userCredential - The user credential.
1267 *
1268 * @public
1269 */
1270export declare function getAdditionalUserInfo(userCredential: UserCredential): AdditionalUserInfo | null;
1271
1272/**
1273 * Returns the Auth instance associated with the provided {@link @firebase/app#FirebaseApp}.
1274 * If no instance exists, initializes an Auth instance with platform-specific default dependencies.
1275 *
1276 * @param app - The Firebase App.
1277 *
1278 * @public
1279 */
1280export declare function getAuth(app?: FirebaseApp): Auth;
1281
1282/**
1283 * Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.
1284 *
1285 * @remarks
1286 * Returns the current token if it has not expired or if it will not expire in the next five
1287 * minutes. Otherwise, this will refresh the token and return a new one.
1288 *
1289 * @param user - The user.
1290 * @param forceRefresh - Force refresh regardless of token expiration.
1291 *
1292 * @public
1293 */
1294export declare function getIdToken(user: User, forceRefresh?: boolean): Promise<string>;
1295
1296/**
1297 * Returns a deserialized JSON Web Token (JWT) used to identify the user to a Firebase service.
1298 *
1299 * @remarks
1300 * Returns the current token if it has not expired or if it will not expire in the next five
1301 * minutes. Otherwise, this will refresh the token and return a new one.
1302 *
1303 * @param user - The user.
1304 * @param forceRefresh - Force refresh regardless of token expiration.
1305 *
1306 * @public
1307 */
1308export declare function getIdTokenResult(user: User, forceRefresh?: boolean): Promise<IdTokenResult>;
1309
1310/**
1311 * Provides a {@link MultiFactorResolver} suitable for completion of a
1312 * multi-factor flow.
1313 *
1314 * @param auth - The {@link Auth} instance.
1315 * @param error - The {@link MultiFactorError} raised during a sign-in, or
1316 * reauthentication operation.
1317 *
1318 * @public
1319 */
1320export declare function getMultiFactorResolver(auth: Auth, error: MultiFactorError): MultiFactorResolver;
1321
1322declare interface GetRecaptchaConfigResponse {
1323 recaptchaKey: string;
1324 recaptchaEnforcementState: RecaptchaEnforcementProviderState[];
1325}
1326
1327/**
1328 * Returns a {@link UserCredential} from the redirect-based sign-in flow.
1329 *
1330 * @remarks
1331 * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
1332 * error. If no redirect operation was called, returns `null`.
1333 *
1334 * This method does not work in a Node.js environment or with {@link Auth} instances created with a
1335 * {@link @firebase/app#FirebaseServerApp}.
1336 *
1337 * @example
1338 * ```javascript
1339 * // Sign in using a redirect.
1340 * const provider = new FacebookAuthProvider();
1341 * // You can add additional scopes to the provider:
1342 * provider.addScope('user_birthday');
1343 * // Start a sign in process for an unauthenticated user.
1344 * await signInWithRedirect(auth, provider);
1345 * // This will trigger a full page redirect away from your app
1346 *
1347 * // After returning from the redirect when your app initializes you can obtain the result
1348 * const result = await getRedirectResult(auth);
1349 * if (result) {
1350 * // This is the signed-in user
1351 * const user = result.user;
1352 * // This gives you a Facebook Access Token.
1353 * const credential = provider.credentialFromResult(auth, result);
1354 * const token = credential.accessToken;
1355 * }
1356 * // As this API can be used for sign-in, linking and reauthentication,
1357 * // check the operationType to determine what triggered this redirect
1358 * // operation.
1359 * const operationType = result.operationType;
1360 * ```
1361 *
1362 * @param auth - The {@link Auth} instance.
1363 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1364 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1365 *
1366 * @public
1367 */
1368export declare function getRedirectResult(auth: Auth, resolver?: PopupRedirectResolver): Promise<UserCredential | null>;
1369
1370/**
1371 * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GITHUB.
1372 *
1373 * @remarks
1374 * GitHub requires an OAuth 2.0 redirect, so you can either handle the redirect directly, or use
1375 * the {@link signInWithPopup} handler:
1376 *
1377 * @example
1378 * ```javascript
1379 * // Sign in using a redirect.
1380 * const provider = new GithubAuthProvider();
1381 * // Start a sign in process for an unauthenticated user.
1382 * provider.addScope('repo');
1383 * await signInWithRedirect(auth, provider);
1384 * // This will trigger a full page redirect away from your app
1385 *
1386 * // After returning from the redirect when your app initializes you can obtain the result
1387 * const result = await getRedirectResult(auth);
1388 * if (result) {
1389 * // This is the signed-in user
1390 * const user = result.user;
1391 * // This gives you a GitHub Access Token.
1392 * const credential = GithubAuthProvider.credentialFromResult(result);
1393 * const token = credential.accessToken;
1394 * }
1395 * ```
1396 *
1397 * @example
1398 * ```javascript
1399 * // Sign in using a popup.
1400 * const provider = new GithubAuthProvider();
1401 * provider.addScope('repo');
1402 * const result = await signInWithPopup(auth, provider);
1403 *
1404 * // The signed-in user info.
1405 * const user = result.user;
1406 * // This gives you a GitHub Access Token.
1407 * const credential = GithubAuthProvider.credentialFromResult(result);
1408 * const token = credential.accessToken;
1409 * ```
1410 * @public
1411 */
1412export declare class GithubAuthProvider extends BaseOAuthProvider {
1413 /** Always set to {@link SignInMethod}.GITHUB. */
1414 static readonly GITHUB_SIGN_IN_METHOD: 'github.com';
1415 /** Always set to {@link ProviderId}.GITHUB. */
1416 static readonly PROVIDER_ID: 'github.com';
1417 constructor();
1418 /**
1419 * Creates a credential for GitHub.
1420 *
1421 * @param accessToken - GitHub access token.
1422 */
1423 static credential(accessToken: string): OAuthCredential;
1424 /**
1425 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1426 *
1427 * @param userCredential - The user credential.
1428 */
1429 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1430 /**
1431 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1432 * thrown during a sign-in, link, or reauthenticate operation.
1433 *
1434 * @param userCredential - The user credential.
1435 */
1436 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1437 private static credentialFromTaggedObject;
1438}
1439
1440/**
1441 * Provider for generating an {@link OAuthCredential} for {@link ProviderId}.GOOGLE.
1442 *
1443 * @example
1444 * ```javascript
1445 * // Sign in using a redirect.
1446 * const provider = new GoogleAuthProvider();
1447 * // Start a sign in process for an unauthenticated user.
1448 * provider.addScope('profile');
1449 * provider.addScope('email');
1450 * await signInWithRedirect(auth, provider);
1451 * // This will trigger a full page redirect away from your app
1452 *
1453 * // After returning from the redirect when your app initializes you can obtain the result
1454 * const result = await getRedirectResult(auth);
1455 * if (result) {
1456 * // This is the signed-in user
1457 * const user = result.user;
1458 * // This gives you a Google Access Token.
1459 * const credential = GoogleAuthProvider.credentialFromResult(result);
1460 * const token = credential.accessToken;
1461 * }
1462 * ```
1463 *
1464 * @example
1465 * ```javascript
1466 * // Sign in using a popup.
1467 * const provider = new GoogleAuthProvider();
1468 * provider.addScope('profile');
1469 * provider.addScope('email');
1470 * const result = await signInWithPopup(auth, provider);
1471 *
1472 * // The signed-in user info.
1473 * const user = result.user;
1474 * // This gives you a Google Access Token.
1475 * const credential = GoogleAuthProvider.credentialFromResult(result);
1476 * const token = credential.accessToken;
1477 * ```
1478 *
1479 * @public
1480 */
1481export declare class GoogleAuthProvider extends BaseOAuthProvider {
1482 /** Always set to {@link SignInMethod}.GOOGLE. */
1483 static readonly GOOGLE_SIGN_IN_METHOD: 'google.com';
1484 /** Always set to {@link ProviderId}.GOOGLE. */
1485 static readonly PROVIDER_ID: 'google.com';
1486 constructor();
1487 /**
1488 * Creates a credential for Google. At least one of ID token and access token is required.
1489 *
1490 * @example
1491 * ```javascript
1492 * // \`googleUser\` from the onsuccess Google Sign In callback.
1493 * const credential = GoogleAuthProvider.credential(googleUser.getAuthResponse().id_token);
1494 * const result = await signInWithCredential(credential);
1495 * ```
1496 *
1497 * @param idToken - Google ID token.
1498 * @param accessToken - Google access token.
1499 */
1500 static credential(idToken?: string | null, accessToken?: string | null): OAuthCredential;
1501 /**
1502 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
1503 *
1504 * @param userCredential - The user credential.
1505 */
1506 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
1507 /**
1508 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
1509 * thrown during a sign-in, link, or reauthenticate operation.
1510 *
1511 * @param userCredential - The user credential.
1512 */
1513 static credentialFromError(error: FirebaseError): OAuthCredential | null;
1514 private static credentialFromTaggedObject;
1515}
1516
1517/**
1518 * Raw encoded JWT
1519 *
1520 */
1521declare type IdToken = string;
1522
1523/* Excluded from this release type: IdTokenMfaResponse */
1524
1525/* Excluded from this release type: IdTokenResponse */
1526
1527/* Excluded from this release type: IdTokenResponseKind */
1528
1529/**
1530 * Interface representing ID token result obtained from {@link User.getIdTokenResult}.
1531 *
1532 * @remarks
1533 * `IdTokenResult` contains the ID token JWT string and other helper properties for getting different data
1534 * associated with the token as well as all the decoded payload claims.
1535 *
1536 * Note that these claims are not to be trusted as they are parsed client side. Only server side
1537 * verification can guarantee the integrity of the token claims.
1538 *
1539 * @public
1540 */
1541export declare interface IdTokenResult {
1542 /**
1543 * The authentication time formatted as a UTC string.
1544 *
1545 * @remarks
1546 * This is the time the user authenticated (signed in) and not the time the token was refreshed.
1547 */
1548 authTime: string;
1549 /** The ID token expiration time formatted as a UTC string. */
1550 expirationTime: string;
1551 /** The ID token issuance time formatted as a UTC string. */
1552 issuedAtTime: string;
1553 /**
1554 * The sign-in provider through which the ID token was obtained (anonymous, custom, phone,
1555 * password, etc).
1556 *
1557 * @remarks
1558 * Note, this does not map to provider IDs.
1559 */
1560 signInProvider: string | null;
1561 /**
1562 * The type of second factor associated with this session, provided the user was multi-factor
1563 * authenticated (eg. phone, etc).
1564 */
1565 signInSecondFactor: string | null;
1566 /** The Firebase Auth ID token JWT string. */
1567 token: string;
1568 /**
1569 * The entire payload claims of the ID token including the standard reserved claims as well as
1570 * the custom claims.
1571 */
1572 claims: ParsedToken;
1573}
1574
1575/**
1576 * An implementation of {@link Persistence} of type `LOCAL` using `indexedDB`
1577 * for the underlying storage.
1578 *
1579 * @public
1580 */
1581export declare const indexedDBLocalPersistence: Persistence;
1582
1583/**
1584 * Initializes an {@link Auth} instance with fine-grained control over
1585 * {@link Dependencies}.
1586 *
1587 * @remarks
1588 *
1589 * This function allows more control over the {@link Auth} instance than
1590 * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
1591 * the {@link Dependencies}. In general, `getAuth` is the easiest way to
1592 * initialize Auth and works for most use cases. Use `initializeAuth` if you
1593 * need control over which persistence layer is used, or to minimize bundle
1594 * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
1595 *
1596 * For example, if your app only uses anonymous accounts and you only want
1597 * accounts saved for the current session, initialize `Auth` with:
1598 *
1599 * ```js
1600 * const auth = initializeAuth(app, {
1601 * persistence: browserSessionPersistence,
1602 * popupRedirectResolver: undefined,
1603 * });
1604 * ```
1605 *
1606 * @public
1607 */
1608export declare function initializeAuth(app: FirebaseApp, deps?: Dependencies): Auth;
1609
1610/**
1611 * Loads the reCAPTCHA configuration into the `Auth` instance.
1612 *
1613 * @remarks
1614 * This will load the reCAPTCHA config, which indicates whether the reCAPTCHA
1615 * verification flow should be triggered for each auth provider, into the
1616 * current Auth session.
1617 *
1618 * If initializeRecaptchaConfig() is not invoked, the auth flow will always start
1619 * without reCAPTCHA verification. If the provider is configured to require reCAPTCHA
1620 * verification, the SDK will transparently load the reCAPTCHA config and restart the
1621 * auth flows.
1622 *
1623 * Thus, by calling this optional method, you will reduce the latency of future auth flows.
1624 * Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.
1625 *
1626 * This method does not work in a Node.js environment.
1627 *
1628 * @example
1629 * ```javascript
1630 * initializeRecaptchaConfig(auth);
1631 * ```
1632 *
1633 * @param auth - The {@link Auth} instance.
1634 *
1635 * @public
1636 */
1637export declare function initializeRecaptchaConfig(auth: Auth): Promise<void>;
1638
1639/**
1640 * An implementation of {@link Persistence} of type 'NONE'.
1641 *
1642 * @public
1643 */
1644export declare const inMemoryPersistence: Persistence;
1645
1646/**
1647 * Checks if an incoming link is a sign-in with email link suitable for {@link signInWithEmailLink}.
1648 *
1649 * @param auth - The {@link Auth} instance.
1650 * @param emailLink - The link sent to the user's email address.
1651 *
1652 * @public
1653 */
1654export declare function isSignInWithEmailLink(auth: Auth, emailLink: string): boolean;
1655
1656/**
1657 * Links the user account with the given credentials.
1658 *
1659 * @remarks
1660 * An {@link AuthProvider} can be used to generate the credential.
1661 *
1662 * @param user - The user.
1663 * @param credential - The auth credential.
1664 *
1665 * @public
1666 */
1667export declare function linkWithCredential(user: User, credential: AuthCredential): Promise<UserCredential>;
1668
1669/**
1670 * Links the user account with the given phone number.
1671 *
1672 * @remarks
1673 * This method does not work in a Node.js environment.
1674 *
1675 * @param user - The user.
1676 * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
1677 * @param appVerifier - The {@link ApplicationVerifier}.
1678 *
1679 * @public
1680 */
1681export declare function linkWithPhoneNumber(user: User, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
1682
1683/**
1684 * Links the authenticated provider to the user account using a pop-up based OAuth flow.
1685 *
1686 * @remarks
1687 * If the linking is successful, the returned result will contain the user and the provider's credential.
1688 *
1689 * This method does not work in a Node.js environment.
1690 *
1691 * @example
1692 * ```javascript
1693 * // Sign in using some other provider.
1694 * const result = await signInWithEmailAndPassword(auth, email, password);
1695 * // Link using a popup.
1696 * const provider = new FacebookAuthProvider();
1697 * await linkWithPopup(result.user, provider);
1698 * ```
1699 *
1700 * @param user - The user.
1701 * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
1702 * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
1703 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1704 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1705 *
1706 * @public
1707 */
1708export declare function linkWithPopup(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<UserCredential>;
1709
1710/**
1711 * Links the {@link OAuthProvider} to the user account using a full-page redirect flow.
1712 * @remarks
1713 * To handle the results and errors for this operation, refer to {@link getRedirectResult}.
1714 * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
1715 * | best practices} when using {@link linkWithRedirect}.
1716 *
1717 * This method does not work in a Node.js environment or with {@link Auth} instances
1718 * created with a {@link @firebase/app#FirebaseServerApp}.
1719 *
1720 * @example
1721 * ```javascript
1722 * // Sign in using some other provider.
1723 * const result = await signInWithEmailAndPassword(auth, email, password);
1724 * // Link using a redirect.
1725 * const provider = new FacebookAuthProvider();
1726 * await linkWithRedirect(result.user, provider);
1727 * // This will trigger a full page redirect away from your app
1728 *
1729 * // After returning from the redirect when your app initializes you can obtain the result
1730 * const result = await getRedirectResult(auth);
1731 * ```
1732 *
1733 * @param user - The user.
1734 * @param provider - The provider to authenticate. The provider has to be an {@link OAuthProvider}.
1735 * Non-OAuth providers like {@link EmailAuthProvider} will throw an error.
1736 * @param resolver - An instance of {@link PopupRedirectResolver}, optional
1737 * if already supplied to {@link initializeAuth} or provided by {@link getAuth}.
1738 *
1739 * @public
1740 */
1741export declare function linkWithRedirect(user: User, provider: AuthProvider, resolver?: PopupRedirectResolver): Promise<never>;
1742
1743/**
1744 * MfaEnrollment can be any subtype of BaseMfaEnrollment, currently only PhoneMfaEnrollment and TotpMfaEnrollment are supported.
1745 */
1746declare type MfaEnrollment = PhoneMfaEnrollment | TotpMfaEnrollment;
1747
1748/**
1749 * The {@link MultiFactorUser} corresponding to the user.
1750 *
1751 * @remarks
1752 * This is used to access all multi-factor properties and operations related to the user.
1753 *
1754 * @param user - The user.
1755 *
1756 * @public
1757 */
1758export declare function multiFactor(user: User): MultiFactorUser;
1759
1760/**
1761 * The base class for asserting ownership of a second factor.
1762 *
1763 * @remarks
1764 * This is used to facilitate enrollment of a second factor on an existing user or sign-in of a
1765 * user who already verified the first factor.
1766 *
1767 * @public
1768 */
1769export declare interface MultiFactorAssertion {
1770 /** The identifier of the second factor. */
1771 readonly factorId: (typeof FactorId)[keyof typeof FactorId];
1772}
1773
1774/**
1775 * The error thrown when the user needs to provide a second factor to sign in successfully.
1776 *
1777 * @remarks
1778 * The error code for this error is `auth/multi-factor-auth-required`.
1779 *
1780 * @example
1781 * ```javascript
1782 * let resolver;
1783 * let multiFactorHints;
1784 *
1785 * signInWithEmailAndPassword(auth, email, password)
1786 * .then((result) => {
1787 * // User signed in. No 2nd factor challenge is needed.
1788 * })
1789 * .catch((error) => {
1790 * if (error.code == 'auth/multi-factor-auth-required') {
1791 * resolver = getMultiFactorResolver(auth, error);
1792 * multiFactorHints = resolver.hints;
1793 * } else {
1794 * // Handle other errors.
1795 * }
1796 * });
1797 *
1798 * // Obtain a multiFactorAssertion by verifying the second factor.
1799 *
1800 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
1801 * ```
1802 *
1803 * @public
1804 */
1805export declare interface MultiFactorError extends AuthError {
1806 /** Details about the MultiFactorError. */
1807 readonly customData: AuthError['customData'] & {
1808 /**
1809 * The type of operation (sign-in, linking, or re-authentication) that raised the error.
1810 */
1811 readonly operationType: (typeof OperationType)[keyof typeof OperationType];
1812 };
1813}
1814
1815/**
1816 * A structure containing the information of a second factor entity.
1817 *
1818 * @public
1819 */
1820export declare interface MultiFactorInfo {
1821 /** The multi-factor enrollment ID. */
1822 readonly uid: string;
1823 /** The user friendly name of the current second factor. */
1824 readonly displayName?: string | null;
1825 /** The enrollment date of the second factor formatted as a UTC string. */
1826 readonly enrollmentTime: string;
1827 /** The identifier of the second factor. */
1828 readonly factorId: (typeof FactorId)[keyof typeof FactorId];
1829}
1830
1831/**
1832 * The class used to facilitate recovery from {@link MultiFactorError} when a user needs to
1833 * provide a second factor to sign in.
1834 *
1835 * @example
1836 * ```javascript
1837 * let resolver;
1838 * let multiFactorHints;
1839 *
1840 * signInWithEmailAndPassword(auth, email, password)
1841 * .then((result) => {
1842 * // User signed in. No 2nd factor challenge is needed.
1843 * })
1844 * .catch((error) => {
1845 * if (error.code == 'auth/multi-factor-auth-required') {
1846 * resolver = getMultiFactorResolver(auth, error);
1847 * // Show UI to let user select second factor.
1848 * multiFactorHints = resolver.hints;
1849 * } else {
1850 * // Handle other errors.
1851 * }
1852 * });
1853 *
1854 * // The enrolled second factors that can be used to complete
1855 * // sign-in are returned in the `MultiFactorResolver.hints` list.
1856 * // UI needs to be presented to allow the user to select a second factor
1857 * // from that list.
1858 *
1859 * const selectedHint = // ; selected from multiFactorHints
1860 * const phoneAuthProvider = new PhoneAuthProvider(auth);
1861 * const phoneInfoOptions = {
1862 * multiFactorHint: selectedHint,
1863 * session: resolver.session
1864 * };
1865 * const verificationId = phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
1866 * // Store `verificationId` and show UI to let user enter verification code.
1867 *
1868 * // UI to enter verification code and continue.
1869 * // Continue button click handler
1870 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1871 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1872 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
1873 * ```
1874 *
1875 * @public
1876 */
1877export declare interface MultiFactorResolver {
1878 /**
1879 * The list of hints for the second factors needed to complete the sign-in for the current
1880 * session.
1881 */
1882 readonly hints: MultiFactorInfo[];
1883 /**
1884 * The session identifier for the current sign-in flow, which can be used to complete the second
1885 * factor sign-in.
1886 */
1887 readonly session: MultiFactorSession;
1888 /**
1889 * A helper function to help users complete sign in with a second factor using an
1890 * {@link MultiFactorAssertion} confirming the user successfully completed the second factor
1891 * challenge.
1892 *
1893 * @example
1894 * ```javascript
1895 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1896 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1897 * const userCredential = await resolver.resolveSignIn(multiFactorAssertion);
1898 * ```
1899 *
1900 * @param assertion - The multi-factor assertion to resolve sign-in with.
1901 * @returns The promise that resolves with the user credential object.
1902 */
1903 resolveSignIn(assertion: MultiFactorAssertion): Promise<UserCredential>;
1904}
1905
1906/**
1907 * An interface defining the multi-factor session object used for enrolling a second factor on a
1908 * user or helping sign in an enrolled user with a second factor.
1909 *
1910 * @public
1911 */
1912export declare interface MultiFactorSession {
1913}
1914
1915/**
1916 * An interface that defines the multi-factor related properties and operations pertaining
1917 * to a {@link User}.
1918 *
1919 * @public
1920 */
1921export declare interface MultiFactorUser {
1922 /** Returns a list of the user's enrolled second factors. */
1923 readonly enrolledFactors: MultiFactorInfo[];
1924 /**
1925 * Returns the session identifier for a second factor enrollment operation. This is used to
1926 * identify the user trying to enroll a second factor.
1927 *
1928 * @example
1929 * ```javascript
1930 * const multiFactorUser = multiFactor(auth.currentUser);
1931 * const multiFactorSession = await multiFactorUser.getSession();
1932 *
1933 * // Send verification code.
1934 * const phoneAuthProvider = new PhoneAuthProvider(auth);
1935 * const phoneInfoOptions = {
1936 * phoneNumber: phoneNumber,
1937 * session: multiFactorSession
1938 * };
1939 * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
1940 *
1941 * // Obtain verification code from user.
1942 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1943 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1944 * await multiFactorUser.enroll(multiFactorAssertion);
1945 * ```
1946 *
1947 * @returns The promise that resolves with the {@link MultiFactorSession}.
1948 */
1949 getSession(): Promise<MultiFactorSession>;
1950 /**
1951 *
1952 * Enrolls a second factor as identified by the {@link MultiFactorAssertion} for the
1953 * user.
1954 *
1955 * @remarks
1956 * On resolution, the user tokens are updated to reflect the change in the JWT payload.
1957 * Accepts an additional display name parameter used to identify the second factor to the end
1958 * user. Recent re-authentication is required for this operation to succeed. On successful
1959 * enrollment, existing Firebase sessions (refresh tokens) are revoked. When a new factor is
1960 * enrolled, an email notification is sent to the user’s email.
1961 *
1962 * @example
1963 * ```javascript
1964 * const multiFactorUser = multiFactor(auth.currentUser);
1965 * const multiFactorSession = await multiFactorUser.getSession();
1966 *
1967 * // Send verification code.
1968 * const phoneAuthProvider = new PhoneAuthProvider(auth);
1969 * const phoneInfoOptions = {
1970 * phoneNumber: phoneNumber,
1971 * session: multiFactorSession
1972 * };
1973 * const verificationId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, appVerifier);
1974 *
1975 * // Obtain verification code from user.
1976 * const phoneAuthCredential = PhoneAuthProvider.credential(verificationId, verificationCode);
1977 * const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(phoneAuthCredential);
1978 * await multiFactorUser.enroll(multiFactorAssertion);
1979 * // Second factor enrolled.
1980 * ```
1981 *
1982 * @param assertion - The multi-factor assertion to enroll with.
1983 * @param displayName - The display name of the second factor.
1984 */
1985 enroll(assertion: MultiFactorAssertion, displayName?: string | null): Promise<void>;
1986 /**
1987 * Unenrolls the specified second factor.
1988 *
1989 * @remarks
1990 * To specify the factor to remove, pass a {@link MultiFactorInfo} object (retrieved from
1991 * {@link MultiFactorUser.enrolledFactors}) or the
1992 * factor's UID string. Sessions are not revoked when the account is unenrolled. An email
1993 * notification is likely to be sent to the user notifying them of the change. Recent
1994 * re-authentication is required for this operation to succeed. When an existing factor is
1995 * unenrolled, an email notification is sent to the user’s email.
1996 *
1997 * @example
1998 * ```javascript
1999 * const multiFactorUser = multiFactor(auth.currentUser);
2000 * // Present user the option to choose which factor to unenroll.
2001 * await multiFactorUser.unenroll(multiFactorUser.enrolledFactors[i])
2002 * ```
2003 *
2004 * @param option - The multi-factor option to unenroll.
2005 * @returns - A `Promise` which resolves when the unenroll operation is complete.
2006 */
2007 unenroll(option: MultiFactorInfo | string): Promise<void>;
2008}
2009
2010declare type MutableUserInfo = {
2011 -readonly [K in keyof UserInfo]: UserInfo[K];
2012};
2013export { NextFn }
2014
2015/**
2016 * Type definition for an event callback.
2017 *
2018 * @privateRemarks TODO(avolkovi): should we consolidate with Subscribe<T> since we're changing the API anyway?
2019 *
2020 * @public
2021 */
2022export declare type NextOrObserver<T> = NextFn<T | null> | Observer<T | null>;
2023
2024/**
2025 * Represents the OAuth credentials returned by an {@link OAuthProvider}.
2026 *
2027 * @remarks
2028 * Implementations specify the details about each auth provider's credential requirements.
2029 *
2030 * @public
2031 */
2032export declare class OAuthCredential extends AuthCredential {
2033 /**
2034 * The OAuth ID token associated with the credential if it belongs to an OIDC provider,
2035 * such as `google.com`.
2036 * @readonly
2037 */
2038 idToken?: string;
2039 /**
2040 * The OAuth access token associated with the credential if it belongs to an
2041 * {@link OAuthProvider}, such as `facebook.com`, `twitter.com`, etc.
2042 * @readonly
2043 */
2044 accessToken?: string;
2045 /**
2046 * The OAuth access token secret associated with the credential if it belongs to an OAuth 1.0
2047 * provider, such as `twitter.com`.
2048 * @readonly
2049 */
2050 secret?: string;
2051 private nonce?;
2052 private pendingToken;
2053 /* Excluded from this release type: _fromParams */
2054 /** {@inheritdoc AuthCredential.toJSON} */
2055 toJSON(): object;
2056 /**
2057 * Static method to deserialize a JSON representation of an object into an
2058 * {@link AuthCredential}.
2059 *
2060 * @param json - Input can be either Object or the stringified representation of the object.
2061 * When string is provided, JSON.parse would be called first.
2062 *
2063 * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned.
2064 */
2065 static fromJSON(json: string | object): OAuthCredential | null;
2066 /* Excluded from this release type: _getIdTokenResponse */
2067 /* Excluded from this release type: _linkToIdToken */
2068 /* Excluded from this release type: _getReauthenticationResolver */
2069 private buildRequest;
2070}
2071
2072/**
2073 * Defines the options for initializing an {@link OAuthCredential}.
2074 *
2075 * @remarks
2076 * For ID tokens with nonce claim, the raw nonce has to also be provided.
2077 *
2078 * @public
2079 */
2080export declare interface OAuthCredentialOptions {
2081 /**
2082 * The OAuth ID token used to initialize the {@link OAuthCredential}.
2083 */
2084 idToken?: string;
2085 /**
2086 * The OAuth access token used to initialize the {@link OAuthCredential}.
2087 */
2088 accessToken?: string;
2089 /**
2090 * The raw nonce associated with the ID token.
2091 *
2092 * @remarks
2093 * It is required when an ID token with a nonce field is provided. The SHA-256 hash of the
2094 * raw nonce must match the nonce field in the ID token.
2095 */
2096 rawNonce?: string;
2097}
2098
2099declare interface OAuthCredentialParams {
2100 idToken?: string | null;
2101 accessToken?: string | null;
2102 oauthToken?: string;
2103 secret?: string;
2104 oauthTokenSecret?: string;
2105 nonce?: string;
2106 pendingToken?: string;
2107 providerId: string;
2108 signInMethod: string;
2109}
2110
2111/**
2112 * Provider for generating generic {@link OAuthCredential}.
2113 *
2114 * @example
2115 * ```javascript
2116 * // Sign in using a redirect.
2117 * const provider = new OAuthProvider('google.com');
2118 * // Start a sign in process for an unauthenticated user.
2119 * provider.addScope('profile');
2120 * provider.addScope('email');
2121 * await signInWithRedirect(auth, provider);
2122 * // This will trigger a full page redirect away from your app
2123 *
2124 * // After returning from the redirect when your app initializes you can obtain the result
2125 * const result = await getRedirectResult(auth);
2126 * if (result) {
2127 * // This is the signed-in user
2128 * const user = result.user;
2129 * // This gives you a OAuth Access Token for the provider.
2130 * const credential = provider.credentialFromResult(auth, result);
2131 * const token = credential.accessToken;
2132 * }
2133 * ```
2134 *
2135 * @example
2136 * ```javascript
2137 * // Sign in using a popup.
2138 * const provider = new OAuthProvider('google.com');
2139 * provider.addScope('profile');
2140 * provider.addScope('email');
2141 * const result = await signInWithPopup(auth, provider);
2142 *
2143 * // The signed-in user info.
2144 * const user = result.user;
2145 * // This gives you a OAuth Access Token for the provider.
2146 * const credential = provider.credentialFromResult(auth, result);
2147 * const token = credential.accessToken;
2148 * ```
2149 * @public
2150 */
2151export declare class OAuthProvider extends BaseOAuthProvider {
2152 /**
2153 * Creates an {@link OAuthCredential} from a JSON string or a plain object.
2154 * @param json - A plain object or a JSON string
2155 */
2156 static credentialFromJSON(json: object | string): OAuthCredential;
2157 /**
2158 * Creates a {@link OAuthCredential} from a generic OAuth provider's access token or ID token.
2159 *
2160 * @remarks
2161 * The raw nonce is required when an ID token with a nonce field is provided. The SHA-256 hash of
2162 * the raw nonce must match the nonce field in the ID token.
2163 *
2164 * @example
2165 * ```javascript
2166 * // `googleUser` from the onsuccess Google Sign In callback.
2167 * // Initialize a generate OAuth provider with a `google.com` providerId.
2168 * const provider = new OAuthProvider('google.com');
2169 * const credential = provider.credential({
2170 * idToken: googleUser.getAuthResponse().id_token,
2171 * });
2172 * const result = await signInWithCredential(credential);
2173 * ```
2174 *
2175 * @param params - Either the options object containing the ID token, access token and raw nonce
2176 * or the ID token string.
2177 */
2178 credential(params: OAuthCredentialOptions): OAuthCredential;
2179 /** An internal credential method that accepts more permissive options */
2180 private _credential;
2181 /**
2182 * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}.
2183 *
2184 * @param userCredential - The user credential.
2185 */
2186 static credentialFromResult(userCredential: UserCredential): OAuthCredential | null;
2187 /**
2188 * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was
2189