| 1 | /*! firebase-admin v10.0.0 */
|
| 2 | /*!
|
| 3 | * Copyright 2018 Google Inc.
|
| 4 | *
|
| 5 | * Licensed under the Apache License, Version 2.0 (the "License");
|
| 6 | * you may not use this file except in compliance with the License.
|
| 7 | * You may obtain a copy of the License at
|
| 8 | *
|
| 9 | * http://www.apache.org/licenses/LICENSE-2.0
|
| 10 | *
|
| 11 | * Unless required by applicable law or agreed to in writing, software
|
| 12 | * distributed under the License is distributed on an "AS IS" BASIS,
|
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 14 | * See the License for the specific language governing permissions and
|
| 15 | * limitations under the License.
|
| 16 | */
|
| 17 | /**
|
| 18 | * Interface representing base properties of a user-enrolled second factor for a
|
| 19 | * `CreateRequest`.
|
| 20 | */
|
| 21 | export interface BaseCreateMultiFactorInfoRequest {
|
| 22 | /**
|
| 23 | * The optional display name for an enrolled second factor.
|
| 24 | */
|
| 25 | displayName?: string;
|
| 26 | /**
|
| 27 | * The type identifier of the second factor. For SMS second factors, this is `phone`.
|
| 28 | */
|
| 29 | factorId: string;
|
| 30 | }
|
| 31 | /**
|
| 32 | * Interface representing a phone specific user-enrolled second factor for a
|
| 33 | * `CreateRequest`.
|
| 34 | */
|
| 35 | export interface CreatePhoneMultiFactorInfoRequest extends BaseCreateMultiFactorInfoRequest {
|
| 36 | /**
|
| 37 | * The phone number associated with a phone second factor.
|
| 38 | */
|
| 39 | phoneNumber: string;
|
| 40 | }
|
| 41 | /**
|
| 42 | * Type representing the properties of a user-enrolled second factor
|
| 43 | * for a `CreateRequest`.
|
| 44 | */
|
| 45 | export declare type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;
|
| 46 | /**
|
| 47 | * Interface representing common properties of a user-enrolled second factor
|
| 48 | * for an `UpdateRequest`.
|
| 49 | */
|
| 50 | export interface BaseUpdateMultiFactorInfoRequest {
|
| 51 | /**
|
| 52 | * The ID of the enrolled second factor. This ID is unique to the user. When not provided,
|
| 53 | * a new one is provisioned by the Auth server.
|
| 54 | */
|
| 55 | uid?: string;
|
| 56 | /**
|
| 57 | * The optional display name for an enrolled second factor.
|
| 58 | */
|
| 59 | displayName?: string;
|
| 60 | /**
|
| 61 | * The optional date the second factor was enrolled, formatted as a UTC string.
|
| 62 | */
|
| 63 | enrollmentTime?: string;
|
| 64 | /**
|
| 65 | * The type identifier of the second factor. For SMS second factors, this is `phone`.
|
| 66 | */
|
| 67 | factorId: string;
|
| 68 | }
|
| 69 | /**
|
| 70 | * Interface representing a phone specific user-enrolled second factor
|
| 71 | * for an `UpdateRequest`.
|
| 72 | */
|
| 73 | export interface UpdatePhoneMultiFactorInfoRequest extends BaseUpdateMultiFactorInfoRequest {
|
| 74 | /**
|
| 75 | * The phone number associated with a phone second factor.
|
| 76 | */
|
| 77 | phoneNumber: string;
|
| 78 | }
|
| 79 | /**
|
| 80 | * Type representing the properties of a user-enrolled second factor
|
| 81 | * for an `UpdateRequest`.
|
| 82 | */
|
| 83 | export declare type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;
|
| 84 | /**
|
| 85 | * The multi-factor related user settings for create operations.
|
| 86 | */
|
| 87 | export interface MultiFactorCreateSettings {
|
| 88 | /**
|
| 89 | * The created user's list of enrolled second factors.
|
| 90 | */
|
| 91 | enrolledFactors: CreateMultiFactorInfoRequest[];
|
| 92 | }
|
| 93 | /**
|
| 94 | * The multi-factor related user settings for update operations.
|
| 95 | */
|
| 96 | export interface MultiFactorUpdateSettings {
|
| 97 | /**
|
| 98 | * The updated list of enrolled second factors. The provided list overwrites the user's
|
| 99 | * existing list of second factors.
|
| 100 | * When null is passed, all of the user's existing second factors are removed.
|
| 101 | */
|
| 102 | enrolledFactors: UpdateMultiFactorInfoRequest[] | null;
|
| 103 | }
|
| 104 | /**
|
| 105 | * Interface representing the properties to update on the provided user.
|
| 106 | */
|
| 107 | export interface UpdateRequest {
|
| 108 | /**
|
| 109 | * Whether or not the user is disabled: `true` for disabled;
|
| 110 | * `false` for enabled.
|
| 111 | */
|
| 112 | disabled?: boolean;
|
| 113 | /**
|
| 114 | * The user's display name.
|
| 115 | */
|
| 116 | displayName?: string | null;
|
| 117 | /**
|
| 118 | * The user's primary email.
|
| 119 | */
|
| 120 | email?: string;
|
| 121 | /**
|
| 122 | * Whether or not the user's primary email is verified.
|
| 123 | */
|
| 124 | emailVerified?: boolean;
|
| 125 | /**
|
| 126 | * The user's unhashed password.
|
| 127 | */
|
| 128 | password?: string;
|
| 129 | /**
|
| 130 | * The user's primary phone number.
|
| 131 | */
|
| 132 | phoneNumber?: string | null;
|
| 133 | /**
|
| 134 | * The user's photo URL.
|
| 135 | */
|
| 136 | photoURL?: string | null;
|
| 137 | /**
|
| 138 | * The user's updated multi-factor related properties.
|
| 139 | */
|
| 140 | multiFactor?: MultiFactorUpdateSettings;
|
| 141 | /**
|
| 142 | * Links this user to the specified provider.
|
| 143 | *
|
| 144 | * Linking a provider to an existing user account does not invalidate the
|
| 145 | * refresh token of that account. In other words, the existing account
|
| 146 | * would continue to be able to access resources, despite not having used
|
| 147 | * the newly linked provider to log in. If you wish to force the user to
|
| 148 | * authenticate with this new provider, you need to (a) revoke their
|
| 149 | * refresh token (see
|
| 150 | * https://firebase.google.com/docs/auth/admin/manage-sessions#revoke_refresh_tokens),
|
| 151 | * and (b) ensure no other authentication methods are present on this
|
| 152 | * account.
|
| 153 | */
|
| 154 | providerToLink?: UserProvider;
|
| 155 | /**
|
| 156 | * Unlinks this user from the specified providers.
|
| 157 | */
|
| 158 | providersToUnlink?: string[];
|
| 159 | }
|
| 160 | /**
|
| 161 | * Represents a user identity provider that can be associated with a Firebase user.
|
| 162 | */
|
| 163 | export interface UserProvider {
|
| 164 | /**
|
| 165 | * The user identifier for the linked provider.
|
| 166 | */
|
| 167 | uid?: string;
|
| 168 | /**
|
| 169 | * The display name for the linked provider.
|
| 170 | */
|
| 171 | displayName?: string;
|
| 172 | /**
|
| 173 | * The email for the linked provider.
|
| 174 | */
|
| 175 | email?: string;
|
| 176 | /**
|
| 177 | * The phone number for the linked provider.
|
| 178 | */
|
| 179 | phoneNumber?: string;
|
| 180 | /**
|
| 181 | * The photo URL for the linked provider.
|
| 182 | */
|
| 183 | photoURL?: string;
|
| 184 | /**
|
| 185 | * The linked provider ID (for example, "google.com" for the Google provider).
|
| 186 | */
|
| 187 | providerId?: string;
|
| 188 | }
|
| 189 | /**
|
| 190 | * Interface representing the properties to set on a new user record to be
|
| 191 | * created.
|
| 192 | */
|
| 193 | export interface CreateRequest extends UpdateRequest {
|
| 194 | /**
|
| 195 | * The user's `uid`.
|
| 196 | */
|
| 197 | uid?: string;
|
| 198 | /**
|
| 199 | * The user's multi-factor related properties.
|
| 200 | */
|
| 201 | multiFactor?: MultiFactorCreateSettings;
|
| 202 | }
|
| 203 | /**
|
| 204 | * The response interface for listing provider configs. This is only available
|
| 205 | * when listing all identity providers' configurations via
|
| 206 | * {@link BaseAuth.listProviderConfigs}.
|
| 207 | */
|
| 208 | export interface ListProviderConfigResults {
|
| 209 | /**
|
| 210 | * The list of providers for the specified type in the current page.
|
| 211 | */
|
| 212 | providerConfigs: AuthProviderConfig[];
|
| 213 | /**
|
| 214 | * The next page token, if available.
|
| 215 | */
|
| 216 | pageToken?: string;
|
| 217 | }
|
| 218 | /**
|
| 219 | * The filter interface used for listing provider configurations. This is used
|
| 220 | * when specifying how to list configured identity providers via
|
| 221 | * {@link BaseAuth.listProviderConfigs}.
|
| 222 | */
|
| 223 | export interface AuthProviderConfigFilter {
|
| 224 | /**
|
| 225 | * The Auth provider configuration filter. This can be either `saml` or `oidc`.
|
| 226 | * The former is used to look up SAML providers only, while the latter is used
|
| 227 | * for OIDC providers.
|
| 228 | */
|
| 229 | type: 'saml' | 'oidc';
|
| 230 | /**
|
| 231 | * The maximum number of results to return per page. The default and maximum is
|
| 232 | * 100.
|
| 233 | */
|
| 234 | maxResults?: number;
|
| 235 | /**
|
| 236 | * The next page token. When not specified, the lookup starts from the beginning
|
| 237 | * of the list.
|
| 238 | */
|
| 239 | pageToken?: string;
|
| 240 | }
|
| 241 | /**
|
| 242 | * The request interface for updating a SAML Auth provider. This is used
|
| 243 | * when updating a SAML provider's configuration via
|
| 244 | * {@link BaseAuth.updateProviderConfig}.
|
| 245 | */
|
| 246 | export interface SAMLUpdateAuthProviderRequest {
|
| 247 | /**
|
| 248 | * The SAML provider's updated display name. If not provided, the existing
|
| 249 | * configuration's value is not modified.
|
| 250 | */
|
| 251 | displayName?: string;
|
| 252 | /**
|
| 253 | * Whether the SAML provider is enabled or not. If not provided, the existing
|
| 254 | * configuration's setting is not modified.
|
| 255 | */
|
| 256 | enabled?: boolean;
|
| 257 | /**
|
| 258 | * The SAML provider's updated IdP entity ID. If not provided, the existing
|
| 259 | * configuration's value is not modified.
|
| 260 | */
|
| 261 | idpEntityId?: string;
|
| 262 | /**
|
| 263 | * The SAML provider's updated SSO URL. If not provided, the existing
|
| 264 | * configuration's value is not modified.
|
| 265 | */
|
| 266 | ssoURL?: string;
|
| 267 | /**
|
| 268 | * The SAML provider's updated list of X.509 certificated. If not provided, the
|
| 269 | * existing configuration list is not modified.
|
| 270 | */
|
| 271 | x509Certificates?: string[];
|
| 272 | /**
|
| 273 | * The SAML provider's updated RP entity ID. If not provided, the existing
|
| 274 | * configuration's value is not modified.
|
| 275 | */
|
| 276 | rpEntityId?: string;
|
| 277 | /**
|
| 278 | * The SAML provider's callback URL. If not provided, the existing
|
| 279 | * configuration's value is not modified.
|
| 280 | */
|
| 281 | callbackURL?: string;
|
| 282 | }
|
| 283 | /**
|
| 284 | * The request interface for updating an OIDC Auth provider. This is used
|
| 285 | * when updating an OIDC provider's configuration via
|
| 286 | * {@link BaseAuth.updateProviderConfig}.
|
| 287 | */
|
| 288 | export interface OIDCUpdateAuthProviderRequest {
|
| 289 | /**
|
| 290 | * The OIDC provider's updated display name. If not provided, the existing
|
| 291 | * configuration's value is not modified.
|
| 292 | */
|
| 293 | displayName?: string;
|
| 294 | /**
|
| 295 | * Whether the OIDC provider is enabled or not. If not provided, the existing
|
| 296 | * configuration's setting is not modified.
|
| 297 | */
|
| 298 | enabled?: boolean;
|
| 299 | /**
|
| 300 | * The OIDC provider's updated client ID. If not provided, the existing
|
| 301 | * configuration's value is not modified.
|
| 302 | */
|
| 303 | clientId?: string;
|
| 304 | /**
|
| 305 | * The OIDC provider's updated issuer. If not provided, the existing
|
| 306 | * configuration's value is not modified.
|
| 307 | */
|
| 308 | issuer?: string;
|
| 309 | /**
|
| 310 | * The OIDC provider's client secret to enable OIDC code flow.
|
| 311 | * If not provided, the existing configuration's value is not modified.
|
| 312 | */
|
| 313 | clientSecret?: string;
|
| 314 | /**
|
| 315 | * The OIDC provider's response object for OAuth authorization flow.
|
| 316 | */
|
| 317 | responseType?: OAuthResponseType;
|
| 318 | }
|
| 319 | export declare type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;
|
| 320 | /** A maximum of 10 test phone number / code pairs can be configured. */
|
| 321 | export declare const MAXIMUM_TEST_PHONE_NUMBERS = 10;
|
| 322 | /** The server side SAML configuration request interface. */
|
| 323 | export interface SAMLConfigServerRequest {
|
| 324 | idpConfig?: {
|
| 325 | idpEntityId?: string;
|
| 326 | ssoUrl?: string;
|
| 327 | idpCertificates?: Array<{
|
| 328 | x509Certificate: string;
|
| 329 | }>;
|
| 330 | signRequest?: boolean;
|
| 331 | };
|
| 332 | spConfig?: {
|
| 333 | spEntityId?: string;
|
| 334 | callbackUri?: string;
|
| 335 | };
|
| 336 | displayName?: string;
|
| 337 | enabled?: boolean;
|
| 338 | [key: string]: any;
|
| 339 | }
|
| 340 | /** The server side SAML configuration response interface. */
|
| 341 | export interface SAMLConfigServerResponse {
|
| 342 | name?: string;
|
| 343 | idpConfig?: {
|
| 344 | idpEntityId?: string;
|
| 345 | ssoUrl?: string;
|
| 346 | idpCertificates?: Array<{
|
| 347 | x509Certificate: string;
|
| 348 | }>;
|
| 349 | signRequest?: boolean;
|
| 350 | };
|
| 351 | spConfig?: {
|
| 352 | spEntityId?: string;
|
| 353 | callbackUri?: string;
|
| 354 | };
|
| 355 | displayName?: string;
|
| 356 | enabled?: boolean;
|
| 357 | }
|
| 358 | /** The server side OIDC configuration request interface. */
|
| 359 | export interface OIDCConfigServerRequest {
|
| 360 | clientId?: string;
|
| 361 | issuer?: string;
|
| 362 | displayName?: string;
|
| 363 | enabled?: boolean;
|
| 364 | clientSecret?: string;
|
| 365 | responseType?: OAuthResponseType;
|
| 366 | [key: string]: any;
|
| 367 | }
|
| 368 | /** The server side OIDC configuration response interface. */
|
| 369 | export interface OIDCConfigServerResponse {
|
| 370 | name?: string;
|
| 371 | clientId?: string;
|
| 372 | issuer?: string;
|
| 373 | displayName?: string;
|
| 374 | enabled?: boolean;
|
| 375 | clientSecret?: string;
|
| 376 | responseType?: OAuthResponseType;
|
| 377 | }
|
| 378 | /** The server side email configuration request interface. */
|
| 379 | export interface EmailSignInConfigServerRequest {
|
| 380 | allowPasswordSignup?: boolean;
|
| 381 | enableEmailLinkSignin?: boolean;
|
| 382 | }
|
| 383 | /** Identifies the server side second factor type. */
|
| 384 | declare type AuthFactorServerType = 'PHONE_SMS';
|
| 385 | /** Server side multi-factor configuration. */
|
| 386 | export interface MultiFactorAuthServerConfig {
|
| 387 | state?: MultiFactorConfigState;
|
| 388 | enabledProviders?: AuthFactorServerType[];
|
| 389 | }
|
| 390 | /**
|
| 391 | * Identifies a second factor type.
|
| 392 | */
|
| 393 | export declare type AuthFactorType = 'phone';
|
| 394 | /**
|
| 395 | * Identifies a multi-factor configuration state.
|
| 396 | */
|
| 397 | export declare type MultiFactorConfigState = 'ENABLED' | 'DISABLED';
|
| 398 | /**
|
| 399 | * Interface representing a multi-factor configuration.
|
| 400 | * This can be used to define whether multi-factor authentication is enabled
|
| 401 | * or disabled and the list of second factor challenges that are supported.
|
| 402 | */
|
| 403 | export interface MultiFactorConfig {
|
| 404 | /**
|
| 405 | * The multi-factor config state.
|
| 406 | */
|
| 407 | state: MultiFactorConfigState;
|
| 408 | /**
|
| 409 | * The list of identifiers for enabled second factors.
|
| 410 | * Currently only ‘phone’ is supported.
|
| 411 | */
|
| 412 | factorIds?: AuthFactorType[];
|
| 413 | }
|
| 414 | /**
|
| 415 | * Defines the multi-factor config class used to convert client side MultiFactorConfig
|
| 416 | * to a format that is understood by the Auth server.
|
| 417 | */
|
| 418 | export declare class MultiFactorAuthConfig implements MultiFactorConfig {
|
| 419 | readonly state: MultiFactorConfigState;
|
| 420 | readonly factorIds: AuthFactorType[];
|
| 421 | /**
|
| 422 | * Validates the MultiFactorConfig options object. Throws an error on failure.
|
| 423 | *
|
| 424 | * @param options - The options object to validate.
|
| 425 | */
|
| 426 | private static validate;
|
| 427 | /** @returns The plain object representation of the multi-factor config instance. */
|
| 428 | toJSON(): object;
|
| 429 | }
|
| 430 | /**
|
| 431 | * Validates the provided map of test phone number / code pairs.
|
| 432 | * @param testPhoneNumbers - The phone number / code pairs to validate.
|
| 433 | */
|
| 434 | export declare function validateTestPhoneNumbers(testPhoneNumbers: {
|
| 435 | [phoneNumber: string]: string;
|
| 436 | }): void;
|
| 437 | /**
|
| 438 | * The email sign in provider configuration.
|
| 439 | */
|
| 440 | export interface EmailSignInProviderConfig {
|
| 441 | /**
|
| 442 | * Whether email provider is enabled.
|
| 443 | */
|
| 444 | enabled: boolean;
|
| 445 | /**
|
| 446 | * Whether password is required for email sign-in. When not required,
|
| 447 | * email sign-in can be performed with password or via email link sign-in.
|
| 448 | */
|
| 449 | passwordRequired?: boolean;
|
| 450 | }
|
| 451 | /**
|
| 452 | * The base Auth provider configuration interface.
|
| 453 | */
|
| 454 | export interface BaseAuthProviderConfig {
|
| 455 | /**
|
| 456 | * The provider ID defined by the developer.
|
| 457 | * For a SAML provider, this is always prefixed by `saml.`.
|
| 458 | * For an OIDC provider, this is always prefixed by `oidc.`.
|
| 459 | */
|
| 460 | providerId: string;
|
| 461 | /**
|
| 462 | * The user-friendly display name to the current configuration. This name is
|
| 463 | * also used as the provider label in the Cloud Console.
|
| 464 | */
|
| 465 | displayName?: string;
|
| 466 | /**
|
| 467 | * Whether the provider configuration is enabled or disabled. A user
|
| 468 | * cannot sign in using a disabled provider.
|
| 469 | */
|
| 470 | enabled: boolean;
|
| 471 | }
|
| 472 | /**
|
| 473 | * The
|
| 474 | * [SAML](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html)
|
| 475 | * Auth provider configuration interface. A SAML provider can be created via
|
| 476 | * {@link BaseAuth.createProviderConfig}.
|
| 477 | */
|
| 478 | export interface SAMLAuthProviderConfig extends BaseAuthProviderConfig {
|
| 479 | /**
|
| 480 | * The SAML IdP entity identifier.
|
| 481 | */
|
| 482 | idpEntityId: string;
|
| 483 | /**
|
| 484 | * The SAML IdP SSO URL. This must be a valid URL.
|
| 485 | */
|
| 486 | ssoURL: string;
|
| 487 | /**
|
| 488 | * The list of SAML IdP X.509 certificates issued by CA for this provider.
|
| 489 | * Multiple certificates are accepted to prevent outages during
|
| 490 | * IdP key rotation (for example ADFS rotates every 10 days). When the Auth
|
| 491 | * server receives a SAML response, it will match the SAML response with the
|
| 492 | * certificate on record. Otherwise the response is rejected.
|
| 493 | * Developers are expected to manage the certificate updates as keys are
|
| 494 | * rotated.
|
| 495 | */
|
| 496 | x509Certificates: string[];
|
| 497 | /**
|
| 498 | * The SAML relying party (service provider) entity ID.
|
| 499 | * This is defined by the developer but needs to be provided to the SAML IdP.
|
| 500 | */
|
| 501 | rpEntityId: string;
|
| 502 | /**
|
| 503 | * This is fixed and must always be the same as the OAuth redirect URL
|
| 504 | * provisioned by Firebase Auth,
|
| 505 | * `https://project-id.firebaseapp.com/__/auth/handler` unless a custom
|
| 506 | * `authDomain` is used.
|
| 507 | * The callback URL should also be provided to the SAML IdP during
|
| 508 | * configuration.
|
| 509 | */
|
| 510 | callbackURL?: string;
|
| 511 | }
|
| 512 | /**
|
| 513 | * The interface representing OIDC provider's response object for OAuth
|
| 514 | * authorization flow.
|
| 515 | * One of the following settings is required:
|
| 516 | * <ul>
|
| 517 | * <li>Set <code>code</code> to <code>true</code> for the code flow.</li>
|
| 518 | * <li>Set <code>idToken</code> to <code>true</code> for the ID token flow.</li>
|
| 519 | * </ul>
|
| 520 | */
|
| 521 | export interface OAuthResponseType {
|
| 522 | /**
|
| 523 | * Whether ID token is returned from IdP's authorization endpoint.
|
| 524 | */
|
| 525 | idToken?: boolean;
|
| 526 | /**
|
| 527 | * Whether authorization code is returned from IdP's authorization endpoint.
|
| 528 | */
|
| 529 | code?: boolean;
|
| 530 | }
|
| 531 | /**
|
| 532 | * The [OIDC](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth
|
| 533 | * provider configuration interface. An OIDC provider can be created via
|
| 534 | * {@link BaseAuth.createProviderConfig}.
|
| 535 | */
|
| 536 | export interface OIDCAuthProviderConfig extends BaseAuthProviderConfig {
|
| 537 | /**
|
| 538 | * This is the required client ID used to confirm the audience of an OIDC
|
| 539 | * provider's
|
| 540 | * [ID token](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).
|
| 541 | */
|
| 542 | clientId: string;
|
| 543 | /**
|
| 544 | * This is the required provider issuer used to match the provider issuer of
|
| 545 | * the ID token and to determine the corresponding OIDC discovery document, eg.
|
| 546 | * [`/.well-known/openid-configuration`](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig).
|
| 547 | * This is needed for the following:
|
| 548 | * <ul>
|
| 549 | * <li>To verify the provided issuer.</li>
|
| 550 | * <li>Determine the authentication/authorization endpoint during the OAuth
|
| 551 | * `id_token` authentication flow.</li>
|
| 552 | * <li>To retrieve the public signing keys via `jwks_uri` to verify the OIDC
|
| 553 | * provider's ID token's signature.</li>
|
| 554 | * <li>To determine the claims_supported to construct the user attributes to be
|
| 555 | * returned in the additional user info response.</li>
|
| 556 | * </ul>
|
| 557 | * ID token validation will be performed as defined in the
|
| 558 | * [spec](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).
|
| 559 | */
|
| 560 | issuer: string;
|
| 561 | /**
|
| 562 | * The OIDC provider's client secret to enable OIDC code flow.
|
| 563 | */
|
| 564 | clientSecret?: string;
|
| 565 | /**
|
| 566 | * The OIDC provider's response object for OAuth authorization flow.
|
| 567 | */
|
| 568 | responseType?: OAuthResponseType;
|
| 569 | }
|
| 570 | /**
|
| 571 | * The Auth provider configuration type.
|
| 572 | * {@link BaseAuth.createProviderConfig}.
|
| 573 | */
|
| 574 | export declare type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;
|
| 575 | export {};
|