1 | /*! firebase-admin v10.0.0 */
|
2 | /*!
|
3 | * Copyright 2021 Google Inc.
|
4 | *
|
5 | * Licensed under the Apache License, Version 2.0 (the "License");
|
6 | * you may not use this file except in compliance with the License.
|
7 | * You may obtain a copy of the License at
|
8 | *
|
9 | * http://www.apache.org/licenses/LICENSE-2.0
|
10 | *
|
11 | * Unless required by applicable law or agreed to in writing, software
|
12 | * distributed under the License is distributed on an "AS IS" BASIS,
|
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14 | * See the License for the specific language governing permissions and
|
15 | * limitations under the License.
|
16 | */
|
17 | import { FirebaseArrayIndexError } from '../app';
|
18 | import { DecodedIdToken } from './token-verifier';
|
19 | import { AuthProviderConfig, AuthProviderConfigFilter, ListProviderConfigResults, UpdateAuthProviderRequest, CreateRequest, UpdateRequest } from './auth-config';
|
20 | import { UserRecord } from './user-record';
|
21 | import { UserIdentifier } from './identifier';
|
22 | import { UserImportOptions, UserImportRecord, UserImportResult } from './user-import-builder';
|
23 | import { ActionCodeSettings } from './action-code-settings-builder';
|
24 | /** Represents the result of the {@link BaseAuth.getUsers} API. */
|
25 | export interface GetUsersResult {
|
26 | /**
|
27 | * Set of user records, corresponding to the set of users that were
|
28 | * requested. Only users that were found are listed here. The result set is
|
29 | * unordered.
|
30 | */
|
31 | users: UserRecord[];
|
32 | /** Set of identifiers that were requested, but not found. */
|
33 | notFound: UserIdentifier[];
|
34 | }
|
35 | /**
|
36 | * Interface representing the object returned from a
|
37 | * {@link BaseAuth.listUsers} operation. Contains the list
|
38 | * of users for the current batch and the next page token if available.
|
39 | */
|
40 | export interface ListUsersResult {
|
41 | /**
|
42 | * The list of {@link UserRecord} objects for the
|
43 | * current downloaded batch.
|
44 | */
|
45 | users: UserRecord[];
|
46 | /**
|
47 | * The next page token if available. This is needed for the next batch download.
|
48 | */
|
49 | pageToken?: string;
|
50 | }
|
51 | /**
|
52 | * Represents the result of the {@link BaseAuth.deleteUsers}.
|
53 | * API.
|
54 | */
|
55 | export interface DeleteUsersResult {
|
56 | /**
|
57 | * The number of user records that failed to be deleted (possibly zero).
|
58 | */
|
59 | failureCount: number;
|
60 | /**
|
61 | * The number of users that were deleted successfully (possibly zero).
|
62 | * Users that did not exist prior to calling `deleteUsers()` are
|
63 | * considered to be successfully deleted.
|
64 | */
|
65 | successCount: number;
|
66 | /**
|
67 | * A list of `FirebaseArrayIndexError` instances describing the errors that
|
68 | * were encountered during the deletion. Length of this list is equal to
|
69 | * the return value of {@link DeleteUsersResult.failureCount}.
|
70 | */
|
71 | errors: FirebaseArrayIndexError[];
|
72 | }
|
73 | /**
|
74 | * Interface representing the session cookie options needed for the
|
75 | * {@link BaseAuth.createSessionCookie} method.
|
76 | */
|
77 | export interface SessionCookieOptions {
|
78 | /**
|
79 | * The session cookie custom expiration in milliseconds. The minimum allowed is
|
80 | * 5 minutes and the maxium allowed is 2 weeks.
|
81 | */
|
82 | expiresIn: number;
|
83 | }
|
84 | /**
|
85 | * Common parent interface for both `Auth` and `TenantAwareAuth` APIs.
|
86 | */
|
87 | export declare abstract class BaseAuth {
|
88 | /**
|
89 | * Creates a new Firebase custom token (JWT) that can be sent back to a client
|
90 | * device to use to sign in with the client SDKs' `signInWithCustomToken()`
|
91 | * methods. (Tenant-aware instances will also embed the tenant ID in the
|
92 | * token.)
|
93 | *
|
94 | * See {@link https://firebase.google.com/docs/auth/admin/create-custom-tokens | Create Custom Tokens}
|
95 | * for code samples and detailed documentation.
|
96 | *
|
97 | * @param uid - The `uid` to use as the custom token's subject.
|
98 | * @param developerClaims - Optional additional claims to include
|
99 | * in the custom token's payload.
|
100 | *
|
101 | * @returns A promise fulfilled with a custom token for the
|
102 | * provided `uid` and payload.
|
103 | */
|
104 | createCustomToken(uid: string, developerClaims?: object): Promise<string>;
|
105 | /**
|
106 | * Verifies a Firebase ID token (JWT). If the token is valid, the promise is
|
107 | * fulfilled with the token's decoded claims; otherwise, the promise is
|
108 | * rejected.
|
109 | *
|
110 | * If `checkRevoked` is set to true, first verifies whether the corresponding
|
111 | * user is disabled. If yes, an `auth/user-disabled` error is thrown. If no,
|
112 | * verifies if the session corresponding to the ID token was revoked. If the
|
113 | * corresponding user's session was invalidated, an `auth/id-token-revoked`
|
114 | * error is thrown. If not specified the check is not applied.
|
115 | *
|
116 | * See {@link https://firebase.google.com/docs/auth/admin/verify-id-tokens | Verify ID Tokens}
|
117 | * for code samples and detailed documentation.
|
118 | *
|
119 | * @param idToken - The ID token to verify.
|
120 | * @param checkRevoked - Whether to check if the ID token was revoked.
|
121 | * This requires an extra request to the Firebase Auth backend to check
|
122 | * the `tokensValidAfterTime` time for the corresponding user.
|
123 | * When not specified, this additional check is not applied.
|
124 | *
|
125 | * @returns A promise fulfilled with the
|
126 | * token's decoded claims if the ID token is valid; otherwise, a rejected
|
127 | * promise.
|
128 | */
|
129 | verifyIdToken(idToken: string, checkRevoked?: boolean): Promise<DecodedIdToken>;
|
130 | /**
|
131 | * Gets the user data for the user corresponding to a given `uid`.
|
132 | *
|
133 | * See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
|
134 | * for code samples and detailed documentation.
|
135 | *
|
136 | * @param uid - The `uid` corresponding to the user whose data to fetch.
|
137 | *
|
138 | * @returns A promise fulfilled with the user
|
139 | * data corresponding to the provided `uid`.
|
140 | */
|
141 | getUser(uid: string): Promise<UserRecord>;
|
142 | /**
|
143 | * Gets the user data for the user corresponding to a given email.
|
144 | *
|
145 | * See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
|
146 | * for code samples and detailed documentation.
|
147 | *
|
148 | * @param email - The email corresponding to the user whose data to
|
149 | * fetch.
|
150 | *
|
151 | * @returns A promise fulfilled with the user
|
152 | * data corresponding to the provided email.
|
153 | */
|
154 | getUserByEmail(email: string): Promise<UserRecord>;
|
155 | /**
|
156 | * Gets the user data for the user corresponding to a given phone number. The
|
157 | * phone number has to conform to the E.164 specification.
|
158 | *
|
159 | * See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
|
160 | * for code samples and detailed documentation.
|
161 | *
|
162 | * @param phoneNumber - The phone number corresponding to the user whose
|
163 | * data to fetch.
|
164 | *
|
165 | * @returns A promise fulfilled with the user
|
166 | * data corresponding to the provided phone number.
|
167 | */
|
168 | getUserByPhoneNumber(phoneNumber: string): Promise<UserRecord>;
|
169 | /**
|
170 | * Gets the user data for the user corresponding to a given provider id.
|
171 | *
|
172 | * See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
|
173 | * for code samples and detailed documentation.
|
174 | *
|
175 | * @param providerId - The provider ID, for example, "google.com" for the
|
176 | * Google provider.
|
177 | * @param uid - The user identifier for the given provider.
|
178 | *
|
179 | * @returns A promise fulfilled with the user data corresponding to the
|
180 | * given provider id.
|
181 | */
|
182 | getUserByProviderUid(providerId: string, uid: string): Promise<UserRecord>;
|
183 | /**
|
184 | * Gets the user data corresponding to the specified identifiers.
|
185 | *
|
186 | * There are no ordering guarantees; in particular, the nth entry in the result list is not
|
187 | * guaranteed to correspond to the nth entry in the input parameters list.
|
188 | *
|
189 | * Only a maximum of 100 identifiers may be supplied. If more than 100 identifiers are supplied,
|
190 | * this method throws a FirebaseAuthError.
|
191 | *
|
192 | * @param identifiers - The identifiers used to indicate which user records should be returned.
|
193 | * Must not have more than 100 entries.
|
194 | * @returns A promise that resolves to the corresponding user records.
|
195 | * @throws FirebaseAuthError If any of the identifiers are invalid or if more than 100
|
196 | * identifiers are specified.
|
197 | */
|
198 | getUsers(identifiers: UserIdentifier[]): Promise<GetUsersResult>;
|
199 | /**
|
200 | * Retrieves a list of users (single batch only) with a size of `maxResults`
|
201 | * starting from the offset as specified by `pageToken`. This is used to
|
202 | * retrieve all the users of a specified project in batches.
|
203 | *
|
204 | * See {@link https://firebase.google.com/docs/auth/admin/manage-users#list_all_users | List all users}
|
205 | * for code samples and detailed documentation.
|
206 | *
|
207 | * @param maxResults - The page size, 1000 if undefined. This is also
|
208 | * the maximum allowed limit.
|
209 | * @param pageToken - The next page token. If not specified, returns
|
210 | * users starting without any offset.
|
211 | * @returns A promise that resolves with
|
212 | * the current batch of downloaded users and the next page token.
|
213 | */
|
214 | listUsers(maxResults?: number, pageToken?: string): Promise<ListUsersResult>;
|
215 | /**
|
216 | * Creates a new user.
|
217 | *
|
218 | * See {@link https://firebase.google.com/docs/auth/admin/manage-users#create_a_user | Create a user}
|
219 | * for code samples and detailed documentation.
|
220 | *
|
221 | * @param properties - The properties to set on the
|
222 | * new user record to be created.
|
223 | *
|
224 | * @returns A promise fulfilled with the user
|
225 | * data corresponding to the newly created user.
|
226 | */
|
227 | createUser(properties: CreateRequest): Promise<UserRecord>;
|
228 | /**
|
229 | * Deletes an existing user.
|
230 | *
|
231 | * See {@link https://firebase.google.com/docs/auth/admin/manage-users#delete_a_user | Delete a user}
|
232 | * for code samples and detailed documentation.
|
233 | *
|
234 | * @param uid - The `uid` corresponding to the user to delete.
|
235 | *
|
236 | * @returns An empty promise fulfilled once the user has been
|
237 | * deleted.
|
238 | */
|
239 | deleteUser(uid: string): Promise<void>;
|
240 | /**
|
241 | * Deletes the users specified by the given uids.
|
242 | *
|
243 | * Deleting a non-existing user won't generate an error (i.e. this method
|
244 | * is idempotent.) Non-existing users are considered to be successfully
|
245 | * deleted, and are therefore counted in the
|
246 | * `DeleteUsersResult.successCount` value.
|
247 | *
|
248 | * Only a maximum of 1000 identifiers may be supplied. If more than 1000
|
249 | * identifiers are supplied, this method throws a FirebaseAuthError.
|
250 | *
|
251 | * This API is currently rate limited at the server to 1 QPS. If you exceed
|
252 | * this, you may get a quota exceeded error. Therefore, if you want to
|
253 | * delete more than 1000 users, you may need to add a delay to ensure you
|
254 | * don't go over this limit.
|
255 | *
|
256 | * @param uids - The `uids` corresponding to the users to delete.
|
257 | *
|
258 | * @returns A Promise that resolves to the total number of successful/failed
|
259 | * deletions, as well as the array of errors that corresponds to the
|
260 | * failed deletions.
|
261 | */
|
262 | deleteUsers(uids: string[]): Promise<DeleteUsersResult>;
|
263 | /**
|
264 | * Updates an existing user.
|
265 | *
|
266 | * See {@link https://firebsae.google.com/docs/auth/admin/manage-users#update_a_user | Update a user}
|
267 | * for code samples and detailed documentation.
|
268 | *
|
269 | * @param uid - The `uid` corresponding to the user to update.
|
270 | * @param properties - The properties to update on
|
271 | * the provided user.
|
272 | *
|
273 | * @returns A promise fulfilled with the
|
274 | * updated user data.
|
275 | */
|
276 | updateUser(uid: string, properties: UpdateRequest): Promise<UserRecord>;
|
277 | /**
|
278 | * Sets additional developer claims on an existing user identified by the
|
279 | * provided `uid`, typically used to define user roles and levels of
|
280 | * access. These claims should propagate to all devices where the user is
|
281 | * already signed in (after token expiration or when token refresh is forced)
|
282 | * and the next time the user signs in. If a reserved OIDC claim name
|
283 | * is used (sub, iat, iss, etc), an error is thrown. They are set on the
|
284 | * authenticated user's ID token JWT.
|
285 | *
|
286 | * See {@link https://firebase.google.com/docs/auth/admin/custom-claims |
|
287 | * Defining user roles and access levels}
|
288 | * for code samples and detailed documentation.
|
289 | *
|
290 | * @param uid - The `uid` of the user to edit.
|
291 | * @param customUserClaims - The developer claims to set. If null is
|
292 | * passed, existing custom claims are deleted. Passing a custom claims payload
|
293 | * larger than 1000 bytes will throw an error. Custom claims are added to the
|
294 | * user's ID token which is transmitted on every authenticated request.
|
295 | * For profile non-access related user attributes, use database or other
|
296 | * separate storage systems.
|
297 | * @returns A promise that resolves when the operation completes
|
298 | * successfully.
|
299 | */
|
300 | setCustomUserClaims(uid: string, customUserClaims: object | null): Promise<void>;
|
301 | /**
|
302 | * Revokes all refresh tokens for an existing user.
|
303 | *
|
304 | * This API will update the user's {@link UserRecord.tokensValidAfterTime} to
|
305 | * the current UTC. It is important that the server on which this is called has
|
306 | * its clock set correctly and synchronized.
|
307 | *
|
308 | * While this will revoke all sessions for a specified user and disable any
|
309 | * new ID tokens for existing sessions from getting minted, existing ID tokens
|
310 | * may remain active until their natural expiration (one hour). To verify that
|
311 | * ID tokens are revoked, use {@link BaseAuth.verifyIdToken}
|
312 | * where `checkRevoked` is set to true.
|
313 | *
|
314 | * @param uid - The `uid` corresponding to the user whose refresh tokens
|
315 | * are to be revoked.
|
316 | *
|
317 | * @returns An empty promise fulfilled once the user's refresh
|
318 | * tokens have been revoked.
|
319 | */
|
320 | revokeRefreshTokens(uid: string): Promise<void>;
|
321 | /**
|
322 | * Imports the provided list of users into Firebase Auth.
|
323 | * A maximum of 1000 users are allowed to be imported one at a time.
|
324 | * When importing users with passwords,
|
325 | * {@link UserImportOptions} are required to be
|
326 | * specified.
|
327 | * This operation is optimized for bulk imports and will ignore checks on `uid`,
|
328 | * `email` and other identifier uniqueness which could result in duplications.
|
329 | *
|
330 | * @param users - The list of user records to import to Firebase Auth.
|
331 | * @param options - The user import options, required when the users provided include
|
332 | * password credentials.
|
333 | * @returns A promise that resolves when
|
334 | * the operation completes with the result of the import. This includes the
|
335 | * number of successful imports, the number of failed imports and their
|
336 | * corresponding errors.
|
337 | */
|
338 | importUsers(users: UserImportRecord[], options?: UserImportOptions): Promise<UserImportResult>;
|
339 | /**
|
340 | * Creates a new Firebase session cookie with the specified options. The created
|
341 | * JWT string can be set as a server-side session cookie with a custom cookie
|
342 | * policy, and be used for session management. The session cookie JWT will have
|
343 | * the same payload claims as the provided ID token.
|
344 | *
|
345 | * See {@link https://firebase.google.com/docs/auth/admin/manage-cookies | Manage Session Cookies}
|
346 | * for code samples and detailed documentation.
|
347 | *
|
348 | * @param idToken - The Firebase ID token to exchange for a session
|
349 | * cookie.
|
350 | * @param sessionCookieOptions - The session
|
351 | * cookie options which includes custom session duration.
|
352 | *
|
353 | * @returns A promise that resolves on success with the
|
354 | * created session cookie.
|
355 | */
|
356 | createSessionCookie(idToken: string, sessionCookieOptions: SessionCookieOptions): Promise<string>;
|
357 | /**
|
358 | * Verifies a Firebase session cookie. Returns a Promise with the cookie claims.
|
359 | * Rejects the promise if the cookie could not be verified.
|
360 | *
|
361 | * If `checkRevoked` is set to true, first verifies whether the corresponding
|
362 | * user is disabled: If yes, an `auth/user-disabled` error is thrown. If no,
|
363 | * verifies if the session corresponding to the session cookie was revoked.
|
364 | * If the corresponding user's session was invalidated, an
|
365 | * `auth/session-cookie-revoked` error is thrown. If not specified the check
|
366 | * is not performed.
|
367 | *
|
368 | * See {@link https://firebase.google.com/docs/auth/admin/manage-cookies#verify_session_cookie_and_check_permissions |
|
369 | * Verify Session Cookies}
|
370 | * for code samples and detailed documentation
|
371 | *
|
372 | * @param sessionCookie - The session cookie to verify.
|
373 | * @param checkForRevocation - Whether to check if the session cookie was
|
374 | * revoked. This requires an extra request to the Firebase Auth backend to
|
375 | * check the `tokensValidAfterTime` time for the corresponding user.
|
376 | * When not specified, this additional check is not performed.
|
377 | *
|
378 | * @returns A promise fulfilled with the
|
379 | * session cookie's decoded claims if the session cookie is valid; otherwise,
|
380 | * a rejected promise.
|
381 | */
|
382 | verifySessionCookie(sessionCookie: string, checkRevoked?: boolean): Promise<DecodedIdToken>;
|
383 | /**
|
384 | * Generates the out of band email action link to reset a user's password.
|
385 | * The link is generated for the user with the specified email address. The
|
386 | * optional {@link ActionCodeSettings} object
|
387 | * defines whether the link is to be handled by a mobile app or browser and the
|
388 | * additional state information to be passed in the deep link, etc.
|
389 | *
|
390 | * @example
|
391 | * ```javascript
|
392 | * var actionCodeSettings = {
|
393 | * url: 'https://www.example.com/?email=user@example.com',
|
394 | * iOS: {
|
395 | * bundleId: 'com.example.ios'
|
396 | * },
|
397 | * android: {
|
398 | * packageName: 'com.example.android',
|
399 | * installApp: true,
|
400 | * minimumVersion: '12'
|
401 | * },
|
402 | * handleCodeInApp: true,
|
403 | * dynamicLinkDomain: 'custom.page.link'
|
404 | * };
|
405 | * admin.auth()
|
406 | * .generatePasswordResetLink('user@example.com', actionCodeSettings)
|
407 | * .then(function(link) {
|
408 | * // The link was successfully generated.
|
409 | * })
|
410 | * .catch(function(error) {
|
411 | * // Some error occurred, you can inspect the code: error.code
|
412 | * });
|
413 | * ```
|
414 | *
|
415 | * @param email - The email address of the user whose password is to be
|
416 | * reset.
|
417 | * @param actionCodeSettings - The action
|
418 | * code settings. If specified, the state/continue URL is set as the
|
419 | * "continueUrl" parameter in the password reset link. The default password
|
420 | * reset landing page will use this to display a link to go back to the app
|
421 | * if it is installed.
|
422 | * If the actionCodeSettings is not specified, no URL is appended to the
|
423 | * action URL.
|
424 | * The state URL provided must belong to a domain that is whitelisted by the
|
425 | * developer in the console. Otherwise an error is thrown.
|
426 | * Mobile app redirects are only applicable if the developer configures
|
427 | * and accepts the Firebase Dynamic Links terms of service.
|
428 | * The Android package name and iOS bundle ID are respected only if they
|
429 | * are configured in the same Firebase Auth project.
|
430 | * @returns A promise that resolves with the generated link.
|
431 | */
|
432 | generatePasswordResetLink(email: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
|
433 | /**
|
434 | * Generates the out of band email action link to verify the user's ownership
|
435 | * of the specified email. The {@link ActionCodeSettings} object provided
|
436 | * as an argument to this method defines whether the link is to be handled by a
|
437 | * mobile app or browser along with additional state information to be passed in
|
438 | * the deep link, etc.
|
439 | *
|
440 | * @example
|
441 | * ```javascript
|
442 | * var actionCodeSettings = {
|
443 | * url: 'https://www.example.com/cart?email=user@example.com&cartId=123',
|
444 | * iOS: {
|
445 | * bundleId: 'com.example.ios'
|
446 | * },
|
447 | * android: {
|
448 | * packageName: 'com.example.android',
|
449 | * installApp: true,
|
450 | * minimumVersion: '12'
|
451 | * },
|
452 | * handleCodeInApp: true,
|
453 | * dynamicLinkDomain: 'custom.page.link'
|
454 | * };
|
455 | * admin.auth()
|
456 | * .generateEmailVerificationLink('user@example.com', actionCodeSettings)
|
457 | * .then(function(link) {
|
458 | * // The link was successfully generated.
|
459 | * })
|
460 | * .catch(function(error) {
|
461 | * // Some error occurred, you can inspect the code: error.code
|
462 | * });
|
463 | * ```
|
464 | *
|
465 | * @param email - The email account to verify.
|
466 | * @param actionCodeSettings - The action
|
467 | * code settings. If specified, the state/continue URL is set as the
|
468 | * "continueUrl" parameter in the email verification link. The default email
|
469 | * verification landing page will use this to display a link to go back to
|
470 | * the app if it is installed.
|
471 | * If the actionCodeSettings is not specified, no URL is appended to the
|
472 | * action URL.
|
473 | * The state URL provided must belong to a domain that is whitelisted by the
|
474 | * developer in the console. Otherwise an error is thrown.
|
475 | * Mobile app redirects are only applicable if the developer configures
|
476 | * and accepts the Firebase Dynamic Links terms of service.
|
477 | * The Android package name and iOS bundle ID are respected only if they
|
478 | * are configured in the same Firebase Auth project.
|
479 | * @returns A promise that resolves with the generated link.
|
480 | */
|
481 | generateEmailVerificationLink(email: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
|
482 | /**
|
483 | * Generates the out of band email action link to verify the user's ownership
|
484 | * of the specified email. The {@link ActionCodeSettings} object provided
|
485 | * as an argument to this method defines whether the link is to be handled by a
|
486 | * mobile app or browser along with additional state information to be passed in
|
487 | * the deep link, etc.
|
488 | *
|
489 | * @example
|
490 | * ```javascript
|
491 | * var actionCodeSettings = {
|
492 | * url: 'https://www.example.com/cart?email=user@example.com&cartId=123',
|
493 | * iOS: {
|
494 | * bundleId: 'com.example.ios'
|
495 | * },
|
496 | * android: {
|
497 | * packageName: 'com.example.android',
|
498 | * installApp: true,
|
499 | * minimumVersion: '12'
|
500 | * },
|
501 | * handleCodeInApp: true,
|
502 | * dynamicLinkDomain: 'custom.page.link'
|
503 | * };
|
504 | * admin.auth()
|
505 | * .generateEmailVerificationLink('user@example.com', actionCodeSettings)
|
506 | * .then(function(link) {
|
507 | * // The link was successfully generated.
|
508 | * })
|
509 | * .catch(function(error) {
|
510 | * // Some error occurred, you can inspect the code: error.code
|
511 | * });
|
512 | * ```
|
513 | *
|
514 | * @param email - The email account to verify.
|
515 | * @param actionCodeSettings - The action
|
516 | * code settings. If specified, the state/continue URL is set as the
|
517 | * "continueUrl" parameter in the email verification link. The default email
|
518 | * verification landing page will use this to display a link to go back to
|
519 | * the app if it is installed.
|
520 | * If the actionCodeSettings is not specified, no URL is appended to the
|
521 | * action URL.
|
522 | * The state URL provided must belong to a domain that is whitelisted by the
|
523 | * developer in the console. Otherwise an error is thrown.
|
524 | * Mobile app redirects are only applicable if the developer configures
|
525 | * and accepts the Firebase Dynamic Links terms of service.
|
526 | * The Android package name and iOS bundle ID are respected only if they
|
527 | * are configured in the same Firebase Auth project.
|
528 | * @returns A promise that resolves with the generated link.
|
529 | */
|
530 | generateSignInWithEmailLink(email: string, actionCodeSettings: ActionCodeSettings): Promise<string>;
|
531 | /**
|
532 | * Returns the list of existing provider configurations matching the filter
|
533 | * provided. At most, 100 provider configs can be listed at a time.
|
534 | *
|
535 | * SAML and OIDC provider support requires Google Cloud's Identity Platform
|
536 | * (GCIP). To learn more about GCIP, including pricing and features,
|
537 | * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
|
538 | *
|
539 | * @param options - The provider config filter to apply.
|
540 | * @returns A promise that resolves with the list of provider configs meeting the
|
541 | * filter requirements.
|
542 | */
|
543 | listProviderConfigs(options: AuthProviderConfigFilter): Promise<ListProviderConfigResults>;
|
544 | /**
|
545 | * Looks up an Auth provider configuration by the provided ID.
|
546 | * Returns a promise that resolves with the provider configuration
|
547 | * corresponding to the provider ID specified. If the specified ID does not
|
548 | * exist, an `auth/configuration-not-found` error is thrown.
|
549 | *
|
550 | * SAML and OIDC provider support requires Google Cloud's Identity Platform
|
551 | * (GCIP). To learn more about GCIP, including pricing and features,
|
552 | * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
|
553 | *
|
554 | * @param providerId - The provider ID corresponding to the provider
|
555 | * config to return.
|
556 | * @returns A promise that resolves
|
557 | * with the configuration corresponding to the provided ID.
|
558 | */
|
559 | getProviderConfig(providerId: string): Promise<AuthProviderConfig>;
|
560 | /**
|
561 | * Deletes the provider configuration corresponding to the provider ID passed.
|
562 | * If the specified ID does not exist, an `auth/configuration-not-found` error
|
563 | * is thrown.
|
564 | *
|
565 | * SAML and OIDC provider support requires Google Cloud's Identity Platform
|
566 | * (GCIP). To learn more about GCIP, including pricing and features,
|
567 | * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
|
568 | *
|
569 | * @param providerId - The provider ID corresponding to the provider
|
570 | * config to delete.
|
571 | * @returns A promise that resolves on completion.
|
572 | */
|
573 | deleteProviderConfig(providerId: string): Promise<void>;
|
574 | /**
|
575 | * Returns a promise that resolves with the updated `AuthProviderConfig`
|
576 | * corresponding to the provider ID specified.
|
577 | * If the specified ID does not exist, an `auth/configuration-not-found` error
|
578 | * is thrown.
|
579 | *
|
580 | * SAML and OIDC provider support requires Google Cloud's Identity Platform
|
581 | * (GCIP). To learn more about GCIP, including pricing and features,
|
582 | * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
|
583 | *
|
584 | * @param providerId - The provider ID corresponding to the provider
|
585 | * config to update.
|
586 | * @param updatedConfig - The updated configuration.
|
587 | * @returns A promise that resolves with the updated provider configuration.
|
588 | */
|
589 | updateProviderConfig(providerId: string, updatedConfig: UpdateAuthProviderRequest): Promise<AuthProviderConfig>;
|
590 | /**
|
591 | * Returns a promise that resolves with the newly created `AuthProviderConfig`
|
592 | * when the new provider configuration is created.
|
593 | *
|
594 | * SAML and OIDC provider support requires Google Cloud's Identity Platform
|
595 | * (GCIP). To learn more about GCIP, including pricing and features,
|
596 | * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
|
597 | *
|
598 | * @param config - The provider configuration to create.
|
599 | * @returns A promise that resolves with the created provider configuration.
|
600 | */
|
601 | createProviderConfig(config: AuthProviderConfig): Promise<AuthProviderConfig>;
|
602 | /**
|
603 | * Verifies the decoded Firebase issued JWT is not revoked or disabled. Returns a promise that
|
604 | * resolves with the decoded claims on success. Rejects the promise with revocation error if revoked
|
605 | * or user disabled.
|
606 | *
|
607 | * @param decodedIdToken - The JWT's decoded claims.
|
608 | * @param revocationErrorInfo - The revocation error info to throw on revocation
|
609 | * detection.
|
610 | * @returns A promise that will be fulfilled after a successful verification.
|
611 | */
|
612 | private verifyDecodedJWTNotRevokedOrDisabled;
|
613 | }
|