UNPKG

28.6 kBTypeScriptView Raw
1/*! firebase-admin v10.0.0 */
2/*!
3 * Copyright 2021 Google Inc.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17import { FirebaseArrayIndexError } from '../app';
18import { DecodedIdToken } from './token-verifier';
19import { AuthProviderConfig, AuthProviderConfigFilter, ListProviderConfigResults, UpdateAuthProviderRequest, CreateRequest, UpdateRequest } from './auth-config';
20import { UserRecord } from './user-record';
21import { UserIdentifier } from './identifier';
22import { UserImportOptions, UserImportRecord, UserImportResult } from './user-import-builder';
23import { ActionCodeSettings } from './action-code-settings-builder';
24/** Represents the result of the {@link BaseAuth.getUsers} API. */
25export interface GetUsersResult {
26 /**
27 * Set of user records, corresponding to the set of users that were
28 * requested. Only users that were found are listed here. The result set is
29 * unordered.
30 */
31 users: UserRecord[];
32 /** Set of identifiers that were requested, but not found. */
33 notFound: UserIdentifier[];
34}
35/**
36 * Interface representing the object returned from a
37 * {@link BaseAuth.listUsers} operation. Contains the list
38 * of users for the current batch and the next page token if available.
39 */
40export interface ListUsersResult {
41 /**
42 * The list of {@link UserRecord} objects for the
43 * current downloaded batch.
44 */
45 users: UserRecord[];
46 /**
47 * The next page token if available. This is needed for the next batch download.
48 */
49 pageToken?: string;
50}
51/**
52 * Represents the result of the {@link BaseAuth.deleteUsers}.
53 * API.
54 */
55export interface DeleteUsersResult {
56 /**
57 * The number of user records that failed to be deleted (possibly zero).
58 */
59 failureCount: number;
60 /**
61 * The number of users that were deleted successfully (possibly zero).
62 * Users that did not exist prior to calling `deleteUsers()` are
63 * considered to be successfully deleted.
64 */
65 successCount: number;
66 /**
67 * A list of `FirebaseArrayIndexError` instances describing the errors that
68 * were encountered during the deletion. Length of this list is equal to
69 * the return value of {@link DeleteUsersResult.failureCount}.
70 */
71 errors: FirebaseArrayIndexError[];
72}
73/**
74 * Interface representing the session cookie options needed for the
75 * {@link BaseAuth.createSessionCookie} method.
76 */
77export interface SessionCookieOptions {
78 /**
79 * The session cookie custom expiration in milliseconds. The minimum allowed is
80 * 5 minutes and the maxium allowed is 2 weeks.
81 */
82 expiresIn: number;
83}
84/**
85 * Common parent interface for both `Auth` and `TenantAwareAuth` APIs.
86 */
87export declare abstract class BaseAuth {
88 /**
89 * Creates a new Firebase custom token (JWT) that can be sent back to a client
90 * device to use to sign in with the client SDKs' `signInWithCustomToken()`
91 * methods. (Tenant-aware instances will also embed the tenant ID in the
92 * token.)
93 *
94 * See {@link https://firebase.google.com/docs/auth/admin/create-custom-tokens | Create Custom Tokens}
95 * for code samples and detailed documentation.
96 *
97 * @param uid - The `uid` to use as the custom token's subject.
98 * @param developerClaims - Optional additional claims to include
99 * in the custom token's payload.
100 *
101 * @returns A promise fulfilled with a custom token for the
102 * provided `uid` and payload.
103 */
104 createCustomToken(uid: string, developerClaims?: object): Promise<string>;
105 /**
106 * Verifies a Firebase ID token (JWT). If the token is valid, the promise is
107 * fulfilled with the token's decoded claims; otherwise, the promise is
108 * rejected.
109 *
110 * If `checkRevoked` is set to true, first verifies whether the corresponding
111 * user is disabled. If yes, an `auth/user-disabled` error is thrown. If no,
112 * verifies if the session corresponding to the ID token was revoked. If the
113 * corresponding user's session was invalidated, an `auth/id-token-revoked`
114 * error is thrown. If not specified the check is not applied.
115 *
116 * See {@link https://firebase.google.com/docs/auth/admin/verify-id-tokens | Verify ID Tokens}
117 * for code samples and detailed documentation.
118 *
119 * @param idToken - The ID token to verify.
120 * @param checkRevoked - Whether to check if the ID token was revoked.
121 * This requires an extra request to the Firebase Auth backend to check
122 * the `tokensValidAfterTime` time for the corresponding user.
123 * When not specified, this additional check is not applied.
124 *
125 * @returns A promise fulfilled with the
126 * token's decoded claims if the ID token is valid; otherwise, a rejected
127 * promise.
128 */
129 verifyIdToken(idToken: string, checkRevoked?: boolean): Promise<DecodedIdToken>;
130 /**
131 * Gets the user data for the user corresponding to a given `uid`.
132 *
133 * See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
134 * for code samples and detailed documentation.
135 *
136 * @param uid - The `uid` corresponding to the user whose data to fetch.
137 *
138 * @returns A promise fulfilled with the user
139 * data corresponding to the provided `uid`.
140 */
141 getUser(uid: string): Promise<UserRecord>;
142 /**
143 * Gets the user data for the user corresponding to a given email.
144 *
145 * See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
146 * for code samples and detailed documentation.
147 *
148 * @param email - The email corresponding to the user whose data to
149 * fetch.
150 *
151 * @returns A promise fulfilled with the user
152 * data corresponding to the provided email.
153 */
154 getUserByEmail(email: string): Promise<UserRecord>;
155 /**
156 * Gets the user data for the user corresponding to a given phone number. The
157 * phone number has to conform to the E.164 specification.
158 *
159 * See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
160 * for code samples and detailed documentation.
161 *
162 * @param phoneNumber - The phone number corresponding to the user whose
163 * data to fetch.
164 *
165 * @returns A promise fulfilled with the user
166 * data corresponding to the provided phone number.
167 */
168 getUserByPhoneNumber(phoneNumber: string): Promise<UserRecord>;
169 /**
170 * Gets the user data for the user corresponding to a given provider id.
171 *
172 * See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
173 * for code samples and detailed documentation.
174 *
175 * @param providerId - The provider ID, for example, "google.com" for the
176 * Google provider.
177 * @param uid - The user identifier for the given provider.
178 *
179 * @returns A promise fulfilled with the user data corresponding to the
180 * given provider id.
181 */
182 getUserByProviderUid(providerId: string, uid: string): Promise<UserRecord>;
183 /**
184 * Gets the user data corresponding to the specified identifiers.
185 *
186 * There are no ordering guarantees; in particular, the nth entry in the result list is not
187 * guaranteed to correspond to the nth entry in the input parameters list.
188 *
189 * Only a maximum of 100 identifiers may be supplied. If more than 100 identifiers are supplied,
190 * this method throws a FirebaseAuthError.
191 *
192 * @param identifiers - The identifiers used to indicate which user records should be returned.
193 * Must not have more than 100 entries.
194 * @returns A promise that resolves to the corresponding user records.
195 * @throws FirebaseAuthError If any of the identifiers are invalid or if more than 100
196 * identifiers are specified.
197 */
198 getUsers(identifiers: UserIdentifier[]): Promise<GetUsersResult>;
199 /**
200 * Retrieves a list of users (single batch only) with a size of `maxResults`
201 * starting from the offset as specified by `pageToken`. This is used to
202 * retrieve all the users of a specified project in batches.
203 *
204 * See {@link https://firebase.google.com/docs/auth/admin/manage-users#list_all_users | List all users}
205 * for code samples and detailed documentation.
206 *
207 * @param maxResults - The page size, 1000 if undefined. This is also
208 * the maximum allowed limit.
209 * @param pageToken - The next page token. If not specified, returns
210 * users starting without any offset.
211 * @returns A promise that resolves with
212 * the current batch of downloaded users and the next page token.
213 */
214 listUsers(maxResults?: number, pageToken?: string): Promise<ListUsersResult>;
215 /**
216 * Creates a new user.
217 *
218 * See {@link https://firebase.google.com/docs/auth/admin/manage-users#create_a_user | Create a user}
219 * for code samples and detailed documentation.
220 *
221 * @param properties - The properties to set on the
222 * new user record to be created.
223 *
224 * @returns A promise fulfilled with the user
225 * data corresponding to the newly created user.
226 */
227 createUser(properties: CreateRequest): Promise<UserRecord>;
228 /**
229 * Deletes an existing user.
230 *
231 * See {@link https://firebase.google.com/docs/auth/admin/manage-users#delete_a_user | Delete a user}
232 * for code samples and detailed documentation.
233 *
234 * @param uid - The `uid` corresponding to the user to delete.
235 *
236 * @returns An empty promise fulfilled once the user has been
237 * deleted.
238 */
239 deleteUser(uid: string): Promise<void>;
240 /**
241 * Deletes the users specified by the given uids.
242 *
243 * Deleting a non-existing user won't generate an error (i.e. this method
244 * is idempotent.) Non-existing users are considered to be successfully
245 * deleted, and are therefore counted in the
246 * `DeleteUsersResult.successCount` value.
247 *
248 * Only a maximum of 1000 identifiers may be supplied. If more than 1000
249 * identifiers are supplied, this method throws a FirebaseAuthError.
250 *
251 * This API is currently rate limited at the server to 1 QPS. If you exceed
252 * this, you may get a quota exceeded error. Therefore, if you want to
253 * delete more than 1000 users, you may need to add a delay to ensure you
254 * don't go over this limit.
255 *
256 * @param uids - The `uids` corresponding to the users to delete.
257 *
258 * @returns A Promise that resolves to the total number of successful/failed
259 * deletions, as well as the array of errors that corresponds to the
260 * failed deletions.
261 */
262 deleteUsers(uids: string[]): Promise<DeleteUsersResult>;
263 /**
264 * Updates an existing user.
265 *
266 * See {@link https://firebsae.google.com/docs/auth/admin/manage-users#update_a_user | Update a user}
267 * for code samples and detailed documentation.
268 *
269 * @param uid - The `uid` corresponding to the user to update.
270 * @param properties - The properties to update on
271 * the provided user.
272 *
273 * @returns A promise fulfilled with the
274 * updated user data.
275 */
276 updateUser(uid: string, properties: UpdateRequest): Promise<UserRecord>;
277 /**
278 * Sets additional developer claims on an existing user identified by the
279 * provided `uid`, typically used to define user roles and levels of
280 * access. These claims should propagate to all devices where the user is
281 * already signed in (after token expiration or when token refresh is forced)
282 * and the next time the user signs in. If a reserved OIDC claim name
283 * is used (sub, iat, iss, etc), an error is thrown. They are set on the
284 * authenticated user's ID token JWT.
285 *
286 * See {@link https://firebase.google.com/docs/auth/admin/custom-claims |
287 * Defining user roles and access levels}
288 * for code samples and detailed documentation.
289 *
290 * @param uid - The `uid` of the user to edit.
291 * @param customUserClaims - The developer claims to set. If null is
292 * passed, existing custom claims are deleted. Passing a custom claims payload
293 * larger than 1000 bytes will throw an error. Custom claims are added to the
294 * user's ID token which is transmitted on every authenticated request.
295 * For profile non-access related user attributes, use database or other
296 * separate storage systems.
297 * @returns A promise that resolves when the operation completes
298 * successfully.
299 */
300 setCustomUserClaims(uid: string, customUserClaims: object | null): Promise<void>;
301 /**
302 * Revokes all refresh tokens for an existing user.
303 *
304 * This API will update the user's {@link UserRecord.tokensValidAfterTime} to
305 * the current UTC. It is important that the server on which this is called has
306 * its clock set correctly and synchronized.
307 *
308 * While this will revoke all sessions for a specified user and disable any
309 * new ID tokens for existing sessions from getting minted, existing ID tokens
310 * may remain active until their natural expiration (one hour). To verify that
311 * ID tokens are revoked, use {@link BaseAuth.verifyIdToken}
312 * where `checkRevoked` is set to true.
313 *
314 * @param uid - The `uid` corresponding to the user whose refresh tokens
315 * are to be revoked.
316 *
317 * @returns An empty promise fulfilled once the user's refresh
318 * tokens have been revoked.
319 */
320 revokeRefreshTokens(uid: string): Promise<void>;
321 /**
322 * Imports the provided list of users into Firebase Auth.
323 * A maximum of 1000 users are allowed to be imported one at a time.
324 * When importing users with passwords,
325 * {@link UserImportOptions} are required to be
326 * specified.
327 * This operation is optimized for bulk imports and will ignore checks on `uid`,
328 * `email` and other identifier uniqueness which could result in duplications.
329 *
330 * @param users - The list of user records to import to Firebase Auth.
331 * @param options - The user import options, required when the users provided include
332 * password credentials.
333 * @returns A promise that resolves when
334 * the operation completes with the result of the import. This includes the
335 * number of successful imports, the number of failed imports and their
336 * corresponding errors.
337 */
338 importUsers(users: UserImportRecord[], options?: UserImportOptions): Promise<UserImportResult>;
339 /**
340 * Creates a new Firebase session cookie with the specified options. The created
341 * JWT string can be set as a server-side session cookie with a custom cookie
342 * policy, and be used for session management. The session cookie JWT will have
343 * the same payload claims as the provided ID token.
344 *
345 * See {@link https://firebase.google.com/docs/auth/admin/manage-cookies | Manage Session Cookies}
346 * for code samples and detailed documentation.
347 *
348 * @param idToken - The Firebase ID token to exchange for a session
349 * cookie.
350 * @param sessionCookieOptions - The session
351 * cookie options which includes custom session duration.
352 *
353 * @returns A promise that resolves on success with the
354 * created session cookie.
355 */
356 createSessionCookie(idToken: string, sessionCookieOptions: SessionCookieOptions): Promise<string>;
357 /**
358 * Verifies a Firebase session cookie. Returns a Promise with the cookie claims.
359 * Rejects the promise if the cookie could not be verified.
360 *
361 * If `checkRevoked` is set to true, first verifies whether the corresponding
362 * user is disabled: If yes, an `auth/user-disabled` error is thrown. If no,
363 * verifies if the session corresponding to the session cookie was revoked.
364 * If the corresponding user's session was invalidated, an
365 * `auth/session-cookie-revoked` error is thrown. If not specified the check
366 * is not performed.
367 *
368 * See {@link https://firebase.google.com/docs/auth/admin/manage-cookies#verify_session_cookie_and_check_permissions |
369 * Verify Session Cookies}
370 * for code samples and detailed documentation
371 *
372 * @param sessionCookie - The session cookie to verify.
373 * @param checkForRevocation - Whether to check if the session cookie was
374 * revoked. This requires an extra request to the Firebase Auth backend to
375 * check the `tokensValidAfterTime` time for the corresponding user.
376 * When not specified, this additional check is not performed.
377 *
378 * @returns A promise fulfilled with the
379 * session cookie's decoded claims if the session cookie is valid; otherwise,
380 * a rejected promise.
381 */
382 verifySessionCookie(sessionCookie: string, checkRevoked?: boolean): Promise<DecodedIdToken>;
383 /**
384 * Generates the out of band email action link to reset a user's password.
385 * The link is generated for the user with the specified email address. The
386 * optional {@link ActionCodeSettings} object
387 * defines whether the link is to be handled by a mobile app or browser and the
388 * additional state information to be passed in the deep link, etc.
389 *
390 * @example
391 * ```javascript
392 * var actionCodeSettings = {
393 * url: 'https://www.example.com/?email=user@example.com',
394 * iOS: {
395 * bundleId: 'com.example.ios'
396 * },
397 * android: {
398 * packageName: 'com.example.android',
399 * installApp: true,
400 * minimumVersion: '12'
401 * },
402 * handleCodeInApp: true,
403 * dynamicLinkDomain: 'custom.page.link'
404 * };
405 * admin.auth()
406 * .generatePasswordResetLink('user@example.com', actionCodeSettings)
407 * .then(function(link) {
408 * // The link was successfully generated.
409 * })
410 * .catch(function(error) {
411 * // Some error occurred, you can inspect the code: error.code
412 * });
413 * ```
414 *
415 * @param email - The email address of the user whose password is to be
416 * reset.
417 * @param actionCodeSettings - The action
418 * code settings. If specified, the state/continue URL is set as the
419 * "continueUrl" parameter in the password reset link. The default password
420 * reset landing page will use this to display a link to go back to the app
421 * if it is installed.
422 * If the actionCodeSettings is not specified, no URL is appended to the
423 * action URL.
424 * The state URL provided must belong to a domain that is whitelisted by the
425 * developer in the console. Otherwise an error is thrown.
426 * Mobile app redirects are only applicable if the developer configures
427 * and accepts the Firebase Dynamic Links terms of service.
428 * The Android package name and iOS bundle ID are respected only if they
429 * are configured in the same Firebase Auth project.
430 * @returns A promise that resolves with the generated link.
431 */
432 generatePasswordResetLink(email: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
433 /**
434 * Generates the out of band email action link to verify the user's ownership
435 * of the specified email. The {@link ActionCodeSettings} object provided
436 * as an argument to this method defines whether the link is to be handled by a
437 * mobile app or browser along with additional state information to be passed in
438 * the deep link, etc.
439 *
440 * @example
441 * ```javascript
442 * var actionCodeSettings = {
443 * url: 'https://www.example.com/cart?email=user@example.com&cartId=123',
444 * iOS: {
445 * bundleId: 'com.example.ios'
446 * },
447 * android: {
448 * packageName: 'com.example.android',
449 * installApp: true,
450 * minimumVersion: '12'
451 * },
452 * handleCodeInApp: true,
453 * dynamicLinkDomain: 'custom.page.link'
454 * };
455 * admin.auth()
456 * .generateEmailVerificationLink('user@example.com', actionCodeSettings)
457 * .then(function(link) {
458 * // The link was successfully generated.
459 * })
460 * .catch(function(error) {
461 * // Some error occurred, you can inspect the code: error.code
462 * });
463 * ```
464 *
465 * @param email - The email account to verify.
466 * @param actionCodeSettings - The action
467 * code settings. If specified, the state/continue URL is set as the
468 * "continueUrl" parameter in the email verification link. The default email
469 * verification landing page will use this to display a link to go back to
470 * the app if it is installed.
471 * If the actionCodeSettings is not specified, no URL is appended to the
472 * action URL.
473 * The state URL provided must belong to a domain that is whitelisted by the
474 * developer in the console. Otherwise an error is thrown.
475 * Mobile app redirects are only applicable if the developer configures
476 * and accepts the Firebase Dynamic Links terms of service.
477 * The Android package name and iOS bundle ID are respected only if they
478 * are configured in the same Firebase Auth project.
479 * @returns A promise that resolves with the generated link.
480 */
481 generateEmailVerificationLink(email: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
482 /**
483 * Generates the out of band email action link to verify the user's ownership
484 * of the specified email. The {@link ActionCodeSettings} object provided
485 * as an argument to this method defines whether the link is to be handled by a
486 * mobile app or browser along with additional state information to be passed in
487 * the deep link, etc.
488 *
489 * @example
490 * ```javascript
491 * var actionCodeSettings = {
492 * url: 'https://www.example.com/cart?email=user@example.com&cartId=123',
493 * iOS: {
494 * bundleId: 'com.example.ios'
495 * },
496 * android: {
497 * packageName: 'com.example.android',
498 * installApp: true,
499 * minimumVersion: '12'
500 * },
501 * handleCodeInApp: true,
502 * dynamicLinkDomain: 'custom.page.link'
503 * };
504 * admin.auth()
505 * .generateEmailVerificationLink('user@example.com', actionCodeSettings)
506 * .then(function(link) {
507 * // The link was successfully generated.
508 * })
509 * .catch(function(error) {
510 * // Some error occurred, you can inspect the code: error.code
511 * });
512 * ```
513 *
514 * @param email - The email account to verify.
515 * @param actionCodeSettings - The action
516 * code settings. If specified, the state/continue URL is set as the
517 * "continueUrl" parameter in the email verification link. The default email
518 * verification landing page will use this to display a link to go back to
519 * the app if it is installed.
520 * If the actionCodeSettings is not specified, no URL is appended to the
521 * action URL.
522 * The state URL provided must belong to a domain that is whitelisted by the
523 * developer in the console. Otherwise an error is thrown.
524 * Mobile app redirects are only applicable if the developer configures
525 * and accepts the Firebase Dynamic Links terms of service.
526 * The Android package name and iOS bundle ID are respected only if they
527 * are configured in the same Firebase Auth project.
528 * @returns A promise that resolves with the generated link.
529 */
530 generateSignInWithEmailLink(email: string, actionCodeSettings: ActionCodeSettings): Promise<string>;
531 /**
532 * Returns the list of existing provider configurations matching the filter
533 * provided. At most, 100 provider configs can be listed at a time.
534 *
535 * SAML and OIDC provider support requires Google Cloud's Identity Platform
536 * (GCIP). To learn more about GCIP, including pricing and features,
537 * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
538 *
539 * @param options - The provider config filter to apply.
540 * @returns A promise that resolves with the list of provider configs meeting the
541 * filter requirements.
542 */
543 listProviderConfigs(options: AuthProviderConfigFilter): Promise<ListProviderConfigResults>;
544 /**
545 * Looks up an Auth provider configuration by the provided ID.
546 * Returns a promise that resolves with the provider configuration
547 * corresponding to the provider ID specified. If the specified ID does not
548 * exist, an `auth/configuration-not-found` error is thrown.
549 *
550 * SAML and OIDC provider support requires Google Cloud's Identity Platform
551 * (GCIP). To learn more about GCIP, including pricing and features,
552 * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
553 *
554 * @param providerId - The provider ID corresponding to the provider
555 * config to return.
556 * @returns A promise that resolves
557 * with the configuration corresponding to the provided ID.
558 */
559 getProviderConfig(providerId: string): Promise<AuthProviderConfig>;
560 /**
561 * Deletes the provider configuration corresponding to the provider ID passed.
562 * If the specified ID does not exist, an `auth/configuration-not-found` error
563 * is thrown.
564 *
565 * SAML and OIDC provider support requires Google Cloud's Identity Platform
566 * (GCIP). To learn more about GCIP, including pricing and features,
567 * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
568 *
569 * @param providerId - The provider ID corresponding to the provider
570 * config to delete.
571 * @returns A promise that resolves on completion.
572 */
573 deleteProviderConfig(providerId: string): Promise<void>;
574 /**
575 * Returns a promise that resolves with the updated `AuthProviderConfig`
576 * corresponding to the provider ID specified.
577 * If the specified ID does not exist, an `auth/configuration-not-found` error
578 * is thrown.
579 *
580 * SAML and OIDC provider support requires Google Cloud's Identity Platform
581 * (GCIP). To learn more about GCIP, including pricing and features,
582 * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
583 *
584 * @param providerId - The provider ID corresponding to the provider
585 * config to update.
586 * @param updatedConfig - The updated configuration.
587 * @returns A promise that resolves with the updated provider configuration.
588 */
589 updateProviderConfig(providerId: string, updatedConfig: UpdateAuthProviderRequest): Promise<AuthProviderConfig>;
590 /**
591 * Returns a promise that resolves with the newly created `AuthProviderConfig`
592 * when the new provider configuration is created.
593 *
594 * SAML and OIDC provider support requires Google Cloud's Identity Platform
595 * (GCIP). To learn more about GCIP, including pricing and features,
596 * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
597 *
598 * @param config - The provider configuration to create.
599 * @returns A promise that resolves with the created provider configuration.
600 */
601 createProviderConfig(config: AuthProviderConfig): Promise<AuthProviderConfig>;
602 /**
603 * Verifies the decoded Firebase issued JWT is not revoked or disabled. Returns a promise that
604 * resolves with the decoded claims on success. Rejects the promise with revocation error if revoked
605 * or user disabled.
606 *
607 * @param decodedIdToken - The JWT's decoded claims.
608 * @param revocationErrorInfo - The revocation error info to throw on revocation
609 * detection.
610 * @returns A promise that will be fulfilled after a successful verification.
611 */
612 private verifyDecodedJWTNotRevokedOrDisabled;
613}