1 | /*! firebase-admin v10.0.0 */
|
2 | /*!
|
3 | * Copyright 2018 Google Inc.
|
4 | *
|
5 | * Licensed under the Apache License, Version 2.0 (the "License");
|
6 | * you may not use this file except in compliance with the License.
|
7 | * You may obtain a copy of the License at
|
8 | *
|
9 | * http://www.apache.org/licenses/LICENSE-2.0
|
10 | *
|
11 | * Unless required by applicable law or agreed to in writing, software
|
12 | * distributed under the License is distributed on an "AS IS" BASIS,
|
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14 | * See the License for the specific language governing permissions and
|
15 | * limitations under the License.
|
16 | */
|
17 | /**
|
18 | * Interface representing a decoded Firebase ID token, returned from the
|
19 | * {@link BaseAuth.verifyIdToken} method.
|
20 | *
|
21 | * Firebase ID tokens are OpenID Connect spec-compliant JSON Web Tokens (JWTs).
|
22 | * See the
|
23 | * [ID Token section of the OpenID Connect spec](http://openid.net/specs/openid-connect-core-1_0.html#IDToken)
|
24 | * for more information about the specific properties below.
|
25 | */
|
26 | export interface DecodedIdToken {
|
27 | /**
|
28 | * The audience for which this token is intended.
|
29 | *
|
30 | * This value is a string equal to your Firebase project ID, the unique
|
31 | * identifier for your Firebase project, which can be found in [your project's
|
32 | * settings](https://console.firebase.google.com/project/_/settings/general/android:com.random.android).
|
33 | */
|
34 | aud: string;
|
35 | /**
|
36 | * Time, in seconds since the Unix epoch, when the end-user authentication
|
37 | * occurred.
|
38 | *
|
39 | * This value is not set when this particular ID token was created, but when the
|
40 | * user initially logged in to this session. In a single session, the Firebase
|
41 | * SDKs will refresh a user's ID tokens every hour. Each ID token will have a
|
42 | * different [`iat`](#iat) value, but the same `auth_time` value.
|
43 | */
|
44 | auth_time: number;
|
45 | /**
|
46 | * The email of the user to whom the ID token belongs, if available.
|
47 | */
|
48 | email?: string;
|
49 | /**
|
50 | * Whether or not the email of the user to whom the ID token belongs is
|
51 | * verified, provided the user has an email.
|
52 | */
|
53 | email_verified?: boolean;
|
54 | /**
|
55 | * The ID token's expiration time, in seconds since the Unix epoch. That is, the
|
56 | * time at which this ID token expires and should no longer be considered valid.
|
57 | *
|
58 | * The Firebase SDKs transparently refresh ID tokens every hour, issuing a new
|
59 | * ID token with up to a one hour expiration.
|
60 | */
|
61 | exp: number;
|
62 | /**
|
63 | * Information about the sign in event, including which sign in provider was
|
64 | * used and provider-specific identity details.
|
65 | *
|
66 | * This data is provided by the Firebase Authentication service and is a
|
67 | * reserved claim in the ID token.
|
68 | */
|
69 | firebase: {
|
70 | /**
|
71 | * Provider-specific identity details corresponding
|
72 | * to the provider used to sign in the user.
|
73 | */
|
74 | identities: {
|
75 | [key: string]: any;
|
76 | };
|
77 | /**
|
78 | * The ID of the provider used to sign in the user.
|
79 | * One of `"anonymous"`, `"password"`, `"facebook.com"`, `"github.com"`,
|
80 | * `"google.com"`, `"twitter.com"`, `"apple.com"`, `"microsoft.com"`,
|
81 | * `"yahoo.com"`, `"phone"`, `"playgames.google.com"`, `"gc.apple.com"`,
|
82 | * or `"custom"`.
|
83 | *
|
84 | * Additional Identity Platform provider IDs include `"linkedin.com"`,
|
85 | * OIDC and SAML identity providers prefixed with `"saml."` and `"oidc."`
|
86 | * respectively.
|
87 | */
|
88 | sign_in_provider: string;
|
89 | /**
|
90 | * The type identifier or `factorId` of the second factor, provided the
|
91 | * ID token was obtained from a multi-factor authenticated user.
|
92 | * For phone, this is `"phone"`.
|
93 | */
|
94 | sign_in_second_factor?: string;
|
95 | /**
|
96 | * The `uid` of the second factor used to sign in, provided the
|
97 | * ID token was obtained from a multi-factor authenticated user.
|
98 | */
|
99 | second_factor_identifier?: string;
|
100 | /**
|
101 | * The ID of the tenant the user belongs to, if available.
|
102 | */
|
103 | tenant?: string;
|
104 | [key: string]: any;
|
105 | };
|
106 | /**
|
107 | * The ID token's issued-at time, in seconds since the Unix epoch. That is, the
|
108 | * time at which this ID token was issued and should start to be considered
|
109 | * valid.
|
110 | *
|
111 | * The Firebase SDKs transparently refresh ID tokens every hour, issuing a new
|
112 | * ID token with a new issued-at time. If you want to get the time at which the
|
113 | * user session corresponding to the ID token initially occurred, see the
|
114 | * [`auth_time`](#auth_time) property.
|
115 | */
|
116 | iat: number;
|
117 | /**
|
118 | * The issuer identifier for the issuer of the response.
|
119 | *
|
120 | * This value is a URL with the format
|
121 | * `https://securetoken.google.com/<PROJECT_ID>`, where `<PROJECT_ID>` is the
|
122 | * same project ID specified in the [`aud`](#aud) property.
|
123 | */
|
124 | iss: string;
|
125 | /**
|
126 | * The phone number of the user to whom the ID token belongs, if available.
|
127 | */
|
128 | phone_number?: string;
|
129 | /**
|
130 | * The photo URL for the user to whom the ID token belongs, if available.
|
131 | */
|
132 | picture?: string;
|
133 | /**
|
134 | * The `uid` corresponding to the user who the ID token belonged to.
|
135 | *
|
136 | * As a convenience, this value is copied over to the [`uid`](#uid) property.
|
137 | */
|
138 | sub: string;
|
139 | /**
|
140 | * The `uid` corresponding to the user who the ID token belonged to.
|
141 | *
|
142 | * This value is not actually in the JWT token claims itself. It is added as a
|
143 | * convenience, and is set as the value of the [`sub`](#sub) property.
|
144 | */
|
145 | uid: string;
|
146 | /**
|
147 | * Other arbitrary claims included in the ID token.
|
148 | */
|
149 | [key: string]: any;
|
150 | }
|