UNPKG

25.9 kBTypeScriptView Raw
1/*! firebase-admin v12.0.0 */
2/*!
3 * Copyright 2018 Google Inc.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17/**
18 * Interface representing base properties of a user-enrolled second factor for a
19 * `CreateRequest`.
20 */
21export interface BaseCreateMultiFactorInfoRequest {
22 /**
23 * The optional display name for an enrolled second factor.
24 */
25 displayName?: string;
26 /**
27 * The type identifier of the second factor. For SMS second factors, this is `phone`.
28 */
29 factorId: string;
30}
31/**
32 * Interface representing a phone specific user-enrolled second factor for a
33 * `CreateRequest`.
34 */
35export interface CreatePhoneMultiFactorInfoRequest extends BaseCreateMultiFactorInfoRequest {
36 /**
37 * The phone number associated with a phone second factor.
38 */
39 phoneNumber: string;
40}
41/**
42 * Type representing the properties of a user-enrolled second factor
43 * for a `CreateRequest`.
44 */
45export type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;
46/**
47 * Interface representing common properties of a user-enrolled second factor
48 * for an `UpdateRequest`.
49 */
50export interface BaseUpdateMultiFactorInfoRequest {
51 /**
52 * The ID of the enrolled second factor. This ID is unique to the user. When not provided,
53 * a new one is provisioned by the Auth server.
54 */
55 uid?: string;
56 /**
57 * The optional display name for an enrolled second factor.
58 */
59 displayName?: string;
60 /**
61 * The optional date the second factor was enrolled, formatted as a UTC string.
62 */
63 enrollmentTime?: string;
64 /**
65 * The type identifier of the second factor. For SMS second factors, this is `phone`.
66 */
67 factorId: string;
68}
69/**
70 * Interface representing a phone specific user-enrolled second factor
71 * for an `UpdateRequest`.
72 */
73export interface UpdatePhoneMultiFactorInfoRequest extends BaseUpdateMultiFactorInfoRequest {
74 /**
75 * The phone number associated with a phone second factor.
76 */
77 phoneNumber: string;
78}
79/**
80 * Type representing the properties of a user-enrolled second factor
81 * for an `UpdateRequest`.
82 */
83export type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;
84/**
85 * The multi-factor related user settings for create operations.
86 */
87export interface MultiFactorCreateSettings {
88 /**
89 * The created user's list of enrolled second factors.
90 */
91 enrolledFactors: CreateMultiFactorInfoRequest[];
92}
93/**
94 * The multi-factor related user settings for update operations.
95 */
96export interface MultiFactorUpdateSettings {
97 /**
98 * The updated list of enrolled second factors. The provided list overwrites the user's
99 * existing list of second factors.
100 * When null is passed, all of the user's existing second factors are removed.
101 */
102 enrolledFactors: UpdateMultiFactorInfoRequest[] | null;
103}
104/**
105 * Interface representing the properties to update on the provided user.
106 */
107export interface UpdateRequest {
108 /**
109 * Whether or not the user is disabled: `true` for disabled;
110 * `false` for enabled.
111 */
112 disabled?: boolean;
113 /**
114 * The user's display name.
115 */
116 displayName?: string | null;
117 /**
118 * The user's primary email.
119 */
120 email?: string;
121 /**
122 * Whether or not the user's primary email is verified.
123 */
124 emailVerified?: boolean;
125 /**
126 * The user's unhashed password.
127 */
128 password?: string;
129 /**
130 * The user's primary phone number.
131 */
132 phoneNumber?: string | null;
133 /**
134 * The user's photo URL.
135 */
136 photoURL?: string | null;
137 /**
138 * The user's updated multi-factor related properties.
139 */
140 multiFactor?: MultiFactorUpdateSettings;
141 /**
142 * Links this user to the specified provider.
143 *
144 * Linking a provider to an existing user account does not invalidate the
145 * refresh token of that account. In other words, the existing account
146 * would continue to be able to access resources, despite not having used
147 * the newly linked provider to log in. If you wish to force the user to
148 * authenticate with this new provider, you need to (a) revoke their
149 * refresh token (see
150 * https://firebase.google.com/docs/auth/admin/manage-sessions#revoke_refresh_tokens),
151 * and (b) ensure no other authentication methods are present on this
152 * account.
153 */
154 providerToLink?: UserProvider;
155 /**
156 * Unlinks this user from the specified providers.
157 */
158 providersToUnlink?: string[];
159}
160/**
161 * Represents a user identity provider that can be associated with a Firebase user.
162 */
163export interface UserProvider {
164 /**
165 * The user identifier for the linked provider.
166 */
167 uid?: string;
168 /**
169 * The display name for the linked provider.
170 */
171 displayName?: string;
172 /**
173 * The email for the linked provider.
174 */
175 email?: string;
176 /**
177 * The phone number for the linked provider.
178 */
179 phoneNumber?: string;
180 /**
181 * The photo URL for the linked provider.
182 */
183 photoURL?: string;
184 /**
185 * The linked provider ID (for example, "google.com" for the Google provider).
186 */
187 providerId?: string;
188}
189/**
190 * Interface representing the properties to set on a new user record to be
191 * created.
192 */
193export interface CreateRequest extends UpdateRequest {
194 /**
195 * The user's `uid`.
196 */
197 uid?: string;
198 /**
199 * The user's multi-factor related properties.
200 */
201 multiFactor?: MultiFactorCreateSettings;
202}
203/**
204 * The response interface for listing provider configs. This is only available
205 * when listing all identity providers' configurations via
206 * {@link BaseAuth.listProviderConfigs}.
207 */
208export interface ListProviderConfigResults {
209 /**
210 * The list of providers for the specified type in the current page.
211 */
212 providerConfigs: AuthProviderConfig[];
213 /**
214 * The next page token, if available.
215 */
216 pageToken?: string;
217}
218/**
219 * The filter interface used for listing provider configurations. This is used
220 * when specifying how to list configured identity providers via
221 * {@link BaseAuth.listProviderConfigs}.
222 */
223export interface AuthProviderConfigFilter {
224 /**
225 * The Auth provider configuration filter. This can be either `saml` or `oidc`.
226 * The former is used to look up SAML providers only, while the latter is used
227 * for OIDC providers.
228 */
229 type: 'saml' | 'oidc';
230 /**
231 * The maximum number of results to return per page. The default and maximum is
232 * 100.
233 */
234 maxResults?: number;
235 /**
236 * The next page token. When not specified, the lookup starts from the beginning
237 * of the list.
238 */
239 pageToken?: string;
240}
241/**
242 * The request interface for updating a SAML Auth provider. This is used
243 * when updating a SAML provider's configuration via
244 * {@link BaseAuth.updateProviderConfig}.
245 */
246export interface SAMLUpdateAuthProviderRequest {
247 /**
248 * The SAML provider's updated display name. If not provided, the existing
249 * configuration's value is not modified.
250 */
251 displayName?: string;
252 /**
253 * Whether the SAML provider is enabled or not. If not provided, the existing
254 * configuration's setting is not modified.
255 */
256 enabled?: boolean;
257 /**
258 * The SAML provider's updated IdP entity ID. If not provided, the existing
259 * configuration's value is not modified.
260 */
261 idpEntityId?: string;
262 /**
263 * The SAML provider's updated SSO URL. If not provided, the existing
264 * configuration's value is not modified.
265 */
266 ssoURL?: string;
267 /**
268 * The SAML provider's updated list of X.509 certificated. If not provided, the
269 * existing configuration list is not modified.
270 */
271 x509Certificates?: string[];
272 /**
273 * The SAML provider's updated RP entity ID. If not provided, the existing
274 * configuration's value is not modified.
275 */
276 rpEntityId?: string;
277 /**
278 * The SAML provider's callback URL. If not provided, the existing
279 * configuration's value is not modified.
280 */
281 callbackURL?: string;
282}
283/**
284 * The request interface for updating an OIDC Auth provider. This is used
285 * when updating an OIDC provider's configuration via
286 * {@link BaseAuth.updateProviderConfig}.
287 */
288export interface OIDCUpdateAuthProviderRequest {
289 /**
290 * The OIDC provider's updated display name. If not provided, the existing
291 * configuration's value is not modified.
292 */
293 displayName?: string;
294 /**
295 * Whether the OIDC provider is enabled or not. If not provided, the existing
296 * configuration's setting is not modified.
297 */
298 enabled?: boolean;
299 /**
300 * The OIDC provider's updated client ID. If not provided, the existing
301 * configuration's value is not modified.
302 */
303 clientId?: string;
304 /**
305 * The OIDC provider's updated issuer. If not provided, the existing
306 * configuration's value is not modified.
307 */
308 issuer?: string;
309 /**
310 * The OIDC provider's client secret to enable OIDC code flow.
311 * If not provided, the existing configuration's value is not modified.
312 */
313 clientSecret?: string;
314 /**
315 * The OIDC provider's response object for OAuth authorization flow.
316 */
317 responseType?: OAuthResponseType;
318}
319export type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;
320/** A maximum of 10 test phone number / code pairs can be configured. */
321export declare const MAXIMUM_TEST_PHONE_NUMBERS = 10;
322/** The server side SAML configuration request interface. */
323export interface SAMLConfigServerRequest {
324 idpConfig?: {
325 idpEntityId?: string;
326 ssoUrl?: string;
327 idpCertificates?: Array<{
328 x509Certificate: string;
329 }>;
330 signRequest?: boolean;
331 };
332 spConfig?: {
333 spEntityId?: string;
334 callbackUri?: string;
335 };
336 displayName?: string;
337 enabled?: boolean;
338 [key: string]: any;
339}
340/** The server side SAML configuration response interface. */
341export interface SAMLConfigServerResponse {
342 name?: string;
343 idpConfig?: {
344 idpEntityId?: string;
345 ssoUrl?: string;
346 idpCertificates?: Array<{
347 x509Certificate: string;
348 }>;
349 signRequest?: boolean;
350 };
351 spConfig?: {
352 spEntityId?: string;
353 callbackUri?: string;
354 };
355 displayName?: string;
356 enabled?: boolean;
357}
358/** The server side OIDC configuration request interface. */
359export interface OIDCConfigServerRequest {
360 clientId?: string;
361 issuer?: string;
362 displayName?: string;
363 enabled?: boolean;
364 clientSecret?: string;
365 responseType?: OAuthResponseType;
366 [key: string]: any;
367}
368/** The server side OIDC configuration response interface. */
369export interface OIDCConfigServerResponse {
370 name?: string;
371 clientId?: string;
372 issuer?: string;
373 displayName?: string;
374 enabled?: boolean;
375 clientSecret?: string;
376 responseType?: OAuthResponseType;
377}
378/** The server side email configuration request interface. */
379export interface EmailSignInConfigServerRequest {
380 allowPasswordSignup?: boolean;
381 enableEmailLinkSignin?: boolean;
382}
383/** Identifies the server side second factor type. */
384type AuthFactorServerType = 'PHONE_SMS';
385/** Server side multi-factor configuration. */
386export interface MultiFactorAuthServerConfig {
387 state?: MultiFactorConfigState;
388 enabledProviders?: AuthFactorServerType[];
389 providerConfigs?: MultiFactorProviderConfig[];
390}
391/**
392 * Identifies a second factor type.
393 */
394export type AuthFactorType = 'phone';
395/**
396 * Identifies a multi-factor configuration state.
397 */
398export type MultiFactorConfigState = 'ENABLED' | 'DISABLED';
399/**
400 * Interface representing a multi-factor configuration.
401 * This can be used to define whether multi-factor authentication is enabled
402 * or disabled and the list of second factor challenges that are supported.
403 */
404export interface MultiFactorConfig {
405 /**
406 * The multi-factor config state.
407 */
408 state: MultiFactorConfigState;
409 /**
410 * The list of identifiers for enabled second factors.
411 * Currently only ‘phone’ is supported.
412 */
413 factorIds?: AuthFactorType[];
414 /**
415 * A list of multi-factor provider configurations.
416 * MFA providers (except phone) indicate whether they're enabled through this field. */
417 providerConfigs?: MultiFactorProviderConfig[];
418}
419/**
420 * Interface representing a multi-factor auth provider configuration.
421 * This interface is used for second factor auth providers other than SMS.
422 * Currently, only TOTP is supported.
423 */ export interface MultiFactorProviderConfig {
424 /**
425 * Indicates whether this multi-factor provider is enabled or disabled. */
426 state: MultiFactorConfigState;
427 /**
428 * TOTP multi-factor provider config. */
429 totpProviderConfig?: TotpMultiFactorProviderConfig;
430}
431/**
432 * Interface representing configuration settings for TOTP second factor auth.
433 */
434export interface TotpMultiFactorProviderConfig {
435 /**
436 * The allowed number of adjacent intervals that will be used for verification
437 * to compensate for clock skew. */
438 adjacentIntervals?: number;
439}
440/**
441 * Validates the provided map of test phone number / code pairs.
442 * @param testPhoneNumbers - The phone number / code pairs to validate.
443 */
444export declare function validateTestPhoneNumbers(testPhoneNumbers: {
445 [phoneNumber: string]: string;
446}): void;
447/**
448 * The email sign in provider configuration.
449 */
450export interface EmailSignInProviderConfig {
451 /**
452 * Whether email provider is enabled.
453 */
454 enabled: boolean;
455 /**
456 * Whether password is required for email sign-in. When not required,
457 * email sign-in can be performed with password or via email link sign-in.
458 */
459 passwordRequired?: boolean;
460}
461/**
462 * The base Auth provider configuration interface.
463 */
464export interface BaseAuthProviderConfig {
465 /**
466 * The provider ID defined by the developer.
467 * For a SAML provider, this is always prefixed by `saml.`.
468 * For an OIDC provider, this is always prefixed by `oidc.`.
469 */
470 providerId: string;
471 /**
472 * The user-friendly display name to the current configuration. This name is
473 * also used as the provider label in the Cloud Console.
474 */
475 displayName?: string;
476 /**
477 * Whether the provider configuration is enabled or disabled. A user
478 * cannot sign in using a disabled provider.
479 */
480 enabled: boolean;
481}
482/**
483 * The
484 * [SAML](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html)
485 * Auth provider configuration interface. A SAML provider can be created via
486 * {@link BaseAuth.createProviderConfig}.
487 */
488export interface SAMLAuthProviderConfig extends BaseAuthProviderConfig {
489 /**
490 * The SAML IdP entity identifier.
491 */
492 idpEntityId: string;
493 /**
494 * The SAML IdP SSO URL. This must be a valid URL.
495 */
496 ssoURL: string;
497 /**
498 * The list of SAML IdP X.509 certificates issued by CA for this provider.
499 * Multiple certificates are accepted to prevent outages during
500 * IdP key rotation (for example ADFS rotates every 10 days). When the Auth
501 * server receives a SAML response, it will match the SAML response with the
502 * certificate on record. Otherwise the response is rejected.
503 * Developers are expected to manage the certificate updates as keys are
504 * rotated.
505 */
506 x509Certificates: string[];
507 /**
508 * The SAML relying party (service provider) entity ID.
509 * This is defined by the developer but needs to be provided to the SAML IdP.
510 */
511 rpEntityId: string;
512 /**
513 * This is fixed and must always be the same as the OAuth redirect URL
514 * provisioned by Firebase Auth,
515 * `https://project-id.firebaseapp.com/__/auth/handler` unless a custom
516 * `authDomain` is used.
517 * The callback URL should also be provided to the SAML IdP during
518 * configuration.
519 */
520 callbackURL?: string;
521}
522/**
523 * The interface representing OIDC provider's response object for OAuth
524 * authorization flow.
525 * One of the following settings is required:
526 * <ul>
527 * <li>Set <code>code</code> to <code>true</code> for the code flow.</li>
528 * <li>Set <code>idToken</code> to <code>true</code> for the ID token flow.</li>
529 * </ul>
530 */
531export interface OAuthResponseType {
532 /**
533 * Whether ID token is returned from IdP's authorization endpoint.
534 */
535 idToken?: boolean;
536 /**
537 * Whether authorization code is returned from IdP's authorization endpoint.
538 */
539 code?: boolean;
540}
541/**
542 * The [OIDC](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth
543 * provider configuration interface. An OIDC provider can be created via
544 * {@link BaseAuth.createProviderConfig}.
545 */
546export interface OIDCAuthProviderConfig extends BaseAuthProviderConfig {
547 /**
548 * This is the required client ID used to confirm the audience of an OIDC
549 * provider's
550 * [ID token](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).
551 */
552 clientId: string;
553 /**
554 * This is the required provider issuer used to match the provider issuer of
555 * the ID token and to determine the corresponding OIDC discovery document, eg.
556 * [`/.well-known/openid-configuration`](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig).
557 * This is needed for the following:
558 * <ul>
559 * <li>To verify the provided issuer.</li>
560 * <li>Determine the authentication/authorization endpoint during the OAuth
561 * `id_token` authentication flow.</li>
562 * <li>To retrieve the public signing keys via `jwks_uri` to verify the OIDC
563 * provider's ID token's signature.</li>
564 * <li>To determine the claims_supported to construct the user attributes to be
565 * returned in the additional user info response.</li>
566 * </ul>
567 * ID token validation will be performed as defined in the
568 * [spec](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).
569 */
570 issuer: string;
571 /**
572 * The OIDC provider's client secret to enable OIDC code flow.
573 */
574 clientSecret?: string;
575 /**
576 * The OIDC provider's response object for OAuth authorization flow.
577 */
578 responseType?: OAuthResponseType;
579}
580/**
581 * The Auth provider configuration type.
582 * {@link BaseAuth.createProviderConfig}.
583 */
584export type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;
585/**
586 * The request interface for updating a SMS Region Config.
587 * Configures the regions where users are allowed to send verification SMS.
588 * This is based on the calling code of the destination phone number.
589 */
590export type SmsRegionConfig = AllowByDefaultWrap | AllowlistOnlyWrap;
591/**
592 * Mutual exclusive SMS Region Config of AllowByDefault interface
593 */
594export interface AllowByDefaultWrap {
595 /**
596 * Allow every region by default.
597 */
598 allowByDefault: AllowByDefault;
599 /** @alpha */
600 allowlistOnly?: never;
601}
602/**
603 * Mutually exclusive SMS Region Config of AllowlistOnly interface
604 */
605export interface AllowlistOnlyWrap {
606 /**
607 * Only allowing regions by explicitly adding them to an
608 * allowlist.
609 */
610 allowlistOnly: AllowlistOnly;
611 /** @alpha */
612 allowByDefault?: never;
613}
614/**
615 * Defines a policy of allowing every region by default and adding disallowed
616 * regions to a disallow list.
617 */
618export interface AllowByDefault {
619 /**
620 * Two letter unicode region codes to disallow as defined by
621 * https://cldr.unicode.org/
622 * The full list of these region codes is here:
623 * https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json
624 */
625 disallowedRegions: string[];
626}
627/**
628 * Defines a policy of only allowing regions by explicitly adding them to an
629 * allowlist.
630 */
631export interface AllowlistOnly {
632 /**
633 * Two letter unicode region codes to allow as defined by
634 * https://cldr.unicode.org/
635 * The full list of these region codes is here:
636 * https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json
637 */
638 allowedRegions: string[];
639}
640/**
641* Enforcement state of reCAPTCHA protection.
642* - 'OFF': Unenforced.
643* - 'AUDIT': Create assessment but don't enforce the result.
644* - 'ENFORCE': Create assessment and enforce the result.
645*/
646export type RecaptchaProviderEnforcementState = 'OFF' | 'AUDIT' | 'ENFORCE';
647/**
648* The actions to take for reCAPTCHA-protected requests.
649* - 'BLOCK': The reCAPTCHA-protected request will be blocked.
650*/
651export type RecaptchaAction = 'BLOCK';
652/**
653 * The config for a reCAPTCHA action rule.
654 */
655export interface RecaptchaManagedRule {
656 /**
657 * The action will be enforced if the reCAPTCHA score of a request is larger than endScore.
658 */
659 endScore: number;
660 /**
661 * The action for reCAPTCHA-protected requests.
662 */
663 action?: RecaptchaAction;
664}
665/**
666 * The key's platform type.
667 */
668export type RecaptchaKeyClientType = 'WEB' | 'IOS' | 'ANDROID';
669/**
670 * The reCAPTCHA key config.
671 */
672export interface RecaptchaKey {
673 /**
674 * The key's client platform type.
675 */
676 type?: RecaptchaKeyClientType;
677 /**
678 * The reCAPTCHA site key.
679 */
680 key: string;
681}
682/**
683 * The request interface for updating a reCAPTCHA Config.
684 * By enabling reCAPTCHA Enterprise Integration you are
685 * agreeing to reCAPTCHA Enterprise
686 * {@link https://cloud.google.com/terms/service-terms | Term of Service}.
687 */
688export interface RecaptchaConfig {
689 /**
690 * The enforcement state of the email password provider.
691 */
692 emailPasswordEnforcementState?: RecaptchaProviderEnforcementState;
693 /**
694 * The reCAPTCHA managed rules.
695 */
696 managedRules?: RecaptchaManagedRule[];
697 /**
698 * The reCAPTCHA keys.
699 */
700 recaptchaKeys?: RecaptchaKey[];
701 /**
702 * Whether to use account defender for reCAPTCHA assessment.
703 * The default value is false.
704 */
705 useAccountDefender?: boolean;
706}
707export declare class RecaptchaAuthConfig implements RecaptchaConfig {
708 readonly emailPasswordEnforcementState?: RecaptchaProviderEnforcementState;
709 readonly managedRules?: RecaptchaManagedRule[];
710 readonly recaptchaKeys?: RecaptchaKey[];
711 readonly useAccountDefender?: boolean;
712 constructor(recaptchaConfig: RecaptchaConfig);
713 /**
714 * Validates the RecaptchaConfig options object. Throws an error on failure.
715 * @param options - The options object to validate.
716 */
717 static validate(options: RecaptchaConfig): void;
718 /**
719 * Validate each element in ManagedRule array
720 * @param options - The options object to validate.
721 */
722 private static validateManagedRule;
723 /**
724 * Returns a JSON-serializable representation of this object.
725 * @returns The JSON-serializable object representation of the ReCaptcha config instance
726 */
727 toJSON(): object;
728}
729/**
730 * A password policy configuration for a project or tenant
731*/
732export interface PasswordPolicyConfig {
733 /**
734 * Enforcement state of the password policy
735 */
736 enforcementState?: PasswordPolicyEnforcementState;
737 /**
738 * Require users to have a policy-compliant password to sign in
739 */
740 forceUpgradeOnSignin?: boolean;
741 /**
742 * The constraints that make up the password strength policy
743 */
744 constraints?: CustomStrengthOptionsConfig;
745}
746/**
747 * A password policy's enforcement state.
748 */
749export type PasswordPolicyEnforcementState = 'ENFORCE' | 'OFF';
750/**
751 * Constraints to be enforced on the password policy
752 */
753export interface CustomStrengthOptionsConfig {
754 /**
755 * The password must contain an upper case character
756 */
757 requireUppercase?: boolean;
758 /**
759 * The password must contain a lower case character
760 */
761 requireLowercase?: boolean;
762 /**
763 * The password must contain a non-alphanumeric character
764 */
765 requireNonAlphanumeric?: boolean;
766 /**
767 * The password must contain a number
768 */
769 requireNumeric?: boolean;
770 /**
771 * Minimum password length. Valid values are from 6 to 30
772 */
773 minLength?: number;
774 /**
775 * Maximum password length. No default max length
776 */
777 maxLength?: number;
778}
779/**
780 * Server side password policy configuration.
781 */
782export interface PasswordPolicyAuthServerConfig {
783 passwordPolicyEnforcementState?: PasswordPolicyEnforcementState;
784 passwordPolicyVersions?: PasswordPolicyVersionsAuthServerConfig[];
785 forceUpgradeOnSignin?: boolean;
786}
787/**
788 * Server side password policy versions configuration.
789 */
790export interface PasswordPolicyVersionsAuthServerConfig {
791 customStrengthOptions?: CustomStrengthOptionsAuthServerConfig;
792}
793/**
794 * Server side password policy constraints configuration.
795 */
796export interface CustomStrengthOptionsAuthServerConfig {
797 containsLowercaseCharacter?: boolean;
798 containsUppercaseCharacter?: boolean;
799 containsNumericCharacter?: boolean;
800 containsNonAlphanumericCharacter?: boolean;
801 minPasswordLength?: number;
802 maxPasswordLength?: number;
803}
804/**
805 * The email privacy configuration of a project or tenant.
806 */
807export interface EmailPrivacyConfig {
808 /**
809 * Whether enhanced email privacy is enabled.
810 */
811 enableImprovedEmailPrivacy?: boolean;
812}
813export {};