| 1 | export declare class LoginTicket {
|
| 2 | private envelope?;
|
| 3 | private payload?;
|
| 4 | /**
|
| 5 | * Create a simple class to extract user ID from an ID Token
|
| 6 | *
|
| 7 | * @param {string} env Envelope of the jwt
|
| 8 | * @param {TokenPayload} pay Payload of the jwt
|
| 9 | * @constructor
|
| 10 | */
|
| 11 | constructor(env?: string, pay?: TokenPayload);
|
| 12 | getEnvelope(): string | undefined;
|
| 13 | getPayload(): TokenPayload | undefined;
|
| 14 | /**
|
| 15 | * Create a simple class to extract user ID from an ID Token
|
| 16 | *
|
| 17 | * @return The user ID
|
| 18 | */
|
| 19 | getUserId(): string | null;
|
| 20 | /**
|
| 21 | * Returns attributes from the login ticket. This can contain
|
| 22 | * various information about the user session.
|
| 23 | *
|
| 24 | * @return The envelope and payload
|
| 25 | */
|
| 26 | getAttributes(): {
|
| 27 | envelope: string | undefined;
|
| 28 | payload: TokenPayload | undefined;
|
| 29 | };
|
| 30 | }
|
| 31 | export interface TokenPayload {
|
| 32 | /**
|
| 33 | * The Issuer Identifier for the Issuer of the response. Always
|
| 34 | * https://accounts.google.com or accounts.google.com for Google ID tokens.
|
| 35 | */
|
| 36 | iss: string;
|
| 37 | /**
|
| 38 | * Access token hash. Provides validation that the access token is tied to the
|
| 39 | * identity token. If the ID token is issued with an access token in the
|
| 40 | * server flow, this is always included. This can be used as an alternate
|
| 41 | * mechanism to protect against cross-site request forgery attacks, but if you
|
| 42 | * follow Step 1 and Step 3 it is not necessary to verify the access token.
|
| 43 | */
|
| 44 | at_hash?: string;
|
| 45 | /**
|
| 46 | * True if the user's e-mail address has been verified; otherwise false.
|
| 47 | */
|
| 48 | email_verified?: boolean;
|
| 49 | /**
|
| 50 | * An identifier for the user, unique among all Google accounts and never
|
| 51 | * reused. A Google account can have multiple emails at different points in
|
| 52 | * time, but the sub value is never changed. Use sub within your application
|
| 53 | * as the unique-identifier key for the user.
|
| 54 | */
|
| 55 | sub: string;
|
| 56 | /**
|
| 57 | * The client_id of the authorized presenter. This claim is only needed when
|
| 58 | * the party requesting the ID token is not the same as the audience of the ID
|
| 59 | * token. This may be the case at Google for hybrid apps where a web
|
| 60 | * application and Android app have a different client_id but share the same
|
| 61 | * project.
|
| 62 | */
|
| 63 | azp?: string;
|
| 64 | /**
|
| 65 | * The user's email address. This may not be unique and is not suitable for
|
| 66 | * use as a primary key. Provided only if your scope included the string
|
| 67 | * "email".
|
| 68 | */
|
| 69 | email?: string;
|
| 70 | /**
|
| 71 | * The URL of the user's profile page. Might be provided when:
|
| 72 | * - The request scope included the string "profile"
|
| 73 | * - The ID token is returned from a token refresh
|
| 74 | * - When profile claims are present, you can use them to update your app's
|
| 75 | * user records. Note that this claim is never guaranteed to be present.
|
| 76 | */
|
| 77 | profile?: string;
|
| 78 | /**
|
| 79 | * The URL of the user's profile picture. Might be provided when:
|
| 80 | * - The request scope included the string "profile"
|
| 81 | * - The ID token is returned from a token refresh
|
| 82 | * - When picture claims are present, you can use them to update your app's
|
| 83 | * user records. Note that this claim is never guaranteed to be present.
|
| 84 | */
|
| 85 | picture?: string;
|
| 86 | /**
|
| 87 | * The user's full name, in a displayable form. Might be provided when:
|
| 88 | * - The request scope included the string "profile"
|
| 89 | * - The ID token is returned from a token refresh
|
| 90 | * - When name claims are present, you can use them to update your app's user
|
| 91 | * records. Note that this claim is never guaranteed to be present.
|
| 92 | */
|
| 93 | name?: string;
|
| 94 | /**
|
| 95 | * The user's given name, in a displayable form. Might be provided when:
|
| 96 | * - The request scope included the string "profile"
|
| 97 | * - The ID token is returned from a token refresh
|
| 98 | * - When name claims are present, you can use them to update your app's user
|
| 99 | * records. Note that this claim is never guaranteed to be present.
|
| 100 | */
|
| 101 | given_name?: string;
|
| 102 | /**
|
| 103 | * The user's family name, in a displayable form. Might be provided when:
|
| 104 | * - The request scope included the string "profile"
|
| 105 | * - The ID token is returned from a token refresh
|
| 106 | * - When name claims are present, you can use them to update your app's user
|
| 107 | * records. Note that this claim is never guaranteed to be present.
|
| 108 | */
|
| 109 | family_name?: string;
|
| 110 | /**
|
| 111 | * Identifies the audience that this ID token is intended for. It must be one
|
| 112 | * of the OAuth 2.0 client IDs of your application.
|
| 113 | */
|
| 114 | aud: string;
|
| 115 | /**
|
| 116 | * The time the ID token was issued, represented in Unix time (integer
|
| 117 | * seconds).
|
| 118 | */
|
| 119 | iat: number;
|
| 120 | /**
|
| 121 | * The time the ID token expires, represented in Unix time (integer seconds).
|
| 122 | */
|
| 123 | exp: number;
|
| 124 | /**
|
| 125 | * The value of the nonce supplied by your app in the authentication request.
|
| 126 | * You should enforce protection against replay attacks by ensuring it is
|
| 127 | * presented only once.
|
| 128 | */
|
| 129 | nonce?: string;
|
| 130 | /**
|
| 131 | * The hosted G Suite domain of the user. Provided only if the user belongs to
|
| 132 | * a hosted domain.
|
| 133 | */
|
| 134 | hd?: string;
|
| 135 | /**
|
| 136 | * The user's locale, represented by a BCP 47 language tag.
|
| 137 | * Might be provided when a name claim is present.
|
| 138 | */
|
| 139 | locale?: string;
|
| 140 | }
|