firebase-admin.auth package

Firebase Authentication.

Functions

Function Description
getAuth(app) Gets the Auth service for the default app or a given app.getAuth() can be called with no arguments to access the default app's Auth service or as getAuth(app) to access the Auth service associated with a specific app.

Classes

Class Description
Auth Auth service bound to the provided app. An Auth instance can have multiple tenants.
BaseAuth Common parent interface for both Auth and TenantAwareAuth APIs.
MultiFactorInfo Interface representing the common properties of a user-enrolled second factor.
MultiFactorSettings The multi-factor related user settings.
PhoneMultiFactorInfo Interface representing a phone specific user-enrolled second factor.
ProjectConfig Represents a project configuration.
ProjectConfigManager Manages (gets and updates) the current project config.
Tenant Represents a tenant configuration.Multi-tenancy support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.Before multi-tenancy can be used on a Google Cloud Identity Platform project, tenants must be allowed on that project via the Cloud Console UI.A tenant configuration provides information such as the display name, tenant identifier and email authentication configuration. For OIDC/SAML provider configuration management, TenantAwareAuth instances should be used instead of a Tenant to retrieve the list of configured IdPs on a tenant. When configuring these providers, note that tenants will inherit whitelisted domains and authenticated redirect URIs of their parent project.All other settings of a tenant will also be inherited. These will need to be managed from the Cloud Console UI.
TenantAwareAuth Tenant-aware Auth interface used for managing users, configuring SAML/OIDC providers, generating email links for password reset, email verification, etc for specific tenants.Multi-tenancy support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.Each tenant contains its own identity providers, settings and sets of users. Using TenantAwareAuth, users for a specific tenant and corresponding OIDC/SAML configurations can also be managed, ID tokens for users signed in to a specific tenant can be verified, and email action links can also be generated for users belonging to the tenant.TenantAwareAuth instances for a specific tenantId can be instantiated by calling TenantManager.authForTenant().
TenantManager Defines the tenant manager used to help manage tenant related operations. This includes:
  • The ability to create, update, list, get and delete tenants for the underlying project.
  • Getting a TenantAwareAuth instance for running Auth related operations (user management, provider configuration management, token verification, email link generation, etc) in the context of a specified tenant.
UserInfo Represents a user's info from a third-party identity provider such as Google or Facebook.
UserMetadata Represents a user's metadata.
UserRecord Represents a user.

Interfaces

Interface Description
ActionCodeSettings This is the interface that defines the required continue/state URL with optional Android and iOS bundle identifiers.
AllowByDefault Defines a policy of allowing every region by default and adding disallowed regions to a disallow list.
AllowByDefaultWrap Mutual exclusive SMS Region Config of AllowByDefault interface
AllowlistOnly Defines a policy of only allowing regions by explicitly adding them to an allowlist.
AllowlistOnlyWrap Mutually exclusive SMS Region Config of AllowlistOnly interface
AuthProviderConfigFilter The filter interface used for listing provider configurations. This is used when specifying how to list configured identity providers via BaseAuth.listProviderConfigs().
BaseAuthProviderConfig The base Auth provider configuration interface.
BaseCreateMultiFactorInfoRequest Interface representing base properties of a user-enrolled second factor for a CreateRequest.
BaseUpdateMultiFactorInfoRequest Interface representing common properties of a user-enrolled second factor for an UpdateRequest.
CreatePhoneMultiFactorInfoRequest Interface representing a phone specific user-enrolled second factor for a CreateRequest.
CreateRequest Interface representing the properties to set on a new user record to be created.
CustomStrengthOptionsConfig Constraints to be enforced on the password policy
DecodedIdToken Interface representing a decoded Firebase ID token, returned from the BaseAuth.verifyIdToken() method.Firebase ID tokens are OpenID Connect spec-compliant JSON Web Tokens (JWTs). See the [ID Token section of the OpenID Connect spec](http://openid.net/specs/openid-connect-core-1_0.html#IDToken) for more information about the specific properties below.
DeleteUsersResult Represents the result of the BaseAuth.deleteUsers(). API.
EmailIdentifier Used for looking up an account by email.See BaseAuth.getUsers().
EmailPrivacyConfig The email privacy configuration of a project or tenant.
EmailSignInProviderConfig The email sign in provider configuration.
GetUsersResult Represents the result of the BaseAuth.getUsers() API.
ListProviderConfigResults The response interface for listing provider configs. This is only available when listing all identity providers' configurations via BaseAuth.listProviderConfigs().
ListTenantsResult Interface representing the object returned from a TenantManager.listTenants() operation. Contains the list of tenants for the current batch and the next page token if available.
ListUsersResult Interface representing the object returned from a BaseAuth.listUsers() operation. Contains the list of users for the current batch and the next page token if available.
MultiFactorConfig Interface representing a multi-factor configuration. This can be used to define whether multi-factor authentication is enabled or disabled and the list of second factor challenges that are supported.
MultiFactorCreateSettings The multi-factor related user settings for create operations.
MultiFactorProviderConfig Interface representing a multi-factor auth provider configuration. This interface is used for second factor auth providers other than SMS. Currently, only TOTP is supported.
MultiFactorUpdateSettings The multi-factor related user settings for update operations.
OAuthResponseType The interface representing OIDC provider's response object for OAuth authorization flow. One of the following settings is required:
  • Set code to true for the code flow.
  • Set idToken to true for the ID token flow.
OIDCAuthProviderConfig The [OIDC](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth provider configuration interface. An OIDC provider can be created via BaseAuth.createProviderConfig().
OIDCUpdateAuthProviderRequest The request interface for updating an OIDC Auth provider. This is used when updating an OIDC provider's configuration via BaseAuth.updateProviderConfig().
PasswordPolicyConfig A password policy configuration for a project or tenant
PhoneIdentifier Used for looking up an account by phone number.See BaseAuth.getUsers().
ProviderIdentifier Used for looking up an account by federated provider.See BaseAuth.getUsers().
RecaptchaConfig The request interface for updating a reCAPTCHA Config. By enabling reCAPTCHA Enterprise Integration you are agreeing to reCAPTCHA Enterprise Term of Service.
RecaptchaKey The reCAPTCHA key config.
RecaptchaManagedRule The config for a reCAPTCHA action rule.
SAMLAuthProviderConfig The [SAML](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) Auth provider configuration interface. A SAML provider can be created via BaseAuth.createProviderConfig().
SAMLUpdateAuthProviderRequest The request interface for updating a SAML Auth provider. This is used when updating a SAML provider's configuration via BaseAuth.updateProviderConfig().
SessionCookieOptions Interface representing the session cookie options needed for the BaseAuth.createSessionCookie() method.
TotpMultiFactorProviderConfig Interface representing configuration settings for TOTP second factor auth.
UidIdentifier Used for looking up an account by uid.See BaseAuth.getUsers().
UpdatePhoneMultiFactorInfoRequest Interface representing a phone specific user-enrolled second factor for an UpdateRequest.
UpdateProjectConfigRequest Interface representing the properties to update on the provided project config.
UpdateRequest Interface representing the properties to update on the provided user.
UpdateTenantRequest Interface representing the properties to update on the provided tenant.
UserImportOptions Interface representing the user import options needed for BaseAuth.importUsers() method. This is used to provide the password hashing algorithm information.
UserImportRecord Interface representing a user to import to Firebase Auth via the BaseAuth.importUsers() method.
UserImportResult Interface representing the response from the BaseAuth.importUsers() method for batch importing users to Firebase Auth.
UserMetadataRequest User metadata to include when importing a user.
UserProvider Represents a user identity provider that can be associated with a Firebase user.
UserProviderRequest User provider data to include when importing a user.

Type Aliases

Type Alias Description
AuthFactorType Identifies a second factor type.
AuthProviderConfig The Auth provider configuration type. BaseAuth.createProviderConfig().
CreateMultiFactorInfoRequest Type representing the properties of a user-enrolled second factor for a CreateRequest.
CreateTenantRequest Interface representing the properties to set on a new tenant.
HashAlgorithmType
MultiFactorConfigState Identifies a multi-factor configuration state.
PasswordPolicyEnforcementState A password policy's enforcement state.
RecaptchaAction The actions to take for reCAPTCHA-protected requests. - 'BLOCK': The reCAPTCHA-protected request will be blocked.
RecaptchaKeyClientType The key's platform type.
RecaptchaProviderEnforcementState Enforcement state of reCAPTCHA protection. - 'OFF': Unenforced. - 'AUDIT': Create assessment but don't enforce the result. - 'ENFORCE': Create assessment and enforce the result.
SmsRegionConfig The request interface for updating a SMS Region Config. Configures the regions where users are allowed to send verification SMS. This is based on the calling code of the destination phone number.
UpdateAuthProviderRequest
UpdateMultiFactorInfoRequest Type representing the properties of a user-enrolled second factor for an UpdateRequest.
UserIdentifier Identifies a user to be looked up.

getAuth()

Gets the Auth service for the default app or a given app.

getAuth() can be called with no arguments to access the default app's Auth service or as getAuth(app) to access the Auth service associated with a specific app.

Signature:

export declare function getAuth(app?: App): Auth;

Parameters

Parameter Type Description
app App

Returns:

Auth

Example 1

// Get the Auth service for the default app
const defaultAuth = getAuth();

Example 2

// Get the Auth service for a given app
const otherAuth = getAuth(otherApp);

AuthFactorType

Identifies a second factor type.

Signature:

export type AuthFactorType = 'phone';

AuthProviderConfig

The Auth provider configuration type. BaseAuth.createProviderConfig().

Signature:

export type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;

CreateMultiFactorInfoRequest

Type representing the properties of a user-enrolled second factor for a CreateRequest.

Signature:

export type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;

CreateTenantRequest

Interface representing the properties to set on a new tenant.

Signature:

export type CreateTenantRequest = UpdateTenantRequest;

HashAlgorithmType

Signature:

export type HashAlgorithmType = 'SCRYPT' | 'STANDARD_SCRYPT' | 'HMAC_SHA512' | 'HMAC_SHA256' | 'HMAC_SHA1' | 'HMAC_MD5' | 'MD5' | 'PBKDF_SHA1' | 'BCRYPT' | 'PBKDF2_SHA256' | 'SHA512' | 'SHA256' | 'SHA1';

MultiFactorConfigState

Identifies a multi-factor configuration state.

Signature:

export type MultiFactorConfigState = 'ENABLED' | 'DISABLED';

PasswordPolicyEnforcementState

A password policy's enforcement state.

Signature:

export type PasswordPolicyEnforcementState = 'ENFORCE' | 'OFF';

RecaptchaAction

The actions to take for reCAPTCHA-protected requests. - 'BLOCK': The reCAPTCHA-protected request will be blocked.

Signature:

export type RecaptchaAction = 'BLOCK';

RecaptchaKeyClientType

The key's platform type.

Signature:

export type RecaptchaKeyClientType = 'WEB' | 'IOS' | 'ANDROID';

RecaptchaProviderEnforcementState

Enforcement state of reCAPTCHA protection. - 'OFF': Unenforced. - 'AUDIT': Create assessment but don't enforce the result. - 'ENFORCE': Create assessment and enforce the result.

Signature:

export type RecaptchaProviderEnforcementState = 'OFF' | 'AUDIT' | 'ENFORCE';

SmsRegionConfig

The request interface for updating a SMS Region Config. Configures the regions where users are allowed to send verification SMS. This is based on the calling code of the destination phone number.

Signature:

export type SmsRegionConfig = AllowByDefaultWrap | AllowlistOnlyWrap;

UpdateAuthProviderRequest

Signature:

export type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;

UpdateMultiFactorInfoRequest

Type representing the properties of a user-enrolled second factor for an UpdateRequest.

Signature:

export type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;

UserIdentifier

Identifies a user to be looked up.

Signature:

export type UserIdentifier = UidIdentifier | EmailIdentifier | PhoneIdentifier | ProviderIdentifier;