DecodedIdToken interface

Interface representing a decoded Firebase ID token, returned from the BaseAuth.verifyIdToken() method.

Firebase ID tokens are OpenID Connect spec-compliant JSON Web Tokens (JWTs). See the [ID Token section of the OpenID Connect spec](http://openid.net/specs/openid-connect-core-1_0.html#IDToken) for more information about the specific properties below.

Signature:

export interface DecodedIdToken 

Properties

Property Type Description
aud string The audience for which this token is intended.This value is a string equal to your Firebase project ID, the unique identifier for your Firebase project, which can be found in [your project's settings](https://console.firebase.google.com/project/_/settings/general/android:com.random.android).
auth_time number Time, in seconds since the Unix epoch, when the end-user authentication occurred.This value is not set when this particular ID token was created, but when the user initially logged in to this session. In a single session, the Firebase SDKs will refresh a user's ID tokens every hour. Each ID token will have a different [iat](#iat) value, but the same auth_time value.
email_verified boolean Whether or not the email of the user to whom the ID token belongs is verified, provided the user has an email.
email string The email of the user to whom the ID token belongs, if available.
exp number The ID token's expiration time, in seconds since the Unix epoch. That is, the time at which this ID token expires and should no longer be considered valid.The Firebase SDKs transparently refresh ID tokens every hour, issuing a new ID token with up to a one hour expiration.
firebase { identities: { [key: string]: any; }; sign_in_provider: string; sign_in_second_factor?: string; second_factor_identifier?: string; tenant?: string; [key: string]: any; } Information about the sign in event, including which sign in provider was used and provider-specific identity details.This data is provided by the Firebase Authentication service and is a reserved claim in the ID token.
iat number The ID token's issued-at time, in seconds since the Unix epoch. That is, the time at which this ID token was issued and should start to be considered valid.The Firebase SDKs transparently refresh ID tokens every hour, issuing a new ID token with a new issued-at time. If you want to get the time at which the user session corresponding to the ID token initially occurred, see the [auth_time](#auth_time) property.
iss string The issuer identifier for the issuer of the response.This value is a URL with the format https://securetoken.google.com/<PROJECT_ID>, where <PROJECT_ID> is the same project ID specified in the [aud](#aud) property.
phone_number string The phone number of the user to whom the ID token belongs, if available.
picture string The photo URL for the user to whom the ID token belongs, if available.
sub string The uid corresponding to the user who the ID token belonged to.As a convenience, this value is copied over to the [uid](#uid) property.
uid string The uid corresponding to the user who the ID token belonged to.This value is not actually in the JWT token claims itself. It is added as a convenience, and is set as the value of the [sub](#sub) property.

DecodedIdToken.aud

The audience for which this token is intended.

This value is a string equal to your Firebase project ID, the unique identifier for your Firebase project, which can be found in [your project's settings](https://console.firebase.google.com/project/_/settings/general/android:com.random.android).

Signature:

aud: string;

DecodedIdToken.auth_time

Time, in seconds since the Unix epoch, when the end-user authentication occurred.

This value is not set when this particular ID token was created, but when the user initially logged in to this session. In a single session, the Firebase SDKs will refresh a user's ID tokens every hour. Each ID token will have a different [iat](#iat) value, but the same auth_time value.

Signature:

auth_time: number;

DecodedIdToken.email_verified

Whether or not the email of the user to whom the ID token belongs is verified, provided the user has an email.

Signature:

email_verified?: boolean;

DecodedIdToken.email

The email of the user to whom the ID token belongs, if available.

Signature:

email?: string;

DecodedIdToken.exp

The ID token's expiration time, in seconds since the Unix epoch. That is, the time at which this ID token expires and should no longer be considered valid.

The Firebase SDKs transparently refresh ID tokens every hour, issuing a new ID token with up to a one hour expiration.

Signature:

exp: number;

DecodedIdToken.firebase

Information about the sign in event, including which sign in provider was used and provider-specific identity details.

This data is provided by the Firebase Authentication service and is a reserved claim in the ID token.

Signature:

firebase: {
        identities: {
            [key: string]: any;
        };
        sign_in_provider: string;
        sign_in_second_factor?: string;
        second_factor_identifier?: string;
        tenant?: string;
        [key: string]: any;
    };

DecodedIdToken.iat

The ID token's issued-at time, in seconds since the Unix epoch. That is, the time at which this ID token was issued and should start to be considered valid.

The Firebase SDKs transparently refresh ID tokens every hour, issuing a new ID token with a new issued-at time. If you want to get the time at which the user session corresponding to the ID token initially occurred, see the [auth_time](#auth_time) property.

Signature:

iat: number;

DecodedIdToken.iss

The issuer identifier for the issuer of the response.

This value is a URL with the format https://securetoken.google.com/<PROJECT_ID>, where <PROJECT_ID> is the same project ID specified in the [aud](#aud) property.

Signature:

iss: string;

DecodedIdToken.phone_number

The phone number of the user to whom the ID token belongs, if available.

Signature:

phone_number?: string;

DecodedIdToken.picture

The photo URL for the user to whom the ID token belongs, if available.

Signature:

picture?: string;

DecodedIdToken.sub

The uid corresponding to the user who the ID token belonged to.

As a convenience, this value is copied over to the [uid](#uid) property.

Signature:

sub: string;

DecodedIdToken.uid

The uid corresponding to the user who the ID token belonged to.

This value is not actually in the JWT token claims itself. It is added as a convenience, and is set as the value of the [sub](#sub) property.

Signature:

uid: string;