Firebase Authentication.
Functions
| Function | Description |
|---|---|
| getAuth(app) | Gets the Auth service for the default app or a given app.getAuth() can be called with no arguments to access the default app's Auth service or as getAuth(app) to access the Auth service associated with a specific app. |
Classes
| Class | Description |
|---|---|
| Auth | Auth service bound to the provided app. An Auth instance can have multiple tenants. |
| AuthClientErrorCode | Auth client error codes and their default messages. |
| BaseAuth | Common parent interface for both Auth and TenantAwareAuth APIs. |
| FirebaseAuthError | Firebase Auth error code structure. This extends PrefixedFirebaseError. |
| MultiFactorInfo | Interface representing the common properties of a user-enrolled second factor. |
| MultiFactorSettings | The multi-factor related user settings. |
| PhoneMultiFactorInfo | Interface representing a phone specific user-enrolled second factor. |
| ProjectConfig | Represents a project configuration. |
| ProjectConfigManager | Manages (gets and updates) the current project config. |
| Tenant | Represents a tenant configuration.Multi-tenancy support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.Before multi-tenancy can be used on a Google Cloud Identity Platform project, tenants must be allowed on that project via the Cloud Console UI.A tenant configuration provides information such as the display name, tenant identifier and email authentication configuration. For OIDC/SAML provider configuration management, TenantAwareAuth instances should be used instead of a Tenant to retrieve the list of configured IdPs on a tenant. When configuring these providers, note that tenants will inherit whitelisted domains and authenticated redirect URIs of their parent project.All other settings of a tenant will also be inherited. These will need to be managed from the Cloud Console UI. |
| TenantAwareAuth | Tenant-aware Auth interface used for managing users, configuring SAML/OIDC providers, generating email links for password reset, email verification, etc for specific tenants.Multi-tenancy support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.Each tenant contains its own identity providers, settings and sets of users. Using TenantAwareAuth, users for a specific tenant and corresponding OIDC/SAML configurations can also be managed, ID tokens for users signed in to a specific tenant can be verified, and email action links can also be generated for users belonging to the tenant.TenantAwareAuth instances for a specific tenantId can be instantiated by calling TenantManager.authForTenant(). |
| TenantManager | Defines the tenant manager used to help manage tenant related operations. This includes:
|
| UserInfo | Represents a user's info from a third-party identity provider such as Google or Facebook. |
| UserMetadata | Represents a user's metadata. |
| UserRecord | Represents a user. |
Interfaces
| Interface | Description |
|---|---|
| ActionCodeSettings | This is the interface that defines the required continue/state URL with optional Android and iOS bundle identifiers. |
| AllowByDefault | Defines a policy of allowing every region by default and adding disallowed regions to a disallow list. |
| AllowByDefaultWrap | Mutual exclusive SMS Region Config of AllowByDefault interface |
| AllowlistOnly | Defines a policy of only allowing regions by explicitly adding them to an allowlist. |
| AllowlistOnlyWrap | Mutually exclusive SMS Region Config of AllowlistOnly interface |
| AuthProviderConfigFilter | The filter interface used for listing provider configurations. This is used when specifying how to list configured identity providers via BaseAuth.listProviderConfigs(). |
| BaseAuthProviderConfig | The base Auth provider configuration interface. |
| BaseCreateMultiFactorInfoRequest | Interface representing base properties of a user-enrolled second factor for a CreateRequest. |
| BaseUpdateMultiFactorInfoRequest | Interface representing common properties of a user-enrolled second factor for an UpdateRequest. |
| CreatePhoneMultiFactorInfoRequest | Interface representing a phone specific user-enrolled second factor for a CreateRequest. |
| CreateRequest | Interface representing the properties to set on a new user record to be created. |
| CustomStrengthOptionsConfig | Constraints to be enforced on the password policy |
| DecodedAuthBlockingToken | |
| DecodedIdToken | Interface representing a decoded Firebase ID token, returned from the BaseAuth.verifyIdToken() method.Firebase ID tokens are OpenID Connect spec-compliant JSON Web Tokens (JWTs). See the [ID Token section of the OpenID Connect spec](http://openid.net/specs/openid-connect-core-1_0.html#IDToken) for more information about the specific properties below. |
| DeleteUsersResult | Represents the result of the BaseAuth.deleteUsers(). API. |
| EmailIdentifier | Used for looking up an account by email.See BaseAuth.getUsers(). |
| EmailPrivacyConfig | The email privacy configuration of a project or tenant. |
| EmailSignInProviderConfig | The email sign in provider configuration. |
| GetUsersResult | Represents the result of the BaseAuth.getUsers() API. |
| ListProviderConfigResults | The response interface for listing provider configs. This is only available when listing all identity providers' configurations via BaseAuth.listProviderConfigs(). |
| ListTenantsResult | Interface representing the object returned from a TenantManager.listTenants() operation. Contains the list of tenants for the current batch and the next page token if available. |
| ListUsersResult | Interface representing the object returned from a BaseAuth.listUsers() operation. Contains the list of users for the current batch and the next page token if available. |
| MultiFactorConfig | Interface representing a multi-factor configuration. This can be used to define whether multi-factor authentication is enabled or disabled and the list of second factor challenges that are supported. |
| MultiFactorCreateSettings | The multi-factor related user settings for create operations. |
| MultiFactorProviderConfig | Interface representing a multi-factor auth provider configuration. This interface is used for second factor auth providers other than SMS. Currently, only TOTP is supported. |
| MultiFactorUpdateSettings | The multi-factor related user settings for update operations. |
| OAuthResponseType | The interface representing OIDC provider's response object for OAuth authorization flow. One of the following settings is required:
|
| OIDCAuthProviderConfig | The [OIDC](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth provider configuration interface. An OIDC provider can be created via BaseAuth.createProviderConfig(). |
| OIDCUpdateAuthProviderRequest | The request interface for updating an OIDC Auth provider. This is used when updating an OIDC provider's configuration via BaseAuth.updateProviderConfig(). |
| PasswordPolicyConfig | A password policy configuration for a project or tenant |
| PhoneIdentifier | Used for looking up an account by phone number.See BaseAuth.getUsers(). |
| ProviderIdentifier | Used for looking up an account by federated provider.See BaseAuth.getUsers(). |
| RecaptchaConfig | The request interface for updating a reCAPTCHA Config. By enabling reCAPTCHA Enterprise Integration you are agreeing to reCAPTCHA Enterprise Term of Service. |
| RecaptchaKey | The reCAPTCHA key config. |
| RecaptchaManagedRule | The config for a reCAPTCHA action rule. |
| RecaptchaTollFraudManagedRule | The managed rules for toll fraud provider, containing the enforcement status. The toll fraud provider contains all SMS related user flows. |
| SAMLAuthProviderConfig | The [SAML](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) Auth provider configuration interface. A SAML provider can be created via BaseAuth.createProviderConfig(). |
| SAMLUpdateAuthProviderRequest | The request interface for updating a SAML Auth provider. This is used when updating a SAML provider's configuration via BaseAuth.updateProviderConfig(). |
| SessionCookieOptions | Interface representing the session cookie options needed for the BaseAuth.createSessionCookie() method. |
| TotpMultiFactorProviderConfig | Interface representing configuration settings for TOTP second factor auth. |
| UidIdentifier | Used for looking up an account by uid.See BaseAuth.getUsers(). |
| UpdatePhoneMultiFactorInfoRequest | Interface representing a phone specific user-enrolled second factor for an UpdateRequest. |
| UpdateProjectConfigRequest | Interface representing the properties to update on the provided project config. |
| UpdateRequest | Interface representing the properties to update on the provided user. |
| UpdateTenantRequest | Interface representing the properties to update on the provided tenant. |
| UserImportOptions | Interface representing the user import options needed for BaseAuth.importUsers() method. This is used to provide the password hashing algorithm information. |
| UserImportRecord | Interface representing a user to import to Firebase Auth via the BaseAuth.importUsers() method. |
| UserImportResult | Interface representing the response from the BaseAuth.importUsers() method for batch importing users to Firebase Auth. |
| UserMetadataRequest | User metadata to include when importing a user. |
| UserProvider | Represents a user identity provider that can be associated with a Firebase user. |
| UserProviderRequest | User provider data to include when importing a user. |
Type Aliases
| Type Alias | Description |
|---|---|
| AuthFactorType | Identifies a second factor type. |
| AuthProviderConfig | The Auth provider configuration type. BaseAuth.createProviderConfig(). |
| CreateMultiFactorInfoRequest | Type representing the properties of a user-enrolled second factor for a CreateRequest. |
| CreateTenantRequest | Interface representing the properties to set on a new tenant. |
| HashAlgorithmType | |
| MultiFactorConfigState | Identifies a multi-factor configuration state. |
| PasswordPolicyEnforcementState | A password policy's enforcement state. |
| RecaptchaAction | The actions to take for reCAPTCHA-protected requests. - 'BLOCK': The reCAPTCHA-protected request will be blocked. |
| RecaptchaKeyClientType | The key's platform type. |
| RecaptchaProviderEnforcementState | Enforcement state of reCAPTCHA protection. - 'OFF': Unenforced. - 'AUDIT': Create assessment but don't enforce the result. - 'ENFORCE': Create assessment and enforce the result. |
| SmsRegionConfig | The request interface for updating a SMS Region Config. Configures the regions where users are allowed to send verification SMS. This is based on the calling code of the destination phone number. |
| UpdateAuthProviderRequest | |
| UpdateMultiFactorInfoRequest | Type representing the properties of a user-enrolled second factor for an UpdateRequest. |
| UserIdentifier | Identifies a user to be looked up. |
getAuth(app)
Gets the Auth service for the default app or a given app.
getAuth() can be called with no arguments to access the default app's Auth service or as getAuth(app) to access the Auth service associated with a specific app.
Signature:
export declare function getAuth(app?: App): Auth;
Parameters
| Parameter | Type | Description |
|---|---|---|
| app | App |
Returns:
Example 1
// Get the Auth service for the default app
const defaultAuth = getAuth();
Example 2
// Get the Auth service for a given app
const otherAuth = getAuth(otherApp);
AuthFactorType
Identifies a second factor type.
Signature:
export type AuthFactorType = 'phone';
AuthProviderConfig
The Auth provider configuration type. BaseAuth.createProviderConfig().
Signature:
export type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;
CreateMultiFactorInfoRequest
Type representing the properties of a user-enrolled second factor for a CreateRequest.
Signature:
export type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;
CreateTenantRequest
Interface representing the properties to set on a new tenant.
Signature:
export type CreateTenantRequest = UpdateTenantRequest;
HashAlgorithmType
Signature:
export type HashAlgorithmType = 'SCRYPT' | 'STANDARD_SCRYPT' | 'HMAC_SHA512' | 'HMAC_SHA256' | 'HMAC_SHA1' | 'HMAC_MD5' | 'MD5' | 'PBKDF_SHA1' | 'BCRYPT' | 'PBKDF2_SHA256' | 'SHA512' | 'SHA256' | 'SHA1';
MultiFactorConfigState
Identifies a multi-factor configuration state.
Signature:
export type MultiFactorConfigState = 'ENABLED' | 'DISABLED';
PasswordPolicyEnforcementState
A password policy's enforcement state.
Signature:
export type PasswordPolicyEnforcementState = 'ENFORCE' | 'OFF';
RecaptchaAction
The actions to take for reCAPTCHA-protected requests. - 'BLOCK': The reCAPTCHA-protected request will be blocked.
Signature:
export type RecaptchaAction = 'BLOCK';
RecaptchaKeyClientType
The key's platform type.
Signature:
export type RecaptchaKeyClientType = 'WEB' | 'IOS' | 'ANDROID';
RecaptchaProviderEnforcementState
Enforcement state of reCAPTCHA protection. - 'OFF': Unenforced. - 'AUDIT': Create assessment but don't enforce the result. - 'ENFORCE': Create assessment and enforce the result.
Signature:
export type RecaptchaProviderEnforcementState = 'OFF' | 'AUDIT' | 'ENFORCE';
SmsRegionConfig
The request interface for updating a SMS Region Config. Configures the regions where users are allowed to send verification SMS. This is based on the calling code of the destination phone number.
Signature:
export type SmsRegionConfig = AllowByDefaultWrap | AllowlistOnlyWrap;
UpdateAuthProviderRequest
Signature:
export type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;
UpdateMultiFactorInfoRequest
Type representing the properties of a user-enrolled second factor for an UpdateRequest.
Signature:
export type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;
UserIdentifier
Identifies a user to be looked up.
Signature:
export type UserIdentifier = UidIdentifier | EmailIdentifier | PhoneIdentifier | ProviderIdentifier;