Firebase Authentication.
Functions
| Function | Description |
|---|---|
| getAuth(app) | Gets the Auth service for the default app or a given app.getAuth() can be called with no arguments to access the default app's Auth service or as getAuth(app) to access the Auth service associated with a specific app. |
Classes
| Class | Description |
|---|---|
| Auth | Auth service bound to the provided app. An Auth instance can have multiple tenants. |
| BaseAuth | Common parent interface for both Auth and TenantAwareAuth APIs. |
| FirebaseAuthError | Firebase Auth error code structure. This extends FirebaseError. |
| MultiFactorInfo | Interface representing the common properties of a user-enrolled second factor. |
| MultiFactorSettings | The multi-factor related user settings. |
| PhoneMultiFactorInfo | Interface representing a phone specific user-enrolled second factor. |
| ProjectConfig | Represents a project configuration. |
| ProjectConfigManager | Manages (gets and updates) the current project config. |
| Tenant | Represents a tenant configuration.Multi-tenancy support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.Before multi-tenancy can be used on a Google Cloud Identity Platform project, tenants must be allowed on that project via the Cloud Console UI.A tenant configuration provides information such as the display name, tenant identifier and email authentication configuration. For OIDC/SAML provider configuration management, TenantAwareAuth instances should be used instead of a Tenant to retrieve the list of configured IdPs on a tenant. When configuring these providers, note that tenants will inherit whitelisted domains and authenticated redirect URIs of their parent project.All other settings of a tenant will also be inherited. These will need to be managed from the Cloud Console UI. |
| TenantAwareAuth | Tenant-aware Auth interface used for managing users, configuring SAML/OIDC providers, generating email links for password reset, email verification, etc for specific tenants.Multi-tenancy support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.Each tenant contains its own identity providers, settings and sets of users. Using TenantAwareAuth, users for a specific tenant and corresponding OIDC/SAML configurations can also be managed, ID tokens for users signed in to a specific tenant can be verified, and email action links can also be generated for users belonging to the tenant.TenantAwareAuth instances for a specific tenantId can be instantiated by calling TenantManager.authForTenant(). |
| TenantManager | Defines the tenant manager used to help manage tenant related operations. This includes:
|
| UserInfo | Represents a user's info from a third-party identity provider such as Google or Facebook. |
| UserMetadata | Represents a user's metadata. |
| UserRecord | Represents a user. |
Interfaces
| Interface | Description |
|---|---|
| ActionCodeSettings | This is the interface that defines the required continue/state URL with optional Android and iOS bundle identifiers. |
| AllowByDefault | Defines a policy of allowing every region by default and adding disallowed regions to a disallow list. |
| AllowByDefaultWrap | Mutual exclusive SMS Region Config of AllowByDefault interface |
| AllowlistOnly | Defines a policy of only allowing regions by explicitly adding them to an allowlist. |
| AllowlistOnlyWrap | Mutually exclusive SMS Region Config of AllowlistOnly interface |
| AuthProviderConfigFilter | The filter interface used for listing provider configurations. This is used when specifying how to list configured identity providers via BaseAuth.listProviderConfigs(). |
| BaseAuthProviderConfig | The base Auth provider configuration interface. |
| BaseCreateMultiFactorInfoRequest | Interface representing base properties of a user-enrolled second factor for a CreateRequest. |
| BaseUpdateMultiFactorInfoRequest | Interface representing common properties of a user-enrolled second factor for an UpdateRequest. |
| CreatePhoneMultiFactorInfoRequest | Interface representing a phone specific user-enrolled second factor for a CreateRequest. |
| CreateRequest | Interface representing the properties to set on a new user record to be created. |
| CustomStrengthOptionsConfig | Constraints to be enforced on the password policy |
| DecodedAuthBlockingToken | |
| DecodedIdToken | Interface representing a decoded Firebase ID token, returned from the BaseAuth.verifyIdToken() method.Firebase ID tokens are OpenID Connect spec-compliant JSON Web Tokens (JWTs). See the [ID Token section of the OpenID Connect spec](http://openid.net/specs/openid-connect-core-1_0.html#IDToken) for more information about the specific properties below. |
| DeleteUsersResult | Represents the result of the BaseAuth.deleteUsers(). API. |
| EmailIdentifier | Used for looking up an account by email.See BaseAuth.getUsers(). |
| EmailPrivacyConfig | The email privacy configuration of a project or tenant. |
| EmailSignInProviderConfig | The email sign in provider configuration. |
| GetUsersResult | Represents the result of the BaseAuth.getUsers() API. |
| ListProviderConfigResults | The response interface for listing provider configs. This is only available when listing all identity providers' configurations via BaseAuth.listProviderConfigs(). |
| ListTenantsResult | Interface representing the object returned from a TenantManager.listTenants() operation. Contains the list of tenants for the current batch and the next page token if available. |
| ListUsersResult | Interface representing the object returned from a BaseAuth.listUsers() operation. Contains the list of users for the current batch and the next page token if available. |
| MobileLinksConfig | Configuration for settings related to univeral links (iOS) and app links (Android). |
| MultiFactorConfig | Interface representing a multi-factor configuration. This can be used to define whether multi-factor authentication is enabled or disabled and the list of second factor challenges that are supported. |
| MultiFactorCreateSettings | The multi-factor related user settings for create operations. |
| MultiFactorProviderConfig | Interface representing a multi-factor auth provider configuration. This interface is used for second factor auth providers other than SMS. Currently, only TOTP is supported. |
| MultiFactorUpdateSettings | The multi-factor related user settings for update operations. |
| OAuthResponseType | The interface representing OIDC provider's response object for OAuth authorization flow. One of the following settings is required:
|
| OIDCAuthProviderConfig | The [OIDC](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth provider configuration interface. An OIDC provider can be created via BaseAuth.createProviderConfig(). |
| OIDCUpdateAuthProviderRequest | The request interface for updating an OIDC Auth provider. This is used when updating an OIDC provider's configuration via BaseAuth.updateProviderConfig(). |
| PasswordPolicyConfig | A password policy configuration for a project or tenant |
| PhoneIdentifier | Used for looking up an account by phone number.See BaseAuth.getUsers(). |
| ProviderIdentifier | Used for looking up an account by federated provider.See BaseAuth.getUsers(). |
| RecaptchaConfig | The request interface for updating a reCAPTCHA Config. By enabling reCAPTCHA Enterprise Integration you are agreeing to reCAPTCHA Enterprise Term of Service. |
| RecaptchaKey | The reCAPTCHA key config. |
| RecaptchaManagedRule | The config for a reCAPTCHA action rule. |
| RecaptchaTollFraudManagedRule | The managed rules for toll fraud provider, containing the enforcement status. The toll fraud provider contains all SMS related user flows. |
| SAMLAuthProviderConfig | The [SAML](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) Auth provider configuration interface. A SAML provider can be created via BaseAuth.createProviderConfig(). |
| SAMLUpdateAuthProviderRequest | The request interface for updating a SAML Auth provider. This is used when updating a SAML provider's configuration via BaseAuth.updateProviderConfig(). |
| SessionCookieOptions | Interface representing the session cookie options needed for the BaseAuth.createSessionCookie() method. |
| TotpMultiFactorProviderConfig | Interface representing configuration settings for TOTP second factor auth. |
| UidIdentifier | Used for looking up an account by uid.See BaseAuth.getUsers(). |
| UpdatePhoneMultiFactorInfoRequest | Interface representing a phone specific user-enrolled second factor for an UpdateRequest. |
| UpdateProjectConfigRequest | Interface representing the properties to update on the provided project config. |
| UpdateRequest | Interface representing the properties to update on the provided user. |
| UpdateTenantRequest | Interface representing the properties to update on the provided tenant. |
| UserImportOptions | Interface representing the user import options needed for BaseAuth.importUsers() method. This is used to provide the password hashing algorithm information. |
| UserImportRecord | Interface representing a user to import to Firebase Auth via the BaseAuth.importUsers() method. |
| UserImportResult | Interface representing the response from the BaseAuth.importUsers() method for batch importing users to Firebase Auth. |
| UserMetadataRequest | User metadata to include when importing a user. |
| UserProvider | Represents a user identity provider that can be associated with a Firebase user. |
| UserProviderRequest | User provider data to include when importing a user. |
Variables
| Variable | Description |
|---|---|
| AuthErrorCode | The constant mapping for valid Auth client error codes. |
Type Aliases
| Type Alias | Description |
|---|---|
| AuthErrorCode | The type definition for valid Auth client error codes. |
| AuthFactorType | Identifies a second factor type. |
| AuthProviderConfig | The Auth provider configuration type. BaseAuth.createProviderConfig(). |
| CreateMultiFactorInfoRequest | Type representing the properties of a user-enrolled second factor for a CreateRequest. |
| CreateTenantRequest | Interface representing the properties to set on a new tenant. |
| HashAlgorithmType | |
| MobileLinksDomain | Open code in app domain to use for app links and universal links. |
| MultiFactorConfigState | Identifies a multi-factor configuration state. |
| PasswordPolicyEnforcementState | A password policy's enforcement state. |
| RecaptchaAction | The actions to take for reCAPTCHA-protected requests. - 'BLOCK': The reCAPTCHA-protected request will be blocked. |
| RecaptchaKeyClientType | The key's platform type. |
| RecaptchaProviderEnforcementState | Enforcement state of reCAPTCHA protection. - 'OFF': Unenforced. - 'AUDIT': Create assessment but don't enforce the result. - 'ENFORCE': Create assessment and enforce the result. |
| SmsRegionConfig | The request interface for updating a SMS Region Config. Configures the regions where users are allowed to send verification SMS. This is based on the calling code of the destination phone number. |
| UpdateAuthProviderRequest | |
| UpdateMultiFactorInfoRequest | Type representing the properties of a user-enrolled second factor for an UpdateRequest. |
| UserIdentifier | Identifies a user to be looked up. |
getAuth(app)
Gets the Auth service for the default app or a given app.
getAuth() can be called with no arguments to access the default app's Auth service or as getAuth(app) to access the Auth service associated with a specific app.
Signature:
export declare function getAuth(app?: App): Auth;
Parameters
| Parameter | Type | Description |
|---|---|---|
| app | App |
Returns:
Example 1
// Get the Auth service for the default app
const defaultAuth = getAuth();
Example 2
// Get the Auth service for a given app
const otherAuth = getAuth(otherApp);
AuthErrorCode
The constant mapping for valid Auth client error codes.
Signature:
AuthErrorCode: {
readonly AUTH_BLOCKING_TOKEN_EXPIRED: "auth-blocking-token-expired";
readonly BILLING_NOT_ENABLED: "billing-not-enabled";
readonly CLAIMS_TOO_LARGE: "claims-too-large";
readonly CONFIGURATION_EXISTS: "configuration-exists";
readonly CONFIGURATION_NOT_FOUND: "configuration-not-found";
readonly ID_TOKEN_EXPIRED: "id-token-expired";
readonly INVALID_ARGUMENT: "argument-error";
readonly INVALID_CONFIG: "invalid-config";
readonly EMAIL_ALREADY_EXISTS: "email-already-exists";
readonly EMAIL_NOT_FOUND: "email-not-found";
readonly FORBIDDEN_CLAIM: "reserved-claim";
readonly INVALID_ID_TOKEN: "invalid-id-token";
readonly ID_TOKEN_REVOKED: "id-token-revoked";
readonly INTERNAL_ERROR: "internal-error";
readonly INVALID_CLAIMS: "invalid-claims";
readonly INVALID_CONTINUE_URI: "invalid-continue-uri";
readonly INVALID_CREATION_TIME: "invalid-creation-time";
readonly INVALID_CREDENTIAL: "invalid-credential";
readonly INVALID_DISABLED_FIELD: "invalid-disabled-field";
readonly INVALID_DISPLAY_NAME: "invalid-display-name";
readonly INVALID_DYNAMIC_LINK_DOMAIN: "invalid-dynamic-link-domain";
readonly INVALID_HOSTING_LINK_DOMAIN: "invalid-hosting-link-domain";
readonly INVALID_EMAIL_VERIFIED: "invalid-email-verified";
readonly INVALID_EMAIL: "invalid-email";
readonly INVALID_NEW_EMAIL: "invalid-new-email";
readonly INVALID_ENROLLED_FACTORS: "invalid-enrolled-factors";
readonly INVALID_ENROLLMENT_TIME: "invalid-enrollment-time";
readonly INVALID_HASH_ALGORITHM: "invalid-hash-algorithm";
readonly INVALID_HASH_BLOCK_SIZE: "invalid-hash-block-size";
readonly INVALID_HASH_DERIVED_KEY_LENGTH: "invalid-hash-derived-key-length";
readonly INVALID_HASH_KEY: "invalid-hash-key";
readonly INVALID_HASH_MEMORY_COST: "invalid-hash-memory-cost";
readonly INVALID_HASH_PARALLELIZATION: "invalid-hash-parallelization";
readonly INVALID_HASH_ROUNDS: "invalid-hash-rounds";
readonly INVALID_HASH_SALT_SEPARATOR: "invalid-hash-salt-separator";
readonly INVALID_LAST_SIGN_IN_TIME: "invalid-last-sign-in-time";
readonly INVALID_NAME: "invalid-name";
readonly INVALID_OAUTH_CLIENT_ID: "invalid-oauth-client-id";
readonly INVALID_PAGE_TOKEN: "invalid-page-token";
readonly INVALID_PASSWORD: "invalid-password";
readonly INVALID_PASSWORD_HASH: "invalid-password-hash";
readonly INVALID_PASSWORD_SALT: "invalid-password-salt";
readonly INVALID_PHONE_NUMBER: "invalid-phone-number";
readonly INVALID_PHOTO_URL: "invalid-photo-url";
readonly INVALID_PROJECT_ID: "invalid-project-id";
readonly INVALID_PROVIDER_DATA: "invalid-provider-data";
readonly INVALID_PROVIDER_ID: "invalid-provider-id";
readonly INVALID_PROVIDER_UID: "invalid-provider-uid";
readonly INVALID_OAUTH_RESPONSETYPE: "invalid-oauth-responsetype";
readonly INVALID_SESSION_COOKIE_DURATION: "invalid-session-cookie-duration";
readonly INVALID_TENANT_ID: "invalid-tenant-id";
readonly INVALID_TENANT_TYPE: "invalid-tenant-type";
readonly INVALID_TESTING_PHONE_NUMBER: "invalid-testing-phone-number";
readonly INVALID_UID: "invalid-uid";
readonly INVALID_USER_IMPORT: "invalid-user-import";
readonly INVALID_TOKENS_VALID_AFTER_TIME: "invalid-tokens-valid-after-time";
readonly MISMATCHING_TENANT_ID: "mismatching-tenant-id";
readonly MISSING_ANDROID_PACKAGE_NAME: "missing-android-package-name";
readonly MISSING_CONFIG: "missing-config";
readonly MISSING_CONTINUE_URI: "missing-continue-uri";
readonly MISSING_DISPLAY_NAME: "missing-display-name";
readonly MISSING_EMAIL: "missing-email";
readonly MISSING_IOS_BUNDLE_ID: "missing-ios-bundle-id";
readonly MISSING_ISSUER: "missing-issuer";
readonly MISSING_HASH_ALGORITHM: "missing-hash-algorithm";
readonly MISSING_OAUTH_CLIENT_ID: "missing-oauth-client-id";
readonly MISSING_OAUTH_CLIENT_SECRET: "missing-oauth-client-secret";
readonly MISSING_PROVIDER_ID: "missing-provider-id";
readonly MISSING_SAML_RELYING_PARTY_CONFIG: "missing-saml-relying-party-config";
readonly MAXIMUM_TEST_PHONE_NUMBER_EXCEEDED: "test-phone-number-limit-exceeded";
readonly MAXIMUM_USER_COUNT_EXCEEDED: "maximum-user-count-exceeded";
readonly MISSING_UID: "missing-uid";
readonly OPERATION_NOT_ALLOWED: "operation-not-allowed";
readonly PHONE_NUMBER_ALREADY_EXISTS: "phone-number-already-exists";
readonly PROJECT_NOT_FOUND: "project-not-found";
readonly INSUFFICIENT_PERMISSION: "insufficient-permission";
readonly QUOTA_EXCEEDED: "quota-exceeded";
readonly SECOND_FACTOR_LIMIT_EXCEEDED: "second-factor-limit-exceeded";
readonly SECOND_FACTOR_UID_ALREADY_EXISTS: "second-factor-uid-already-exists";
readonly SESSION_COOKIE_EXPIRED: "session-cookie-expired";
readonly SESSION_COOKIE_REVOKED: "session-cookie-revoked";
readonly TENANT_NOT_FOUND: "tenant-not-found";
readonly UID_ALREADY_EXISTS: "uid-already-exists";
readonly UNAUTHORIZED_DOMAIN: "unauthorized-continue-uri";
readonly UNSUPPORTED_FIRST_FACTOR: "unsupported-first-factor";
readonly UNSUPPORTED_SECOND_FACTOR: "unsupported-second-factor";
readonly UNSUPPORTED_TENANT_OPERATION: "unsupported-tenant-operation";
readonly UNVERIFIED_EMAIL: "unverified-email";
readonly USER_NOT_FOUND: "user-not-found";
readonly NOT_FOUND: "not-found";
readonly USER_DISABLED: "user-disabled";
readonly USER_NOT_DISABLED: "user-not-disabled";
readonly INVALID_RECAPTCHA_ACTION: "invalid-recaptcha-action";
readonly INVALID_RECAPTCHA_ENFORCEMENT_STATE: "invalid-recaptcha-enforcement-state";
readonly RECAPTCHA_NOT_ENABLED: "recaptcha-not-enabled";
}
AuthErrorCode
The type definition for valid Auth client error codes.
Signature:
export type AuthErrorCode = typeof AuthErrorCode[keyof typeof AuthErrorCode];
AuthFactorType
Identifies a second factor type.
Signature:
export type AuthFactorType = 'phone';
AuthProviderConfig
The Auth provider configuration type. BaseAuth.createProviderConfig().
Signature:
export type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;
CreateMultiFactorInfoRequest
Type representing the properties of a user-enrolled second factor for a CreateRequest.
Signature:
export type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;
CreateTenantRequest
Interface representing the properties to set on a new tenant.
Signature:
export type CreateTenantRequest = UpdateTenantRequest;
HashAlgorithmType
Signature:
export type HashAlgorithmType = 'SCRYPT' | 'STANDARD_SCRYPT' | 'HMAC_SHA512' | 'HMAC_SHA256' | 'HMAC_SHA1' | 'HMAC_MD5' | 'MD5' | 'PBKDF_SHA1' | 'BCRYPT' | 'PBKDF2_SHA256' | 'SHA512' | 'SHA256' | 'SHA1';
MobileLinksDomain
Open code in app domain to use for app links and universal links.
Signature:
export type MobileLinksDomain = 'HOSTING_DOMAIN' | 'FIREBASE_DYNAMIC_LINK_DOMAIN';
MultiFactorConfigState
Identifies a multi-factor configuration state.
Signature:
export type MultiFactorConfigState = 'ENABLED' | 'DISABLED';
PasswordPolicyEnforcementState
A password policy's enforcement state.
Signature:
export type PasswordPolicyEnforcementState = 'ENFORCE' | 'OFF';
RecaptchaAction
The actions to take for reCAPTCHA-protected requests. - 'BLOCK': The reCAPTCHA-protected request will be blocked.
Signature:
export type RecaptchaAction = 'BLOCK';
RecaptchaKeyClientType
The key's platform type.
Signature:
export type RecaptchaKeyClientType = 'WEB' | 'IOS' | 'ANDROID';
RecaptchaProviderEnforcementState
Enforcement state of reCAPTCHA protection. - 'OFF': Unenforced. - 'AUDIT': Create assessment but don't enforce the result. - 'ENFORCE': Create assessment and enforce the result.
Signature:
export type RecaptchaProviderEnforcementState = 'OFF' | 'AUDIT' | 'ENFORCE';
SmsRegionConfig
The request interface for updating a SMS Region Config. Configures the regions where users are allowed to send verification SMS. This is based on the calling code of the destination phone number.
Signature:
export type SmsRegionConfig = AllowByDefaultWrap | AllowlistOnlyWrap;
UpdateAuthProviderRequest
Signature:
export type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;
UpdateMultiFactorInfoRequest
Type representing the properties of a user-enrolled second factor for an UpdateRequest.
Signature:
export type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;
UserIdentifier
Identifies a user to be looked up.
Signature:
export type UserIdentifier = UidIdentifier | EmailIdentifier | PhoneIdentifier | ProviderIdentifier;