The uid to use as the custom token's subject.
Optional additional claims to include in the custom token's payload.
A promise fulfilled with a custom token for the
provided uid and payload.
Returns a promise that resolves with the newly created AuthProviderConfig
when the new provider configuration is created.
SAML and OIDC provider support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.
The provider configuration to create.
A promise that resolves with the created provider configuration.
Creates a new Firebase session cookie with the specified options. The created JWT string can be set as a server-side session cookie with a custom cookie policy, and be used for session management. The session cookie JWT will have the same payload claims as the provided ID token.
See Manage Session Cookies for code samples and detailed documentation.
The Firebase ID token to exchange for a session cookie.
The session cookie options which includes custom session duration.
A promise that resolves on success with the created session cookie.
Creates a new user.
See Create a user for code samples and detailed documentation.
The properties to set on the new user record to be created.
A promise fulfilled with the user data corresponding to the newly created user.
Deletes the provider configuration corresponding to the provider ID passed.
If the specified ID does not exist, an auth/configuration-not-found error
is thrown.
SAML and OIDC provider support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.
The provider ID corresponding to the provider config to delete.
A promise that resolves on completion.
Deletes an existing user.
See Delete a user for code samples and detailed documentation.
The uid corresponding to the user to delete.
An empty promise fulfilled once the user has been deleted.
Generates the out of band email action link to verify the user's ownership
of the specified email. The
ActionCodeSettings object provided
as an argument to this method defines whether the link is to be handled by a
mobile app or browser along with additional state information to be passed in
the deep link, etc.
The email account to verify.
The action code settings. If specified, the state/continue URL is set as the "continueUrl" parameter in the email verification link. The default email verification landing page will use this to display a link to go back to the app if it is installed. If the actionCodeSettings is not specified, no URL is appended to the action URL. The state URL provided must belong to a domain that is whitelisted by the developer in the console. Otherwise an error is thrown. Mobile app redirects are only applicable if the developer configures and accepts the Firebase Dynamic Links terms of service. The Android package name and iOS bundle ID are respected only if they are configured in the same Firebase Auth project.
A promise that resolves with the generated link.
Generates the out of band email action link to reset a user's password.
The link is generated for the user with the specified email address. The
optional ActionCodeSettings object
defines whether the link is to be handled by a mobile app or browser and the
additional state information to be passed in the deep link, etc.
The email address of the user whose password is to be reset.
The action code settings. If specified, the state/continue URL is set as the "continueUrl" parameter in the password reset link. The default password reset landing page will use this to display a link to go back to the app if it is installed. If the actionCodeSettings is not specified, no URL is appended to the action URL. The state URL provided must belong to a domain that is whitelisted by the developer in the console. Otherwise an error is thrown. Mobile app redirects are only applicable if the developer configures and accepts the Firebase Dynamic Links terms of service. The Android package name and iOS bundle ID are respected only if they are configured in the same Firebase Auth project.
A promise that resolves with the generated link.
Generates the out of band email action link to sign in or sign up the owner
of the specified email. The
ActionCodeSettings object provided
as an argument to this method defines whether the link is to be handled by a
mobile app or browser along with additional state information to be passed in
the deep link, etc.
The email account to sign in with.
The action code settings. These settings provide Firebase with instructions on how to construct the email link. This includes the sign in completion URL or the deep link for redirects and the mobile apps to use when the sign-in link is opened on an Android or iOS device. Mobile app redirects are only applicable if the developer configures and accepts the Firebase Dynamic Links terms of service. The Android package name and iOS bundle ID are respected only if they are configured in the same Firebase Auth project.
A promise that resolves with the generated link.
Looks up an Auth provider configuration by the provided ID.
Returns a promise that resolves with the provider configuration
corresponding to the provider ID specified. If the specified ID does not
exist, an auth/configuration-not-found error is thrown.
SAML and OIDC provider support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.
The provider ID corresponding to the provider config to return.
A promise that resolves with the configuration corresponding to the provided ID.
Gets the user data for the user corresponding to a given uid.
See Retrieve user data for code samples and detailed documentation.
The uid corresponding to the user whose data to fetch.
A promise fulfilled with the user
data corresponding to the provided uid.
Gets the user data for the user corresponding to a given email.
See Retrieve user data for code samples and detailed documentation.
The email corresponding to the user whose data to fetch.
A promise fulfilled with the user data corresponding to the provided email.
Gets the user data for the user corresponding to a given phone number. The phone number has to conform to the E.164 specification.
See Retrieve user data for code samples and detailed documentation.
The phone number corresponding to the user whose data to fetch.
A promise fulfilled with the user data corresponding to the provided phone number.
Imports the provided list of users into Firebase Auth.
A maximum of 1000 users are allowed to be imported one at a time.
When importing users with passwords,
UserImportOptions are required to be
specified.
This operation is optimized for bulk imports and will ignore checks on uid,
email and other identifier uniqueness which could result in duplications.
The list of user records to import to Firebase Auth.
The user import options, required when the users provided include password credentials.
A promise that resolves when the operation completes with the result of the import. This includes the number of successful imports, the number of failed imports and their corresponding errors.
Returns the list of existing provider configurations matching the filter provided. At most, 100 provider configs can be listed at a time.
SAML and OIDC provider support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.
The provider config filter to apply.
A promise that resolves with the list of provider configs meeting the filter requirements.
Retrieves a list of users (single batch only) with a size of maxResults
starting from the offset as specified by pageToken. This is used to
retrieve all the users of a specified project in batches.
See List all users for code samples and detailed documentation.
The page size, 1000 if undefined. This is also the maximum allowed limit.
The next page token. If not specified, returns users starting without any offset.
A promise that resolves with the current batch of downloaded users and the next page token.
Revokes all refresh tokens for an existing user.
This API will update the user's
{@link admin.auth.UserRecord#tokensValidAfterTime tokensValidAfterTime} to
the current UTC. It is important that the server on which this is called has
its clock set correctly and synchronized.
While this will revoke all sessions for a specified user and disable any
new ID tokens for existing sessions from getting minted, existing ID tokens
may remain active until their natural expiration (one hour). To verify that
ID tokens are revoked, use
{@link admin.auth.Auth#verifyIdToken verifyIdToken(idToken, true)}
where checkRevoked is set to true.
The uid corresponding to the user whose refresh tokens
are to be revoked.
An empty promise fulfilled once the user's refresh tokens have been revoked.
Sets additional developer claims on an existing user identified by the
provided uid, typically used to define user roles and levels of
access. These claims should propagate to all devices where the user is
already signed in (after token expiration or when token refresh is forced)
and the next time the user signs in. If a reserved OIDC claim name
is used (sub, iat, iss, etc), an error is thrown. They are set on the
authenticated user's ID token JWT.
See Defining user roles and access levels for code samples and detailed documentation.
The uid of the user to edit.
The developer claims to set. If null is passed, existing custom claims are deleted. Passing a custom claims payload larger than 1000 bytes will throw an error. Custom claims are added to the user's ID token which is transmitted on every authenticated request. For profile non-access related user attributes, use database or other separate storage systems.
A promise that resolves when the operation completes successfully.
Returns a promise that resolves with the updated AuthProviderConfig
corresponding to the provider ID specified.
If the specified ID does not exist, an auth/configuration-not-found error
is thrown.
SAML and OIDC provider support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see the GCIP documentation.
The provider ID corresponding to the provider config to update.
The updated configuration.
A promise that resolves with the updated provider configuration.
Updates an existing user.
See Update a user for code samples and detailed documentation.
The uid corresponding to the user to delete.
The properties to update on the provided user.
A promise fulfilled with the updated user data.
Verifies a Firebase ID token (JWT). If the token is valid, the promise is fulfilled with the token's decoded claims; otherwise, the promise is rejected. An optional flag can be passed to additionally check whether the ID token was revoked.
See Verify ID Tokens for code samples and detailed documentation.
The ID token to verify.
Whether to check if the ID token was revoked.
This requires an extra request to the Firebase Auth backend to check
the tokensValidAfterTime time for the corresponding user.
When not specified, this additional check is not applied.
A promise fulfilled with the token's decoded claims if the ID token is valid; otherwise, a rejected promise.
Verifies a Firebase session cookie. Returns a Promise with the cookie claims.
Rejects the promise if the cookie could not be verified. If checkRevoked is
set to true, verifies if the session corresponding to the session cookie was
revoked. If the corresponding user's session was revoked, an
auth/session-cookie-revoked error is thrown. If not specified the check is
not performed.
See Verify Session Cookies for code samples and detailed documentation
The session cookie to verify.
Whether to check if the session cookie was
revoked. This requires an extra request to the Firebase Auth backend to
check the tokensValidAfterTime time for the corresponding user.
When not specified, this additional check is not performed.
A promise fulfilled with the session cookie's decoded claims if the session cookie is valid; otherwise, a rejected promise.
Generated using TypeDoc
Creates a new Firebase custom token (JWT) that can be sent back to a client device to use to sign in with the client SDKs'
signInWithCustomToken()methods.See Create Custom Tokens for code samples and detailed documentation.