firebase-admin.auth package
Firebase Authentication.
Functions
| Function | Description |
|---|---|
| getAuth(app) | Gets theAuth service for the default app or a given app.getAuth() can be called with no arguments to access the default app'sAuth service or asgetAuth(app) to access theAuth service associated with a specific app. |
Classes
| Class | Description |
|---|---|
| Auth | Auth service bound to the provided app. An Auth instance can have multiple tenants. |
| AuthClientErrorCode | Auth client error codes and their default messages. |
| BaseAuth | Common parent interface for bothAuth andTenantAwareAuth APIs. |
| FirebaseAuthError | Firebase Auth error code structure. This extends PrefixedFirebaseError. |
| MultiFactorInfo | Interface representing the common properties of a user-enrolled second factor. |
| MultiFactorSettings | The multi-factor related user settings. |
| PhoneMultiFactorInfo | Interface representing a phone specific user-enrolled second factor. |
| ProjectConfig | Represents a project configuration. |
| ProjectConfigManager | Manages (gets and updates) the current project config. |
| Tenant | Represents a tenant configuration.Multi-tenancy support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see theGCIP documentation.Before multi-tenancy can be used on a Google Cloud Identity Platform project, tenants must be allowed on that project via the Cloud Console UI.A tenant configuration provides information such as the display name, tenant identifier and email authentication configuration. For OIDC/SAML provider configuration management,TenantAwareAuth instances should be used instead of aTenant to retrieve the list of configured IdPs on a tenant. When configuring these providers, note that tenants will inherit whitelisted domains and authenticated redirect URIs of their parent project.All other settings of a tenant will also be inherited. These will need to be managed from the Cloud Console UI. |
| TenantAwareAuth | Tenant-awareAuth interface used for managing users, configuring SAML/OIDC providers, generating email links for password reset, email verification, etc for specific tenants.Multi-tenancy support requires Google Cloud's Identity Platform (GCIP). To learn more about GCIP, including pricing and features, see theGCIP documentation.Each tenant contains its own identity providers, settings and sets of users. UsingTenantAwareAuth, users for a specific tenant and corresponding OIDC/SAML configurations can also be managed, ID tokens for users signed in to a specific tenant can be verified, and email action links can also be generated for users belonging to the tenant.TenantAwareAuth instances for a specifictenantId can be instantiated by callingTenantManager.authForTenant(). |
| TenantManager | Defines the tenant manager used to help manage tenant related operations. This includes:
|
| UserInfo | Represents a user's info from a third-party identity provider such as Google or Facebook. |
| UserMetadata | Represents a user's metadata. |
| UserRecord | Represents a user. |
Interfaces
| Interface | Description |
|---|---|
| ActionCodeSettings | This is the interface that defines the required continue/state URL with optional Android and iOS bundle identifiers. |
| AllowByDefault | Defines a policy of allowing every region by default and adding disallowed regions to a disallow list. |
| AllowByDefaultWrap | Mutual exclusive SMS Region Config of AllowByDefault interface |
| AllowlistOnly | Defines a policy of only allowing regions by explicitly adding them to an allowlist. |
| AllowlistOnlyWrap | Mutually exclusive SMS Region Config of AllowlistOnly interface |
| AuthProviderConfigFilter | The filter interface used for listing provider configurations. This is used when specifying how to list configured identity providers viaBaseAuth.listProviderConfigs(). |
| BaseAuthProviderConfig | The base Auth provider configuration interface. |
| BaseCreateMultiFactorInfoRequest | Interface representing base properties of a user-enrolled second factor for aCreateRequest. |
| BaseUpdateMultiFactorInfoRequest | Interface representing common properties of a user-enrolled second factor for anUpdateRequest. |
| CreatePhoneMultiFactorInfoRequest | Interface representing a phone specific user-enrolled second factor for aCreateRequest. |
| CreateRequest | Interface representing the properties to set on a new user record to be created. |
| CustomStrengthOptionsConfig | Constraints to be enforced on the password policy |
| DecodedAuthBlockingToken | |
| DecodedIdToken | Interface representing a decoded Firebase ID token, returned from theBaseAuth.verifyIdToken() method.Firebase ID tokens are OpenID Connect spec-compliant JSON Web Tokens (JWTs). See the [ID Token section of the OpenID Connect spec](http://openid.net/specs/openid-connect-core-1_0.html#IDToken) for more information about the specific properties below. |
| DeleteUsersResult | Represents the result of theBaseAuth.deleteUsers(). API. |
| EmailIdentifier | Used for looking up an account by email.SeeBaseAuth.getUsers(). |
| EmailPrivacyConfig | The email privacy configuration of a project or tenant. |
| EmailSignInProviderConfig | The email sign in provider configuration. |
| GetUsersResult | Represents the result of theBaseAuth.getUsers() API. |
| ListProviderConfigResults | The response interface for listing provider configs. This is only available when listing all identity providers' configurations viaBaseAuth.listProviderConfigs(). |
| ListTenantsResult | Interface representing the object returned from aTenantManager.listTenants() operation. Contains the list of tenants for the current batch and the next page token if available. |
| ListUsersResult | Interface representing the object returned from aBaseAuth.listUsers() operation. Contains the list of users for the current batch and the next page token if available. |
| MobileLinksConfig | Configuration for settings related to univeral links (iOS) and app links (Android). |
| MultiFactorConfig | Interface representing a multi-factor configuration. This can be used to define whether multi-factor authentication is enabled or disabled and the list of second factor challenges that are supported. |
| MultiFactorCreateSettings | The multi-factor related user settings for create operations. |
| MultiFactorProviderConfig | Interface representing a multi-factor auth provider configuration. This interface is used for second factor auth providers other than SMS. Currently, only TOTP is supported. |
| MultiFactorUpdateSettings | The multi-factor related user settings for update operations. |
| OAuthResponseType | The interface representing OIDC provider's response object for OAuth authorization flow. One of the following settings is required:
|
| OIDCAuthProviderConfig | The [OIDC](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth provider configuration interface. An OIDC provider can be created viaBaseAuth.createProviderConfig(). |
| OIDCUpdateAuthProviderRequest | The request interface for updating an OIDC Auth provider. This is used when updating an OIDC provider's configuration viaBaseAuth.updateProviderConfig(). |
| PasswordPolicyConfig | A password policy configuration for a project or tenant |
| PhoneIdentifier | Used for looking up an account by phone number.SeeBaseAuth.getUsers(). |
| ProviderIdentifier | Used for looking up an account by federated provider.SeeBaseAuth.getUsers(). |
| RecaptchaConfig | The request interface for updating a reCAPTCHA Config. By enabling reCAPTCHA Enterprise Integration you are agreeing to reCAPTCHA EnterpriseTerm of Service. |
| RecaptchaKey | The reCAPTCHA key config. |
| RecaptchaManagedRule | The config for a reCAPTCHA action rule. |
| RecaptchaTollFraudManagedRule | The managed rules for toll fraud provider, containing the enforcement status. The toll fraud provider contains all SMS related user flows. |
| SAMLAuthProviderConfig | The [SAML](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) Auth provider configuration interface. A SAML provider can be created viaBaseAuth.createProviderConfig(). |
| SAMLUpdateAuthProviderRequest | The request interface for updating a SAML Auth provider. This is used when updating a SAML provider's configuration viaBaseAuth.updateProviderConfig(). |
| SessionCookieOptions | Interface representing the session cookie options needed for theBaseAuth.createSessionCookie() method. |
| TotpMultiFactorProviderConfig | Interface representing configuration settings for TOTP second factor auth. |
| UidIdentifier | Used for looking up an account by uid.SeeBaseAuth.getUsers(). |
| UpdatePhoneMultiFactorInfoRequest | Interface representing a phone specific user-enrolled second factor for anUpdateRequest. |
| UpdateProjectConfigRequest | Interface representing the properties to update on the provided project config. |
| UpdateRequest | Interface representing the properties to update on the provided user. |
| UpdateTenantRequest | Interface representing the properties to update on the provided tenant. |
| UserImportOptions | Interface representing the user import options needed forBaseAuth.importUsers() method. This is used to provide the password hashing algorithm information. |
| UserImportRecord | Interface representing a user to import to Firebase Auth via theBaseAuth.importUsers() method. |
| UserImportResult | Interface representing the response from theBaseAuth.importUsers() method for batch importing users to Firebase Auth. |
| UserMetadataRequest | User metadata to include when importing a user. |
| UserProvider | Represents a user identity provider that can be associated with a Firebase user. |
| UserProviderRequest | User provider data to include when importing a user. |
Type Aliases
| Type Alias | Description |
|---|---|
| AuthFactorType | Identifies a second factor type. |
| AuthProviderConfig | The Auth provider configuration type.BaseAuth.createProviderConfig(). |
| CreateMultiFactorInfoRequest | Type representing the properties of a user-enrolled second factor for aCreateRequest. |
| CreateTenantRequest | Interface representing the properties to set on a new tenant. |
| HashAlgorithmType | |
| MobileLinksDomain | Open code in app domain to use for app links and universal links. |
| MultiFactorConfigState | Identifies a multi-factor configuration state. |
| PasswordPolicyEnforcementState | A password policy's enforcement state. |
| RecaptchaAction | The actions to take for reCAPTCHA-protected requests. - 'BLOCK': The reCAPTCHA-protected request will be blocked. |
| RecaptchaKeyClientType | The key's platform type. |
| RecaptchaProviderEnforcementState | Enforcement state of reCAPTCHA protection. - 'OFF': Unenforced. - 'AUDIT': Create assessment but don't enforce the result. - 'ENFORCE': Create assessment and enforce the result. |
| SmsRegionConfig | The request interface for updating a SMS Region Config. Configures the regions where users are allowed to send verification SMS. This is based on the calling code of the destination phone number. |
| UpdateAuthProviderRequest | |
| UpdateMultiFactorInfoRequest | Type representing the properties of a user-enrolled second factor for anUpdateRequest. |
| UserIdentifier | Identifies a user to be looked up. |
getAuth(app)
Gets theAuth service for the default app or a given app.
getAuth() can be called with no arguments to access the default app'sAuth service or asgetAuth(app) to access theAuth service associated with a specific app.
Signature:
exportdeclarefunctiongetAuth(app?:App):Auth;Parameters
| Parameter | Type | Description |
|---|---|---|
| app | App |
Returns:
Example 1
// Get the Auth service for the default appconstdefaultAuth=getAuth();Example 2
// Get the Auth service for a given appconstotherAuth=getAuth(otherApp);AuthFactorType
Identifies a second factor type.
Signature:
exporttypeAuthFactorType='phone';AuthProviderConfig
The Auth provider configuration type.BaseAuth.createProviderConfig().
Signature:
exporttypeAuthProviderConfig=SAMLAuthProviderConfig|OIDCAuthProviderConfig;CreateMultiFactorInfoRequest
Type representing the properties of a user-enrolled second factor for aCreateRequest.
Signature:
exporttypeCreateMultiFactorInfoRequest=CreatePhoneMultiFactorInfoRequest;CreateTenantRequest
Interface representing the properties to set on a new tenant.
Signature:
exporttypeCreateTenantRequest=UpdateTenantRequest;HashAlgorithmType
Signature:
exporttypeHashAlgorithmType='SCRYPT'|'STANDARD_SCRYPT'|'HMAC_SHA512'|'HMAC_SHA256'|'HMAC_SHA1'|'HMAC_MD5'|'MD5'|'PBKDF_SHA1'|'BCRYPT'|'PBKDF2_SHA256'|'SHA512'|'SHA256'|'SHA1';MobileLinksDomain
Open code in app domain to use for app links and universal links.
Signature:
exporttypeMobileLinksDomain='HOSTING_DOMAIN'|'FIREBASE_DYNAMIC_LINK_DOMAIN';MultiFactorConfigState
Identifies a multi-factor configuration state.
Signature:
exporttypeMultiFactorConfigState='ENABLED'|'DISABLED';PasswordPolicyEnforcementState
A password policy's enforcement state.
Signature:
exporttypePasswordPolicyEnforcementState='ENFORCE'|'OFF';RecaptchaAction
The actions to take for reCAPTCHA-protected requests. - 'BLOCK': The reCAPTCHA-protected request will be blocked.
Signature:
exporttypeRecaptchaAction='BLOCK';RecaptchaKeyClientType
The key's platform type.
Signature:
exporttypeRecaptchaKeyClientType='WEB'|'IOS'|'ANDROID';RecaptchaProviderEnforcementState
Enforcement state of reCAPTCHA protection. - 'OFF': Unenforced. - 'AUDIT': Create assessment but don't enforce the result. - 'ENFORCE': Create assessment and enforce the result.
Signature:
exporttypeRecaptchaProviderEnforcementState='OFF'|'AUDIT'|'ENFORCE';SmsRegionConfig
The request interface for updating a SMS Region Config. Configures the regions where users are allowed to send verification SMS. This is based on the calling code of the destination phone number.
Signature:
exporttypeSmsRegionConfig=AllowByDefaultWrap|AllowlistOnlyWrap;UpdateAuthProviderRequest
Signature:
exporttypeUpdateAuthProviderRequest=SAMLUpdateAuthProviderRequest|OIDCUpdateAuthProviderRequest;UpdateMultiFactorInfoRequest
Type representing the properties of a user-enrolled second factor for anUpdateRequest.
Signature:
exporttypeUpdateMultiFactorInfoRequest=UpdatePhoneMultiFactorInfoRequest;UserIdentifier
Identifies a user to be looked up.
Signature:
exporttypeUserIdentifier=UidIdentifier|EmailIdentifier|PhoneIdentifier|ProviderIdentifier;Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-02-06 UTC.