auth package

Firebase Authentication

Functions

FunctionDescription
function(app, ...)
getAuth(app)Returns the Auth instance associated with the providedFirebaseApp. If no instance exists, initializes an Auth instance with platform-specific default dependencies.
initializeAuth(app, deps)Initializes anAuth instance with fine-grained control overDependencies.
function(storage, ...)
getReactNativePersistence(storage)Returns a persistence object that wrapsAsyncStorage imported fromreact-native or@react-native-community/async-storage, and can be used in the persistence dependency field ininitializeAuth().
function(auth, ...)
applyActionCode(auth, oobCode)Applies a verification code sent to the user by email or other out-of-band mechanism.
beforeAuthStateChanged(auth, callback, onAbort)Adds a blocking callback that runs before an auth state change sets a new user.
checkActionCode(auth, oobCode)Checks a verification code sent to the user by email or other out-of-band mechanism.
confirmPasswordReset(auth, oobCode, newPassword)Completes the password reset process, given a confirmation code and new password.
connectAuthEmulator(auth, url, options)Changes theAuth instance to communicate with the Firebase Auth Emulator, instead of production Firebase Auth services.
createUserWithEmailAndPassword(auth, email, password)Creates a new user account associated with the specified email address and password.
fetchSignInMethodsForEmail(auth, email)Gets the list of possible sign in methods for the given email address. This method returns an empty list whenEmail Enumeration Protection is enabled, irrespective of the number of authentication methods available for the given email.
getMultiFactorResolver(auth, error)Provides aMultiFactorResolver suitable for completion of a multi-factor flow.
getRedirectResult(auth, resolver)Returns aUserCredential from the redirect-based sign-in flow.
initializeRecaptchaConfig(auth)Loads the reCAPTCHA configuration into theAuth instance.
isSignInWithEmailLink(auth, emailLink)Checks if an incoming link is a sign-in with email link suitable forsignInWithEmailLink().
onAuthStateChanged(auth, nextOrObserver, error, completed)Adds an observer for changes to the user's sign-in state.
onIdTokenChanged(auth, nextOrObserver, error, completed)Adds an observer for changes to the signed-in user's ID token.
revokeAccessToken(auth, token)Revokes the given access token. Currently only supports Apple OAuth access tokens.
sendPasswordResetEmail(auth, email, actionCodeSettings)Sends a password reset email to the given email address. This method does not throw an error when there's no user account with the given email address andEmail Enumeration Protection is enabled.
sendSignInLinkToEmail(auth, email, actionCodeSettings)Sends a sign-in email link to the user with the specified email.
setPersistence(auth, persistence)Changes the type of persistence on theAuth instance for the currently savedAuth session and applies this type of persistence for future sign-in requests, including sign-in with redirect requests.
signInAnonymously(auth)Asynchronously signs in as an anonymous user.
signInWithCredential(auth, credential)Asynchronously signs in with the given credentials.
signInWithCustomToken(auth, customToken)Asynchronously signs in using a custom token.
signInWithEmailAndPassword(auth, email, password)Asynchronously signs in using an email and password.
signInWithEmailLink(auth, email, emailLink)Asynchronously signs in using an email and sign-in email link.
signInWithPhoneNumber(auth, phoneNumber, appVerifier)Asynchronously signs in using a phone number.
signInWithPopup(auth, provider, resolver)Authenticates a Firebase client using a popup-based OAuth authentication flow.
signInWithRedirect(auth, provider, resolver)Authenticates a Firebase client using a full-page redirect flow.
signOut(auth)Signs out the current user.
updateCurrentUser(auth, user)Asynchronously sets the provided user asAuth.currentUser on theAuth instance.
useDeviceLanguage(auth)Sets the current language to the default device/browser preference.
validatePassword(auth, password)Validates the password against the password policy configured for the project or tenant.
verifyPasswordResetCode(auth, code)Checks a password reset code sent to the user by email or other out-of-band mechanism.
function(link, ...)
parseActionCodeURL(link)Parses the email action link string and returns anActionCodeURL if the link is valid, otherwise returns null.
function(user, ...)
deleteUser(user)Deletes and signs out the user.
getIdToken(user, forceRefresh)Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.
getIdTokenResult(user, forceRefresh)Returns a deserialized JSON Web Token (JWT) used to identify the user to a Firebase service.
linkWithCredential(user, credential)Links the user account with the given credentials.
linkWithPhoneNumber(user, phoneNumber, appVerifier)Links the user account with the given phone number.
linkWithPopup(user, provider, resolver)Links the authenticated provider to the user account using a pop-up based OAuth flow.
linkWithRedirect(user, provider, resolver)Links theOAuthProvider to the user account using a full-page redirect flow.
multiFactor(user)TheMultiFactorUser corresponding to the user.
reauthenticateWithCredential(user, credential)Re-authenticates a user using a fresh credential.
reauthenticateWithPhoneNumber(user, phoneNumber, appVerifier)Re-authenticates a user using a fresh phone credential.
reauthenticateWithPopup(user, provider, resolver)Reauthenticates the current user with the specifiedOAuthProvider using a pop-up based OAuth flow.
reauthenticateWithRedirect(user, provider, resolver)Reauthenticates the current user with the specifiedOAuthProvider using a full-page redirect flow.
reload(user)Reloads user account data, if signed in.
sendEmailVerification(user, actionCodeSettings)Sends a verification email to a user.
unlink(user, providerId)Unlinks a provider from a user account.
updateEmail(user, newEmail)Updates the user's email address.
updatePassword(user, newPassword)Updates the user's password.
updatePhoneNumber(user, credential)Updates the user's phone number.
updateProfile(user, { displayName, photoURL: photoUrl })Updates a user's profile data.
verifyBeforeUpdateEmail(user, newEmail, actionCodeSettings)Sends a verification email to a new email address.
function(userCredential, ...)
getAdditionalUserInfo(userCredential)Extracts provider specificAdditionalUserInfo for the given credential.

Classes

ClassDescription
ActionCodeURLA utility class to parse email action URLs such as password reset, email verification, email link sign in, etc.
AuthCredentialInterface that represents the credentials returned by anAuthProvider.
EmailAuthCredentialInterface that represents the credentials returned byEmailAuthProvider forProviderId.PASSWORD
EmailAuthProviderProvider for generatingEmailAuthCredential.
FacebookAuthProviderProvider for generating anOAuthCredential forProviderId.FACEBOOK.
GithubAuthProviderProvider for generating anOAuthCredential forProviderId.GITHUB.
GoogleAuthProviderProvider for generating anOAuthCredential forProviderId.GOOGLE.
OAuthCredentialRepresents the OAuth credentials returned by anOAuthProvider.
OAuthProviderProvider for generating genericOAuthCredential.
PhoneAuthCredentialRepresents the credentials returned byPhoneAuthProvider.
PhoneAuthProviderProvider for generating anPhoneAuthCredential.
PhoneMultiFactorGeneratorProvider for generating aPhoneMultiFactorAssertion.
RecaptchaVerifierAnreCAPTCHA-based application verifier.
SAMLAuthProviderAnAuthProvider for SAML.
TotpMultiFactorGeneratorProvider for generating aTotpMultiFactorAssertion.
TotpSecretProvider for generating aTotpMultiFactorAssertion.Stores the shared secret key and other parameters to generate time-based OTPs. Implements methods to retrieve the shared secret key and generate a QR code URL.
TwitterAuthProviderProvider for generating anOAuthCredential forProviderId.TWITTER.

Interfaces

InterfaceDescription
ActionCodeInfoA response fromcheckActionCode().
ActionCodeSettingsAn interface that defines the required continue/state URL with optional Android and iOS bundle identifiers.
AdditionalUserInfoA structure containing additional user information from a federated identity provider.
ApplicationVerifierA verifier for domain verification and abuse prevention.
AuthInterface representing Firebase Auth service.
AuthErrorInterface for anAuth error.
AuthErrorMapA mapping of error codes to error messages.
AuthProviderInterface that represents an auth provider, used to facilitate creatingAuthCredential.
AuthSettingsInterface representing anAuth instance's settings.
ConfigInterface representing theAuth config.
ConfirmationResultA result from a phone number sign-in, link, or reauthenticate call.
DependenciesThe dependencies that can be used to initialize anAuth instance.
EmulatorConfigConfiguration of Firebase Authentication Emulator.
IdTokenResultInterface representing ID token result obtained fromUser.getIdTokenResult().
MultiFactorAssertionThe base class for asserting ownership of a second factor.
MultiFactorErrorThe error thrown when the user needs to provide a second factor to sign in successfully.
MultiFactorInfoA structure containing the information of a second factor entity.
MultiFactorResolverThe class used to facilitate recovery fromMultiFactorError when a user needs to provide a second factor to sign in.
MultiFactorSessionAn interface defining the multi-factor session object used for enrolling a second factor on a user or helping sign in an enrolled user with a second factor.
MultiFactorUserAn interface that defines the multi-factor related properties and operations pertaining to aUser.
OAuthCredentialOptionsDefines the options for initializing anOAuthCredential.
ParsedTokenInterface representing a parsed ID token.
PasswordPolicyA structure specifying password policy requirements.
PasswordValidationStatusA structure indicating which password policy requirements were met or violated and what the requirements are.
PersistenceAn interface covering the possible persistence mechanism types.
PhoneMultiFactorAssertionThe class for asserting ownership of a phone second factor. Provided byPhoneMultiFactorGenerator.assertion().
PhoneMultiFactorEnrollInfoOptionsOptions used for enrolling a second factor.
PhoneMultiFactorInfoThe subclass of theMultiFactorInfo interface for phone number second factors. ThefactorId of this second factor isFactorId.PHONE.
PhoneMultiFactorSignInInfoOptionsOptions used for signing in with a second factor.
PhoneSingleFactorInfoOptionsOptions used for single-factor sign-in.
PopupRedirectResolverA resolver used for handling DOM specific operations likesignInWithPopup() orsignInWithRedirect().
ReactNativeAsyncStorageInterface for a suppliedAsyncStorage.
RecaptchaParametersInterface representing reCAPTCHA parameters.See thereCAPTCHA docs for the list of accepted parameters. All parameters are accepted except forsitekey: Firebase Auth provisions a reCAPTCHA for each project and will configure the site key upon rendering.For an invisible reCAPTCHA, set thesize key toinvisible.
TotpMultiFactorAssertionThe class for asserting ownership of a TOTP second factor. Provided byTotpMultiFactorGenerator.assertionForEnrollment() andTotpMultiFactorGenerator.assertionForSignIn().
TotpMultiFactorInfoThe subclass of theMultiFactorInfo interface for TOTP second factors. ThefactorId of this second factor isFactorId.TOTP.
UserA user account.
UserCredentialA structure containing aUser, theOperationType, and the provider ID.
UserInfoUser profile information, visible only to the Firebase project's apps.
UserMetadataInterface representing a user's metadata.

Variables

VariableDescription
ActionCodeOperationAn enumeration of the possible email action types.
AuthErrorCodesA map of potentialAuth error codes, for easier comparison with errors thrown by the SDK.
browserCookiePersistence(Public Preview) An implementation ofPersistence of typeCOOKIE, for use on the client side in applications leveraging hybrid rendering and middleware.
browserLocalPersistenceAn implementation ofPersistence of typeLOCAL usinglocalStorage for the underlying storage.
browserPopupRedirectResolverAn implementation ofPopupRedirectResolver suitable for browser based applications.
browserSessionPersistenceAn implementation ofPersistence ofSESSION usingsessionStorage for the underlying storage.
cordovaPopupRedirectResolverAn implementation ofPopupRedirectResolver suitable for Cordova based applications.
debugErrorMapA verbose error map with detailed descriptions for most error codes.See discussion atAuthErrorMap
FactorIdAn enum of factors that may be used for multifactor authentication.
indexedDBLocalPersistenceAn implementation ofPersistence of typeLOCAL usingindexedDB for the underlying storage.
inMemoryPersistenceAn implementation ofPersistence of type 'NONE'.
OperationTypeEnumeration of supported operation types.
prodErrorMapA minimal error map with all verbose error messages stripped.See discussion atAuthErrorMap
ProviderIdEnumeration of supported providers.
SignInMethodEnumeration of supported sign-in methods.

Type Aliases

Type AliasDescription
CustomParametersMap of OAuth Custom Parameters.
NextOrObserverType definition for an event callback.
PhoneInfoOptionsThe information required to verify the ownership of a phone number.
UserProfileUser profile used inAdditionalUserInfo.

function(app, ...)

getAuth(app)

Returns the Auth instance associated with the providedFirebaseApp. If no instance exists, initializes an Auth instance with platform-specific default dependencies.

Signature:

exportdeclarefunctiongetAuth(app?:FirebaseApp):Auth;

Parameters

ParameterTypeDescription
appFirebaseAppThe Firebase App.

Returns:

Auth

initializeAuth(app, deps)

Initializes anAuth instance with fine-grained control overDependencies.

This function allows more control over theAuth instance thangetAuth().getAuth uses platform-specific defaults to supply theDependencies. In general,getAuth is the easiest way to initialize Auth and works for most use cases. UseinitializeAuth if you need control over which persistence layer is used, or to minimize bundle size if you're not using eithersignInWithPopup orsignInWithRedirect.

For example, if your app only uses anonymous accounts and you only want accounts saved for the current session, initializeAuth with:

constauth=initializeAuth(app,{persistence:browserSessionPersistence,popupRedirectResolver:undefined,});

Signature:

exportdeclarefunctioninitializeAuth(app:FirebaseApp,deps?:Dependencies):Auth;

Parameters

ParameterTypeDescription
appFirebaseApp
depsDependencies

Returns:

Auth

function(storage, ...)

getReactNativePersistence(storage)

Returns a persistence object that wrapsAsyncStorage imported fromreact-native or@react-native-community/async-storage, and can be used in the persistence dependency field ininitializeAuth().

Signature:

exportdeclarefunctiongetReactNativePersistence(storage:ReactNativeAsyncStorage):Persistence;

Parameters

ParameterTypeDescription
storageReactNativeAsyncStorage

Returns:

Persistence

function(auth, ...)

applyActionCode(auth, oobCode)

Applies a verification code sent to the user by email or other out-of-band mechanism.

Signature:

exportdeclarefunctionapplyActionCode(auth:Auth,oobCode:string):Promise<void>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
oobCodestringA verification code sent to the user.

Returns:

Promise<void>

beforeAuthStateChanged(auth, callback, onAbort)

Adds a blocking callback that runs before an auth state change sets a new user.

Signature:

exportdeclarefunctionbeforeAuthStateChanged(auth:Auth,callback:(user:User|null)=>void|Promise<void>,onAbort?:()=>void):Unsubscribe;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
callback(user:User | null) => void | Promise<void>callback triggered before new user value is set. If this throws, it blocks the user from being set.
onAbort() => voidcallback triggered if a laterbeforeAuthStateChanged() callback throws, allowing you to undo any side effects.

Returns:

Unsubscribe

checkActionCode(auth, oobCode)

Checks a verification code sent to the user by email or other out-of-band mechanism.

Signature:

exportdeclarefunctioncheckActionCode(auth:Auth,oobCode:string):Promise<ActionCodeInfo>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
oobCodestringA verification code sent to the user.

Returns:

Promise<ActionCodeInfo>

metadata about the code.

confirmPasswordReset(auth, oobCode, newPassword)

Completes the password reset process, given a confirmation code and new password.

Signature:

exportdeclarefunctionconfirmPasswordReset(auth:Auth,oobCode:string,newPassword:string):Promise<void>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
oobCodestringA confirmation code sent to the user.
newPasswordstringThe new password.

Returns:

Promise<void>

connectAuthEmulator(auth, url, options)

Changes theAuth instance to communicate with the Firebase Auth Emulator, instead of production Firebase Auth services.

This must be called synchronously immediately following the first call toinitializeAuth(). Do not use with production credentials as emulator traffic is not encrypted.

Signature:

exportdeclarefunctionconnectAuthEmulator(auth:Auth,url:string,options?:{disableWarnings:boolean;}):void;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
urlstringThe URL at which the emulator is running (eg, 'http://localhost:9099').
options{ disableWarnings: boolean; }Optional.options.disableWarnings defaults tofalse. Set it totrue to disable the warning banner attached to the DOM.

Returns:

void

Example

connectAuthEmulator(auth,'http://127.0.0.1:9099',{disableWarnings:true});

createUserWithEmailAndPassword(auth, email, password)

Creates a new user account associated with the specified email address and password.

On successful creation of the user account, this user will also be signed in to your application.

User account creation can fail if the account already exists or the password is invalid.

This method is not supported onAuth instances created with aFirebaseServerApp.

Note: The email address acts as a unique identifier for the user and enables an email-based password reset. This function will create a new user account and set the initial user password.

Signature:

exportdeclarefunctioncreateUserWithEmailAndPassword(auth:Auth,email:string,password:string):Promise<UserCredential>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
emailstringThe user's email address.
passwordstringThe user's chosen password.

Returns:

Promise<UserCredential>

fetchSignInMethodsForEmail(auth, email)

Gets the list of possible sign in methods for the given email address. This method returns an empty list whenEmail Enumeration Protection is enabled, irrespective of the number of authentication methods available for the given email.

This is useful to differentiate methods of sign-in for the same provider, eg.EmailAuthProvider which has 2 methods of sign-in,SignInMethod.EMAIL_PASSWORD andSignInMethod.EMAIL_LINK.

Signature:

exportdeclarefunctionfetchSignInMethodsForEmail(auth:Auth,email:string):Promise<string[]>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
emailstringThe user's email address.Deprecated. Migrating off of this method is recommended as a security best-practice. Learn more in the Identity Platform documentation forEmail Enumeration Protection.

Returns:

Promise<string[]>

getMultiFactorResolver(auth, error)

Provides aMultiFactorResolver suitable for completion of a multi-factor flow.

Signature:

exportdeclarefunctiongetMultiFactorResolver(auth:Auth,error:MultiFactorError):MultiFactorResolver;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
errorMultiFactorErrorTheMultiFactorError raised during a sign-in, or reauthentication operation.

Returns:

MultiFactorResolver

getRedirectResult(auth, resolver)

Returns aUserCredential from the redirect-based sign-in flow.

If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an error. If no redirect operation was called, returnsnull.

This method does not work in a Node.js environment or withAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctiongetRedirectResult(auth:Auth,resolver?:PopupRedirectResolver):Promise<UserCredential|null>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
resolverPopupRedirectResolverAn instance ofPopupRedirectResolver, optional if already supplied toinitializeAuth() or provided bygetAuth().

Returns:

Promise<UserCredential | null>

Example

// Sign in using a redirect.constprovider=newFacebookAuthProvider();// You can add additional scopes to the provider:provider.addScope('user_birthday');// Start a sign in process for an unauthenticated user.awaitsignInWithRedirect(auth,provider);// This will trigger a full page redirect away from your app// After returning from the redirect when your app initializes you can obtain the resultconstresult=awaitgetRedirectResult(auth);if(result){// This is the signed-in userconstuser=result.user;// This gives you a Facebook Access Token.constcredential=provider.credentialFromResult(auth,result);consttoken=credential.accessToken;}// As this API can be used for sign-in, linking and reauthentication,// check the operationType to determine what triggered this redirect// operation.constoperationType=result.operationType;

initializeRecaptchaConfig(auth)

Loads the reCAPTCHA configuration into theAuth instance.

This will load the reCAPTCHA config, which indicates whether the reCAPTCHA verification flow should be triggered for each auth provider, into the current Auth session.

If initializeRecaptchaConfig() is not invoked, the auth flow will always start without reCAPTCHA verification. If the provider is configured to require reCAPTCHA verification, the SDK will transparently load the reCAPTCHA config and restart the auth flows.

Thus, by calling this optional method, you will reduce the latency of future auth flows. Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.

This method does not work in a Node.js environment.

Signature:

exportdeclarefunctioninitializeRecaptchaConfig(auth:Auth):Promise<void>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.

Returns:

Promise<void>

Example

initializeRecaptchaConfig(auth);

isSignInWithEmailLink(auth, emailLink)

Checks if an incoming link is a sign-in with email link suitable forsignInWithEmailLink().

Signature:

exportdeclarefunctionisSignInWithEmailLink(auth:Auth,emailLink:string):boolean;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
emailLinkstringThe link sent to the user's email address.

Returns:

boolean

onAuthStateChanged(auth, nextOrObserver, error, completed)

Adds an observer for changes to the user's sign-in state.

To keep the old behavior, seeonIdTokenChanged().

Signature:

exportdeclarefunctiononAuthStateChanged(auth:Auth,nextOrObserver:NextOrObserver<User>,error?:ErrorFn,completed?:CompleteFn):Unsubscribe;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
nextOrObserverNextOrObserver<User>callback triggered on change.
errorErrorFnDeprecated. This callback is never triggered. Errors on signing in/out can be caught in promises returned from sign-in/sign-out functions.
completedCompleteFnDeprecated. This callback is never triggered.

Returns:

Unsubscribe

onIdTokenChanged(auth, nextOrObserver, error, completed)

Adds an observer for changes to the signed-in user's ID token.

This includes sign-in, sign-out, and token refresh events. This will not be triggered automatically upon ID token expiration. UseUser.getIdToken() to refresh the ID token.

Signature:

exportdeclarefunctiononIdTokenChanged(auth:Auth,nextOrObserver:NextOrObserver<User>,error?:ErrorFn,completed?:CompleteFn):Unsubscribe;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
nextOrObserverNextOrObserver<User>callback triggered on change.
errorErrorFnDeprecated. This callback is never triggered. Errors on signing in/out can be caught in promises returned from sign-in/sign-out functions.
completedCompleteFnDeprecated. This callback is never triggered.

Returns:

Unsubscribe

revokeAccessToken(auth, token)

Revokes the given access token. Currently only supports Apple OAuth access tokens.

Signature:

exportdeclarefunctionrevokeAccessToken(auth:Auth,token:string):Promise<void>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
tokenstringThe Apple OAuth access token.

Returns:

Promise<void>

sendPasswordResetEmail(auth, email, actionCodeSettings)

Sends a password reset email to the given email address. This method does not throw an error when there's no user account with the given email address andEmail Enumeration Protection is enabled.

To complete the password reset, callconfirmPasswordReset() with the code supplied in the email sent to the user, along with the new password specified by the user.

Signature:

exportdeclarefunctionsendPasswordResetEmail(auth:Auth,email:string,actionCodeSettings?:ActionCodeSettings):Promise<void>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
emailstringThe user's email address.
actionCodeSettingsActionCodeSettingsTheActionCodeSettings.

Returns:

Promise<void>

Example

constactionCodeSettings={url:'https://www.example.com/?email=user@example.com',iOS:{bundleId:'com.example.ios'},android:{packageName:'com.example.android',installApp:true,minimumVersion:'12'},handleCodeInApp:true};awaitsendPasswordResetEmail(auth,'user@example.com',actionCodeSettings);// Obtain code from user.awaitconfirmPasswordReset('user@example.com',code);

sendSignInLinkToEmail(auth, email, actionCodeSettings)

Sends a sign-in email link to the user with the specified email.

The sign-in operation has to always be completed in the app unlike other out of band email actions (password reset and email verifications). This is because, at the end of the flow, the user is expected to be signed in and their Auth state persisted within the app.

To complete sign in with the email link, callsignInWithEmailLink() with the email address and the email link supplied in the email sent to the user.

Signature:

exportdeclarefunctionsendSignInLinkToEmail(auth:Auth,email:string,actionCodeSettings:ActionCodeSettings):Promise<void>;

Parameters

ParameterTypeDescription
authAuth
emailstringThe user's email address.
actionCodeSettingsActionCodeSettingsTheActionCodeSettings.

Returns:

Promise<void>

Example

constactionCodeSettings={url:'https://www.example.com/?email=user@example.com',iOS:{bundleId:'com.example.ios'},android:{packageName:'com.example.android',installApp:true,minimumVersion:'12'},handleCodeInApp:true};awaitsendSignInLinkToEmail(auth,'user@example.com',actionCodeSettings);// Obtain emailLink from the user.if(isSignInWithEmailLink(auth,emailLink)){awaitsignInWithEmailLink(auth,'user@example.com',emailLink);}

setPersistence(auth, persistence)

Changes the type of persistence on theAuth instance for the currently savedAuth session and applies this type of persistence for future sign-in requests, including sign-in with redirect requests.

This makes it easy for a user signing in to specify whether their session should be remembered or not. It also makes it easier to never persist theAuth state for applications that are shared by other users or have sensitive data.

This method does not work in a Node.js environment or withAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionsetPersistence(auth:Auth,persistence:Persistence):Promise<void>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
persistencePersistenceThePersistence to use.

Returns:

Promise<void>

APromise that resolves once the persistence change has completed

Example

setPersistence(auth,browserSessionPersistence);

signInAnonymously(auth)

Asynchronously signs in as an anonymous user.

If there is already an anonymous user signed in, that user will be returned; otherwise, a new anonymous user identity will be created and returned.

This method is not supported byAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionsignInAnonymously(auth:Auth):Promise<UserCredential>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.

Returns:

Promise<UserCredential>

signInWithCredential(auth, credential)

Asynchronously signs in with the given credentials.

AnAuthProvider can be used to generate the credential.

This method is not supported byAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionsignInWithCredential(auth:Auth,credential:AuthCredential):Promise<UserCredential>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
credentialAuthCredentialThe auth credential.

Returns:

Promise<UserCredential>

signInWithCustomToken(auth, customToken)

Asynchronously signs in using a custom token.

Custom tokens are used to integrate Firebase Auth with existing auth systems, and must be generated by an auth backend using thecreateCustomToken method in theAdmin SDK .

Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.

This method is not supported byAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionsignInWithCustomToken(auth:Auth,customToken:string):Promise<UserCredential>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
customTokenstringThe custom token to sign in with.

Returns:

Promise<UserCredential>

signInWithEmailAndPassword(auth, email, password)

Asynchronously signs in using an email and password.

Fails with an error if the email address and password do not match. WhenEmail Enumeration Protection is enabled, this method fails with "auth/invalid-credential" in case of an invalid email/password.

This method is not supported onAuth instances created with aFirebaseServerApp.

Note: The user's password is NOT the password used to access the user's email account. The email address serves as a unique identifier for the user, and the password is used to access the user's account in your Firebase project. See also:createUserWithEmailAndPassword().

Signature:

exportdeclarefunctionsignInWithEmailAndPassword(auth:Auth,email:string,password:string):Promise<UserCredential>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
emailstringThe users email address.
passwordstringThe users password.

Returns:

Promise<UserCredential>

signInWithEmailLink(auth, email, emailLink)

Asynchronously signs in using an email and sign-in email link.

If no link is passed, the link is inferred from the current URL.

Fails with an error if the email address is invalid or OTP in email link expires.

This method is not supported byAuth instances created with aFirebaseServerApp.

Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.

Signature:

exportdeclarefunctionsignInWithEmailLink(auth:Auth,email:string,emailLink?:string):Promise<UserCredential>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
emailstringThe user's email address.
emailLinkstringThe link sent to the user's email address.

Returns:

Promise<UserCredential>

Example

constactionCodeSettings={url:'https://www.example.com/?email=user@example.com',iOS:{bundleId:'com.example.ios'},android:{packageName:'com.example.android',installApp:true,minimumVersion:'12'},handleCodeInApp:true};awaitsendSignInLinkToEmail(auth,'user@example.com',actionCodeSettings);// Obtain emailLink from the user.if(isSignInWithEmailLink(auth,emailLink)){awaitsignInWithEmailLink(auth,'user@example.com',emailLink);}

signInWithPhoneNumber(auth, phoneNumber, appVerifier)

Asynchronously signs in using a phone number.

This method sends a code via SMS to the given phone number, and returns aConfirmationResult. After the user provides the code sent to their phone, callConfirmationResult.confirm() with the code to sign the user in.

For abuse prevention, this method requires aApplicationVerifier. This SDK includes an implementation based on reCAPTCHA v2,RecaptchaVerifier. This function can work on other platforms that do not support theRecaptchaVerifier (like React Native), but you need to use a third-partyApplicationVerifier implementation.

If you've enabled project-level reCAPTCHA Enterprise bot protection in Enforce mode, you can omit theApplicationVerifier.

This method does not work in a Node.js environment or withAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionsignInWithPhoneNumber(auth:Auth,phoneNumber:string,appVerifier?:ApplicationVerifier):Promise<ConfirmationResult>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
phoneNumberstringThe user's phone number in E.164 format (e.g. +16505550101).
appVerifierApplicationVerifierTheApplicationVerifier.

Returns:

Promise<ConfirmationResult>

Example

// 'recaptcha-container' is the ID of an element in the DOM.constapplicationVerifier=newfirebase.auth.RecaptchaVerifier('recaptcha-container');constconfirmationResult=awaitsignInWithPhoneNumber(auth,phoneNumber,applicationVerifier);// Obtain a verificationCode from the user.constcredential=awaitconfirmationResult.confirm(verificationCode);

signInWithPopup(auth, provider, resolver)

Authenticates a Firebase client using a popup-based OAuth authentication flow.

If succeeds, returns the signed in user along with the provider's credential. If sign in was unsuccessful, returns an error object containing additional information about the error.

This method does not work in a Node.js environment or withAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionsignInWithPopup(auth:Auth,provider:AuthProvider,resolver?:PopupRedirectResolver):Promise<UserCredential>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
providerAuthProviderThe provider to authenticate. The provider has to be anOAuthProvider. Non-OAuth providers likeEmailAuthProvider will throw an error.
resolverPopupRedirectResolverAn instance ofPopupRedirectResolver, optional if already supplied toinitializeAuth() or provided bygetAuth().

Returns:

Promise<UserCredential>

Example

// Sign in using a popup.constprovider=newFacebookAuthProvider();constresult=awaitsignInWithPopup(auth,provider);// The signed-in user info.constuser=result.user;// This gives you a Facebook Access Token.constcredential=provider.credentialFromResult(auth,result);consttoken=credential.accessToken;

signInWithRedirect(auth, provider, resolver)

Authenticates a Firebase client using a full-page redirect flow.

To handle the results and errors for this operation, refer togetRedirectResult(). Follow thebest practices when usingsignInWithRedirect().

This method does not work in a Node.js environment or withAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionsignInWithRedirect(auth:Auth,provider:AuthProvider,resolver?:PopupRedirectResolver):Promise<never>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
providerAuthProviderThe provider to authenticate. The provider has to be anOAuthProvider. Non-OAuth providers likeEmailAuthProvider will throw an error.
resolverPopupRedirectResolverAn instance ofPopupRedirectResolver, optional if already supplied toinitializeAuth() or provided bygetAuth().

Returns:

Promise<never>

Example

// Sign in using a redirect.constprovider=newFacebookAuthProvider();// You can add additional scopes to the provider:provider.addScope('user_birthday');// Start a sign in process for an unauthenticated user.awaitsignInWithRedirect(auth,provider);// This will trigger a full page redirect away from your app// After returning from the redirect when your app initializes you can obtain the resultconstresult=awaitgetRedirectResult(auth);if(result){// This is the signed-in userconstuser=result.user;// This gives you a Facebook Access Token.constcredential=provider.credentialFromResult(auth,result);consttoken=credential.accessToken;}// As this API can be used for sign-in, linking and reauthentication,// check the operationType to determine what triggered this redirect// operation.constoperationType=result.operationType;

signOut(auth)

Signs out the current user.

This method is not supported byAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionsignOut(auth:Auth):Promise<void>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.

Returns:

Promise<void>

updateCurrentUser(auth, user)

Asynchronously sets the provided user asAuth.currentUser on theAuth instance.

A new instance copy of the user provided will be made and set as currentUser.

This will triggeronAuthStateChanged() andonIdTokenChanged() listeners like other sign in methods.

The operation fails with an error if the user to be updated belongs to a different Firebase project.

This method is not supported byAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionupdateCurrentUser(auth:Auth,user:User|null):Promise<void>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
userUser | nullThe newUser.

Returns:

Promise<void>

useDeviceLanguage(auth)

Sets the current language to the default device/browser preference.

Signature:

exportdeclarefunctionuseDeviceLanguage(auth:Auth):void;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.

Returns:

void

validatePassword(auth, password)

Validates the password against the password policy configured for the project or tenant.

If no tenant ID is set on theAuth instance, then this method will use the password policy configured for the project. Otherwise, this method will use the policy configured for the tenant. If a password policy has not been configured, then the default policy configured for all projects will be used.

If an auth flow fails because a submitted password does not meet the password policy requirements and this method has previously been called, then this method will use the most recent policy available when called again.

Signature:

exportdeclarefunctionvalidatePassword(auth:Auth,password:string):Promise<PasswordValidationStatus>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
passwordstringThe password to validate.

Returns:

Promise<PasswordValidationStatus>

Example

validatePassword(auth,'some-password');

verifyPasswordResetCode(auth, code)

Checks a password reset code sent to the user by email or other out-of-band mechanism.

Signature:

exportdeclarefunctionverifyPasswordResetCode(auth:Auth,code:string):Promise<string>;

Parameters

ParameterTypeDescription
authAuthTheAuth instance.
codestringA verification code sent to the user.

Returns:

Promise<string>

the user's email address if valid.

function(link, ...)

parseActionCodeURL(link)

Parses the email action link string and returns anActionCodeURL if the link is valid, otherwise returns null.

Signature:

exportdeclarefunctionparseActionCodeURL(link:string):ActionCodeURL|null;

Parameters

ParameterTypeDescription
linkstring

Returns:

ActionCodeURL | null

function(user, ...)

deleteUser(user)

Deletes and signs out the user.

Important: this is a security-sensitive operation that requires the user to have recently signed in. If this requirement isn't met, ask the user to authenticate again and then callreauthenticateWithCredential().

Signature:

exportdeclarefunctiondeleteUser(user:User):Promise<void>;

Parameters

ParameterTypeDescription
userUserThe user.

Returns:

Promise<void>

getIdToken(user, forceRefresh)

Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.

Returns the current token if it has not expired or if it will not expire in the next five minutes. Otherwise, this will refresh the token and return a new one.

Signature:

exportdeclarefunctiongetIdToken(user:User,forceRefresh?:boolean):Promise<string>;

Parameters

ParameterTypeDescription
userUserThe user.
forceRefreshbooleanForce refresh regardless of token expiration.

Returns:

Promise<string>

getIdTokenResult(user, forceRefresh)

Returns a deserialized JSON Web Token (JWT) used to identify the user to a Firebase service.

Returns the current token if it has not expired or if it will not expire in the next five minutes. Otherwise, this will refresh the token and return a new one.

Signature:

exportdeclarefunctiongetIdTokenResult(user:User,forceRefresh?:boolean):Promise<IdTokenResult>;

Parameters

ParameterTypeDescription
userUserThe user.
forceRefreshbooleanForce refresh regardless of token expiration.

Returns:

Promise<IdTokenResult>

linkWithCredential(user, credential)

Links the user account with the given credentials.

AnAuthProvider can be used to generate the credential.

Signature:

exportdeclarefunctionlinkWithCredential(user:User,credential:AuthCredential):Promise<UserCredential>;

Parameters

ParameterTypeDescription
userUserThe user.
credentialAuthCredentialThe auth credential.

Returns:

Promise<UserCredential>

linkWithPhoneNumber(user, phoneNumber, appVerifier)

Links the user account with the given phone number.

This method does not work in a Node.js environment.

Signature:

exportdeclarefunctionlinkWithPhoneNumber(user:User,phoneNumber:string,appVerifier?:ApplicationVerifier):Promise<ConfirmationResult>;

Parameters

ParameterTypeDescription
userUserThe user.
phoneNumberstringThe user's phone number in E.164 format (e.g. +16505550101).
appVerifierApplicationVerifierTheApplicationVerifier.

Returns:

Promise<ConfirmationResult>

linkWithPopup(user, provider, resolver)

Links the authenticated provider to the user account using a pop-up based OAuth flow.

If the linking is successful, the returned result will contain the user and the provider's credential.

This method does not work in a Node.js environment.

Signature:

exportdeclarefunctionlinkWithPopup(user:User,provider:AuthProvider,resolver?:PopupRedirectResolver):Promise<UserCredential>;

Parameters

ParameterTypeDescription
userUserThe user.
providerAuthProviderThe provider to authenticate. The provider has to be anOAuthProvider. Non-OAuth providers likeEmailAuthProvider will throw an error.
resolverPopupRedirectResolverAn instance ofPopupRedirectResolver, optional if already supplied toinitializeAuth() or provided bygetAuth().

Returns:

Promise<UserCredential>

Example

// Sign in using some other provider.constresult=awaitsignInWithEmailAndPassword(auth,email,password);// Link using a popup.constprovider=newFacebookAuthProvider();awaitlinkWithPopup(result.user,provider);

linkWithRedirect(user, provider, resolver)

Links theOAuthProvider to the user account using a full-page redirect flow.

To handle the results and errors for this operation, refer togetRedirectResult(). Follow thebest practices when usinglinkWithRedirect().

This method does not work in a Node.js environment or withAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionlinkWithRedirect(user:User,provider:AuthProvider,resolver?:PopupRedirectResolver):Promise<never>;

Parameters

ParameterTypeDescription
userUserThe user.
providerAuthProviderThe provider to authenticate. The provider has to be anOAuthProvider. Non-OAuth providers likeEmailAuthProvider will throw an error.
resolverPopupRedirectResolverAn instance ofPopupRedirectResolver, optional if already supplied toinitializeAuth() or provided bygetAuth().

Returns:

Promise<never>

Example

// Sign in using some other provider.constresult=awaitsignInWithEmailAndPassword(auth,email,password);// Link using a redirect.constprovider=newFacebookAuthProvider();awaitlinkWithRedirect(result.user,provider);// This will trigger a full page redirect away from your app// After returning from the redirect when your app initializes you can obtain the resultconstresult=awaitgetRedirectResult(auth);

multiFactor(user)

TheMultiFactorUser corresponding to the user.

This is used to access all multi-factor properties and operations related to the user.

Signature:

exportdeclarefunctionmultiFactor(user:User):MultiFactorUser;

Parameters

ParameterTypeDescription
userUserThe user.

Returns:

MultiFactorUser

reauthenticateWithCredential(user, credential)

Re-authenticates a user using a fresh credential.

Use before operations such asupdatePassword() that require tokens from recent sign-in attempts. This method can be used to recover from aCREDENTIAL_TOO_OLD_LOGIN_AGAIN error or aTOKEN_EXPIRED error.

This method is not supported on anyUser signed in byAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionreauthenticateWithCredential(user:User,credential:AuthCredential):Promise<UserCredential>;

Parameters

ParameterTypeDescription
userUserThe user.
credentialAuthCredentialThe auth credential.

Returns:

Promise<UserCredential>

reauthenticateWithPhoneNumber(user, phoneNumber, appVerifier)

Re-authenticates a user using a fresh phone credential.

Use before operations such asupdatePassword() that require tokens from recent sign-in attempts.

This method does not work in a Node.js environment or on anyUser signed in byAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionreauthenticateWithPhoneNumber(user:User,phoneNumber:string,appVerifier?:ApplicationVerifier):Promise<ConfirmationResult>;

Parameters

ParameterTypeDescription
userUserThe user.
phoneNumberstringThe user's phone number in E.164 format (e.g. +16505550101).
appVerifierApplicationVerifierTheApplicationVerifier.

Returns:

Promise<ConfirmationResult>

reauthenticateWithPopup(user, provider, resolver)

Reauthenticates the current user with the specifiedOAuthProvider using a pop-up based OAuth flow.

If the reauthentication is successful, the returned result will contain the user and the provider's credential.

This method does not work in a Node.js environment or on anyUser signed in byAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionreauthenticateWithPopup(user:User,provider:AuthProvider,resolver?:PopupRedirectResolver):Promise<UserCredential>;

Parameters

ParameterTypeDescription
userUserThe user.
providerAuthProviderThe provider to authenticate. The provider has to be anOAuthProvider. Non-OAuth providers likeEmailAuthProvider will throw an error.
resolverPopupRedirectResolverAn instance ofPopupRedirectResolver, optional if already supplied toinitializeAuth() or provided bygetAuth().

Returns:

Promise<UserCredential>

Example

// Sign in using a popup.constprovider=newFacebookAuthProvider();constresult=awaitsignInWithPopup(auth,provider);// Reauthenticate using a popup.awaitreauthenticateWithPopup(result.user,provider);

reauthenticateWithRedirect(user, provider, resolver)

Reauthenticates the current user with the specifiedOAuthProvider using a full-page redirect flow.

To handle the results and errors for this operation, refer togetRedirectResult(). Follow thebest practices when usingreauthenticateWithRedirect().

This method does not work in a Node.js environment or withAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionreauthenticateWithRedirect(user:User,provider:AuthProvider,resolver?:PopupRedirectResolver):Promise<never>;

Parameters

ParameterTypeDescription
userUserThe user.
providerAuthProviderThe provider to authenticate. The provider has to be anOAuthProvider. Non-OAuth providers likeEmailAuthProvider will throw an error.
resolverPopupRedirectResolverAn instance ofPopupRedirectResolver, optional if already supplied toinitializeAuth() or provided bygetAuth().

Returns:

Promise<never>

Example

// Sign in using a redirect.constprovider=newFacebookAuthProvider();constresult=awaitsignInWithRedirect(auth,provider);// This will trigger a full page redirect away from your app// After returning from the redirect when your app initializes you can obtain the resultconstresult=awaitgetRedirectResult(auth);// Reauthenticate using a redirect.awaitreauthenticateWithRedirect(result.user,provider);// This will again trigger a full page redirect away from your app// After returning from the redirect when your app initializes you can obtain the resultconstresult=awaitgetRedirectResult(auth);

reload(user)

Reloads user account data, if signed in.

Signature:

exportdeclarefunctionreload(user:User):Promise<void>;

Parameters

ParameterTypeDescription
userUserThe user.

Returns:

Promise<void>

sendEmailVerification(user, actionCodeSettings)

Sends a verification email to a user.

The verification process is completed by callingapplyActionCode().

Signature:

exportdeclarefunctionsendEmailVerification(user:User,actionCodeSettings?:ActionCodeSettings|null):Promise<void>;

Parameters

ParameterTypeDescription
userUserThe user.
actionCodeSettingsActionCodeSettings | nullTheActionCodeSettings.

Returns:

Promise<void>

Example

constactionCodeSettings={url:'https://www.example.com/?email=user@example.com',iOS:{bundleId:'com.example.ios'},android:{packageName:'com.example.android',installApp:true,minimumVersion:'12'},handleCodeInApp:true};awaitsendEmailVerification(user,actionCodeSettings);// Obtain code from the user.awaitapplyActionCode(auth,code);

unlink(user, providerId)

Unlinks a provider from a user account.

Signature:

exportdeclarefunctionunlink(user:User,providerId:string):Promise<User>;

Parameters

ParameterTypeDescription
userUserThe user.
providerIdstringThe provider to unlink.

Returns:

Promise<User>

updateEmail(user, newEmail)

Updates the user's email address.

An email will be sent to the original email address (if it was set) that allows to revoke the email address change, in order to protect them from account hijacking.

This method is not supported on anyUser signed in byAuth instances created with aFirebaseServerApp.

Important: this is a security sensitive operation that requires the user to have recently signed in. If this requirement isn't met, ask the user to authenticate again and then callreauthenticateWithCredential().

Signature:

exportdeclarefunctionupdateEmail(user:User,newEmail:string):Promise<void>;

Parameters

ParameterTypeDescription
userUserThe user.
newEmailstringThe new email address.Throws "auth/operation-not-allowed" error whenEmail Enumeration Protection is enabled. Deprecated - UseverifyBeforeUpdateEmail() instead.

Returns:

Promise<void>

updatePassword(user, newPassword)

Updates the user's password.

Important: this is a security sensitive operation that requires the user to have recently signed in. If this requirement isn't met, ask the user to authenticate again and then callreauthenticateWithCredential().

Signature:

exportdeclarefunctionupdatePassword(user:User,newPassword:string):Promise<void>;

Parameters

ParameterTypeDescription
userUserThe user.
newPasswordstringThe new password.

Returns:

Promise<void>

updatePhoneNumber(user, credential)

Updates the user's phone number.

This method does not work in a Node.js environment or on anyUser signed in byAuth instances created with aFirebaseServerApp.

Signature:

exportdeclarefunctionupdatePhoneNumber(user:User,credential:PhoneAuthCredential):Promise<void>;

Parameters

ParameterTypeDescription
userUserThe user.
credentialPhoneAuthCredentialA credential authenticating the new phone number.

Returns:

Promise<void>

Example

// 'recaptcha-container' is the ID of an element in the DOM.constapplicationVerifier=newRecaptchaVerifier('recaptcha-container');constprovider=newPhoneAuthProvider(auth);constverificationId=awaitprovider.verifyPhoneNumber('+16505550101',applicationVerifier);// Obtain the verificationCode from the user.constphoneCredential=PhoneAuthProvider.credential(verificationId,verificationCode);awaitupdatePhoneNumber(user,phoneCredential);

updateProfile(user, { displayName, photoURL: photoUrl })

Updates a user's profile data.

Signature:

exportdeclarefunctionupdateProfile(user:User,{displayName,photoURL:photoUrl}:{displayName?:string|null;photoURL?:string|null;}):Promise<void>;

Parameters

ParameterTypeDescription
userUserThe user.
{ displayName, photoURL: photoUrl }{ displayName?: string | null; photoURL?: string | null; }

Returns:

Promise<void>

verifyBeforeUpdateEmail(user, newEmail, actionCodeSettings)

Sends a verification email to a new email address.

The user's email will be updated to the new one after being verified.

If you have a custom email action handler, you can complete the verification process by callingapplyActionCode().

Signature:

exportdeclarefunctionverifyBeforeUpdateEmail(user:User,newEmail:string,actionCodeSettings?:ActionCodeSettings|null):Promise<void>;

Parameters

ParameterTypeDescription
userUserThe user.
newEmailstringThe new email address to be verified before update.
actionCodeSettingsActionCodeSettings | nullTheActionCodeSettings.

Returns:

Promise<void>

Example

constactionCodeSettings={url:'https://www.example.com/?email=user@example.com',iOS:{bundleId:'com.example.ios'},android:{packageName:'com.example.android',installApp:true,minimumVersion:'12'},handleCodeInApp:true};awaitverifyBeforeUpdateEmail(user,'newemail@example.com',actionCodeSettings);// Obtain code from the user.awaitapplyActionCode(auth,code);

function(userCredential, ...)

getAdditionalUserInfo(userCredential)

Extracts provider specificAdditionalUserInfo for the given credential.

Signature:

exportdeclarefunctiongetAdditionalUserInfo(userCredential:UserCredential):AdditionalUserInfo|null;

Parameters

ParameterTypeDescription
userCredentialUserCredentialThe user credential.

Returns:

AdditionalUserInfo | null

ActionCodeOperation

An enumeration of the possible email action types.

Signature:

ActionCodeOperation:{readonlyEMAIL_SIGNIN:"EMAIL_SIGNIN";readonlyPASSWORD_RESET:"PASSWORD_RESET";readonlyRECOVER_EMAIL:"RECOVER_EMAIL";readonlyREVERT_SECOND_FACTOR_ADDITION:"REVERT_SECOND_FACTOR_ADDITION";readonlyVERIFY_AND_CHANGE_EMAIL:"VERIFY_AND_CHANGE_EMAIL";readonlyVERIFY_EMAIL:"VERIFY_EMAIL";}

AuthErrorCodes

A map of potentialAuth error codes, for easier comparison with errors thrown by the SDK.

Note that you can't tree-shake individual keys in the map, so by using the map you might substantially increase your bundle size.

Signature:

AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY:{readonlyADMIN_ONLY_OPERATION:"auth/admin-restricted-operation";readonlyARGUMENT_ERROR:"auth/argument-error";readonlyAPP_NOT_AUTHORIZED:"auth/app-not-authorized";readonlyAPP_NOT_INSTALLED:"auth/app-not-installed";readonlyCAPTCHA_CHECK_FAILED:"auth/captcha-check-failed";readonlyCODE_EXPIRED:"auth/code-expired";readonlyCORDOVA_NOT_READY:"auth/cordova-not-ready";readonlyCORS_UNSUPPORTED:"auth/cors-unsupported";readonlyCREDENTIAL_ALREADY_IN_USE:"auth/credential-already-in-use";readonlyCREDENTIAL_MISMATCH:"auth/custom-token-mismatch";readonlyCREDENTIAL_TOO_OLD_LOGIN_AGAIN:"auth/requires-recent-login";readonlyDEPENDENT_SDK_INIT_BEFORE_AUTH:"auth/dependent-sdk-initialized-before-auth";readonlyDYNAMIC_LINK_NOT_ACTIVATED:"auth/dynamic-link-not-activated";readonlyEMAIL_CHANGE_NEEDS_VERIFICATION:"auth/email-change-needs-verification";readonlyEMAIL_EXISTS:"auth/email-already-in-use";readonlyEMULATOR_CONFIG_FAILED:"auth/emulator-config-failed";readonlyEXPIRED_OOB_CODE:"auth/expired-action-code";readonlyEXPIRED_POPUP_REQUEST:"auth/cancelled-popup-request";readonlyINTERNAL_ERROR:"auth/internal-error";readonlyINVALID_API_KEY:"auth/invalid-api-key";readonlyINVALID_APP_CREDENTIAL:"auth/invalid-app-credential";readonlyINVALID_APP_ID:"auth/invalid-app-id";readonlyINVALID_AUTH:"auth/invalid-user-token";readonlyINVALID_AUTH_EVENT:"auth/invalid-auth-event";readonlyINVALID_CERT_HASH:"auth/invalid-cert-hash";readonlyINVALID_CODE:"auth/invalid-verification-code";readonlyINVALID_CONTINUE_URI:"auth/invalid-continue-uri";readonlyINVALID_CORDOVA_CONFIGURATION:"auth/invalid-cordova-configuration";readonlyINVALID_CUSTOM_TOKEN:"auth/invalid-custom-token";readonlyINVALID_DYNAMIC_LINK_DOMAIN:"auth/invalid-dynamic-link-domain";readonlyINVALID_EMAIL:"auth/invalid-email";readonlyINVALID_EMULATOR_SCHEME:"auth/invalid-emulator-scheme";readonlyINVALID_IDP_RESPONSE:"auth/invalid-credential";readonlyINVALID_LOGIN_CREDENTIALS:"auth/invalid-credential";readonlyINVALID_MESSAGE_PAYLOAD:"auth/invalid-message-payload";readonlyINVALID_MFA_SESSION:"auth/invalid-multi-factor-session";readonlyINVALID_OAUTH_CLIENT_ID:"auth/invalid-oauth-client-id";readonlyINVALID_OAUTH_PROVIDER:"auth/invalid-oauth-provider";readonlyINVALID_OOB_CODE:"auth/invalid-action-code";readonlyINVALID_ORIGIN:"auth/unauthorized-domain";readonlyINVALID_PASSWORD:"auth/wrong-password";readonlyINVALID_PERSISTENCE:"auth/invalid-persistence-type";readonlyINVALID_PHONE_NUMBER:"auth/invalid-phone-number";readonlyINVALID_PROVIDER_ID:"auth/invalid-provider-id";readonlyINVALID_RECIPIENT_EMAIL:"auth/invalid-recipient-email";readonlyINVALID_SENDER:"auth/invalid-sender";readonlyINVALID_SESSION_INFO:"auth/invalid-verification-id";readonlyINVALID_TENANT_ID:"auth/invalid-tenant-id";readonlyMFA_INFO_NOT_FOUND:"auth/multi-factor-info-not-found";readonlyMFA_REQUIRED:"auth/multi-factor-auth-required";readonlyMISSING_ANDROID_PACKAGE_NAME:"auth/missing-android-pkg-name";readonlyMISSING_APP_CREDENTIAL:"auth/missing-app-credential";readonlyMISSING_AUTH_DOMAIN:"auth/auth-domain-config-required";readonlyMISSING_CODE:"auth/missing-verification-code";readonlyMISSING_CONTINUE_URI:"auth/missing-continue-uri";readonlyMISSING_IFRAME_START:"auth/missing-iframe-start";readonlyMISSING_IOS_BUNDLE_ID:"auth/missing-ios-bundle-id";readonlyMISSING_OR_INVALID_NONCE:"auth/missing-or-invalid-nonce";readonlyMISSING_MFA_INFO:"auth/missing-multi-factor-info";readonlyMISSING_MFA_SESSION:"auth/missing-multi-factor-session";readonlyMISSING_PHONE_NUMBER:"auth/missing-phone-number";readonlyMISSING_PASSWORD:"auth/missing-password";readonlyMISSING_SESSION_INFO:"auth/missing-verification-id";readonlyMODULE_DESTROYED:"auth/app-deleted";readonlyNEED_CONFIRMATION:"auth/account-exists-with-different-credential";readonlyNETWORK_REQUEST_FAILED:"auth/network-request-failed";readonlyNULL_USER:"auth/null-user";readonlyNO_AUTH_EVENT:"auth/no-auth-event";readonlyNO_SUCH_PROVIDER:"auth/no-such-provider";readonlyOPERATION_NOT_ALLOWED:"auth/operation-not-allowed";readonlyOPERATION_NOT_SUPPORTED:"auth/operation-not-supported-in-this-environment";readonlyPOPUP_BLOCKED:"auth/popup-blocked";readonlyPOPUP_CLOSED_BY_USER:"auth/popup-closed-by-user";readonlyPROVIDER_ALREADY_LINKED:"auth/provider-already-linked";readonlyQUOTA_EXCEEDED:"auth/quota-exceeded";readonlyREDIRECT_CANCELLED_BY_USER:"auth/redirect-cancelled-by-user";readonlyREDIRECT_OPERATION_PENDING:"auth/redirect-operation-pending";readonlyREJECTED_CREDENTIAL:"auth/rejected-credential";readonlySECOND_FACTOR_ALREADY_ENROLLED:"auth/second-factor-already-in-use";readonlySECOND_FACTOR_LIMIT_EXCEEDED:"auth/maximum-second-factor-count-exceeded";readonlyTENANT_ID_MISMATCH:"auth/tenant-id-mismatch";readonlyTIMEOUT:"auth/timeout";readonlyTOKEN_EXPIRED:"auth/user-token-expired";readonlyTOO_MANY_ATTEMPTS_TRY_LATER:"auth/too-many-requests";readonlyUNAUTHORIZED_DOMAIN:"auth/unauthorized-continue-uri";readonlyUNSUPPORTED_FIRST_FACTOR:"auth/unsupported-first-factor";readonlyUNSUPPORTED_PERSISTENCE:"auth/unsupported-persistence-type";readonlyUNSUPPORTED_TENANT_OPERATION:"auth/unsupported-tenant-operation";readonlyUNVERIFIED_EMAIL:"auth/unverified-email";readonlyUSER_CANCELLED:"auth/user-cancelled";readonlyUSER_DELETED:"auth/user-not-found";readonlyUSER_DISABLED:"auth/user-disabled";readonlyUSER_MISMATCH:"auth/user-mismatch";readonlyUSER_SIGNED_OUT:"auth/user-signed-out";readonlyWEAK_PASSWORD:"auth/weak-password";readonlyWEB_STORAGE_UNSUPPORTED:"auth/web-storage-unsupported";readonlyALREADY_INITIALIZED:"auth/already-initialized";readonlyRECAPTCHA_NOT_ENABLED:"auth/recaptcha-not-enabled";readonlyMISSING_RECAPTCHA_TOKEN:"auth/missing-recaptcha-token";readonlyINVALID_RECAPTCHA_TOKEN:"auth/invalid-recaptcha-token";readonlyINVALID_RECAPTCHA_ACTION:"auth/invalid-recaptcha-action";readonlyMISSING_CLIENT_TYPE:"auth/missing-client-type";readonlyMISSING_RECAPTCHA_VERSION:"auth/missing-recaptcha-version";readonlyINVALID_RECAPTCHA_VERSION:"auth/invalid-recaptcha-version";readonlyINVALID_REQ_TYPE:"auth/invalid-req-type";readonlyINVALID_HOSTING_LINK_DOMAIN:"auth/invalid-hosting-link-domain";}

browserCookiePersistence

This API is provided as a preview for developers and may change based on feedback that we receive. Do not use this API in a production environment.

An implementation ofPersistence of typeCOOKIE, for use on the client side in applications leveraging hybrid rendering and middleware.

This persistence method requires companion middleware to function, such as that provided byReactFire for NextJS.

Signature:

browserCookiePersistence:Persistence

browserLocalPersistence

An implementation ofPersistence of typeLOCAL usinglocalStorage for the underlying storage.

Signature:

browserLocalPersistence:Persistence

browserPopupRedirectResolver

An implementation ofPopupRedirectResolver suitable for browser based applications.

This method does not work in a Node.js environment.

Signature:

browserPopupRedirectResolver:PopupRedirectResolver

browserSessionPersistence

An implementation ofPersistence ofSESSION usingsessionStorage for the underlying storage.

Signature:

browserSessionPersistence:Persistence

cordovaPopupRedirectResolver

An implementation ofPopupRedirectResolver suitable for Cordova based applications.

Signature:

cordovaPopupRedirectResolver:PopupRedirectResolver

debugErrorMap

A verbose error map with detailed descriptions for most error codes.

See discussion atAuthErrorMap

Signature:

debugErrorMap:AuthErrorMap

FactorId

An enum of factors that may be used for multifactor authentication.

Signature:

FactorId:{readonlyPHONE:"phone";readonlyTOTP:"totp";}

indexedDBLocalPersistence

An implementation ofPersistence of typeLOCAL usingindexedDB for the underlying storage.

Signature:

indexedDBLocalPersistence:Persistence

inMemoryPersistence

An implementation ofPersistence of type 'NONE'.

Signature:

inMemoryPersistence:Persistence

OperationType

Enumeration of supported operation types.

Signature:

OperationType:{readonlyLINK:"link";readonlyREAUTHENTICATE:"reauthenticate";readonlySIGN_IN:"signIn";}

prodErrorMap

A minimal error map with all verbose error messages stripped.

See discussion atAuthErrorMap

Signature:

prodErrorMap:AuthErrorMap

ProviderId

Enumeration of supported providers.

Signature:

ProviderId:{readonlyFACEBOOK:"facebook.com";readonlyGITHUB:"github.com";readonlyGOOGLE:"google.com";readonlyPASSWORD:"password";readonlyPHONE:"phone";readonlyTWITTER:"twitter.com";}

SignInMethod

Enumeration of supported sign-in methods.

Signature:

SignInMethod:{readonlyEMAIL_LINK:"emailLink";readonlyEMAIL_PASSWORD:"password";readonlyFACEBOOK:"facebook.com";readonlyGITHUB:"github.com";readonlyGOOGLE:"google.com";readonlyPHONE:"phone";readonlyTWITTER:"twitter.com";}

CustomParameters

Map of OAuth Custom Parameters.

Signature:

exporttypeCustomParameters=Record<string,string>;

NextOrObserver

Type definition for an event callback.

Signature:

exporttypeNextOrObserver<T>=NextFn<T|null>|Observer<T|null>;

PhoneInfoOptions

The information required to verify the ownership of a phone number.

The information that's required depends on whether you are doing single-factor sign-in, multi-factor enrollment or multi-factor sign-in.

Signature:

exporttypePhoneInfoOptions=PhoneSingleFactorInfoOptions|PhoneMultiFactorEnrollInfoOptions|PhoneMultiFactorSignInInfoOptions;

UserProfile

User profile used inAdditionalUserInfo.

Signature:

exporttypeUserProfile=Record<string,unknown>;

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-10-30 UTC.