CloudFireAuth Docs

Appearance

cloudfire-auth / DecodedIdToken

Interface: DecodedIdToken

Defined in: types/firebase-admin/token-verifier.ts:34

Interface representing a decoded Firebase ID token, returned from the CloudFireAuth.verifyIdToken method.

Firebase ID tokens are OpenID Connect spec-compliant JSON Web Tokens (JWTs). See the ID Token section of the OpenID Connect spec for more information about the specific properties below.

Indexable

[key: string]: any

Other arbitrary claims included in the ID token.

Properties

aud

aud: string

Defined in: types/firebase-admin/token-verifier.ts:42

The audience for which this token is intended.

This value is a string equal to your Firebase project ID, the unique identifier for your Firebase project, which can be found in your project's settings.

auth_time

auth_time: number

Defined in: types/firebase-admin/token-verifier.ts:52

Time, in seconds since the Unix epoch, when the end-user authentication occurred.

This value is not set when this particular ID token was created, but when the user initially logged in to this session. In a single session, the Firebase SDKs will refresh a user's ID tokens every hour. Each ID token will have a different iat value, but the same auth_time value.

email?

optional email: string

Defined in: types/firebase-admin/token-verifier.ts:56

The email of the user to whom the ID token belongs, if available.

email_verified?

optional email_verified: boolean

Defined in: types/firebase-admin/token-verifier.ts:61

Whether or not the email of the user to whom the ID token belongs is verified, provided the user has an email.

exp

exp: number

Defined in: types/firebase-admin/token-verifier.ts:69

The ID token's expiration time, in seconds since the Unix epoch. That is, the time at which this ID token expires and should no longer be considered valid.

The Firebase SDKs transparently refresh ID tokens every hour, issuing a new ID token with up to a one hour expiration.

firebase

firebase: object

Defined in: types/firebase-admin/token-verifier.ts:77

Information about the sign in event, including which sign in provider was used and provider-specific identity details.

This data is provided by the Firebase Authentication service and is a reserved claim in the ID token.

Index Signature

[key: string]: any

identities

identities: object

Provider-specific identity details corresponding to the provider used to sign in the user.

Index Signature

[key: string]: any

second_factor_identifier?

optional second_factor_identifier: string

The uid of the second factor used to sign in, provided the ID token was obtained from a multi-factor authenticated user.

sign_in_provider

sign_in_provider: string

The ID of the provider used to sign in the user. One of "anonymous", "password", "facebook.com", "github.com", "google.com", "twitter.com", "apple.com", "microsoft.com", "yahoo.com", "phone", "playgames.google.com", "gc.apple.com", or "custom".

Additional Identity Platform provider IDs include "linkedin.com", OIDC and SAML identity providers prefixed with "saml." and "oidc." respectively.

sign_in_second_factor?

optional sign_in_second_factor: string

The type identifier or factorId of the second factor, provided the ID token was obtained from a multi-factor authenticated user. For phone, this is "phone".

tenant?

optional tenant: string

The ID of the tenant the user belongs to, if available.

iat

iat: number

Defined in: types/firebase-admin/token-verifier.ts:124

The ID token's issued-at time, in seconds since the Unix epoch. That is, the time at which this ID token was issued and should start to be considered valid.

The Firebase SDKs transparently refresh ID tokens every hour, issuing a new ID token with a new issued-at time. If you want to get the time at which the user session corresponding to the ID token initially occurred, see the auth_time property.

iss

iss: string

Defined in: types/firebase-admin/token-verifier.ts:132

The issuer identifier for the issuer of the response.

This value is a URL with the format https://securetoken.google.com/<PROJECT_ID>, where <PROJECT_ID> is the same project ID specified in the aud property.

phone_number?

optional phone_number: string

Defined in: types/firebase-admin/token-verifier.ts:136

The phone number of the user to whom the ID token belongs, if available.

picture?

optional picture: string

Defined in: types/firebase-admin/token-verifier.ts:140

The photo URL for the user to whom the ID token belongs, if available.

sub

sub: string

Defined in: types/firebase-admin/token-verifier.ts:146

The uid corresponding to the user who the ID token belonged to.

As a convenience, this value is copied over to the uid property.

uid

uid: string

Defined in: types/firebase-admin/token-verifier.ts:153

The uid corresponding to the user who the ID token belonged to.

This value is not actually in the JWT token claims itself. It is added as a convenience, and is set as the value of the sub property.