@prmichaelsen/firebase-admin-sdk-v8 2.4.2 → 2.5.0

package/CHANGELOG.md

@@ -7,6 +7,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.5.0] - 2026-02-19
+
+### Added
+- **User Management APIs**: Complete user management functionality via Firebase Identity Toolkit REST API
+  - `getUserByEmail()` - Look up users by email address
+  - `getUserByUid()` - Look up users by UID
+  - `createUser()` - Create new Firebase users with email, password, display name, etc.
+  - `updateUser()` - Update existing user properties (email, password, display name, photo URL, etc.)
+  - `deleteUser()` - Delete Firebase users
+  - `listUsers()` - List all users with pagination support (up to 1000 per page)
+  - `setCustomUserClaims()` - Set custom claims for role-based access control
+- New type definitions: `UserRecord`, `CreateUserRequest`, `UpdateUserRequest`, `ListUsersResult`
+- 30 comprehensive unit tests for user management (91.66% coverage)
+- 18 E2E tests for user management (complete lifecycle testing)
+- Complete user management documentation in README with examples
+- Feature comparison table updated to show user management support
+
+### Changed
+- Total unit tests increased from 433 to 463 (+30 tests)
+- Total E2E tests increased from 105 to 123 (+18 tests)
+- Updated feature list to include user management
+
+### Notes
+- `listUsers()` E2E tests are skipped as the REST API endpoint availability varies by Firebase project configuration
+
 ## [2.4.0] - 2026-02-15
 
 ### Added

package/README.md

@@ -16,6 +16,7 @@ This library provides Firebase Admin SDK functionality for Cloudflare Workers an
 - ✅ **JWT Token Generation** - Service account authentication
 - ✅ **ID Token Verification** - Verify Firebase ID tokens (supports v9 and v10 formats)
 - ✅ **Session Cookies** - Create and verify long-lived session cookies (up to 14 days)
+- ✅ **User Management** - Create, read, update, delete users via Admin API
 - ✅ **Firebase v10 Compatible** - Supports both old and new token issuer formats
 - ✅ **Firestore REST API** - Full CRUD operations via REST
 - ✅ **Field Value Operations** - increment, arrayUnion, arrayRemove, serverTimestamp, delete
@@ -173,6 +174,97 @@ const user = await getUserFromToken(idToken);
 // Returns: { uid, email, emailVerified, displayName, photoURL }
 ```
 
+### User Management
+
+#### `getUserByEmail(email: string): Promise<UserRecord | null>`
+
+Look up a Firebase user by email address.
+
+```typescript
+const user = await getUserByEmail('user@example.com');
+if (user) {
+  console.log('User ID:', user.uid);
+  console.log('Email verified:', user.emailVerified);
+}
+```
+
+#### `getUserByUid(uid: string): Promise<UserRecord | null>`
+
+Look up a Firebase user by UID.
+
+```typescript
+const user = await getUserByUid('user123');
+if (user) {
+  console.log('Email:', user.email);
+  console.log('Display name:', user.displayName);
+}
+```
+
+#### `createUser(properties: CreateUserRequest): Promise<UserRecord>`
+
+Create a new Firebase user.
+
+```typescript
+const newUser = await createUser({
+  email: 'newuser@example.com',
+  password: 'securePassword123',
+  displayName: 'New User',
+  emailVerified: false,
+});
+console.log('Created user:', newUser.uid);
+```
+
+#### `updateUser(uid: string, properties: UpdateUserRequest): Promise<UserRecord>`
+
+Update an existing Firebase user.
+
+```typescript
+const updatedUser = await updateUser('user123', {
+  displayName: 'Updated Name',
+  photoURL: 'https://example.com/photo.jpg',
+  emailVerified: true,
+});
+```
+
+#### `deleteUser(uid: string): Promise<void>`
+
+Delete a Firebase user.
+
+```typescript
+await deleteUser('user123');
+```
+
+#### `listUsers(maxResults?: number, pageToken?: string): Promise<ListUsersResult>`
+
+List all users with pagination.
+
+```typescript
+// List first 100 users
+const result = await listUsers(100);
+console.log('Users:', result.users.length);
+
+// Get next page
+if (result.pageToken) {
+  const nextPage = await listUsers(100, result.pageToken);
+}
+```
+
+#### `setCustomUserClaims(uid: string, customClaims: Record<string, any> | null): Promise<void>`
+
+Set custom claims on a user's ID token for role-based access control.
+
+```typescript
+// Set custom claims
+await setCustomUserClaims('user123', {
+  role: 'admin',
+  premium: true,
+  permissions: ['read', 'write', 'delete'],
+});
+
+// Clear custom claims
+await setCustomUserClaims('user123', null);
+```
+
 ### Firestore - Basic Operations
 
 #### `setDocument(collectionPath, documentId, data, options?): Promise<void>`
@@ -619,7 +711,7 @@ For better query performance:
 | ID Token Verification | ✅ | Supports v9 and v10 token formats |
 | Custom Token Creation | ✅ | createCustomToken() |
 | Custom Token Exchange | ✅ | signInWithCustomToken() |
-| User Management | ❌ | Not yet implemented |
+| User Management | ✅ | Create, read, update, delete, list users |
 | Firestore CRUD | ✅ | Full support |
 | Firestore Queries | ✅ | where, orderBy, limit, cursors |
 | Firestore Batch | ✅ | Up to 500 operations |

package/dist/index.d.mts

@@ -183,6 +183,81 @@ interface BatchWriteResult {
         updateTime: string;
     }>;
 }
+/**
+ * Firebase user record
+ */
+interface UserRecord {
+    /** User's unique ID */
+    uid: string;
+    /** User's email address */
+    email?: string;
+    /** Whether the email is verified */
+    emailVerified: boolean;
+    /** User's display name */
+    displayName?: string;
+    /** User's photo URL */
+    photoURL?: string;
+    /** User's phone number */
+    phoneNumber?: string;
+    /** Whether the user is disabled */
+    disabled: boolean;
+    /** User metadata (creation and last sign-in times) */
+    metadata: {
+        creationTime: string;
+        lastSignInTime: string;
+    };
+    /** Provider-specific user information */
+    providerData: UserInfo[];
+    /** Custom claims set on the user */
+    customClaims?: Record<string, any>;
+}
+/**
+ * Request to create a new user
+ */
+interface CreateUserRequest {
+    /** User's email address */
+    email?: string;
+    /** Whether the email should be marked as verified */
+    emailVerified?: boolean;
+    /** User's phone number */
+    phoneNumber?: string;
+    /** User's password */
+    password?: string;
+    /** User's display name */
+    displayName?: string;
+    /** User's photo URL */
+    photoURL?: string;
+    /** Whether the user should be disabled */
+    disabled?: boolean;
+}
+/**
+ * Request to update an existing user
+ */
+interface UpdateUserRequest {
+    /** User's email address */
+    email?: string;
+    /** Whether the email should be marked as verified */
+    emailVerified?: boolean;
+    /** User's phone number */
+    phoneNumber?: string;
+    /** User's password */
+    password?: string;
+    /** User's display name */
+    displayName?: string;
+    /** User's photo URL */
+    photoURL?: string;
+    /** Whether the user should be disabled */
+    disabled?: boolean;
+}
+/**
+ * Result of listing users
+ */
+interface ListUsersResult {
+    /** Array of user records */
+    users: UserRecord[];
+    /** Token for fetching the next page (if available) */
+    pageToken?: string;
+}
 
 /**
  * Firebase Admin SDK v8 - Configuration
@@ -395,6 +470,55 @@ declare function verifySessionCookie(sessionCookie: string, checkRevoked?: boole
  */
 declare function getAuth(): any;
 
+/**
+ * Firebase User Management APIs
+ * Provides user management operations using Firebase Identity Toolkit REST API
+ */
+
+/**
+ * Look up a Firebase user by email address
+ * @param email - User's email address
+ * @returns User record or null if not found
+ */
+declare function getUserByEmail(email: string): Promise<UserRecord | null>;
+/**
+ * Look up a Firebase user by UID
+ * @param uid - User's unique ID
+ * @returns User record or null if not found
+ */
+declare function getUserByUid(uid: string): Promise<UserRecord | null>;
+/**
+ * Create a new Firebase user
+ * @param properties - User properties (email, password, displayName, etc.)
+ * @returns Created user record
+ */
+declare function createUser(properties: CreateUserRequest): Promise<UserRecord>;
+/**
+ * Update an existing Firebase user
+ * @param uid - User's unique ID
+ * @param properties - Properties to update (email, password, displayName, etc.)
+ * @returns Updated user record
+ */
+declare function updateUser(uid: string, properties: UpdateUserRequest): Promise<UserRecord>;
+/**
+ * Delete a Firebase user
+ * @param uid - User's unique ID
+ */
+declare function deleteUser(uid: string): Promise<void>;
+/**
+ * List all users with pagination
+ * @param maxResults - Maximum number of users to return (default: 1000, max: 1000)
+ * @param pageToken - Token for next page
+ * @returns List of users and next page token
+ */
+declare function listUsers(maxResults?: number, pageToken?: string): Promise<ListUsersResult>;
+/**
+ * Set custom claims on a user's ID token
+ * @param uid - User's unique ID
+ * @param customClaims - Custom claims object (max 1000 bytes when serialized)
+ */
+declare function setCustomUserClaims(uid: string, customClaims: Record<string, any> | null): Promise<void>;
+
 /**
  * Firebase Admin SDK v8 - Firestore CRUD Operations
  * All Firestore document operations using REST API
@@ -979,4 +1103,4 @@ declare function getAdminAccessToken(): Promise<string>;
  */
 declare function clearTokenCache(): void;
 
-export { type BatchWrite, type BatchWriteResult, type CustomClaims, type CustomTokenSignInResponse, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type QueryFilter, type QueryOptions, type QueryOrder, type ResumableUploadOptions, type ServiceAccount, type SessionCookieOptions, type SetOptions, type SignedUrlOptions, type TokenResponse, type UpdateOptions, type UploadOptions, type UserInfo, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, countDocuments, createCustomToken, createSessionCookie, deleteDocument, deleteFile, downloadFile, fileExists, generateSignedUrl, getAdminAccessToken, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserFromToken, initializeApp, iterateCollection, listDocuments, listFiles, queryDocuments, setDocument, signInWithCustomToken, updateDocument, uploadFile, uploadFileResumable, verifyIdToken, verifySessionCookie };
+export { type BatchWrite, type BatchWriteResult, type CreateUserRequest, type CustomClaims, type CustomTokenSignInResponse, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type ListUsersResult, type QueryFilter, type QueryOptions, type QueryOrder, type ResumableUploadOptions, type ServiceAccount, type SessionCookieOptions, type SetOptions, type SignedUrlOptions, type TokenResponse, type UpdateOptions, type UpdateUserRequest, type UploadOptions, type UserInfo, type UserRecord, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, countDocuments, createCustomToken, createSessionCookie, createUser, deleteDocument, deleteFile, deleteUser, downloadFile, fileExists, generateSignedUrl, getAdminAccessToken, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserByEmail, getUserByUid, getUserFromToken, initializeApp, iterateCollection, listDocuments, listFiles, listUsers, queryDocuments, setCustomUserClaims, setDocument, signInWithCustomToken, updateDocument, updateUser, uploadFile, uploadFileResumable, verifyIdToken, verifySessionCookie };

package/dist/index.d.ts

@@ -183,6 +183,81 @@ interface BatchWriteResult {
         updateTime: string;
     }>;
 }
+/**
+ * Firebase user record
+ */
+interface UserRecord {
+    /** User's unique ID */
+    uid: string;
+    /** User's email address */
+    email?: string;
+    /** Whether the email is verified */
+    emailVerified: boolean;
+    /** User's display name */
+    displayName?: string;
+    /** User's photo URL */
+    photoURL?: string;
+    /** User's phone number */
+    phoneNumber?: string;
+    /** Whether the user is disabled */
+    disabled: boolean;
+    /** User metadata (creation and last sign-in times) */
+    metadata: {
+        creationTime: string;
+        lastSignInTime: string;
+    };
+    /** Provider-specific user information */
+    providerData: UserInfo[];
+    /** Custom claims set on the user */
+    customClaims?: Record<string, any>;
+}
+/**
+ * Request to create a new user
+ */
+interface CreateUserRequest {
+    /** User's email address */
+    email?: string;
+    /** Whether the email should be marked as verified */
+    emailVerified?: boolean;
+    /** User's phone number */
+    phoneNumber?: string;
+    /** User's password */
+    password?: string;
+    /** User's display name */
+    displayName?: string;
+    /** User's photo URL */
+    photoURL?: string;
+    /** Whether the user should be disabled */
+    disabled?: boolean;
+}
+/**
+ * Request to update an existing user
+ */
+interface UpdateUserRequest {
+    /** User's email address */
+    email?: string;
+    /** Whether the email should be marked as verified */
+    emailVerified?: boolean;
+    /** User's phone number */
+    phoneNumber?: string;
+    /** User's password */
+    password?: string;
+    /** User's display name */
+    displayName?: string;
+    /** User's photo URL */
+    photoURL?: string;
+    /** Whether the user should be disabled */
+    disabled?: boolean;
+}
+/**
+ * Result of listing users
+ */
+interface ListUsersResult {
+    /** Array of user records */
+    users: UserRecord[];
+    /** Token for fetching the next page (if available) */
+    pageToken?: string;
+}
 
 /**
  * Firebase Admin SDK v8 - Configuration
@@ -395,6 +470,55 @@ declare function verifySessionCookie(sessionCookie: string, checkRevoked?: boole
  */
 declare function getAuth(): any;
 
+/**
+ * Firebase User Management APIs
+ * Provides user management operations using Firebase Identity Toolkit REST API
+ */
+
+/**
+ * Look up a Firebase user by email address
+ * @param email - User's email address
+ * @returns User record or null if not found
+ */
+declare function getUserByEmail(email: string): Promise<UserRecord | null>;
+/**
+ * Look up a Firebase user by UID
+ * @param uid - User's unique ID
+ * @returns User record or null if not found
+ */
+declare function getUserByUid(uid: string): Promise<UserRecord | null>;
+/**
+ * Create a new Firebase user
+ * @param properties - User properties (email, password, displayName, etc.)
+ * @returns Created user record
+ */
+declare function createUser(properties: CreateUserRequest): Promise<UserRecord>;
+/**
+ * Update an existing Firebase user
+ * @param uid - User's unique ID
+ * @param properties - Properties to update (email, password, displayName, etc.)
+ * @returns Updated user record
+ */
+declare function updateUser(uid: string, properties: UpdateUserRequest): Promise<UserRecord>;
+/**
+ * Delete a Firebase user
+ * @param uid - User's unique ID
+ */
+declare function deleteUser(uid: string): Promise<void>;
+/**
+ * List all users with pagination
+ * @param maxResults - Maximum number of users to return (default: 1000, max: 1000)
+ * @param pageToken - Token for next page
+ * @returns List of users and next page token
+ */
+declare function listUsers(maxResults?: number, pageToken?: string): Promise<ListUsersResult>;
+/**
+ * Set custom claims on a user's ID token
+ * @param uid - User's unique ID
+ * @param customClaims - Custom claims object (max 1000 bytes when serialized)
+ */
+declare function setCustomUserClaims(uid: string, customClaims: Record<string, any> | null): Promise<void>;
+
 /**
  * Firebase Admin SDK v8 - Firestore CRUD Operations
  * All Firestore document operations using REST API
@@ -979,4 +1103,4 @@ declare function getAdminAccessToken(): Promise<string>;
  */
 declare function clearTokenCache(): void;
 
-export { type BatchWrite, type BatchWriteResult, type CustomClaims, type CustomTokenSignInResponse, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type QueryFilter, type QueryOptions, type QueryOrder, type ResumableUploadOptions, type ServiceAccount, type SessionCookieOptions, type SetOptions, type SignedUrlOptions, type TokenResponse, type UpdateOptions, type UploadOptions, type UserInfo, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, countDocuments, createCustomToken, createSessionCookie, deleteDocument, deleteFile, downloadFile, fileExists, generateSignedUrl, getAdminAccessToken, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserFromToken, initializeApp, iterateCollection, listDocuments, listFiles, queryDocuments, setDocument, signInWithCustomToken, updateDocument, uploadFile, uploadFileResumable, verifyIdToken, verifySessionCookie };
+export { type BatchWrite, type BatchWriteResult, type CreateUserRequest, type CustomClaims, type CustomTokenSignInResponse, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type ListUsersResult, type QueryFilter, type QueryOptions, type QueryOrder, type ResumableUploadOptions, type ServiceAccount, type SessionCookieOptions, type SetOptions, type SignedUrlOptions, type TokenResponse, type UpdateOptions, type UpdateUserRequest, type UploadOptions, type UserInfo, type UserRecord, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, countDocuments, createCustomToken, createSessionCookie, createUser, deleteDocument, deleteFile, deleteUser, downloadFile, fileExists, generateSignedUrl, getAdminAccessToken, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserByEmail, getUserByUid, getUserFromToken, initializeApp, iterateCollection, listDocuments, listFiles, listUsers, queryDocuments, setCustomUserClaims, setDocument, signInWithCustomToken, updateDocument, updateUser, uploadFile, uploadFileResumable, verifyIdToken, verifySessionCookie };

package/dist/index.js

@@ -208,8 +208,10 @@ __export(index_exports, {
   countDocuments: () => countDocuments,
   createCustomToken: () => createCustomToken,
   createSessionCookie: () => createSessionCookie,
+  createUser: () => createUser,
   deleteDocument: () => deleteDocument,
   deleteFile: () => deleteFile,
+  deleteUser: () => deleteUser,
   downloadFile: () => downloadFile,
   fileExists: () => fileExists,
   generateSignedUrl: () => generateSignedUrl,
@@ -220,15 +222,20 @@ __export(index_exports, {
   getFileMetadata: () => getFileMetadata,
   getProjectId: () => getProjectId,
   getServiceAccount: () => getServiceAccount,
+  getUserByEmail: () => getUserByEmail,
+  getUserByUid: () => getUserByUid,
   getUserFromToken: () => getUserFromToken,
   initializeApp: () => initializeApp,
   iterateCollection: () => iterateCollection,
   listDocuments: () => listDocuments,
   listFiles: () => listFiles,
+  listUsers: () => listUsers,
   queryDocuments: () => queryDocuments,
+  setCustomUserClaims: () => setCustomUserClaims,
   setDocument: () => setDocument,
   signInWithCustomToken: () => signInWithCustomToken,
   updateDocument: () => updateDocument,
+  updateUser: () => updateUser,
   uploadFile: () => uploadFile,
   uploadFileResumable: () => uploadFileResumable,
   verifyIdToken: () => verifyIdToken,
@@ -716,6 +723,233 @@ function getAuth() {
   };
 }
 
+// src/user-management.ts
+init_token_generation();
+init_service_account();
+var IDENTITY_TOOLKIT_API = "https://identitytoolkit.googleapis.com/v1";
+function convertToUserRecord(user) {
+  return {
+    uid: user.localId,
+    email: user.email || void 0,
+    emailVerified: user.emailVerified || false,
+    displayName: user.displayName || void 0,
+    photoURL: user.photoUrl || void 0,
+    phoneNumber: user.phoneNumber || void 0,
+    disabled: user.disabled || false,
+    metadata: {
+      creationTime: user.createdAt ? new Date(parseInt(user.createdAt)).toISOString() : (/* @__PURE__ */ new Date()).toISOString(),
+      lastSignInTime: user.lastLoginAt ? new Date(parseInt(user.lastLoginAt)).toISOString() : (/* @__PURE__ */ new Date()).toISOString()
+    },
+    providerData: user.providerUserInfo || [],
+    customClaims: user.customAttributes ? JSON.parse(user.customAttributes) : void 0
+  };
+}
+async function getUserByEmail(email) {
+  if (!email || typeof email !== "string") {
+    throw new Error("email must be a non-empty string");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:lookup`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({ email: [email] })
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to get user by email: ${response.status} ${errorText}`);
+  }
+  const data = await response.json();
+  if (!data.users || data.users.length === 0) {
+    return null;
+  }
+  return convertToUserRecord(data.users[0]);
+}
+async function getUserByUid(uid) {
+  if (!uid || typeof uid !== "string") {
+    throw new Error("uid must be a non-empty string");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:lookup`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({ localId: [uid] })
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to get user by UID: ${response.status} ${errorText}`);
+  }
+  const data = await response.json();
+  if (!data.users || data.users.length === 0) {
+    return null;
+  }
+  return convertToUserRecord(data.users[0]);
+}
+async function createUser(properties) {
+  if (!properties || typeof properties !== "object") {
+    throw new Error("properties must be an object");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const requestBody = {};
+  if (properties.email) requestBody.email = properties.email;
+  if (properties.password) requestBody.password = properties.password;
+  if (properties.displayName) requestBody.displayName = properties.displayName;
+  if (properties.photoURL) requestBody.photoUrl = properties.photoURL;
+  if (properties.phoneNumber) requestBody.phoneNumber = properties.phoneNumber;
+  if (typeof properties.emailVerified === "boolean") requestBody.emailVerified = properties.emailVerified;
+  if (typeof properties.disabled === "boolean") requestBody.disabled = properties.disabled;
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(requestBody)
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to create user: ${response.status} ${errorText}`);
+  }
+  const data = await response.json();
+  return getUserByUid(data.localId);
+}
+async function updateUser(uid, properties) {
+  if (!uid || typeof uid !== "string") {
+    throw new Error("uid must be a non-empty string");
+  }
+  if (!properties || typeof properties !== "object") {
+    throw new Error("properties must be an object");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const requestBody = { localId: uid };
+  if (properties.email) requestBody.email = properties.email;
+  if (properties.password) requestBody.password = properties.password;
+  if (properties.displayName !== void 0) requestBody.displayName = properties.displayName;
+  if (properties.photoURL !== void 0) requestBody.photoUrl = properties.photoURL;
+  if (properties.phoneNumber !== void 0) requestBody.phoneNumber = properties.phoneNumber;
+  if (typeof properties.emailVerified === "boolean") requestBody.emailVerified = properties.emailVerified;
+  if (typeof properties.disabled === "boolean") requestBody.disableUser = properties.disabled;
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:update`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(requestBody)
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to update user: ${response.status} ${errorText}`);
+  }
+  return getUserByUid(uid);
+}
+async function deleteUser(uid) {
+  if (!uid || typeof uid !== "string") {
+    throw new Error("uid must be a non-empty string");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:delete`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({ localId: uid })
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to delete user: ${response.status} ${errorText}`);
+  }
+}
+async function listUsers(maxResults = 1e3, pageToken) {
+  if (typeof maxResults !== "number" || maxResults < 1 || maxResults > 1e3) {
+    throw new Error("maxResults must be a number between 1 and 1000");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const params = new URLSearchParams({
+    maxResults: maxResults.toString()
+  });
+  if (pageToken) {
+    params.append("nextPageToken", pageToken);
+  }
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:query?${params.toString()}`,
+    {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`
+      }
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to list users: ${response.status} ${errorText}`);
+  }
+  const data = await response.json();
+  return {
+    users: (data.users || []).map(convertToUserRecord),
+    pageToken: data.nextPageToken
+  };
+}
+async function setCustomUserClaims(uid, customClaims) {
+  if (!uid || typeof uid !== "string") {
+    throw new Error("uid must be a non-empty string");
+  }
+  if (customClaims !== null) {
+    const serialized = JSON.stringify(customClaims);
+    if (new TextEncoder().encode(serialized).length > 1e3) {
+      throw new Error("customClaims must be less than 1000 bytes when serialized");
+    }
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const requestBody = {
+    localId: uid,
+    customAttributes: customClaims ? JSON.stringify(customClaims) : "{}"
+  };
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:update`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(requestBody)
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to set custom claims: ${response.status} ${errorText}`);
+  }
+}
+
 // src/field-value.ts
 function serverTimestamp() {
   return {
@@ -1896,8 +2130,10 @@ init_service_account();
   countDocuments,
   createCustomToken,
   createSessionCookie,
+  createUser,
   deleteDocument,
   deleteFile,
+  deleteUser,
   downloadFile,
   fileExists,
   generateSignedUrl,
@@ -1908,15 +2144,20 @@ init_service_account();
   getFileMetadata,
   getProjectId,
   getServiceAccount,
+  getUserByEmail,
+  getUserByUid,
   getUserFromToken,
   initializeApp,
   iterateCollection,
   listDocuments,
   listFiles,
+  listUsers,
   queryDocuments,
+  setCustomUserClaims,
   setDocument,
   signInWithCustomToken,
   updateDocument,
+  updateUser,
   uploadFile,
   uploadFileResumable,
   verifyIdToken,

package/dist/index.mjs

@@ -484,6 +484,231 @@ function getAuth() {
   };
 }
 
+// src/user-management.ts
+var IDENTITY_TOOLKIT_API = "https://identitytoolkit.googleapis.com/v1";
+function convertToUserRecord(user) {
+  return {
+    uid: user.localId,
+    email: user.email || void 0,
+    emailVerified: user.emailVerified || false,
+    displayName: user.displayName || void 0,
+    photoURL: user.photoUrl || void 0,
+    phoneNumber: user.phoneNumber || void 0,
+    disabled: user.disabled || false,
+    metadata: {
+      creationTime: user.createdAt ? new Date(parseInt(user.createdAt)).toISOString() : (/* @__PURE__ */ new Date()).toISOString(),
+      lastSignInTime: user.lastLoginAt ? new Date(parseInt(user.lastLoginAt)).toISOString() : (/* @__PURE__ */ new Date()).toISOString()
+    },
+    providerData: user.providerUserInfo || [],
+    customClaims: user.customAttributes ? JSON.parse(user.customAttributes) : void 0
+  };
+}
+async function getUserByEmail(email) {
+  if (!email || typeof email !== "string") {
+    throw new Error("email must be a non-empty string");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:lookup`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({ email: [email] })
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to get user by email: ${response.status} ${errorText}`);
+  }
+  const data = await response.json();
+  if (!data.users || data.users.length === 0) {
+    return null;
+  }
+  return convertToUserRecord(data.users[0]);
+}
+async function getUserByUid(uid) {
+  if (!uid || typeof uid !== "string") {
+    throw new Error("uid must be a non-empty string");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:lookup`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({ localId: [uid] })
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to get user by UID: ${response.status} ${errorText}`);
+  }
+  const data = await response.json();
+  if (!data.users || data.users.length === 0) {
+    return null;
+  }
+  return convertToUserRecord(data.users[0]);
+}
+async function createUser(properties) {
+  if (!properties || typeof properties !== "object") {
+    throw new Error("properties must be an object");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const requestBody = {};
+  if (properties.email) requestBody.email = properties.email;
+  if (properties.password) requestBody.password = properties.password;
+  if (properties.displayName) requestBody.displayName = properties.displayName;
+  if (properties.photoURL) requestBody.photoUrl = properties.photoURL;
+  if (properties.phoneNumber) requestBody.phoneNumber = properties.phoneNumber;
+  if (typeof properties.emailVerified === "boolean") requestBody.emailVerified = properties.emailVerified;
+  if (typeof properties.disabled === "boolean") requestBody.disabled = properties.disabled;
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(requestBody)
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to create user: ${response.status} ${errorText}`);
+  }
+  const data = await response.json();
+  return getUserByUid(data.localId);
+}
+async function updateUser(uid, properties) {
+  if (!uid || typeof uid !== "string") {
+    throw new Error("uid must be a non-empty string");
+  }
+  if (!properties || typeof properties !== "object") {
+    throw new Error("properties must be an object");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const requestBody = { localId: uid };
+  if (properties.email) requestBody.email = properties.email;
+  if (properties.password) requestBody.password = properties.password;
+  if (properties.displayName !== void 0) requestBody.displayName = properties.displayName;
+  if (properties.photoURL !== void 0) requestBody.photoUrl = properties.photoURL;
+  if (properties.phoneNumber !== void 0) requestBody.phoneNumber = properties.phoneNumber;
+  if (typeof properties.emailVerified === "boolean") requestBody.emailVerified = properties.emailVerified;
+  if (typeof properties.disabled === "boolean") requestBody.disableUser = properties.disabled;
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:update`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(requestBody)
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to update user: ${response.status} ${errorText}`);
+  }
+  return getUserByUid(uid);
+}
+async function deleteUser(uid) {
+  if (!uid || typeof uid !== "string") {
+    throw new Error("uid must be a non-empty string");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:delete`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({ localId: uid })
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to delete user: ${response.status} ${errorText}`);
+  }
+}
+async function listUsers(maxResults = 1e3, pageToken) {
+  if (typeof maxResults !== "number" || maxResults < 1 || maxResults > 1e3) {
+    throw new Error("maxResults must be a number between 1 and 1000");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const params = new URLSearchParams({
+    maxResults: maxResults.toString()
+  });
+  if (pageToken) {
+    params.append("nextPageToken", pageToken);
+  }
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:query?${params.toString()}`,
+    {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`
+      }
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to list users: ${response.status} ${errorText}`);
+  }
+  const data = await response.json();
+  return {
+    users: (data.users || []).map(convertToUserRecord),
+    pageToken: data.nextPageToken
+  };
+}
+async function setCustomUserClaims(uid, customClaims) {
+  if (!uid || typeof uid !== "string") {
+    throw new Error("uid must be a non-empty string");
+  }
+  if (customClaims !== null) {
+    const serialized = JSON.stringify(customClaims);
+    if (new TextEncoder().encode(serialized).length > 1e3) {
+      throw new Error("customClaims must be less than 1000 bytes when serialized");
+    }
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const requestBody = {
+    localId: uid,
+    customAttributes: customClaims ? JSON.stringify(customClaims) : "{}"
+  };
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:update`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(requestBody)
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to set custom claims: ${response.status} ${errorText}`);
+  }
+}
+
 // src/field-value.ts
 function serverTimestamp() {
   return {
@@ -1650,8 +1875,10 @@ export {
   countDocuments,
   createCustomToken,
   createSessionCookie,
+  createUser,
   deleteDocument,
   deleteFile,
+  deleteUser,
   downloadFile,
   fileExists,
   generateSignedUrl,
@@ -1662,15 +1889,20 @@ export {
   getFileMetadata,
   getProjectId,
   getServiceAccount,
+  getUserByEmail,
+  getUserByUid,
   getUserFromToken,
   initializeApp,
   iterateCollection,
   listDocuments,
   listFiles,
+  listUsers,
   queryDocuments,
+  setCustomUserClaims,
   setDocument,
   signInWithCustomToken,
   updateDocument,
+  updateUser,
   uploadFile,
   uploadFileResumable,
   verifyIdToken,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prmichaelsen/firebase-admin-sdk-v8",
-  "version": "2.4.2",
+  "version": "2.5.0",
   "description": "Firebase Admin SDK for Cloudflare Workers and edge runtimes using REST APIs",
   "main": "dist/index.js",
   "module": "dist/index.mjs",