@prmichaelsen/firebase-admin-sdk-v8 2.8.0 → 2.9.0

package/CHANGELOG.md

@@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.9.0] - 2026-03-19
+
+### Added
+- **Password Reset Link Generation (`generatePasswordResetLink`)**: Generate password reset links via Identity Toolkit API
+  - `generatePasswordResetLink(email, actionCodeSettings?)` - Generate out-of-band password reset link
+  - Supports `ActionCodeSettings` for custom continue URLs, mobile deep linking (iOS/Android), and custom hosting domains
+  - Returns the OOB link for sending via custom email delivery
+  - 6 unit tests + 3 e2e tests
+
 ## [2.8.0] - 2026-03-12
 
 ### Added

package/dist/index.d.mts

@@ -258,6 +258,36 @@ interface ListUsersResult {
     /** Token for fetching the next page (if available) */
     pageToken?: string;
 }
+/**
+ * Settings for email action links (password reset, email verification, etc.)
+ */
+interface ActionCodeSettings {
+    /** The continue/state URL to redirect to after the action is completed */
+    url: string;
+    /** Whether the action link should be opened in a mobile app or web */
+    handleCodeInApp?: boolean;
+    /** iOS-specific settings */
+    iOS?: {
+        /** The iOS bundle ID of the app to open the link in */
+        bundleId: string;
+    };
+    /** Android-specific settings */
+    android?: {
+        /** The Android package name of the app to open the link in */
+        packageName: string;
+        /** Whether to install the app if not already installed */
+        installApp?: boolean;
+        /** Minimum Android app version required */
+        minimumVersion?: string;
+    };
+    /**
+     * The domain to use for Dynamic Links
+     * @deprecated Use linkDomain instead
+     */
+    dynamicLinkDomain?: string;
+    /** Custom Firebase Hosting domain to use for the link */
+    linkDomain?: string;
+}
 
 /**
  * Firebase Admin SDK v8 - Configuration
@@ -518,6 +548,26 @@ declare function listUsers(maxResults?: number, pageToken?: string): Promise<Lis
  * @param customClaims - Custom claims object (max 1000 bytes when serialized)
  */
 declare function setCustomUserClaims(uid: string, customClaims: Record<string, any> | null): Promise<void>;
+/**
+ * Generate a password reset link for the given email address
+ *
+ * Returns an out-of-band (OOB) link that can be sent to the user
+ * via a custom email delivery mechanism.
+ *
+ * @param email - User's email address
+ * @param actionCodeSettings - Optional settings for the action code
+ * @returns Password reset link URL
+ *
+ * @example
+ * ```typescript
+ * const link = await generatePasswordResetLink('user@example.com', {
+ *   url: 'https://example.com/login',
+ * });
+ * // Send the link via your own email service
+ * await sendEmail(email, `Reset your password: ${link}`);
+ * ```
+ */
+declare function generatePasswordResetLink(email: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
 
 /**
  * Firebase Admin SDK v8 - Firestore CRUD Operations
@@ -1286,4 +1336,4 @@ declare function getAdminAccessToken(): Promise<string>;
  */
 declare function clearTokenCache(): void;
 
-export { type AndroidConfig, type AndroidNotification, type ApnsConfig, type BatchWrite, type BatchWriteResult, type CreateUserRequest, type CustomClaims, type CustomTokenSignInResponse, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, type Notification as FcmNotification, type FcmOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type ListUsersResult, type Message, type QueryFilter, type QueryOptions, type QueryOrder, type ResumableUploadOptions, type SendResponse, type ServiceAccount, type SessionCookieOptions, type SetOptions, type SignedUrlOptions, type TokenResponse, type TopicManagementError, type TopicManagementResponse, type UpdateOptions, type UpdateUserRequest, type UploadOptions, type UserInfo, type UserRecord, type WebpushConfig, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, countDocuments, createCustomToken, createSessionCookie, createUser, deleteDocument, deleteFile, deleteUser, downloadFile, fileExists, generateSignedUrl, getAdminAccessToken, getAll, getAllByPaths, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserByEmail, getUserByUid, getUserFromToken, initializeApp, iterateCollection, listDocuments, listFiles, listUsers, queryDocuments, sendMessage, setCustomUserClaims, setDocument, signInWithCustomToken, subscribeToTopic, unsubscribeFromTopic, updateDocument, updateUser, uploadFile, uploadFileResumable, verifyIdToken, verifySessionCookie };
+export { type ActionCodeSettings, type AndroidConfig, type AndroidNotification, type ApnsConfig, type BatchWrite, type BatchWriteResult, type CreateUserRequest, type CustomClaims, type CustomTokenSignInResponse, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, type Notification as FcmNotification, type FcmOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type ListUsersResult, type Message, type QueryFilter, type QueryOptions, type QueryOrder, type ResumableUploadOptions, type SendResponse, type ServiceAccount, type SessionCookieOptions, type SetOptions, type SignedUrlOptions, type TokenResponse, type TopicManagementError, type TopicManagementResponse, type UpdateOptions, type UpdateUserRequest, type UploadOptions, type UserInfo, type UserRecord, type WebpushConfig, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, countDocuments, createCustomToken, createSessionCookie, createUser, deleteDocument, deleteFile, deleteUser, downloadFile, fileExists, generatePasswordResetLink, generateSignedUrl, getAdminAccessToken, getAll, getAllByPaths, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserByEmail, getUserByUid, getUserFromToken, initializeApp, iterateCollection, listDocuments, listFiles, listUsers, queryDocuments, sendMessage, setCustomUserClaims, setDocument, signInWithCustomToken, subscribeToTopic, unsubscribeFromTopic, updateDocument, updateUser, uploadFile, uploadFileResumable, verifyIdToken, verifySessionCookie };

package/dist/index.d.ts

@@ -258,6 +258,36 @@ interface ListUsersResult {
     /** Token for fetching the next page (if available) */
     pageToken?: string;
 }
+/**
+ * Settings for email action links (password reset, email verification, etc.)
+ */
+interface ActionCodeSettings {
+    /** The continue/state URL to redirect to after the action is completed */
+    url: string;
+    /** Whether the action link should be opened in a mobile app or web */
+    handleCodeInApp?: boolean;
+    /** iOS-specific settings */
+    iOS?: {
+        /** The iOS bundle ID of the app to open the link in */
+        bundleId: string;
+    };
+    /** Android-specific settings */
+    android?: {
+        /** The Android package name of the app to open the link in */
+        packageName: string;
+        /** Whether to install the app if not already installed */
+        installApp?: boolean;
+        /** Minimum Android app version required */
+        minimumVersion?: string;
+    };
+    /**
+     * The domain to use for Dynamic Links
+     * @deprecated Use linkDomain instead
+     */
+    dynamicLinkDomain?: string;
+    /** Custom Firebase Hosting domain to use for the link */
+    linkDomain?: string;
+}
 
 /**
  * Firebase Admin SDK v8 - Configuration
@@ -518,6 +548,26 @@ declare function listUsers(maxResults?: number, pageToken?: string): Promise<Lis
  * @param customClaims - Custom claims object (max 1000 bytes when serialized)
  */
 declare function setCustomUserClaims(uid: string, customClaims: Record<string, any> | null): Promise<void>;
+/**
+ * Generate a password reset link for the given email address
+ *
+ * Returns an out-of-band (OOB) link that can be sent to the user
+ * via a custom email delivery mechanism.
+ *
+ * @param email - User's email address
+ * @param actionCodeSettings - Optional settings for the action code
+ * @returns Password reset link URL
+ *
+ * @example
+ * ```typescript
+ * const link = await generatePasswordResetLink('user@example.com', {
+ *   url: 'https://example.com/login',
+ * });
+ * // Send the link via your own email service
+ * await sendEmail(email, `Reset your password: ${link}`);
+ * ```
+ */
+declare function generatePasswordResetLink(email: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
 
 /**
  * Firebase Admin SDK v8 - Firestore CRUD Operations
@@ -1286,4 +1336,4 @@ declare function getAdminAccessToken(): Promise<string>;
  */
 declare function clearTokenCache(): void;
 
-export { type AndroidConfig, type AndroidNotification, type ApnsConfig, type BatchWrite, type BatchWriteResult, type CreateUserRequest, type CustomClaims, type CustomTokenSignInResponse, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, type Notification as FcmNotification, type FcmOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type ListUsersResult, type Message, type QueryFilter, type QueryOptions, type QueryOrder, type ResumableUploadOptions, type SendResponse, type ServiceAccount, type SessionCookieOptions, type SetOptions, type SignedUrlOptions, type TokenResponse, type TopicManagementError, type TopicManagementResponse, type UpdateOptions, type UpdateUserRequest, type UploadOptions, type UserInfo, type UserRecord, type WebpushConfig, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, countDocuments, createCustomToken, createSessionCookie, createUser, deleteDocument, deleteFile, deleteUser, downloadFile, fileExists, generateSignedUrl, getAdminAccessToken, getAll, getAllByPaths, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserByEmail, getUserByUid, getUserFromToken, initializeApp, iterateCollection, listDocuments, listFiles, listUsers, queryDocuments, sendMessage, setCustomUserClaims, setDocument, signInWithCustomToken, subscribeToTopic, unsubscribeFromTopic, updateDocument, updateUser, uploadFile, uploadFileResumable, verifyIdToken, verifySessionCookie };
+export { type ActionCodeSettings, type AndroidConfig, type AndroidNotification, type ApnsConfig, type BatchWrite, type BatchWriteResult, type CreateUserRequest, type CustomClaims, type CustomTokenSignInResponse, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, type Notification as FcmNotification, type FcmOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type ListUsersResult, type Message, type QueryFilter, type QueryOptions, type QueryOrder, type ResumableUploadOptions, type SendResponse, type ServiceAccount, type SessionCookieOptions, type SetOptions, type SignedUrlOptions, type TokenResponse, type TopicManagementError, type TopicManagementResponse, type UpdateOptions, type UpdateUserRequest, type UploadOptions, type UserInfo, type UserRecord, type WebpushConfig, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, countDocuments, createCustomToken, createSessionCookie, createUser, deleteDocument, deleteFile, deleteUser, downloadFile, fileExists, generatePasswordResetLink, generateSignedUrl, getAdminAccessToken, getAll, getAllByPaths, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserByEmail, getUserByUid, getUserFromToken, initializeApp, iterateCollection, listDocuments, listFiles, listUsers, queryDocuments, sendMessage, setCustomUserClaims, setDocument, signInWithCustomToken, subscribeToTopic, unsubscribeFromTopic, updateDocument, updateUser, uploadFile, uploadFileResumable, verifyIdToken, verifySessionCookie };

package/dist/index.js

@@ -214,6 +214,7 @@ __export(index_exports, {
   deleteUser: () => deleteUser,
   downloadFile: () => downloadFile,
   fileExists: () => fileExists,
+  generatePasswordResetLink: () => generatePasswordResetLink,
   generateSignedUrl: () => generateSignedUrl,
   getAdminAccessToken: () => getAdminAccessToken,
   getAll: () => getAll,
@@ -954,6 +955,67 @@ async function setCustomUserClaims(uid, customClaims) {
     throw new Error(`Failed to set custom claims: ${response.status} ${errorText}`);
   }
 }
+function buildActionCodeSettingsRequest(settings) {
+  const request = {};
+  request.continueUrl = settings.url;
+  if (typeof settings.handleCodeInApp === "boolean") {
+    request.canHandleCodeInApp = settings.handleCodeInApp;
+  }
+  if (settings.iOS?.bundleId) {
+    request.iOSBundleId = settings.iOS.bundleId;
+  }
+  if (settings.android) {
+    request.androidPackageName = settings.android.packageName;
+    if (typeof settings.android.installApp === "boolean") {
+      request.androidInstallApp = settings.android.installApp;
+    }
+    if (settings.android.minimumVersion) {
+      request.androidMinimumVersion = settings.android.minimumVersion;
+    }
+  }
+  if (settings.dynamicLinkDomain) {
+    request.dynamicLinkDomain = settings.dynamicLinkDomain;
+  }
+  if (settings.linkDomain) {
+    request.linkDomain = settings.linkDomain;
+  }
+  return request;
+}
+async function generatePasswordResetLink(email, actionCodeSettings) {
+  if (!email || typeof email !== "string") {
+    throw new Error("email must be a non-empty string");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const requestBody = {
+    requestType: "PASSWORD_RESET",
+    email,
+    returnOobLink: true
+  };
+  if (actionCodeSettings) {
+    Object.assign(requestBody, buildActionCodeSettingsRequest(actionCodeSettings));
+  }
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:sendOobCode`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(requestBody)
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to generate password reset link: ${response.status} ${errorText}`);
+  }
+  const data = await response.json();
+  if (!data.oobLink) {
+    throw new Error("Password reset link not returned by server");
+  }
+  return data.oobLink;
+}
 
 // src/field-value.ts
 function serverTimestamp() {
@@ -2332,6 +2394,7 @@ init_service_account();
   deleteUser,
   downloadFile,
   fileExists,
+  generatePasswordResetLink,
   generateSignedUrl,
   getAdminAccessToken,
   getAll,

package/dist/index.mjs

@@ -708,6 +708,67 @@ async function setCustomUserClaims(uid, customClaims) {
     throw new Error(`Failed to set custom claims: ${response.status} ${errorText}`);
   }
 }
+function buildActionCodeSettingsRequest(settings) {
+  const request = {};
+  request.continueUrl = settings.url;
+  if (typeof settings.handleCodeInApp === "boolean") {
+    request.canHandleCodeInApp = settings.handleCodeInApp;
+  }
+  if (settings.iOS?.bundleId) {
+    request.iOSBundleId = settings.iOS.bundleId;
+  }
+  if (settings.android) {
+    request.androidPackageName = settings.android.packageName;
+    if (typeof settings.android.installApp === "boolean") {
+      request.androidInstallApp = settings.android.installApp;
+    }
+    if (settings.android.minimumVersion) {
+      request.androidMinimumVersion = settings.android.minimumVersion;
+    }
+  }
+  if (settings.dynamicLinkDomain) {
+    request.dynamicLinkDomain = settings.dynamicLinkDomain;
+  }
+  if (settings.linkDomain) {
+    request.linkDomain = settings.linkDomain;
+  }
+  return request;
+}
+async function generatePasswordResetLink(email, actionCodeSettings) {
+  if (!email || typeof email !== "string") {
+    throw new Error("email must be a non-empty string");
+  }
+  const projectId = getProjectId();
+  const accessToken = await getAdminAccessToken();
+  const requestBody = {
+    requestType: "PASSWORD_RESET",
+    email,
+    returnOobLink: true
+  };
+  if (actionCodeSettings) {
+    Object.assign(requestBody, buildActionCodeSettingsRequest(actionCodeSettings));
+  }
+  const response = await fetch(
+    `${IDENTITY_TOOLKIT_API}/projects/${projectId}/accounts:sendOobCode`,
+    {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(requestBody)
+    }
+  );
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to generate password reset link: ${response.status} ${errorText}`);
+  }
+  const data = await response.json();
+  if (!data.oobLink) {
+    throw new Error("Password reset link not returned by server");
+  }
+  return data.oobLink;
+}
 
 // src/field-value.ts
 function serverTimestamp() {
@@ -2070,6 +2131,7 @@ export {
   deleteUser,
   downloadFile,
   fileExists,
+  generatePasswordResetLink,
   generateSignedUrl,
   getAdminAccessToken,
   getAll,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prmichaelsen/firebase-admin-sdk-v8",
-  "version": "2.8.0",
+  "version": "2.9.0",
   "description": "Firebase Admin SDK for Cloudflare Workers and edge runtimes using REST APIs",
   "main": "dist/index.js",
   "module": "dist/index.mjs",