firebase-admin 9.12.0 → 10.0.1

package/lib/auth/index.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v9.12.0 */
+/*! firebase-admin v10.0.1 */
 "use strict";
 /*!
  * Copyright 2020 Google Inc.
@@ -16,3 +16,56 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAuth = void 0;
+/**
+ * Firebase Authentication.
+ *
+ * @packageDocumentation
+ */
+var index_1 = require("../app/index");
+var auth_1 = require("./auth");
+/**
+ * Gets the {@link Auth} service for the default app or a
+ * given app.
+ *
+ * `getAuth()` can be called with no arguments to access the default app's
+ * {@link Auth} service or as `getAuth(app)` to access the
+ * {@link Auth} service associated with a specific app.
+ *
+ * @example
+ * ```javascript
+ * // Get the Auth service for the default app
+ * const defaultAuth = getAuth();
+ * ```
+ *
+ * @example
+ * ```javascript
+ * // Get the Auth service for a given app
+ * const otherAuth = getAuth(otherApp);
+ * ```
+ *
+ */
+function getAuth(app) {
+    if (typeof app === 'undefined') {
+        app = index_1.getApp();
+    }
+    var firebaseApp = app;
+    return firebaseApp.getOrInitService('auth', function (app) { return new auth_1.Auth(app); });
+}
+exports.getAuth = getAuth;
+var auth_2 = require("./auth");
+Object.defineProperty(exports, "Auth", { enumerable: true, get: function () { return auth_2.Auth; } });
+var base_auth_1 = require("./base-auth");
+Object.defineProperty(exports, "BaseAuth", { enumerable: true, get: function () { return base_auth_1.BaseAuth; } });
+var tenant_1 = require("./tenant");
+Object.defineProperty(exports, "Tenant", { enumerable: true, get: function () { return tenant_1.Tenant; } });
+var tenant_manager_1 = require("./tenant-manager");
+Object.defineProperty(exports, "TenantAwareAuth", { enumerable: true, get: function () { return tenant_manager_1.TenantAwareAuth; } });
+Object.defineProperty(exports, "TenantManager", { enumerable: true, get: function () { return tenant_manager_1.TenantManager; } });
+var user_record_1 = require("./user-record");
+Object.defineProperty(exports, "MultiFactorInfo", { enumerable: true, get: function () { return user_record_1.MultiFactorInfo; } });
+Object.defineProperty(exports, "MultiFactorSettings", { enumerable: true, get: function () { return user_record_1.MultiFactorSettings; } });
+Object.defineProperty(exports, "PhoneMultiFactorInfo", { enumerable: true, get: function () { return user_record_1.PhoneMultiFactorInfo; } });
+Object.defineProperty(exports, "UserInfo", { enumerable: true, get: function () { return user_record_1.UserInfo; } });
+Object.defineProperty(exports, "UserMetadata", { enumerable: true, get: function () { return user_record_1.UserMetadata; } });
+Object.defineProperty(exports, "UserRecord", { enumerable: true, get: function () { return user_record_1.UserRecord; } });

package/lib/auth/tenant-manager.d.ts

@@ -0,0 +1,146 @@
+/*! firebase-admin v10.0.1 */
+/*!
+ * Copyright 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { BaseAuth, SessionCookieOptions } from './base-auth';
+import { Tenant, CreateTenantRequest, UpdateTenantRequest } from './tenant';
+import { DecodedIdToken } from './token-verifier';
+/**
+ * Interface representing the object returned from a
+ * {@link TenantManager.listTenants}
+ * operation.
+ * Contains the list of tenants for the current batch and the next page token if available.
+ */
+export interface ListTenantsResult {
+    /**
+     * The list of {@link Tenant} objects for the downloaded batch.
+     */
+    tenants: Tenant[];
+    /**
+     * The next page token if available. This is needed for the next batch download.
+     */
+    pageToken?: string;
+}
+/**
+ * Tenant-aware `Auth` interface used for managing users, configuring SAML/OIDC providers,
+ * generating email links for password reset, email verification, etc for specific tenants.
+ *
+ * Multi-tenancy support requires Google Cloud's Identity Platform
+ * (GCIP). To learn more about GCIP, including pricing and features,
+ * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
+ *
+ * Each tenant contains its own identity providers, settings and sets of users.
+ * Using `TenantAwareAuth`, users for a specific tenant and corresponding OIDC/SAML
+ * configurations can also be managed, ID tokens for users signed in to a specific tenant
+ * can be verified, and email action links can also be generated for users belonging to the
+ * tenant.
+ *
+ * `TenantAwareAuth` instances for a specific `tenantId` can be instantiated by calling
+ * {@link TenantManager.authForTenant}.
+ */
+export declare class TenantAwareAuth extends BaseAuth {
+    /**
+     * The tenant identifier corresponding to this `TenantAwareAuth` instance.
+     * All calls to the user management APIs, OIDC/SAML provider management APIs, email link
+     * generation APIs, etc will only be applied within the scope of this tenant.
+     */
+    readonly tenantId: string;
+    /**
+     * {@inheritdoc BaseAuth.verifyIdToken}
+     */
+    verifyIdToken(idToken: string, checkRevoked?: boolean): Promise<DecodedIdToken>;
+    /**
+     * {@inheritdoc BaseAuth.createSessionCookie}
+     */
+    createSessionCookie(idToken: string, sessionCookieOptions: SessionCookieOptions): Promise<string>;
+    /**
+     * {@inheritdoc BaseAuth.verifySessionCookie}
+     */
+    verifySessionCookie(sessionCookie: string, checkRevoked?: boolean): Promise<DecodedIdToken>;
+}
+/**
+ * Defines the tenant manager used to help manage tenant related operations.
+ * This includes:
+ * <ul>
+ * <li>The ability to create, update, list, get and delete tenants for the underlying
+ *     project.</li>
+ * <li>Getting a `TenantAwareAuth` instance for running Auth related operations
+ *     (user management, provider configuration management, token verification,
+ *     email link generation, etc) in the context of a specified tenant.</li>
+ * </ul>
+ */
+export declare class TenantManager {
+    private readonly app;
+    private readonly authRequestHandler;
+    private readonly tenantsMap;
+    /**
+     * Returns a `TenantAwareAuth` instance bound to the given tenant ID.
+     *
+     * @param tenantId - The tenant ID whose `TenantAwareAuth` instance is to be returned.
+     *
+     * @returns The `TenantAwareAuth` instance corresponding to this tenant identifier.
+     */
+    authForTenant(tenantId: string): TenantAwareAuth;
+    /**
+     * Gets the tenant configuration for the tenant corresponding to a given `tenantId`.
+     *
+     * @param tenantId - The tenant identifier corresponding to the tenant whose data to fetch.
+     *
+     * @returns A promise fulfilled with the tenant configuration to the provided `tenantId`.
+     */
+    getTenant(tenantId: string): Promise<Tenant>;
+    /**
+     * Retrieves a list of tenants (single batch only) with a size of `maxResults`
+     * starting from the offset as specified by `pageToken`. This is used to
+     * retrieve all the tenants of a specified project in batches.
+     *
+     * @param maxResults - The page size, 1000 if undefined. This is also
+     *   the maximum allowed limit.
+     * @param pageToken - The next page token. If not specified, returns
+     *   tenants starting without any offset.
+     *
+     * @returns A promise that resolves with
+     *   a batch of downloaded tenants and the next page token.
+     */
+    listTenants(maxResults?: number, pageToken?: string): Promise<ListTenantsResult>;
+    /**
+     * Deletes an existing tenant.
+     *
+     * @param tenantId - The `tenantId` corresponding to the tenant to delete.
+     *
+     * @returns An empty promise fulfilled once the tenant has been deleted.
+     */
+    deleteTenant(tenantId: string): Promise<void>;
+    /**
+     * Creates a new tenant.
+     * When creating new tenants, tenants that use separate billing and quota will require their
+     * own project and must be defined as `full_service`.
+     *
+     * @param tenantOptions - The properties to set on the new tenant configuration to be created.
+     *
+     * @returns A promise fulfilled with the tenant configuration corresponding to the newly
+     *   created tenant.
+     */
+    createTenant(tenantOptions: CreateTenantRequest): Promise<Tenant>;
+    /**
+     * Updates an existing tenant configuration.
+     *
+     * @param tenantId - The `tenantId` corresponding to the tenant to delete.
+     * @param tenantOptions - The properties to update on the provided tenant.
+     *
+     * @returns A promise fulfilled with the update tenant data.
+     */
+    updateTenant(tenantId: string, tenantOptions: UpdateTenantRequest): Promise<Tenant>;
+}

package/lib/auth/tenant-manager.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v9.12.0 */
+/*! firebase-admin v10.0.1 */
 "use strict";
 /*!
  * Copyright 2019 Google Inc.
@@ -15,24 +15,129 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TenantManager = void 0;
-var auth_api_request_1 = require("./auth-api-request");
-var auth_1 = require("./auth");
-var tenant_1 = require("./tenant");
-var error_1 = require("../utils/error");
+exports.TenantManager = exports.TenantAwareAuth = void 0;
 var validator = require("../utils/validator");
+var utils = require("../utils/index");
+var error_1 = require("../utils/error");
+var base_auth_1 = require("./base-auth");
+var tenant_1 = require("./tenant");
+var auth_api_request_1 = require("./auth-api-request");
 /**
- * Data structure used to help manage tenant related operations.
+ * Tenant-aware `Auth` interface used for managing users, configuring SAML/OIDC providers,
+ * generating email links for password reset, email verification, etc for specific tenants.
+ *
+ * Multi-tenancy support requires Google Cloud's Identity Platform
+ * (GCIP). To learn more about GCIP, including pricing and features,
+ * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
+ *
+ * Each tenant contains its own identity providers, settings and sets of users.
+ * Using `TenantAwareAuth`, users for a specific tenant and corresponding OIDC/SAML
+ * configurations can also be managed, ID tokens for users signed in to a specific tenant
+ * can be verified, and email action links can also be generated for users belonging to the
+ * tenant.
+ *
+ * `TenantAwareAuth` instances for a specific `tenantId` can be instantiated by calling
+ * {@link TenantManager.authForTenant}.
+ */
+var TenantAwareAuth = /** @class */ (function (_super) {
+    __extends(TenantAwareAuth, _super);
+    /**
+     * The TenantAwareAuth class constructor.
+     *
+     * @param app - The app that created this tenant.
+     * @param tenantId - The corresponding tenant ID.
+     * @constructor
+     * @internal
+     */
+    function TenantAwareAuth(app, tenantId) {
+        var _this = _super.call(this, app, new auth_api_request_1.TenantAwareAuthRequestHandler(app, tenantId), base_auth_1.createFirebaseTokenGenerator(app, tenantId)) || this;
+        utils.addReadonlyGetter(_this, 'tenantId', tenantId);
+        return _this;
+    }
+    /**
+     * {@inheritdoc BaseAuth.verifyIdToken}
+     */
+    TenantAwareAuth.prototype.verifyIdToken = function (idToken, checkRevoked) {
+        var _this = this;
+        if (checkRevoked === void 0) { checkRevoked = false; }
+        return _super.prototype.verifyIdToken.call(this, idToken, checkRevoked)
+            .then(function (decodedClaims) {
+            // Validate tenant ID.
+            if (decodedClaims.firebase.tenant !== _this.tenantId) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISMATCHING_TENANT_ID);
+            }
+            return decodedClaims;
+        });
+    };
+    /**
+     * {@inheritdoc BaseAuth.createSessionCookie}
+     */
+    TenantAwareAuth.prototype.createSessionCookie = function (idToken, sessionCookieOptions) {
+        var _this = this;
+        // Validate arguments before processing.
+        if (!validator.isNonEmptyString(idToken)) {
+            return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ID_TOKEN));
+        }
+        if (!validator.isNonNullObject(sessionCookieOptions) ||
+            !validator.isNumber(sessionCookieOptions.expiresIn)) {
+            return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_SESSION_COOKIE_DURATION));
+        }
+        // This will verify the ID token and then match the tenant ID before creating the session cookie.
+        return this.verifyIdToken(idToken)
+            .then(function () {
+            return _super.prototype.createSessionCookie.call(_this, idToken, sessionCookieOptions);
+        });
+    };
+    /**
+     * {@inheritdoc BaseAuth.verifySessionCookie}
+     */
+    TenantAwareAuth.prototype.verifySessionCookie = function (sessionCookie, checkRevoked) {
+        var _this = this;
+        if (checkRevoked === void 0) { checkRevoked = false; }
+        return _super.prototype.verifySessionCookie.call(this, sessionCookie, checkRevoked)
+            .then(function (decodedClaims) {
+            if (decodedClaims.firebase.tenant !== _this.tenantId) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISMATCHING_TENANT_ID);
+            }
+            return decodedClaims;
+        });
+    };
+    return TenantAwareAuth;
+}(base_auth_1.BaseAuth));
+exports.TenantAwareAuth = TenantAwareAuth;
+/**
+ * Defines the tenant manager used to help manage tenant related operations.
  * This includes:
- * - The ability to create, update, list, get and delete tenants for the underlying project.
- * - Getting a TenantAwareAuth instance for running Auth related operations (user mgmt, provider config mgmt, etc)
- *   in the context of a specified tenant.
+ * <ul>
+ * <li>The ability to create, update, list, get and delete tenants for the underlying
+ *     project.</li>
+ * <li>Getting a `TenantAwareAuth` instance for running Auth related operations
+ *     (user management, provider configuration management, token verification,
+ *     email link generation, etc) in the context of a specified tenant.</li>
+ * </ul>
  */
 var TenantManager = /** @class */ (function () {
     /**
      * Initializes a TenantManager instance for a specified FirebaseApp.
-     * @param app The app for this TenantManager instance.
+     *
+     * @param app - The app for this TenantManager instance.
+     *
+     * @constructor
+     * @internal
      */
     function TenantManager(app) {
         this.app = app;
@@ -40,26 +145,27 @@ var TenantManager = /** @class */ (function () {
         this.tenantsMap = {};
     }
     /**
-     * Returns a TenantAwareAuth instance for the corresponding tenant ID.
+     * Returns a `TenantAwareAuth` instance bound to the given tenant ID.
+     *
+     * @param tenantId - The tenant ID whose `TenantAwareAuth` instance is to be returned.
      *
-     * @param tenantId The tenant ID whose TenantAwareAuth is to be returned.
-     * @return The corresponding TenantAwareAuth instance.
+     * @returns The `TenantAwareAuth` instance corresponding to this tenant identifier.
      */
     TenantManager.prototype.authForTenant = function (tenantId) {
         if (!validator.isNonEmptyString(tenantId)) {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_TENANT_ID);
         }
         if (typeof this.tenantsMap[tenantId] === 'undefined') {
-            this.tenantsMap[tenantId] = new auth_1.TenantAwareAuth(this.app, tenantId);
+            this.tenantsMap[tenantId] = new TenantAwareAuth(this.app, tenantId);
         }
         return this.tenantsMap[tenantId];
     };
     /**
-     * Looks up the tenant identified by the provided tenant ID and returns a promise that is
-     * fulfilled with the corresponding tenant if it is found.
+     * Gets the tenant configuration for the tenant corresponding to a given `tenantId`.
      *
-     * @param tenantId The tenant ID of the tenant to look up.
-     * @return A promise that resolves with the corresponding tenant.
+     * @param tenantId - The tenant identifier corresponding to the tenant whose data to fetch.
+     *
+     * @returns A promise fulfilled with the tenant configuration to the provided `tenantId`.
      */
     TenantManager.prototype.getTenant = function (tenantId) {
         return this.authRequestHandler.getTenant(tenantId)
@@ -68,16 +174,17 @@ var TenantManager = /** @class */ (function () {
         });
     };
     /**
-     * Exports a batch of tenant accounts. Batch size is determined by the maxResults argument.
-     * Starting point of the batch is determined by the pageToken argument.
+     * Retrieves a list of tenants (single batch only) with a size of `maxResults`
+     * starting from the offset as specified by `pageToken`. This is used to
+     * retrieve all the tenants of a specified project in batches.
+     *
+     * @param maxResults - The page size, 1000 if undefined. This is also
+     *   the maximum allowed limit.
+     * @param pageToken - The next page token. If not specified, returns
+     *   tenants starting without any offset.
      *
-     * @param maxResults The page size, 1000 if undefined. This is also the maximum
-     *     allowed limit.
-     * @param pageToken The next page token. If not specified, returns users starting
-     *     without any offset.
-     * @return A promise that resolves with
-     *     the current batch of downloaded tenants and the next page token. For the last page, an
-     *     empty list of tenants and no page token are returned.
+     * @returns A promise that resolves with
+     *   a batch of downloaded tenants and the next page token.
      */
     TenantManager.prototype.listTenants = function (maxResults, pageToken) {
         return this.authRequestHandler.listTenants(maxResults, pageToken)
@@ -101,20 +208,24 @@ var TenantManager = /** @class */ (function () {
         });
     };
     /**
-     * Deletes the tenant identified by the provided tenant ID and returns a promise that is
-     * fulfilled when the tenant is found and successfully deleted.
+     * Deletes an existing tenant.
+     *
+     * @param tenantId - The `tenantId` corresponding to the tenant to delete.
      *
-     * @param tenantId The tenant ID of the tenant to delete.
-     * @return A promise that resolves when the tenant is successfully deleted.
+     * @returns An empty promise fulfilled once the tenant has been deleted.
      */
     TenantManager.prototype.deleteTenant = function (tenantId) {
         return this.authRequestHandler.deleteTenant(tenantId);
     };
     /**
-     * Creates a new tenant with the properties provided.
+     * Creates a new tenant.
+     * When creating new tenants, tenants that use separate billing and quota will require their
+     * own project and must be defined as `full_service`.
      *
-     * @param tenantOptions The properties to set on the new tenant to be created.
-     * @return A promise that resolves with the newly created tenant.
+     * @param tenantOptions - The properties to set on the new tenant configuration to be created.
+     *
+     * @returns A promise fulfilled with the tenant configuration corresponding to the newly
+     *   created tenant.
      */
     TenantManager.prototype.createTenant = function (tenantOptions) {
         return this.authRequestHandler.createTenant(tenantOptions)
@@ -123,11 +234,12 @@ var TenantManager = /** @class */ (function () {
         });
     };
     /**
-     * Updates an existing tenant identified by the tenant ID with the properties provided.
+     * Updates an existing tenant configuration.
+     *
+     * @param tenantId - The `tenantId` corresponding to the tenant to delete.
+     * @param tenantOptions - The properties to update on the provided tenant.
      *
-     * @param tenantId The tenant identifier of the tenant to update.
-     * @param tenantOptions The properties to update on the existing tenant.
-     * @return A promise that resolves with the modified tenant.
+     * @returns A promise fulfilled with the update tenant data.
      */
     TenantManager.prototype.updateTenant = function (tenantId, tenantOptions) {
         return this.authRequestHandler.updateTenant(tenantId, tenantOptions)

package/lib/auth/tenant.d.ts

@@ -0,0 +1,130 @@
+/*! firebase-admin v10.0.1 */
+/*!
+ * Copyright 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { EmailSignInConfigServerRequest, MultiFactorAuthServerConfig, MultiFactorConfig, EmailSignInProviderConfig } from './auth-config';
+/**
+ * Interface representing the properties to update on the provided tenant.
+ */
+export interface UpdateTenantRequest {
+    /**
+     * The tenant display name.
+     */
+    displayName?: string;
+    /**
+     * The email sign in configuration.
+     */
+    emailSignInConfig?: EmailSignInProviderConfig;
+    /**
+     * Whether the anonymous provider is enabled.
+     */
+    anonymousSignInEnabled?: boolean;
+    /**
+     * The multi-factor auth configuration to update on the tenant.
+     */
+    multiFactorConfig?: MultiFactorConfig;
+    /**
+     * The updated map containing the test phone number / code pairs for the tenant.
+     * Passing null clears the previously save phone number / code pairs.
+     */
+    testPhoneNumbers?: {
+        [phoneNumber: string]: string;
+    } | null;
+}
+/**
+ * Interface representing the properties to set on a new tenant.
+ */
+export declare type CreateTenantRequest = UpdateTenantRequest;
+/** The corresponding server side representation of a TenantOptions object. */
+export interface TenantOptionsServerRequest extends EmailSignInConfigServerRequest {
+    displayName?: string;
+    enableAnonymousUser?: boolean;
+    mfaConfig?: MultiFactorAuthServerConfig;
+    testPhoneNumbers?: {
+        [key: string]: string;
+    };
+}
+/** The tenant server response interface. */
+export interface TenantServerResponse {
+    name: string;
+    displayName?: string;
+    allowPasswordSignup?: boolean;
+    enableEmailLinkSignin?: boolean;
+    enableAnonymousUser?: boolean;
+    mfaConfig?: MultiFactorAuthServerConfig;
+    testPhoneNumbers?: {
+        [key: string]: string;
+    };
+}
+/**
+ * Represents a tenant configuration.
+ *
+ * Multi-tenancy support requires Google Cloud's Identity Platform
+ * (GCIP). To learn more about GCIP, including pricing and features,
+ * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
+ *
+ * Before multi-tenancy can be used on a Google Cloud Identity Platform project,
+ * tenants must be allowed on that project via the Cloud Console UI.
+ *
+ * A tenant configuration provides information such as the display name, tenant
+ * identifier and email authentication configuration.
+ * For OIDC/SAML provider configuration management, `TenantAwareAuth` instances should
+ * be used instead of a `Tenant` to retrieve the list of configured IdPs on a tenant.
+ * When configuring these providers, note that tenants will inherit
+ * whitelisted domains and authenticated redirect URIs of their parent project.
+ *
+ * All other settings of a tenant will also be inherited. These will need to be managed
+ * from the Cloud Console UI.
+ */
+export declare class Tenant {
+    /**
+     * The tenant identifier.
+     */
+    readonly tenantId: string;
+    /**
+     * The tenant display name.
+     */
+    readonly displayName?: string;
+    readonly anonymousSignInEnabled: boolean;
+    /**
+     * The map containing the test phone number / code pairs for the tenant.
+     */
+    readonly testPhoneNumbers?: {
+        [phoneNumber: string]: string;
+    };
+    private readonly emailSignInConfig_?;
+    private readonly multiFactorConfig_?;
+    /**
+     * Validates a tenant options object. Throws an error on failure.
+     *
+     * @param request - The tenant options object to validate.
+     * @param createRequest - Whether this is a create request.
+     */
+    private static validate;
+    /**
+     * The email sign in provider configuration.
+     */
+    get emailSignInConfig(): EmailSignInProviderConfig | undefined;
+    /**
+     * The multi-factor auth configuration on the current tenant.
+     */
+    get multiFactorConfig(): MultiFactorConfig | undefined;
+    /**
+     * Returns a JSON-serializable representation of this object.
+     *
+     * @returns A JSON-serializable representation of this object.
+     */
+    toJSON(): object;
+}