A user account.




displayName: string | null


email: string | null


emailVerified: boolean


isAnonymous: boolean


metadata: UserMetadata


multiFactor: MultiFactorUser

The firebase.User.MultiFactorUser object corresponding to the current user. This is used to access all multi-factor properties and operations related to the current user.


phoneNumber: string | null

The phone number normalized based on the E.164 standard (e.g. +16505550101) for the current user. This is null if the user has no phone credential linked to the account.


photoURL: string | null


providerData: UserInfo[]


providerId: string


refreshToken: string


tenantId: string | null

The current user's tenant ID. This is a read-only property, which indicates the tenant ID used to sign in the current user. This is null if the user is signed in from the parent project.

// Set the tenant ID on Auth instance.
firebase.auth().tenantId = ‘TENANT_PROJECT_ID’;

// All future sign-in request now include tenant ID.
firebase.auth().signInWithEmailAndPassword(email, password)
  .then(function(result) {
    // result.user.tenantId should be ‘TENANT_PROJECT_ID’.
  }).catch(function(error) {
    // Handle error.


uid: string

The user's unique ID.



  • delete ( ) : Promise < void >
  • Deletes and signs out the user.

    Important: this is a security-sensitive operation that requires the user to have recently signed in. If this requirement isn't met, ask the user to authenticate again and then call firebase.User.reauthenticateWithCredential.

    Error Codes

    Thrown if the user's last sign-in time does not meet the security threshold. Use firebase.User.reauthenticateWithCredential to resolve. This does not apply if the user is anonymous.

    Returns Promise<void>


  • getIdToken ( forceRefresh ? :  boolean ) : Promise < string >
  • Returns a JSON Web Token (JWT) used to identify the user to a Firebase service.

    Returns the current token if it has not expired. Otherwise, this will refresh the token and return a new one.


    • Optional forceRefresh: boolean

      Force refresh regardless of token expiration.

    Returns Promise<string>


  • getIdTokenResult ( forceRefresh ? :  boolean ) : Promise < IdTokenResult >
  • Parameters

    • Optional forceRefresh: boolean

    Returns Promise<IdTokenResult>


  • linkAndRetrieveDataWithCredential ( credential AuthCredential ) : Promise < UserCredential >
  • deprecated

    This method is deprecated. Use firebase.User.linkWithCredential instead.

    Links the user account with the given credentials and returns any available additional user information, such as user name.

    Error Codes

    Thrown if the provider has already been linked to the user. This error is thrown even if this is not the same provider's account that is currently linked to the user.
    Thrown if the provider's credential is not valid. This can happen if it has already expired when calling link, or if it used invalid token(s). See the Firebase documentation for your provider, and make sure you pass in the correct parameters to the credential method.
    Thrown if the account corresponding to the credential already exists among your users, or is already linked to a Firebase User. For example, this error could be thrown if you are upgrading an anonymous user to a Google user by linking a Google credential to it and the Google credential used is already associated with an existing Firebase Google user. The fields error.email, error.phoneNumber, and error.credential (firebase.auth.AuthCredential) may be provided, depending on the type of credential. You can recover from this error by signing in with error.credential directly via firebase.auth.Auth.signInWithCredential.
    Thrown if the email corresponding to the credential already exists among your users. When thrown while linking a credential to an existing user, an error.email and error.credential (firebase.auth.AuthCredential) fields are also provided. You have to link the credential to the existing user with that email if you wish to continue signing in with that credential. To do so, call firebase.auth.Auth.fetchSignInMethodsForEmail, sign in to error.email via one of the providers returned and then firebase.User.linkWithCredential the original credential to that newly signed in user.
    Thrown if you have not enabled the provider in the Firebase Console. Go to the Firebase Console for your project, in the Auth section and the Sign in Method tab and configure the provider.
    Thrown if the email used in a firebase.auth.EmailAuthProvider.credential is invalid.
    Thrown if the password used in a firebase.auth.EmailAuthProvider.credential is not correct or when the user associated with the email does not have a password.
    Thrown if the credential is a firebase.auth.PhoneAuthProvider.credential and the verification code of the credential is not valid.
    Thrown if the credential is a firebase.auth.PhoneAuthProvider.credential and the verification ID of the credential is not valid.


    Returns Promise<UserCredential>


  • linkWithCredential ( credential AuthCredential ) : Promise < UserCredential >
  • Links the user account with the given credentials.

    Error Codes

    Thrown if the provider has already been linked to the user. This error is thrown even if this is not the same provider's account that is currently linked to the user.
    Thrown if the provider's credential is not valid. This can happen if it has already expired when calling link, or if it used invalid token(s). See the Firebase documentation for your provider, and make sure you pass in the correct parameters to the credential method.
    Thrown if the account corresponding to the credential already exists among your users, or is already linked to a Firebase User. For example, this error could be thrown if you are upgrading an anonymous user to a Google user by linking a Google credential to it and the Google credential used is already associated with an existing Firebase Google user. The fields error.email, error.phoneNumber, and error.credential (firebase.auth.AuthCredential) may be provided, depending on the type of credential. You can recover from this error by signing in with error.credential directly via firebase.auth.Auth.signInWithCredential.
    Thrown if the email corresponding to the credential already exists among your users. When thrown while linking a credential to an existing user, an error.email and error.credential (firebase.auth.AuthCredential) fields are also provided. You have to link the credential to the existing user with that email if you wish to continue signing in with that credential. To do so, call firebase.auth.Auth.fetchSignInMethodsForEmail, sign in to error.email via one of the providers returned and then firebase.User.linkWithCredential the original credential to that newly signed in user.
    Thrown if you have not enabled the provider in the Firebase Console. Go to the Firebase Console for your project, in the Auth section and the Sign in Method tab and configure the provider.
    Thrown if the email used in a firebase.auth.EmailAuthProvider.credential is invalid.
    Thrown if the password used in a firebase.auth.EmailAuthProvider.credential is not correct or when the user associated with the email does not have a password.
    Thrown if the credential is a firebase.auth.PhoneAuthProvider.credential and the verification code of the credential is not valid.
    Thrown if the credential is a firebase.auth.PhoneAuthProvider.credential and the verification ID of the credential is not valid.


    Returns Promise<UserCredential>


  • linkWithPhoneNumber ( phoneNumber string ,  applicationVerifier ApplicationVerifier ) : Promise < ConfirmationResult >
  • Links the user account with the given phone number.

    Error Codes

    Thrown if the provider has already been linked to the user. This error is thrown even if this is not the same provider's account that is currently linked to the user.
    Thrown if the reCAPTCHA response token was invalid, expired, or if this method was called from a non-whitelisted domain.
    Thrown if the phone number has an invalid format.
    Thrown if the phone number is missing.
    Thrown if the SMS quota for the Firebase project has been exceeded.
    Thrown if the user corresponding to the given phone number has been disabled.
    Thrown if the account corresponding to the phone number already exists among your users, or is already linked to a Firebase User. The fields error.phoneNumber and error.credential (firebase.auth.AuthCredential) are provided in this case. You can recover from this error by signing in with that credential directly via firebase.auth.Auth.signInWithCredential.
    Thrown if you have not enabled the phone authentication provider in the Firebase Console. Go to the Firebase Console for your project, in the Auth section and the Sign in Method tab and configure the provider.


    • phoneNumber: string

      The user's phone number in E.164 format (e.g. +16505550101).

    • applicationVerifier: ApplicationVerifier

    Returns Promise<ConfirmationResult>


  • linkWithRedirect ( provider AuthProvider ) : Promise < void >
  • Links the authenticated provider to the user account using a full-page redirect flow.

    Error Codes

    Thrown if authDomain configuration is not provided when calling firebase.initializeApp(). Check Firebase Console for instructions on determining and passing that field.
    Thrown if this operation is not supported in the environment your application is running on. "location.protocol" must be http or https.
    Thrown if the provider has already been linked to the user. This error is thrown even if this is not the same provider's account that is currently linked to the user.
    Thrown if the app domain is not authorized for OAuth operations for your Firebase project. Edit the list of authorized domains from the Firebase console.


    Returns Promise<void>


  • reauthenticateAndRetrieveDataWithCredential ( credential AuthCredential ) : Promise < UserCredential >
  • deprecated

    This method is deprecated. Use firebase.User.reauthenticateWithCredential instead.

    Re-authenticates a user using a fresh credential, and returns any available additional user information, such as user name. Use before operations such as firebase.User.updatePassword that require tokens from recent sign-in attempts.

    Error Codes

    Thrown if the credential given does not correspond to the user.
    Thrown if the credential given does not correspond to any existing user.
    Thrown if the provider's credential is not valid. This can happen if it has already expired when calling link, or if it used invalid token(s). See the Firebase documentation for your provider, and make sure you pass in the correct parameters to the credential method.
    Thrown if the email used in a firebase.auth.EmailAuthProvider.credential is invalid.
    Thrown if the password used in a firebase.auth.EmailAuthProvider.credential is not correct or when the user associated with the email does not have a password.
    Thrown if the credential is a firebase.auth.PhoneAuthProvider.credential and the verification code of the credential is not valid.
    Thrown if the credential is a firebase.auth.PhoneAuthProvider.credential and the verification ID of the credential is not valid.


    Returns Promise<UserCredential>


  • reauthenticateWithCredential ( credential AuthCredential ) : Promise < UserCredential >
  • Re-authenticates a user using a fresh credential. Use before operations such as firebase.User.updatePassword that require tokens from recent sign-in attempts.

    Error Codes

    Thrown if the credential given does not correspond to the user.
    Thrown if the credential given does not correspond to any existing user.
    Thrown if the provider's credential is not valid. This can happen if it has already expired when calling link, or if it used invalid token(s). See the Firebase documentation for your provider, and make sure you pass in the correct parameters to the credential method.
    Thrown if the email used in a firebase.auth.EmailAuthProvider.credential is invalid.
    Thrown if the password used in a firebase.auth.EmailAuthProvider.credential is not correct or when the user associated with the email does not have a password.
    Thrown if the credential is a firebase.auth.PhoneAuthProvider.credential and the verification code of the credential is not valid.
    Thrown if the credential is a firebase.auth.PhoneAuthProvider.credential and the verification ID of the credential is not valid.


    Returns Promise<UserCredential>


  • reauthenticateWithPhoneNumber ( phoneNumber string ,  applicationVerifier ApplicationVerifier ) : Promise < ConfirmationResult >
  • Re-authenticates a user using a fresh credential. Use before operations such as firebase.User.updatePassword that require tokens from recent sign-in attempts.

    Error Codes

    Thrown if the credential given does not correspond to the user.
    Thrown if the credential given does not correspond to any existing user.
    Thrown if the reCAPTCHA response token was invalid, expired, or if this method was called from a non-whitelisted domain.
    Thrown if the phone number has an invalid format.
    Thrown if the phone number is missing.
    Thrown if the SMS quota for the Firebase project has been exceeded.


    • phoneNumber: string

      The user's phone number in E.164 format (e.g. +16505550101).

    • applicationVerifier: ApplicationVerifier

    Returns Promise<ConfirmationResult>


  • reload ( ) : Promise < void >
  • Refreshes the current user, if signed in.

    Returns Promise<void>


  • sendEmailVerification ( actionCodeSettings ? :  ActionCodeSettings | null ) : Promise < void >
  • Sends a verification email to a user.

    The verification process is completed by calling firebase.auth.Auth.applyActionCode

    Error Codes

    An Android package name must be provided if the Android app is required to be installed.
    A continue URL must be provided in the request.
    An iOS bundle ID must be provided if an App Store ID is provided.
    The continue URL provided in the request is invalid.
    The domain of the continue URL is not whitelisted. Whitelist the domain in the Firebase console.
    var actionCodeSettings = {
      url: 'https://www.example.com/[email protected]&cartId=123',
      iOS: {
        bundleId: 'com.example.ios'
      android: {
        packageName: 'com.example.android',
        installApp: true,
        minimumVersion: '12'
      handleCodeInApp: true
        .then(function() {
          // Verification email sent.
        .catch(function(error) {
          // Error occurred. Inspect error.code.


    • Optional actionCodeSettings: ActionCodeSettings | null

      The action code settings. If specified, the state/continue URL will be set as the "continueUrl" parameter in the email verification link. The default email verification landing page will use this to display a link to go back to the app if it is installed. If the actionCodeSettings is not specified, no URL is appended to the action URL. The state URL provided must belong to a domain that is whitelisted by the developer in the console. Otherwise an error will be thrown. Mobile app redirects will only be applicable if the developer configures and accepts the Firebase Dynamic Links terms of condition. The Android package name and iOS bundle ID will be respected only if they are configured in the same Firebase Auth project used.

    Returns Promise<void>


  • toJSON ( ) : Object
  • Returns a JSON-serializable representation of this object.

    Returns Object

    A JSON-serializable representation of this object.

  • unlink ( providerId string ) : Promise < User >
  • Unlinks a provider from a user account.

    Error Codes

    Thrown if the user does not have this provider linked or when the provider ID given does not exist.


    • providerId: string

    Returns Promise<User>


  • updateEmail ( newEmail string ) : Promise < void >
  • Updates the user's email address.

    An email will be sent to the original email address (if it was set) that allows to revoke the email address change, in order to protect them from account hijacking.

    Important: this is a security sensitive operation that requires the user to have recently signed in. If this requirement isn't met, ask the user to authenticate again and then call firebase.User.reauthenticateWithCredential.

    Error Codes

    Thrown if the email used is invalid.
    Thrown if the email is already used by another user.
    Thrown if the user's last sign-in time does not meet the security threshold. Use firebase.User.reauthenticateWithCredential to resolve. This does not apply if the user is anonymous.


    • newEmail: string

      The new email address.

    Returns Promise<void>


  • updatePassword ( newPassword string ) : Promise < void >
  • Updates the user's password.

    Important: this is a security sensitive operation that requires the user to have recently signed in. If this requirement isn't met, ask the user to authenticate again and then call firebase.User.reauthenticateWithCredential.

    Error Codes

    Thrown if the password is not strong enough.
    Thrown if the user's last sign-in time does not meet the security threshold. Use firebase.User.reauthenticateWithCredential to resolve. This does not apply if the user is anonymous.


    • newPassword: string

    Returns Promise<void>


  • updatePhoneNumber ( phoneCredential AuthCredential ) : Promise < void >
  • Updates the user's phone number.

    Error Codes

    Thrown if the verification code of the credential is not valid.
    Thrown if the verification ID of the credential is not valid.


    Returns Promise<void>


  • updateProfile ( profile { displayName ?: string | null ; photoURL ?: string | null } ) : Promise < void >
  • Updates a user's profile data.

    // Updates the user attributes:
      displayName: "Jane Q. User",
      photoURL: "https://example.com/jane-q-user/profile.jpg"
    }).then(function() {
      // Profile updated successfully!
      // "Jane Q. User"
      var displayName = user.displayName;
      // "https://example.com/jane-q-user/profile.jpg"
      var photoURL = user.photoURL;
    }, function(error) {
      // An error happened.
    // Passing a null value will delete the current attribute's value, but not
    // passing a property won't change the current attribute's value:
    // Let's say we're using the same user than before, after the update.
    user.updateProfile({photoURL: null}).then(function() {
      // Profile updated successfully!
      // "Jane Q. User", hasn't changed.
      var displayName = user.displayName;
      // Now, this is null.
      var photoURL = user.photoURL;
    }, function(error) {
      // An error happened.


    • profile: { displayName?: string | null; photoURL?: string | null }

      The profile's displayName and photoURL to update.

      • Optional displayName?: string | null
      • Optional photoURL?: string | null

    Returns Promise<void>


  • verifyBeforeUpdateEmail ( newEmail string ,  actionCodeSettings ? :  ActionCodeSettings | null ) : Promise < void >
  • Sends a verification email to a new email address. The user's email will be updated to the new one after being verified.

    If you have a custom email action handler, you can complete the verification process by calling firebase.auth.Auth.applyActionCode.

    Error Codes

    An Android package name must be provided if the Android app is required to be installed.
    A continue URL must be provided in the request.
    An iOS bundle ID must be provided if an App Store ID is provided.
    The continue URL provided in the request is invalid.
    The domain of the continue URL is not whitelisted. Whitelist the domain in the Firebase console.
    var actionCodeSettings = {
      url: 'https://www.example.com/[email protected]&cartId=123',
      iOS: {
        bundleId: 'com.example.ios'
      android: {
        packageName: 'com.example.android',
        installApp: true,
        minimumVersion: '12'
      handleCodeInApp: true
      '[email protected]', actionCodeSettings)
      .then(function() {
        // Verification email sent.
      .catch(function(error) {
        // Error occurred. Inspect error.code.


    • newEmail: string

      The email address to be verified and updated to.

    • Optional actionCodeSettings: ActionCodeSettings | null

      The action code settings. If specified, the state/continue URL will be set as the "continueUrl" parameter in the email verification link. The default email verification landing page will use this to display a link to go back to the app if it is installed. If the actionCodeSettings is not specified, no URL is appended to the action URL. The state URL provided must belong to a domain that is whitelisted by the developer in the console. Otherwise an error will be thrown. Mobile app redirects will only be applicable if the developer configures and accepts the Firebase Dynamic Links terms of condition. The Android package name and iOS bundle ID will be respected only if they are configured in the same Firebase Auth project used.

    Returns Promise<void>