tessl/pypi-firebase-admin
Firebase Admin Python SDK enables server-side Python developers to integrate Firebase services into their applications from privileged environments.
—
Pending
authentication.mddocs/
Authentication
Comprehensive Firebase Authentication management providing server-side user authentication, custom token generation, ID token verification, user management operations, and multi-tenant authentication capabilities.
Capabilities
Token Management
Generate and verify Firebase authentication tokens for secure user authentication flows.
def create_custom_token(uid, developer_claims=None, app=None):
"""
Create a custom token for the given UID.
Args:
uid: The UID to use for the custom token
developer_claims: Optional developer claims dict to include in the token
app: Firebase app instance (optional)
Returns:
bytes: A custom token for the given UID
Raises:
ValueError: If the UID is invalid or developer_claims are malformed
"""
def verify_id_token(id_token, app=None, check_revoked=False, clock_skew_seconds=0):
"""
Verify a Firebase ID token.
Args:
id_token: A Firebase ID token string
app: Firebase app instance (optional)
check_revoked: Whether to check if the token has been revoked (optional)
clock_skew_seconds: Allowed clock skew in seconds (optional)
Returns:
dict: Decoded token claims
Raises:
ExpiredIdTokenError: If the token has expired
InvalidIdTokenError: If the token is invalid
RevokedIdTokenError: If the token has been revoked (when check_revoked=True)
"""
def revoke_refresh_tokens(uid, app=None):
"""
Revoke all refresh tokens for a user.
Args:
uid: The UID of the user whose tokens should be revoked
app: Firebase app instance (optional)
Raises:
UserNotFoundError: If no user record exists for the given UID
"""Session Cookies
Manage Firebase session cookies for web applications requiring server-side session management.
def create_session_cookie(id_token, expires_in, app=None):
"""
Create a session cookie from an ID token.
Args:
id_token: A Firebase ID token
expires_in: Session duration as datetime.timedelta
app: Firebase app instance (optional)
Returns:
bytes: A session cookie
Raises:
InvalidIdTokenError: If the ID token is invalid
"""
def verify_session_cookie(session_cookie, check_revoked=False, app=None, clock_skew_seconds=0):
"""
Verify a Firebase session cookie.
Args:
session_cookie: A Firebase session cookie string
check_revoked: Whether to check if the underlying token has been revoked
app: Firebase app instance (optional)
clock_skew_seconds: Allowed clock skew in seconds (optional)
Returns:
dict: Decoded session claims
Raises:
ExpiredSessionCookieError: If the session cookie has expired
InvalidSessionCookieError: If the session cookie is invalid
RevokedSessionCookieError: If revoked (when check_revoked=True)
"""User Retrieval
Retrieve user information by various identifiers including UID, email, and phone number.
def get_user(uid, app=None):
"""
Get a user by UID.
Args:
uid: A user UID string
app: Firebase app instance (optional)
Returns:
UserRecord: A UserRecord instance
Raises:
UserNotFoundError: If no user record exists for the given UID
"""
def get_user_by_email(email, app=None):
"""
Get a user by email address.
Args:
email: A user email address string
app: Firebase app instance (optional)
Returns:
UserRecord: A UserRecord instance
Raises:
UserNotFoundError: If no user record exists for the given email
"""
def get_user_by_phone_number(phone_number, app=None):
"""
Get a user by phone number.
Args:
phone_number: A user phone number string
app: Firebase app instance (optional)
Returns:
UserRecord: A UserRecord instance
Raises:
UserNotFoundError: If no user record exists for the given phone number
"""
def get_users(identifiers, app=None):
"""
Get users by multiple identifiers.
Args:
identifiers: List of UserIdentifier instances
app: Firebase app instance (optional)
Returns:
GetUsersResult: Result containing found users and not found identifiers
"""User Management
Create, update, and delete user accounts with comprehensive user profile management.
def create_user(**kwargs):
"""
Create a new user.
Args:
uid: The UID for the new user (optional)
email: The email address for the new user (optional)
email_verified: Whether the email is verified (optional)
phone_number: The phone number for the new user (optional)
password: The password for the new user (optional)
display_name: The display name for the new user (optional)
photo_url: The photo URL for the new user (optional)
disabled: Whether the user is disabled (optional)
Returns:
UserRecord: A UserRecord instance for the new user
Raises:
EmailAlreadyExistsError: If a user with the email already exists
PhoneNumberAlreadyExistsError: If a user with the phone number already exists
"""
def update_user(uid, **kwargs):
"""
Update an existing user.
Args:
uid: The UID of the user to update
email: Updated email address (optional)
email_verified: Updated email verification status (optional)
phone_number: Updated phone number (optional)
password: Updated password (optional)
display_name: Updated display name (optional)
photo_url: Updated photo URL (optional)
disabled: Updated disabled status (optional)
custom_claims: Updated custom claims dict (optional)
Returns:
UserRecord: Updated UserRecord instance
Raises:
UserNotFoundError: If no user record exists for the given UID
EmailAlreadyExistsError: If email is already in use by another user
"""
def delete_user(uid, app=None):
"""
Delete a user.
Args:
uid: The UID of the user to delete
app: Firebase app instance (optional)
Raises:
UserNotFoundError: If no user record exists for the given UID
"""
def delete_users(uids, app=None):
"""
Delete multiple users.
Args:
uids: List of user UIDs to delete
app: Firebase app instance (optional)
Returns:
DeleteUsersResult: Result with success/failure counts and errors
"""User Listing
List and paginate through all users in the Firebase project.
def list_users(page_token=None, max_results=1000, app=None):
"""
List users in the Firebase project.
Args:
page_token: Token for paginating results (optional)
max_results: Maximum number of users to return (optional, max 1000)
app: Firebase app instance (optional)
Returns:
ListUsersPage: Page of user records with pagination info
"""Custom Claims
Manage custom user claims for role-based access control and user permissions.
def set_custom_user_claims(uid, custom_claims, app=None):
"""
Set custom claims for a user.
Args:
uid: The UID of the user
custom_claims: Dict of custom claims to set (max 1000 chars serialized)
app: Firebase app instance (optional)
Raises:
UserNotFoundError: If no user record exists for the given UID
ValueError: If custom_claims exceed size limits or contain reserved keys
"""Email Actions
Generate action links for password reset, email verification, and sign-in flows.
def generate_password_reset_link(email, action_code_settings=None, app=None):
"""
Generate a password reset link for the user.
Args:
email: The email address of the user
action_code_settings: Optional ActionCodeSettings instance
app: Firebase app instance (optional)
Returns:
str: Password reset link URL
Raises:
UserNotFoundError: If no user exists with the given email
"""
def generate_email_verification_link(email, action_code_settings=None, app=None):
"""
Generate an email verification link.
Args:
email: The email address to verify
action_code_settings: Optional ActionCodeSettings instance
app: Firebase app instance (optional)
Returns:
str: Email verification link URL
"""
def generate_sign_in_with_email_link(email, action_code_settings, app=None):
"""
Generate a sign-in with email link.
Args:
email: The email address for sign-in
action_code_settings: ActionCodeSettings instance (required)
app: Firebase app instance (optional)
Returns:
str: Sign-in with email link URL
"""User Import
Bulk import users from external systems with password hashing options.
def import_users(users, hash_alg=None, app=None):
"""
Import multiple users into Firebase.
Args:
users: List of ImportUserRecord instances
hash_alg: Optional UserImportHash for password hashing
app: Firebase app instance (optional)
Returns:
UserImportResult: Import operation results with success/failure counts
"""OIDC Provider Configuration
Manage OpenID Connect (OIDC) provider configurations for Identity Platform integration.
def get_oidc_provider_config(provider_id, app=None):
"""
Get an OIDC provider configuration by ID.
Args:
provider_id: Provider ID string with 'oidc.' prefix
app: Firebase app instance (optional)
Returns:
OIDCProviderConfig: OIDC provider configuration instance
Raises:
ValueError: If provider ID is invalid or missing 'oidc.' prefix
ConfigurationNotFoundError: If provider config not found
"""
def create_oidc_provider_config(
provider_id, client_id, issuer, display_name=None, enabled=None,
client_secret=None, id_token_response_type=None, code_response_type=None, app=None):
"""
Create a new OIDC provider configuration.
Args:
provider_id: Provider ID string with 'oidc.' prefix
client_id: Client ID of the OIDC provider
issuer: Issuer URL of the OIDC provider
display_name: Display name for the provider (optional)
enabled: Whether the provider is enabled (optional)
client_secret: Client secret for code flow (optional)
id_token_response_type: Enable ID token response flow (optional)
code_response_type: Enable code response flow (optional)
app: Firebase app instance (optional)
Returns:
OIDCProviderConfig: The newly created OIDC provider config
"""
def update_oidc_provider_config(
provider_id, client_id=None, issuer=None, display_name=None, enabled=None,
client_secret=None, id_token_response_type=None, code_response_type=None, app=None):
"""
Update an existing OIDC provider configuration.
Args:
provider_id: Provider ID string with 'oidc.' prefix
client_id: Updated client ID (optional)
issuer: Updated issuer URL (optional)
display_name: Updated display name (optional)
enabled: Updated enabled status (optional)
client_secret: Updated client secret (optional)
id_token_response_type: Updated ID token response flow setting (optional)
code_response_type: Updated code response flow setting (optional)
app: Firebase app instance (optional)
Returns:
OIDCProviderConfig: The updated OIDC provider config
"""
def delete_oidc_provider_config(provider_id, app=None):
"""
Delete an OIDC provider configuration.
Args:
provider_id: Provider ID string with 'oidc.' prefix
app: Firebase app instance (optional)
Raises:
ValueError: If provider ID is invalid or missing 'oidc.' prefix
ConfigurationNotFoundError: If provider config not found
"""
def list_oidc_provider_configs(page_token=None, max_results=100, app=None):
"""
List OIDC provider configurations with pagination.
Args:
page_token: Token for pagination (optional)
max_results: Maximum number of results per page (optional, max 100)
app: Firebase app instance (optional)
Returns:
ListProviderConfigsPage: Page of OIDC provider configurations
"""SAML Provider Configuration
Manage SAML provider configurations for Identity Platform integration.
def get_saml_provider_config(provider_id, app=None):
"""
Get a SAML provider configuration by ID.
Args:
provider_id: Provider ID string with 'saml.' prefix
app: Firebase app instance (optional)
Returns:
SAMLProviderConfig: SAML provider configuration instance
Raises:
ValueError: If provider ID is invalid or missing 'saml.' prefix
ConfigurationNotFoundError: If provider config not found
"""
def create_saml_provider_config(
provider_id, idp_entity_id, sso_url, x509_certificates, rp_entity_id, callback_url,
display_name=None, enabled=None, app=None):
"""
Create a new SAML provider configuration.
Args:
provider_id: Provider ID string with 'saml.' prefix
idp_entity_id: SAML IdP entity identifier
sso_url: SAML IdP SSO URL
x509_certificates: List of SAML IdP X.509 certificates
rp_entity_id: SAML relying party entity ID
callback_url: Callback URL string
display_name: Display name for the provider (optional)
enabled: Whether the provider is enabled (optional)
app: Firebase app instance (optional)
Returns:
SAMLProviderConfig: The newly created SAML provider config
"""
def update_saml_provider_config(
provider_id, idp_entity_id=None, sso_url=None, x509_certificates=None,
rp_entity_id=None, callback_url=None, display_name=None, enabled=None, app=None):
"""
Update an existing SAML provider configuration.
Args:
provider_id: Provider ID string with 'saml.' prefix
idp_entity_id: Updated SAML IdP entity identifier (optional)
sso_url: Updated SAML IdP SSO URL (optional)
x509_certificates: Updated list of X.509 certificates (optional)
rp_entity_id: Updated relying party entity ID (optional)
callback_url: Updated callback URL (optional)
display_name: Updated display name (optional)
enabled: Updated enabled status (optional)
app: Firebase app instance (optional)
Returns:
SAMLProviderConfig: The updated SAML provider config
"""
def delete_saml_provider_config(provider_id, app=None):
"""
Delete a SAML provider configuration.
Args:
provider_id: Provider ID string with 'saml.' prefix
app: Firebase app instance (optional)
Raises:
ValueError: If provider ID is invalid or missing 'saml.' prefix
ConfigurationNotFoundError: If provider config not found
"""
def list_saml_provider_configs(page_token=None, max_results=100, app=None):
"""
List SAML provider configurations with pagination.
Args:
page_token: Token for pagination (optional)
max_results: Maximum number of results per page (optional, max 100)
app: Firebase app instance (optional)
Returns:
ListProviderConfigsPage: Page of SAML provider configurations
"""Types
class UserRecord:
"""Firebase user record."""
@property
def uid(self):
"""The user's UID."""
@property
def email(self):
"""The user's email address."""
@property
def email_verified(self):
"""Whether the user's email is verified."""
@property
def phone_number(self):
"""The user's phone number."""
@property
def display_name(self):
"""The user's display name."""
@property
def photo_url(self):
"""The user's photo URL."""
@property
def disabled(self):
"""Whether the user account is disabled."""
@property
def user_metadata(self):
"""User metadata including creation and last sign-in times."""
@property
def custom_claims(self):
"""Custom claims set for the user."""
@property
def provider_data(self):
"""List of provider-specific user info."""
class UserMetadata:
"""User metadata information."""
@property
def creation_timestamp(self):
"""User creation timestamp."""
@property
def last_sign_in_timestamp(self):
"""Last sign-in timestamp."""
@property
def last_refresh_timestamp(self):
"""Last token refresh timestamp."""
class UserInfo:
"""Provider-specific user information."""
@property
def uid(self):
"""Provider-specific user ID."""
@property
def display_name(self):
"""Display name."""
@property
def email(self):
"""Email address."""
@property
def phone_number(self):
"""Phone number."""
@property
def photo_url(self):
"""Photo URL."""
@property
def provider_id(self):
"""Provider ID."""
class GetUsersResult:
"""Result of get_users operation."""
@property
def users(self):
"""List of UserRecord instances that were found."""
@property
def not_found(self):
"""List of UserIdentifier instances that were not found."""
class DeleteUsersResult:
"""Result of delete_users operation."""
@property
def success_count(self):
"""Number of users successfully deleted."""
@property
def failure_count(self):
"""Number of users that failed to delete."""
@property
def errors(self):
"""List of ErrorInfo instances for failed deletions."""
class ListUsersPage:
"""Page of user records with pagination."""
@property
def users(self):
"""List of UserRecord instances in this page."""
@property
def next_page_token(self):
"""Token for the next page (None if no more pages)."""
@property
def has_next_page(self):
"""Whether there are more pages available."""
def get_next_page(self):
"""Get the next page of results."""
class ImportUserRecord:
"""User record for import operations."""
def __init__(self, uid, **kwargs):
"""
Initialize import user record.
Args:
uid: User UID
email: Email address (optional)
password_hash: Hashed password bytes (optional)
password_salt: Password salt bytes (optional)
custom_claims: Custom claims dict (optional)
provider_data: List of UserInfo instances (optional)
"""
class UserImportResult:
"""Result of user import operation."""
@property
def success_count(self):
"""Number of users successfully imported."""
@property
def failure_count(self):
"""Number of users that failed to import."""
@property
def errors(self):
"""List of ErrorInfo instances for failed imports."""
class ActionCodeSettings:
"""Settings for email action code generation."""
def __init__(self, url, handle_code_in_app=None, ios_bundle_id=None, android_package_name=None, dynamic_link_domain=None):
"""
Initialize action code settings.
Args:
url: The link the user is redirected to
handle_code_in_app: Whether to handle the code in the app
ios_bundle_id: iOS bundle ID for deep linking
android_package_name: Android package name for deep linking
dynamic_link_domain: Custom dynamic link domain
"""
class UserIdentifier:
"""Base class for user identifiers."""
class UidIdentifier(UserIdentifier):
"""User identifier by UID."""
def __init__(self, uid):
"""Initialize with UID."""
class EmailIdentifier(UserIdentifier):
"""User identifier by email."""
def __init__(self, email):
"""Initialize with email."""
class PhoneIdentifier(UserIdentifier):
"""User identifier by phone number."""
def __init__(self, phone_number):
"""Initialize with phone number."""
class ProviderIdentifier(UserIdentifier):
"""User identifier by provider."""
def __init__(self, provider_id, provider_uid):
"""Initialize with provider ID and UID."""
class ProviderConfig:
"""Base class for authentication provider configurations."""
@property
def provider_id(self):
"""The provider ID."""
@property
def display_name(self):
"""The display name of the provider."""
@property
def enabled(self):
"""Whether the provider is enabled."""
class OIDCProviderConfig(ProviderConfig):
"""OIDC authentication provider configuration."""
@property
def issuer(self):
"""The OIDC issuer URL."""
@property
def client_id(self):
"""The OIDC client ID."""
@property
def client_secret(self):
"""The OIDC client secret."""
@property
def id_token_response_type(self):
"""Whether ID token response type is enabled."""
@property
def code_response_type(self):
"""Whether code response type is enabled."""
class SAMLProviderConfig(ProviderConfig):
"""SAML authentication provider configuration."""
@property
def idp_entity_id(self):
"""The SAML IdP entity ID."""
@property
def sso_url(self):
"""The SAML IdP SSO URL."""
@property
def x509_certificates(self):
"""List of SAML IdP X.509 certificates."""
@property
def callback_url(self):
"""The callback URL."""
@property
def rp_entity_id(self):
"""The SAML relying party entity ID."""
class ListProviderConfigsPage:
"""Page of provider configurations with pagination."""
@property
def provider_configs(self):
"""List of provider configurations in this page."""
@property
def next_page_token(self):
"""Token for the next page (empty string if no more pages)."""
@property
def has_next_page(self):
"""Whether there are more pages available."""
def get_next_page(self):
"""Get the next page of results."""
def iterate_all(self):
"""Iterator for all provider configs starting from this page."""Install with Tessl CLI
npx tessl i tessl/pypi-firebase-admin