--- /dev/null
+/**
+ * Copyright 2014 Google Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export declare class LoginTicket {
+ private envelope?;
+ private payload?;
+ /**
+ * Create a simple class to extract user ID from an ID Token
+ *
+ * @param {string} env Envelope of the jwt
+ * @param {TokenPayload} pay Payload of the jwt
+ * @constructor
+ */
+ constructor(env?: string, pay?: TokenPayload);
+ getEnvelope(): string | undefined;
+ getPayload(): TokenPayload | undefined;
+ /**
+ * Create a simple class to extract user ID from an ID Token
+ *
+ * @return The user ID
+ */
+ getUserId(): string | null;
+ /**
+ * Returns attributes from the login ticket. This can contain
+ * various information about the user session.
+ *
+ * @return The envelope and payload
+ */
+ getAttributes(): {
+ envelope: string | undefined;
+ payload: TokenPayload | undefined;
+ };
+}
+export interface TokenPayload {
+ /**
+ * The Issuer Identifier for the Issuer of the response. Always
+ * https://accounts.google.com or accounts.google.com for Google ID tokens.
+ */
+ iss: string;
+ /**
+ * Access token hash. Provides validation that the access token is tied to the
+ * identity token. If the ID token is issued with an access token in the
+ * server flow, this is always included. This can be used as an alternate
+ * mechanism to protect against cross-site request forgery attacks, but if you
+ * follow Step 1 and Step 3 it is not necessary to verify the access token.
+ */
+ at_hash?: string;
+ /**
+ * True if the user's e-mail address has been verified; otherwise false.
+ */
+ email_verified?: boolean;
+ /**
+ * An identifier for the user, unique among all Google accounts and never
+ * reused. A Google account can have multiple emails at different points in
+ * time, but the sub value is never changed. Use sub within your application
+ * as the unique-identifier key for the user.
+ */
+ sub: string;
+ /**
+ * The client_id of the authorized presenter. This claim is only needed when
+ * the party requesting the ID token is not the same as the audience of the ID
+ * token. This may be the case at Google for hybrid apps where a web
+ * application and Android app have a different client_id but share the same
+ * project.
+ */
+ azp?: string;
+ /**
+ * The user's email address. This may not be unique and is not suitable for
+ * use as a primary key. Provided only if your scope included the string
+ * "email".
+ */
+ email?: string;
+ /**
+ * The URL of the user's profile page. Might be provided when:
+ * - The request scope included the string "profile"
+ * - The ID token is returned from a token refresh
+ * - When profile claims are present, you can use them to update your app's
+ * user records. Note that this claim is never guaranteed to be present.
+ */
+ profile?: string;
+ /**
+ * The URL of the user's profile picture. Might be provided when:
+ * - The request scope included the string "profile"
+ * - The ID token is returned from a token refresh
+ * - When picture claims are present, you can use them to update your app's
+ * user records. Note that this claim is never guaranteed to be present.
+ */
+ picture?: string;
+ /**
+ * The user's full name, in a displayable form. Might be provided when:
+ * - The request scope included the string "profile"
+ * - The ID token is returned from a token refresh
+ * - When name claims are present, you can use them to update your app's user
+ * records. Note that this claim is never guaranteed to be present.
+ */
+ name?: string;
+ /**
+ * The user's given name, in a displayable form. Might be provided when:
+ * - The request scope included the string "profile"
+ * - The ID token is returned from a token refresh
+ * - When name claims are present, you can use them to update your app's user
+ * records. Note that this claim is never guaranteed to be present.
+ */
+ given_name?: string;
+ /**
+ * The user's family name, in a displayable form. Might be provided when:
+ * - The request scope included the string "profile"
+ * - The ID token is returned from a token refresh
+ * - When name claims are present, you can use them to update your app's user
+ * records. Note that this claim is never guaranteed to be present.
+ */
+ family_name?: string;
+ /**
+ * Identifies the audience that this ID token is intended for. It must be one
+ * of the OAuth 2.0 client IDs of your application.
+ */
+ aud: string;
+ /**
+ * The time the ID token was issued, represented in Unix time (integer
+ * seconds).
+ */
+ iat: number;
+ /**
+ * The time the ID token expires, represented in Unix time (integer seconds).
+ */
+ exp: number;
+ /**
+ * The value of the nonce supplied by your app in the authentication request.
+ * You should enforce protection against replay attacks by ensuring it is
+ * presented only once.
+ */
+ nonce?: string;
+ /**
+ * The hosted G Suite domain of the user. Provided only if the user belongs to
+ * a hosted domain.
+ */
+ hd?: string;
+}