diff --git a/common/api-review/auth.api.md b/common/api-review/auth.api.md
index 376e61e2818..71abf31003e 100644
--- a/common/api-review/auth.api.md
+++ b/common/api-review/auth.api.md
@@ -242,6 +242,9 @@ export interface AuthSettings {
     appVerificationDisabledForTesting: boolean;
 }
 
+// @public
+export function beforeAuthStateChanged(auth: Auth, callback: (user: User | null) => void | Promise<void>, onAbort?: () => void): Unsubscribe;
+
 // @public
 export const browserLocalPersistence: Persistence;
 
diff --git a/packages/auth/src/core/index.ts b/packages/auth/src/core/index.ts
index 473475f7c38..921d1fd57d2 100644
--- a/packages/auth/src/core/index.ts
+++ b/packages/auth/src/core/index.ts
@@ -83,6 +83,26 @@ export function onIdTokenChanged(
     completed
   );
 }
+/**
+ * Adds a blocking callback that runs before an auth state change
+ * sets a new user.
+ *
+ * @param auth - The {@link Auth} instance.
+ * @param callback - callback triggered before new user value is set.
+ *   If this throws, it will block the user from being set.
+ * @param onAbort - callback triggered if a later before state changed
+ *   callback throws, allowing you to undo any side effects.
+ */
+ export function beforeAuthStateChanged(
+  auth: Auth,
+  callback: (user: User|null) => void | Promise<void>,
+  onAbort?: () => void,
+): Unsubscribe {
+  return getModularInstance(auth).beforeAuthStateChanged(
+    callback,
+    onAbort
+  );
+}
 /**
  * Adds an observer for changes to the user's sign-in state.
  *