When using Firebase authentication, is it possible to call custom code when an authentication user is created?
For instance, I want to create tenant related data as and when a new user is created.
Have you tried the Cloud Functions for Firebase Authentication triggers? You can write custom code that gets triggered whenever a user is created.
export const createTenantData = functions.auth.user().onCreate((user) => {
// ...
});
The triggers should be exported by your functions/index.js file.
Related
I could only find adding a new User to the project on console.firebase.google.com, giving access to all the apps it has. I want to restrict users from giving permission to specific app(s) from a project rather than creating a new project for the app. Is this feasible?
This behavior is not built in as Apps are designed for version control for the project. However, you can potentially implement this by using Custom Claims on the user. This does require a Billing Account and Cloud Functions installed. but on registration, you can call a cloud function on complete that will invoke a cloud function to add the custom claim to the user.
For example
exports.setApp= functions.https.onCall((data, context) => {
if(!data.app && ! context.auth) return;
if(!["appName1","appName2"].includes(data.app)) return;
return admin
.auth()
.setCustomUserClaims(context.auth.uid, { app: data.app})
.then(() => {
// The new custom claims will propagate to the user's ID token the
// next time a new one is issued.
});
// ...
});
Once this is done, you will have to refresh the user token on complete to ensure the id token has the updated claims.
You can read more about this here: https://firebase.google.com/docs/auth/admin/custom-claims
I'm using the Firebase SDK on a React Native app. I'm authenticating users with onAuthStateChanged - works great.
If it doesn't return a user, they can sign up using their phone number.
For that I use the following on submitting the phone activation code:
...
const credential = firebase.auth.PhoneAuthProvider.credential(
verificationId,
verificationCode
);
await firebase.auth().signInWithCredential(credential).then((response) => {// creating a record on firestore. onAuthStateChanged will be re-triggered and store the user and token in state});
...
I would also like to set custom claims for the user. How do I do that? I cannot use admin SDK since this is the frontend and I also don't want to. I could fire a call to my graphQL to do it, but there is probably a way to add a custom claim in the flow above. How?
There is no supported way to modify custom claims from within a client app. Since custom claims are normally used to give special secure authorizations, it obviously be a security hole to allow user to assign claims to themselves. That's why it's recommended to use the Admin SDK on a secure backend you control.
Custom claims can only be set from a trusted environment. Otherwise anyone could make any claim they want about themselves, which defeats their purpose of securely adding information to a user profile.
We are creating user profile in firestore using cloud function
when new user create cloud function will trigger and we write the user info to firebase collection but, now in my firebase we have 2 apps and in need to store user profile in two different collection The issue is how can i identify which app is users by the user for login app A or app B
Is there any way to do that?
You need to send to the cloud function the tokenId of your user, you can get the tokenID doing something like this:
firebase.auth().currentUser.getIdToken(true).then(function (token) {
// Send the token
})
Then, on the cloud function you need to decode the tokenID to get the current userId, you can do something like the following:
admin.auth().verifyIdToken(idToken).then(function(decodedToken) {
var uid = decodedToken.uid;
})
With the uid, you can use admin.auth().getUser(uid) to get the current user record.
I'm trying to do my first login and authentication with firebase and I need three roles
Student, teacher, admin
My NavBar should render different things depends the role of the user signed in and I've seen that there is a way to use roles with firebase https://firebase.google.com/docs/auth/admin/custom-claims
but if I'm not missunderstanding it, it should be done on the backend (I'm using spring)
I should know the role at every moment on client side How could I do it?
You can't create custom claims on the client. That would be a security hole, because users could just give themselves access to anything simply by modifying your code. You need to use the Admin SDK on the server for that.
There is also documentation for accessing custom claims on the client. You use getIdTokenResult() on the Firebase auth user object. For example:
firebase.auth().currentUser.getIdTokenResult()
.then((idTokenResult) => {
// Confirm the user is an Admin.
if (!idTokenResult.claims.admin) {
// Show admin UI.
showAdminUI();
} else {
// Show regular user UI.
showRegularUI();
}
})
.catch((error) => {
console.log(error);
});
I'm can currently succesfully use Firebase admin node sdk to createCustomToken. I know I can pass the token back to the client and using signInWithCustomToken sign in a user and het the UID. However, I am using custom authentication is the first place is because I'm creating sub-users with limited permissions that adminUser allows. I was hoping to use setCustomUserClaims to attach some data to the sub-users so I can show the correct sub-user ui and set correct security rules in database. However I can't seem to figure out how I can set the customClaims beacuse I don't have the sub-user UID until I call signInWithCustomToken on the client. What is the process to do this correctly?
Code I was hoping to run right after creating a customToken for a subUser
admin.auth().setCustomUserClaims(uid, {subUser: true, viewPermisson: true}).then(() => {
});