Reputation: 623
determine if user in auth has firebase admin role
CONTEXT: In firebase settings, there's a permissions tab. This shows the users/emails that are associated with accounts that have admin access to the firebase project and console.
I could have sworn I once saw a document describing a method or some way of checking if a user account in firebase auth is also an administrator of the firebase project.
I seriously can't tell if it was in a dream (yes I dream code) or if I actually saw it. I often work late nights and fall asleep in front of my computer.
Question: Is there any way to tell if a user is also an administrator of the firebase app? IE the user email matches an email that’s listed in the IAM/access management section of firebase as an 'owner' role?
Im currently writing an admin panel for my app, so such a feature would be very useful.
If such a thing does not exist, can anyone suggest an alternative way to manage and authorise users that are capable of logging into the admin dashboard to have control over the app? I already understand custom claims so I will use them if no better solution is suggested.
Upvotes: 3
Views: 5044
Answers (2)
Reputation: 2273
UPDATED ANSWER:
Currently there's a straightforward solution using an integration with GCP (behind the curtains), which is using Firebase IAM Roles (or predefined roles as well). You can check out a much better explanation here.
OLD ANSWER:
Well, using only the FirebaseAuth through your app, I don't think you can (as far as my knowledge goes). But you can easily implement the Admin SDK to manage your Custom Claims. Basically, you can use the Admin SDK and find out which "role" you want to access.
Referencing Firebase
Custom claims can contain sensitive data, therefore they should only be set from a privileged server environment by the Firebase Admin SDK.
and
Custom claims can only be retrieved through the user's ID token. Access to these claims may be necessary to modify the client UI based on the user's role or access level. However, backend access should always be enforced through the ID token after validating it and parsing its claims. Custom claims should not be sent directly to the backend, as they can't be trusted outside of the token.
Once the latest claims have propagated to a user's ID token, you can get them by retrieving the ID token.
Therefore, you'll only need the FirebaseAuth implemented on your app's (client), but will need an extra implementation using a server.
Please see the Firebase use cases, they'll probably fit your needs, and you can pick the one that is "easier" for you.
Upvotes: 2
Reputation: 623
It turns out it can't do what I wanted in the first place because it's only available on certain triggers.
Here it is: context.authType
https://firebase.google.com/docs/reference/functions/functions.EventContext#.authType
The level of permissions for a user. Valid values are:
ADMIN Developer user or user authenticated via a service account. USER Known user. UNAUTHENTICATED Unauthenticated action null For event types that do not provide user information (all except Realtime Database).
Although it would be great if we could get this information on callable functions and firebase triggers because it would help further secure hosted backend admin apps for customer service or developers, who have high-level access to admin functions. This variable seems to not be available on callable functions but is available on newUser trigger - which is strange, because how can user signup ever be authenticated anyway?
Upvotes: 0
Related Questions
- How to query Firebase users using Firebase admin?
- Authenticate only "admin" users registered with Firebase Auth
- Firebase Auth verify this user
- How to check firebase-auth user claims?
- Check for firebase's auth user's role when or after logging in
- Check if user logged in from backend Firebase Authentication
- Firebase check auth status of user/ if user exists
- Differentiate between admin and normal User for Firebase (Xcode ios app)
- Get other users firebase for admin user?
- Firebase authenticate as admin