CODEWITHSUNDEEP
firebasefirebase-authentication
Ben
Ben

Reputation: 3357

Firebase create user with customClaim

I'm using the Firebase SDK on a React Native app. I'm authenticating users with onAuthStateChanged - works great. If it doesn't return a user, they can sign up using their phone number. For that I use the following on submitting the phone activation code:

...
const credential = firebase.auth.PhoneAuthProvider.credential(
  verificationId,
  verificationCode
);
await firebase.auth().signInWithCredential(credential).then((response) => {// creating a record on firestore. onAuthStateChanged will be re-triggered and store the user and token in state});
...

I would also like to set custom claims for the user. How do I do that? I cannot use admin SDK since this is the frontend and I also don't want to. I could fire a call to my graphQL to do it, but there is probably a way to add a custom claim in the flow above. How?

Upvotes: 0

Views: 129

Answers (2)

Frank van Puffelen
Frank van Puffelen

Reputation: 599651

Custom claims can only be set from a trusted environment. Otherwise anyone could make any claim they want about themselves, which defeats their purpose of securely adding information to a user profile.

Upvotes: 1

Doug Stevenson
Doug Stevenson

Reputation: 317720

There is no supported way to modify custom claims from within a client app. Since custom claims are normally used to give special secure authorizations, it obviously be a security hole to allow user to assign claims to themselves. That's why it's recommended to use the Admin SDK on a secure backend you control.

Upvotes: 1

Related Questions