Reputation: 1130
Firebase password-less: Can I create an account with Custom Claims first?
I am using Hasura with Firebase and Flutter. When a password-less login/signup link is sent to the user for the first time, I need to intercept the account creation process to add some custom claims before they are automatically logged in. If they are automatically logged in then the custom claims won't be present and permissions will be incorrect.
Is it possible to have a custom Firebase function that I could call to create a "password less" account with the custom claims before I process the magic link? The only call I can see is createUserWithEmailAndPassword which is not the right method...
Another option (less attractive) is to process the link using signInWithEmailLink(), apply the claims to the account using a firebase function, then force a new token (which will have the new claims) via _firebaseAuth.currentUser.getIdTokenResult(true).... would an onAuthStateChanged be triggered on a forced token refresh?
Upvotes: 0
Views: 280
Answers (2)
Reputation: 1130
For anyone that lands here, in the end I used Hasura Claims Map https://cantaspinar.com/easier-authentication-with-hasura-jwt-claims-customization-firebase-auth/ to apply default claims. This means all people who log in get the "user" claims by default, unless there are any claims applied on firebase which will then be used instead.
My claims map looks like:
"claims_map": {
"x-hasura-user-id": {
"path": "$.user_id"
},
"x-hasura-default-role": {
"path": "$.['https://hasura.io/jwt/claims'].x-hasura-default-role",
"default": "user"
},
"x-hasura-allowed-roles": {
"path": "$.['https://hasura.io/jwt/claims'].x-hasura-allowed-roles",
"default": [
"user"
]
}
}
}
Upvotes: 0
Reputation: 317740
Is it possible to have a custom Firebase function that I could call to create a "password less" account with the custom claims before I process the magic link?
No, it's not possible. Functions can only respond to the creation of a new account after it happened. They can't intercept that process to change the custom claims for a client app that just signed in immediately after an account was created.
would an onAuthStateChanged be triggered on a forced token refresh?
No, it wouldn't. If you force a token refresh from the client app, you will only receive an update from the idTokenChanges stream.
Changing the custom claims on the backend using the Firebase Admin SDK will not force a propagation to the client app. If you want to wire this up yourself, you can do so following something like the process in this blog post. The backend will somehow have to push some data to the client app to get it to force refresh the user's token to take effect immediately.
Upvotes: 1
Related Questions
- Flutter: Firebase authentication create user without logging In
- Firebase: Standard User Registration/Activation Workflow
- Add users to Firebase without passwords
- Securely setting the first custom claim on a Firebase user
- Using Firebase Auth Custom Claims Correctly
- Firebase create user with customClaim
- How do I access custom claims?
- Flutter | Firebase User Authentication & Profile creation
- Is it possible to use additional providers for firebase authentication?
- Setting custom claims for Firebase auth from flutter