Firebase Auth -> user created with signInWithCustomToken has no email address

Question

I am using Firebase Custom Authentication System for a mobile app made with Ionic and I use Laravel 5.2 as a custom Auth back-end.

When new user is registered I generate a token in laravel (using firebase/php-jwt) and return it to the mobile app.

During this register process the app receive the token and create a user on firebase using the following code:

firebase.auth().signInWithCustomToken($auth.getToken())
    .then(function(response) {
        $log.debug(response);
    })
    .catch(function(error) {
        $log.debug(error.code + ' - ' + error.message);
    });

On back-end I use the code below to generate the token:

private function create_custom_token($uid, $email, $is_premium_account) {
    $service_account_email = env('SERVICE_ACCOUNT_EMAIL'); 
    $private_key = env('SERVICE_PRIVATE_KEY');

    $now_seconds = time();
    $payload = array(
        "iss" => $service_account_email,
        "sub" => $service_account_email,
        "aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
        "iat" => $now_seconds,
        "exp" => $now_seconds+(60*60),  // Maximum expiration time is one hour
        "uid" => $uid,
        "claims" => array(
            "premium_account" => $is_premium_account,
            "email" => $email,
        )
    );
    return JWT::encode($payload, $private_key, "RS256");
}

As you can see on the image below the user is generated on firebase but the problem is that it has no email address, only a UID.

It will be much better to have the email address in order to easily identify users.

Maybe someone cane help. Thanks!

Updates:

I changed a little bit the $payload for the create_custom_token function:

  $payload = array(
      "iss" => $service_account_email,
      "sub" => $service_account_email,
      "aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
      "iat" => $now_seconds,
      "exp" => $now_seconds+(60*60),  // Maximum expiration time is one hour
      "uid" => $uid,
      "email" => $email,
      "email_verified"          => false,
      "claims" => array(
        "premium_account" => $is_premium_account,
        "email" => $email,
        "email_verified"          => false,
      )
    );

and I also made some test to see it the token passed to firebase contains all the needed data. I decoded the encoded token with the same library (firabase/php-jwt) on my back-end and seams to be OK but firebase still create the user without email address.

I don't know what I am missing :(

Answer 1

I don't think it is possible with custom tokens to do so.

The node.js Admin SDK allows you to create/updateUser and mint the custom token for that user. This would be the ideal way to do it but as you are using php, I recommend the following solution:

You will have to set the email using the client side js library:

• After minting the custom token, send it the client app along with the email. You are already sending it anyway, just pass the email along with it.

• In the client app, signInWIthCustomToken and the on the user returned updateEmail with the email provided as follows:

  firebase.auth().signInWithCustomToken(token)
    .then(function(u‌​ser) {
      return user.updateEmail(email);
    }).catch(...)