Menu
I am developing an Android app that needs to authenticate with a server application. The server application is a Spring Boot app that uses Spring Security. The server app uses a custom authentication provider to set the Granted Authorities for the user.
This is the code that I am using to retrieve the idToken:
FirebaseToken firebaseToken = null;
try {
FirebaseApp app = FirebaseUtil.getFirebaseApp();
firebaseToken = FirebaseAuth.getInstance(app).verifyIdTokenAsync(authenticationToken.getIdToken()).get();
} catch ( InterruptedException | ExecutionException | CancellationException e ) {
throw new AuthenticationServiceException(e.getMessage());
}
return firebaseToken;
One I have the Firebase Token I can retrieve the claims like this:
Map<String, Object> claims = token.getClaims();
I can then iterate over the claims and create the authorities like so:
List<GrantedAuthority> authorities = Lists.newArrayList();
authorities.add(new SimpleGrantedAuthority("some_role"));
What I can't figure out is how to create the claims using the Firebase Console. Is this possible? I suspect that I need to use the Firebase Database but can't find exactly what I'm looking for in the firebase docs.
250
Defining roles via Firebase Functions on user creation. In this example, custom claims are set on a user on creation using Cloud Functions. Custom claims can be added using Cloud Functions, and propagated immediately with Realtime Database. The function is called only on signup using an onCreate trigger.
Yes, you can use Firebase for auth only and link it to your own database. You'll have to use the Firebase Admin SDK in your backend.
We can achieve that using a feature of Firebase Auth called custom claims. It enables us to add any kind of data structure to the idToken (JWT) of a particular user in order to enable more fine-grained security.
Firebase allows developers to modify authentication ID tokens to provide fine-grained system access to authorized users. The follow lesson adds custom claims to the Firebase user record to build a role-based access control feature that is secured with Firestore rules.
Implement role-based user authorization and security rules by adding custom claims to the Firebase Auth ID token. 796 words. Firebase allows developers to modify authentication ID tokens to provide fine-grained system access to authorized users.
To sign a user into your app, you first get authentication credentials from the user. These credentials can be the user's email address and password, or an OAuth token from a federated identity provider. Then, you pass these credentials to the Firebase Authentication SDK.
Custom claims for Firebase Authentication can currently only be created through the Firebase Admin SDKs. From the documentation on creating custom claims:
// Set admin privilege on the user corresponding to uid. admin.auth().setCustomUserClaims(uid, {admin: true}).then(() => { // The new custom claims will propagate to the user's ID token the // next time a new one is issued. });
It's not a bad idea to allow creating claims from the console too, so I'd recommend you file a feature request.
188
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
