How do I set up roles in firebase auth?

7
votes

I am currently logging in with email and password. But I would like to be able to assign a role to each user: admin or user. I have read that this is done by using the custom auth method, but I find the docs not clear to implement with email/password authentication.

How would I go to set that up?

I am currently using firebase for ember emberfire

Update:

Docs reference: https://www.firebase.com/docs/web/guide/login/custom.html

1
ember.jsfirebaseemberfire
Add a link to docs you're referencing please ? Unsure if it's Ember or Ember-Fire or Firebase.. thanks! - TameBadger
@TameBadger added it - FutoRicky
How you implement it is up to you. A custom security provider is one way, but here's an example using any provider: gist.github.com/sararob/331760829a9dcb4be3e7. Also see this 2.5 year old answer that is still very relevant: stackoverflow.com/questions/19520615/… - Frank van Puffelen
Many of these are probably also a good starting point: google.com/… - Frank van Puffelen
@FrankvanPuffelen But where would I be setting that data structure? All of these answers feel incomplete. - FutoRicky

1 Answers

7
votes

Firebase just launched support for role based access on any user via custom user claims on the ID token: https://firebase.google.com/docs/auth/admin/custom-claims

You would define the admin access rule:

{
  "rules": {
    "adminContent": {
      ".read": "auth.token.admin === true",
      ".write": "auth.token.admin === true",
    }
  }
}

Set the user role with the Admin SDK:

// Set admin privilege on the user corresponding to uid.
admin.auth().setCustomUserClaims(uid, {admin: true}).then(() => {
  // The new custom claims will propagate to the user's ID token the
  // next time a new one is issued.
});

This will propagate to the corresponding user's ID token claims.

To parse it from the token on the client, check: https://firebase.google.com/docs/auth/admin/custom-claims#access_custom_claims_on_the_client