Are "Firebase Auth" custom claims eventually consistent?

1
votes

I am using Firebase Auth for SMS login and I want to add to new users a custom "countryCode" claim to the token. After the Android app validate the SMS code, it invoke the account service in my backend to create the new account and in that step add the custom claim with Firebase Admin SDK. The app need to do a force refresh token to get the new claim.

I need to know if after adding the "claim" the update is eventually consistent or not. If it is eventually consistent I can't guarantee that the refreshed token have the new claim.

1
firebasefirebase-authenticationfirebase-admin

1 Answers

2
votes

I'm not entirely sure what you mean by "eventually consistent" in this context, but you can be sure that these two situations are reliable:

  1. After writing the claims successfully using the Firebase Admin SDK, an immediate call to re-read the claims using the SDK will return the same previously written claims.

  2. A client token refresh that happens after a change to custom claims on the backend will result in the client seeing the new claims. You will need to make sure that the client doesn't refresh until the claims are successfully committed, so that there is no race condition. This could involve the backend signaling to the frontend by changing something in Realtime Database or Cloud Firestore to indicate to the listening client that it's time to refresh the claims. You could use a timestamp that indicates the time of the last write of claims for the user, and the client could compare that to the time it last refreshed.