Firebase Admin SDK roles

Question

I am setting up the Firebase Admin SDK in a NodeJS, Express API.

I have added an endpoint that allows me to create a user -

  route.post('/create', (req, res) => {
    const { email, password } = req.body

    fbseAdmin.auth().createUser({ email, password })
      .then((userRecord) => {
        res.status(200).json({ userRecord })
      })
  })

What I would like to do however is ensure a user has roles so I can provide Authorisation checks on some services.

I do not understand how I can achieve this though? I was thinking perhaps I add an entry to the realtime database, something like -

users/uid/roles/<role name>: true

However I am not sure if I missing something. Also, if this is the case and I do need to do this, would I do this something like -

  route.post('/create', (req, res) => {
    const { email, password } = req.body

    fbseAdmin.auth().createUser({ email, password })
      .then((userRecord) => {
        fbseAdmin.database()
          .ref('users')
          .child(`${userRecord.uid}/roles`)
          .set({
              admin: true
            })

        res.status(200).json({ userRecord })
      })
  })

This seems a little brittle to say the least.

Also, as this entry isn't part of the user object, I would need to look up in the realtime db everytime I want to verify this? Is that correct?

Answer 1

You should look at how to set a custom claim against a user .

  route.post('/create', (req, res) => {
    const { email, password } = req.body

    fbseAdmin.auth().createUser({ email, password })
      .then((userRecord) => {
        fbseAdmin.auth().setCustomUserClaims(userRecord.uid, { admin: true })
          .then(() => {
            res.status(200).json({ userRecord })
          })
      })
  })