6

I am currently logging in with email and password. But I would like to be able to assign a role to each user: admin or user. I have read that this is done by using the custom auth method, but I find the docs not clear to implement with email/password authentication.

How would I go to set that up?

I am currently using firebase for ember emberfire

Update:

Docs reference: https://www.firebase.com/docs/web/guide/login/custom.html

FutoRicky
  • 763
  • 1
  • 7
  • 19
  • Add a link to docs you're referencing please ? Unsure if it's Ember or Ember-Fire or Firebase.. thanks! – TameBadger Apr 27 '16 at 00:19
  • @TameBadger added it – FutoRicky Apr 27 '16 at 00:25
  • How you implement it is up to you. A custom security provider is one way, but here's an example using any provider: https://gist.github.com/sararob/331760829a9dcb4be3e7. Also see this 2.5 year old answer that is still very relevant: http://stackoverflow.com/questions/19520615/how-do-i-implement-role-based-access-control-in-firebase – Frank van Puffelen Apr 27 '16 at 01:52
  • Many of these are probably also a good starting point: https://www.google.com/search?q=site:stackoverflow.com+firebase+role+based+security – Frank van Puffelen Apr 27 '16 at 01:54
  • @FrankvanPuffelen But where would I be setting that data structure? All of these answers feel incomplete. – FutoRicky Apr 27 '16 at 02:02
  • If somebody has a more complete working example/tutorial that you can use, I'd love to see that. Otherwise all of these are a great start, making your quest a lot more feasible. – Frank van Puffelen Apr 27 '16 at 02:10

1 Answers1

5

Firebase just launched support for role based access on any user via custom user claims on the ID token: https://firebase.google.com/docs/auth/admin/custom-claims

You would define the admin access rule:

{
  "rules": {
    "adminContent": {
      ".read": "auth.token.admin === true",
      ".write": "auth.token.admin === true",
    }
  }
}

Set the user role with the Admin SDK:

// Set admin privilege on the user corresponding to uid.
admin.auth().setCustomUserClaims(uid, {admin: true}).then(() => {
  // The new custom claims will propagate to the user's ID token the
  // next time a new one is issued.
});

This will propagate to the corresponding user's ID token claims.

To parse it from the token on the client, check: https://firebase.google.com/docs/auth/admin/custom-claims#access_custom_claims_on_the_client

bojeil
  • 24,095
  • 4
  • 51
  • 58