Why Firebase introduced custom claim?
Why Firebase introduced custom claim?

I just read the official doc of custom claim, It's for identifying the user inside the security rules. But it is odd that they also said:
Once the custom claims are set, they propagate to all existing and future sessions
So, custom claim is not real time updateable ,if I revoke someone’s access from an admin data, god know how long it will be able to propagate to front end. This breaks all the security wall!
My question is , the good fellows in firebase team must have designed it this way for some good reason, what is it?
Why Firebase introduced custom claim?
Why Firebase introduced custom claim?
I just read the official doc of custom claim, It's for identifying the user inside the security rules. But it is odd that they also said:
So, custom claim is not real time updateable ,if I revoke someone’s access from an admin data, god know how long it will be able to propagate to front end. This breaks all the security wall!
My question is , the good fellows in firebase team must have designed it this way for some good reason, what is it?