Home/Why Firebase introduced custom claim?/
avatar
Keagan Faulkner
Asked  1 questions
taken  0 answers

Why Firebase introduced custom claim?

Why Firebase introduced custom claim?

bounty icon
$25
Single winner
Asked  10 months ago
Viewed  0 times

I just read the official doc of custom claim, It's for identifying the user inside the security rules. But it is odd that they also said:

Once the custom claims are set, they propagate to all existing and future sessions

So, custom claim is not real time updateable ,if I revoke someone’s access from an admin data, god know how long it will be able to propagate to front end. This breaks all the security wall!

My question is , the good fellows in firebase team must have designed it this way for some good reason, what is it?

  • add comment
avatar
Eduardo Yamauchi
10 months ago

Custom Claims can be used with Firebase Rules to ensure secutity acess to data. Normally in all Firebase Auth SDK's we have streams/listeners to listen custom claims changes and update your session (in your case front-end) with the new custom claims.

  • add comment
  • 0
avatar
Pavan Teja 443
2 months ago

This provides the ability to implement various access control strategies, including role-based access control, in Firebase apps. These custom attributes can give users different levels of access (roles), which are enforced in an application's security rules.

  • add comment
  • 0
Loading Editor...

Check More Bounty Question

$20 firebase login failed behind proxy --Byron Miles
$50 Any one succeed to host production level Nextjs project on firebase? --Deshaun Sims
$50 Best practice for real-time backup firebase firestore data. --TING ManLok
$50 How to provide fast global service with firebase for every firebase accessable region in the world? --Kenneth Park
$20 Can anyone point me to documentation related to the reliability (or durability) of firestore documents -- Johan Morse
$30 SEO Friendly pagination with Firebase Firestore query --TING ManLok
$35 Failed to implement firebase emulator --Perry Wall
$45 Best practice to implement count or likes on Firestore? --Ahmad Anthony
$15 In Python, How to check if a file is occupied or not ? --Javonte Armstrong
$50 Android Java sort files by type --Henry Miles

Check More Bounty Question

$20 firebase login failed behind proxy --Byron Miles
$50 Any one succeed to host production level Nextjs project on firebase? --Deshaun Sims
$50 Best practice for real-time backup firebase firestore data. --TING ManLok
$50 How to provide fast global service with firebase for every firebase accessable region in the world? --Kenneth Park
$20 Can anyone point me to documentation related to the reliability (or durability) of firestore documents -- Johan Morse
$30 SEO Friendly pagination with Firebase Firestore query --TING ManLok
$35 Failed to implement firebase emulator --Perry Wall
$45 Best practice to implement count or likes on Firestore? --Ahmad Anthony
$15 In Python, How to check if a file is occupied or not ? --Javonte Armstrong
$50 Android Java sort files by type --Henry Miles
Sign In
Sign In
avatar
Keagan Faulkner
Asked  1 questions
taken  0 answers

Why Firebase introduced custom claim?

Why Firebase introduced custom claim?

bounty icon
$25
Single winner
Asked  10 months ago
Viewed  0 times

I just read the official doc of custom claim, It's for identifying the user inside the security rules. But it is odd that they also said:

Once the custom claims are set, they propagate to all existing and future sessions

So, custom claim is not real time updateable ,if I revoke someone’s access from an admin data, god know how long it will be able to propagate to front end. This breaks all the security wall!

My question is , the good fellows in firebase team must have designed it this way for some good reason, what is it?

  • add comment
avatar
Eduardo Yamauchi
10 months ago

Custom Claims can be used with Firebase Rules to ensure secutity acess to data. Normally in all Firebase Auth SDK's we have streams/listeners to listen custom claims changes and update your session (in your case front-end) with the new custom claims.

  • add comment
  • 0
avatar
Pavan Teja 443
2 months ago

This provides the ability to implement various access control strategies, including role-based access control, in Firebase apps. These custom attributes can give users different levels of access (roles), which are enforced in an application's security rules.

  • add comment
  • 0
Loading Editor...

Check More Bounty Question

$20 firebase login failed behind proxy --Byron Miles
$50 Any one succeed to host production level Nextjs project on firebase? --Deshaun Sims
$50 Best practice for real-time backup firebase firestore data. --TING ManLok
$50 How to provide fast global service with firebase for every firebase accessable region in the world? --Kenneth Park
$20 Can anyone point me to documentation related to the reliability (or durability) of firestore documents -- Johan Morse
$30 SEO Friendly pagination with Firebase Firestore query --TING ManLok
$35 Failed to implement firebase emulator --Perry Wall
$45 Best practice to implement count or likes on Firestore? --Ahmad Anthony
$15 In Python, How to check if a file is occupied or not ? --Javonte Armstrong
$50 Android Java sort files by type --Henry Miles