avatar

Why Firebase introduced custom claim?

Why Firebase introduced custom claim?

bounty icon
$25
Single winner
Asked  8 months ago
Viewed  0 times

I just read the official doc of custom claim, It's for identifying the user inside the security rules. But it is odd that they also said:

Once the custom claims are set, they propagate to all existing and future sessions

So, custom claim is not real time updateable ,if I revoke someone’s access from an admin data, god know how long it will be able to propagate to front end. This breaks all the security wall!

My question is , the good fellows in firebase team must have designed it this way for some good reason, what is it?

  • add comment
avatar

Custom Claims can be used with Firebase Rules to ensure secutity acess to data. Normally in all Firebase Auth SDK's we have streams/listeners to listen custom claims changes and update your session (in your case front-end) with the new custom claims.

  • add comment
  • 0
Loading Editor...
Sign In
Sign In
avatar

Why Firebase introduced custom claim?

Why Firebase introduced custom claim?

bounty icon
$25
Single winner
Asked  8 months ago
Viewed  0 times

I just read the official doc of custom claim, It's for identifying the user inside the security rules. But it is odd that they also said:

Once the custom claims are set, they propagate to all existing and future sessions

So, custom claim is not real time updateable ,if I revoke someone’s access from an admin data, god know how long it will be able to propagate to front end. This breaks all the security wall!

My question is , the good fellows in firebase team must have designed it this way for some good reason, what is it?

  • add comment
avatar

Custom Claims can be used with Firebase Rules to ensure secutity acess to data. Normally in all Firebase Auth SDK's we have streams/listeners to listen custom claims changes and update your session (in your case front-end) with the new custom claims.

  • add comment
  • 0
Loading Editor...