Home/Why Firebase introduced custom claim?/
avatar
Keagan Faulkner
Asked  1 questions
taken  0 answers

Why Firebase introduced custom claim?

Why Firebase introduced custom claim?

bounty icon
$25
Single winner
Asked  a year ago
Viewed  0 times

I just read the official doc of custom claim, It's for identifying the user inside the security rules. But it is odd that they also said:

Once the custom claims are set, they propagate to all existing and future sessions

So, custom claim is not real time updateable ,if I revoke someone’s access from an admin data, god know how long it will be able to propagate to front end. This breaks all the security wall!

My question is , the good fellows in firebase team must have designed it this way for some good reason, what is it?

  • add comment
avatar
Eduardo Yamauchi
a year ago

Custom Claims can be used with Firebase Rules to ensure secutity acess to data. Normally in all Firebase Auth SDK's we have streams/listeners to listen custom claims changes and update your session (in your case front-end) with the new custom claims.

  • add comment
  • 0
avatar
Pavan Teja 443
8 months ago

This provides the ability to implement various access control strategies, including role-based access control, in Firebase apps. These custom attributes can give users different levels of access (roles), which are enforced in an application's security rules.

  • add comment
  • 0
Loading Editor...

Check More Bounty Question

$20 firebase login failed behind proxy --Byron Miles
$50 Any one succeed to host production level Nextjs project on firebase? --Deshaun Sims
$50 Best practice for real-time backup firebase firestore data. --TING ManLok
$50 How to provide fast global service with firebase for every firebase accessable region in the world? --Kenneth Park
$20 Can anyone point me to documentation related to the reliability (or durability) of firestore documents -- Johan Morse
$30 SEO Friendly pagination with Firebase Firestore query --TING ManLok
$35 Failed to implement firebase emulator --Perry Wall
$45 Best practice to implement count or likes on Firestore? --Ahmad Anthony
$15 In Python, How to check if a file is occupied or not ? --Javonte Armstrong
$50 Android Java sort files by type --Henry Miles

Check More Bounty Question

$20 firebase login failed behind proxy --Byron Miles
$50 Any one succeed to host production level Nextjs project on firebase? --Deshaun Sims
$50 Best practice for real-time backup firebase firestore data. --TING ManLok
$50 How to provide fast global service with firebase for every firebase accessable region in the world? --Kenneth Park
$20 Can anyone point me to documentation related to the reliability (or durability) of firestore documents -- Johan Morse
$30 SEO Friendly pagination with Firebase Firestore query --TING ManLok
$35 Failed to implement firebase emulator --Perry Wall
$45 Best practice to implement count or likes on Firestore? --Ahmad Anthony
$15 In Python, How to check if a file is occupied or not ? --Javonte Armstrong
$50 Android Java sort files by type --Henry Miles
Sign In
Sign In
avatar
Keagan Faulkner
Asked  1 questions
taken  0 answers

Why Firebase introduced custom claim?

Why Firebase introduced custom claim?

bounty icon
$25
Single winner
Asked  a year ago
Viewed  0 times

I just read the official doc of custom claim, It's for identifying the user inside the security rules. But it is odd that they also said:

Once the custom claims are set, they propagate to all existing and future sessions

So, custom claim is not real time updateable ,if I revoke someone’s access from an admin data, god know how long it will be able to propagate to front end. This breaks all the security wall!

My question is , the good fellows in firebase team must have designed it this way for some good reason, what is it?

  • add comment
avatar
Eduardo Yamauchi
a year ago

Custom Claims can be used with Firebase Rules to ensure secutity acess to data. Normally in all Firebase Auth SDK's we have streams/listeners to listen custom claims changes and update your session (in your case front-end) with the new custom claims.

  • add comment
  • 0
avatar
Pavan Teja 443
8 months ago

This provides the ability to implement various access control strategies, including role-based access control, in Firebase apps. These custom attributes can give users different levels of access (roles), which are enforced in an application's security rules.

  • add comment
  • 0
Loading Editor...

Check More Bounty Question

$20 firebase login failed behind proxy --Byron Miles
$50 Any one succeed to host production level Nextjs project on firebase? --Deshaun Sims
$50 Best practice for real-time backup firebase firestore data. --TING ManLok
$50 How to provide fast global service with firebase for every firebase accessable region in the world? --Kenneth Park
$20 Can anyone point me to documentation related to the reliability (or durability) of firestore documents -- Johan Morse
$30 SEO Friendly pagination with Firebase Firestore query --TING ManLok
$35 Failed to implement firebase emulator --Perry Wall
$45 Best practice to implement count or likes on Firestore? --Ahmad Anthony
$15 In Python, How to check if a file is occupied or not ? --Javonte Armstrong
$50 Android Java sort files by type --Henry Miles