|
1 | 1 | 'use strict'; |
2 | 2 | const { initializeApp } = require('firebase-admin/app'); |
3 | 3 | const { getAuth } = require('firebase-admin/auth'); |
| 4 | +const { getDatabase } = require('firebase-admin/database'); |
4 | 5 | initializeApp(); |
5 | 6 |
|
| 7 | +const express = require('express'); |
| 8 | + |
6 | 9 | const uid = 'firebaseUserId123'; |
7 | 10 | const idToken = 'some-invalid-token'; |
8 | 11 |
|
@@ -73,3 +76,76 @@ getAuth() |
73 | 76 | console.log(error); |
74 | 77 | }); |
75 | 78 | // [END set_custom_user_claims_incremental] |
| 79 | + |
| 80 | +function customClaimsCloudFunction() { |
| 81 | + // [START auth_custom_claims_cloud_function] |
| 82 | + const functions = require('firebase-functions'); |
| 83 | + |
| 84 | + const { initializeApp } = require('firebase-admin/app'); |
| 85 | + initializeApp(); |
| 86 | + |
| 87 | + // On sign up. |
| 88 | + exports.processSignUp = functions.auth.user().onCreate(async (user) => { |
| 89 | + // Check if user meets role criteria. |
| 90 | + if ( |
| 91 | + user.email && |
| 92 | + user.email.endsWith('@admin.example.com') && |
| 93 | + user.emailVerified |
| 94 | + ) { |
| 95 | + const customClaims = { |
| 96 | + admin: true, |
| 97 | + accessLevel: 9 |
| 98 | + }; |
| 99 | + |
| 100 | + try { |
| 101 | + // Set custom user claims on this newly created user. |
| 102 | + await getAuth().setCustomUserClaims(user.uid, customClaims); |
| 103 | + |
| 104 | + // Update real-time database to notify client to force refresh. |
| 105 | + const metadataRef = getDatabase().ref('metadata/' + user.uid); |
| 106 | + |
| 107 | + // Set the refresh time to the current UTC timestamp. |
| 108 | + // This will be captured on the client to force a token refresh. |
| 109 | + await metadataRef.set({refreshTime: new Date().getTime()}); |
| 110 | + } catch (error) { |
| 111 | + console.log(error); |
| 112 | + } |
| 113 | + } |
| 114 | + }); |
| 115 | + // [END auth_custom_claims_cloud_function] |
| 116 | +} |
| 117 | + |
| 118 | +function customClaimsServer() { |
| 119 | + const app = express(); |
| 120 | + |
| 121 | + // [START auth_custom_claims_server] |
| 122 | + app.post('/setCustomClaims', async (req, res) => { |
| 123 | + // Get the ID token passed. |
| 124 | + const idToken = req.body.idToken; |
| 125 | + |
| 126 | + // Verify the ID token and decode its payload. |
| 127 | + const claims = await getAuth().verifyIdToken(idToken); |
| 128 | + |
| 129 | + // Verify user is eligible for additional privileges. |
| 130 | + if ( |
| 131 | + typeof claims.email !== 'undefined' && |
| 132 | + typeof claims.email_verified !== 'undefined' && |
| 133 | + claims.email_verified && |
| 134 | + claims.email.endsWith('@admin.example.com') |
| 135 | + ) { |
| 136 | + // Add custom claims for additional privileges. |
| 137 | + await getAuth().setCustomUserClaims(claims.sub, { |
| 138 | + admin: true |
| 139 | + }); |
| 140 | + |
| 141 | + // Tell client to refresh token on user. |
| 142 | + res.end(JSON.stringify({ |
| 143 | + status: 'success' |
| 144 | + })); |
| 145 | + } else { |
| 146 | + // Return nothing. |
| 147 | + res.end(JSON.stringify({ status: 'ineligible' })); |
| 148 | + } |
| 149 | + }); |
| 150 | + // [END auth_custom_claims_server] |
| 151 | +} |
0 commit comments