Firebase custom claims

  • 27 August 2022
  • 11 replies
  • 155 views

Badge +4

Hi.

I have used the Revenuecat extension for firebase for a while, but have not found the use of it as I cant see custom claims in the idTokenResult.

I want to use custom claims to only allow users with subscription to upload files and then use this custom claims on firestore rules instead of only checking permission inside the application.

I have configured the extension in revenuecat and enabled custom claims in the extension:

Should custom claims be set in Firebase Auth with the user's active entitlements? Description
ENABLED

But when i fetch the entitlements in application, i only get theese:

user?.getIdTokenResult(true).then((value) => print(value));
{
   "firebase":{
      "identities":{
         "email":[
            "x"
         ]
      },
      "sign_in_provider":"password"
   },
   "user_id":"x",
   "aud":"x-app",
   "exp":"x",
   "iat":"x",
   "iss":"x",
   "sub":"x",
   "email":"x",
   "email_verified":true,
   "auth_time":"x"
}


Any suggestions, or cant revenuecat set custom claims that i can use in the firestore rules and app to check entitlements?

Thanks


11 replies

Badge +4

EXTRA Question:

When enabling, is there a way to sync existing events/customers?
 

RevenueCat Webhook Events Firestore collection (Optional) Description
events

Location of the customers collection (Optional) Description
customers


 

Badge +4

Sorry for posting multiple times, but I did not find any option to edit my posts…

I noticed new users get added.
Tried to use observe but no effect.
I also tried docs examples, but most of it seems outdated on v4 as many functions in docs do not exist. 

Il send support a mail and look for alternatives, thanks.

Userlevel 4
Badge +7

Hi @MKJ, thanks for all the questions!

Is the reason that the custom claims don’t work perhaps rooted in the fact that only new customers get added to the collection? Does it work as expected with new purchases?

There isn’t currently a way to send all existing customer information to Firebase; we will consider if we can build that. 

We will have a look at the docs to update anything that’s outdated – could you let me know what issues specifically you ran into?

Badge +4

Hi.
Yes thats correct, it works with new users.
I have always used the extension, but recently activated EVENTS so must events be triggered to add custom claims even if  i have the custom claims ENABLED ?

I have tested on users from ½ year back and 3 months back and they did not have custom claims either. 
So I kind of need a way to sync or figure out why its set sometimes and sometimes not to trust the implementation, because i want to use custom claims to secure storage with rules but cant use it if i cant trust the extension to have set the custom claims.

Userlevel 4
Badge +7

Hi @MKJ , yeah events have to be processed in order for custom claims to be set.

I think we would probably have to build some kind of way to import / sync an existing set of customers to Firebase, I think most other workarounds would be really cumbersome.

Badge +3

Hi @Jens ,

I have a similar issue, can you please explain what exactly the extension configuration should look like for the custom claims to work.

Thanks in advance!

Userlevel 4
Badge +7

Hi @Erol Asan , there is no configuration required except for enabling custom claims upon installation. Once that’s enabled, you can follow our documentation to check for custom claims.

Badge +4

My problem to is that there is no sync. 

I have used revenuecat with firebase extension since day one, but some users do not have custom claims. So when I cant sync, I feel like I cant trust that the custom claims are there, and then this need to be implemented or I would have to find another solution. 

I want to use it to secure that only premium users can access firebase storage..

Badge +4

Is there any plans to implement a fix for this issue?

Userlevel 4
Badge +7

Hey @MKJ , we are currently thinking through what we can do in these cases.

Badge +5

Hi,

I have the same problem - there is no sync between RevenueCat and firebase for existing users. 

 

@Jens any update about it? 

Reply