ReactJS and Firebase Users Admin

Question

I am trying to create a React app where a user with "admin" role can create a new user in firebase.

The workflow would look like that:

normal login -> check userRole -> if admin: show createUserForm.

As far as I have read from the documentation, I would need an Admin SDK, but the problem is - how to implement it on client-side app? Has anyone gone through this process?

Answer 1

The Firebase Admin SDK should only be used in a trusted environment, i.e. a server you control or Cloud Functions. It should not (and cannot) be used in a client-side React app.

If you want to allow certain users of your React app to create accounts for other users, you'll want to move that part of the flow to a trusted environment where you can use the Admin SDK.

So the flow becomes:

• Detect in the client-code whether the user is an admin (likely using a custom claim) and only show the form if they are.
• Call a Cloud Function from your client with the input from the form.
• Ensure the user calling Cloud Functions is authorized.
• Create the user account in the Cloud Function using the Admin SDK.

As you can see this is quite involved. I highly recommend considering alternative use-cases, such as what it actually is that you want the admin to control. Once you enable a provider in Firebase Authentication, any user can create an account with that provider. Trying to control that from within your application code is just a recipe for problems. Often what you're actually trying to control is what a specific user account can do: e.g. only approved users can access certain data. Depending on where you store this data, that is much easier to control. For example: if you store the data in the Firebase Database, is is common to create a whitelist of approved users in such a case (or the inverse: a blacklist of banned users).