2

Using this : 

firebase.auth().onAuthStateChanged(function(user){
    if (user){

Firebase is returning the user, which includes a userID. When a webpage get this object it takes the user ID, and need to access again the DB records to check some very basic stuff ( if it's a paid user, or another simple key) in order to choose the UI.

Is there away to return in this callback the user including some predefined basic info about him?

hkrlys
  • 361
  • 1
  • 13

1 Answers1

5

If you want to add some extra info to a user account you cannot use the User object, which has a fixed list of properties.

There are two classical approaches:

1. Create a specific User record

You create a Firestore document (or a Realtime Database node) for each user. Usually you use the User's uid as the id of the Firestore Document/RTDB node.

This means that you will need to fetch the database to get this extra user info, e.g.

firebase.auth().onAuthStateChanged(function(user){
    if (user) {
        firebase.firestore().collection('users').doc(user.uid).get()
        .then(...)
    }
    //...
}

2. Use Custom Claims

If you need to store only a limited number of extra information in order to provide access control, you could use Custom Claims. This is particularly adapted for storing user roles, e.g. paid user.

Custom user claims are accessible via user's authentication tokens, therefore you can use them to modify the client UI based on the user's role or access level. See more details here in the doc.

To get the Claims in the front end, you can do as follows:

firebase.auth().onAuthStateChanged(function (user) {
    if (user) {
        user.getIdTokenResult()
            .then((idTokenResult) => {
                // Confirm the user is a paid user.
                if (!!idTokenResult.claims.paidUser) {
                    // Show admin UI.
                    showPaidUserUI();
                } else {
                    // Show regular user UI.
                    showRegularUI();
                }
            })
            .catch((error) => {
                console.log(error);
            });
    }
    //...
}

It is important to note the following section in the doc:

Custom claims are only used to provide access control. They are not designed to store additional data (such as profile and other custom data). While this may seem like a convenient mechanism to do so, it is strongly discouraged as these claims are stored in the ID token and could cause performance issues because all authenticated requests always contain a Firebase ID token corresponding to the signed in user.

  • Use custom claims to store data for controlling user access only. All other data should be stored separately via the real-time database or other server side storage.
  • Custom claims are limited in size. Passing a custom claims payload greater than 1000 bytes will throw an error.
Community
  • 1
  • 1
Renaud Tarnec
  • 79,263
  • 10
  • 95
  • 121
  • thanks! number 1 is obvious and i needed something line number 2. After reading you link, i am not sure i got something yet - can i get those fields on onAuthStateChanged ? i would like to have a system that return to me right away if i am dealing with a paid user, sort of small DB inside the user object. Custom Claims seems to just offer another DB that i have to anyway read from when page loads. – hkrlys Mar 16 '20 at 11:28
  • 1
    Oy yes, I forgot to add this part for #2. Give me 5 minutes! – Renaud Tarnec Mar 16 '20 at 11:31
  • 1
    thank you! it helped a lot. Altough it seems i still have to retrieve by my own this data, its not auto like the onAuthStateChanged. – hkrlys Mar 16 '20 at 11:34