Skip to main content

Firebase Auth

If your application uses Firebase Auth to authenticate & manage users, you can automatically sync users from Firebase to Warrant and set user claims based on access rules from Warrant using Firebase's Cloud Functions. This guide will provide sample Cloud Functions for creating a user in Warrant when one is created in Firebase, deleting a user from Warrant when that user is deleted from Firebase, and setting a user's claims using data from Warrant.

The complete code samples shown in this guide are also available on GitHub.

Functions

Creating a Warrant User

To create a user in Warrant when one is created in Firebase, define an onCreate function that will be triggered whenever a Firebase user is created. The user created in Warrant will have a userId and email equal to the Firebase user's uid and email.

const functions = require("firebase-functions");
const Warrant = require("@warrantdev/warrant-node");

exports.createWarrantUser = functions.auth.user().onCreate((user) => {
  const warrantClient = new Warrant.WarrantClient({
    apiKey: "YOUR_API_KEY",
  });

  warrantClient.User.create({ userId: user.uid, email: user.email })
    .then((newUser) => console.log(newUser))
    .catch((error) => console.log(error));
});

Deleting a Warrant User

To delete a user from Warrant when the user is deleted from Firebase, define an onDelete function that will be triggered whenever a Firebase user is deleted. The function will delete the Warrant user with userId matching the Firebase user's uid.

const functions = require("firebase-functions");
const Warrant = require("@warrantdev/warrant-node");

exports.deleteWarrantUser = functions.auth.user().onDelete((user) => {
  const warrantClient = new Warrant.Client({
    apiKey: "YOUR_API_KEY",
  });

  warrantClient.User.delete(user.uid).catch((error) => console.log(error));
});

Setting a user's claims

To set a user's claims to include the roles & permissions assigned to them in Warrant, define a beforeSignIn function that will be triggered whenever a user signs in, and add the user's roles & permissions from Warrant to the Firebase custom claims object. Once the custom claims are set, you can use them to control access to features and resources in your application.

const functions = require("firebase-functions");
const Warrant = require("@warrantdev/warrant-node");

const WARRANT_NAMESPACE = "https://warrant.dev";

// Use this in conjunction with `setUserClaims` when you want to set claims on sign in.
// If you don't want to set claims on sign in, you may use the `createWarrantUser` function above using the `onCreate` trigger.
exports.createWarrantUser = functions.auth.user().beforeCreate((user, _) => {
  const warrantClient = new Warrant.Client({
    apiKey: "YOUR_API_KEY",
  });

  warrantClient.User.create({ userId: user.uid, email: user.email })
    .then((newUser) => console.log(newUser))
    .catch((error) => console.log(error));
});

exports.setUserClaims = functions.auth.user().beforeSignIn(async (user, _) => {
  const warrantClient = new Warrant.Client({
    apiKey: "YOUR_API_KEY",
  });

  if (user.customClaims) {
    if (!user.customClaims[WARRANT_NAMESPACE]) {
      user.customClaims[WARRANT_NAMESPACE] = {};
    }
  } else {
    user.customClaims = { [WARRANT_NAMESPACE]: {} };
  }

  let roles = await warrantClient.Role.listRolesForUser(user.uid);
  roles = roles.map((role) => role.roleId);
  user.customClaims[WARRANT_NAMESPACE]["roles"] = roles;

  let permissions = await warrantClient.Permission.listPermissionsForUser(
    user.uid
  );
  permissions = permissions.map((permission) => permission.permissionId);
  user.customClaims[WARRANT_NAMESPACE]["permissions"] = permissions;

  const sessionToken = await warrantClient.Session.createAuthorizationSession({
    userId: user.uid,
  });
  user.customClaims[WARRANT_NAMESPACE]["sessionToken"] = sessionToken;

  return {
    customClaims: user.customClaims,
    sessionClaims: user.customClaims,
  };
});