Home > other >  Are Firebase Custom Claims Secure?
Are Firebase Custom Claims Secure?

Time:10-19

So my situation is as follows. I have an external user ID that accesses a third party API. I need a users external ID in order to access that API. Every day I want to check through x amount of users and send them a push notification against certain data that comes from the 3rd party API but I’m sure this would get very expensive as my user base grows if by I have to look up all of these 3rd party IDs in Firestore every day.

What I’m thinking of doing is storing all of the 3rd party ID’s inside of a custom claim and running a firebase function every day to look these users up and process all the info accordingly. However a users 3rd party user ID is kind of sensitive info, so my question is would it be secure to store these IDs inside of a custom claim?

CodePudding user response:

The information in an ID token can be decoded by anyone with access to that token. You can try that yourself by pasting the token into a site like jwt.io. So you should not store secret information in the token.

That said, for most systems the user ID is not a secret. For example, for Firebase: Firebase - Is auth.uid a shared secret?

Page link:https//www.codepudding.com/other/158593.html

Prev:How to get, store and reuse firebase token in cypress api automated testing
Next:The sms code from firebase does not match
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding