Can I authenticate as another user using FirebaseSimpleLogin?

Question

Most apps have an "act on behalf of customer X" button. Is that achievable using Firebase?

I noticed I can create an admin token using a custom login, but since data is inevitably indexed by the user's ID, getting the user's data is difficult if I'm still auth'd as myself.

Answer 1

You can simulate logging in as a user by creating a token via custom login.

For example, if your security rules are utilizing auth.uid as follows:

".write": "auth.uid == $user_id"

Then you can generate your token with the appropriate uid (plus any other details from simple login you are utilizing):

function superUserToken(USER_ID) {
   var FirebaseTokenGenerator = require("firebase-token-generator");
   var tokenGenerator = new FirebaseTokenGenerator(YOUR_FIREBASE_SECRET);
   return tokenGenerator.createToken({uid: USER_ID});
}

Then when you want to su to another user, just call auth() directly with the new token:

var fbRef = new Firebase(URL);
fbRef.auth( superUserToken('Kato!'), function(error, user) { /* ... */ });

This technique can also be useful for testing security rules without creating multiple accounts in your dev environment.