I am struggling to find a solution on how to use Firebase Admin services in order manage user account (remove user from Firebase Auth in particular).
This nativescript-plugin-firebase provides all possible calls to firebase services, however there is no description about managing users with admin privileges. Maybe someone had similar issues or could share a workaround?
Here's how I manage this in my apps:
My users have permissions such as "admin", "manager", etc.
When an "admin" is logged in to the app, they can add, update, delete other users via the app's interface
This is accomplished by pushing a change request to an "updateUser" node in the realtime database - NOT to the actual user record in the database. Be sure that Firebase rules only allow "admin" users to write to this node.
Once this new node is created, I disable the form and submit buttons so no more changes can be made. Then, I have the app listen for any changes to:
updateUser/xkekek393kdkd
)I have a Firebase cloud function listening for any writes to that "updateUser" node
When the function triggers, it uses the admin-sdk to perform the actual changes to the user profile AND their Firebase authentication account (email address, password, etc). Then, the admin-sdk, updates the "updateUser" node with a status like:
{
status: "success",
message: "User updated"
}
or
{
status: "fail",
message: "Email address already in use"
}
The client app detects that change to the "updateUser" node and provides feedback to the user that the operation is completed.
The client app also detects changes to the real user profile node and updates the UI accordingly.
Advantages:
Only a trusted resource (a Firebase cloud function) has access to admin privileges.
All the business logic and validation is performed server-side instead of client-side.