firebasefirebase-authentication

Is it possible to login as another user in Firebase?


I'm working on an application where I'll need to help users with certain tasks as part of my customer service. Rather than build a separate admin interface, I'd prefer to have the ability to impersonate users to use the app for them.

Is this something that Firebase can do?


Solution

  • Yes!

    1. Using admin SDK and service account initialize Firebase app backend with:
    admin.initializeApp({
      credential: admin.credential.cert(service_account_json),
    })
    
    1. Obtain authentication token for the user you wish to impersonate:
    const userId = "[impersonating user uid string]"
    const token = await admin.auth().createCustomToken(userId)
    
    1. Using frontend Firebase SDK authenticate user with:
    const token = "[token string obtained in step 2]"
    firebase.auth().signInWithCustomToken(token)
    

    Done! You're now impersonating selected user.

    For obvious security reasons the backend endpoint, like Google Cloud Function should require authentication and verify if user requesting custom token is actually a privileged user (admin), to avoid situation where any authenticated user is able to impersonate anyone.