Firebase Admin SDK also provides us the method to verify the token using the verifyIdToken() method:
admin.auth().verifyIdToken(idToken).then((claims) => { if (claims.admin === true) { // Allow access to admin resource. } });
We can also check whether the custom claim is available or not in the user object:
admin.auth().getUser(uid).then((userRecord) => { console.log(userRecord.customClaims.admin);});
Now, let's see how we can implement this in our existing application.
First, let's create a restful API in the Node Admin SDK backend server:
app.post('/setCustomClaims', (req, res) => { // Get the ID token passed by the client app. const idToken = req.body.idToken; console.log("accepted",idToken,req.body); ...