Nativescript: How to login as an admin and manage user account in Firebase

Question

I am struggling to find a solution on how to use Firebase Admin services in order manage user account (remove user from Firebase Auth in particular).

This nativescript-plugin-firebase provides all possible calls to firebase services, however there is no description about managing users with admin privileges. Maybe someone had similar issues or could share a workaround?

Answer 1

Here's how I manage this in my apps:

1. My users have permissions such as "admin", "manager", etc.

2. When an "admin" is logged in to the app, they can add, update, delete other users via the app's interface

3. This is accomplished by pushing a change request to an "updateUser" node in the realtime database - NOT to the actual user record in the database. Be sure that Firebase rules only allow "admin" users to write to this node.

4. Once this new node is created, I disable the form and submit buttons so no more changes can be made. Then, I have the app listen for any changes to:

   • This newly created "updateUser" node (Something like : updateUser/xkekek393kdkd)
   • The actual user profile record

5. I have a Firebase cloud function listening for any writes to that "updateUser" node

6. When the function triggers, it uses the admin-sdk to perform the actual changes to the user profile AND their Firebase authentication account (email address, password, etc). Then, the admin-sdk, updates the "updateUser" node with a status like:

   {
     status: "success",
     message: "User updated"
   }
   

   or

   {
     status: "fail",
     message: "Email address already in use"
   }
   

7. The client app detects that change to the "updateUser" node and provides feedback to the user that the operation is completed.

8. The client app also detects changes to the real user profile node and updates the UI accordingly.

Advantages:

• Only a trusted resource (a Firebase cloud function) has access to admin privileges.

• All the business logic and validation is performed server-side instead of client-side.

Answer 2

The NativeScript plugin is a wrapper for the Firebase client-side libraries, that you can use in your NativeScript app that you ship to your users.

The Firebase Admin SDKs grant administrative access to all backend resources of your Firebase project. As such they are only meant to be used in a trusted environment, such as your development machine, a server you control, or Cloud Functions.

They are explicitly not meant to be used in application code that you ship to your clients, as the credentials that the Admin SDK requires to function would grant way more permission that your users should have.

If you want to create an Admin page that exposes some of the functionality of the Admin SDK on a platform for which the Admin SDK isn't available, you can wrap that functionality in a Cloud Function, ensure the caller is properly authorized (as shown here), and then call that from your application.