0

Does anyone know where HttpContext.User gets set when using Firebase Auth?

I'm using: Asp.NET Core 5.0, FirebaseAdmin 2.2.0

In my startup.cs I have this:

FirebaseApp.Create(new AppOptions()
{
    Credential = GoogleCredential.FromFile("firebase_admin_sdk.json"),
});

var claims = new Dictionary<string, object>
{
    { ClaimTypes.Role, "User" }
};

I have this service which gets me the details of the current user:

using System.Security.Claims;
using System.Security.Principal;
using Microsoft.AspNetCore.Http;

public class UserResolverService
{
    public readonly IHttpContextAccessor _context;

    public UserResolverService(IHttpContextAccessor context)
    {
        _context = context;
    }

    public string GetGivenName()
    {
        return _context.HttpContext.User.FindFirst(ClaimTypes.GivenName).Value;
    }

    public string GetSurname()
    {
        return _context.HttpContext.User.FindFirst(ClaimTypes.Surname).Value;
    }

    public string GetNameIdentifier()
    {
        string nameIdentifier = _context.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value;
        return nameIdentifier;
    }

    public string GetEmails()
    {
        return _context.HttpContext.User.FindFirst("emails").Value;
    }
}

This is how I use it:

public string _currentUserExternalId;

public override async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default(CancellationToken))
{
    var user = await User.SingleOrDefaultAsync(x => x.Id == _currentUserExternalId);

    AddCreatedByOrUpdatedBy(user);

    return (await base.SaveChangesAsync(true, cancellationToken));
}

However it is getting me the details of an old user that no longer exists, so _currentUserExternalId is not current.

Here is the value of HttpContext.User:

enter image description here

Since this was set magically by Firebase, I am unsure how to update it for the current user after registering a new user. Does anyone know?

I have found and added this method to my UserResolverService. I have a feeling this is the manual hack and there will be a firebase way of doing this since it magically populated the Claim with the old user:

public void AddUpdateClaim(IPrincipal currentPrincipal, string key, string value)
{
    var identity = currentPrincipal.Identity as ClaimsIdentity;
    if (identity == null)
        return;

    // check for existing claim and remove it
    var existingClaim = identity.FindFirst(key);
    if (existingClaim != null)
        identity.RemoveClaim(existingClaim);

    // add new claim
    identity.AddClaim(new Claim(key, value));
}

EDIT: I register new users, sign in, sign out etc from the client. So maybe if I did it from the back end it would work. But that will be quite a big change so ideally would like to avoid that.

BeniaminoBaggins
  • 11,202
  • 41
  • 152
  • 287

1 Answers1

0

It appears to be handled automagically by the JWT access token sent with the request. The user has an access token associated with their account, and if you send that one with the request, then the HttpContext.User is automagically populated with the correct data. I must have been sending an old JWT.

BeniaminoBaggins
  • 11,202
  • 41
  • 152
  • 287