0

I am using Firebase Auth for authorizing user in my backend .NET Minimal Api application. Everything works fine, but now I would like to create role/claims based Authorization for some endpoints. I have no idea how to implement that on my backend side, can't find any useful information and Firebase documentation only cover Bearer token part. As far as I know I need to use Firebase's CustomClaims, but:

  1. ClaimsPrincipal class do not contain any claims other than defaults.
  2. UserRecord (witch I can't obtain from the route) class includes CustomClaims.

For example I would like this endpoint to only be accessed by an "admin". I can do verification inside an endpoint method, but I feel like it should be done in .RequireAuthorization() by adding policy. How can I do that with Firebase Custom Claims?

app.MapGet("status", async (ClaimsPrincipal claimsPrincipal, ISender sender) =>
    {
       return Results.Ok("Working");

    }).RequireAuthorization();
Świętopeł Ziemowit
  • 85
  • 2
  • 8
  • Here is a [so question](https://stackoverflow.com/questions/73219729/custom-authorization-filtering-minimal-api-net-6) that might help you. For non-minimal API you could implement your own UserManager and User/Roles/Claims-Store for Firebase Auth, but for minimal API I was not able to find anything similar. As from the related question - you can make some firebase admin api calls to load UserRecord with claims and test them inside `async Task HandleRequirementAsync`. – Sergey Sosunov Jun 26 '23 at 13:54

0 Answers0