flutter - Firebase password-less: Can I create an account with Custom Claims first?

Question

I am using Hasura with Firebase and Flutter. When a password-less login/signup link is sent to the user for the first time, I need to intercept the account creation process to add some custom claims before they are automatically logged in. If they are automatically logged in then the custom claims won't be present and permissions will be incorrect.

Is it possible to have a custom Firebase function that I could call to create a "password less" account with the custom claims before I process the magic link? The only call I can see is createUserWithEmailAndPassword which is not the right method...

Another option (less attractive) is to process the link using signInWithEmailLink(), apply the claims to the account using a firebase function, then force a new token (which will have the new claims) via _firebaseAuth.currentUser.getIdTokenResult(true).... would an onAuthStateChanged be triggered on a forced token refresh?

Answer 1

Is it possible to have a custom Firebase function that I could call to create a "password less" account with the custom claims before I process the magic link?

No, it's not possible. Functions can only respond to the creation of a new account after it happened. They can't intercept that process to change the custom claims for a client app that just signed in immediately after an account was created.

would an onAuthStateChanged be triggered on a forced token refresh?

No, it wouldn't. If you force a token refresh from the client app, you will only receive an update from the idTokenChanges stream.

Changing the custom claims on the backend using the Firebase Admin SDK will not force a propagation to the client app. If you want to wire this up yourself, you can do so following something like the process in this blog post. The backend will somehow have to push some data to the client app to get it to force refresh the user's token to take effect immediately.