Anonymous users management and quotas

[Shai Ben-Tovim]

Brief background:

Our solution uses firebase anonymous login for "unauthenticated" clients so we can use the created user entities and user uids for RTDB and firestore security rules.

In some cases, clients need to access more "protected" resources and in this case we issue them a custom auth token including some custom claims that they use with signInWithCustomToken().

So clients can be in 1 of two auth "states":
1) anonymous login

2) anonymous login --> custom token login (but keep same uid).

Question 1:

Looking at the Firebase console auth section it seems that:

1) users in state #1 have the string "anonymous" under "identifier" column and an avatar icon for "providers"

2) users in state #2 have null for both identifier and providers.

Does this mean that users that have signed in with the custom token are no longer considered anonymous and won't count towards the anonymous user quota limitation?

Question 2:

Using admin side Firebase.auth().getUser() for both types of users returns the same exact UserRecord - is there a way for us to distinguish between the two? How does the firebase console do this distinction (which it obviously does)? the providerData is an empty array for both cases.

[Kato Richardson]

Hello Shai,

The only quota related to anonymous authentication is under Accounts per project. As far as I can tell, signing in with a custom JWT token wouldn't delete the anonymous user. So that wouldn't affect the quota (although I believe the old anon accounts will get cleaned up at some point later so it indirectly does, assuming they don't reauth with anon accounts in the future.

You can add any metadata you want onto the custom auth tokens to differentiate the two.

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/e58d6b60-fbd1-4a10-a5d3-8301209b59b7n%40googlegroups.com.

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

[Shai Ben-Tovim]

Hi Kato,

Thanks - one question I didn't fully understand from your answer:

If an anon user (previously signed in using signInAnonymously) signs in with a custom token (same uid) - are they still considered an anon user and count vs the max quota per project? 

Let's say that I don't use anon sign in at all and go straight to signInWithCustomToken - will that user be considered anon also?

[Kato Richardson]

Great questions. No, they are not considered Anonymous accounts.

c[_], Kato

[douwe...@gmail.com]

Hi, I do have a similar question. What is / are the limitations for signing in with custom token? e.g. using signInWithCustomToken . If I have 2000 users using that method in let's say 1 second, what will happen? Will these be timed-out or queued? ( api limit is 500 p/second )

Regards, Douwe

Op dinsdag 9 februari 2021 om 18:30:34 UTC+1 schreef Kato Richardson: