Firebase Impersonate User?

[Robert Duchnik]

It it possible to impersonate a user with Firebase authentication? For instance in traditional app I could be logged in as an admin and have access to login as a user by the users id or email.

[Mike McDonald]

Two ways of doing this, both requiring a trusted server (it would be pretty silly for us to allow untrusted clients to impersonate another user):

• Mint a custom token with the appropriate user id/email and pass that to the client
• Use the databaseAuthOverride method to act as another user (only works for the Realtime Database)

A third way would be writing your Database/Storage security rules such that admins can perform extra actions. Here's an example for the Database:

{

  "rules": {

    "users": {

      "$userid": {

        ".read": "auth.uid == userid || auth.token.isAdmin == true"

      }

    }

  }

}

Thanks,

--Mike