Functions needed for cloud functions and in the browser are available via npm , browser capability can also be enabled via CDN for those not using a bundler.
This package allows wallet holders to log in to Firebase Authentication by verifying wallet ownership via signed message. No additional information is required. If you are using other authentication providers, I'd recommend merging user created in this way and using AccountClaimReader in @novum/unlock-firebase-integration/server/helpers to maintain user claims in a custom manner.
Enabling Cloud Function authentication with for Wallet Users
That's all you need for the backend:
// functions/src/index.js//initialize you app as you normally wouldimport*as admin from"firebase-admin";admin.initializeApp();//expose getLockFirebaseToken and createMessageToken as you would any other functionexport {getLockFirebaseToken, createMessageToken} from"@novuminsights/unlock-protocol-firebase/lib/server";
Additionally, you need to set a secret:
$firebasefunctions:config:setunlock.secret="Any String you can keep secret!"
On the front-end, just call signInWithWeb3. For example, using a button:
This integration uses the Unlock Protocol locks held in a wallet to assign access roles to Firebase users via Firebase's custom claims (assessed on login).
Mapping locks to roles
Custom claims are assigned to the user upon authentication based on the locks the wallet currently has. The mapping from lock addresses to claims is defined in unlock-integration-config.json, like so:
You can define multiple networks, but currently only one network is used at a time. You can set which network will be used for a particular project via firebase functions config like so:
Otherwise, default_network as defined in unlock-integration-config.json is used. This is useful for testing with Rinkby. Support for multiple active networks can be added in the future.
Using claims for role-based access
You can access these claims directly from the user's token --- for example, in your Firestore rules:
// firestore.rulesrules_version ='2';service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write:iffalse; }functionhasSubscription() {returnrequest.auth !=null&&request.auth.token.basic_subcriptionic_sub; } match /app_data/top_pairs { allow read:ifhasSubscription(); }}