Authentication and authorization using Firebase tokens

Question

I'm using Firebase Authentication with Express JS server in React to save user credentials. How do I manage roles (authorizations)?

I am sending Firebase token in every request to verify on backend.

I don't know if I should add another token to decode the character in it.

Answer 1

If a user only has a role or other limited so-called claims to be tracked, you can add them to their Firebase Authentication profile as so-called custom claims.

For more information about this, and how to use custom claims to control access, see the section on Controlling access using custom claims and security rules in the Firebase documentation.