Custom Claims not being added when using Microsoft sign-in with a non-microsoft email

[drakebennion]

Related issues

Similar outcome to 1135

[REQUIRED] Version info

node: 20.14.0

firebase-functions: ^5.0.0

firebase-tools: 13.22.0

firebase-admin: 11.5.0

[REQUIRED] Test case

https://cloud.google.com/identity-platform/docs/blocking-functions#setting_custom_and_session_claims

Web App

async signInWithMicrosoft() {
    const provider = new firebase.auth.OAuthProvider('microsoft.com');
    const credentials = await firebase.auth().signInWithPopup(provider)
        .then(async (value) => {
            const idTokenResult = await value.user?.getIdTokenResult(true);
            console.log(idTokenResult);
        })
    ...
}

Cloud function

functions.auth.user().beforeSignIn(async (_, context) => {
   ...
    return {
      customClaims: {
          testProperty: "testValue"
      }
    };
  });

[REQUIRED] Steps to reproduce

1. Sign up for a Microsoft account using a non-microsoft email (I used a Yahoo address)
2. Deploy beforeSignIn
3. In the web app, sign in the user using signInWithPopup
4. Print the idTokenResult

[REQUIRED] Expected behavior

The customClaims from the beforeSignIn should be present on the idTokenResult

[REQUIRED] Actual behavior

The customClaims are missing for this user. Interestingly if we use sessionClaims those do show up on the token.

Were you able to successfully deploy your functions?

Yes

[CorieW]

Hi @drakebennion,

Thanks for reporting this issue! We’ve received it and are reviewing it. We’ll provide updates as soon as possible.

[CorieW]

I can't seem to reproduce this using the code you provided. Could you confirm that this testProperty doesn't show up: