I'm using Firebase Authentication with Express JS server in React to save user credentials. How do I manage roles (authorizations)?
I am sending Firebase token in every request to verify on backend.
I don't know if I should add another token to decode the character in it.
If a user only has a role or other limited so-called claims to be tracked, you can add them to their Firebase Authentication profile as so-called custom claims.
For more information about this, and how to use custom claims to control access, see the section onControlling access using custom claims and security rulesin the Firebase documentation.