[Bug] Unable to use custom claims in firestore security rule when querying from C++ SDK

[tthagi]

[REQUIRED] Please fill in the following fields:

• Pre-built SDK from the website
• Firebase C++ SDK version: 13.0.0
• Problematic Firebase Component: Auth and Firestore
• Other Firebase Components in use: Functions, Storage
• Platform you are using the C++ SDK on: Mac
• Platform you are targeting: Desktop and iOS

[REQUIRED] Please describe the issue here:

I get Missing or insufficient permissions when querying firestore collection that has a security rule that looks like:

match /subscriptions/{subscriptionId} {
    allow read: if request.auth != null && request.auth.token.legacy_id == resource.data.user_id; 
} 

I am using the C++ SDK, which doesn't give direct access to the auth custom claims, but I am able to fetch custom claims via a Firebase function, and see the values correctly in the client after those are fetched.

If I write a security rule that depends on those claims, it fails. Does writing a rule that uses request.auth.token.legacy_id work when the request comes from the C++ SDK?

Steps to reproduce:

What's the issue repro rate? 100%

It appears that using a custom claim (say, a numeric secondary ID) and requiring that to match a field on a document doesn't work when the query is run from the C++ SDK.