Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to make Firebase Functions act as a user instead of being an admin?

My client app is accessing to Firestore through API created by Firebase Functions. However, the Firebase Functions imports firebase-admin which bypass all the defined security rule. Is there any way I can make my HTTP triggers Function to act as a specific user (for example, by passing an access token from client to server), so that the Functions works under influence of Firebase Functions as well.

like image 329
Jeungmin Oh Avatar asked Sep 05 '18 02:09

Jeungmin Oh


2 Answers

There is currently no way to do this. The Firestore SDK for node doesn't have a way of scoping its access to the database as a particular authenticated user.

Note that this is different than the Realtime Database SDK, which does allow you to scope to a uid.

like image 107
Doug Stevenson Avatar answered Sep 22 '22 18:09

Doug Stevenson


I think it is possible to access Firestore via an admin-sdk but scope it to the logged-in user if you are use REST APIs to access Firestore.

For authentication, the Cloud Firestore REST API accepts either a Firebase Authentication ID token or a Google Identity OAuth 2.0 token. The token you provide affects your request's authorization:

Use Firebase ID tokens to authenticate requests from your application's users. For these requests, Cloud Firestore uses Cloud Firestore Security Rules to determine if a request is authorized.

like image 45
Arijit Bhattacharya Avatar answered Sep 21 '22 18:09

Arijit Bhattacharya