将HttpsCallable与服务凭证一起使用 [英] Using HttpsCallable with service credentials
问题描述
我正在使用一堆HttpsCallable函数,客户端可以使用这些函数来安全地调用后端的东西.现在,我发现自己处于后端(另一个云功能)需要触发某些相同操作的情况,因此理想情况下,我将只从另一个云功能调用HttpsCallable.
I'm using a bunch of HttpsCallable functions that are used by the client to safely invoke things on the backend. I now find myself in a situation where the backend (another cloud function) would need to trigger some of the same operations, so ideally I would just call the HttpsCallable from another cloud function.
可调用库在firebase-admin中不可用,我认为这是因为它正在执行用户身份验证.
The callable library is not available in firebase-admin, and I'm assuming that's because it's doing user authentication.
是否有可能以某种方式解决此问题?也许我可以使用服务凭据来标识自己,并使用正常的HTTP云功能界面手动提供正确的有效负载?
Would it be possible to somehow work around this? Maybe I can use the service credentials to identify myself and supply the right payload manually using the normal HTTP cloud functions interface?
推荐答案
如果需要从没有客户端库的环境中调用可调用函数,则可以编写符合
If you need to invoke a callable function from an environment where no client library is available, you can write your own code that conforms to the protocol specification for callable functions. It is basically just a POST request with certain header and request body. Authentication will be difficult if you don't have an ID token provided for the end user. Service accounts will not help at all - authentication is only provided for Firebase Auth users.
在某些情况下,最好使用第二个更易于调用的HTTP函数,并通过某个模块与可调用函数共享代码,但这取决于您.
It might be best in some cases to instead use a second HTTP function that's easier to invoke, and shares code with the callable function through some module, but that's up to you.
如果您希望将对HTTP功能的访问限制为服务帐户凭据,则必须走很长的理解之路,并且
If you wish to restrict access to an HTTP function to service account credentials, you will have to go down the long road of understanding and configuring IAM permissions for Cloud Functions, using the Google Cloud documentation. The Firebase CLI also deploys functions with "allUsers" access in order for them to be accessible to mobile and web clients - it does not help you secure functions for internal use instead.
这篇关于将HttpsCallable与服务凭证一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
