如何保护Firebase云端功能HTTP端点只允许Firebase认证的用户? [英] How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?
问题描述
一切正常,但我有以下问题。我有两个端点通过HTTP触发器(云功能)构建
- 创建用户并返回自定义令牌
的API端点通过Firebase Admin SDK。
- 一个API端点,用于获取某些用户详细信息。
第一个终点是好的,但是对于我的第二个终点,我只想保护它,只为经过身份验证的用户。这意味着有人有我以前生成的令牌。
我该如何解决这个问题?
我知道我们可以在云端函数中得到Header参数使用
request.get('x-myheader')
但是有没有办法像保护实时数据库一样保护端点?
官方代码示例,以了解您正在尝试执行的操作。它所说明的是如何设置你的HTTPS功能,需要一个带有客户端在验证过程中收到的令牌的Authorization头。该函数使用firebase-admin库来验证令牌。
With the new firebase cloud function I've decided to move some of my HTTP endpoint to firebase. Everything works great... But i have the following issue. I have two endpoints build by HTTP Triggers (Cloud Functions)
- An API endpoint to create users and returns the custom Token generated by Firebase Admin SDK.
- An API endpoint to fetch certain user details.
While the first endpoint is fine, but for my second end point i would want to protect it for authenticated users only. meaning someone who has the token i generated earlier.
How do i go about solving this?
I know we can get the Header parameters in the cloud function using
request.get('x-myheader')
but is there a way to protect the endpoint just like protecting the real time data base?
There is an official code sample for what you're trying to do. What it illustrates is how to set up your HTTPS function to require an Authorization header with the token that the client received during authentication. The function uses the firebase-admin library to verify the token.
这篇关于如何保护Firebase云端功能HTTP端点只允许Firebase认证的用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
