Google App Engine access firebase in different project
Question
I have setup app engine and firebase at PROJECT A , the app engine used default credentials, and able to access firebase at PROJECT A , however the app engine also need to call
verifyIdToken()
to verify user in PROJECT B .
What would be the best approach to it?
I can download the firebase credentials from PROJECT B , and use firebase admin sdk to do so, but it seems overkill, because i only needs to verify use token.
Setup firebase IAM permission in PROJECT B for app engine from PROJECT A , so it can access to firebase, theoretically, but in this case, how the app engine get the credentials from firebase in PROJECT B ?Definitely not default credentials, right?
2 answers
solution1
0 2020-05-06 03:10:07
You can add the necessary roles from Project B to the service account used by Cloud Functions (it will be <project-a>@appspot.gserviceaccount.com ). You would do this by visiting the Google Cloud IAM console in Project B and assigning the roles appropriately.
Once you do that, you should be able to use default credentials to authorize requests for Project B.
Note: There's some nuance here and I haven't directly tried this, but it should work in theory.
solution2
0 2020-05-06 07:24:34
Found the solution
and
After setup the IAM role and policy in project B with project A accouint, simply just do
projectB_firebase = firebase_admin.initialize_app(options={
"serviceAccountId": "firebase-adminsdk-xxxxxxx@[projectb].iam.gserviceaccount.com"
}, name="projectB")
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.