stackoom
  简体   繁体   中英

Firebase Cloud Functions authentication for Android App

 原文  2020-06-10 07:10:11       android/ firebase/ firebase-authentication

Question

I'm building an Android App that searches for nearby locations. I use Firebase login system (Login with email and password, and login with Google, Facebook, etc), therefore I would also like to build an API with Firebase. (also because I need the app to be more complicated) I have built a serverless API with Firebase Cloud Functions and I can make GET/PUT requests with Postman. However, I would like to secure these endpoints, similar to how JWT secure a RESTAPI, so that only users who logged in the App can make requests. How do I achieve this? I have looked at "authorized-https-endpoint" but it seems like it only allow Google-Sign-In.

Or is there a way that I can still use Node and Mongodb RestAPI, and secure it using the accounts logged into Firebase?

Here is a piece of the backend code

app.get('/api/read/:item_id', (req, res) => {
(async () => {
    try {
        const document = db.collection('items').doc(req.params.item_id);
        let item = await document.get();
        let response = item.data();
        return res.status(200).send(response);
    } catch (error) {
        console.log(error);
        return res.status(500).send(error);
    }
    })();
});


exports.app = functions.https.onRequest(app);

Thank you guys so much in advance.

2 answers

solution1
 1  2020-06-10 07:58:34

Use Firebase Callable Functions. They fulfill your requirement.

Refer: https://firebase.google.com/docs/functions/callable

In the case where there are issues with the function calls, please refer to this: firebase.google.com/docs/functions/callable-reference.
As mentioned here this is to be used only if the SDKs don't work for you

solution2
 1  2020-06-10 16:40:51

The authorized-https-endpoint example supports all forms of auth on the client, as long as it's going through the Firebase Auth SDK. In all cases, the client can send an auth token to the function, and the function code can use the Firebase Admin SDK to verify the token . It doesn't matter how the user authenticated - any Firebase user account will work.

You can also use a callable function , which will automatically perform the validation for you in the exact same way. Your code must then check to see if a user was authenticated using the calling context before continuing.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Firebase Cloud Functions for Android Generate Razorpay OrderId using FIrebase Cloud Functions for Android App Call Firebase Cloud Functions Android Google Cloud Functions + Android app Android Google Authentication With Firebase And Multiple Cloud Projects Firebase Cloud Functions and Android Push Notification Firebase Cloud functions to Android application notifications Firebase Android Cloud Functions Change Timeout Firebase functions result in android app How to pass an object from android app to a firebase cloud function to complete Paypal payment functions?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM