Do I need to use verifyIdToken on the context.auth object in firebase cloud functions?
Question
Using a callable function, my intention is to only allow logged-in users to make calls to this.
export const sendMessage = functions.https.onCall(async (data, context) => {
From the context param there, I have the auth token. But I'm just very new to firebase in general and I don't want to make a critical mistake by misunderstanding here. If I'm logged out, context.auth becomes null-- easy enough. But do I need to be sure that the auth token is valid and not "made up" by calling verifyIdToken anyway?
If not, then is simply checking that context.auth isn't null enough to be sure that the user is logged-in?
1 answers
solution1
4 ACCPTED 2020-10-08 01:04:22
But do I need to be sure that the auth token is valid and not "made up" by calling verifyIdToken anyway?
No, that happens automatically. You can be sure the context.auth is verified if not null. As stated in the documentation :
The functions.https.onCall trigger automatically deserializes the request body and validates auth tokens.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.