Using a callable function, my intention is to only allow logged-in users to make calls to this.
export const sendMessage = functions.https.onCall(async (data, context) => {
From the context
param there, I have the auth token. But I'm just very new to firebase in general and I don't want to make a critical mistake by misunderstanding here. If I'm logged out, context.auth
becomes null-- easy enough. But do I need to be sure that the auth token is valid and not "made up" by calling verifyIdToken
anyway?
If not, then is simply checking that context.auth
isn't null enough to be sure that the user is logged-in?
But do I need to be sure that the auth token is valid and not "made up" by calling verifyIdToken anyway?
No, that happens automatically. You can be sure the context.auth
is verified if not null. As stated in the documentation :
The functions.https.onCall trigger automatically deserializes the request body and validates auth tokens.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.