Reputation: 41
Accessing user data in firestore using Cloud Functions, but how do I securely send the UID/IDToken?
I am trying to send a http request with user's uid or token securely to my cloud functions to validate some data before posting/updating it through cloud functions.
Do I just send the token/uid in string format ? I googled it and for web development that use Bearer auth (super confused now). I am wondering what to do in swift? Is it ok to send the token/uid in string format or is there a more robust way?
Upvotes: 1
Views: 137
Answers (1)
Reputation: 317692
Just send the token exactly as you get it from the Firebase Auth API - as a string. You then take that same string and pass it directly to the Admin SDK to verify it as you see in the documentation. There's no need to add any additional security if your access to Cloud Functions is over HTTPS, which it should be.
Upvotes: 1
Related Questions
- How to securely add authenticated user UID into firestore document?
- making document ID = UID firestore swift
- Firebase cloud funtions get user UID
- Get a auth user by its uid in Firestore cloud function
- Pass user auth to Firestore from Cloud functions
- Firestore - Cloud Functions - Get uid
- How to make cloud Firestore auth Uid match userid?
- How to access uid using Cloud Functions for Firebase?
- GET UID from firebase cloud functions
- Firebase HTTP function accessing userID?