Reputation: 665
how to Invoke a firebase callable function from firebase https function with authentication?
I am trying to understand how we can securely call a firebase callable function from firebase https function, Here auth is required so that callable function is not public, it should be accessible only by that https function.
Note: I am new to gcloud and firebase :(
Https Function:
import * as functions from "firebase-functions";
import * as app from "firebase/app";
//import * as auth from "firebase/auth"
import { getFunctions, httpsCallable } from "firebase/functions";
const firebaseConfig = {
apiKey: "WEBAPIKEY",
authDomain: "project.firebaseapp.com",
databaseURL: "https://project.firebaseio.com", // not required though
projectId: "project-id",
storageBucket: "project.appspot.com", // not required
//appId: process.env.APP_ID, // not sure what to provide
messagingSenderId: "1234324" // default service account id
};
const firebaseApp = app.initializeApp(firebaseConfig);
export const caller = functions.https.onRequest((request, response) => {
let messageText = "hi";
const gfunctions = getFunctions(firebaseApp);
const funtionB = httpsCallable(gfunctions, 'funtionB');
funtionB({ text: messageText })
.then((result: any) => {
// Read result of the Cloud Function.
console.log(result);
response.send(result);
});
});
Callable Function:
import * as functions from "firebase-functions";
export const funtionB = functions.https.onCall((data, context) => {
console.log(context.auth); // not getting anything
/* if (!context.auth) { //trying to include this.
return {status: "error", code: 401, message: "Not signed in"};
} */
return new Promise((resolve, reject) => {
resolve({data: "YO", input: data});
});
});
Some logs, which make me to feel bad,
Callable request verification passed {"verifications":{"app":"MISSING","auth":"MISSING"}}
I am not going to user browser to consume this https function, not sure whether we can use auth check without browser. Any way to secure this callable function ? I want to remove alluser access from principal for both the functions to make it private.
Upvotes: 1
Views: 933
Answers (1)
Reputation: 5819
I would say this isn't possible because, as you mentioned, the auth checks cannot be done without the browser, also the httpsCallable interface does not allow the context to be forced by passing as a parameter.
I would say that the best option would be to convert your Callable Function into an Http Function where you can implement your own authentication checks, this documentation may be useful for that.
Upvotes: 1
Related Questions
- Firebase: How to call an https.onCall function node.js?
- Cloud Function & client authentication during HTTPS Call using firebase admin Auth
- Call Firebase HTTPS callable cloud functions in React
- Asynchronous https firebase functions
- Accessing Auth from Firebase Cloud Functions
- Make HTTPS call within Firebase Function
- How to call an exported https Firebase Cloud function within Firebase Cloud functions?
- How to secure firebase https function?
- Authenticate https-triggered cloud functions
- how to use firebase https trigger functions