Use http Google Cloud Functions "Require Authentication" with Firebase

In my front-end, I'm using the Firebase authentication and the firebaseAuth.currentUser?.getIdToken(true) function to get the token and send it as an Authorization: Bearer {token} header to the Google function.

I used to parse the token in the function and validate it within the function code. But I want to enable the Require authentication setting for it. The problem is that I receive the Your client does not have permission to the requested URL error in this case.

I tried to set the allAuthenticatedUsers, {project}@appspot.gserviceaccount and firebase-service-account@firebase-sa-management.iam.gserviceaccount principals with Cloud Functions Invoker role, but it did not help.

Is there any way I can do so Require Authentication is enabled, and GC allows to execute the function only for the users authenticated with the Firebase?

Share Improve this question asked Nov 19, 2024 at 10:12 domanskyi 7531 gold badge9 silver badges21 bronze badges

I doubt that the tokens you generate with firebase are compatible with what cloud functions expect, see cloud.google/functions/docs/securing/… and compare it with firebase.google/docs/auth/admin/verify-id-tokens The audience and sub fields have a completely different content. – somethingsomething Commented Nov 19, 2024 at 14:48

Add a comment |

1 Answer 1

Sorted by: Reset to default 2

Google Cloud IAM roles, such as "allAuthenticatedUsers" and service accounts, have nothing at all to do with Firebase Authentication user ID tokens. They aren't compatible with each other and are not interchangeable in any way. You can't simply replace your code to validate a Firebase Auth token with IAM permissions.

The only way to implement Firebase Auth token validation is using code you write, typically with the Firebase Admin SDK.

科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

Use http Google Cloud Functions "Require Authentication" with Firebase - Stack Overflow

1 Answer 1

与本文相关的文章

评论列表(0)