I want to create a SNS subscription to an existing topic through the java sdk.
In all examples I saw that a filter policy is linked to an existing subscription.
Is it possible to set a filter policy during a SNS subscription?
Related
I know I can create an "anonymous" subscription for a topic like this:
functions.pubsub.topic('topic-name').onPublish(console.log)
But this doesn't allow me to distribute different messages to multiple listeners on a single subscription and, more importantly, it doesn't allow me to bind a subscription to a dead-letter topic, because, as I understand it, this subscriptions are ephemeral (i.e. they are tied to the lifecycle of the Firebase Cloud Function).
Is there a way to achieve this without creating a "real" Google Cloud Function and only using Firebase?
What is the standard, secure way to set the first custom claim on all Firebase users?
Firebase provides some great documentation and examples for understanding and using custom claims -- e.g. this great video example -- but most examples use an existing custom claim to authorize the creation of other custom claims; and as of this post the Firebase console provides no way to set/edit/view custom claims, nor can custom claims be set via the CLI.
Here are some options I am considering:
Create a distinct admin project, which can be used by a service account to create custom claims via the Firebase Admin SDK.
Use a Cloud Function to perform custom claim creation iff a certain Firebase console action is taken, e.g. creating a Firestore Document in collection inaccessible via security rules.
Ignore security for the creation of the first custom claim; only add security after this is already a custom claim on a Firebase user.
Have you encountered this problem and solved it more-elegantly?
There is no real standard way to set Custom Claims. The only constraint, as you know, is that they can only be set from a privileged server environment by the Firebase Admin SDK, i.e. from one of your servers, or, easier and more serverless-oriented, via a Cloud Function.
So, within this constraint, you can do whatever you want. The first two options in your question are totally valid and good ones, IMO. I've wrote an article about a year ago (How to create an Admin module for managing Firebase users access and roles) in which we use a Callable Cloud Function to do the job. Today, in most of my projects, I prefer to use a Firestore collection which triggers the Cloud Function, but it is more or less equivalent (the Callable Cloud function in the article actually creates a Firestore doc).
In this article, I share a simple approach for creating the first Claim (which I call the Admin user Claim): use a temporary Cloud Function that you trigger by creating a doc in a temporary, secured, Firestore collection. Not a very elaborated and elegant method, but it does the job...
About your third option ("Ignore security for the creation of the first custom claim") I don't think you need and should do that.
You can do as described in the article and above. In a nutshell:
Set up your system with access rights restricted to the user with the Admin Custom claim (e.g. a security rule to create a doc in the dedicated Firestore collection, or a check in a Callable Cloud Function that the caller has the Admin Claim)
Create the Admin user in the Auth service
Assign him the Admin user Claim via the method detailed above.
You are done and no security hole.
Finally, it's worth noting that a new experimental Extension dedicated to setting claims with Firestore was launched in January this year. See here and here.
Looking to setup a aws SNS topic - I intend to subscribe a third party to this topic and I’m hoping that I can use its message filtering to ensure said third party only gets the messages they need.
Is that possible? Since I control the SNS topic I’m hoping I can also control who gets to see what but the docs are not super clear.
From Amazon SNS Message Filtering - Amazon Simple Notification Service:
By default, an Amazon SNS topic subscriber receives every message published to the topic. To receive a subset of the messages, a subscriber must assign a filter policy to the topic subscription.
A filter policy is a simple JSON object containing attributes that define which messages the subscriber receives. When you publish a message to a topic, Amazon SNS compares the message attributes to the attributes in the filter policy for each of the topic's subscriptions. If any of the attributes match, Amazon SNS sends the message to the subscriber. Otherwise, Amazon SNS skips the subscriber without sending the message. If a subscription doesn't have a filter policy, the subscription receives every message published to its topic.
I am looking to integrate Firebase into an existing project. I would like to create an administrative Website that would have the ability to create topics, and then post messages to topics.
From the mobile devices, the end user would be able to view the Topics that were created, and subscribe to them.
Ideally the administrative user would log into my website, opt to create a new Topic, and then from the backend I would send an HTTP request to FCM to create that topic.
The issue I am having is figuring out how to create Topics. My understanding is that I need to pass in a Token in order to create topics, but I can't find where to create Tokens for a web user in their SDK. Does anyone have any recommendations?
Topics in FCM follow a pub-sub model. There is no such explicit activity as creating a topic. You just subscribe to a topic. Usually you would subscribe from the client side using Android or iOS FCM APIs to subscribe.
If you wanted to subscribe users from the backend, you would need to use Instance ID APIs from your backend service.
Example:
// to list the subscriptions for a given token:
GET https://iid.googleapis.com/iid/info/nKctODamlM4:CKrh_PC8kIb7O...clJONHoA?details=true
Authorization:key=AIzaSyZ-1u...0GBYzPu7Udno5aA
// to subscribe
POST https://iid.googleapis.com/iid/v1/nKctODamlM4:CKrh_PC8kIb7O...clJONHoA/rel/topics/movies
Content-Type:application/json
Authorization:key=AIzaSyZ-1u...0GBYzPu7Udno5aA
Like you said you need this token. To get this token on the web for a user, use firebase messaging.
In our company, we have created a custom Message Oriented Middleware Platform to exchange messages between various entities. This Platform uses a custom messaging subsystem based upon Microsoft Azure Service Bus Topics and Subscriptions.
I would like to add the capability to orchestrate the exchange using Workflow Foundation.
In my view, I will need to build a set of custom activities, in order to be able to send and receive messages to the underlying messaging subsytem.
How is it possible to build a custom Receive activity that can listen to our custom messaging subsystem ? Is it possible for this activity to activate the Workflow (using a CanCreateInstance property) ?