I'm looking into porting a unity game with a dotnet backend over to firebase firestore / functions, etc. My initial tests look promising, but my biggest hold-up is that I would need to rewrite a lot of the server-side logic in JavaScript.
I know that firebase's functions and firestore both run on google cloud, and the cloud version of functions supports a number of additional languages, including c#. I was able to create a couple of C# test functions and upload them to the same project as my unity test. They show up in the firebase portal and can be called via the HTTP endpoints supplied by google cloud, etc.
I discovered that I can call the function that does not require auth using the FirebaseFunctions callabale API in unity (fun fact, it only seems to work if the response is a JSON object in the form of { "result": [data here] }) I cannot, however, call the version of the same function that does require authentication - it returns an internal error message.
I am wondering there is a way to make these methods callable from the unity firebase API - passing in the user id/auth that I get from logging into firebase? I've seen some examples/answers where people say to call the cloud function directly using the Authorization: bearer token header, but I cannot seem to find a way to get the auth token from the current user in the Unity Firebase API.
I imagine that I am stepping further outside the realm of firebase unity API and more into google cloud/identity platform
You can retrieve the ID token of the current user by calling TokenAsync() on their profile.
That's the value you need to pass along in the Authorization header of the call to Cloud Functions, where you can then access it in you Callable Cloud Function.
Alternatively you can implement a regular HTTP Cloud Function, pass the same in whatever way you see fit there, and then on the server decode and verify the ID token with the Admin SDK yourself.
Related
I need to implement a scenario where, after a file is uploaded to Google Cloud Storage, a function is triggered and processes the file. In this case, processing basically means sanitizing the file, storing it into Firestore and making it accessible via another HTTP-triggered function (a REST API of sorts).
Both user-facing ends of this process (a file upload and HTTP function) need to be secured. The process will be used in server-to-server scenario: one side is going to be a backend written in either Node.js or .NET, the other will be my Firebase solution (Cloud Storage and HTTP-triggered function as per above). In Firebase, I am going to maintain a custom set of users that should have access to the system - my idea was to use a simple system where each user will have a client id and a client secret (basically an oAuth client credentials grant type).
Based on what I read online, an only option to implement this is to use [Firebase auth with custom tokens][1]. I found lots of examples online on how to do that, but it was always about client-to-server scenarios (e.g. a Javascript web app talking to REST API). Server-to-server scenarios were not mentioned anywhere and indeed, I am unsure how to go about implementing it - I can call auth.createCustomToken(uid) just fine in my HTTP Firestore function, but there seem to be no server-side libraries I could use to call auth.SignInWithCustomTokenAsync(customToken).
To sum it up:
How can I use Firebase auth with custom tokens in server-to-server
scenario, where I need to sign in using a previously generated
custom token from a server environment?
If it is not possible,
what's the other alternative to securely implement the
above-described architecture?
I've contacted Google Support and if anyone else is struggling with this, in server-side scenarios, recommended approach is to call signInWithCustomToken endpoint in Firebase Auth REST API.
So I'm trying to build an http endpoint using a Cloud function. This cloud function is only invoked after the user signs in. So I can pass the user token and verify it on the server side. I understand how to do this.
I also have security rules on my Firestore collections with authorization rules set up using request.auth.uid. This also just works if I use the firebase web sdk.
But my question is - how do I use the same authorization rules via cloud functions? I don't want to rewrite my auth logic separately for the http endpoint.
Security rules only apply to access from web and mobile SDKs. It does not apply to code using any of the server SDKs, including the Firebase Admin SDK and anything you would use with Cloud Functions. You will have to apply your own logic to check the validity of data before it's added to Firestore. The same is true for Realtime Database and Cloud Storage security rules.
As you use the admin sdk in your functions, the check for the auth looks a bit different. Just watch this video from The Net Ninja. He is explaining how to do this. Just use the generated token instead what’s been used in the video.
I'm a little new to firebase/cloud functions so forgive if I'm missing something simple.
I'm frustrated now because what I see on the documentation is not working. I read this part of the documentation: signInWithEmailAndPassword but when I use it in my nodejs code that I deploy to Firebase Cloud functions I get the error:
TypeError: auth.signInWithEmailAndPassword is not a function
Note that auth is actually auth(), I just decided to store the result of auth() in the variable auth, so don't let it confuse you.
I looked at the documentation and I don't see anything wrong I'm doing. This post Firebase Auth On The Server With Node.JS / Express and got this for it
If you initialize the Node.js SDK with an API key instead of a service account, you can use the normal client-side auth methods like authWithEmailAndPassword()
Currently I initialize it like this:
admin.initializeApp(functions.config().firebase)
What exactly am I expected to change so that the signInWithEmailAndPassword method becomes available on the object?
Do I really need to get a API key and initialize it like I'm initializing a frontend project when I'm using firebase-admin on a nodejs server?
Cloud Functions run on a trusted environment, and is using the Firebase Admin SDK to access Firebase services. There is no way (nor usually a need) to sign in as a user with email+password using the Admin SDK.
The Firebase Admin SDK runs with administrative privileges, giving it already has full access to the entire Firebase project that the code runs in.
I am building some internal API for my apps/website with Firebase Functions. Internal API as in to let my apps/website to process something on server side, its doesn't mean to open to public use.
My Apps is built with ionic and website is built with angular.
I noticed the one of Firebase Functions Pricing calculation include "Invocations". Is that Invocations means every time when I call the API equal to 1 Invocation? If yes, then the API might be abused by end user, since they able to view the website source and found the API.
I been searching solution in google, some of them suggest to enable authentication and cors, to avoid abuse of the usage. But authentication and cors still counting the Invocations right?
My code structure:
client call API by get/post method, pass user TOKEN that get from Firebase Authentication
request reach the Firebase Functions
server will check the preflight info by using CORS, as well as validate the TOKEN.
Return error if didn't pass on the (3), else proceed to execute the function.
So I assume if end user inspect my web source code and get the API URL, they can simply spam my API right? Then my bill will burst because of the load of Invocations.
If you suspect that your project is being abused, which is always possible, contact Firebase support to work towards a resolution.
I am trying to find an alternative for Firebase to create functions that will work with actions-on-google DialogFlow class. I am creating a nodeJS app which will create a web service endpoint which will be configured as the Fulfillment URL in the DialogFlow dashboard. All the business logic to handle the request from API.AI will be at the nodeJS app. This app will then send back response by calling app.ask() and other related methods of API.AI (aka DialogFlow)
Reason: Our deployment cloud is on OneOps and we have dedicated assemblies for nodeJS apps. That is, I need to deploy this node app on our OneOps cloud and not on Firebase cloud.
Is there an alternative over Firebase here?
Absolutely! With Dialogflow you can define any URL (preferable HTTPS) in Dialogflow's console and you're free to use any hosting platform that can speak HTTP:
Also, you should be able to use the Action on Google library to respond to requests on most Node.js environments
Certainly! You can use whatever you want - all that Dialogflow requires is that the webhook be on a public address with a valid HTTPS certificate.
When designing the webhook, you'll need to accept a POST request from Dialogflow that contains JSON as the body, and similarly respond with a JSON body.
Since you're using node.js, you'll likely be using Express. One thing to note if you'll be using the actions-on-google library is that it expects that Express has already populated the req.body with a JSON object - not with the string body. This is typically done with middleware such as body-parser.