Callable functions from Firebase Admin Node JS

[Shai Ben-Tovim]

Hi,

Wondering if its possible to call a Firebase Callable Function from my servers running node js Firebase admin.

What would be the auth info received in the function? 

Of course can always simply send an https request but was interested if the callable function would auto-authenticate the admin app calling the function.

[Bryan Klimt]

Hi,

We do not currently have APIs for calling Functions directly from the admin SDKs. As you noted, it is possible to call the function directly with an http request. You can pass along a user's ID token, and it will be verified and decoded automatically. However, that is optional. Callable Functions do not support authentication using service accounts at this time.

The format for the http request is documented here:

https://firebase.google.com/docs/functions/callable-reference

-Bryan

[Ruben Gonzalez Torres]

And how can I get a user's ID token from the admin SDK?

[Kato Richardson]

Probably need to pass that into the Functions call so you can extract it, as Bryan mentioned. For HTTP calls you're putting it into the URL or POST data. For Firestore triggers, probably pass it in the write data. For Auth triggers, it's available.

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/20eef6f6-7e9b-4c3c-99dd-44c2271d95b2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

[Ruben Gonzalez Torres]

Thanks for your reply Kato, 

My use case is I have all the backend functions on Google Cloud Functions (gcf), and the REST API that connect my data with my users is on Lambda functions. When I get an Http request in Amazon API Gateway, I am executing a Lambda function and that Lambda Function is going to get some data from Firebase and call a gcf if needed. Right now, I am just doing an http request to the gcf using uri: `https://us-central1-${dbName}.cloudfunctions.net/${functionName}`. It is working but in a very insecure way because all my gcf are public to anybody on the internet. I want to secure that. Bryan mentioned using a user's ID token, but this is the admin SDK inside a lambda function triggered by an API request, so, I don't have any user id. Is there any way to get an admin user id or do I need to create a workaround with a random secret admin id and verify if the function was called with that secret admin id?