What I have lost with the Firebase Functions migration from beta to v1.0

[Vincent Bergeron]

Hi!

Before the new v1.0 of functions, the

functions.config().firebase

returned the project apiKey.

I used this apiKey to use the non admin Firebase SDK in order to call the signInWithEmailAndPassword method of the non admin Firebase Auth SDK.

I received the username/password from the Basic authorization HTTP header, so this allowed me to validate the username/password of the HTTP call.

Everything was working fine... But now, this information is not present anymore in the process.env.FIREBASE_CONFIG, so I can't use the signInWithEmailAndPassword to verify the credentials of the HTTP call.

So... Is there a way for Functions to return the apiKey of the project?

Or is there a way for the Auth Admin SDK to include the signInWithEmailAndPassword or add a verifyEmailAndPassword call?

Thanks

VB

[Doug Stevenson]

Vincent,

Could you help me understand exactly why you need to use the client SDK to call signInWithEmailAndPassword?

Would your case actually be better served by having the client send a Firebase Auth ID token and calling verifyIdToken using the Admin SDK instead?

If not, could you just use the Firebase CLI to add the API key as an environment variable to be used with your deployed functions?

Doug

[Vincent Bergeron]

Hi!

I wrote an functions API which is used in the browser and with Postman like programs.

So the user goes to www.myapp.com/api and he receive the basic browser authentication dialog. He enters his username and password. Or if he's using Postman like program, he enters his credentials in the Authorization header and everything works.

Then when I receive HTTP request, I can validate the username/password against the Firebase Auth Email/Password using the client SDK signInWithEmailAndPassword. If it succeed, I immediately do a signOut. It's only just to validate the credentials.

It was working very well...

So in my case, it's not possible for the user to send me an Auth ID token.

I could send the API key as an environment variable... It will be a pita because my API is used by about 50 customers, each have their own project and database... it was working out of the box, so I find it sad if I have do to this for every past/future customer.

The api Key is a public thing... Why it's not there anymore? Every one could benefit from having this information...

And I also think that having a verifyEmailAndPassword in the Admin Auth SDK could be a nice feature... I would prefer using this Admin SDK call rather than fake a signIn/signOut to verify the credentials.

And, thinking loudly ( ;-) ) maybe using the client SDK signInWithEmailAndPassword could be useful in order to make Firebase RTDB requests with the User context in order for the Rules to be applied.

I hope I was clear enough in my explanations.

Thanks

VB

[Doug Stevenson]

Here's my understanding.

API key is only used with client side SDKs.  Client side SDKs are typically not used on servers (which is what you're doing).  The missing API key in the default config wasn't intended to affect anyone, since it's not expected for client SDKs to be used in server environments.

If you want to keep using the Firebase client SDK in Cloud Functions, it sounds like you're going to have to find a way to get that API key into your runtime.  I understand that's not going to be easy for you, but it seems that's the only option right now.

Doug

[Vincent Bergeron]

Hi!

Thanks a lot...