This samples shows how to restrict an HTTPS Function to only the Firebase users of your app.
Only users who pass a valid Firebase ID token as a Bearer token in the Authorization
header of the HTTP request or in a __session
cookie are authorized to use the function.
Checking the ID token is done with an ExpressJs middleware that also passes the decoded ID token in the Express request object.
Once authorized the function respond with Hello <username>
.
This sample comes with a simple web-based UI whose code is in public directory that lets you sign-in Firebase and initiates an authorized XHR to the Function.
- Create a Firebase Project using the Firebase Console.
- Enable the Google Provider in the Auth section.
- Clone or download this repo and open the
authorized-https-endpoint
directory. - You must have the Firebase CLI installed. If you don't have it install it with
npm install -g firebase-tools
and then configure it withfirebase login
. - Configure the CLI locally by using
firebase use --add
and select your project in the list. - Install dependencies locally by running:
cd functions; npm install; cd -
This sample comes with a web-based UI for testing the function. To test locally do:
- Start serving your project locally using
firebase serve --only hosting,functions
- Open the app in a browser at
http://localhost:5000
. - Sign in the web app in the browser using Google Sign-In and two authenticated requests will be performed from the client and the result will be displayed on the page, normally "Hello ".
To deploy and test on prod do:
- Deploy your project using
firebase deploy
- Open the app using
firebase open hosting:site
, this will open a browser. - Sign in the web app in the browser using Google Sign-In and two authenticated requests will be performed from the client and the result will be displayed on the page, normally "Hello ".
We'd love that you contribute to the project. Before doing so please read our Contributor guide.
© Google, 2017. Licensed under an Apache-2 license.