We are trying to use cloud functions, but we are struggling with authentication.
On our node.js application (running on GAE) we are using Passport.js
Is it possible to use the same mechanism for GCF to authenticate the requests?
Related
I'm writing HTTP Google Cloud Functions using the framework provided by Google for nodejs based on express - testing on local for now. Samples don't provide an implementation of middlewares and HttpFunction type only has req and res as parameters. Is there a way to use middleware to handle authentication or body validation for a specific endpoint for instance ?
I have an admin site that has a react frontend, using redux actions, with a node.js app as the server which uses firebase-admin to do the work.
I want to use firestore's onsnapshot listener. but im not sure how this works within the HTTP protocol?
I can't use the firebase-admin from my frontend app, and i cant create realtime DB functionality from the backend within HTTP protocol.
The goal: to set snapshot listeners on my collections from rreact frontend without having to go through multiple authentication processes, considering ive got a separate auth system for admins with my express api.
Is there a solution for this?
EDIT:
my client app is currently initialized with firebase web app config data, but because im authenticating admins with my own express server, the firebase web SDK hasnt authenticated with firebase, so i dont have permission for the data i need. im not sure if i need a service account, or a web app config with extra setup or what
My recommendation is to integrate the Firebase JS SDK into your client app using signInWithCustomToken().
It's not too complicated to do. Though I suppose that depends a lot on how your current auth setup works.
The general idea is this:
Send auth request to your auth service.
Process the request like normal.
Evaluate if the user should have access to Firebase.
If they should, use firebase-admin to create a custom token and send it back to the user.
Use the token on the client to authenticate with Firebase.auth
You should make sure to have Firestore rules to allow admin users to access the data you need.
As an alternative that doesn't use the Firebase client SDK, you could have a long-running node process that opens an onSnapshot. Your react app could receive data from it using either Server-Sent Events or through a WebSocket
I'm building a MERN stack web app and is trying to use passport.js for authentication.
The frontend in my app communicates with backend through the RESTful api and they are planed to be deployed in two different containers. I've looked up some most widely used passport google strategies as well as blog posts for implementation, and it seems like all of them are assuming the implementation of a server side render web app.
In my frontend, I'm using the React component react-google-login to get the user profile from Google. But I'm unsure about what passport strategy is preferable, or applicable, for this use case of mine.
Any suggestion? Thanks!
I have deployed an Angular 8 application and a Nest JS application using Heroku. Both deployments use https.
There is no authentication in the Angular application, so I don't need an authenticated user/password to call the API. I just want to make sure that the only calls that the API accepts are those from the Angular app (and rejects direct calls from people using some sort of REST client)
How can I ensure that only my Angular application can call my Nest JS API?
I am looking for API and Example that can help me to build two-factor authentication of my website for the server as well as the front side.
I want to build something like this, http://ngtfaweb.azurewebsites.net/#/home
You could use Passport Js if you are using node js as backend or you could use services like Auth0 which are one step solution for multiple Oauth.