0

i have some https Cloud Functions which I want to secure by authorizing the user sending the request.

My function looks like this:

exports.authTester = functions.https.onRequest((req, res) => {
const tokenID = req.get('Authorization').split('Bearer ')[1];

return admin.auth().verifyIDToken(tokenID)
    .then((decoded) => res.status(200).send(decoded))
    .catch((err) => res.status(401).send(err));
    console.log(decoded);
});

Within my App I'm calling the function via Alamofire:

Alamofire.request(url, method: .get).responseString { (response) in
    if let dta = response.response?.statusCode{
        print(response)
    }
}

However, my console logs that the function crashes due to the hint:

"Cannot read property 'split' of undefined at exports.authTester.functions.https.onRequest (...)"

How can I solve this issue?

Thank´s!

ktm125
  • 442
  • 5
  • 21
  • Your function is expecting an Authorization HTTP header. How are you passing it from the client? Have you tried logging it in the function before you work with it? – Doug Stevenson Jan 27 '18 at 16:44

1 Answers1

0

You're getting this error because you aren't invoking your cloud function with the proper command that is to passing the token in the HTTP header.

You'd be doing something like:

let token: String = "Bearer" + ...
let header = ["Authorization": token]
// then you pass your header into Alamofire request

Here is a link to on how to do a POST Request from Alamofire?, a link from Alamofire Docs

Lamour
  • 3,002
  • 2
  • 16
  • 28
  • I don't think there is going to be any difference between GET and POST here. They both send headers. – Doug Stevenson Jan 27 '18 at 16:45
  • but what if the token needed to be passed within the request body ? then POST would be necessary wouldn't you agree ? – Lamour Jan 27 '18 at 16:47
  • The function code is expecting the token in a header. It's not even touching anything else from the request, which is making POST irrelevant here. – Doug Stevenson Jan 27 '18 at 16:49
  • yeah you are right, the OP just needs to pass the headers fields of the Alamofire Request. – Lamour Jan 27 '18 at 16:50
  • and the comment I did ealier was because most of the time certain apis are waiting on the `Autorization` token from the body instead of the header – Lamour Jan 27 '18 at 16:57
  • Thank´s for the answer! Only point is that "Bearer" needs to be "Bearer " with a blankspace. – ktm125 Jan 27 '18 at 20:45