0

Context:

  • Backend gets firebase client config key/values (apiKey, authDomain, etc) and passes it to client
  • Client uses said config to set which Firebase App it initializes into
  • Node backend

I've been browsing the firebase-admin npm module and have yet to find anything that points me in the right direction. Er, actually let me correct myself, the only thing I can't seem to acquire from the backend is the apiKey and appId

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
insta catering
  • 151
  • 2
  • 12

2 Answers2

0

You must not pass your keys to client, they are sensitive data and must stay in your backend env, sou they are built-in when you build your application and keep safe in there. You should make a request asking data from client to backend to get this information, and your backend will be responsible to connect with firebase, get data and send it to frontend

client <> backend <> firebase

and not

backend <> client <> firebase

Vanessa dos Santos
  • 16
  • What? That's not even remotely accurate. Firebase config key/values are not sensitive by any means. Firebase's intended purpose (holistically - not in my implementation) is client <> firebase, hence why it's referred to as a backend as a service package. In my case I have 2 implementations: client <> firebase and client <> backend <> firebase. For reasons that I don't need to get into here. – insta catering Jul 26 '22 at 01:28
  • 2
    @Vanessa: you might want to have a look at https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public as the rules around these values are somewhat different when it comes to Firebase. – Frank van Puffelen Jul 26 '22 at 02:36
  • Thanks Frank for the reference! I always used the keys in backend end to my informations and understand the question wrong. Thanks a lot!! And sorry for the misunderstand – Vanessa dos Santos Jul 27 '22 at 19:36
0

The closest API I know of are the projects/get and the projects/getAdminSdkConfig in the REST API. I'm not sure if that is wrapped in the Admin SDK though, as I don't immediately see them in the most promising section of its reference docs.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • The response from projects/getAdminSdkConfig (from what I see in the docs) is acquirable directly from the Admin SDK (from what i'm testing). The only missing piece is the appId and apiKey :/ – insta catering Jul 26 '22 at 16:17