1

I recently started working with firebase functions. My intention is to have a function that "all users" within my app can use. More specifically I want everyone that is signed in to their account to be able to call this function. You can't reach calling the function without being logged in.

Would it be appropriate to use the authentication "allUsers" to this function in google cloud, or does this tag mean more than what I specified?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Pontus
  • 44
  • 13

1 Answers1

2

The Cloud Functions setting "allUsers" allows all users, not just those of your app. If you want to restrict usage to just the users of your app, have a look at Firebase App Check which you can use to enforce this requirement.

As @ESun commented too, if your users are signing in with Firebase Authentication, you can validate that too. See How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • 1
    If you use Firebase Auth you can also check the user from the function's context – E. Sun Nov 03 '22 at 13:50
  • Good point @E.Sun, I had missed that OP here was not adverse to using Firebase Authentication. That'd probably be a more appropriate (and likely simpler) solution. See: https://stackoverflow.com/questions/42751074/how-to-protect-firebase-cloud-function-http-endpoint-to-allow-only-firebase-auth – Frank van Puffelen Nov 03 '22 at 23:40
  • Just a follow up question @FrankvanPuffelen, I added App check to my project both to my firebase project and in Xcode, and I edited my cloud function to enforce app check token. When I try to run the function I still get "UNAUTHENTICATED". As I understood it should be working now. Or am I supposed to add some sort of principal to my function? Thanks in advance! – Pontus Nov 14 '22 at 17:30
  • 1
    Sorry, but troubleshooting your App Check setup is really hard in a comment. I recommend posting a new question with exactly what you've done in setup, the code you have, the error you get, etc. – Frank van Puffelen Nov 14 '22 at 17:51