what will confirm that firebase authenticated end user token will be used to invoke google cloud run endpoint?

To achieve this, you have 2 solutions:

  • Check by yourselves the token in a unauthenticated Cloud Run services. There is a recent and great Google Cloud post on this. Personally I don’t like this solution because if there is an attack, it’s up to your service to manage this high traffic, and you to pay!
  • Use a proxy. The (old) Cloud Endpoint can achieve this, and I wrote an article on this 1 year ago (with API Keys security definition, but change it with Firebase Auth security definition and use it!). It’s quite old because a fresh new service has been release this summer, named API Gateway which is, today, a Cloud Endpoint fully manage by Google (today the features are the same, but API Gateway will evolve; not sure about Cloud Endpoint!)

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top