Firebase admin on backend for verifyIdToken and use Firestore

Question

I\'m trying to use Firebase Admin on my backend for "faking" client authentication by verifying Id Token in order to use firestore from the backend.

The idea is

Answer 1

Access to Firestore through the Admin SDK always happens with full administrative privileges. There is no way to access Firestore as the user whose token you verified.

If you want to use this middleware approach, you will have to ensure it only accesses data the user is authorized for in the code itself.

Also see:

• Pass user auth to Firestore from Cloud functions
• How to make Firebase Functions act as a user instead of being an admin?

---

If the goal is to have tighter control over who can sign in to your app, consider using custom authentication instead - where the server mints a custom token for each user, that the client-side SDK then uses to sign in.