How to make Firebase Functions act as a user instead of being an admin?

Question

My client app is accessing to Firestore through API created by Firebase Functions. However, the Firebase Functions imports firebase-admin which bypass all the d

Answer 1

There is currently no way to do this. The Firestore SDK for node doesn't have a way of scoping its access to the database as a particular authenticated user.

Note that this is different than the Realtime Database SDK, which does allow you to scope to a uid.

Answer 2

I think it is possible to access Firestore via an admin-sdk but scope it to the logged-in user if you are use REST APIs to access Firestore.

For authentication, the Cloud Firestore REST API accepts either a Firebase Authentication ID token or a Google Identity OAuth 2.0 token. The token you provide affects your request's authorization:

Use Firebase ID tokens to authenticate requests from your application's users. For these requests, Cloud Firestore uses Cloud Firestore Security Rules to determine if a request is authorized.

Answer 3

You can read the bearer token from req.headers and then verify it with admin.auth().verifyIdToken(token) see https://www.toptal.com/firebase/role-based-firebase-authentication