firebase / firebase-admin-node

Firebase Admin Node.js SDK
https://firebase.google.com/docs/admin/setup
Apache License 2.0
1.63k stars 371 forks source link

FR: Make databaseAuthVariableOverride work for Firestore #132

Open adamduren opened 7 years ago

adamduren commented 7 years ago

From what I understand databaseAuthVariableOverride does not work for Firestore. This was important in the real time database to make sure that scripts don't execute with unchecked permissions. Is there an alternative for Firestore?

hiranya911 commented 7 years ago

I believe there's some ongoing work to support this. @mikelehen should know more.

mikelehen commented 7 years ago

cc/ @mcdonamp

This is a good feature request and we've had some internal discussions about how we might try to support this in the future, but it will probably not be something we can accommodate in the near term unfortunately.

asciimike commented 7 years ago

The near term recommendation that I offer is: have your function mint a custom auth token and then use the client libs instead of the admin ones.

In the future, we're seeing how we could either:

adamduren commented 7 years ago

Yea, that was the first thought I had but the js-sdk is incompatible with node per https://github.com/firebase/firebase-js-sdk/issues/221.

mikelehen commented 7 years ago

@adamduren You are correct. We may have a solution for that in the next week or two though. Stay tuned.

lucasavila00 commented 6 years ago

I'd love to be able to continue to use my existing validation rules on the server. It really helps me on keeping the database consistent and monomorphic... I guess that validation based only on the data format is not possible without also taking into account authentication rules and permissions, right? Do you guys have any news to share with us? Thanks.

asciimike commented 6 years ago

@degroote22 this is still a topic in active discussion, but unfortunately we don't have a great answer at the moment, as it's technically surprisingly tricky. We'll make sure to reach out to interested folks via these channels when we have more news to share (ideally news in the form of an EAP ;)

jamesplease commented 6 years ago

Just poppin' in here to say that I think this is a great feature idea, and I can't wait to see it land :v:

One of my favorite features of Firebase is how the client library is optional. Limiting the permissions of server-side scripts is an important step in allowing devs to skip out on the client library with confidence when using Firestore.

Thanks for all your work, Firebase team!

kglowacki commented 6 years ago

+1 I consider this to be a key security feature... any update?

DanielMenke commented 6 years ago

Can we expect this in the near future? It would be really helpful!

asciimike commented 6 years ago

Unfortunately it requires some changes to underlying infrastructure that I don't see coming anytime soon, so I'd rely on also performing server-side validation when using those clients.

lookfirst commented 5 years ago

Given that the transaction API of the client sdk doesn't match the transaction api of the admin sdk, I can't even replace the sdk usage in my functions with the client sdk. =(

https://github.com/firebase/firebase-js-sdk/issues/2112

mesqueeb commented 4 years ago

I believe that I hit a wall until I found this issue. My problem is outlined here: https://stackoverflow.com/questions/63294542/cannot-impersonate-user-with-firebase-admin-during-firestore-calls

I believe the answer is: it's not possible, because Google didn't make impersonating possible for Firestore with admin-sdk?

Is my assumption correct?

@mikelehen or @schmidt-sebastian any news on this?

schmidt-sebastian commented 4 years ago

That statement is still correct, but this is an often requested feature, so don't give up hope yet :)

jakebiesinger-storyhealth commented 4 years ago

For integrity and security Reasons, we use Cloud Functions as an API layer and never directly write to Firestore from the client. We're looking at how to better manage access control and this feature would make a huge difference.

Specifically, we could use the authVariableOverride to scope Admin API requests (from our API layer) down to the user calling the function, which would in turn allow us to use native security rules instead of having to come up with our own access control system.

I hope you consider reprioritizing this functionality. It would really improve the flexibility of the Admin API and provide improved security at the same time.

magnusnilsen commented 3 years ago

Would love this feature! Any updates?

abba-logico-srl commented 3 years ago

upvoting this feature request here too 👍 Any updates?

sanny-io commented 3 years ago

I'd love to have this.

saidgeek commented 2 years ago

+1 to this feature, is very important for can use a native rules, any update?

SamyPesse commented 2 years ago

@schmidt-sebastian any update from the Firebase team?

It looks like a highly requested feature, especially for large applications built on Firebase. At the moment we are using the alternative of authenticating the firebase-js-sdk with a custom token, but at scale, we can easily reach some quota on identitytoolkit.googleapis.com.

andreav commented 1 year ago

+1