ogallagher
commented
1 week ago Try using firebase id token verification.
- frontend includes firebase id token in all internal api requests
- internal server uses firebase admin sdk to verify the id token
- less frequently, server checks for token revocation/expiration
Our API is currently public, need to set up an authentication route to generate a bearer token which will be required for all other endpoints. Or does Firebase Auth support this already?