Closed lfernando-silva closed 6 years ago
rwieruch
commented
6 years ago If you have an independent server, which doesn't know about Firebase, it's hard to tell for the server that the user is authenticated :( Ad hoc I wouldn't know any solution for it right now.
lfernando-silva
commented
6 years ago Actually is a firebase cloud function, which know about firebase. In this case, I think you can check authentication using the own firebase check.
I found this tutorial. Firebase apparentely allows to check the token inside another firebase app.
But when not knowing the server, it becomes a pain... :( anyway, thanks for atention!
Hello, first of all, thanks for the amazing tutorial. It's really simple and easy to follow!
I have a question, actually is not about this project itself, but a project using this and maybe you can show me a way.
I'm current working on a project that uses this firebase auth and firebase cloud functions as API. At frontend, the authorization flow is fine, because the content are protected with protected routes. But the API is open, as I can make any request with postman (rest api) ou graphiql (ghraphql api), for example. But how can I make authenticated requests to API? In common API + frontend, we can for example, store the auth token after login and send it on every request at Authentication header. But I didn't understand yet this authentication flow using firebase.
Thanks in advance