When Creating A Server For Generating Firebase CustomToken Am I Using Only Service Accounts Or Somehow Behind The Scene Also User Credentials?

October 02, 2022 Post a Comment

We are moving soon this project to production. 1 - Our Mobile App will create money transfer by posting it to our internal microserve. Such post request will return a CustomToken g

Solution 1:

From what I can see the way you currently mint the custom is purely based on the service account, and your implicit knowledge of the UID of the user (the UID you copied from the console). There are no other user credentials involved in the code you shared, nor in other parts of the flow as far as I can see.

I am curious to understand how you are protecting this token generation though: what prevents any other web client from calling your listenSingleTransferWithToken method or otherwise reading the token from the database?

Baca Juga

Google Vision Api Is Not Working After Upload Image To Firebase
Firebase Cloud Functions Check Db For Non-existant Data
Problem Detaching Listener From Firestore Nested / Sub-collection

JavaScript General

When Creating A Server For Generating Firebase CustomToken Am I Using Only Service Accounts Or Somehow Behind The Scene Also User Credentials?

Solution 1:

Post a Comment for "When Creating A Server For Generating Firebase CustomToken Am I Using Only Service Accounts Or Somehow Behind The Scene Also User Credentials?"