Ok not an expert on server side coding and stuff but have a basic understanding. Here is my question;
- I have firebase triggers setup on cloud functions
- Now there is a requirement that I need to communicate with external servers to retrieve some other data
- So I use HTTPS triggers and I followed tutorials and managed to use express and other middlewares to get the job done
The problem is, I don't think I understand how these HTTP triggers are authenticated. I obviously want only the authenticated users to make a call to these end points and my users are either iOS or Android users.
What i have already found out: I followed the code sample in this link: https://github.com/firebase/functions-samples/blob/master/authorized-https-endpoint/functions/index.js but I have one question
- It says The Firebase ID token needs to be passed as a Bearer token in the Authorization HTTP header like this:
Authorization: Bearer <Firebase ID Token>
- Is this token passed automatically from iOS and android clients or do I need to manually call some FirebaseAuth get token function in the mobile SDKs and manually created this authorization bearer as a part of my request url?