I'm doing a bit of up-skilling and wanted to get an understand on how best to implement security across frontend and backend services using Firebase Auth.
I'm working with an Angular4 (with Typescript) front end, and have Firebase Auth working great. I can register new users, request login details, authenticate uses all just fine. Using Data security rules I can limit what data the user has access to as well which is great.
I going to be creating a back end API service, which will be done with node.js. Among a bunch of things it will be used to process subscriptions with Stripe. I obviously don't want to expose my Stripe credentials in the angular app so need this backend api service to run on the server to process new subscriptions.
My question is what is the best way to tell which user has made a given API call, and that they are currently authenticated with Firebase?
Is this what User.getIdToken is for? I assume you would pass this token through to the API service with the request, but how do you verify it and get the user id at the other end? (on the server)
via Silverbug
No comments:
Post a Comment