1 year ago

#366645

test-img

Daniel

Firstore Db request on behalf of the end user from the asp.net backend

I want execute request to Firestore Db from the backend (asp.net core) on behalf of the end user (i.e. with his google idToken).

What do I have now:

  1. Auth user on React frontend via firebase.auth.GoogleAuthProvider()
  2. I'm passing user IdToken (firebase.User.getIdToken()) in requests header to backend (Authorization: Bearer ${idToken}``)
  3. Backend has authentication via JwtBearer which allows fill the object HttpContext.User:
services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.Authority = $"https://securetoken.google.com/{firebaseAppId}";
        options.IncludeErrorDetails = true;
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuer = $"https://securetoken.google.com/{firebaseAppId}",
            ValidateAudience = true,
            ValidAudience = firebaseAppId,
            ValidateLifetime = true
        };
    });
  1. I can create FirestoreDbBuilder in providerDb service with TokenAccessMethod property.

    !!! But HttpContext inside Func always null - It's main problem 

public FirestoreProvider(IHttpContextAccessor httpContextAccessor)
{
    var fireStoreDbBuilder = new FirestoreDbBuilder
    {
        ProjectId = firebaseAppId,
        TokenAccessMethod = (a, _) =>
        {
            var token = _httpContextAccessor.HttpContext.Request.Headers["Authorization"].ToString()[7..];
            return Task.FromResult(token);
        },
        // I know about that, but I don't like the omnipotence of the service account
        // CredentialsPath = @"path/to/secrets.json"
    };
    
    _fireStoreDb = fireStoreDbBuilder.Build();

}

Cause

I want to send requests on behalf of the user, because I want to use firestore rules system. Now my rules say something like this and it is very convenient, flexible, youthful and modern. And the service account is a gloom. Or am I wrong?

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{user} {
      allow read, write: if false;
    }
    match /{document=**} {
      allow read, write: if request.auth != null && 
                            get(/databases/$(database)/documents/users/$(request.auth.uid)).data.admin == true true
    }
  }
}

c#

asp.net

firebase

google-cloud-firestore

google-admin-sdk

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs