Secure HTTP trigger for Cloud Functions for Firebase

Question

Is there a way to check if a user is firebase-authorized before triggering a cloud function? (Or within the function)

Answer 1

Since the question asks for auth-based access (1) within, or (2) before a function, here's an method for the "before" case: >

Since every Firebase Project is also a Google Cloud Project -- and GCP allows for "private" functions, you can set project-wide or per-function permissions outside the function(s), so that only authenticated users can cause the function to fire.

Unauthorized users will be rejected before function invocation, even if they try to hit the endpoint.

Here's documentation on setting permissions and authenticating users. As of writing, I believe using this method requires users to have a Google account to authenticate.