问题
I'm using a bunch of HttpsCallable functions that are used by the client to safely invoke things on the backend. I now find myself in a situation where the backend (another cloud function) would need to trigger some of the same operations, so ideally I would just call the HttpsCallable from another cloud function.
The callable library is not available in firebase-admin, and I'm assuming that's because it's doing user authentication.
Would it be possible to somehow work around this? Maybe I can use the service credentials to identify myself and supply the right payload manually using the normal HTTP cloud functions interface?
回答1:
If you need to invoke a callable function from an environment where no client library is available, you can write your own code that conforms to the protocol specification for callable functions. It is basically just a POST request with certain header and request body. Authentication will be difficult if you don't have an ID token provided for the end user. Service accounts will not help at all - authentication is only provided for Firebase Auth users.
It might be best in some cases to instead use a second HTTP function that's easier to invoke, and shares code with the callable function through some module, but that's up to you.
If you wish to restrict access to an HTTP function to service account credentials, you will have to go down the long road of understanding and configuring IAM permissions for Cloud Functions, using the Google Cloud documentation. The Firebase CLI also deploys functions with "allUsers" access in order for them to be accessible to mobile and web clients - it does not help you secure functions for internal use instead.
来源:https://stackoverflow.com/questions/61024495/using-httpscallable-with-service-credentials