This is probably a dupe, but I have been searching for days now and I can't seem to figure it out.
Setup is fairly easy: I have a firebase front-end (Dart) app (Web/Android) that gets it's data from a Google Cloud HTTP Function backend. When I deploy the GC function with option --allow-unauthenticated obviously it works without any problems.
Now I want to secure this function so that only logged in users can actually invoke the GC function. What I don't want is to deal with the hassle of user-administration, but (as far is I understand) this can be dealt with by Firebase completely.
Can anybody in a step-by-step procedure explain to me what I have to do to accomplish this? (No links to docs please, I have kinda read them all...)
I have succeeded in retrieving a token from the Google Cloud Identity Toolkit, but when I use this token in the Authorization Header of an HTTP call, I get permission denied.
Also I have tried to create a Service Account and associate it with the GC function, but how do I get a Firebase token for this account? (If I need it at all)
