OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Secure Google Cloud Functions http trigger with auth

  • Thread starter Thread starter Tri Nguyen
  • Start date Start date
T

Tri Nguyen

Guest
I am trying out Google Cloud Functions today following this guide: https://cloud.google.com/functions/docs/quickstart

I created a function with an HTTP trigger, and was able to perform a POST request to trigger a function to write to Datastore.

I was wondering if there's a way I can secure this HTTP endpoint? Currently it seems that it will accept a request from anywhere/anyone.

When googling around, I see most results talk about securing things with Firebase. However, I am not using the Firebase service here.

Would my options be either let it open, and hope no one knows the URL endpoint (security by obscurity), or implement my own auth check in the function itself?
<p>I am trying out Google Cloud Functions today following this guide: <a href="https://cloud.google.com/functions/docs/quickstart" rel="noreferrer">https://cloud.google.com/functions/docs/quickstart</a></p>

<p>I created a function with an HTTP trigger, and was able to perform a POST request to trigger a function to write to Datastore.</p>

<p>I was wondering if there's a way I can secure this HTTP endpoint? Currently it seems that it will accept a request from anywhere/anyone. </p>

<p>When googling around, I see most results talk about securing things with Firebase. However, I am not using the Firebase service here.</p>

<p>Would my options be either let it open, and hope no one knows the URL endpoint (security by obscurity), or implement my own auth check in the function itself?</p>
Continue reading...
 

Latest posts

Top