Using a Firebase app secret in apps script
Google apps script에서 Firebase app secret을 사용하여 OAuth Authorization Flow 없이 Database를 사용할 수 있습니다.
- Firebase console에서 새 프로젝트 만들기버튼으로 eojjiGas 프로젝트를 생성했습니다.
- eojjiGas 프로젝트에서 설정 버튼 클릭하고 데이터베이스 탭에서 비밀번호를 복사합니다.
- 아래 참고 자료 중 Real-time notifications in add-ons with Firebase를 보고 Google Apps script 프로젝트를 만듭니다.
- Google Apps script 에디터 메뉴 중 파일 선택 후 프로젝트 속성 클릭
- Google Apps script 에디터 메뉴 - 파일 - 프로젝트 속성
- - 스크립트 속성 - fb-secret 속성 추가 : 값은 위에서 복사한 데이터베이스 비밀번호
- Google Apps script 에디터 메뉴 게시- 웹 앱으로 배포
- Google Apps script 에디터 메뉴 게시- 웹 앱으로 배포
- - 앱을 실행할 사용자: 웹 앱을 액세스하는 사용자로 설정
- 현재 웹 앱 URL:
- firebase - 데이터베이스 - 데이터
참고 자료:
- https://developers.google.com/apps-script/overview#your_first_script
- https://developers.google.com/apps-script/guides/web
- https://developers.google.com/apps-script/guides/html/communication
- Real-time notifications in add-ons with Firebase
July 29, 2015
http://googleappsdeveloper.blogspot.kr/2015/07/real-time-notifications-in-add-ons-with.html
Implementation
Inside the loop, each time an email is sent (i.e. each time we use the method GmailApp.sendEmail()), we use the Apps Script UrlFetch service to write into Firebase using its REST API. Firebase's capabilities makes this easy & secure and there’s no need for an OAuth Authorization Flow, just a Firebase app secret, as shown in the following example:
function addNewUserToFirebase() {
var dbUrl = "https://test-apps-script.firebaseio.com";
var secret = PropertiesService.getScriptProperties().getProperty("fb-secret");
var path = "/users/";
var userData = {
romainvialard:{
firstName:"Romain",
lastName:"Vialard",
registrationDate: new Date()
}
};
var params = {
method: "PUT",
payload : JSON.stringify(userData)
}
UrlFetchApp.fetch(dbUrl + path + ".json?auth=" + secret, params);
}
- Firebase REST
User Authenticating
Authenticating Servers
Authenticating Servers
If we are running a trusted server that is connecting to our Firebase database, we can authenticate it in several ways:
- Using a Firebase app secret: All authentication methods can accept a Firebase app secret instead of a JWT token. This will grant the server complete read and write access to the entire Firebase database. This access will never expire unless it is revoked via the App Dashboard.
- Using a secure JWT with the optional admin claim set to true: This method will grant a server complete read and write access to the entire Firebase database. This token will expire normally, so it is important to set the expiration times accordingly.
- Using a secure JWT designed to give access to only the pieces of data a server needs to touch: This method is more complicated, but it is the safest way to authenticate a server as it lets the Security and Firebase Rules prevent the server from doing anything it's not supposed to, even if it becomes compromised in some way.
- Firebase reference
REST
Realtime Database
Retrieving and Updating Firebase Realtime Database Rules
The REST API can also be used to retrieve and update the Firebase Realtime Database Rules for your Firebase app. You'll need your Firebase app's secret, which you can find under the Secrets panel of your Firebase app's dashboard.
curl 'https://samplechat.firebaseio-demo.com/.settings/rules.json?auth=FIREBASE_SECRET'
curl -X PUT -d '{ "rules": { ".read": true } }' 'https://samplechat.firebaseio-demo.com/.settings/rules.json?auth=FIREBASE_SECRET'
- 기본 권한 규칙을 사용하면 사용자가 인증을 받아야 합니다.
Get Started with Database Rules https://firebase.google.com/docs/database/security/quickstart
Public
// These rules give anyone, even people who are not users of your app,// read and write access to your database{ "rules": { ".read": true, ".write": true }}
댓글