I want to make sure that only logged in users have access on my API service,
I read this topic:
and it’s still not clear, how to do it.
I can check if the user has sent user-token, but how can I know it’s a valid user token? and is it the right way to do it?
if you can provide a simple cloud function example on how to authenticate user, I would be thankful.
Once of the properties is req.context.userRoles, which is a collection (array) of the security roles the user has. This will include both system and custom roles. If the user is authenticated, the collection will have the AuthenticatedUser role, otherwise, the collection will have the NotAuthenticatedUser role.