I am new to Spring Boot and Firebase. I have generated REST endpoints from my model and repositories using spring-boot-starter-data-rest.
I also created a front-end application (front is a SPA written in React - back works with Spring boot - these are 2 separate apps).
My front-end app contains a login form and I use the Firebase JS SDK to authenticate the user and get an ID token for him.
Now I would like to add authentication to my endpoints so only authorized users can reach them, using the token I get in the front-end app.
I can put the token in the Authorization header of each request, but I dont't know how to:
- Extract and check the token in Spring Boot, in order to get user information. I saw this, is this ok?
- Pass the user information to the endpoint methods (currently I got no controller, since they are generated from the repositories (they extend
PagingAndSortingRepositoryorCrudRepository)) - Specify which endpoints are public and which are private (using
WebSecurityConfigurerAdapterI guess). - Also, some endpoints could be accessible only by some users. But I saw nothing in Firebase that allows me to distinct user grants.
I have read several tutorials but I have not enough details to understand everything, and they do not answer all my questions.
Thanks
