'How to prevent users deleting themselves from Firebase using API public key?
As documented, any Firebase user can be deleted by admin at any time, and each user can delete only itself as described here from the client SDK or from REST call as shown here.
My problem comes as anyone with the public KEY (which is given in each web client), could potentially delete itself (as a malicious action). As my firebase functions connect the users with webhooks to others servers of my own, an unexpected user deletion could potentially break the system.
Also commented here, this is an unaccepted action. However, I find it somehow a bad architectural design as leaves the door open to unexpected behaviours out of our control.
Personal walkround: I can manage somehow all the situations derived from this action by using the auth trigger onDelete from the cloud functions and, later on, force the user to do some actions... but it will be of incredible help to stop it at moment zero, just making the user deletion (out of admin context) a forbidden action.
Maybe it can be done through the Google Cloud console by some configuration I don't know?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|