(I’m new to app development!)
I’m looking into using these three systems together. I’d like to use Wordpress to handle content for an app (I’ve used it for years, with Advanced Custom Fields and custom endpoints I can set up a complicated structure really quickly and generate relevant JSON). I’d prefer to use Firebase for user auth and for storing some basic user info - this looks easy enough to set up, reliable, secure, and won’t limit me to Wordpress if I decide to change the content system in future.
What I’m wondering is, what would be the simplest way to prevent access to the JSON content on the WP install to users who are not logged in in Firebase? I don’t think this would need to be particularly secure, just enough to deter a casual user browsing around, though I am planning to use video - probably hosted on AWS or similar, which would ideally be relatively secure.
I can limit the theme to solely json without any issue, but I’d like to make sure a user is coming from the app and ideally check if they are logged in to Firebase.
I guess pretty much any PHP solution would work, would I need to use firebase ID tokens?