Vertex AI only for authenticated users
Currently, App Check is the only mechanism to control access to the Vertex API. This is not always practical and does not allow per-user access control.
Please add a mechanism similar to Security Rules for Firestore, to enforce only authenticated Firebase users to access the AI APIs.
-
C B commented
Yes! I really wanted to use Vertex AI in my native App, especially for pro users. The implementation was easy, thanks to firebase. But I still decided against using it, because the only protection layer is app check, which is not enough in my eyes. Having to implement all of the protection logic (like isProUser, isAuthenticated, rate limits, ...) only in the client is very bad. Now I am using firebase functions to make all the ai api calls securly in the backend.
Like Marco shared, please implement something like per-user access control mechanism similar to Security Rules for firestore, with the possibility of using custom claims and I would be very excited to use Vertex Ai for my apps.