Securing RESTful API with Firebase OAuth?

I'm using Firebase in my iOS and web app to handle user authentication. I need to make sure a user is logged in before he can make any requests to my API. How would I accomplish such a thing with Firebase?

I'm thinking about using Kong - https://getkong.org - as a middleman for my API. Kong has a few options in relation to authenticating incoming requests - https://getkong.org/plugins. What would work with Firebase? JWT authentication? OAuth authentication? Key authentication?

Can you point me in the direction of a basic example? Or give me a basic overview of what I should be looking for?

Solution

I ended up authentication the users token server-side, like this:

https://gist.github.com/holgersindbaek/2cc55efd89517e21fbb52b4e95125003

How do I get currency exchange rates via an API such as Google Finance?
How to retrieve pack list with Shippingbo API?
Exception in main java.lang.ClassCastException:class java.lang.String can't be cast to class
Verbix: 403 error in Java API but not browser or Postman
Can't find the reason my app returns Uncaught TypeError: Cannot read properties of undefined
ASP.NET Core - AggregateException: some services are not able to be constructed
Understanding Allow and Deny statements in AWS permission policies
Passing multiple certificates through Curl request using Guzzle
Understanding the difference between these two python requests POST calls (data vs. json args)
How to protect Open xpage REST API using Azure OAuth or Azure API Gateway
JWT payload does not contain the required claims
Expo React Native post method not including MEDIA on Django rest framework right path
Use postman to get a token from a request and send it to another
Assign Json to a string without serilization in c#
express Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
Extracting data from Wikipedia API
Update a monthly payment subscription to a single payment after a failed payment? Or allowing the customer to do so or not
What is a __cf_bm cookie?
Steam API Returns blank json
Facing errors in fetching data from rest API to my front-end
How can I find telegram user by id
Calling REST API from controller codeigniter
How to store complex json data in model class in flutter
asp.net core mvc 6 No webpage was found for the web address: https://localhost:7168/Event/DeletePost
Getx , Flutter how to update state of a variable in a listview builder everytime list loads its taking initial index value only?
Join query shows error in spring boot but the same query gives the result in postgresql
HTTP POST Request doesn't resolve a response with Next JS 13
Postman How to check Not Equal to Condition in Postman?
how to handle error mechanisms in testing API calls using Karate test framework
When doing API request, returned error message is different from what server is sending