If you're using backend processors with Firebase, you probably know not to be authenticating the server with your Firebase secret. Instead you should be using custom tokens. Many people, ahem, use custom tokens with an "admin" : true flag in the payload. With