堆栈内存溢出
  简体   繁体   English

使用客户端/应用程序身份验证而不是用户身份验证的 Firebase Android 应用程序

[英]A Firebase Android app with client/app authentication instead of user authentication

 原文  2016-06-21 11:14:34       android/ firebase/ firebase-realtime-database

问题描述

My app has no individual users, instead it has some data that is generated by clients and can be seen by others, like public chat channel, usernames are also temporary.我的应用程序没有个人用户,而是有一些由客户端生成并且其他人可以看到的数据,例如公共聊天频道,用户名也是临时的。

I do not need every user account data to be authenticated.我不需要对每个用户帐户数据进行身份验证。 Instead only that if request is from my app, it should be served otherwise not.相反,如果请求来自我的应用程序,则不应提供它。 I see there is user authentication, but it means I have to keep the track of uids etc which also adds to data storage, other option is if I remove auth (set read/write public) and call data changes from my app.我看到有用户身份验证,但这意味着我必须跟踪 uids 等,这也会增加数据存储,其他选项是如果我删除身份验证(设置读/写公共)并从我的应用程序调用数据更改。

Can I use app secret feature that is used by servers in my android app, if so how?我可以在我的 android 应用程序中使用服务器使用的应用程序机密功能,如果可以,如何使用? This is rule for a server:这是服务器的规则:

{
  "rules": {
    ".read": true,
    ".write": "auth.uid = 'myserver'"
  }
}

How can I make it work for my android app?如何使它适用于我的 android 应用程序?

How my app is insecure without authentication (setting read/write public) , when only I know the url and only my package is configured from android app option on the server?我的应用程序如何在没有身份验证的情况下不安全(设置读/写公开),当只有我知道 url 并且只有我的包是从服务器上的 android 应用程序选项配置的?

Is there any method other than user authentication that I can use which guarantees data security ?除了用户身份验证之外,还有其他方法可以保证数据安全吗?

1 个解决方案

解决方案1
 0  2021-05-19 23:06:05

I know it's been a few years since you asked this, but I wanted to let you know that this is now finally possible.我知道你问这个问题已经有几年了,但我想让你知道现在终于可以了。

Thanks to a new feature called Firebase App Check , it is now actually possible to limit calls to your Realtime Database to only requests coming from iOS, Android and Web apps that are registered in your Firebase project.多亏了一项名为Firebase App Check的新功能,现在实际上可以将对实时数据库的调用限制为仅来自在 Firebase 项目中注册的 iOS、Android 和 Web 应用程序的请求。

You'll typically want to combine this with the user authentication based security offered by security rules, so that users can only do what they're authorized to do.您通常希望将此与安全规则提供的基于用户身份验证的安全性结合起来,以便用户只能做他们被授权做的事情。 But in your case, just App Check might be/have been enough.但在您的情况下,仅 App Check 可能/已经足够了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Android 应用程序上的用户身份验证 - User Authentication on Android App Android应用程序的用户身份验证和验证 - User authentication and verification for android app 使用PHP的Android App用户身份验证 - Android App User Authentication with PHP 单个应用中的Android Firebase多重身份验证 - Android Firebase multiple authentication in a single app Android应用请求Firebase自定义身份验证 - Android app request Firebase custom authentication Firebase 统一 android 应用程序身份验证不起作用 - Firebase unity android app authentication not working Firebase身份验证 - 开源Android应用程序 - Firebase Authentication - Open Sourcing Android App Android 应用程序在 Firebase 电话身份验证时崩溃 - Android app crashes on firebase phone authentication 添加 Firebase 身份验证后 Android 应用崩溃 - Android app crashing after adding Firebase authentication Android应用程式SHA-1验证失败Firebase - Android app SHA-1 authentication fail firebase
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM