GitHub项目“ FirebaseUI for Web — Auth”是否有一个'signInFailureUrl'参数

Question

I am extremely new to code. I am using firebase's firebase UI github project to handle my email/password authentication — https://github.com/firebase/firebaseui-web . Redirect is working, but how do I prevent a user from bypassing the login page and simply visiting the "successful" url (if someone were to simply share it with them). My hope was to be able to simply set a 'signInFailureUrl' parameter. But it didn't work,haha. Below, I've pasted the config object where I set the 'signInSuccessUrl.' How can I handle this? Any help would be greatly appreciated.

var uiConfig = {
    'queryParameterForWidgetMode': 'mode',
    // Query parameter name for sign in success url.
    'queryParameterForSignInSuccessUrl': 'signInSuccessUrl',
    'signInSuccessUrl': '<url-to-redirect-to-on-success>',
    'singInFailureUrl': '<url-to-redirect-to-on-failure>',
    'signInOptions': [
      // I am only using email and password for my app
      firebase.auth.EmailAuthProvider.PROVIDER_ID
    ],
    'callbacks': {
      'signInSuccess': function(currentUser, credential, redirectUrl) {
        return true;
      }
    }
  };

Answer 1

With Firebase using the correct database permissions, only the owner of the data will be able to access it. So if the user goes to the protected page, only their data will be populated. If the user is not logged in, the data will not be served at all. This is all done on the front end. If you do not wish to use Firebase database to serve your data, you can instead, on the protected page, attach a listener:

firebase.auth().onAuthStateChanged(function(user) { if (user) { user.getToken(function(token) { // send this token to user server when loading the // restricted content via xhr. // On the backend server, use the currently available backend // libraries to validate the token and then serve the user's // data. // https://firebase.google.com/docs/auth/server/verify-id-tokens }); } });