堆栈内存溢出
  简体   繁体   English

具有身份验证查询参数的FireBase Rest无法正常工作

[英]FireBase Rest with auth query param not working

 原文  2016-08-24 07:41:05       rest/ firebase/ firebase-realtime-database/ firebase-authentication

问题描述

   // INIT FIREBASE
    FirebaseOptions options = new FirebaseOptions.Builder()
          .setServiceAccount(new FileInputStream("C:\\path\\testcustom-dff2147d3b14.json"))
          .setDatabaseUrl("https://testcustom-a1a4d.firebaseio.com/")
          .build();
        FirebaseApp.initializeApp(options);
        isFireBaseInit = true;

       // GENERATE TOKEN
        String uid = "USER ID SOME RANDOM";
        HashMap<String, Object> additionalClaims = new HashMap<String, Object>();
        String token = FirebaseAuth.getInstance().createCustomToken(uid, additionalClaims);

Not from browser if i try to use rest api to fetch data 如果我尝试使用Rest API获取数据,则不是从浏览器

https://testcustom-a1a4d.firebaseio.com/1719126/1719130/1719121.json?auth=TOKEN GENERATOR IN JAVA CODE https://testcustom-a1a4d.firebaseio.com/1719126/1719130/1719121.json?auth=JAVA代码中的代币生成器

I get following error: 我收到以下错误: 

{
  "error" : "Missing claim 'kid' in auth header."
}

What am i doing wrong? 我究竟做错了什么?

Does custom token doesnot work with rest api. 自定义令牌是否不适用于rest api。 DO i need to use firebase link , If yes how to add additional claim in it ? 我是否需要使用firebase链接 ,如果是,如何在其中添加其他声明?

PS: firebase sdk version i am using PS:我正在使用的Firebase SDK版本

com.google.firebase firebase-server-sdk 3.0.1 com.google.firebase firebase-server-sdk 3.0.1

EDIT: THERE IS A INCONSISTENCY IN FIREBASE DOCUMENTATION 编辑:FIREBASE文档中存在不一致

FIREBASE GUIDE DOCUMENTATION SAYS FIREBASE 指南文档说明

The argument can either be your Firebase app's secret or an authentication token, as described in the "Users in Firebase Projects" 参数可以是您的Firebase应用程序的机密,也可以是身份验证令牌,如“ Firebase项目中的用户”中所述

Type of authentication described are https://firebase.google.com/docs/auth/users#auth_tokens 描述的身份验证类型为https://firebase.google.com/docs/auth/users#auth_tokens
Note: custom token is present there 注意:那里存在自定义令牌

FIREBASE REFERENCE DOCUMENTATION SAYS FIREBASE 参考文档说明

The argument can either be your Firebase app's secret or an authentication token. 该参数可以是Firebase应用程序的机密,也可以是身份验证令牌。 See the REST authentication documentation for details. 有关详细信息,请参见REST身份验证文档

So Guide and reference talk differently. 因此,指南和参考的讨论方式有所不同。

Need help please 请帮忙

1 个解决方案

解决方案1
 2  2016-08-24 14:27:29

From firebase support team 来自Firebase支持团队

Yes, creating custom tokens using FirebaseAuth.getInstance().createCustomToken(uid, additionalClaims) does not work with REST API. 是的,使用FirebaseAuth.getInstance()。createCustomToken(uid,extraClaims)创建自定义令牌不适用于REST API。 These tokens are designed to be used by client SDKs with signInWithCustomToken(token). 这些令牌旨在由具有signInWithCustomToken(token)的客户端SDK使用。 Please note that "client to DB" REST requests are not supported right now due to changes in security model in the new Firebase (legacy Firebase supports it). 请注意,由于新Firebase(旧版Firebase支持)中安全模型的更改,目前不支持“客户端到数据库” REST请求。

As you have pointed out, you need to follow this link in order to make an authenticated REST request. 如您所指出的,您需要单击此链接才能发出经过身份验证的REST请求。 You should to use the access_token parameter, passing the token derived from the service account private key. 您应该使用access_token参数,传递从服务帐户私钥派生的令牌。 This assumes you're scenario is "Server to DB" as you're using a service account. 假设您使用服务帐户时的情况是“服务器到数据库”。

To add custom claims using REST, you should use the auth_variable_override parameter. 要使用REST添加自定义声明,应使用auth_variable_override参数。 See here. 看这里。 Your request should now look like this with the added claim: {"uid":"6LiF16Dm0hNB9XO61UR1KM5Jeun2"} 您的请求现在应该看起来像这样,并带有附加的声明:{“ uid”:“ 6LiF16Dm0hNB9XO61UR1KM5Jeun2”}

$ curl " https://test-de98f.firebaseio.com/test.json?access_token= &auth_variable_override=%7B%22uid%22%3A%226LiF16Dm0hNB9XO61UR1KM5Jeun2%22%7D" {" 1213314":{"alanisawesome":"Alan Turing"}} $ curl“ https://test-de98f.firebaseio.com/test.json?access_token=&auth_variable_override =%7B%22uid%22%3A%226LiF16Dm0hNB9XO61UR1KM5Jeun2%22%7D” {“ 1213314”:{“ alanisawesome”:“ Alan图灵“}}

I do understand that the documentation you have pointed out needs to be improved and have raised this to our documentation team so that it could be prioritized appropriately. 我确实知道您所指出的文档有待改进,并将其提交给我们的文档团队,以便可以对其进行优先排序。 Though, I can't share any timelines as of the moment. 不过,目前我无法分享任何时间表。

Hope this helps. 希望这可以帮助。 Feel free to respond for any more issues or concerns. 如有其他问题或疑虑,请随时回应。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Firebase匿名休息身份验证 - Firebase anonymous rest auth REST GET 调用与列表查询参数在 POSTMAN 中不起作用 - REST GET Call with List Query Param is not working in POSTMAN REST:包含URL的查询参数 - REST: query param containing an url JAVA Rest两个日期Path参数或Query参数 - JAVA Rest two dates Path param or Query param 如何在 Django 中使用查询字符串过滤查询集? - How to use Query Strings for filtering Querysets in Django? 使用子列表作为查询参数设计 REST 端点 - Design REST endpoint with sublist as query param 加密 Spring Boot Rest Api 查询参数 - Encrypt Spring Boot Rest Api Query Param Jmeter调用带有查询参数的REST URL - Jmeter calling rest url with query param 带有特殊字符的 Springboot Rest Template 查询参数 - Springboot Rest Template query param with special characters 如何验证 REST 调用 Firebase 验证 REST ZDB9742CE38714CA8DE634A7A - How to Authenticate a REST Call to the Firebase Auth REST API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM