如何使用Firebase JWT在自定义后端上对用户进行身份验证?
[英]How do I authenticate my user on a custom backend using my firebase JWT?
问题描述
I successfully authenticated my user with my firebase app in the browser. 
我在浏览器中使用Firebase应用成功验证了用户身份。 Now I want my custom backend to know that the user is authenticated. 现在,我希望自定义后端知道用户已通过身份验证。
How do I go about this? 我该怎么办? Can I tell the client to include the firebase JWT in every request to my backend, so that the backend knows the user is logged in? 我可以告诉客户端在对后端的每个请求中都包含Firebase JWT,以便后端知道用户已登录吗? (This is necessary so that the backend will not redirect a logged-in user to the login page, for example.) (这是必要的,以便后端不会将已登录的用户重定向到登录页面。)
Background Research: 背景研究:
The firebase authentication docs explain how to get the firebase token, send it to your custom backend, and then do something on the backend with the user data. Firebase身份验证文档介绍了如何获取Firebase令牌,将其发送到您的自定义后端,然后在后端使用用户数据执行某些操作。 That's fine for an XHR request, where you can tell the browser to include the token as a header. 对于XHR请求,这很好,您可以在其中告诉浏览器将令牌包括为标头。 I don't understand how to get the browser to include the token in a normal HTTP request to the server, like when the user opens a new tab and navigates to the admin panel at https://example.com/admin . 我不明白如何让浏览器将令牌包含在对服务器的常规HTTP请求中,例如当用户打开新标签并导航至https://example.com/admin的管理面板时。
This is a related question , but I didn't understand the answer (or at least how I could apply it to my use case). 这是一个相关的问题 ,但是我不明白答案(或者至少不知道如何将其应用于用例)。
1 个解决方案
解决方案1
0 2017-06-02 04:00:06
Here's how the good guys at jwt.io explain it: 这是jwt.io的好人如何解释它:
Whenever the user wants to access a protected route or resource, the user agent should send the JWT, typically in the Authorization header using the Bearer schema.
Authorization: Bearer <token>
This is a stateless authentication mechanism as the user state is never saved in server memory.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.