通过“Magic-Link”进行 Firebase 身份验证
[英]Firebase Authentication via “Magic-Link”
问题描述
I want to send notification mails to users of my community platform coded with react and firebase.
我想向使用 react 和 firebase 编码的社区平台的用户发送通知邮件。 I was wondering is there is a way to authenticate the user via a magic link which is contained in his or her personal notification mails.我想知道是否有一种方法可以通过包含在他或她的个人通知邮件中的魔术链接对用户进行身份验证。
Eg You've got 5 new comments on your post click HERE to read them例如,您的帖子有 5 条新评论,请点击此处阅读
Clicking "here" should redirect the user to the page and automatically authenticate him without having to enter their individual passwords or usernames.单击“此处”应将用户重定向到该页面并自动对其进行身份验证,而无需输入他们的个人密码或用户名。
2 个解决方案
解决方案1
1 2021-01-23 19:27:43
Due to the cancelation of the privacy shield framework and Schrems II , you might no longer be able to store customer details in the GCP.由于隐私保护框架和Schrems II的取消,您可能无法再在 GCP 中存储客户详细信息。
A solution for it can be pseudonymization .它的解决方案可以是假名。
I am running an open-source project that can help you with that.我正在运行一个开源项目,可以帮助您解决这个问题。
Check out the following article for more information:查看以下文章了解更多信息:
https://databunker.org/use-case/schrems-ii-compliance/ https://databunker.org/use-case/schrems-ii-compliance/
解决方案2
0 2020-07-12 18:20:21
I think your question can be divided into 2 different questions.我认为您的问题可以分为两个不同的问题。
1. How do I send notification mails to my community platform? 1.如何向我的社区平台发送通知邮件?
I have never used notification mails in Firebase, I usually use google's SMTP server directly and send a request to the server to send an email on behalf of me.我从来没有在 Firebase 中使用过通知邮件,我通常直接使用 google 的 SMTP 服务器并向服务器发送请求以代表我发送电子邮件。 So, in your case, I would search up the library on your tech stack (for me it was Go's gomail ), then you can use Google's SMTP server (host:smtp.gmail.com, port:587).所以,在你的情况下,我会在你的技术栈上搜索库(对我来说是 Go 的gomail ),然后你可以使用谷歌的 SMTP 服务器(主机:smtp.gmail.com,端口:587)。
2. How do I make a link that automatically authenticate your users whenever they click the link? 2. 我如何制作一个链接,当他们点击链接时自动验证你的用户?
I feel like this is the harder question.我觉得这是一个更难的问题。 I think you need to consider a few things:我认为您需要考虑以下几点:
- Your links need to be short lived.您的链接需要是短暂的。 Why?为什么? to prevent unauthorized brute force login attempt (this also depends on the structure of your link).防止未经授权的蛮力登录尝试(这也取决于您的链接结构)。 However, best practices suggests that links should be short lived (less than 24 hours).但是,最佳实践建议链接应该是短暂的(少于 24 小时)。
- Given that links are short lived, this depends on whether the user checked their email frequently for notification from you!鉴于链接是短暂的,这取决于用户是否经常查看他们的电子邮件以获取您的通知! There's a pretty good chance that they will miss that email in the 24 hour window.他们很有可能会在 24 小时内错过那封电子邮件。
I'm pretty much against sending time sensitive notification like that through emails.我非常反对通过电子邮件发送这样的时间敏感通知。 But if it is something that you still want to do, it is pretty easy to create the link, the simplest way I did it was:但是,如果您仍然想做某事,那么创建链接非常容易,我做的最简单的方法是:
- Generate a random uuid for a link.为链接生成随机 uuid。
- Associate it to the user who will login with the link.将其与将使用该链接登录的用户相关联。 You should save this association in a persistent data storage.您应该将此关联保存在持久数据存储中。
- Create an endpoint for magic link, for example
/magic/:link_idthat takeslink_idthen checks what user should be logged in.为魔法链接创建一个端点,例如/magic/:link_id接受link_id然后检查应该登录的用户。 - Voila!瞧! You got yourself a magic link!你得到了一个神奇的链接!
Finally, you can send the link through email like the first part of the problem!最后,您可以像问题的第一部分一样通过电子邮件发送链接!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.