Firebase 身份验证 - REST API NodeJS
[英]Firebase Authentication - REST API NodeJS
问题描述
What's the difference between using admin.auth().verifyIdToken() and admin.auth().createSessionCookie() + admin.auth().verifySessionCookie() for authentication purposes and which one should I use in my Express REST API?
使用admin.auth().verifyIdToken()和admin.auth().createSessionCookie() + admin.auth().verifySessionCookie()进行身份验证有什么admin.auth().createSessionCookie() + admin.auth().verifySessionCookie() ,我应该在 Express REST API 中使用哪一个?
Also, doesn't the verifyIdToken already create a session itself that can be refreshed everytime it is called?另外,verifyIdToken 不是已经创建了一个会话本身,每次调用时都可以刷新吗? And does verifying the session cookie do the same?验证会话 cookie 是否也一样?
1 个解决方案
解决方案1
0 2020-02-27 03:25:40
You create the session to get a token on the client device and use the verify token on the server/cloud.您创建会话以在客户端设备上获取令牌并在服务器/云上使用验证令牌。
I get the token from the current user then send it to firebase cloud functions endpoint to verify it.我从当前用户那里获取令牌,然后将其发送到 firebase 云函数端点以对其进行验证。
Endpoint端点
import * as admin from 'firebase-admin'
const DEPLOYED = false;
admin.initializeApp()
const ValidateToken = (request: any, response: any) => {
const params = {
a: request.body.token, // Client Validation
}
const ValidateToken = admin.auth().verifyIdToken(params.a).catch((error) => { throw { Message:error }});
return Promise.all([ValidateToken]).then((res: any) => {
return DEPLOYED ? res : response.status(200).json(res);
}).catch(error => {
return DEPLOYED ? error : response.status(400).json(error);
});
}
export default ValidateToken;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.