[英]Firebase: How to generate access token from username and password on the server?
I have a Firebase app and I'm integrating Zapier.我有一个 Firebase 应用程序,我正在集成 Zapier。 They require users to authenticate with my app through their form.
他们要求用户通过他们的表单对我的应用程序进行身份验证。
The way it works is that Zapier will request email and password from a user and send it to my endpoint to get an access token and to use it with any further requests.它的工作方式是 Zapier 将向用户请求 email 和密码并将其发送到我的端点以获取访问令牌并将其用于任何进一步的请求。
I can't quite figure out how to generate an access token from username and password on server (node js) since all the authentication methods live in the client SDK.我不太清楚如何从服务器(节点 js)上的用户名和密码生成访问令牌,因为所有身份验证方法都存在于客户端 SDK 中。
So far I was hoping to authenticate user with the provided email/password, generate a custom token from their uid
and send it back to Zapier.到目前为止,我希望使用提供的电子邮件/密码对用户进行身份验证,从他们的
uid
生成自定义令牌并将其发送回 Zapier。 But I can't do that since there is no signInWithEmailAndPassword
or similar methods in the server SDK.但我不能这样做,因为服务器 SDK 中没有
signInWithEmailAndPassword
或类似方法。
I know I can fetch user by email, but how can I check the password than, since the corresponding methods are again only available in the client SDK?我知道我可以通过 email 获取用户,但是我如何检查密码,因为相应的方法再次仅在客户端 SDK 中可用?
So far I've got the following code:到目前为止,我有以下代码:
const rp = require('request-promise');
app.post('/api/integrations/zapier/auth', (req, res) => {
let data = req.body
admin.auth().signInWithEmailAndPassword(data.email, data.password) // <- this method doesn't exist in the server sdk
.then(response => admin.auth().createCustomToken(response.user.id))
.then(customToken => rp({
url: `https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key=${config.apiKey}`,
method: 'POST',
body: {
token: customToken,
returnSecureToken: true
},
json: true,
}))
.then(idToken => {
res.send({
accessToken: idToken,
filed: data.email
});
}).catch(error => res.status(500).send(error));
})
Using the Firebase Admin SDK to create custom tokens based on sign-in credentials is confusing, since the documentation states:使用 Firebase Admin SDK 根据登录凭据创建自定义令牌令人困惑,因为文档指出:
Create Custom Token
创建自定义令牌
Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs).
Firebase 允许您使用安全的 JSON Web 令牌 (JWT) 对用户或设备进行身份验证,从而让您完全控制身份验证。 You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the
signInWithCustomToken()
method.您在服务器上生成这些令牌,将它们传递回客户端设备,然后使用它们通过
signInWithCustomToken()
方法进行身份验证。To achieve this, you must create a server endpoint that accepts sign-in credentials—such as a username and password —and, if the credentials are valid, returns a custom JWT.
为此,您必须创建一个接受登录凭据(例如用户名和密码)的服务器端点,如果凭据有效,则返回自定义 JWT。 The custom JWT returned from your server can then be used by a client device to authenticate with Firebase ( iOS , Android , web ).
The custom JWT returned from your server can then be used by a client device to authenticate with Firebase ( iOS , Android , web ).
There is an example of creating a custom token based on the user's Firebase uid
:有一个基于用户的 Firebase
uid
创建自定义令牌的示例:
admin.auth().createCustomToken(uid)
But the documentation does not show how to verify if user credentials are valid in the first place.但是文档没有显示如何首先验证用户凭据是否有效。
Since the Firebase Admin SDK does not provide methods for verifying credentials, a work around is to use a combination of the Firebase Admin SDK as well as the Firebase Auth REST API. Since the Firebase Admin SDK does not provide methods for verifying credentials, a work around is to use a combination of the Firebase Admin SDK as well as the Firebase Auth REST API.
getUserByEmail
getUserByEmail
UserRecord
will contain the uid
, which can then be passed to admin.auth().createCustomToken(uid)
UserRecord
将包含uid
,然后可以将其传递给admin.auth().createCustomToken(uid)
From what i see, you can use Firebase Flutter package to login with Username and Password.据我所知,您可以使用 Firebase Flutter package 使用用户名和密码登录。
var credentials = await auth.signInWithEmailAndPassword(email: email, password: password);
String token = await credentials.user.getIdToken();
Then you can pass this token in the HTTP header as Bearer
token In the server side, you can just use verifyToken
from Admin SDK然后你可以在 HTTP header 中传递这个令牌作为
Bearer
令牌在服务器端,你可以只使用来自管理员verifyToken
FirebaseAuth.getInstance().verifyIdToken(token)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.