Android 应用程序的 Firebase Cloud Functions 身份验证
[英]Firebase Cloud Functions authentication for Android App
问题描述
I'm building an Android App that searches for nearby locations.
我正在构建一个搜索附近位置的 Android 应用程序。 I use Firebase login system (Login with email and password, and login with Google, Facebook, etc), therefore I would also like to build an API with Firebase. I use Firebase login system (Login with email and password, and login with Google, Facebook, etc), therefore I would also like to build an API with Firebase. (also because I need the app to be more complicated) I have built a serverless API with Firebase Cloud Functions and I can make GET/PUT requests with Postman. (也是因为我需要更复杂的应用程序)我已经使用 Firebase Cloud Functions 构建了一个无服务器 API,并且我可以使用 Postman 发出 GET/PUT 请求。 However, I would like to secure these endpoints, similar to how JWT secure a RESTAPI, so that only users who logged in the App can make requests.但是,我想保护这些端点,类似于 JWT 如何保护 RESTAPI,以便只有登录应用程序的用户才能发出请求。 How do I achieve this?我如何实现这一目标? I have looked at "authorized-https-endpoint" but it seems like it only allow Google-Sign-In.我看过“authorized-https-endpoint”,但它似乎只允许谷歌登录。
Or is there a way that I can still use Node and Mongodb RestAPI, and secure it using the accounts logged into Firebase?或者有没有办法让我仍然可以使用 Node 和 Mongodb RestAPI,并使用登录到 Firebase 的帐户来保护它?
Here is a piece of the backend code这是一段后端代码
app.get('/api/read/:item_id', (req, res) => {
(async () => {
try {
const document = db.collection('items').doc(req.params.item_id);
let item = await document.get();
let response = item.data();
return res.status(200).send(response);
} catch (error) {
console.log(error);
return res.status(500).send(error);
}
})();
});
exports.app = functions.https.onRequest(app);
Thank you guys so much in advance.非常感谢你们。
2 个解决方案
解决方案1
1 2020-06-10 07:58:34
Use Firebase Callable Functions.使用 Firebase 可调用函数。 They fulfill your requirement.它们满足您的要求。
Refer: https://firebase.google.com/docs/functions/callable参考: https://firebase.google.com/docs/functions/callable
In the case where there are issues with the function calls, please refer to this: firebase.google.com/docs/functions/callable-reference.如果 function 调用存在问题,请参阅:firebase.google.com/docs/functions/callable-reference。
As mentioned here this is to be used only if the SDKs don't work for you正如这里提到的,这仅在 SDK 不适合您时使用
解决方案2
1 2020-06-10 16:40:51
The authorized-https-endpoint example supports all forms of auth on the client, as long as it's going through the Firebase Auth SDK.授权的https-endpoint示例支持客户端上的所有forms auth,只要它通过Firebase Auth SDK。 In all cases, the client can send an auth token to the function, and the function code can use the Firebase Admin SDK to verify the token . In all cases, the client can send an auth token to the function, and the function code can use the Firebase Admin SDK to verify the token . It doesn't matter how the user authenticated - any Firebase user account will work.用户的身份验证方式无关紧要 - 任何 Firebase 用户帐户都可以使用。
You can also use a callable function , which will automatically perform the validation for you in the exact same way.您还可以使用可调用的 function ,它将以完全相同的方式自动为您执行验证。 Your code must then check to see if a user was authenticated using the calling context before continuing.然后,您的代码必须在继续之前检查用户是否使用调用上下文进行了身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.