我是否需要在 firebase 云函数的 context.auth object 上使用 verifyIdToken?
[英]Do I need to use verifyIdToken on the context.auth object in firebase cloud functions?
问题描述
Using a callable function, my intention is to only allow logged-in users to make calls to this.
使用可调用的 function,我的意图是只允许登录用户调用它。
export const sendMessage = functions.https.onCall(async (data, context) => {
From the context param there, I have the auth token.从那里的context参数,我有授权令牌。 But I'm just very new to firebase in general and I don't want to make a critical mistake by misunderstanding here.但总的来说,我对 firebase 还很陌生,我不想因为在这里的误解而犯下严重的错误。 If I'm logged out, context.auth becomes null-- easy enough.如果我注销了, context.auth将变为空——这很容易。 But do I need to be sure that the auth token is valid and not "made up" by calling verifyIdToken anyway?但是我是否需要通过调用verifyIdToken来确保身份验证令牌有效而不是“虚构”的?
If not, then is simply checking that context.auth isn't null enough to be sure that the user is logged-in?如果不是,那么只是检查context.auth是否足以确保用户已登录 null?
1 个解决方案
解决方案1
4 已采纳 2020-10-08 01:04:22
But do I need to be sure that the auth token is valid and not "made up" by calling verifyIdToken anyway?
No, that happens automatically.不,那是自动发生的。 You can be sure the context.auth is verified if not null. As stated in the documentation :如果不是 null,您可以确定context.auth已通过验证。如文档中所述:
The functions.https.onCall trigger automatically deserializes the request body and validates auth tokens.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.