[英]Do I need to use verifyIdToken on the context.auth object in firebase cloud functions?
Using a callable function, my intention is to only allow logged-in users to make calls to this.使用可调用的 function,我的意图是只允许登录用户调用它。
export const sendMessage = functions.https.onCall(async (data, context) => {
From the context
param there, I have the auth token.从那里的context
参数,我有授权令牌。 But I'm just very new to firebase in general and I don't want to make a critical mistake by misunderstanding here.但总的来说,我对 firebase 还很陌生,我不想因为在这里的误解而犯下严重的错误。 If I'm logged out, context.auth
becomes null-- easy enough.如果我注销了, context.auth
将变为空——这很容易。 But do I need to be sure that the auth token is valid and not "made up" by calling verifyIdToken
anyway?但是我是否需要通过调用verifyIdToken
来确保身份验证令牌有效而不是“虚构”的?
If not, then is simply checking that context.auth
isn't null enough to be sure that the user is logged-in?如果不是,那么只是检查context.auth
是否足以确保用户已登录 null?
But do I need to be sure that the auth token is valid and not "made up" by calling verifyIdToken anyway?但是我是否需要通过调用 verifyIdToken 来确保身份验证令牌有效而不是“虚构”的?
No, that happens automatically.不,那是自动发生的。 You can be sure the context.auth
is verified if not null. As stated in the documentation :如果不是 null,您可以确定context.auth
已通过验证。如文档中所述:
The functions.https.onCall trigger automatically deserializes the request body and validates auth tokens. functions.https.onCall 触发器自动反序列化请求主体并验证身份验证令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.