stackoom
  简体   繁体   中英

How to create a secure API using Firebase Auth without installing Firebase SDK on the client

 原文  2019-05-08 12:10:00       node.js/ rest/ firebase/ authentication/ firebase-authentication

Question

I'm trying to create an API for our app using Express.js endpoints that connect to our Firebase Cloud Firestore database. A main component of responding with the requested information securely is authentication, and we want to be able to make it as straight forward to the users as possible. For example, by them simply sending an API secret key on their requests.

My issue is that all of the authentication mechanisms that Firebase seem to provide require that the client is authenticated with the Firebase SDK, which would be uncomfortable for us to ask users to install.

In short, is there any way that they can either create a firebase token without the SDK or for us to authenticate them securely with an API key on our end? Note that the connection to our API would only be done through our user's back ends, never front end clients.

Thanks!

1 answers

solution1
 0  2019-05-08 12:30:27

See:

Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs). You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the signInWithCustomToken() method.

To achieve this, you must create a server endpoint that accepts sign-in credentials—such as a username and password—and, if the credentials are valid, returns a custom JWT. The custom JWT returned from your server can then be used by a client device to authenticate with Firebase (iOS, Android, web). Once authenticated, this identity will be used when accessing other Firebase services, such as the Firebase Realtime Database and Cloud Storage. Furthermore, the contents of the JWT will be available in the auth object in your Firebase Realtime Database Security Rules and the request.auth object in your Cloud Storage Security Rules.

You can create a custom token with the Firebase Admin SDK, or you can use a third-party JWT library if your server is written in a language which Firebase does not natively support.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question NodeJs and React with Firebase auth: how to secure nodejs api endpoints? How to handle Auth variable mechanism while using firebase Nodejs client How secure is firebase cloud messaging at client side? How to create a passwordResetLink using the Firebase admin API? Firebase Auth verify JWT ID Tokens without SDK with NodeJS Auth as “user” in SDK Node Firebase REST api authentication using firebase admin sdk Firebase Auth Are my variables secure/safe? How to create nodeJS API with Firebase Firebase -How to find the Firebase SDK version and Library I'm using
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM