將firebase auth與google app引擎雲端點集成

Question

有人可以指定（使用一些示例代碼）如何驗證google雲端點中的firebase令牌？ 最近提出的問題根本沒有澄清（ 如何將firebase身份驗證與Google應用引擎端點集成 ）

端點中的Google身份驗證是通過將用戶參數添加到端點來自動完成的。 可以使用facebook圖api在雲端點驗證Facebook令牌，如下所示：

    @ApiMethod(name = "endpoint.addUser", httpMethod = HttpMethod.POST)
        public ResultObject addUser(HttpServletRequest request, User pUser) throws OAuthRequestException {
    String token = request.getHeader("Authorization");
    String graphUrl  = "https://graph.facebook.com/v2.6/me?fields=id,name,email&access_token=" + token;

    URL u = new URL(g);
    URLConnection c = u.openConnection();
    BufferedReader in = new BufferedReader(new InputStreamReader(c.getInputStream()));
    String inputLine;
    StringBuffer b = new StringBuffer();
    while ((inputLine = in.readLine()) != null){
             b.append(inputLine + "\n");            
    }
    in.close();
    graph = b.toString();
    JSONObject json = new JSONObject(graph);

    facebookId = json.getString("id");
    email = json.getString("email");
    //...
}

firebase令牌的驗證是否像facebook令牌一樣簡單？ 是否可以從firebase令牌中檢索電子郵件？

Answer 1

據我所知，文檔似乎需要將用戶令牌添加到您的請求中，例如作為標題。 然后，您需要針對Firebase管理員sdk驗證此令牌，這樣您就可以獲得用戶ID。

@ApiMethod(name = "someApiCall", httpMethod = ApiMethod.HttpMethod.POST)
public YourResponse someApiCall(YourRequestObject body, HttpServletRequest httpRequest) {
    String userToken = httpRequest.getHeader("USER_TOKEN_HEADER");

    Task<FirebaseToken> authTask = FirebaseAuth.getInstance().verifyIdToken(userToken)
        .addOnSuccessListener(new OnSuccessListener<FirebaseToken>() {
          @Override
          public void onSuccess(FirebaseToken firebaseToken) {
          }
        });

    try {
      Tasks.await(authTask);
    } catch (ExecutionException e) {
    } catch (InterruptedException e) {
    }

    FirebaseToken result = authTask.getResult();
    String userId = result.getUid();

    return new YourResponse();
}

我的代碼基於：

https://firebase.google.com/docs/auth/admin/verify-id-tokens

如何使用Firebase令牌驗證保護Google Cloud Endpoints API？

Answer 2

您可以使用CustomAuthenticator ：

public class CustomAuthenticator implements Authenticator {
    private static final Logger LOG = Logger.getLogger(CustomAuthenticator.class.getName());
    private static final String COOKIE_FIREBASE_TOKEN = "firebase_token";

    static {
        LOG.info("CustomAuthenticator: initializing");
        InputStream serviceAccountResourceStream = CustomAuthenticator.class.getResourceAsStream("/serviceAccountKey.json");
        FirebaseOptions options = new FirebaseOptions.Builder()
                .setServiceAccount(serviceAccountResourceStream)
                .build();

        FirebaseApp.initializeApp(options);
        LOG.info("CustomAuthenticator: initialized");
    }

    @Override
    public User authenticate(HttpServletRequest httpServletRequest) {
        User user = null;
        if (httpServletRequest.getCookies() != null) {
            for (Cookie cookie : httpServletRequest.getCookies()) {
                if (cookie.getName().equals(COOKIE_FIREBASE_TOKEN)) {
                    FirebaseToken firebaseToken = FirebaseAuth.getInstance().verifyIdToken(cookie.getValue()).getResult();
                    user = new User(firebaseToken.getUid(), firebaseToken.getEmail());
                }
            }
        }
        return user;
    }
}

在您的API實現中，不要忘記啟用自定義身份驗證器：

@Api(name = "exampleWithAuth",
        version = "v1",
        ...
        auth = @ApiAuth(allowCookieAuth = AnnotationBoolean.TRUE), // This is needed to process your cookie for the token
        authenticators = {CustomAuthenticator.class} // Declare your custom authenticator
)
public class ExampleWithAuthEndpoint {

    @ApiMethod(httpMethod = "GET", path = "example")
    public Example getExample(User user /* Add User to enable API authentication */) {
        if (user != null) {
            // Do something
        }
        return null;
    }
}

現在，當您調用API時，只需將cookie firebase_token添加到您的請求中即可。

我希望這將有所幫助。