在Django中使用Firebase Auth [英] Using Firebase Auth with Django

问题描述

我想对我的Django Web应用程序使用Firebase身份验证。为此，我想我需要编写一个自定义身份验证后端-是吗？我看不到任何已经在执行此操作的库-django-allauth看起来非常接近，但是我对firebase提供的电话号码验证很感兴趣。

I want to use firebase authentication for my django webapp. To achieve this, I think would I need to write a custom auth backend - is that right? I don't see any libraries that already do this - django-allauth looks like it comes pretty close as an alternative but I am interested in the phone number verification provided by firebase.

对于用户模型和 request.user 或 user.is_authenticated 。现在，我使用身份验证和登录功能- django 如何知道用户通过 firebase 登录？我还会为每个用户创建一个用户模型吗？

I'm also confused about what happens to the User model and functions like request.user or user.is_authenticated. Right now I use the authenticate and login functions - how does django know that a user is logged in via firebase? Would I still be creating a User model for every user?

谢谢

推荐答案

您可以在任何框架上使用Firebase Auth。您不一定需要使用自定义身份验证。通常，您将在客户端上登录用户，通过调用 firebase.auth（）。currentUser.getIdToken（）来获取ID令牌，然后将ID令牌传递给您服务器，对其进行验证，并使用Firebase Admin SDK解析其有效载荷，以识别用户ID和其他要求，然后您可以发出会话cookie，以识别与该ID令牌关联的用户。

You can use Firebase Auth with any framework. You don't necessarily need to use custom auth. Typically, you would sign in the user on the client, get the ID token by calling firebase.auth().currentUser.getIdToken() and then pass the ID token to your server, verify it and parse its payload identifying the user ID and its other claims by using the Firebase Admin SDKs and then you can issue a session cookie identifying the user associated with that ID token.

在注销时，您将清除该会话cookie。

On signout, you would clear that session cookie.

如果您还需要在设置会话cookie之后将用户保留在后端，则也可以使用Firebase Admin SDK来查找由用户ID标识的用户，或仅使用令牌声明即可填充用户，而无需任何网络调用。

If you also need to persist that user on the backend after setting the session cookie, you can also use the Firebase Admin SDK to lookup a user identified by the user ID or just use the token claims to populate the user without any network call. You can populate that in the user model of associated framework if needed.

有关会话管理的更多信息，请参考以下django文档：> https://docs.djangoproject.com/en/3.0/topics/http/sessions/

For more on session management, you can refer to this django documentation: https://docs.djangoproject.com/en/3.0/topics/http/sessions/

这篇关于在Django中使用Firebase Auth的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！