用户角色的用户身份验证中有任何功能吗? [英] Is there any function in User Authentication for User Roles?
问题描述
我正在尝试使用Firebase为我的Web应用程序创建登录界面.我想使用Firebase自己的身份验证系统向我的帐户添加user role. (电子邮件).但是它不支持添加user role的任何选项.例如管理员"和用户".
I'm trying to make a login interface for my web app using Firebase. I wanted to add a user role to my account using Firebase's own Authentication System. (Email). But it does not support any options for adding a user role. Such as "Admin" and "Users".
这是用于Firebase(当前为5.7.2)和HTML5.
This is for Firebase (currently 5.7.2), and HTML5.
login.js(当前登录身份验证)
login.js (current login authentication)
(function(){
var ui = new firebaseui.auth.AuthUI(firebase.auth());
var uiConfig = {
callbacks: {
signInSuccessWithAuthResult: function(authResult, redirectUrl) {
// User successfully signed in.
// Return type determines whether we continue the redirect automatically
// or whether we leave that to developer to handle.
return true;
},
uiShown: function() {
// The widget is rendered.
// Hide the loader.
document.getElementById('loader').style.display = 'none';
}
},
// Will use popup for IDP Providers sign-in flow instead of the default, redirect.
signInFlow: 'popup',
signInSuccessUrl: 'index.html',
signInOptions: [
// Leave the lines as is for the providers you want to offer your users.
firebase.auth.EmailAuthProvider.PROVIDER_ID,
],
};
ui.start('#firebaseui-auth-container', uiConfig);
})()
我希望在js中的某个位置添加选项或用户角色字段,作为电子邮件的唯一标识符? (adminabc@xx.com = admin,userabc @ xx.com =用户)或firebase的其他字段. (在数据库中添加专用表,而不使用已实现的用户身份验证.)
I expect to add an option, or a field for a user role, somewhere in the js as a unique identifier to an email? (adminabc@xx.com = admin, userabc@xx.com = user) or an additional field to firebase. (adding a dedicated table in the database instead of using the implemented user authentication.)
推荐答案
Firebase Auth没有用户角色" API,但是您可以通过多种方法在应用程序中实现基于角色的授权.
There is no "user roles" API for Firebase Auth, but there are ways that you can implement role based authorization in your application.
如上所述,一种方法是将数据存储在数据库中.这样做的好处是易于实现.
One of the ways is, as you mentioned, to store that data in your database. The benefits of doing that is that it's easy to implement.
您可以通过在Firestore和Realtime数据库的数据库规则中进行查找来实施规则.
You can enforce the rules by making lookups in your database rules for both Firestore and the Realtime database.
{
"rules": {
"adminContent": {
".write": "root.child('users').child(auth.uid).child('admin').val() === true"
}
}
}
Firestore
service cloud.firestore {
match /databases/{database}/documents {
match /articles/{article} {
allow write: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.admin == true
}
}
}
在数据库中维护您的角色和凭据的弊端是您不能跨产品使用该信息.您不能编写访问RTDB规则的Firestore数据库规则,反之亦然.
The downside of maintaining your roles and and credentials in database is that you can't use that information across products. You can't write a firestore database rule that access the RTDB rules or vice versa.
如果您希望角色跨服务工作(在RTDB,Firestore和Firebase Storage中使用相同的角色数据),则应考虑设置自定义声明,这很好地解释了
If you want your roles to work across services (using the same role data in RTDB, Firestore and Firebase Storage), then you should look into setting custom claims, which is explained very well in the documentation.
Once that is set up you can use the custom claims to implement role based or group access rights across the different products.
{
"rules": {
"adminContent": {
".read": "auth.token.admin === true",
".write": "auth.token.admin === true",
}
}
}
firestore.rules/storage.rules
Firestore和Storage规则的规则语法相似,您发现allow语句是相同的.
firestore.rules / storage.rules
The Firestore and Storage rules has similar syntax for the rules and you fill find that the allow statement is the same for both.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.token.admin == true;
}
}
}
这篇关于用户角色的用户身份验证中有任何功能吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
