Firebase:使用相同按钮通过GitHub登录/启动 [英] Firebase: SIgn in/up via GitHub using the same button

问题描述

我想允许用户通过单击同一按钮使用firebase通过GitHub登录/注册.

I want to allow users to sign in/up via GitHub using firebase by clicking on the same button.

我为服务器端的每个用户创建一个新的身份验证. 只需编写少量代码，我就可以检测用户是否是新用户:

I create a new authentication for every user in the server side. With the little piece of code, I'm able to detect if either the user is new or not:

const provider = new firebase.auth.GithubAuthProvider();
    firebase.auth().signInWithPopup(provider).then((result) => {
        if (result.additionalUserInfo.isNewUser) {
             // The user is new
        } else {
             // The user is old
        }

但是，当调用函数signInWithPopup时，如果用户是新用户，则会自动为其创建新的身份验证.如何避免这种情况? 如果用户已经通过身份验证，则该如何从客户端登录?从后端进行的身份验证与要在前端登录的用户之间的链接在哪里?

But, when the function signInWithPopup is called, if the user is a new user, a new authentication is automatically created for him. How can I avoid this? And if the user is already authenticate, how can the user sign in from the client side? Where is the link between the authentication done from the back end with the user that wants to sign in the front end?

推荐答案

这不是OAuth的工作方式.如果您使用GitHub之类的身份验证提供程序，则它们将为您处理身份验证流程.在前端，唯一剩下的就是一个idToken，其中包含您的身份，基本个人资料信息和签名，因此您可以作为用户使用此令牌.注册/登录操作之间没有区别.

This is not how OAuth works. If you use an authentication provider like GitHub, they handle auth flow for you. The only thing that you are left with on the frontend side is an idToken with your identity, basic profile info, and a signature so you can as a user using this token. There's no distinction between sign up/sign in actions.

您已经注意到，Firebase在此流程中是一个额外的层，它为首次登录的用户创建了一个帐户.但是没有用户限制或额外付款，因此我不会为这些额外帐户而烦恼.如果您关心此处的安全性，则可以考虑定期清理.

As you have noticed, Firebase is an extra layer in this flow, it creates an account for a user who signs in for the first time. But there's no user limit or extra payment so I wouldn't bother too much about these extra accounts. You might consider periodical cleanups if you care about the security here.

如果要实际检查用户是否存在，则必须使用firebase-admin，例如在调用signInWithPopup之前在Firebase Function中进行操作.但是，除非您希望阻止用户注册，否则您可以将服务器逻辑连接到

If you want to actually check if the user exists you have to use firebase-admin e.g. in a Firebase Function before the signInWithPopup is called. But still, unless you want to prevent users from signing up, you can hook your server logic into functions.auth.user().onCreate trigger.

要回答最后一个问题，当用户已经登录时，在加载页面时会在firebase.auth().onAuthStateChanged中获得用户对象.登录状态由Firebase.js存储，因此一旦调用signInWithPopup，就无需执行其他步骤.

To answer your last question, when the user is already signed in, you'll get the user object in firebase.auth().onAuthStateChanged when a page is loaded. Login state is stored by Firebase.js so once you have called signInWithPopup, you don't need extra steps.

这篇关于Firebase:使用相同按钮通过GitHub登录/启动的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！