有没有办法确定Firebase用户的UID是否有效? [英] Is there a way to determine if a Firebase user's UID is valid?

问题描述

我正在建立一个服务器路由，我希望限制该服务器路由仅由已认证的用户使用.我计划将带有POST的user.uid发送到此路由，并且我想验证UID是Firebase中存在的UID.我知道我可以在Firebase中手动添加UID并对照此数据进行检查，但是可以查看Firebase身份验证正在跟踪哪些UID?我认为这种方法比检查我自己的列表会更好.

I am building a server route that I wish to restrict for use only by authenticated users. I plan to send a user.uid with a POST to this route, and I want to validate the UID is one that exists in Firebase. I know I can add UIDs manually in Firebase and check against this data, but is it possible to see what UIDs Firebase authentication is tracking? I think this approach would be better then checking against my own list.

这样做的目的是确保不会使用伪造的UID(例如出于恶意目的)访问这些路由.

The purpose for this is to ensure that these routes are not accessed with a phony UID (e.g. for malicious purposes).

推荐答案

您可以使用服务器上的Firebase Admin SDK来检查特定的UID是否与项目中的Firebase身份验证用户相对应.从有关检索用户数据的Firebase文档:

You can check whether a specific UID corresponds to a Firebase Authentication user in your project by using the Firebase Admin SDK on your server. From the Firebase documentation on retrieving user data:

admin.auth().getUser(uid)
  .then(function(userRecord) {
    // See the UserRecord reference doc for the contents of userRecord.
    console.log("Successfully fetched user data:", userRecord.toJSON());
  })
  .catch(function(error) {
    console.log("Error fetching user data:", error);
  });

这篇关于有没有办法确定Firebase用户的UID是否有效?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！