我如何在 React Native + Expo 下使用 SAML 对 Firebase 中的用户进行身份验证 [英] How do I use SAML to authenticate a user in Firebase under React Native + Expo
问题描述
当我正在寻找一种将 SAML 单点登录添加到我正在开发的 React Native 应用程序的方法时,我在 SO 或其他地方找不到任何问题(或答案),所以我在这里:请参阅我的回答如下.
I couldn't find any questions (or answers) on SO or elsewhere when I was looking for a way to add SAML single-sign-on to the React Native app I'm working on, so here I am: see my answer below.
推荐答案
一开始我尝试遵循 Google 对此的文档 但是在对 WebViews 进行了大量处理并试图对 DOM 撒谎之后,我发现 React Native 根本不支持它(本来可以很高兴在文档中更明显地看到).最终我决定调整这些说明(遵循首先和第二部分)使用由 Expo 的 WebBrowser
充当中间人.这是必需的,因为 firebase 在调用 signInWithRedirect
或 signInWithPopup
时强制执行 https(s): 协议,但 react native 将发送 about: 或类似的协议,当尝试在 JavaScript 中调用甚至嵌套在 WebView 中,但是 expo 调用本机浏览器,因此在 http(s) 协议上工作,同时仍然允许将信息传递回应用程序.可能有一种方法可以使用 react native 的 webview 来做到这一点,但我找不到任何类似的东西.
To start off I tried following Google's documentation for this but after a lot of messing about with WebViews and trying to lie to the DOM, I found out that it simply wasn't supported on react native (something that would have been nice to see in the docs a bit more obviously). Eventually I settled on adapting those instructions (follow the first and second sections) using a dummy webpage opened by Expo's WebBrowser
to act as a middle man. This is needed because firebase enforces https(s): for the protocol when making a call to signInWithRedirect
or signInWithPopup
but react native will send a protocol of about: or something similar when trying the call in JavaScript or even nested in a WebView, expo however calls the native browser and thus works on an http(s) protocol while still allowing information to be passed back into the app. There may be a way to do this using react native's webview, but I couldn't find anything remotely similar.
这个前言让我想到了我想出的解决方案,我分叉 expo 的示例存储库 并提交了最小的概念证明(拉取请求a> 待定).
This preface leads me to the solution I came up with, I forked expo's examples repo and committed a minimal proof of concept (pull request pending).
显然,使用它需要您自担风险,我不是网络安全专家,但即使我知道这里有很多攻击向量.
Obviously use this at your own risk, I am no expert on cybersecurity but even I know there are more than a few vectors for attack here.
这篇关于我如何在 React Native + Expo 下使用 SAML 对 Firebase 中的用户进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!