Firebase Auth 登录区别 [英] Firebase Auth signIn distinction
问题描述
在我的网站上,我有两个登录门户.门户 A 是学习者的登录.门户 B 是教师的登录.
On my website, I have two portals for login. Portal A is login for learners. Portal B is login for teachers.
学习者和教师的帐户都位于同一个 Firebase 项目中,换句话说,两种类型的帐户都位于同一个身份验证空间中.两个门户使用相同的简单登录代码:firebase.auth().signInWithEmailAndPassword(user_email, user_password).catch(function(error) {})
Both learners' and teachers' accounts are located in the same Firebase project, in another words, both types of accounts are located in the same authentication space. Both portals use the same simple login code:
firebase.auth().signInWithEmailAndPassword(user_email, user_password).catch(function(error) {})
目前,学习者可以在两个门户网站上登录,教师也可以登录.我想要做的是阻止教师登录学习者的门户,反之亦然.我不确定如何实现这一点.我已经创建了一个 setCustomUserClaim 来为身份验证令牌上的两种类型的帐户提供身份.但是我只能在用户登录后获取身份验证令牌,而不是在我想之前.另外,我有一个 Firestore 集合,用于存储用户的所有信息,包括他们的身份.但是每个用户的文档都以其对应的 UID 命名.后者也可以在登录后获取.关于如何实现这一点有什么想法吗?
Currently, the learners can login at both portals, and same for the teachers. What I am trying to do is to prevent the teachers to login at the learners' portal and vice versa. I am not sure how to implement this. I have made a setCustomUserClaim to give an identity to the two types of accounts on the authentication token. But I can only grab the auth token once the user is logged in, not before I think. Also, I have a Firestore collection that stores all the info of the users including their identity. But each user's document is named with their corresponding UID. The latter can be grabbed once they login in as well. Any idea on how to implement this?
推荐答案
Firebase 身份验证没有内置方法来区分这两种类型的用户.它只是验证用户输入的凭据,并确保它们是正确的.如果某些用户只能访问某个应用程序或某些数据,则这些信息必须来自您.
Firebase Authentication has no built-in way to distinguish between these two types of users. It simply authenticates the credentials that a user enters, and ensure that they're correct. If certain users can only access a certain application or certain data, this is information that will have to come from you.
以上内容很重要,所以我要重复一遍:Firebase 身份验证允许所有用户进行身份验证,只要他们提供正确的凭据.它无法根据特定于应用程序的信息(例如您的用户类型)阻止对身份验证的访问.这种类型的授权逻辑是您的应用程序的一部分,无论是在代码中还是在(如果您使用 Firebase 数据库)服务器端安全规则中.
The above is important to realize, so I'll repeat it: Firebase Authentication allows all users to authenticate as long as they provide the right credentials. It has no way to block access to authentication based on application-specific information, such as your user-type. This type of authorization logic is part of your application, both in code and (if you use a Firebase Database) of your server-side security rules.
实现您的场景的常用方法是将有关用户类型的信息添加到数据库(例如 Firebase 的实时数据库或 Cloud Firestore).例如,您可以在此数据中存储所有教师的电子邮件地址.
A common way to implement your scenario is to add the information about the types of users to a database (such as Firebase's Realtime Database, or Cloud Firestore). In this data you could for example store the email addresses of all teachers.
现在有了这些信息,您的代码就可以确定登录网站的人是否是教师.如果他们是登录学生网站的教师,您可以重定向他们,反之亦然.
Now with this information, your code can then determine whether the person who signed in to the site is a teacher or not. If they're a teacher signing in to the student web site, you can redirect them, and vice versa.
这篇关于Firebase Auth 登录区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
