如何验证由 createCustomToken() 创建的自定义 Firebase 身份验证令牌 [英] How to verify custom Firebase Auth Token, created by createCustomToken()

问题描述

我通过 createCustomToken() 创建了自定义身份验证令牌，请参阅 https:///firebase.google.com/docs/auth/admin/create-custom-tokens.

I created custom Auth Token via createCustomToken(), see https://firebase.google.com/docs/auth/admin/create-custom-tokens.

但稍后当我尝试通过 verifyIdToken() 函数验证此令牌时，它会引发以下错误

But later on when I try to verify this token via verifyIdToken() function it throws following error

Error: verifyIdToken() expects an ID token, but was given a custom token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.

这是合理的，因为没有这样的ID...但是我需要的-只是简单地验证令牌，类似于jwt.verify()...

Which is rational, because there is no such ID... But what I need - is to simply verify the token, similar to jwt.verify()...

有没有人遇到过这个问题，找到了什么解决方案?是否可以通过 jsonwebtoken 库验证 Firebase 身份验证令牌?

Has anyone came across this problem and what solution was found? Is it possible to verify Firebase auth token via jsonwebtoken library?

附言我将在 Google Cloud Function 端点中使用验证

P.S. I am gonna use verification in Google Cloud Function endpoints

解决方案:看起来我刚刚找到了解决方案 https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library 只需要从 https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com 并使用 jsonwebtoken 库进行验证...

SOLUTION: Looks like I just found a solution https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library Just need to grap public key from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com and use jsonwebtoken library to verify it...

推荐答案

verifyIdToken 就像名字是验证IdToken，而不是自定义token.

verifyIdToken like the name is to verify IdToken, not custom token.

CustomToken 用于客户端登录.可以使用简单的 JWT 验证来验证此自定义令牌，例如您的解决方案(它会在一小时后过期).

CustomToken is for client to sign in. This custom token can be verify using simple JWT verification like your solution (it expire after one hour).

但 IdToken 是另一回事，您需要使用 firebase auth 进行登录过程.

But the IdToken is another story, you need to do sign in process using firebase auth.

登录后从客户端获取Id Token，取决于客户端是Android、Web还是IOS.获取 IdToken 的代码可以在 本节

To Get The Id Token from client after signIn, it's depend whether the client is Android, Web, or IOS. The code to get the IdToken can be read in this section

这篇关于如何验证由 createCustomToken() 创建的自定义 Firebase 身份验证令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！