Chrome扩展背景页面中的Firebase身份验证 [英] Firebase Authentication in a Chrome Extension Background Page

问题描述

如何使用Chrome扩展中的Firebase进行身份验证？我需要在Forge中指定允许的域列表。 Chrome扩展的域名只是一个很大的散列字符串。

我读过这个：authClient.login问题

但是，基于散列的Chrome扩展名的域名在Firebase forge中未被接受。还有另外一种方法可以解决吗？目前我只是读取cookie firebaseSessionKey 来假设我已经登录。但是确实不能让Firebase验证此会话密钥。

正如Rob指出的那样，身份验证无法在不强制原始限制的环境中使用。这里的根本问题是，任何身份验证提供者（Facebook，Twitter，角色，或者你自己的服务）都不能向浏览器发布身份，也就是说使用Facebook登录你的浏览器（或者扩展名）是没有意义的。

Firefox的F1插件遇到了类似的问题（ http://f1.mozillamessaging.com / ） - 您将授权F1以您的名义在Twitter / Facebook上发布。该扩展有一个网站，以及您将从哪里服务的登录页面，并继续像你通常在一个网页。你需要一些代码来在网页和你的扩展之间进行通信，chrome提供了必要的工具。

我会推荐相同的方法 - 创建一个网页真正的域名（Github页面是真棒这个）与您的扩展一起去。这意味着您的扩展程序无法离线工作，但是您的登录或写入Firebase也不行！

How would I authenticate with Firebase in a chrome extension? I need to specify the allowed domain list in the Forge. Chrome domain for the extension is just a big hash-like string.

I did read this: authClient.login problems

But the hashed based domain of a chrome extension is not being accepted in the Firebase forge. Is there another way to go about it? Currently am just reading the cookie firebaseSessionKey to just assume that I am logged in. But surely that can't be as secure as letting Firebase validate this session key.

解决方案

As Rob points out, authentication cannot work in an environment that does not enforce origin restrictions. The fundamental problem here is that any authentication provider (Facebook, Twitter, Persona, or your own service) cannot issue an identity to a browser - i.e. it is meaningless to use Facebook to login to your browser (or extension).

The F1 add-on for Firefox ran into a similar problem (http://f1.mozillamessaging.com/) - where you would authorize F1 to post on twitter/facebook on your behalf. The extension had a website to along with it, from where you would serve the login page and proceed as you would normally in a web page. You'll need some code to communicate between the web page and your extension, chrome provides the tools necessary.

I would recommend the same approach - create a web page on a real domain (Github pages is awesome for this) to go along with your extension. This means your extension can't work offline, but neither can your login or writing to Firebase!

这篇关于Chrome扩展背景页面中的Firebase身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！