将Firebase身份验证令牌通过SSL传递给应用服务器 [英] Passing Firebase Auth Token via SSL to App server

问题描述

客户端会请求应用服务器在firebase数据上执行一些任务。

将user.firebaseauthToken通过SSL（在POST中，而不是url编码）传递给应用程序服务器是安全的，服务器可以简单地使用该令牌进行身份验证从Firebase简单登录获得的身份验证令牌已经通过SSL从Firebase传递到您的客户端 - 所以对于您通过SSL传递给你的应用程序服务器真的没有什么不同。

你也可以考虑的一件事是消除任何东西到你的应用程序服务器的需要。您可以设置一个工作节点，利用Firebase的实时数据同步来监听用户数据的变化，并在检测到某个变化/状态时执行所需的任何处理。

I have some rather heavy/complicated logic that needs to reside on an app server.

The client would request the app server to perform some tasks on firebase data.

Is it safe to pass the user.firebaseauthToken via SSL (in a POST, not url encode) to the app server, where the server could simply use the token for authentication?

解决方案

The Auth Token you get from Firebase Simple Login is already being passed over SSL from Firebase to your client - so for you to pass it to your app server over SSL really isn't any different.

One thing you might also consider is eliminating the need to POST anything to your app server. You can setup a worker node that takes advantage of Firebase's real-time data sync to listen for changes to your user's data, and execute whatever processing it needs to when it detects a certain change/state.

这篇关于将Firebase身份验证令牌通过SSL传递给应用服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！