如何在nodejs的firebase-admin中对用户进行身份验证? [英] How to authenticate an user in firebase-admin in nodejs?

问题描述

目前，我正在nodejs上创建Firebase API.我想在nodejs上使用firebase-admin处理所有Firebase内容(例如身份验证).但是，在客户端上没有 使用Javascript Firebase SDK的情况下，通过firebase-admin中的nodejs验证用户身份的正确方法是什么?在正式的管理员文档中，我找不到名为<用于nodejs的strong> signInWithEmailAndPassword (例如在客户端SDK上).只有一个名为" getUserByEmail "的功能，但是此功能不会检查用户是否输入了正确的密码.

At the moment I am creating a Firebase API on nodejs. I would like to handle all Firebase stuff (like authentication) with firebase-admin on nodejs. But what is the correct way to authenticate a user over nodejs in firebase-admin without the Javascript Firebase SDK on the client side? On the official documentation for admin I didn't find a function called signInWithEmailAndPassword (like as on the client side SDK) for nodejs. There is only a function called: "getUserByEmail", but this function doesn't check if the user has entered the correct password.

这是我的表格:

<form class="sign-box" action="/login" method="post">

      <div class="form-group">
          <input id="username" name="username" type="text" class="form-control" placeholder="E-Mail"/>
      </div>
      <div class="form-group">
          <input id="password" name="password" type="password" class="form-control" placeholder="Password"/>
      </div>
      <button type="submit" class="btn btn-rounded">Sign in</button>

</form>

提交表单后，我将值传递给nodejs中的API:

Once the form is submitted I pass the values to my API in nodejs:

app.post('/login', urlencodedParser, function (req, res) {

    // getting the values

    response = {
        username: req.body.username,
        password: req.body.password

    };    

    // authenticate the user here, but how ?

});

我的第一个想法是使用客户端上的Firebase SDK通过 signInWithEmailAndPassword 登录并获取uid.拥有UID之后，我想将UID发送给nodejs并调用函数createCustomToken并将生成的令牌(带有一些其他声明)返回给客户端.取回令牌后，我将使用功能 signWithCustomToken (在客户端)对用户进行身份验证.这是正确的方法还是有更好的方法?

My first idea was to use the Firebase SDK on the client side to sign in with signInWithEmailAndPassword and to get the uid. Once I had the UID I wanted to sent the UID to nodejs and call the function createCustomToken and to return the generated token (with some additional claims) back to the client. Once I get the token back I would use the function signWithCustomToken (on the client side) to authenticate the user. Is this way correct or is there a better way ?

推荐答案

实际上，为了进行身份验证，您将需要使用firebase常规api，而无需管理员.

Actually for authentication you will need to use the firebase regular api, no the admin.

首先，这将为您提供刷新的Firebase令牌，而不是自定义令牌. 如果您愿意，可以执行相同的操作以获取自定义标记，如果您需要自定义标记，我也有一个示例.

First this will give you a refreshed firebase token, not a custom token. If you like you can do the same to obtain a custom token, if you need a custom token, I also have an example.

npm install firebase --save

npm install firebase --save

const firebase = require("firebase");
const config = {
    apiKey: "",
    authDomain: "",
    databaseURL: "",
    projectId: "",
    storageBucket: "",
    messagingSenderId: ""
};
firebase.initializeApp(config);

我正在发布我的登录Firebase函数，但是您可以对其进行更改以方便表达.

I am posting my login firebase function but you will be able to change it to express easily.

exports.login = functions.https.onRequest((req, rsp)=>{
    const email = req.body.email;
    const password = req.body.password;
    const key = req.body.key;
    const _key = '_my_key_';
    let token = '';
    if(key === _key){           
    firebase.auth().signInWithEmailAndPassword(email,password).then((user)=>{
//The promise sends me a user object, now I get the token, and refresh it by sending true (obviously another promise)            
user.getIdToken(true).then((token)=>{
                rsp.writeHead(200, {"Content-Type": "application/json"});
                rsp.end(JSON.stringify({token:token}));
            }).catch((err)=>{
                rsp.writeHead(500, {"Content-Type": "application/json"});
                rsp.end(JSON.stringify({error:err}));
            });
        }).catch((err)=>{
            rsp.writeHead(500, {"Content-Type": "application/json"});
            rsp.end(JSON.stringify({error:err}));
        });
    } else {
        rsp.writeHead(500, {"Content-Type": "application/json"});
        rsp.end(JSON.stringify('error - no key'));
    }
});

注意:我正在使用此登录功能来与Postman一起测试我的其他功能，所以这就是为什么我发送密钥的原因，所以我可以私下使用它.

NOTE: I am using this login function to test my other functions with Postman, so that is why i am sending a key, so I can use this privately.

现在结合使用ADMIN和FIREBASE节点apy，我可以在firebase上使用HTTP函数来做很多非常有趣的事情.

Now combining the ADMIN and FIREBASE node apy I am able to do a lot of very interesting stuff with HTTP functions on my firebase.

希望它会有所帮助.

这篇关于如何在nodejs的firebase-admin中对用户进行身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！