如何在nodejs的firebase-admin中对用户进行身份验证? [英] How to authenticate an user in firebase-admin in nodejs?
问题描述
目前,我正在nodejs上创建Firebase API.我想在nodejs上使用firebase-admin处理所有Firebase内容(例如身份验证).但是,在客户端上没有 使用Javascript Firebase SDK的情况下,通过firebase-admin中的nodejs验证用户身份的正确方法是什么?在正式的管理员文档中,我找不到名为<用于nodejs的strong> signInWithEmailAndPassword (例如在客户端SDK上).只有一个名为" getUserByEmail "的功能,但是此功能不会检查用户是否输入了正确的密码.
At the moment I am creating a Firebase API on nodejs. I would like to handle all Firebase stuff (like authentication) with firebase-admin on nodejs. But what is the correct way to authenticate a user over nodejs in firebase-admin without the Javascript Firebase SDK on the client side? On the official documentation for admin I didn't find a function called signInWithEmailAndPassword (like as on the client side SDK) for nodejs. There is only a function called: "getUserByEmail", but this function doesn't check if the user has entered the correct password.
这是我的表格:
<form class="sign-box" action="/login" method="post">
<div class="form-group">
<input id="username" name="username" type="text" class="form-control" placeholder="E-Mail"/>
</div>
<div class="form-group">
<input id="password" name="password" type="password" class="form-control" placeholder="Password"/>
</div>
<button type="submit" class="btn btn-rounded">Sign in</button>
</form>
提交表单后,我将值传递给nodejs中的API:
Once the form is submitted I pass the values to my API in nodejs:
app.post('/login', urlencodedParser, function (req, res) {
// getting the values
response = {
username: req.body.username,
password: req.body.password
};
// authenticate the user here, but how ?
});
我的第一个想法是使用客户端上的Firebase SDK通过 signInWithEmailAndPassword 登录并获取uid.拥有UID之后,我想将UID发送给nodejs并调用函数createCustomToken并将生成的令牌(带有一些其他声明)返回给客户端.取回令牌后,我将使用功能 signWithCustomToken (在客户端)对用户进行身份验证.这是正确的方法还是有更好的方法?
My first idea was to use the Firebase SDK on the client side to sign in with signInWithEmailAndPassword and to get the uid. Once I had the UID I wanted to sent the UID to nodejs and call the function createCustomToken and to return the generated token (with some additional claims) back to the client. Once I get the token back I would use the function signWithCustomToken (on the client side) to authenticate the user. Is this way correct or is there a better way ?
推荐答案
实际上,为了进行身份验证,您将需要使用firebase常规api,而无需管理员.
Actually for authentication you will need to use the firebase regular api, no the admin.
首先,这将为您提供刷新的Firebase令牌,而不是自定义令牌. 如果您愿意,可以执行相同的操作以获取自定义标记,如果您需要自定义标记,我也有一个示例.
First this will give you a refreshed firebase token, not a custom token. If you like you can do the same to obtain a custom token, if you need a custom token, I also have an example.
npm install firebase --save
npm install firebase --save
const firebase = require("firebase");
const config = {
apiKey: "",
authDomain: "",
databaseURL: "",
projectId: "",
storageBucket: "",
messagingSenderId: ""
};
firebase.initializeApp(config);
我正在发布我的登录Firebase函数,但是您可以对其进行更改以方便表达.
I am posting my login firebase function but you will be able to change it to express easily.
exports.login = functions.https.onRequest((req, rsp)=>{
const email = req.body.email;
const password = req.body.password;
const key = req.body.key;
const _key = '_my_key_';
let token = '';
if(key === _key){
firebase.auth().signInWithEmailAndPassword(email,password).then((user)=>{
//The promise sends me a user object, now I get the token, and refresh it by sending true (obviously another promise)
user.getIdToken(true).then((token)=>{
rsp.writeHead(200, {"Content-Type": "application/json"});
rsp.end(JSON.stringify({token:token}));
}).catch((err)=>{
rsp.writeHead(500, {"Content-Type": "application/json"});
rsp.end(JSON.stringify({error:err}));
});
}).catch((err)=>{
rsp.writeHead(500, {"Content-Type": "application/json"});
rsp.end(JSON.stringify({error:err}));
});
} else {
rsp.writeHead(500, {"Content-Type": "application/json"});
rsp.end(JSON.stringify('error - no key'));
}
});
注意:我正在使用此登录功能来与Postman一起测试我的其他功能,所以这就是为什么我发送密钥的原因,所以我可以私下使用它.
NOTE: I am using this login function to test my other functions with Postman, so that is why i am sending a key, so I can use this privately.
现在结合使用ADMIN和FIREBASE节点apy,我可以在firebase上使用HTTP函数来做很多非常有趣的事情.
Now combining the ADMIN and FIREBASE node apy I am able to do a lot of very interesting stuff with HTTP functions on my firebase.
希望它会有所帮助.
这篇关于如何在nodejs的firebase-admin中对用户进行身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!