私有服务器的Firebase身份验证 [英] Firebase authentication for private server

问题描述

我正在开发一个Flutter应用程序，并希望使用Firebase身份验证服务来使我的用户使用以下方式进行注册/登录:

I am developoing a flutter app and want to use Firebase auth service to enable my users to signup/login using:

• 电子邮件/密码
• google
• facebook

我有一个带MySQL数据库的流明后端REST服务器.

I have a lumen backend REST server with MySQL database.

问题:遍历大量的Firebase文档，我无法理解其工作原理的整个流程.

Problem: Going through loads of firebase documentation I cannot understand the whole flow of how this should work.

我可以使用该应用成功创建用户，并且这些用户会出现在firebase控制台中，但是，我不知道如何使他们能够安全地与我的后端服务器通信.

I can successfully create users using the app and they appear in the firebase console, however, I don't know how to enable them to securely talk to my backend server.

我希望Firebase像我的AWS Cognito一样，为我发布访问和刷新令牌，以供我在应用程序和后端之间进行私人通信.相反，它发出的是JWT令牌的"ID令牌"，应在后端进行验证.但是，一旦通过验证我该怎么办?

I would expect Firebase to release an access and refresh tokens for me to use for my private communication between the app and backend, like AWS cognito does. Instead, it issues an "ID Token" that is JWT token and should be verified on backend. But what do I do once it is verified?

如何将数据库中的用户链接到经过身份验证的用户?存储在数据库中以映射到已认证用户的东西是什么?

How do I link my users in my database to the authenticated user? What is the thing to store in the database to map to the authenticated user?

我是否必须通过Admin SDK生成自定义令牌?

Do I have to generate custom tokens via the Admin SDK?

ID令牌是应该在每次请求时从客户端传递到后端然后进行验证的东西吗?但是，从ID令牌到我的数据库又该如何放置以将经过身份验证的用户与其数据链接起来?

Or is the ID Token the thing that should be passed from client to backend on each request and then verified? But still, what do I put from this ID token to my database to link the authenticated user with their data?

推荐答案

这是我现在的操作方法.效果很好.

Here's how I do it now. It works great.

1. 在您的后端服务器上安装Firebase admin sdk(如果您使用的是php)，这是我遵循并可以正常工作的内容:

1. Install Firebase admin sdk on your backend server, if you are using php, here is what I've followed and worked flawlessly: PHP Firebase Admin sdk
2. Aquire firebase idToken using firebase SDK in your client (app), I've used Firebase auth package for this.
3. Send idToken to your backend
4. Use Admin SDK to verify the idToken, if verification is successful it returns a Firebase user object. And you can perform various management actions on it (modify, delete, get different data etc.).
5. Get uid from the Firebase user object.
6. Store uid in your database.
7. Now each time this authenticated user makes a request to your backend server, you attach the idToken to the header of the request.
8. Each time you verify (see step 4) the idToken on your backend server and if the verification is successful you extract the uid to know which user to query in your database.

欢迎对此发表任何评论/改进:)

Any comments/improvements on this are welcome :)

这篇关于私有服务器的Firebase身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！