在Google App Engine中使用Firebase身份验证 [英] Using Firebase Authentication with Google App Engine
问题描述
我是新手,所以对您的帮助表示赞赏.
I'm a newbie so any help appreciated.
我已经使用Google App Engine(节点)创建了可返回简单"hello world"响应的应用程序/服务,请参见
I've created an app/service using Google App Engine (node) that returns a simple 'hello world' response, see https://resumetemplatesconverter.appspot.com/
我还有一个Polymer Web应用程序,该应用程序使用Firebase身份验证进行注册,登录,注销等.
I've also got a Polymer web app that uses Firebase Authentication for sign up, sign in, sign out, etc.
问题是,配置Google App Engine应用程序/服务的最佳方法是什么,以便只有通过Polymer Web应用程序认证的用户才能使用它?
Question is, what is the best way to configure the Google App Engine app/service so that only users authenticated with the Polymer web app can use it?
谢谢.
推荐答案
Firebase(授权服务器)将令牌(访问令牌)发送回客户端(浏览器).
Firebase (Authorization Server) sends a token (Access Token) back to the client (browser).
客户端现在使用该令牌向您的App Engine服务(资源服务器)发出请求.
The client now makes a request to your app engine service (Resource Server) with that token.
您需要做的是检查令牌是否有效以及令牌是否有效.
OAuth 2.0 规范并未明确定义资源服务器和授权服务器之间用于访问令牌验证的交互:
The OAuth 2.0 spec doesn't clearly define the interaction between a Resource Server and Authorization Server for access token validation:
访问令牌属性和用于访问受保护资源的方法超出了本规范的范围,并且由伴随规范定义.
Access token attributes and the methods used to access protected resources are beyond the scope of this specification and are defined by companion specifications.
因此,对于您使用的每种身份验证服务(Google,Facebook,GitHub等),您都必须查看如何验证访问令牌.
So for each authentication service (Google, Facebook, GitHub, etc.) you use, you have to look up how to validate the Access Token.
示例:
请求(从您的应用引擎后端)
Request (from your app engine backend)
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123
响应
{
// These six fields are included in all Google ID Tokens.
"iss": "https://accounts.google.com",
"sub": "110169484474386276334",
"azp": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"aud": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"iat": "1433978353",
"exp": "1433981953",
// These seven fields are only included when the user has granted the "profile" and
// "email" OAuth scopes to the application.
"email": "testuser@gmail.com",
"email_verified": "true",
"name" : "Test User",
"picture": "https://lh4.googleusercontent.com/-kYgzyAWpZzJ/ABCDEFGHI/AAAJKLMNOP/tIXL9Ir44LE/s99-c/photo.jpg",
"given_name": "Test",
"family_name": "User",
"locale": "en"
}
您可以从后端服务器发出简单请求,但最好使用 Google API客户端库
You can make this plain request from your backend server but it would be better using one of the Google API Client Libraries
有关此处的有关通过后端服务器进行身份验证的更多信息,请参见此处. a>
See here for more info regarding Authenticate with a backend server
这篇关于在Google App Engine中使用Firebase身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!