使用不带第三方Cookie的Google Firebase身份验证 [英] Use Google Firebase Authentication without 3rd Party Cookies

问题描述

我目前正在尝试使用社交媒体登录"，并且意识到如何进行这些登录是有点奇怪的，这是因为我的工作场所(如大多数办公室)都将第三方Cookie作为安全策略进行了封锁.

I'm currently experimenting with Social Media Sign-in and have realised something slightly strange on how these logins are delivered which is stemming from the fact that my workplace, like most offices, blocks 3rd party cookies as a security policy.

Google Firebase身份验证使用第三方Cookie，因此，如果我尝试使用Firebase，我已按预期重定向到Google页面，但是登录后又重定向回了原始网页(并且Firebase尝试设置Cookie)，我收到一条错误消息，提示This browser is not supported or 3rd party cookies and data may be disabled.

Google Firebase Authentication uses 3rd party cookies and so if I try to use Firebase, I'm redirected to the Google page (as expected) but when I'm redirected back to the originating webpage after logging in (and Firebase tries to set cookies), I get an error saying This browser is not supported or 3rd party cookies and data may be disabled.

但是， MongoDB Stitch 可以正常工作，即使有第三方Cookie已禁用.我确实似乎无法理解为什么会这样，但是我希望这里的人能对此有所启发.如果有帮助，MongoDB Stitch要求您在Google控制台中将https://stitch.mongodb.com设置为Origin URI，将https://stitch.mongodb.com/api/client/v2.0/auth/callback设置为Authorized Redirect URI-同时您必须在MongoDB控制台中设置自己的网站URI，我认为这可能有所不同吗?

However, MongoDB Stitch somehow works and I'm able to actually login, even with 3rd party cookies disabled. I really can't seem to make sense of why that's the case but I'm hoping someone here can shed some light on it. If it helps, MongoDB Stitch asks that you set https://stitch.mongodb.com as Origin URI and https://stitch.mongodb.com/api/client/v2.0/auth/callback as Authorised Redirect URI in the Google Console - whilst you have to setup your own website URIs inside the MongoDB Console which I believe might be the difference?

无论如何，MongoDB Stitch的文档严重不足(由于仍处于公开Beta版)，所以我真的很想尽可能地使用Google Firebase.

In any case, MongoDB Stitch's documentation is severely deficient (thanks to it still being in Public Beta) so I would really like to go the Google Firebase way if at all possible.

1. 有人知道MongoDB Stitch如何绕过设置第3方Cookie
2. 在禁用第三方Cookie的情况下如何使用Google Firebase身份验证

推荐答案

您是否尝试过使用gapi.auth2，即

Have you tried using gapi.auth2, the Google sign in library for Javascript? Last time I checked, it worked with 3rd party cookies disabled. You can use it to obtain a Google ID token or access token and then sign in to Firebase:

firebase.auth().signInWithCredential(firebase.auth.GoogleAuthProvider.credential(googleIdToken, googleAccessToken))...`

这篇关于使用不带第三方Cookie的Google Firebase身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！