Firebase:什么时候应该使用refreshToken? [英] Firebase: When should I use refreshToken?
问题描述
根据 Firebase文档,刷新令牌为仅适用于需要显式刷新令牌的高级情况.
在什么情况下我应该使用该令牌,使用令牌有什么好处?
In which cases should I use that token, and what are the advantages of using it?
private afAuth: AngularFireAuth
this.afAuth.auth.currentUser.getIdToken()
.then(idToken => // Gives me a different token from key name called pa);
此外,我不确定refreshToken和getIdToken()返回的令牌之间的区别.目前,我正在将后者用于HTTP请求.
Also, I'm not sure the difference between refreshToken and the returned token from getIdToken(). Currently, I'm using the latter for HTTP requests.
注意::getIdToken 将用于标识用户的JWT令牌返回到Firebase服务.
推荐答案
刷新令牌:
用户帐户的刷新令牌.仅用于需要显式刷新令牌的高级方案.
A refresh token for the user account. Use only for advanced scenarios that require explicitly refreshing tokens.
GetIdToken:
将用于标识用户的JWT令牌返回到Firebase服务. 如果当前令牌尚未过期,则返回该令牌,否则将刷新该令牌并返回一个新令牌.
Returns a JWT token used to identify the user to a Firebase service. Returns the current token if it has not expired, otherwise this will refresh the token and return a new one.
在以下情况下使用refreshtoken:
刷新当前用户的访问令牌.在以下情况下可能会发生这种情况:
- 访问令牌过期:这是一种常见情况.刷新令牌用于获取一组新的有效令牌.
-
用户更改密码:Firebase发出新的访问和刷新令牌,并使旧令牌过期.出于安全原因,这会自动使用户令牌失效和/或在每台设备上注销用户.
- The access token expires: this is a common situation. The refresh token is used to get a new valid set of tokens.
The user changes their password: Firebase issues new access and refresh tokens and renders the old tokens expired. This automatically expires the user's token and/or signs out the user on every device, for security reasons.
用户重新进行身份验证:某些操作要求最近颁发用户凭据;此类操作包括删除帐户,设置主电子邮件地址和更改密码.
The user re-authenticates: some actions require that the user's credentials are recently issued; such actions include deleting an account, setting a primary email address, and changing a password. Instead of signing out the user and then signing in the user again, get new credentials from the user, and pass the new credentials to the reauthenticate method of the User object.
这篇关于Firebase:什么时候应该使用refreshToken?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
