Firebase在云功能中验证电子邮件密码 [英] Firebase verify email password in cloud function
问题描述
我需要接受自定义用户名进入我的网站(严格要求字母数字的帐单要求).并且这些用户名应与用户的电子邮件地址互换,以进行登录.
I have a requirement to accept custom usernames into my site (Requirement from biller with strict limitations of alpha numeric.) And these usernames should be interchangeable with the user's email address for login purposes.
我允许用户通过标准的Firebase电子邮件密码身份验证使用其电子邮件和密码进行注册和登录.用户在记帐员处注册,然后通过回发将自定义生成的用户名返回给应用程序.
I allow the user to signup and login with their email and password through the standard firebase email password authentication. The user is registered at the biller, who then returns a custom generated username to the application via a postback.
我已经创建了一个用户名表,其中包含每个用户名所属的用户的UID(最初是电子邮件,并且记帐员生成了用户名)
I have created a usernames table that contains the UID of the user each username belongs to (Initially there is the email, and biller generated usernames)
当用户尝试登录时,我转到用户名表并查找UID.在这一点上,我想使用UID和用户提供的密码通过标准 Firebase身份验证系统登录用户.
When the user attempts to login, I go to the usernames table and lookup the UID. At this point I would like to use the UID just looked up, and the password supplied by the user to log the user in through the standard firebase authentication system.
我一直无法找到任何方法来针对在云函数内部查找的用户帐户验证用户密码是否有效,从而无法生成自定义令牌.
I have been unable to find any way to verify the user's password is valid against a looked up user account inside of cloud functions so that I can generate a custom token.
我可以通过用户名查找用户,找到电子邮件,然后将其发送回客户端,并允许使用该电子邮件和用户提供的密码进行登录,但最好避免使用该密码,因为它将允许用户名以及与不良行为者相互关联的电子邮件地址.
I could lookup the user by the username, find the email, send it back to the client and allow the login to take place with that email and the password the user supplied, but would prefer to avoid it as that will allow usernames and email addresses to be associated with each other by bad actors.
推荐答案
在您的云功能中,除了firebase-admin之外,您还可以安装和使用firebase软件包,并像初始化网页一样对其进行初始化.这样,您可以使用admin SDK查找用户名的电子邮件,然后使用signInWithEmailAndPassword从云功能使用firebase进行身份验证.如果成功,则可以生成自定义令牌并将其发送给客户端.
In your cloud function you can install and use the firebase package besides firebase-admin, and initialize it as if you were initializing a web page. That way you can use the admin SDK to find the email of the username, and then use firebase from the cloud function to authenticate, using signInWithEmailAndPassword. If it succeeds you can then generate a custom token and send it to the client.
我不知道这是否是最好的方法,但是它可行.
I don't know if this is the best approach but it works.
这篇关于Firebase在云功能中验证电子邮件密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
