如何验证由createCustomToken()创建的自定义Firebase身份验证令牌 [英] How to verify custom Firebase Auth Token, created by createCustomToken()

问题描述

我通过createCustomToken()创建了自定义身份验证令牌，请参见 https: //firebase.google.com/docs/auth/admin/create-custom-tokens .

I created custom Auth Token via createCustomToken(), see https://firebase.google.com/docs/auth/admin/create-custom-tokens.

但是稍后，当我尝试通过verifyIdToken()函数验证此令牌时，它会引发以下错误

But later on when I try to verify this token via verifyIdToken() function it throws following error

Error: verifyIdToken() expects an ID token, but was given a custom token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.

这是合理的，因为没有这样的ID ...但是我需要的-只是简单地验证令牌，类似于jwt.verify()...

Which is rational, because there is no such ID... But what I need - is to simply verify the token, similar to jwt.verify()...

有人遇到过这个问题，找到了什么解决方案?是否可以通过jsonwebtoken库验证Firebase身份验证令牌?

Has anyone came across this problem and what solution was found? Is it possible to verify Firebase auth token via jsonwebtoken library?

P.S.我将在Google Cloud Function端点中使用验证

P.S. I am gonna use verification in Google Cloud Function endpoints

解决方案:看来我刚刚找到了解决方案 https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library 只需从

SOLUTION: Looks like I just found a solution https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library Just need to grap public key from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com and use jsonwebtoken library to verify it...

推荐答案

verifyIdToken就像名称是用来验证IdToken，而不是自定义标记.

verifyIdToken like the name is to verify IdToken, not custom token.

CustomToken用于sign in的客户端.可以使用简单的JWT验证(如您的解决方案)来验证此自定义令牌(一小时后失效).

CustomToken is for client to sign in. This custom token can be verify using simple JWT verification like your solution (it expire after one hour).

但是IdToken是另一回事，您需要使用firebase auth进行登录过程.

But the IdToken is another story, you need to do sign in process using firebase auth.

在登录后从客户端获取Id Token ，这取决于客户端是Android，Web还是IOS. 可以在此部分中阅读获取IdToken的代码.

To Get The Id Token from client after signIn, it's depend whether the client is Android, Web, or IOS. The code to get the IdToken can be read in this section

这篇关于如何验证由createCustomToken()创建的自定义Firebase身份验证令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！