获取巨大的Firebase访问令牌 [英] Getting huge Firebase access token
问题描述
我将Firebase身份验证与Cloud Endpoints Frameworks一起使用. 在这种情况下,我有两个共同属于的问题:
I'm using Firebase authentication together with Cloud Endpoints Frameworks. In context of this, I have two questions which belong together:
在我的Android应用中,我通过以下方式成功登录后要求访问令牌:
In my Android app I'm requesting the access token after a successfully login in the following way:
FirebaseUser user = mFirebaseAuthenticator.getCurrentUser();
user.getIdToken(true).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
public void onComplete(@NonNull Task<GetTokenResult> task) {
if (task.isSuccessful()) {
mIDToken = task.getResult().getToken();
Log.d("attempLogin", "GetTokenResult result = " + mIDToken);
} else {
Log.d("attempLogin", "Cannot get token = " + task.getException());
}
}
});
然后,我将收到的访问令牌传递给自动生成的 端点框架客户端API方法 allOrdersRequest(...)
Afterwards I pass the received access token to the automatically generated endpoints framework client API method allOrdersRequest(...)
OrderCollection orders = allOrdersRequest.setOauthToken(mIDToken).execute();
执行有效和授权的后端API调用.
to execute a valid and authorized backend API call.
第一个问题: 收到的访问令牌大约有800个字符,我认为这是 相对太多.每个后端API方法请求都必须发送将近1kb的数据.我的假设是正确的,还是应该(甚至可以)在Firebase控制台中更改访问令牌的大小?
1st question: The received access token has about 800 characters, which is in my opinion relatively too much. It's almost 1kb which has to be send with each backend API method request. Is my assumption correct, or should (or even can I) change the access token size in Firebase's console?
第二个问题: 将接收到的令牌传递到端点框架客户端API的 setOauthToken()方法以执行授权的API请求的正确方法,还是每次 allOrdersRequest的httpheader时我都必须操纵()?
2nd question: Is it the right way to pass the received token to the setOauthToken() method of the endpoints framework client API to perform an authorized API request, or must I manipulate each time the httpheader of the allOrdersRequest()?
推荐答案
我找到了授权云端点API请求的正确方法:
I found the correct way to authorize a cloud endpoints API request:
使用来自我生成的云端点之一的 client API请求中的方法 setOauthToken()(在此示例中,方法 allOrdersRequest()是后端api方法)是错误的方法. 而是必须指定类型 bearer 的"Authorization" http标头字段,并在REST API请求(端点客户端API)中为其分配所请求的Firebase访问令牌(idToken)
Using the method setOauthToken() from one of my generated cloud endpoints client API requests (in this example the method allOrdersRequest() is a backend api method) is the wrong way. Instead, it is neccessary to specify the "Authorization" http header field of typ bearer and assign to it the requested Firebase access token (idToken) in the REST API request (endpoints client API)
这里是一个例子:
//启动云端点客户端API构建器 Endpoint.Builder端点=新的Endpoint.Builder(AndroidHttp.newCompatibleTransport(),新的GsonFactory(),null); endpoint.setRootUrl("<a href="https://my_project_id.appspot.com/_ah/api/" rel="nofollow noreferrer"> https://my_project_id.appspot.com/_ah/api/ "); endpoint.setApplicationName("my_project_id");
// Initiate cloud endpoints client API builder Endpoint.Builder endpoint = new Endpoint.Builder(AndroidHttp.newCompatibleTransport(), new GsonFactory(), null); endpoint.setRootUrl("https://my_project_id.appspot.com/_ah/api/"); endpoint.setApplicationName("my_project_id");
Endpoint service = endpoint.build();
HttpHeaders authorizationHeader = new HttpHeaders();
authorizationHeader.setAuthorization("Bearer " + mAccessToken);
// Model instance
OrderRequest orderRequest = new OrderRequest();
orderRequest.setBagId(35);
orderRequest.setPriority(9);
orderRequest.setCustomer("foo@bar.com");
try {
Endpoint.ProcesOrderRequest request = service.procesOrderRequest(orderRequest);
request.setRequestHeaders(authorizationHeader);
Order order = request.execute();
Log.d("ExecuteAPIRequest", "OrderId result = " + order.getOrderId());
} catch (IOException ex) {
System.out.println("Exception caught: " + ex.getMessage());
}
这篇关于获取巨大的Firebase访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
