如何检测idToken到期? [英] How to detect idToken expiry?

问题描述

我有一个登录页面，该页面使用以下方法对用户进行身份验证 signInWithEmailAndPassword()使用Javascript客户端SDK.

I have a login page that authenticates users using signInWithEmailAndPassword() using Javascript client SDK.

如果登录成功，则将用户(连同idToken)重定向到成员页面.

If a login is successful, user is redirected (along with the idToken) to the member page.

在服务器端(使用firebase admin SDK的nodejs)，成员页面检查idToken的有效性，如果有效，则从Firebase获取用户特定的数据并将其显示在网页上.在会员页面上，有很多数据可供查看/编辑/删除等.因此，用户在此页面上花费的时间可能不会超过一个小时.

On the server side (nodejs using firebase admin SDK), the member page checks the validity of idToken and if valid, it gets the user-specific data from Firebase and displays it on the webpage. On the member page, there is lots of data to see/edit/delete etc. So it's not inconceivable that a user might spend more than an hour in this page.

我的问题是，我找不到检测idToken是否已过期的方法.理想情况下，我想刷新并获取一个新的idToken.那可能吗?如果那不可能，我想在idToken过期时将用户重定向到登录页面.

My problem is, I couldn't find a way to detect if the idToken has expired. Ideally I would like to refresh and get a new idToken. Is that possible? If that is not possible, I would like to redirect the user to login page when idToken expires.

但是我无法弄清楚如何实现这两个目标.当idToken过期时，似乎不会触发onAuthStateChanged和onIdTokenChanged.而且我无法像firebase.auth().currentUser.getIdToken(true)这样执行idToken的forceRefresh.因为在成员页面上，firebase.auth().currentUser返回null.

But I am not able to figure out how to achieve either one. Looks like onAuthStateChanged and onIdTokenChanged are not triggered when idToken expires. And I am not able to do a forceRefresh of idToken like, firebase.auth().currentUser.getIdToken(true). Because on member page, firebase.auth().currentUser returns null.

关于如何处理这种情况的任何建议?

Any suggestion on how to handle this scenario?

谢谢.

推荐答案

使用Firebase Node.js Admin SDK，可以在调用verifyIdToken()时通过将checkRevoked参数设置为true.

Using the Firebase Node.js Admin SDK, you can check for a revoked or expired ID token when calling verifyIdToken() by setting the checkRevoked parameter to true.

verifyIdToken(idToken: string, checkRevoked?: boolean): Promise<DecodedIdToken>

checkedRevoked :布尔值
是否检查ID令牌是否被撤销.这需要向Firebase Auth后端提出额外的请求，以检查相应用户的tokensValidAfterTime时间.如果未指定，则不应用此附加检查.

checkedRevoked: boolean
Whether to check if the ID token was revoked. This requires an extra request to the Firebase Auth backend to check the tokensValidAfterTime time for the corresponding user. When not specified, this additional check is not applied.

admin.auth().verifyIdToken(idToken, true)
  .then(function(decodedToken) {
    let uid = decodedToken.uid;
    // ...
  }).catch(function(error) {
    // Handle error for expired ID token
  });

或者，可以在客户端上检查ID令牌有效载荷声明.有关如何使用第三种验证ID令牌的文档第三方JWT库显示有效载荷声明.

Alternatively, the ID token payload claims may be checked on the client. The documentation for how to Verify ID tokens using a third-party JWT library show the payload claims.

exp 到期时间:必须在将来.时间是自UNIX时代以来的秒数.

exp expiration time: Must be in the future. The time is measured in seconds since the UNIX epoch.

jwt.io 引用支持客户端令牌验证的库.

jwt.io references libraries that support client-side token verification.

另请参见:如何在客户端以角度5解码JWT编码的令牌有效载荷?

这篇关于如何检测idToken到期?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！