自定义声明与访问安全规则中的引用? [英] Custom claims vs accessing refs in security rules?
问题描述
我们正在将Firebase应用程序与Twitter auth集成在一起,并在数据库中的任何地方都将Twitter screen_name用作我们主要的可读用户名.
We're integrating our Firebase app with Twitter auth and use the Twitter screen_name as our main human-readable username everywhere in the db.
关于安全规则,这显然是一个缺点:我们不知道screen_name,因为它不包含在auth.token中.我们可以做的是root.child('users').child($screen_name).child('uid').val() === auth.uid.
When it comes to security rules, this is obviously a drawback: We don't know the screen_name as it is not included in auth.token. What we can do, is root.child('users').child($screen_name).child('uid').val() === auth.uid.
将Twitter screen_name放入auth.token安全规则上下文的唯一方法是通过自定义声明,对吗?这样做的首选方法是什么?有关人类可读的用户名的其他模式建议?
Only way to get the Twitter screen_name into the auth.token security rule context is via custom claims, right? What's the preferred method of doing this? Other pattern suggestions for human readable usernames?
推荐答案
The option to add custom claims to user tokens is a relatively new addition to Firebase Authentication. Before this feature was available, storing additional information in the database was the only way to accomplish many scenarios. For that reason you'll find that most samples, questions, and documentation shows how to store the additional information in the database.
不过,在令牌中存储其他声明具有许多优点.其中一些:
Storing additional claims in the token has many advantages though. A few of those:
- 自定义声明已在您的安全规则中提供,而从数据库中读取信息通常需要额外读取.
- 所有产品的安全规则中都可以使用自定义声明,而从数据库中读取其他信息仅适用于数据库规则.
使用数据库存储其他信息还有一些优点:
There are also a few advantages to using the database to store additional information:
- 数据库中的信息可以是相对无限的,而自定义声明信息必须非常短.
- 我通常更喜欢在数据库中查看其他信息,因为这样可以更轻松地扫描信息.
如果您在安全规则中使用Twitter屏幕名称,那么听起来自然适合自定义声明.如果您还想在用户界面中显示用户的Twitter屏幕名称,您可能还会 希望将其存储在数据库中.
If you're using the Twitter screen name in your security rules, it sounds like a natural fit for custom claims. If you also want to show the Twitter screen name for users in the UI, you'll probably also want to store it in the database.
这篇关于自定义声明与访问安全规则中的引用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
