如何在Firebase中实施Steam Auth? [英] How to implement Steam Auth with Firebase?
问题描述
我发现的只是这个旧答案:
All I found was this old answer:
https://groups.google.com/forum/#!topic/firebase-talk/rApG8QQd6t4
同行者是否了解任何信息,或者Firebase工程师能否提供更详细的答案?
Does a fellow SOer know any information or could a Firebase engineer provide a more detailed answer?
我目前正在尝试使用以下库通过Steam验证用户身份:
I am currently trying to authenticate the user with Steam using this library:
https://github.com/liamcurry/passport-steam
,然后使用Firebase自定义令牌将用户吸引到我的Firebase身份验证系统中.
and then use Firebase custom tokens to get the user in my Firebase auth system.
我不知道这是否是正确的方法.无论如何,我都被困住了.
I don't know if this is the right approach. Regardless, I am stuck.
这是我当前的代码:
app.js
var passport = require('passport');
var SteamStrategy = require('passport-steam').Strategy;
app.use(passport.initialize());
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
passport.use(new SteamStrategy({
returnURL: 'http://localhost:8080/users/steam/return',
realm: 'http://localhost:8080/',
apiKey: steamKey.steam,
stateless:true
},
function(identifier, profile, done) {
profile.identifier = identifier;
return done(null, profile);
}
));
users.js
router.get('/steam', passport.authenticate('steam', { failureRedirect: 'login' }), function(req, res, next) {
});
router.get('/steam/return',
function(req, res, next) {
req.url = req.originalUrl;
next();
},
passport.authenticate('steam', { failureRedirect: 'users/login' }),
function(req, res) {
console.log(JSON.stringify(req.query));
var oid = req.query["openid.claimed_id"];
var array = oid.split("/id/");
console.log("Array: "+array);
var result = array[1];
console.log(result);
admin.auth().createCustomToken(result)
.then(function(customToken) {
res.render("users/login",{token: customToken, passed: true});
})
.catch(function(error) {
console.log("Error creating custom token:", error);
});
});
users/login.ejs:
<a href="steam"><img id="steamLogin" src="../../public/assets/steamLogin.png"/></a>
<script>
if ("<%=passed%>" == "true") {
firebase.auth().signInWithCustomToken("<%=token%>").catch(function(error) {
if (error) {
alert(error);
}
else {
res.redirect("screenshots/index");
}
});
}
</script>
我当前的问题如下:
My current issue is the following:
1)可行,但将Steam声明的ID作为用户的公共UID公开.公开用户声明的ID是否安全?那不是意味着任何人都可以使用其声明的ID来冒充我的用户吗?
1) This works but exposes the Steam claimed ID as the public UID for the user. Is it safe to expose the user claimed ID? Does that not mean anyone could impersonate my user by using his claimed ID?
2)我的Firebase Auth仪表板的标识符"下没有任何内容.登录用户时如何指定标识符?
2) There is nothing under "Identifier" in my Firebase Auth dashboard. How can I specify an identifier when signing in the user?
3)实际上,在创建自定义令牌时,我应该使用什么作为 uid ?
3) In fact, what should I use as the uid when creating the custom token?
推荐答案
您的操作方法是正确的方法,如链接到文档,适合对实施Steam身份验证感兴趣的任何人.为了说明,firebase开箱即用地支持某些身份验证提供程序,当它不支持身份验证提供程序时,您需要编写自己的身份验证代码,这是一个生成身份验证令牌的过程.链接的文章介绍了如何生成令牌.
Your way of doing it is the correct way, as also mentioned in another question where it is said that "Firebase supports signing in with any provider, as long as you are willing to write the code for it.". The question also gives a link to the docs for doing this, for anyone interested in implementing steam auth. To explain, firebase supports certain auth providers out of the box, when it does not support the auth provider you need to write you own auth code, which is a process that generates an auth token. The linked article explains how you should go about generating the tokens.
这篇关于如何在Firebase中实施Steam Auth?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
