后端的Firebase管理员用于verifyIdToken并使用Firestore [英] Firebase admin on backend for verifyIdToken and use Firestore
问题描述
我正在尝试在后端使用Firebase Admin进行伪造"操作.通过验证Id令牌进行客户端身份验证,以便从后端使用Firestore.
I'm trying to use Firebase Admin on my backend for "faking" client authentication by verifying Id Token in order to use firestore from the backend.
想法是将服务器用作客户端和Firestore之间的中间件.
The idea is to use my server as a middleware between my client and firestore.
我可以在后端正确初始化FirebaseAdmin,并从客户端正确初始化verifyIdToken(),但此后我不知道使用Firestore的想法.你们能告诉我一种方法吗?
I can initialize FirebaseAdmin on the backend and verifyIdToken() from client properly, but I don't have an idea for using firestore after that. Can you guys show me a way for doing it?
import * as firebaseAdmin from 'firebase-admin';
import firebaseServiceAccountKey from './firebaseServiceAccountKey.json';
if (!firebaseAdmin.apps.length) {
firebaseAdmin.initializeApp({
credential: firebaseAdmin.credential.cert(
firebaseServiceAccountKey
),
databaseURL: ##########################,
});
}
// This is working
function getUser(token) {
return firebaseAdmin
.auth()
.verifyIdToken(token)
.then((decodedToken) => {
return decodedToken;
})
.catch((error) => {
return error
});
}
/*
Now I want to use Firestore authenticated with this token, should I
import firebase from "firebase"
and then try auth() with token?
*/
推荐答案
通过Admin SDK访问Firestore始终具有完整的管理特权.无法以已验证其令牌的用户身份访问Firestore.
Access to Firestore through the Admin SDK always happens with full administrative privileges. There is no way to access Firestore as the user whose token you verified.
如果要使用这种中间件方法,则必须确保它仅访问代码本身中授权用户访问的数据.
If you want to use this middleware approach, you will have to ensure it only accesses data the user is authorized for in the code itself.
另请参阅:
如果目标是更严格地控制谁可以登录您的应用,请考虑使用自定义身份验证-服务器为每个用户铸造自定义令牌,即客户端SDK然后用于登录.
If the goal is to have tighter control over who can sign in to your app, consider using custom authentication instead - where the server mints a custom token for each user, that the client-side SDK then uses to sign in.
这篇关于后端的Firebase管理员用于verifyIdToken并使用Firestore的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
