如何验证自定义令牌? [英] How to verify a custom token?

问题描述

我正在为我的项目使用Firebase身份验证和功能.我的数据库api使用其他提供程序.我需要通过"admin"功能对数据库进行一些调用.我的服务器设置为通过以下配置来验证firebase的jwt令牌(自定义验证，不能使用firebase admin):

I am using firebase auth and functions for my project. My database api is with a different provider. I need to make some calls to my database from functions as "admin". My server is set up to verify firebase's jwt tokens via following config (custom verification, can't use firebase admin):

{
   "type":"RS256",
"jwk_url":"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com",
   "audience":"<firebase-project-id>",
   "issuer":"https://securetoken.google.com/<firebase-project-id>"
}

这可以正确验证ID令牌，但是无法解析由 admin.auth().createCustomToken 创建的自定义令牌，并出现以下错误:

This verifies ID Tokens correctly, however fails to parse custom tokens created by admin.auth().createCustomToken with following error:

无法验证JWT:JWSError JWSInvalidSignature

Could not verify JWT: JWSError JWSInvalidSignature

因此，除非我能以某种方式进行验证，否则我无法使用自定义令牌来验证我的云功能?

Hence I can't use custom tokens to authenticate my cloud functions unless I can verify them somehow?

这是我的函数令牌的生成方式:

This is how my function token is generated:

  const uid = "function-worker";
  const claims = {
    "https://hasura.io/jwt/claims": {
      "x-hasura-default-role": "function",
      "x-hasura-allowed-roles": ["function"],
      "x-hasura-user-id": uid,
    },
  };
  const jwt = await admin.auth().createCustomToken(uid, claims);

然后根据 https://github.com/hasura/graphql-engine/树/主/社区/sample-apps/firebase-jwt

下面的指南适用于ID令牌，但不适用于自定义令牌.可以在 hasura 服务器如何处理jwt验证的更详细说明.com/hasura/graphql-engine/blob/dcab20a5ee388ebd754a7828de1309a3a2e0eaee/docs/graphql/manual/auth/authentication/jwt.rst#generating-jwt-config"rel =" nofollow noreferrer> https://github.com/hasura/graphql-engine/blob/dcab20a5ee388ebd754a7828de1309a3a2e0eaee/docs/graphql/manual/auth/authentication/jwt.rst#generating-jwt-config

Following guide above works for id tokens, but not for custom tokens. More detailed explanation for how hasura server handles jwt verification can be found here https://github.com/hasura/graphql-engine/blob/dcab20a5ee388ebd754a7828de1309a3a2e0eaee/docs/graphql/manual/auth/authentication/jwt.rst#generating-jwt-config

推荐答案

您可以使用Firebase REST API在服务器端生成ID令牌. https://firebase.google.com/docs/reference/rest/auth

You can use the Firebase REST API to generate an id token, server side. https://firebase.google.com/docs/reference/rest/auth

这篇关于如何验证自定义令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！