错误:Firebase ID令牌已过期 [英] Error: Firebase ID token has expired
问题描述
在我的服务器上,使用firebase admin sdk .verifyIdToken()
On my server I'm seeing these errors when using firebase admin sdk .verifyIdToken()
Firebase ID令牌已过期.从您的客户端应用中获取新令牌,然后重试
Firebase ID token has expired. Get a fresh token from your client app and try again
Firebase ID令牌具有孩子"字样,与已知的公钥不对应的声明.该ID令牌很可能已过期,因此请从您的客户端应用中获取一个新的令牌,然后重试.请参见 https://firebase.google.com/docs/auth/admin/verify-id-tokens 了解有关如何检索ID令牌的详细信息.
Firebase ID token has "kid" claim which does not correspond to a known public key. Most likely the ID token is expired, so get a fresh token from your client app and try again. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
在客户端,我要在浏览器之间的每个请求<>之前执行此操作.服务器:
On the client side I'm doing this before every request between browser <> server:
firebase.auth().currentUser.getIdToken()
通过阅读文档,我的理解是该函数将获得有效的,未过期的令牌,因为后台的SDK将根据需要刷新自身.(可选)我可以将 true 传递给此函数以强制刷新.
It's my understanding from reading the docs that this function will get a valid, non-expired token because the SDK in the background will refresh itself as-needed. Optionally, I can pass in true to this function to force a refresh.
为什么此 getIdToken()函数似乎将过期的令牌发送到我的后端?
Why does this getIdToken() function seem to be sending expired tokens to my backend?
似乎要解决这个问题,我的选择是:
It seems like to resolve this my options are:
- 每次我调用getIdToken()时,
- 传入
true以强制刷新.这不必要地昂贵,因为它将增加来自浏览器的整个往返网络请求的开销.在浏览器请求<>之前使用firebase我的服务器 - 以现在的方式调用
getIdToken()-在客户端手动解码令牌,检查到期时间,如果令牌已过期,则调用getIdToken(true)再次强制刷新并将新刷新的令牌发送到我的服务器
- Pass in
trueto force refresh every time I call getIdToken(). This is needlessly expensive because it will add the overhead of a whole round-trip network request from the browser <> firebase before the request from browser <> my server - call
getIdToken()the way I am now - decode the token manually on the client side, check the expiration, if it is expired then callgetIdToken(true)again to force a refresh and send that newly refreshed token to my server
2号是解决此问题的推荐/预期方式吗?似乎这里有问题...
Is number 2 the recommended/expected way to deal with this? It seems like something is wrong here...
推荐答案
令牌通常会在一个小时后过期. getIdToken 将刷新缓存的令牌(如果已过期).当您需要将令牌发送到服务器时,请确保始终在客户端上调用它.如果您缓存令牌并始终将其发送到后端,则令牌将在某个时候过期.
The token expires after typically an hour. getIdToken will refresh the cached token if it is expired. Make sure you always call that on the client when you need to send the token to your server. If you cache the token and always send it to your backend, it will be expired at some point.
以防万一,请确保您的服务器时钟已同步.不太可能,但是由于某些原因您的时钟可能不同步.
Also just in case, ensure your server clock is synchronized. It is unlikely but your clock could be out of sync for some reason.
这篇关于错误:Firebase ID令牌已过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
