我可以使用客户端登录中的Firebase ID令牌来使用Java SDK验证Java桌面应用程序吗? [英] Can I use the Firebase ID token from a client login to authenticate a Java desktop app using the Java SDK?

问题描述

可通过iOS，Android和Web的 CLIENT 应用程序通过本机SDK访问Google的Cloud Firestore.

Google's Cloud Firestore can be accessed by CLIENT apps for iOS, Android, and web, via native SDKs.

对于 SERVER ，除REST和RPC API外，Cloud Firestore还可以在本机Node.js，Java，Python和Go SDK中使用.其中，Java和Node SDK能够侦听数据库中的更改(截至2018年3月).

For the SERVER, Cloud Firestore is also available in native Node.js, Java, Python, and Go SDKs, in addition to REST and RPC APIs. Of those, the Java and Node SDKs are capable of listening to changes in the database (as of March 2018).

我想在 Java CLIENT桌面应用程序中使用Cloud Firestore.

I would like to use the Cloud Firestore in a Java CLIENT desktop app.

正如我所说，Java Server SDK可以侦听数据库更改，但是它使用身份和访问管理(IAM)对用户进行身份验证，而客户端SDK通过Firebase身份验证进行身份验证.我必须使用Firebase身份验证进行身份验证，以便使用Cloud Firestore安全规则保护数据库.

As I said, the Java Server SDK can listen to database changes, however it authenticates the user with Identity and Access Management (IAM), while the Client SDKs authenticate with Firebase Authentication. I must authenticate with Firebase Authentication, so that the database is protected with the Cloud Firestore Security Rules.

我的问题是:我想将用户登录到Firebase客户端SDK(Web，iOS或Android)之一中，然后将登录名中的ID令牌发送到我的Java桌面应用程序.然后，我想使用该令牌对Java SDK进行身份验证，从而限制对Cloud Firestore安全规则的访问.

My question is: I want to log a user into one of the Firebase Client SDKs (web, iOS, or Android) and then send the ID token from that login to my Java desktop app. Then I want to authenticate the Java SDK with that token, thus limiting access with Cloud Firestore Security Rules.

有可能吗?怎么样?

推荐答案

在服务器上使用的Firebase Admin SDK不支持个人用户登录.您可以在此处看到与认证有关的功能列表..简而言之，它并不适用于最终用户应用程序，而仅是对客户端应用程序的后端支持，在该应用程序中，用于初始化它的凭据完全隐藏且最终用户无法访问.

The Firebase Admin SDK, used on the server, doesn't support individual user logins. You can see a list of what it can do related to authentication here. To put it shortly, it's not meant for end-user applications, just backend support for client apps where the credentials used to initialize it are completely hidden and inaccessible to end users.

您将永远不会交付使用Admin SDK编写的客户端应用程序，该应用程序还要求您交付服务帐户凭据以对其进行初始化.服务帐户凭据就像root密码一样-切勿将它们提供给任何人，除非您信任并可以完全访问所有内容.

You would never ship a client app written with a the Admin SDK that also requires you to ship a service account credential to initialize it. Service account credentials are like root passwords -- never give them to anyone except those that you trust with full access to everything.

这篇关于我可以使用客户端登录中的Firebase ID令牌来使用Java SDK验证Java桌面应用程序吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！