如何使用 Firebase refreshToken 重新进行身份验证? [英] How to use the Firebase refreshToken to reauthenticate?

问题描述

我使用 JS 库调用 firebase.auth().signInWithEmailAndPassword(email, password) 并返回一个 User 对象.User 对象包含一个 refreshToken.

I use the JS library call firebase.auth().signInWithEmailAndPassword(email, password) and get back a User object. The User object contains a refreshToken.

我使用 curl 'https://docs-examples.firebaseio.com/rest/saving-data/auth-example.json?auth=TOKEN' 调用 Firebase.

I use curl 'https://docs-examples.firebaseio.com/rest/saving-data/auth-example.json?auth=TOKEN' to make calls to Firebase.

令牌最终会过期.为了使它看起来像应用程序(iOS 和 macOS)具有持久登录，我想刷新令牌，我如何使用 >REST 还是 JS 库?我在文档中找不到任何允许我使用 refreshToken 获取新的 token 的调用.

The token will eventually expire. In order to make it look like the application (iOS and macOS) has persistent login, I want to refresh the token, how do I do that with using either the REST or JS library? I can't find any calls in the documentation that allow me to use the refreshToken to get a new token.

推荐答案

** UPDATE ** 现在也记录在 Firebase REST 文档中的 Exchange a refresh token for an ID token 部分:

** UPDATE ** this is also now documented in Firebase REST docs under Exchange a refresh token for an ID token section:

https://firebase.google.com/docs/reference/rest/auth/#section-refresh-token

目前我发现的唯一方法是在这里:https://developers.google.com/identity/toolkit/reference/securetoken/rest/v1/token

Currently the only way I found to do this is here: https://developers.google.com/identity/toolkit/reference/securetoken/rest/v1/token

您必须发出 HTTP 请求:

You must make an HTTP request:

POST https://securetoken.googleapis.com/v1/token?key=YOUR_KEY

可以在 Google 开发者控制台中找到 YOUR_KEY 的位置 >API 管理器凭据.它位于 API Keys 部分下.

Where YOUR_KEY can be found in the Google developers console > API Manager > Credentials. It's under the API Keys section.

确保请求正文的结构如下:

Make sure request body is structured in the following format:

grant_type=refresh_token&refresh_token=REFRESH_TOKEN

其中 REFRESH_TOKEN 是 Firebase 用户对象登录时的刷新令牌.

Where REFRESH_TOKEN is the refresh token from Firebase user object when they signed in.

您必须设置标题 Content-Type: application/x-www-form-urlencoded 否则您将收到错误(例如MISSING_GRANT_TYPE").

You must set the header Content-Type: application/x-www-form-urlencoded or you will get errors (e.g. "MISSING_GRANT_TYPE").

POST 调用将返回一个新的 idToken(以前称为 access_token)

The POST call will return a new idToken (used to be called access_token)

这篇关于如何使用 Firebase refreshToken 重新进行身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！