使用没有第三方 Cookie 的 Google Firebase 身份验证 [英] Use Google Firebase Authentication without 3rd Party Cookies
问题描述
我目前正在尝试使用社交媒体登录,并意识到这些登录信息的交付方式有些奇怪,这是因为我的工作场所与大多数办公室一样,会阻止 3rd 方 cookie 作为安全策略.
I'm currently experimenting with Social Media Sign-in and have realised something slightly strange on how these logins are delivered which is stemming from the fact that my workplace, like most offices, blocks 3rd party cookies as a security policy.
Google Firebase 身份验证 使用第 3 方 cookie,因此如果我尝试使用Firebase,我被重定向到 Google 页面(如预期)但是当我在登录后被重定向回原始网页(并且 Firebase 尝试设置 cookie)时,我收到一条错误消息,说 This browser is not supported或 3rd 方 cookie 和数据可能会被禁用.
Google Firebase Authentication uses 3rd party cookies and so if I try to use Firebase, I'm redirected to the Google page (as expected) but when I'm redirected back to the originating webpage after logging in (and Firebase tries to set cookies), I get an error saying This browser is not supported or 3rd party cookies and data may be disabled.
但是,MongoDB Stitch 以某种方式工作,我能够实际登录,即使使用已禁用第 3 方 cookie.我似乎真的无法理解为什么会这样,但我希望这里有人可以对此有所了解.如果有帮助,MongoDB Stitch 会要求您将 https://stitch.mongodb.com 设置为 Origin URI 和 https://stitch.mongodb.com/api/client/v2.0/auth/callback 作为 Google 控制台中的授权重定向 URI - 而您必须在 MongoDB 控制台中设置自己的网站 URI,我认为这可能是不同之处?
However, MongoDB Stitch somehow works and I'm able to actually login, even with 3rd party cookies disabled. I really can't seem to make sense of why that's the case but I'm hoping someone here can shed some light on it. If it helps, MongoDB Stitch asks that you set https://stitch.mongodb.com as Origin URI and https://stitch.mongodb.com/api/client/v2.0/auth/callback as Authorised Redirect URI in the Google Console - whilst you have to setup your own website URIs inside the MongoDB Console which I believe might be the difference?
无论如何,MongoDB Stitch 的文档严重不足(由于它仍处于公开测试阶段),所以如果可能的话,我真的很想采用 Google Firebase 的方式.
In any case, MongoDB Stitch's documentation is severely deficient (thanks to it still being in Public Beta) so I would really like to go the Google Firebase way if at all possible.
- 有谁知道 MongoDB Stitch 如何绕过设置 3rd Party Cookies
- 如何在禁用第 3 方 Cookie 的情况下使用 Google Firebase 身份验证
推荐答案
您是否尝试过使用 gapi.auth2、Google 登录库 用于 Javascript?上次我检查时,它在禁用 3rd 方 cookie 的情况下工作.您可以使用它来获取 Google ID 令牌或访问令牌,然后登录 Firebase:
Have you tried using gapi.auth2, the Google sign in library for Javascript?
Last time I checked, it worked with 3rd party cookies disabled. You can use it to obtain a Google ID token or access token and then sign in to Firebase:
firebase.auth().signInWithCredential(firebase.auth.GoogleAuthProvider.credential(googleIdToken, googleAccessToken))...`
这篇关于使用没有第三方 Cookie 的 Google Firebase 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
