使用 jsonwebtoken 时验证 firebase 自定义令牌以获取令牌 ID 失败 [英] Verifying firebase custom token to get token ID fails when using jsonwebtoken
问题描述
因此,在后端通过 firebase 的 admin SDK 生成了一个自定义令牌:
On the backend a custom token is generated via firebase's admin SDK thusly:
router.use('/get-token', (req, res) => {
var uid = "big-secret";
admin.auth().createCustomToken(uid)
.then(function(customToken) {
res.json({
instanceID: customToken
});
})
.catch(function(error) {
console.log("Error creating custom token:", error);
});
});
客户端前端应用程序然后获取 customToken 并向后端发出请求以进行验证:
The client frontend app then picks up the customToken and with it makes a request back to the backend to verify:
const fbPrivateKey = serviceAccount.private_key;
const key = new NodeRSA(fbPrivateKey).exportKey('pkcs8-public-pem');
router.get('/verifyIdToken', cors(), (req, res) => {
jwt.verify(req.headers.authorization.split('Bearer ')[1], key, { algorithms: ['RS256'] }, function(err, decoded) {
console.log('err', err);
console.log('decoded', decoded);
});
这总是错误的消息:JsonWebTokenError: invalid signature
这需要签名吗?如果有人可以解释一下或有任何指示吗?
Does this need signing? If anyone could explain this or has any pointers?
更新:通过 jwt.ioreq.headers.authorization.split('Bearer ')[1] 时a> 表示签名无效,但随后我输入我的私钥 (key) 并验证.
UPDATE:
When running req.headers.authorization.split('Bearer ')[1] through jwt.io is says that the signature is invalid, but then I enter my private key (key) and it validates.
我是否得到了不正确的方法调用或将错误的参数传递到 jwt.verify() ?
Am I getting the method calls incorrect or passing the wrong arguments into jwt.verify() ?
推荐答案
看起来您正在使用自定义令牌调用 verifyIdToken.那是行不通的.verifyIdToken 只接受ID 令牌".要从自定义令牌中获取 ID 令牌,请先调用 signInWithCustomToken().然后调用 getToken() 在已登录的用户实例上.
It looks like you're calling verifyIdToken with a custom token. That's not going to work. verifyIdToken only accepts "ID tokens". To obtain an ID token from a custom token first call signInWithCustomToken(). Then call getToken() on the signed in user instance.
这篇关于使用 jsonwebtoken 时验证 firebase 自定义令牌以获取令牌 ID 失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
