Firebase JWT身份验证，持续发送令牌? [英] Firebase JWT Authentication, Continually Send Token?

问题描述

您好，我是 Firebase 的新手，但非常喜欢它.

Hi I am new to Firebase but really liking it.

我读到:https://www.firebase.com/docs/security/custom-login.html 并且我能够成功创建 JWT 并针对我的 Firebase 帐户进行身份验证.耶！

I read this: https://www.firebase.com/docs/security/custom-login.html and I am able to successfully create a JWT and authenticate against my Firebase account. Yay!

但是，我不确定这对以后调用 Firebase 意味着什么.我是否需要在以后向 Firebase 的所有请求中传递此令牌?

However I am not sure what this means for future, subsequent calls to Firebase. Do I need to pass this token in all future requests to Firebase?

推荐答案

未来在同一页面内调用 Firebase 将使用相同的身份验证.来自文档:

Future calls to Firebase within the same page will utilize the same authentication. From the docs:

对任何引用进行身份验证都会对该客户端进行整个 Firebase 的身份验证，如果 Internet 连接丢失，Firebase 将再次无缝处理身份验证，因此您只需在应用中执行一次该操作.要更改客户端的凭据(例如，当用户登录到其他帐户时)，只需使用新令牌重新进行身份验证即可.

Authenticating on any reference will authenticate that client to the entire Firebase, and Firebase will seamlessly handle authenticating again if its internet connection is ever lost, so you'll only need to perform the operation once in your app. To change a client's credentials (for example, when a user logs in to a different account), simply re-authenticate with a new token.

var ref = new Firebase(URL);

ref.on('value', ...) // not authenticated

ref.auth(TOKEN, function(error) {
    if( !error ) {
       ref.on('value', ...); //authenticated

       ref.child('...').on('value', ...); //also authenticated

       new Firebase(URL); // also authenticated if I'm using the same URL
    }
});

ref.on('value', ...); // probably not authenticated (async call to auth probably not completed)

如果您希望此令牌在页面重新加载后仍然存在，那么您需要以某种方式存储它，以便客户端可以在新页面上调用 firebaseRef.auth(...).

If you want this token to survive page reloads, then you need to store it in some way so the client can call firebaseRef.auth(...) on the new page.

var ref = new Firebase(URL);

// fetch a token stored in localStorage on a previous page load
var token = localStorage.getItem('token');
if( !token || !tokenHasTimeLeft(token) ) { 
    token = fetchTokenFromServer(); /* some API call to your custom auth server */-
}
login(token);

function login(token) {
   ref.auth(token, function(error) {
       /** handle errors */
       localStorage.setItem('token', token); // store for future page loads
   });
}

// this method uses Base64.decode by Fred Palmer 
// https://code.google.com/p/javascriptbase64/
// it checks to see if the token stored has more
// than 12 hours left before it expires
function tokenHasTimeLeft(tok) {
      try {
         var body = JSON.parse(Base64.decode(tok.split('.')[1]));
         var exp = body.exp? moment.unix(body.exp) : moment.unix(body.iat).add('hours', 24);
         DEVMODE && console.log('parsed token', body);
         return exp.diff(moment(), 'hours') > 12;
      }
      catch(e) {
         console.warn(e);
         return false;
      }
   }

这篇关于Firebase JWT身份验证，持续发送令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！