如何在服务器上验证 FCM 注册令牌? [英] How to verify FCM registration token on server?

问题描述

我获得了用于 Web 推送的 Firebase 云消息传递注册令牌.我将它发送到我的服务器以保存在数据库中以供以后推送.但是如何验证这个令牌是有效的还是假的?

I got my Firebase Cloud Messaging registration token for web push. And I sent this to my server to save in database for later push. But how can I verify this token is valid or fake?

我已经尝试过 this 但我认为这是为了身份验证令牌不适用于网络推送.

I have tried this but I think this is for Auth tokens not for web push.

其他人可以向我的服务器发送随机伪造令牌的请求.我想在保存到数据库之前防止这种情况发生.

Someone else can send request of a random fake token to my server. I want to prevent this before save in db.

已经解决了，我写了一个简单的类来快速使用 FCM 进行网络推送.https://github.com/emretekince/fcm-web-push

It's solved and I wrote a simple class to use FCM for web push quickly. https://github.com/emretekince/fcm-web-push

推荐答案

当发送到 无效 注册令牌时，您应该会收到 200 + 错误:InvalidRegistration:

When sending to an invalid registration token, you'll should receive 200 + error:InvalidRegistration:

检查您传递给服务器的注册令牌的格式.确保它与客户端应用通过 Firebase 通知注册收到的注册令牌相匹配.不要截断或添加其他字符.

Check the format of the registration token you pass to the server. Make sure it matches the registration token the client app receives from registering with Firebase Notifications. Do not truncate or add additional characters.

这是当您尝试发送一个简单的 cURL 请求时的响应，其中注册令牌只是随机生成的:

This is the response when you try to send a simple cURL request where the registration token is just randomly made:

curl --header "Authorization: key=$[your_server_key_here]" 
       --header Content-Type:"application/json" 
       https://fcm.googleapis.com/fcm/send 
       -d "{"registration_ids":["ABC"]}"

请注意，我在 "ABC" 中添加了 registration_ids 参数.如果它是有效的注册令牌，但与您的项目无关，您可能会收到 200 + 错误:未注册.

Notice that I added in "ABC", in the registration_ids parameter. If ever it is a valid registration token, but is not associated to your project, you'll probably receive 200 + error:NotRegistered.

您可以尝试使用 dry_run 参数:

You can try sending a test message from your server to see the response without sending an actual message towards the device by using the dry_run parameter:

此参数设置为 true 时，允许开发人员在不实际发送消息的情况下测试请求.

This parameter, when set to true, allows developers to test a request without actually sending a message.

这篇关于如何在服务器上验证 FCM 注册令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！