火力地堡智威汤逊认证，不断发送令牌？ [英] Firebase JWT Authentication, Continually Send Token?

问题描述

您好我是新来的火力地堡，但真正喜欢它。

Hi I am new to Firebase but really liking it.

我读这： https://www.firebase.com/docs/安全/自定义的login.html 以及我能够成功创建JWT和反对我的火力地堡帐户进行身份验证。耶！

I read this: https://www.firebase.com/docs/security/custom-login.html and I am able to successfully create a JWT and authenticate against my Firebase account. Yay!

不过我不知道这是什么意思为未来的，后续调用火力地堡。我需要通过这个令牌在今后所有请求火力点？

However I am not sure what this means for future, subsequent calls to Firebase. Do I need to pass this token in all future requests to Firebase?

推荐答案

未来呼叫转移到同一页中火力地堡将使用相同​​的身份验证。从文档：

Future calls to Firebase within the same page will utilize the same authentication. From the docs:

在鉴定任何引用将验证客户端对整个火力地堡，并且火力地堡将无缝处理再进行身份验证如果互联网连接的丢失，所以你只需要在你的应用程序，一旦执行该操作。要更改客户端的凭据（例如，当在一个不同的帐户的用户日志），简单地用一个新的令牌重新认证。

Authenticating on any reference will authenticate that client to the entire Firebase, and Firebase will seamlessly handle authenticating again if its internet connection is ever lost, so you'll only need to perform the operation once in your app. To change a client's credentials (for example, when a user logs in to a different account), simply re-authenticate with a new token.

var ref = new Firebase(URL);

ref.on('value', ...) // not authenticated

ref.auth(TOKEN, function(error) {
    if( !error ) {
       ref.on('value', ...); //authenticated

       ref.child('...').on('value', ...); //also authenticated

       new Firebase(URL); // also authenticated if I'm using the same URL
    }
});

ref.on('value', ...); // probably not authenticated (async call to auth probably not completed)

如果您希望此令牌生存页面重新加载，那么你需要将其存储在某种方式使客户可以在新的页面上调用firebaseRef.auth（...）。

If you want this token to survive page reloads, then you need to store it in some way so the client can call firebaseRef.auth(...) on the new page.

var ref = new Firebase(URL);

// fetch a token stored in localStorage on a previous page load
var token = localStorage.getItem('token');
if( !token || !tokenHasTimeLeft(token) ) { 
    token = fetchTokenFromServer(); /* some API call to your custom auth server */-
}
login(token);

function login(token) {
   ref.auth(token, function(error) {
       /** handle errors */
       localStorage.setItem('token', token); // store for future page loads
   });
}

// this method uses Base64.decode by Fred Palmer 
// https://code.google.com/p/javascriptbase64/
// it checks to see if the token stored has more
// than 12 hours left before it expires
function tokenHasTimeLeft(tok) {
      try {
         var body = JSON.parse(Base64.decode(tok.split('.')[1]));
         var exp = body.exp? moment.unix(body.exp) : moment.unix(body.iat).add('hours', 24);
         DEVMODE && console.log('parsed token', body);
         return exp.diff(moment(), 'hours') > 12;
      }
      catch(e) {
         console.warn(e);
         return false;
      }
   }

这篇关于火力地堡智威汤逊认证，不断发送令牌？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！