如何将服务器认证到Firebase？ [英] How do you authenticate a server to Firebase?

查看：193 发布时间：2017/11/10 19:17:25 node.js firebase server

本文介绍了如何将服务器认证到Firebase？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我有一个在Firebase上编写的应用程序。安全规则和客户端代码不足以使我的应用程序工作。我需要连接一个服务器来执行一些任务：

清理使用
onDisconnect
处理程序

建立我的数据额外的索引超出我可以做

：如果您在 https://firebase.google.com 上创建了项目，则这些步骤将从服务器是不同的。看到这个答案： Firebase 3中是否可以对令牌进行服务器端验证？

有两种方法可以执行此操作：生成服务器身份验证令牌或使用Firebase秘密。

生成服务器令牌
您可以使用相同的令牌生成器库为自定义登录创建，以生成可从服务器使用的令牌。然后，您可以从安全规则中提供对此服务器的特殊访问权限。

以下是步骤：
优势
Firebase秘密

喜欢生活在边缘的开发者，以及类型 sudo ，然后直接使用Firebase秘密进行身份验证。

但严重的是，不要这样做。这是危险的。

不做的原因

就像盲目地使用 sudo 一样，这是非常危险的。
你的
服务器不会遵守你的验证规则。

您的服务器已完全读取您的Firebase的
/写入权限。如果它有一个丑陋的bug，它
可能会删除或损坏没有业务访问的数据。

您的
秘密在更多地方（可能在出站请求日志，
等）中结束。如果您冒险，您将面临更大的风险。

I have an app written on Firebase. Security rules and client side code aren't quite enough to make my app work. I need to connect a server to do a few tasks:

Cleaning up denormalized data that's challenging to clean up using onDisconnect handlers

Building additional indexes of my data that go beyond what I can do with queries

解决方案
Updated (20160611): if you created your project on https://firebase.google.com, the steps access the database from a server are different. See this answer: Is it still possible to do server side verification of tokens in Firebase 3?

There are two ways that you can do this: Generate a server auth token, or use a Firebase secret.

Generate a server token You can use the same token generator libraries created for Custom Login to generate tokens that you can use from your server. You can then provide special access to this server from your security rules.

Here are the steps:

Get the token generator library for your server's language / platform. Node.js and Java servers tend to work best.

Generate a token with a pre-selected uid. If you're writing a node.js server, the code might look something like this:
var FirebaseTokenGenerator = require("firebase-token-generator"); var tokenGenerator = new FirebaseTokenGenerator("<your-firebase-secret>"); var token = tokenGenerator.createToken( {uid: "my-awesome-server"}, { expires: <far_into_the_future_seconds> });

Use the token to authenticate your client. Here's more node.js code:
var ref = new Firebase("https://<your-firebase>.firebaseio.com/"); ref.authWithCustomToken(token, function(error, authData) { ... });

If there's no client for your server's language, e.g. PHP, use the token for your REST requests as the auth parameter.

Update your security rules to grant special permissions your server, as identified by the uid, like this simple rule that allows read access to the whole Firebase
{ "rules": { ".write": false, ".read": "auth.uid === 'my-awesome-server'" } }

Access all the data, do awesome stuff.

Advantages

This is Firebase's officially recommended way to authenticate your server.

Your server will respect validation rules.

The server is just another user. You can use security rules to provide fine grained access to your data.

Since access is fine grained, it's unlikely a bug in your server will cause damage, like delete your root node.

Firebase secret

If you're the kind of developer who enjoys living on the edge, and types sudo at the drop of a hat, you can also authenticate using your Firebase secret directly.

But seriously, don't do this. It's dangerous.

Reasons not to do it

Just like blindly using sudo, it's incredibly dangerous.

Your server will not respect your validation rules.

Your server full read / write access to your Firebase. If it has an ugly enough bug, it might delete or corrupt data that is has no business accessing.

Your secret ends up in more places (potentially in outbound request logs, etc). You are exposed to more risk if it gets out.

这篇关于如何将服务器认证到Firebase？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何将服务器认证到Firebase？ [英] How do you authenticate a server to Firebase?

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

如何将服务器认证到Firebase？ [英] How do you authenticate a server to Firebase?

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭