Firebase身份验证对象可以处理同时验证类型吗? [英] Can the Firebase auth object handle simultaneous authentication types?
问题描述
此文章 描述了如何将多个帐户绑定到 users
集合中的单个 $ uid
。
以下是这些安全规则:
rules:{
users:{
$ uid:{
.write:auth!= null&&
(data.val()=== null ||
(auth.provider ==='facebook'&& auth.id === data.child('facebookUid')。val())||
(auth.provider = =='twitter'&& auth.id === data.child('twitterUid')。val()))
},
usersMap:{
facebook:{
$ fuid:{
.read:auth!= null&& auth.provider ==='facebook'&& auth.id === $ fuid,
.write:auth!= null&&
(data.val()=== null ||
('用户')。child(data.val())。child('facebookUid')。val()== auth.id)
},
twitter:{
$ tuid:{
.read:auth!= null&& auth.provider ==='twitter'&& auth.id === $ tuid,
.write:auth!= null&&
(data.val()=== null ||
root.child('users')。child(data.val())。child('twitterUid')。val()== auth.id)
}
}
}
下面是我想象一下如何使用这些规则的实用方法:
-
用户登录与他们的Facebook帐户。
-
是否存在
$ fuid
不要添加新的$ uid
到users
。在成功回调中创建一个$ fuid
在userMap / facebook
下,其属性值$ fuid.uid
等于<$ c如果它存在,只需忽略该请求并返回一个消息,如用户已经存在。但是,如果一个用户想把另一个账户绑定到同一个主账户$ uid <
/ code>? -
用户使用另一个帐户登录。
> -
$ tuid
是否存在?不,但如果auth
对象持有Facebook和Twitter会话,那么我们不想创建另一个$ uid $ c $我们希望将
$ tuid
映射到相同的$ uid
$ fuid
也映射过来。
-
auth
对象支持访问同时认证对象的属性?例如,如果我们用Facebook和Twitter登录auth.id
对于两者都是不同的权利? 我在想这个错误的方法吗?如何使用上面的安全规则将其他账户映射到
$ uid
?
-
- 一种独立于认证方法(一个cookie?)存储用户ID的方法
- 在使用差异计算机时将auth帐户连接在一起的一种方法
A user "Logs in" with their Facebook account.
Does the
$fuid
exist? If not add a new$uid
tousers
. In the success callback create a$fuid
underuserMap/facebook
with a property value of$fuid.uid
equal too$uid
.If it does exist just ignore the request and return a message like "User already exists".
User logs in with another account.
Does the
$tuid
exist? No but if theauth
object is holding both the Facebook and the Twitter sessions then we don't want to create another$uid
- instead we want to map the$tuid
to the same$uid
the$fuid
is mapped too.Does the
auth
object have support for accessing properties of simultaneous authentication objects? For example if we were logged in with both Facebook and Twitterauth.id
would be different for both right?Am I thinking about this the wrong way? How is it possible to map additional accounts to
$uid
using the security rules above?
- a way to store the user's ID independent of authentication method (a cookie?)
- a way to link auth accounts together when using a diff computer
假设用户仍然使用他们的Facebook帐户登录,并希望添加他们的Twitter acco我们再次浏览该工作流程...
如果您想将多个账户绑定到一个单一的用户名,您需要生成自己的令牌。
例如,您可以使用 Firebase.push 生成唯一的ID为每个用户,并使用你的代币。这不是一件简单的事情,因为它要求你有:
这甚至可能会适得其反。用户将在大多数情况下使用单一的身份验证方法登录,甚至可能希望使用diff auth方法创建单独的帐户。所以,除非你有一个依赖于提供者之间共享数据的应用程序,否则这可能是不值得的。
This post describes how to tie multiple accounts to a single $uid
in a users
collection.
Here's those security rules:
"rules": {
"users": {
"$uid": {
".write": "auth != null &&
(data.val() === null ||
(auth.provider === 'facebook' && auth.id === data.child('facebookUid').val()) ||
(auth.provider === 'twitter' && auth.id === data.child('twitterUid').val()))"
}
},
"usersMap": {
"facebook": {
"$fuid": {
".read": "auth != null && auth.provider === 'facebook' && auth.id === $fuid",
".write": "auth != null &&
(data.val() === null ||
root.child('users').child(data.val()).child('facebookUid').val() == auth.id)"
}
},
"twitter": {
"$tuid": {
".read": "auth != null && auth.provider === 'twitter' && auth.id === $tuid",
".write": "auth != null &&
(data.val() === null ||
root.child('users').child(data.val()).child('twitterUid').val() == auth.id)"
}
}
}
}
Here is how I imagine a practical way to put these rules to use:
But what if a user wants to tie another account to the same master $uid
?
Let's say the user is still logged in with their Facebook account and wants to add their Twitter account. Let's roll through that workflow again...
If you want to tie multiple accounts to a single uid, you'll need to generate your own tokens.
You could, for example, use Firebase.push to generate unique ids for each user, and use those in your tokens. This is no simple matter as it requires that you have:
In many use cases, this could even counter-productive; users will log in with a single auth method in most cases and may even wish to use diff auth methods to create separate accounts. So it may not be worth the trouble unless you have an app that depends on sharing data between providers.
这篇关于Firebase身份验证对象可以处理同时验证类型吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!