Firebase SMS验证/身份验证 [英] Firebase SMS Verification / Authentication
问题描述
对于一个客户端项目,我创建了一个简单的混合应用程序,它提供了一个非常简单的功能,但是却拥有很高的流量。该应用程序通常不需要后端,因为它非常非常简单,Firebase似乎是该项目的完美解决方案。
我坚持的唯一部分是使用Firebase进行短信验证/身份验证。但是,经过一番激烈的Google搜索和doc阅读之后,我意识到有没有简单的方法来做到这一点。这是我到目前为止看到的:
$ b
- Fabric.io Digits 有一个很棒的JS API,但是由于某些原因,firebase和数字不能很好地结合在一起: https://groups.google.com/forum/#!topic/firebase-talk/sB7lPuyCVBQ
- Facebook帐户套件 - 就在一周前,Facebook发布了一个新的短信验证套件。身份验证,虽然它仍然觉得它有与fabric.io数字相同的问题,至少直到证明相反。
- Twilio / Nexmo通过NodeJS - 这些都是伟大的JS API的史诗服务,但是从我所了解的情况来看,这需要一个单独的后端服务器来处理JWT令牌交换。而这又是另外一个服务器,它将成为高流量的瓶颈,另一个安全漏洞就是客户团队必须单独管理。不是最愉快的。
- Twilio / Nexmo& Auth0 - 到目前为止,这似乎是最好的选择,认证&用户管理由Auth0来处理,但是鉴于twilio或者nexmo和auth0都是付费解决方案,这个解决方案可能会很快变得昂贵。并不是说我是一个廉价的人,期望免费的东西工作,但是考虑到只是转发代币,感觉是一个非常昂贵的额外步骤。我记得在某个地方读了一些建议,比如把电话号码用作firebase上的电子邮件,例如:123-456-7890@example.com,并使用安全性通过短信发送密码作为密码,这听起来很粗略,由于许多不同的原因。
通常对于混合移动应用程序来说,它们或JS API的非本地性质是责任,但是第一次我至少)感觉这是不是这样的情况。我认为在这一点上,Firebase不是一个有效的选择,但是在开始研究AWS之前,最后要问爱心和关心社区的成员,并为客户建立一个完整的后端。
是否有任何其他方式来处理这种类型的认证减去中间服务/没有后端服务器?任何人有使用这些解决方案的经验?
更新:2017年5月
电话验证&身份验证现在已经可以在Firebase中使用了。请参阅下面的自我发布的答案。
更新:APR 2017
现在,Firebase本身支持云功能。现在,您可以使用云端函数完成这项工作,而无需设置任何服务器。
截至5月17日2017年Firebase的精彩人物已经将Digits的手机身份验证融入了Firebase。 现在在Firebase中本地实现这一点非常容易,或多或少随着开关的翻转,而不需要外部服务或任何类似的东西。 您可以在文档中阅读更多内容)
For a client project I'm creating a simple hybrid app that serves a very simple function, yet will have high traffic. The app wouldn't normally need a backend, since it's very very simple, and firebase seems like a perfect solution for the project.
The only part where I'm stuck at is SMS Verification / Authentication with Firebase. However, after some intense googling, and doc reading, I've come to realize that there's no easy way to do this. Here's what I've looked into so far :
- Fabric.io Digits has a great JS API, however for some reason firebase and digits won't play nicely together : https://groups.google.com/forum/#!topic/firebase-talk/sB7lPuyCVBQ
- Facebook Account Kit - Just a week ago, Facebook released a new kit for SMS Verification & Authentication, although it still feels like it has the same problem as fabric.io digits, at least until proven otherwise.
- Twilio / Nexmo via NodeJS - These are both epic services with great JS APIs, however from what I understand this would require a separate backend server to handle JWT token exchange. And that on its own is another server, which would become the bottleneck during high traffic, and another point of vulnerability for security, the client team would have to manage separately. Not the most pleasant.
- Twilio / Nexmo & Auth0 - So far this seems like the best option, where authentication & user management is handled by Auth0, however this solution can quickly get expensive given that both twilio or nexmo and auth0 are paid solutions. Not that I'm a cheapo expecting things to work for free - but feels like a very expensive extra step given that it is just to forward tokens. [see: clients-from-hell]
- I remember reading somewhere, a suggestion like using phone numbers as emails on firebase like: 123-456-7890@example.com and use the security codes sent over sms as password, which sounds very sketchy for many different reasons.
Usually with hybrid mobile apps, the non-native nature of them or JS APIs are to blame, but for the first time (for me at least) it feels like this isn't the case. I presume at this point Firebase isn't a valid option, but wanted to ask the loving and caring members of the community one last time before starting to look into AWS, and setting up an entire backend for the client.
Is there any other way to handle this type of authentication minus the middle-service / without a backend server? Anyone has any experience using these solutions?
UPDATE : MAY 2017
Phone Verification & Authentication is now natively available in Firebase. See my self-posted answer below.
UPDATE : APR 2017
Firebase now natively supports Cloud Functions. You can now accomplish this and a lot more using Cloud Functions without setting up any servers.
As of May 17 2017, the amazing people at Firebase have baked Digits' phone authentication into Firebase. This is now incredibly easy to achieve natively within Firebase, more or less with the flip of a switch and without the need of an external service or anything alike. You can read more about it in the docs :)
这篇关于Firebase SMS验证/身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
