使用node.js admin sdk创建令牌时的Firebase REST验证 [英] Firebase REST auth when creating token with node.js admin sdk
问题描述
我知道这个问题在这里有很多问题,但是我仍然无法找到能够解决问题的确切答案。
我希望使用Firebase REST调用,通过添加一个access_token参数。
使用Node.js Admin SDK创建access_token,使用以下代码:
var admin = require(firebase-admin);
var serviceAccount = require(./ pk.json);
admin.initializeApp({
凭证:admin.credential.cert(serviceAccount),
databaseURL:https://XXX.firebaseio.com
} );
var uid =1234;
admin.auth()。createCustomToken(uid)
.then(function(customToken){
//将令牌发送回客户
console .log(Token:+ customToken);
})
.catch(function(error){
console.log(创建自定义标记错误:错误);
});
问题是,如果我从Node.js创建了令牌并使用它进行REST调用,我得到了一个未经授权的请求错误。
我读过一些问题,令牌,但还没有找到一种方法来做到这一点与Node.js管理SDK。
谷歌的文档是不是很详细的这个问题。任何想法,我可能会尝试解决这个问题?
您用来验证Firebase REST API的令牌不是正确的令牌类型。您正在使用Firebase身份验证令牌,该令牌只能用于通过 signInWithCustomToken()方法验证Firebase客户端SDK之一,如在客户端使用自定义令牌登录。
为了验证Firebase REST API,您有两个选项:Firebase ID令牌(用于基于用户的访问)或Google OAuth2访问令牌(用于管理员访问)。 b
使用Firebase ID令牌进行身份验证
请参阅检索客户端上的ID令牌,以了解如何检索各种Firebase客户端SDK中的访问令牌。您还可以通过未记录的REST API为ID令牌和刷新令牌对交换Firebase自定义令牌:
端点: https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key=<API_KEY>
方法: POST
请求正文: {token:< CUSTOM_TOKEN>,returnSecureToken:true}< code>< code>< API_KEY> 与您在Firebase客户端中使用的Firebase控制台相同。 < CUSTOM_TOKEN> 是一个Firebase自定义令牌。 由于ID令牌在一小时后过期,使用刷新令牌通过其他未公开的REST API刷新它们:
$ b 端点:
https:// securetoken。 googleapis.com/v1/token?key=<API_KEY> 方法: POST
请求正文 {refresh_token:< REFRESH_TOKEN> ;, grant_type:refresh_token}
< API_KEY> API密钥和以前一样。 < REFRESH_TOKEN> 是来自前一次API调用的刷新令牌。
可以通过 auth 查询参数将其传递给REST API来验证请求。该请求遵循Firebase安全规则,就好像登录到客户端的最终用户发出请求一样。
使用Google Access令牌进行身份验证
要使用Google OAuth2访问令牌进行身份验证,您需要做的第一件事是获得一个。有关说明,请参见检索访问令牌如何做到这一点。它目前只包含一个Java示例,但是这在许多语言中都是可能的,包括Node.js.获得ID令牌后,可以通过 access_token 查询参数将其传递给REST API来验证请求。该请求将以管理员权限进行,覆盖所有Firebase安全规则并授予完整的读写访问权。
I know this issue was asked a lot here, but I still cannot seem to find the exact answer that can solve my problem.
I wish to access Firebase using REST calls, by adding an access_token param.
The access_token is created using the Node.js Admin SDK, using the following code:
var admin = require("firebase-admin");
var serviceAccount = require("./pk.json");
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: "https://XXX.firebaseio.com"
});
var uid = "1234";
admin.auth().createCustomToken(uid)
.then(function(customToken) {
// Send token back to client
console.log("Token: "+customToken);
})
.catch(function(error) {
console.log("Error creating custom token:", error);
});
The problem is that if I take the token created from Node.js and use it my REST call, I get an Unauthorized request error.
I have read in some questions that people added the scope param when issuing the token, but have not found a way to do that with Node.js Admin SDK.
Google's docs are not so detailed with this issue. Any idea what I might try to resolve this one?
The token you are using to authenticate to the Firebase REST API is not the correct type of token. You are using a Firebase Auth custom token, which can only be used to authenticate one of the Firebase client SDKs via the signInWithCustomToken() method as explained in Sign in using custom tokens on clients.
In order to authenticate to the Firebase REST API, you have two options: Firebase ID tokens (for user-based access) or Google OAuth2 access tokens (for admin access).
Authenticate with Firebase ID Tokens
See Retrieve ID tokens on the client for an explanation of how to retrieve access tokens in the various Firebase client SDKs. You can also exchange a Firebase custom token for an ID token and refresh token pair via an undocumented REST API:
Endpoint: https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key=<API_KEY>
Method: POST
Request Body: { "token": <CUSTOM_TOKEN>, "returnSecureToken": true }
<API_KEY> is the same API key you get from your Firebase Console that you use in the Firebase clients. <CUSTOM_TOKEN> is a Firebase custom token.
Since ID tokens expire after an hour, you will need to use the refresh token to refresh them via this other undocumented REST API:
Endpoint: https://securetoken.googleapis.com/v1/token?key=<API_KEY>
Method: POST
Request Body: { "refresh_token": <REFRESH_TOKEN>, "grant_type": "refresh_token" }
<API_KEY> is the same API key as before. <REFRESH_TOKEN> is the refresh token from the previous API call.
Once you have an ID token, you can pass that to the REST API via the auth query parameter to authenticate a request. The request respects Firebase Security Rules as if the end user logged into the client was making the request.
Authenticate with Google Access Tokens
To authenticate with a Google OAuth2 access token, the first thing you need to do is get one. See Retrieving an access token for an explanation of how to do this. It only currently includes a Java example, but this is possible in many languages, including Node.js. Once you have an ID token, you can pass that to the REST API via the access_token query parameter to authenticate a request. The request will be made with admin access, overriding all Firebase Security Rules and granting full read and write access.
这篇关于使用node.js admin sdk创建令牌时的Firebase REST验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
