从客户端发送firebase云消息而不暴露API秘密 [英] Send firebase cloud message from client without exposing API secret

问题描述

我正在开发一个新的聊天应用程序，目前与firebase实时数据库和cordova一起工作。

我正在寻找一个后端更少的解决方案，因为我目前的工作应用程序根本不需要任何服务器，除了一个微型服务器，它的唯一功能是为客户端提供时间授权令牌。

这个令牌允许客户端工作直接使用firebase，而不需要更昂贵和加载的服务器，并且仍然有一个中央控制应用程序的使用。

通过阅读新的firebase文档我相信通知和firebase云消息应用不能由于所有的发送消息示例暴露了服务器API密钥，这显然不能在客户端使用发布消息，仅用于监听通知客户端。

有没有办法从中央服务器发出临时令牌，客户端可以使用它发送消息，而不必将所有消息发送到服务器，然后再发送到其他设备？使用Firebase Cloud Messaging将下行消息发送到设备需要访问权限

感谢 到授权密钥。出于这个原因，它应该运行在一个可信的进程中，比如在你控制的硬件上。

I'm developing a new chat application that currently works with firebase realtime database and cordova.

I was looking for a backend-less solution since my currently working app doesn't need any server at all apart from a tiny server that its only function is to provide with temporal authorization tokens for the clients.

This tokens allow the client to work directly with firebase without the need for a more expensive and loaded server, and still have a central control for the usage of the app.

By reading the new firebase documentation I believe that the notifications and the firebase cloud messages app can't be used by the client side to post messages, only to listen notifications since all the send message examples expose the server API key, which obviously can't be on the client side.

Is there a way to issue temporal tokens from a central server that can be used by the clients to send messages instead of having to send all the messages to the server and then back to the other devices?

Thanks

解决方案

Sending downstream messages to devices with Firebase Cloud Messaging requires access to the authorization key. For that reason it should run in a trusted process, such as on hardware you control.

这篇关于从客户端发送firebase云消息而不暴露API秘密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！