Firebase:最近登录请求 [英] Firebase: recent login requested
问题描述
某些安全敏感的操作(如删除帐户,设置主电子邮件地址和更改密码)要求用户最近登录。
如果不是,请求会失败,错误代码 auth / requires-recent-login
,我应该通过提示用户重新插入凭据来管理案例。一旦我这样做了,我可以很容易地用下面的代码重新认证用户:
$ b
firebase.auth()。currentUser.reauthenticate(凭证)
API 参考还有一些详细信息。事实证明,凭证
实际上是 firebase.auth.AuthCredential
类型的对象。这就是说,我还有一堆问题,我无法找到文档的答案:
- 如何创建
AuthCredential
对象 - 更重要的是,我该如何处理提供者(Google,Facebook,...)。我同意,更改电子邮件/密码对提供商来说没有意义,因为这不是改变它们的正确位置,所以在这种情况下重新验证不适用。但是,删除用户仍然是需要重新验证的操作,无论身份验证方法如何,都可以执行此操作。如何重新认证使用提供商登录的用户?
- 文档指出用户最近必须登录 。
-
这并不重要,因为firebase身份验证后端可能会改变这一点。你不应该硬编码这个值。相反,尝试捕捉该错误,并在发生时采取适当的行动。
我无法在文档中找到最近的任何定义。您可以通过在任何提供者(包括电子邮件/密码提供者)上调用凭证静态方法来初始化凭证:
firebase.auth.FacebookAuthProvider.credential(fbAccessToken); code> 要重新认证OAuth提供程序,可以在浏览器中调用signInWithPopup或重定向。这将返回一个有2个字段的对象:用户和凭证。您可以直接使用该凭据。这里是一个简化的例子:
$ b $ p var tempApp = firebase.initializeApp(originalConfig,'temp');
var provider = new firebase.auth.FacebookAuthProvider();
tempApp.signInWithPopup(provider).then(function(result)){
tempApp.auth()。signOut();
originalApp.auth()。currentUser.reauthenticate(credential);
});
I'm dealing with Firebase
authentication for web.
The documentation states that
Some security-sensitive actions—such as deleting an account, setting a primary email address, and changing a password—require that the user has recently signed in.
If not, the request would fail with error code auth/requires-recent-login
and I should manage the case by prompting the user to re-insert her credentials. Once I have done that, I could easily re-authenticate the user with the following code:
firebase.auth().currentUser.reauthenticate(credential)
In the API reference there's some details more. It turns out credential
is actually an object of type firebase.auth.AuthCredential
. That being said, I still have a bunch of questions to which I couldn't find answer on the docs:
- How do I create the
AuthCredential
object? - More importantly, how do I deal with providers (Google, Facebook, ...). I agree that changing email/password doesn't make sense for providers, because this is not the right place to change them, so re-authentication does not apply in this case. However, deleting a user is still an action requiring re-authentication, and this could be performed regardless of the authentication method. How do I re-authenticate a user that logged in with a provider?
- The documentation states that the user must have logged in recently. I couldn't find any definition of recent in the docs.
You can initialize a credential by calling credential static method on any provider (include email/password provider):
firebase.auth.FacebookAuthProvider.credential(fbAccessToken);
To reauthenticate an OAuth provider, you can call in a browser signInWithPopup or redirect. This will return an object with 2 fields: user and credential. You can use that credential directly. Here is a simplified example:
var tempApp = firebase.initializeApp(originalConfig, 'temp'); var provider = new firebase.auth.FacebookAuthProvider(); tempApp.signInWithPopup(provider).then(function(result)) { tempApp.auth().signOut(); originalApp.auth().currentUser.reauthenticate(credential); });
That doesn't matter, as the firebase auth backend could change that. You shouldn't hard code this value. Instead try to catch that error and act appropriately when it happens.
这篇关于Firebase:最近登录请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!