kpg*_*kpg 5 node.js firebase firebase-authentication
我正在将 node.js 应用程序迁移到 Firebase v3。
在 v2 中,我使用FirebaseTokenGenerator生成自定义令牌。它需要一个 apiToken,这与 Firebase v3 在节点中的工作方式不一致,我看到firebase.auth 服务上现在有一个“ createCustomToken ”方法,所以我假设我现在应该使用它。
问题是此方法似乎只接受“uid”和“developerClaims”作为参数,其中 FirebaseTokenGenerator 还接受包含“expires”属性的选项对象。
有没有办法给'createCustomToken'生成的令牌一个到期日?
更新
参考:https ://groups.google.com/forum/#!topic/firebase-talk/Ezy3RDNNRAs
一旦他们使用自定义令牌登录,Firebase 交换的 Id 令牌就会长期存在并自动刷新。您不需要为每个请求创建新的自定义令牌。您可以使用后端服务器库验证 Firebase Id 令牌,只要它有效,您就不需要再次登录用户。
所以看起来生成的令牌是临时的,用于检索 id 令牌(内部)
FIRAuth.auth()?.signInWithCustomToken(customToken)
从那时起,客户应该就好了。
对于 Firebase 3.0.4 目前没有。
从nodejs模块源代码来看,jwt expiresIn设置为1小时。这对于移动应用程序用户来说是不可接受的(只要他们登录了密钥就应该没问题)。希望这个问题能尽快修复,因为它会阻止我们升级 sdk
FirebaseTokenGenerator.prototype.createCustomToken = function(uid, developerClaims) {
if (typeof uid !== 'string' || uid === '') {
throw new Error('First argument to createCustomToken() must be a non-empty string uid');
} else if (uid.length > 128) {
throw new Error('First argument to createCustomToken() must a uid with less than or equal to 128 characters');
} else if (typeof developerClaims !== 'undefined' && (typeof developerClaims !== 'object' || developerClaims === null || developerClaims instanceof Array)) {
throw new Error('Optional second argument to createCustomToken() must be an object containing the developer claims');
}
var jwtPayload = {};
if (typeof developerClaims !== 'undefined') {
jwtPayload.claims = {};
for (var key in developerClaims) {
/* istanbul ignore else */
if (developerClaims.hasOwnProperty(key)) {
if (BLACKLISTED_CLAIMS.indexOf(key) !== -1) {
throw new Error('Developer claim "' + key + '" is reserved and cannot be specified');
}
jwtPayload.claims[key] = developerClaims[key];
}
}
}
jwtPayload.uid = uid;
return jwt.sign(jwtPayload, this.serviceAccount.private_key, {
audience: FIREBASE_AUDIENCE,
expiresIn: ONE_HOUR_IN_SECONDS,
issuer: this.serviceAccount.client_email,
subject: this.serviceAccount.client_email,
algorithm: ALGORITHM
});
};
由于此注释“exp 令牌过期的时间(以秒为单位)。它最多可以比 iat 晚 3600 秒”,因此更新以下内容将不起作用。Firebase 令牌的最长生命周期为 1 小时。
解决方案似乎是生成我们自己的令牌
Use a JWT library
You can create a custom token suitable for authenticating with Firebase by using any JWT creation library. Create a JWT that includes the following claims and is signed using RS256.
JWT claims
iss Your project's service account email address
sub Your project's service account email address
aud https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit
iat The current time, in seconds
exp The time, in seconds, at which the token expires. It can be at a maximum 3600 seconds later than iat.
uid The unique identifier of the signed-in user (must be a string, between 1-36 characters long)
claims (optional) Custom claims to include in the Security Rules auth variable.
应满足上述条件的代币生成函数示例:
var ALGORITHM = 'RS256';
// List of blacklisted claims which cannot be provided when creating a custom token
var BLACKLISTED_CLAIMS = [
'acr', 'amr', 'at_hash', 'aud', 'auth_time', 'azp', 'cnf', 'c_hash', 'exp', 'iat', 'iss', 'jti',
'nbf', 'nonce'
];
var FIREBASE_AUDIENCE = 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit';
function generateFirebaseToken(serviceAccount, uid, expiresIn, developerClaims) {
var jwtPayload = {};
if (typeof developerClaims !== 'undefined') {
jwtPayload.claims = {};
for (var key in developerClaims) {
if (developerClaims.hasOwnProperty(key)) {
if (BLACKLISTED_CLAIMS.indexOf(key) !== -1) {
throw new Error('Developer claim "' + key + '" is reserved and cannot be specified');
}
jwtPayload.claims[key] = developerClaims[key];
}
}
}
jwtPayload.uid = uid;
return jwt.sign(jwtPayload, serviceAccount.private_key, {
audience: FIREBASE_AUDIENCE,
expiresIn: expiresIn,
issuer: serviceAccount.client_email,
subject: serviceAccount.client_email,
algorithm: ALGORITHM
});
}
参考:firebase 文档
| 归档时间: |
|
| 查看次数: |
1831 次 |
| 最近记录: |