我正在将 node.js 应用程序迁移到 Firebase v3。
在 v2 中,我使用的是 FirebaseTokenGenerator生成自定义 token 。它需要一个 apiToken,这与 Firebase v3 在 Node 中的工作方式不一致,我看到现在有一个 'createCustomToken ' firebase.auth 服务上的方法,所以我假设我现在应该使用它。
问题是此方法似乎只接受“uid”和“developerClaims”作为参数,其中 FirebaseTokenGenerator 还接受包含“expires”属性的选项对象。
有没有办法给“createCustomToken”生成的 token 一个到期日期?
最佳答案
更新
引用:https://groups.google.com/forum/#!topic/firebase-talk/Ezy3RDNNRAs
Once they login using the custom token, the Firebase exchanged Id token is long lived and is automatically refreshed. You don't need to mint a new custom token on each request. You can verify the Firebase Id token using the backend server libraries and as long as it is valid, you don't to sign in the user again.
所以看起来生成的 token 是临时的,用于检索 id token (内部)
FIRAuth.auth()?.signInWithCustomToken(customToken)
从那时起客户端应该是好的。
当前没有 Firebase 3.0.4
从 nodejs 模块源代码看来,jwt expiresIn 设置为 1 小时。这对于移动应用程序用户来说是 Not Acceptable (只要他们登录了他们的 key 就可以了)。希望尽快解决这个问题,因为它会阻止我们升级我们的 sdk
FirebaseTokenGenerator.prototype.createCustomToken = function(uid, developerClaims) {
if (typeof uid !== 'string' || uid === '') {
throw new Error('First argument to createCustomToken() must be a non-empty string uid');
} else if (uid.length > 128) {
throw new Error('First argument to createCustomToken() must a uid with less than or equal to 128 characters');
} else if (typeof developerClaims !== 'undefined' && (typeof developerClaims !== 'object' || developerClaims === null || developerClaims instanceof Array)) {
throw new Error('Optional second argument to createCustomToken() must be an object containing the developer claims');
}
var jwtPayload = {};
if (typeof developerClaims !== 'undefined') {
jwtPayload.claims = {};
for (var key in developerClaims) {
/* istanbul ignore else */
if (developerClaims.hasOwnProperty(key)) {
if (BLACKLISTED_CLAIMS.indexOf(key) !== -1) {
throw new Error('Developer claim "' + key + '" is reserved and cannot be specified');
}
jwtPayload.claims[key] = developerClaims[key];
}
}
}
jwtPayload.uid = uid;
return jwt.sign(jwtPayload, this.serviceAccount.private_key, {
audience: FIREBASE_AUDIENCE,
expiresIn: ONE_HOUR_IN_SECONDS,
issuer: this.serviceAccount.client_email,
subject: this.serviceAccount.client_email,
algorithm: ALGORITHM
});
};
由于此评论,无法更新以下内容 “exp token 过期的时间,以秒为单位。最多可以比 iat 晚 3600 秒。” Firebase token 的最长生命周期为 1 小时。
解决方案似乎是生成我们自己的 token
Use a JWT library
You can create a custom token suitable for authenticating with Firebase by using any JWT creation library. Create a JWT that includes the following claims and is signed using RS256.
JWT claims
iss Your project's service account email address
sub Your project's service account email address
aud https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit
iat The current time, in seconds
exp The time, in seconds, at which the token expires. It can be at a maximum 3600 seconds later than iat.
uid The unique identifier of the signed-in user (must be a string, between 1-36 characters long)
claims (optional) Custom claims to include in the Security Rules auth variable.
应满足上述条件的 token 生成函数示例:
var ALGORITHM = 'RS256';
// List of blacklisted claims which cannot be provided when creating a custom token
var BLACKLISTED_CLAIMS = [
'acr', 'amr', 'at_hash', 'aud', 'auth_time', 'azp', 'cnf', 'c_hash', 'exp', 'iat', 'iss', 'jti',
'nbf', 'nonce'
];
var FIREBASE_AUDIENCE = 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit';
function generateFirebaseToken(serviceAccount, uid, expiresIn, developerClaims) {
var jwtPayload = {};
if (typeof developerClaims !== 'undefined') {
jwtPayload.claims = {};
for (var key in developerClaims) {
if (developerClaims.hasOwnProperty(key)) {
if (BLACKLISTED_CLAIMS.indexOf(key) !== -1) {
throw new Error('Developer claim "' + key + '" is reserved and cannot be specified');
}
jwtPayload.claims[key] = developerClaims[key];
}
}
}
jwtPayload.uid = uid;
return jwt.sign(jwtPayload, serviceAccount.private_key, {
audience: FIREBASE_AUDIENCE,
expiresIn: expiresIn,
issuer: serviceAccount.client_email,
subject: serviceAccount.client_email,
algorithm: ALGORITHM
});
}
关于node.js - 我可以使用 Firebase v3 向 customToken 添加到期日期吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37564599/