javascript - Firebase 身份验证模拟器因 IDP 失败

Question

我们有一个应用程序在云中运行良好，谷歌和 Github 作为 IDP。
尝试使用模拟器在本地工作时。调用 createSessionCookie失败:FirebaseAuthError: There is no user record corresponding to the provided identifier当我尝试以下操作时:

app.get('/console/sessionLogin', (req, res) => {

    const idToken = req.query.idToken;


    admin.auth().verifyIdToken(idToken)
        .then((result) => {
            console.log(">> VERIFY TOKEN = ", result);
        }, (error)=> {
            console.log(">>>> VERIFY FAILED ", error);
        });
});

我收到此错误:>>>> VERIFY FAILED FirebaseAuthError: Firebase ID token has invalid signature
我用以下方式启动模拟器:GOOGLE_APPLICATION_CREDENTIALS=./service-auth.json FIREBASE_AUTH_EMULATOR_HOST=localhost:9099 firebase emulators:start这是我在模拟器启动时得到的:

i  emulators: Starting emulators: auth, functions, firestore, hosting
⚠  functions: The following emulators are not running, calls to these services from the Functions emulator will affect production: database, pubsub
✔  functions: Using node@14 from host.
⚠  functions: Your GOOGLE_APPLICATION_CREDENTIALS environment variable points to ./service-auth.json. Non-emulated services will access production using these credentials. Be careful!
⚠  firestore: Did not find a Cloud Firestore rules file specified in a firebase.json config file.
⚠  firestore: The emulator will default to allowing all reads and writes. Learn more about this option: https://firebase.google.com/docs/emulator-suite/install_and_configure#security_rules_configuration.
i  firestore: Firestore Emulator logging to firestore-debug.log
i  hosting: Serving hosting files from: public
✔  hosting: Local server: http://localhost:8090
i  ui: Emulator UI logging to ui-debug.log
i  functions: Watching "/Users/.../functions" for Cloud Functions...
✔  functions[console]: http function initialized (http://localhost:5001/XXXX/us-central1/console).

┌─────────────────────────────────────────────────────────────┐
│ ✔  All emulators ready! It is now safe to connect your app. │
│ i  View Emulator UI at http://localhost:8091                │
└─────────────────────────────────────────────────────────────┘

┌────────────────┬────────────────┬─────────────────────────────────┐
│ Emulator       │ Host:Port      │ View in Emulator UI             │
├────────────────┼────────────────┼─────────────────────────────────┤
│ Authentication │ localhost:9099 │ http://localhost:8091/auth      │
├────────────────┼────────────────┼─────────────────────────────────┤
│ Functions      │ localhost:5001 │ http://localhost:8091/functions │
├────────────────┼────────────────┼─────────────────────────────────┤
│ Firestore      │ localhost:8080 │ http://localhost:8091/firestore │
├────────────────┼────────────────┼─────────────────────────────────┤
│ Hosting        │ localhost:8090 │ n/a                             │
└────────────────┴────────────────┴─────────────────────────────────┘
  Emulator Hub running at localhost:4400
  Other reserved ports: 4500

我在调用之前将 console.log 添加到 auth 类中，我看到了:

>  SENDING AUTH REQUEST  {
>    method: 'POST',
>    url: 'http://localhost:9099/identitytoolkit.googleapis.com/v1/projects/XXXX:createSessionCookie',
>    headers: { 'X-Client-Version': 'Node/Admin/9.7.0' },
>    data: {
>      idToken: 'eyJhbGciOiJSUzI1NiIsImtpZCI6ImNjM2Y0ZThiMmYxZDAyZjBlYTRiMWJkZGU1NWFkZDhiMDhiYzUzODYiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoiWW9hdiBOaXJhbiIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS0vQU9oMTRHajczX2tnUmQxVnBTV3Y2RzRrOU41ZHZLNkRESjJlaGZrUUhPN2w9czk2LWMiLCJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vbWVkaWEtZmxvdy1iMzdkMSIsImF1ZCI6Im1lZGlhLWZsb3ctYjM3ZDEiLCJhdXRoX3RpbWUiOjE2MjAyMTExOTMsInVzZXJfaWQiOiJFa2lhRUc0NXFoTU9Jbk5VT01IbHJOYVpuR24yIiwic3ViIjoiRWtpYUVHNDVxaE1PSW5OVU9NSGxyTmFabkduMiIsImlhdCI6MTYyMDIxMTE5MywiZXhwIjoxNjIwMjE0NzkzLCJlbWFpbCI6InlvYXZAY2xvdWRpbmFyeS5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJnb29nbGUuY29tIjpbIjEwNzEwMTUyNzU2NTgzOTU0Nzg4MyJdLCJlbWFpbCI6WyJ5b2F2QGNsb3VkaW5hcnkuY29tIl19LCJzaWduX2luX3Byb3ZpZGVyIjoiZ29vZ2xlLmNvbSJ9fQ.grIXaGN9-Ue92EZqN7NNgoUo3vQF8zxApvHZ6IvucWIQOJKDMJnSxEvWGH6P7vg4ETQldgg1VtLNC-eRhE_417OJYKkqpTutsT6mihUgiAHmFoVWcrcgDFn0PSi0eznqFiYq36OpAJQo8CiaMIrFeyqrhe9qQUdhKvz-1XzksbsKc1gna-6yVcdaQtcEfsmmrMJnfK9MQ1MsE2_F3ooVzV5Ym1b_6cFNAilBPHThIVn7kZ64kTBqTOUon06PV3uD_Svv3X3B971cW9oXSnZGZDEJs6fP0vHyKhakFrNVNwcgbhPnJ7WIkNjh0WuG3yYMSNn8LauZMllHP2iV3nICAA',
>      validDuration: 432000
>    },
>    timeout: 25000
>  }

因此，当给定来自 IDP 的 id token 时，模拟身份验证服务似乎失败了......
我不确定我还缺少什么。尚未能够在网上找到有关此特定问题的任何内容。
可能相关的最后一件事 - 我在节点 14.15.1 上运行

Answer 1

我遇到过同样的问题。
事实证明，我试图验证的 token 实际上来自我的生产身份验证实例，而不是模拟器。
为了解决这个问题，我不得不告诉我的应用程序使用模拟器进行身份验证:

const auth = firebase.auth();
auth.useEmulator("http://localhost:9099");

更多信息请访问 here .