英文:
Firebase Custom Authentication passing tokens
问题
我正在运行一个生成JWT令牌的Go服务器。我的原始计划是使用http.Redirect发送令牌,将令牌字符串作为URL的一部分。
这似乎行不通,因为我正在使用Firebase静态托管,因此只能进行客户端路由。
我应该如何传递我的令牌?也许可以使用头部?
- 我在'example.firebaseapp.com'(A)上运行我的静态SPA。
- 我在'example.us-west-2.compute.amazonaws.com'(B)上运行生成令牌的服务器。
- CAS服务器在'https://login.example.edu/cas/'(C)上运行。
- 当然还有用户的计算机(D)。
流程如下:
- 用户从静态主机(A)加载网站。
- 用户在计算机D上点击“通过学校登录”按钮,并被重定向到我的服务器(B)。
- B然后重定向到CAS服务器(C)。用户输入凭据并被重定向到计算机B。
- 计算机B使用密钥和uid生成令牌。
- 这个令牌需要以某种方式返回给用户。
用户将调用ref.authWithCustomToken("AUTH_TOKEN", function(error, authData) {。
以下是Go服务器代码:
func (h *myHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if !cas.IsAuthenticated(r) {
cas.RedirectToLogin(w, r)
return
}
if r.URL.Path == "/logout" {
cas.RedirectToLogout(w, r)
return
}
generatedToken := generateToken("uid") // 使用uid和密钥创建令牌
redirectURL := websiteURL + generatedToken
println(redirectURL)
println(generatedToken)
http.Redirect(w, r, redirectURL, http.StatusFound) // 我尝试使用重定向发送令牌。然而,由于静态服务器只支持“/”的路由,所以似乎不起作用。
//html.WriteTo(w)
}
希望对你有所帮助!
英文:
I am running a Go server that generates JWT tokens. My original plan was to send the tokens using an http.Redirect using the token string as part of the url.
This doesn't appear to work because I'm using Firebase static hosting and hence only have client side routing.
How can I push my token? Headers maybe?
- I'm running my static SPA on 'example.firebaseapp.com' (A).
- I'm running my server that generates tokens on 'example.us-west-2.compute.amazonaws.com' (B)
- The cas server is running on 'https://login.example.edu/cas/' (C)
- There is also of course the user's computer (D)
The flow goes as follows
- User load website from static host (A)
- User on computer D clicks 'login through school' button and is directed to my server (B)
- B then redirects to cas server (C). User puts in his credentials and is redirected to computer B.
- Computer B then generates a token using a secret key and a uid.
- This token needs to somehow be set back to the user
User would then callref.authWithCustomToken("AUTH_TOKEN", function(error, authData) {
Go Server Code
func (h *myHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if !cas.IsAuthenticated(r) {
cas.RedirectToLogin(w, r)
return
}
if r.URL.Path == "/logout" {
cas.RedirectToLogout(w, r)
return
}
generatedToken := generateToken("uid") // token is created using a uid and a secret
redirectURL := websiteURL + generatedToken
println(redirectURL)
println(generatedToken)
http.Redirect(w, r, redirectURL, http.StatusFound) // I attempt to send the token using a redirect. This doesn't seem to work though since the static server only supports routing for '/'.
//html.WriteTo(w)
}
答案1
得分: 4
如果我正确理解流程,那么你缺少的是一个终点,用户可以与之交互,并且可以将令牌返回给用户。
一个解决方法是在第2步中,用户应用程序传递一个高度不可猜测的值(一个“请求ID”),例如UUID。然后,令牌服务器可以在第5步将令牌写入Firebase数据库中的/tokens/<requestID>位置,客户端可以监听该位置以获取令牌。
英文:
If I understand the flow correctly, then what you're missing is an end point that your app user talks to and that can return the token to that user.
A workaround for this would be to have the user app pass in a highly unguessable value (a "request ID") in step 2, something like a UUID. The token server can then write the token into the Firebase Database in step 5 in /tokens/<requestID>, where the client is listening for it.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论