Firebase自定义身份验证传递令牌

huangapple go评论104阅读模式
英文:

Firebase Custom Authentication passing tokens

问题

我正在运行一个生成JWT令牌的Go服务器。我的原始计划是使用http.Redirect发送令牌,将令牌字符串作为URL的一部分。

这似乎行不通,因为我正在使用Firebase静态托管,因此只能进行客户端路由。

我应该如何传递我的令牌?也许可以使用头部?

  • 我在'example.firebaseapp.com'(A)上运行我的静态SPA。
  • 我在'example.us-west-2.compute.amazonaws.com'(B)上运行生成令牌的服务器。
  • CAS服务器在'https://login.example.edu/cas/'(C)上运行。
  • 当然还有用户的计算机(D)。

流程如下:

  1. 用户从静态主机(A)加载网站。
  2. 用户在计算机D上点击“通过学校登录”按钮,并被重定向到我的服务器(B)。
  3. B然后重定向到CAS服务器(C)。用户输入凭据并被重定向到计算机B。
  4. 计算机B使用密钥和uid生成令牌。
  5. 这个令牌需要以某种方式返回给用户
    用户将调用ref.authWithCustomToken("AUTH_TOKEN", function(error, authData) {

以下是Go服务器代码:

func (h *myHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
    if !cas.IsAuthenticated(r) {
        cas.RedirectToLogin(w, r)
        return
    }

    if r.URL.Path == "/logout" {
        cas.RedirectToLogout(w, r)
        return
    }

    generatedToken := generateToken("uid") // 使用uid和密钥创建令牌
    redirectURL := websiteURL + generatedToken
    println(redirectURL)

    println(generatedToken)
    http.Redirect(w, r, redirectURL, http.StatusFound) // 我尝试使用重定向发送令牌。然而,由于静态服务器只支持“/”的路由,所以似乎不起作用。
    //html.WriteTo(w)
}

希望对你有所帮助!

英文:

I am running a Go server that generates JWT tokens. My original plan was to send the tokens using an http.Redirect using the token string as part of the url.

This doesn't appear to work because I'm using Firebase static hosting and hence only have client side routing.

How can I push my token? Headers maybe?

  • I'm running my static SPA on 'example.firebaseapp.com' (A).
  • I'm running my server that generates tokens on 'example.us-west-2.compute.amazonaws.com' (B)
  • The cas server is running on 'https://login.example.edu/cas/' (C)
  • There is also of course the user's computer (D)

The flow goes as follows

  1. User load website from static host (A)
  2. User on computer D clicks 'login through school' button and is directed to my server (B)
  3. B then redirects to cas server (C). User puts in his credentials and is redirected to computer B.
  4. Computer B then generates a token using a secret key and a uid.
  5. This token needs to somehow be set back to the user
    User would then call ref.authWithCustomToken("AUTH_TOKEN", function(error, authData) {

Go Server Code

    func (h *myHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	  if !cas.IsAuthenticated(r) {
	 	cas.RedirectToLogin(w, r)
		return
	  }

	if r.URL.Path == "/logout" {
		cas.RedirectToLogout(w, r)
		return
	}
 
  generatedToken := generateToken("uid") // token is created using a uid and a secret
	redirectURL := websiteURL + generatedToken
	println(redirectURL)

	println(generatedToken)
	http.Redirect(w, r, redirectURL, http.StatusFound) // I attempt to send the token using a redirect. This doesn't seem to work though since the static server only supports routing for '/'. 
	//html.WriteTo(w)

    }

答案1

得分: 4

如果我正确理解流程,那么你缺少的是一个终点,用户可以与之交互,并且可以将令牌返回给用户。

一个解决方法是在第2步中,用户应用程序传递一个高度不可猜测的值(一个“请求ID”),例如UUID。然后,令牌服务器可以在第5步将令牌写入Firebase数据库中的/tokens/<requestID>位置,客户端可以监听该位置以获取令牌。

英文:

If I understand the flow correctly, then what you're missing is an end point that your app user talks to and that can return the token to that user.

A workaround for this would be to have the user app pass in a highly unguessable value (a "request ID") in step 2, something like a UUID. The token server can then write the token into the Firebase Database in step 5 in /tokens/&lt;requestID&gt;, where the client is listening for it.

huangapple
  • 本文由 发表于 2016年3月20日 04:36:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/36106839.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定