英文:
Get signed-in user from server side
问题
我有一个使用signInWithEmailAndPassword来登录用户的Firebase客户端Web应用程序。我了解Firebase客户端会自动保存令牌并用它来验证所有Firebase请求,但我如何在Node.js的服务器端获取当前已登录的用户呢?
明确一下,我没有使用Firestore。我的应用程序在SQL上运行,所以我需要从服务器端检查是哪个用户在发出请求。Firebase是否将令牌放入了Cookie中,我是否可以使用firebase-admin来检索用户?
英文:
I have a Firebase client web app that uses signInWithEmailAndPassword to log users in. I understand that the Firebase client will automatically save the token and use it to authenticate all Firebase requests, but how do I get the currently signed in user from the server side in node.js?
To be clear, I am NOT using Firestore. My app runs on SQL so I need to check what user is making the request from the server. Is there a cookie that Firebase puts the token into that I can then use firebase-admin to retrieve the user with?
答案1
得分: 0
你需要在客户端传递已登录用户的ID令牌,然后将其与请求一起传递到服务器,并在Node.js代码中解码和验证该令牌。
整个过程在Firebase文档中关于验证ID令牌中有详细说明,因此我建议在实施流程时将其保持方便。
关于Cloud Functions(第一代)上下文中类似流程的示例,请参见授权的HTTPS端点。客户端JavaScript位于public文件夹中,而服务器端Node.js代码位于functions文件夹中。
英文:
You will have to pass the get ID token for the signed-in user on the client, pass that with the request to your server, and then decode and verify that token in your Node.js code.
The entire process is pretty well described in the Firebase documentation on verifying ID tokens, so I recommend keeping that handy when you implement the flow.
For an example of a similar flow in the context of Cloud Functions (1st gen), see this Authorized HTTPS Endpoint. The client-side JavaScript is in the public folder, while the server-side Node.js code is in the functions folder.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论