Firebase Auth – 使用Microsoft OAuth AccessToken来访问Firebase Rest API

huangapple go评论77阅读模式
英文:

Firebase Auth - Use Microsoft OAuth AccessToken to access Firebase Rest API

问题

I'm currently trying to use a Microsoft access token to access my Firebase API (and find out the user ID within Firebase Auth / Google Identity Platform). Calling https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp ends in a 400.

What have I done:
Get my access token by calling:
https://login.microsoftonline.com/[tenant]/oauth2/v2.0/token
This works well, and I get an access_token, refresh_token, and id_token in response.

After that, I try to authenticate to GIP by using this documented REST Call: https://cloud.google.com/identity-platform/docs/use-rest-api#section-sign-in-with-oauth-credential.

Unfortunately, there are only examples available for Google and Twitter. Calling it with this body fails:

{
    "postBody": "idToken=[AuthTokenFromMsCall]&providerId=microsoft.com",
    "requestUri": "http://localhost",
    "returnIdpCredential": true,
    "returnSecureToken": true,
    "tenant": "[ms_tenant]" //tried without this as well  
}

but get this response with code 400

{
  "error": {
    "code": 400,
    "message": "INVALID_CREDENTIAL_OR_PROVIDER_ID : Invalid IdP response/credential: http://localhost?idToken=[AccessToken]&providerId=microsoft.com",
    "errors": [
      {
        "message": "INVALID_CREDENTIAL_OR_PROVIDER_ID : Invalid IdP response/credential: http://localhost?[AccessToken]&providerId=microsoft.com",
        "domain": "global",
        "reason": "invalid"
      }
    ]
  }
}

Does anyone know how to configure my body parameters to get a 200 Response?

英文:

I'm currently trying to use a microsoft access token to access my firebase api (and find out the userid within firebase-auth / google identity platform. Calling https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp ends in a 400

What have I done:
Get my accesstoken by calling:
https://login.microsoftonline.com/[tenant]/oauth2/v2.0/token
This works well and I get a access_token, refresh_token and id_token in response.

After that I try to authenticate to GIP by using this documented REST Call: https://cloud.google.com/identity-platform/docs/use-rest-api#section-sign-in-with-oauth-credential

Unfortunately there are only examples available for google and twitter. Calling it with this body fails:

{
"postBody": "idToken=[AuthTokenFromMsCall]&providerId=microsoft.com",
    "requestUri":"http://localhost",
    "returnIdpCredential":true,
    "returnSecureToken":true,
    "tenant":"[ms_tenant]" //tried without this as well  
}

but get this response with code 400

{
  "error": {
    "code": 400,
    "message": "INVALID_CREDENTIAL_OR_PROVIDER_ID : Invalid IdP response/credential: http://localhost?idToken=[AccessToken]&providerId=microsoft.com",
    "errors": [
      {
        "message": "INVALID_CREDENTIAL_OR_PROVIDER_ID : Invalid IdP response/credential: http://localhost?[AccessToken]&providerId=microsoft.com",
        "domain": "global",
        "reason": "invalid"
      }
    ]
  }
}

Does anyone know how to configure my body parameters to get a 200 Response

答案1

得分: 1

根据此文档,Firebase Auth目前不支持Microsoft身份验证。

与Firebase支持的其他OAuth提供程序(如Google、Facebook和Twitter)不同,可以直接使用OAuth访问令牌进行登录,Firebase Auth不支持使用Microsoft等提供程序的同样功能,因为Firebase Auth服务器无法验证Microsoft OAuth访问令牌的受众。

针对此问题已提出了一个仍然未关闭的问题,可能您可以在GitHub上添加您的关注。

英文:

As of this document seems, Firebase Auth doesn't currently support Microsoft authentication.

>Unlike other OAuth providers supported by Firebase such as Google, Facebook, and Twitter, where sign-in can directly be achieved with OAuth access token based credentials, Firebase Auth does not support the same capability for providers such as Microsoft due to the inability of the Firebase Auth server to verify the audience of Microsoft OAuth access tokens.

There is a bug raised for this at github which is still open,Maybe you can add your concern there.

huangapple
  • 本文由 发表于 2023年7月13日 15:13:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/76676795.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定