提问者:小点点

使用FireBase身份验证模拟器创建和验证(JWT)令牌


我的目标是通过Firebase管理员发布令牌,用于使用模拟器进行本地开发的身份验证。

使用 FireBase 管理后台在模拟器中定位本地项目(演示项目)。以下代码用于查找用户以及颁发和验证令牌。但这个结果是代币受众 (aud) 的不匹配。如何解决这个问题?

Firebase ID令牌的受众(aud)声明不正确。应为demo-project,但得到的是https://identity toolkit . Google APIs . com/Google . identity . identity toolkit . v1 . identity toolkit。请确保ID标记来自与用于初始化此SDK的凭据相同的Firebase项目

    Environment.SetEnvironmentVariable("FIREBASE_AUTH_EMULATOR_HOST", "localhost:9099");
    Environment.SetEnvironmentVariable("GCLOUD_PROJECT", "demo-project");
    
    var email = [EMAIL];
    
    GoogleCredential dummyCredential =
               GoogleCredential.FromAccessToken("test-token");
    
    var app = FirebaseApp.Create(new AppOptions
    {
        Credential = dummyCredential
    });
    var auth = FirebaseAuth.GetAuth(app);
    var user = await auth.GetUserByEmailAsync(email);
    var token = await auth.CreateCustomTokenAsync(user.Uid);
    var verifiedToken = await auth.VerifyIdTokenAsync(token);

观众似乎取决于管理SDK是如何启动的,这就是不匹配的原因。应该如何启动SDK进行模拟器开发?希望可以在不与任何Firebase托管项目有任何联系的情况下实现这一点。


共1个答案

匿名用户

编写了两个用于登录的util函数,使用令牌或电子邮件/密码。

Environment.SetEnvironmentVariable("FIREBASE_AUTH_EMULATOR_HOST", "localhost:9099");
Environment.SetEnvironmentVariable("GCLOUD_PROJECT", "demo-project");

var email = [EMAIL];

GoogleCredential dummyCredential =
            GoogleCredential.FromAccessToken("test-token");

var app = FirebaseApp.Create(new AppOptions
{
    Credential = dummyCredential,
    ProjectId = "demo-project"
});

var auth = FirebaseAuth.DefaultInstance;
var user = await auth.GetUserByEmailAsync(email);
var token = await auth.CreateCustomTokenAsync(user.Uid);
var verifiedToken = await auth.VerifyIdTokenAsync(await SignIn.FireBaseSignIn(token));

而不是使用创建自定义令牌,而是通过登录工具登录现有用户;

var user = await auth.GetUserByEmailAsync(email);
var verifiedToken = await auth.VerifyIdTokenAsync(await SignIn.FireBaseSignIn(email, [PASSWORD]));

登录工具;

public record SignInResponse(string IdToken);

public static async Task<string> FireBaseSignIn(string email, string password)
{
    var authClient = new HttpClient
    {
        BaseAddress = new Uri("http://localhost:9099/")
    };

    var res = await authClient.PostAsJsonAsync("identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=fake-api-key",
        new { email, password, returnSecureToken = true });
    res.EnsureSuccessStatusCode();

    var json = await res.Content.ReadFromJsonAsync<SignInResponse>();

    return json.IdToken;
}

public static async Task<string> FireBaseSignIn(string token)
{
    var authClient = new HttpClient
    {
        BaseAddress = new Uri("http://localhost:9099/")
    };

    var res = await authClient.PostAsJsonAsync("identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=fake-api-key",
        new { token, returnSecureToken = true });
    res.EnsureSuccessStatusCode();

    var json = await res.Content.ReadFromJsonAsync<SignInResponse>();

    return json.IdToken;
}