我的目标是通过Firebase管理员发布令牌,用于使用模拟器进行本地开发的身份验证。
使用 FireBase 管理后台在模拟器中定位本地项目(演示项目)。以下代码用于查找用户以及颁发和验证令牌。但这个结果是代币受众 (aud) 的不匹配。如何解决这个问题?
Firebase ID令牌的受众(aud)声明不正确。应为demo-project,但得到的是https://identity toolkit . Google APIs . com/Google . identity . identity toolkit . v1 . identity toolkit。请确保ID标记来自与用于初始化此SDK的凭据相同的Firebase项目
Environment.SetEnvironmentVariable("FIREBASE_AUTH_EMULATOR_HOST", "localhost:9099");
Environment.SetEnvironmentVariable("GCLOUD_PROJECT", "demo-project");
var email = [EMAIL];
GoogleCredential dummyCredential =
GoogleCredential.FromAccessToken("test-token");
var app = FirebaseApp.Create(new AppOptions
{
Credential = dummyCredential
});
var auth = FirebaseAuth.GetAuth(app);
var user = await auth.GetUserByEmailAsync(email);
var token = await auth.CreateCustomTokenAsync(user.Uid);
var verifiedToken = await auth.VerifyIdTokenAsync(token);
观众似乎取决于管理SDK是如何启动的,这就是不匹配的原因。应该如何启动SDK进行模拟器开发?希望可以在不与任何Firebase托管项目有任何联系的情况下实现这一点。
编写了两个用于登录的util函数,使用令牌或电子邮件/密码。
Environment.SetEnvironmentVariable("FIREBASE_AUTH_EMULATOR_HOST", "localhost:9099");
Environment.SetEnvironmentVariable("GCLOUD_PROJECT", "demo-project");
var email = [EMAIL];
GoogleCredential dummyCredential =
GoogleCredential.FromAccessToken("test-token");
var app = FirebaseApp.Create(new AppOptions
{
Credential = dummyCredential,
ProjectId = "demo-project"
});
var auth = FirebaseAuth.DefaultInstance;
var user = await auth.GetUserByEmailAsync(email);
var token = await auth.CreateCustomTokenAsync(user.Uid);
var verifiedToken = await auth.VerifyIdTokenAsync(await SignIn.FireBaseSignIn(token));
而不是使用创建自定义令牌,而是通过登录工具登录现有用户;
var user = await auth.GetUserByEmailAsync(email);
var verifiedToken = await auth.VerifyIdTokenAsync(await SignIn.FireBaseSignIn(email, [PASSWORD]));
登录工具;
public record SignInResponse(string IdToken);
public static async Task<string> FireBaseSignIn(string email, string password)
{
var authClient = new HttpClient
{
BaseAddress = new Uri("http://localhost:9099/")
};
var res = await authClient.PostAsJsonAsync("identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=fake-api-key",
new { email, password, returnSecureToken = true });
res.EnsureSuccessStatusCode();
var json = await res.Content.ReadFromJsonAsync<SignInResponse>();
return json.IdToken;
}
public static async Task<string> FireBaseSignIn(string token)
{
var authClient = new HttpClient
{
BaseAddress = new Uri("http://localhost:9099/")
};
var res = await authClient.PostAsJsonAsync("identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=fake-api-key",
new { token, returnSecureToken = true });
res.EnsureSuccessStatusCode();
var json = await res.Content.ReadFromJsonAsync<SignInResponse>();
return json.IdToken;
}