Javascript firebase身份验证:signInWithCustomToken和createSessionCookie-错误身份验证/无效id
我正在尝试使用Firebase自定义令牌和会话cookie实现登录机制,当然我做错了什么,但我无法理解 我会把我的代码,然后解释我是如何使用它来测试它 前端代码Javascript firebase身份验证:signInWithCustomToken和createSessionCookie-错误身份验证/无效id,javascript,firebase,firebase-authentication,session-cookies,firebase-cli,Javascript,Firebase,Firebase Authentication,Session Cookies,Firebase Cli,我正在尝试使用Firebase自定义令牌和会话cookie实现登录机制,当然我做错了什么,但我无法理解 我会把我的代码,然后解释我是如何使用它来测试它 前端代码 const functions = firebase.functions(); const auth = firebase.auth(); auth.setPersistence(firebase.auth.Auth.Persistence.NONE); auth.onAuthStateChanged((user) => {
const functions = firebase.functions();
const auth = firebase.auth();
auth.setPersistence(firebase.auth.Auth.Persistence.NONE);
auth.onAuthStateChanged((user) => {
if (user) {
user.getIdToken()
.then((idToken) => {
console.log(idToken);
});
}
});
function testCustomLogin(token) {
firebase.auth().signInWithCustomToken(token)
.then((signInToken) => {
console.log("Login OK");
console.log("signInToken", signInToken);
signInToken.user.getIdToken()
.then((usertoken) => {
let data = {
token: usertoken
};
fetch("/logincookiesession", {
method: "POST",
body: JSON.stringify(data)
}).then((res) => {
console.log("Request complete! response:", res);
console.log("firebase signout");
auth.signOut()
.then(()=> {
console.log("redirecting ....");
window.location.assign('/');
return;
})
.catch(() => {
console.log("error during firebase.signOut");
});
});
});
})
.catch(function(error) {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
console.log(errorCode, errorMessage);
});
}
后端代码
app.post('/logincookiesession', (req, res) => {
let token = req.body.token;
// Set session expiration to 5 days.
const expiresIn = 60 * 60 * 24 * 5 * 1000;
// Create the session cookie. This will also verify the ID token in the process.
// The session cookie will have the same claims as the ID token.
// To only allow session cookie setting on recent sign-in, auth_time in ID token
// can be checked to ensure user was recently signed in before creating a session cookie.
admin.auth().createSessionCookie(token, {expiresIn})
.then((sessionCookie) => {
// Set cookie policy for session cookie.
const options = {maxAge: expiresIn, httpOnly: true, secure: true};
res.cookie('session', sessionCookie, options);
res.end(JSON.stringify({status: 'success'}));
})
.catch((error) => {
res.status(401).send('UNAUTHORIZED REQUEST!' + JSON.stringify(error));
});
});
app.get('/logintest', (req, res) => {
let userId = 'jcm@email.com';
let additionalClaims = {
premiumAccount: true
};
admin.auth().createCustomToken(userId, additionalClaims)
.then(function(customToken) {
res.send(customToken);
})
.catch(function(error) {
console.log('Error creating custom token:', error);
});
});
所以基本上我做的是
http://localhost:5000/logintest
,这会给我一个在浏览器中打印的令牌testCustomLogin
,并将步骤2中的令牌作为参数传递/logincookiesession
的调用返回以下内容:
未经授权的请求!{“code”:“auth/invalid id token”,“message”:“提供的id token不是有效的Firebase id token。”}
我完全迷路了
我可以在firebase控制台的身份验证部分看到用户jcm@email.com
已创建并登录,但我无法创建会话cookie
请,我需要一些建议。创建cookie会话的路由出错 应该是这样开始的
app.post('/logincookiesession', (req, res) => {
let params = JSON.parse(req.body);
let token = params.token;
我使用的代码来自一本手册,天哪。我希望这对其他人也有帮助。创建cookie会话的路由出错 应该是这样开始的
app.post('/logincookiesession', (req, res) => {
let params = JSON.parse(req.body);
let token = params.token;
我使用的代码来自一本手册,天哪。我希望这对别人也有帮助