分享程序员开发的那些事...
更新时间:2021-07-25 20:50:56
通过检查 Javascript API 发送的请求,我想出了如何为 Firebase 执行电子邮件和密码身份验证.
I figured out how to perform email and password authentication for Firebase by examining the requests sent by the Javascript API.
这些 API 未记录且不受支持
Firebase 3 身份验证是 Google Identity Toolkit 的更新和重命名版本.旧文档并不完全准确,但可能有用,可以在此处找到:https://developers.google.com/identity/toolkit/web/reference/
Firebase 3 authentication is an updated and renamed version of the Google Identity Toolkit. The old documentation is not fully accurate, but may be useful and can be found here: https://developers.google.com/identity/toolkit/web/reference/
Firebase 3 要求所有请求在标头中包含 Content-Type: application/json
Firebase 3 要求将 API 密钥附加到所有身份验证请求.您可以通过访问 Firebase 项目概述并点击将 Firebase 添加到您的网络应用程序"来找到您的数据库的 API 密钥.您应该会看到一个包含如下代码的窗口:
Firebase 3 requires an API key to be attached to all authentication requests. You can find the API key for your database by visiting the Firebase project overview and clicking on "Add Firebase to your web app". You should see a window with code like the following:
<script src="https://www.gstatic.com/firebasejs/live/3.0/firebase.js"> </script>
<script>
// Initialize Firebase
var config = {
apiKey: "<my-firebase-api-key>",
authDomain: "my-firebase.firebaseapp.com",
databaseURL: "https://my-firebase.firebaseio.com",
storageBucket: "my-firebase.appspot.com",
};
firebase.initializeApp(config);
</script>
复制 apiKey 值并保存以备后用.
Copy the apiKey value and save it for later.
方法:POST
网址:https://www.googleapis.com/identitytoolkit/v3/relyingparty/signupNewUser?key=
有效载荷:
{
email: "<email>",
password: "<password>",
returnSecureToken: true
}
回复:
{
"kind": "identitytoolkit#SignupNewUserResponse",
"localId": "<firebase-user-id>", // Use this to uniquely identify users
"email": "<email>",
"displayName": "",
"idToken": "<provider-id-token>", // Use this as the auth token in database requests
"registered": true,
"refreshToken": "<refresh-token>",
"expiresIn": "3600"
}
方法:POST
网址:https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=
有效载荷:
{
email: "<email>",
password: "<password>",
returnSecureToken: true
}
回复:
{
"kind": "identitytoolkit#VerifyPasswordResponse",
"localId": "<firebase-user-id>", // Use this to uniquely identify users
"email": "<email>",
"displayName": "",
"idToken": "<provider-id-token>", // Use this as the auth token in database requests
"registered": true,
"refreshToken": "<refresh-token>",
"expiresIn": "3600"
}
方法:POST
网址:https://www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo?key=
有效载荷:
{
idToken: "<provider-id-token>"
}
回复:
{
"kind": "identitytoolkit#GetAccountInfoResponse",
"users": [
{
"localId": "<firebase-user-id>",
"email": "<email>",
"emailVerified": false,
"providerUserInfo": [
{
"providerId": "<password>",
"federatedId": "<email>",
"email": "<email>",
"rawId": "<email>"
}],
"passwordHash": "<hash>",
"passwordUpdatedAt": 1.465327109E12,
"validSince": "1465327108",
"createdAt": "1465327108000"
}]
}
这些请求返回 Firebase 文档中描述的 JSON 数据.https://www.firebase.com/docs/web/guide/login/password.html#section-logging-in
您可以通过使用以下格式发送 GET 请求来进行身份验证:
You can authenticate by sending a GET request with the following format:
https://auth.firebase.com/v2/<db_name>/auth/password?&email=<email>&password=<password>
用户创建也可以通过将 _method=POST 作为查询字符串的一部分发送相同的 GET 请求来执行
User creation can also be performed by sending the same GET request with _method=POST as part of the query string
https://auth.firebase.com/v2/<db_name>/users?&email=<email>&password=<password>&_method=POST