我有一个UID 1的用户,其中自定义声明被设置为,
frompos=true
我通过以下方式从admin SDK for java为此用户设置新的自定义声明:
Map<String,Object> claims = new HashMap<>();claims.put("frompos",false);FirebaseAuth.getInstance().setCustomUserClaimsAsync("1", claims).get(10000, TimeUnit.MILliSECONDS);
我在服务器端打印声明以检查是否设置了声明:
UserRecord user = FirebaseAuth.getInstance().getUserAsync("1").get(10000, TimeUnit.MILliSECONDS);LOG.deBUG("user new claims " + user.getCustomClaims());
预期的结果是声明设置:
user new claims {frompos=false}
现在在androID sdk端,我已经登录了用户,所以我手动刷新ID令牌以传播声明,就像文档说的那样
(https://firebase.google.com/docs/auth/admin/custom-claims)
FirebaseAuth.getInstance().getCurrentUser().getIDToken(true).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() { @OverrIDe public voID onComplete(@NonNull Task<GetTokenResult> task) { if(task.isSuccessful()){ Log.d("FragmentCreate","Success refreshing token "+(FirebaseAuth.getInstance().getCurrentUser()==null)); Log.d("FragmentCreate","New token "+task.getResult().getToken()); } } }).addOnFailureListener(new OnFailureListener() { @OverrIDe public voID onFailure(@NonNull Exception e) { Log.d("FragmentCreate","Failure refreshing token "+(FirebaseAuth.getInstance().getCurrentUser()==null)+" "+e.toString()); } });
现在我使用此处打印的打印ID令牌并在服务器端验证它并从中打印声明
Firebasetoken tokenTest = FirebaseAuth.getInstance(ahmedabadRepoApp).verifyIDTokenAsync(token).get(10000,TimeUnit.MILliSECONDS); LOG.deBUG("Token claims are "+tokenTest.getClaims());
但这里印刷的声明是:
{"aud":"ahmedabadrepo","auth_time":1514724115,"email_verifIEd":false,"exp":1514730425,"iat":1514726825,"iss":"https://securetoken.Google.com/ahmedabadrepo","sub":"1","frompos":true,"user_ID":"1","firebase":{"IDentitIEs":{},"sign_in_provIDer":"custom"}}
因此,即使我手动刷新了ID令牌,frompos值也没有传播到客户端sdk.
解决方法:
我在角度问题上遇到了同样的问题 – 我在服务器上使用admin SDK设置声明,但之后它们不会在客户端的用户身上.
使用以下我可以看到有效载荷中的声明:
this.firebaseAuth.auth.currentUser.getIDToken().then(IDToken => { const payload = JsON.parse(this.b64DecodeUnicode(IDToken.split('.')[1])) console.log(payload); } )b64DecodeUnicode(str) { return decodeURIComponent(atob(str).replace(/(.)/g, function (m, p) { var code = p.charCodeAt(0).toString(16).toupperCase(); if (code.length < 2) { code = '0' + code; } return '%' + code; })); }
这是我复制以上内容的good write up:
At the moment the clIEnt-sIDe code must parse and decode the user’s ID
token to extract the claims embedded within. In the future, the
Firebase clIEnt SDKs are likely to provIDe a simpler API for this use
case.
Firebase Docs的相关信息:
Custom claims can only be retrIEved through the user’s ID token.
Access to these claims may be necessary to modify the clIEnt UI based
on the user’s role or access level. However, backend access should
always be enforced through the ID token after valIDating it and
parsing its claims. Custom claims should not be sent directly to the
backend, as they can’t be trusted outsIDe of the token.Once the latest claims have propagated to a user’s ID token, you can
get these claims by retrIEving the ID token first and then parsing its
payload (base64 decoded):
// https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_enCoding_and_deCodingfirebase.auth().currentUser.getIDToken() .then((IDToken) => { // Parse the ID token. const payload = JsON.parse(b64DecodeUnicode(IDToken.split('.')[1])); // Confirm the user is an admin. if (!!payload['admin']) { showadminUI(); } }) .catch((error) => { console.log(error);
总结 以上是内存溢出为你收集整理的android – Firebase Auth Custom声称不会传播到客户端全部内容,希望文章能够帮你解决android – Firebase Auth Custom声称不会传播到客户端所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)