如何将firebase身份验证与Google App引擎端点集成

I am writing a backend server for mobile applications. The backend is running on google app engine and written in Java.

我正在为移动应用程序编写后端服务器。后端在谷歌应用引擎上运行，用Java编写。

I want users to be able to login with federated identity such as facebook.

我希望用户能够使用Facebook等联合身份登录。

I saw that google supports this kind of authentication for mobile apps via firebase authentication. What would be the best way to integrate firebase authentication with my current app engine endpoints?

我看到谷歌通过firebase身份验证为移动应用程序支持这种身份验证。将firebase身份验证与我当前的应用引擎端点集成的最佳方法是什么？

I already use the cloud platform's datastore and don't wish to work with the firebase database, only use the authentication method.

我已经使用了云平台的数据存储区，并且不希望使用firebase数据库，只使用身份验证方法。

Thanks.

谢谢。

2 个解决方案

#1

I'm also looking for an answer to this. My best 5c so far is to

我也在寻找答案。到目前为止，我最好的5c是

Use FireBase to set up sign in methods etc. from the console
使用FireBase从控制台设置登录方法等
Use FireBase UI (in beta) for web or "Federated identity provider integration" for iOS/Android to set up the authentication flow
使用适用于Web的FireBase UI（测试版）或iOS / Android的“联合身份提供程序集成”来设置身份验证流程
Retrive token/authentication details on your web/iOS/Android client and pass it on to your Cloud Endpoints as e.g., HTTP Request Headers
在Web / iOS / Android客户端上检索令牌/身份验证详细信息，并将其传递到您的Cloud端点，例如，HTTP请求标头
Inject the javax.servlet.http.HttpServletRequest to your endpoint methods (just add an argument and Google with inject the request object automatically)
将javax.servlet.http.HttpServletRequest注入到端点方法中（只需添加一个参数，Google就会自动注入请求对象）
Create a method that your Endpoint will call for each request (that needs authentication) that will handle the validation of the credentials you have passed on as HTTP Request Headers
创建一个Endpoint将为每个请求（需要身份验证）调用的方法，该方法将处理您作为HTTP请求标头传递的凭据的验证
Use FireBase Java SDK to call FireBase to validate the credentials (in order to do this, you need to export the json configuration from the Firebase console) and load the SDK with them, e.g., in one of your servlets:
使用FireBase Java SDK调用FireBase以验证凭据（为此，您需要从Firebase控制台导出json配置）并使用它们加载SDK，例如，在您的一个servlet中：

@Override
    public void init(ServletConfig config) {
        try{
        InputStream in = config.getServletContext().getResourceAsStream("/WEB-INF/firebase-privatekey.json");
        FirebaseOptions options = new FirebaseOptions.Builder()
                .setServiceAccount(in)
                .setDatabaseUrl("YOUR_DATABASE_URL")
                .build();
        FirebaseApp.initializeApp(options);
        log.info("Authentication enabled");
        }
        catch(Throwable t) {
            t.printStackTrace();
            log.warning("AUTHENTICATION DISABLED. Only public resources will be available");
        }
    }

#2

You should be able to use Google Cloud Endpoints as an authentication proxy in front of your app. Endpoints supports validating Firebase Authentication tokens by configuring your OpenAPI template:

您应该可以在应用前使用Google Cloud Endpoints作为身份验证代理。端点支持通过配置OpenAPI模板验证Firebase身份验证令牌：

# Configure Firebase as an AuthN provider
securityDefinitions:
    firebase:
      authorizationUrl: ""
      flow: "implicit"
      type: "oauth2"
      # Replace YOUR-PROJECT-ID with your project ID in the issuer and audiences fields
      x-google-issuer: "https://securetoken.google.com/YOUR-PROJECT-ID"
      x-google-audiences: "YOUR-PROJECT-ID"
      x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com"

# Add Firebase as an authN provider to specific endpoints...
security:
  - firebase: []

Alternatively, you can use the Firebase Admin SDK to write authentication middleware that validates your tokens:

或者，您可以使用Firebase Admin SDK编写验证令牌的身份验证中间件：

FirebaseAuth.getInstance().verifyIdToken(idToken)
    .addOnSuccessListener(new OnSuccessListener<FirebaseToken>() {
        @Override
        public void onSuccess(FirebaseToken decodedToken) {
            String uid = decodedToken.getUid();
            // ...
        }
});

#1