如何使用Firebase令牌验证保护Google Cloud Endpoints API?

时间:2021-08-20 23:14:17

My setup:

我的设置:

  • Java backend hosted on Google App Engine containing APIs that were created using Google Cloud Endpoints
  • 托管在Google App Engine上的Java后端,其中包含使用Google Cloud Endpoints创建的API
  • Mobile client applications containing generated client libraries for the endpoints mentioned above. Also integrated with Firebase for authentication and the database.
  • 移动客户端应用程序,包含上述端点的生成客户端库。还与Firebase集成以进行身份​​验证和数据库。

My intention is that a user of the mobile client applications will be able to log in to the mobile app using Firebase authentication, then connect to any of the backend APIs, which in turn will do some processing and then read or write data to/from the Firebase database.

我的意图是移动客户端应用程序的用户将能够使用Firebase身份验证登录到移动应用程序,然后连接到任何后端API,后端API将执行一些处理,然后读取或写入数据到/来自Firebase数据库。

To secure the APIs on the server, I think I'll have to use the built-in verifyIdToken() method of the Firebase Server SDK to (see Verifying ID Tokens on Firebase) to decode a user's ID token passed from the client application. As verifyIdToken() runs asynchronously, how would I integrate it with an API method in GAE? I have something similar to the following so far:

为了保护服务器上的API,我想我必须使用Firebase Server SDK的内置verifyIdToken()方法(请参阅验证Firebase上的ID令牌)来解码从客户端应用程序传递的用户ID令牌。由于verifyIdToken()以异步方式运行,我如何将其与GAE中的API方法集成?到目前为止,我有类似于以下内容:

@ApiMethod(name = "processAndSaveToDB", httpMethod = "post")
    public Response processAndSaveToDB(@Named("token") String token) {

        Response response = new Response();           

        // Check if the user is authenticated first
        FirebaseAuth.getInstance().verifyIdToken(idToken)
            .addOnSuccessListener(new OnSuccessListener() {
                @Override
                public void onSuccess(FirebaseToken decodedToken) {
                    String uid = decodedToken.getUid();

                    // do bulk of processAndSaveToDB() method

                })
            .addOnFailureListener(new OnFailureListener() {
                @Override
                public void onFailure(Exception e) {

                    // throw unauthorized exception

            });

    return response;
}

1 个解决方案

#1


7  

As this authentication task is running asynchronously in task queue, you can wait until that task is ended and continue in synchronous way, optionally you can add listeners onSuccess, onFailure and onComplete.

由于此身份验证任务在任务队列中异步运行,您可以等到该任务结束并以同步方式继续,您可以选择在onSuccess,onFailure和onComplete上添加侦听器。

Task<FirebaseToken> authTask = FirebaseAuth.getInstance().verifyIdToken(idToken)
.addOnSuccessListener(new OnSuccessListener() {
        @Override
        public void onSuccess(Object tr) {//do smtg }
    }).addOnFailureListener(new OnFailureListener() {
        @Override
        public void onFailure(Exception excptn) {//do smtg }
    }).addOnCompleteListener(new OnCompleteListener() {
        @Override
        public void onComplete(Task task) {//do smtg }
    });
    try {
        Tasks.await(authTask);
    } catch(ExecutionException | InterruptedException e ){
        //handle error
    }
    FirebaseToken decodedToken = authTask.getResult();

#1


7  

As this authentication task is running asynchronously in task queue, you can wait until that task is ended and continue in synchronous way, optionally you can add listeners onSuccess, onFailure and onComplete.

由于此身份验证任务在任务队列中异步运行,您可以等到该任务结束并以同步方式继续,您可以选择在onSuccess,onFailure和onComplete上添加侦听器。

Task<FirebaseToken> authTask = FirebaseAuth.getInstance().verifyIdToken(idToken)
.addOnSuccessListener(new OnSuccessListener() {
        @Override
        public void onSuccess(Object tr) {//do smtg }
    }).addOnFailureListener(new OnFailureListener() {
        @Override
        public void onFailure(Exception excptn) {//do smtg }
    }).addOnCompleteListener(new OnCompleteListener() {
        @Override
        public void onComplete(Task task) {//do smtg }
    });
    try {
        Tasks.await(authTask);
    } catch(ExecutionException | InterruptedException e ){
        //handle error
    }
    FirebaseToken decodedToken = authTask.getResult();