16

感谢这个答案,我能够通过 HTTP REST API 和电子邮件/密码连接到 Firebase 3。使用此 API 登录会返回用于访问 Firebase 数据库的访问令牌。此访问令牌将在 1 小时后过期。登录后还会返回一个刷新令牌,我可以用它来刷新我的访问令牌。这是我正在做的具体事情:

方法:

POST

网址:

https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=<my-firebase-api-key>

有效载荷:

{
    email: "<email>",
    password: "<password>",
    returnSecureToken: true
}

回复:

{
    "kind": "identitytoolkit#VerifyPasswordResponse",
    "localId": "<firebase-user-id>", // Use this to uniquely identify users
    "email": "<email>",
    "displayName": "",
    "idToken": "<provider-id-token>", // Use this as the auth token in database requests
    "registered": true,
    "refreshToken": "<refresh-token>",
    "expiresIn": "3600"
}

在刷新我的访问令牌的情况下:

网址:

https://securetoken.googleapis.com/v1/token?key=<my-firebase-api-key>

有效载荷:

{
    grant_type: "refresh_token",
    refresh_token: "<refresh-token>"
}

回复:

{
  "access_token": "<access-token>",
  "expires_in": "3600",
  "token_type": "Bearer",
  "refresh_token": "<refresh-token>",
  "id_token": "<id-token>",
  "user_id": "<user-id>",
  "project_id": "<project-id>"
}

鉴于我有访问令牌,如何通过 HTTP REST API 访问我的数据库?

4

1 回答 1

16

So after communicating with technical support, here's my answer:

In your database rules, include something like this that is compatible with what you're doing:

{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid",
".read": "$user_id === auth.uid"
}
    }
  } 
}

And in your database, create a users table, and within that, create a table with the name of your <user-id> of the authentication email/password account you are using. Within that table is the information you will be able to access via your access-key.

Then send a request like this:

https://samplechat.firebaseio-demo.com/users/<user-id>.json?auth=<access-key>

Where access-key is the key that can be known as idToken, id_Token, or access_key in JSON responses from Google.

于 2016-11-12T20:05:21.330 回答