在 Firebase PNV 公开预览版中,Firebase Authentication 无法直接接受 Firebase PNV 令牌进行登录;不过,您可以使用 Firebase Authentication 的自定义身份验证功能,让用户通过 Firebase PNV 登录。
创建令牌交换端点
在 Firebase 中实现自定义身份验证解决方案的关键步骤是创建一个可以接收 Firebase PNV 令牌、验证该令牌,然后签发 Firebase 自定义身份验证令牌的端点。然后,您的应用可以使用此自定义令牌来登录用户。
此端点可以托管在任何平台上,但在以下示例中,该端点是使用 Cloud Functions for Firebase 托管的:
Node.js
import { JwtVerifier } from "aws-jwt-verify";
import { getApp } from "firebase-admin/app";
import { getAuth, UserRecord } from "firebase-admin/auth";
import { onRequest } from "firebase-functions/https";
// Because we're deploying to Cloud Functions for Firebase, admin credentials
// are automatically available.
const app = getApp();
const authAdmin = getAuth(app);
// Find your Firebase project number in the Firebase console.
const FIREBASE_PROJECT_NUMBER = "123456789";
// The issuer and audience claims of the FPNV token are specific to your
// project.
const issuer = `https://fpnv.googleapis.com/projects/${FIREBASE_PROJECT_NUMBER}`;
const audience = `https://fpnv.googleapis.com/projects/${FIREBASE_PROJECT_NUMBER}`;
// The JWKS URL contains the current public signing keys for FPNV tokens.
const jwksUri = "https://fpnv.googleapis.com/v1beta/jwks";
// Configure a JWT verifier to check the following:
// - The token is signed by Google
// - The issuer and audience claims match your project
// - The token has not yet expired (default begavior)
const fpnvVerifier = JwtVerifier.create({ issuer, audience, jwksUri });
// This Cloud Function is your token exchange endpoint. You pass the endpoint an
// FPNV token, and the Cloud Function verifies it and exchanges it for a
// Firebase Auth token corresponding to the same user.
export const signInWithFpnv = onRequest(async (req, res) => {
// Get the FPNV token from the request body.
const fpnvToken = req.body?;
if (!fpnvToken) {
res.sendStatus(400);
return;
}
let verifiedPhoneNumber;
try {
// Attempt to verify the token using the verifier configured above.
const verifiedPayload = await fpnvVerifier.verify(fpnvToken);
// If verification succeeds, the subject claim of the token contains the
// verified phone number.
verifiedPhoneNumber = verifiedPayload.sub;
} catch {
// If verification fails, reject the token.
res.sendStatus(403);
return;
}
// Now that you have a verified phone number, look it up in your Firebase
// project's user database.
let user: UserRecord;
try {
// If a user account already exists with the phone number, retrieve it.
user = await authAdmin.getUserByPhoneNumber(verifiedPhoneNumber);
} catch {
// Otherwise, create a new user account using the phone number.
user = await authAdmin.createUser({phoneNumber: verifiedPhoneNumber});
}
// Finally, mint a Firebase custom auth token containing the UID of the user
// you looked up or created. Return this token to the caller.
const authToken = await authAdmin.createCustomToken(user.uid);
res.status(200).send(authToken);
return;
});
使用自定义身份验证令牌登录
部署端点后,请按照以下步骤让用户登录 Firebase:
使用Firebase Phone Number Verification使用入门页面上所述的流程获取 Firebase PNV 令牌。
将此令牌传递给 Cloud Functions 端点。该端点将向您的应用返回自定义身份验证令牌,您可以将该令牌传递给
signInWithCustomToken()。例如,您可以使用 Retrofit 编写一个与 Firebase 的
signin方法具有类似接口的方法signInWithFpnvToken():Kotlin
class FpnvSigninExample { interface FPNVTokenExchangeService { @POST("signInWithFpnv") suspend fun signInWithFpnv(@Body fpnvToken: String): String } val retrofit = Retrofit.Builder() .baseUrl("https://example-project.cloudfunctions.net/") .build() val service: FPNVTokenExchangeService = retrofit.create(FPNVTokenExchangeService::class.java) suspend fun signInWithFpnvToken(fpnvToken: String): Task<AuthResult?> = coroutineScope { val authToken = service.signInWithFpnv(fpnvToken) return@coroutineScope Firebase.auth.signInWithCustomToken(authToken) } }