在 Firebase PNV 公開測試版中,Firebase Authentication 無法直接接受 Firebase PNV 登入權杖,但您可以透過 Firebase Authentication 的自訂驗證功能,讓使用者透過 Firebase PNV 登入。
建立權杖交換端點
在 Firebase 中實作自訂驗證解決方案時,最重要的一步是建立端點,以便接收 Firebase PNV 權杖、驗證權杖,然後核發 Firebase 自訂驗證權杖。您的應用程式隨後可以使用這個自訂權杖登入使用者。
這個端點可代管於任何平台,但在下列範例中,端點是使用 Cloud Functions for Firebase 代管:
Node.js
import { JwtVerifier } from "aws-jwt-verify";
import { getApp } from "firebase-admin/app";
import { getAuth, UserRecord } from "firebase-admin/auth";
import { onRequest } from "firebase-functions/https";
// Because we're deploying to Cloud Functions for Firebase, admin credentials
// are automatically available.
const app = getApp();
const authAdmin = getAuth(app);
// Find your Firebase project number in the Firebase console.
const FIREBASE_PROJECT_NUMBER = "123456789";
// The issuer and audience claims of the FPNV token are specific to your
// project.
const issuer = `https://fpnv.googleapis.com/projects/${FIREBASE_PROJECT_NUMBER}`;
const audience = `https://fpnv.googleapis.com/projects/${FIREBASE_PROJECT_NUMBER}`;
// The JWKS URL contains the current public signing keys for FPNV tokens.
const jwksUri = "https://fpnv.googleapis.com/v1beta/jwks";
// Configure a JWT verifier to check the following:
// - The token is signed by Google
// - The issuer and audience claims match your project
// - The token has not yet expired (default begavior)
const fpnvVerifier = JwtVerifier.create({ issuer, audience, jwksUri });
// This Cloud Function is your token exchange endpoint. You pass the endpoint an
// FPNV token, and the Cloud Function verifies it and exchanges it for a
// Firebase Auth token corresponding to the same user.
export const signInWithFpnv = onRequest(async (req, res) => {
// Get the FPNV token from the request body.
const fpnvToken = req.body?;
if (!fpnvToken) {
res.sendStatus(400);
return;
}
let verifiedPhoneNumber;
try {
// Attempt to verify the token using the verifier configured above.
const verifiedPayload = await fpnvVerifier.verify(fpnvToken);
// If verification succeeds, the subject claim of the token contains the
// verified phone number.
verifiedPhoneNumber = verifiedPayload.sub;
} catch {
// If verification fails, reject the token.
res.sendStatus(403);
return;
}
// Now that you have a verified phone number, look it up in your Firebase
// project's user database.
let user: UserRecord;
try {
// If a user account already exists with the phone number, retrieve it.
user = await authAdmin.getUserByPhoneNumber(verifiedPhoneNumber);
} catch {
// Otherwise, create a new user account using the phone number.
user = await authAdmin.createUser({phoneNumber: verifiedPhoneNumber});
}
// Finally, mint a Firebase custom auth token containing the UID of the user
// you looked up or created. Return this token to the caller.
const authToken = await authAdmin.createCustomToken(user.uid);
res.status(200).send(authToken);
return;
});
使用自訂驗證權杖登入
部署端點後,請按照下列步驟將使用者登入 Firebase:
使用「開始使用 Firebase Phone Number Verification」頁面所述的流程,取得 Firebase PNV 權杖。
將這個權杖傳遞至 Cloud Functions 端點。端點會將自訂驗證權杖傳回應用程式,您可以將該權杖傳遞至
signInWithCustomToken()。舉例來說,您可以使用 Retrofit 編寫方法
signInWithFpnvToken(),該方法具有與 Firebasesignin方法類似的介面:Kotlin
class FpnvSigninExample { interface FPNVTokenExchangeService { @POST("signInWithFpnv") suspend fun signInWithFpnv(@Body fpnvToken: String): String } val retrofit = Retrofit.Builder() .baseUrl("https://example-project.cloudfunctions.net/") .build() val service: FPNVTokenExchangeService = retrofit.create(FPNVTokenExchangeService::class.java) suspend fun signInWithFpnvToken(fpnvToken: String): Task<AuthResult?> = coroutineScope { val authToken = service.signInWithFpnv(fpnvToken) return@coroutineScope Firebase.auth.signInWithCustomToken(authToken) } }