我为我的学校制作了一个网站,但我正在努力扩展它。身份验证等并不那么安全,所以我正在创建一个服务器供用户登录,然后当他们想要更新网站上的设置时,它会向服务器发送请求来执行此操作。
我目前正在尝试处理用户登录问题。当我转到“/login”路线时,它会将我带到 Google 登录页面。我登录后,它会将我带到“/app”路线。在控制台中,我得到下面的日志。
FirebaseAuthError: Firebase ID token has incorrect "aud" (audience) claim. Expected "school-progress-g" but got "1090170234957-5ntr48jf178o9befpp5n0603hoh7m2rh.apps.googleusercontent.com". Make sure the ID token comes from the same Firebase project as the service account used to authenticate this SDK. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
at FirebaseTokenVerifier.verifyContent (/rbd/pnpm-volume/124c6272-9622-4f1d-925a-072a4f9e9ad7/node_modules/firebase-admin/lib/auth/token-verifier.js:239:19)
at /rbd/pnpm-volume/124c6272-9622-4f1d-925a-072a4f9e9ad7/node_modules/firebase-admin/lib/auth/token-verifier.js:160:18 {
errorInfo: {
code: 'auth/argument-error',
message: 'Firebase ID token has incorrect "aud" (audience) claim. Expected "school-progress-g" but got "1090170234957-5ntr48jf178o9befpp5n0603hoh7m2rh.apps.googleusercontent.com". Make sure the ID token comes from the same Firebase project as the service account used to authenticate this SDK. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.'
},
codePrefix: 'auth'
}
在错误解决后,我也希望获得一些帮助,帮助我如何继续将此登录系统开发到我的网站中。这是我的代码文件:
服务器.js
const cookieParser = require("cookie-parser");
const express = require("express");
const admin = require("firebase-admin");
const serviceAccount = require("./serviceAccountKey.json");
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: "https://school-progress-g-default-rtdb.firebaseio.com",
});
const PORT = process.env.PORT || 3000;
const app = express();
app.engine("html", require("ejs").renderFile);
app.use(express.static("static"));
app.use(cookieParser());
const firebaseAuthMiddleware = (req, res, next) => {
const idToken = req.cookies.idToken || "";
if (idToken == "") {
return next();
}
admin
.auth()
.verifyIdToken(idToken)
.then((decodedToken) => {
req.user = decodedToken;
next();
})
.catch((error) => {
console.log(error);
next();
});
};
app.use(firebaseAuthMiddleware);
const { google } = require("googleapis");
const oauth2Client = new google.auth.OAuth2(
"1090170234957-5ntr48jf178o9befpp5n0603hoh7m2rh.apps.googleusercontent.com",
"XXXXXXXX (censored)",
"https://scpr-server-version.glitch.me/callback"
);
app.get("/login", (req, res) => {
const authUrl = oauth2Client.generateAuthUrl({
access_type: "offline",
scope: ["https://www.googleapis.com/auth/userinfo.email"],
});
res.redirect(authUrl);
});
app.get("/callback", async (req, res) => {
const { tokens } = await oauth2Client.getToken(req.query.code);
res.cookie("idToken", tokens.id_token);
res.render("app.html");
return false;
res.redirect("/app");
});
app.get("/logout", (req, res) => {
res.clearCookie("idToken");
res.redirect("/login");
});
app.get("/app", (req, res) => {
if (req.user) {
res.render("app.html");
} else {
res.redirect("/login");
}
});
app.listen(PORT, () => {
console.log(`Listening on port ${PORT}`);
});
我感谢我能得到的任何帮助! <3
我尝试使用我的 Firebase ID 更改 server.js 中的客户端 ID,但这只会导致更多错误。
我不完全确定您为什么期望该系统正常工作,但您似乎缺少一个重要细节:Firebase Admin SDK 只能验证由 Firebase 身份验证创建的用户帐户的用户令牌。无论您为最终用户使用
google.auth.OAuth2
做什么,都与 Firebase 不兼容。
如果您想以与 Firebase 身份验证兼容的方式使用 Google 帐户登录用户,请参阅特殊说明。用户使用 Google 登录并拥有与该 Google 帐户关联的 Firebase Auth 用户帐户后,您才可以使用 Firebase Admin SDK 验证用户的 ID 令牌(假设您的前端传递了用户 ID 令牌)在请求中。