延长Firebase OAuth2访问JWT令牌中的到期时间和日期

时间:2018-09-11 09:01:07

标签: node.js oauth firebase-authentication jwt

我要设置Firebase OAuth2 JWT访问令牌的最大到期日期和时间-https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections

我尝试了一些方法,但不起作用。这是Google的代码,用于为Firebase实时数据库生成访问令牌

Google API Node.js客户端

var {google} = require("googleapis");

// Load the service account key JSON file.
var serviceAccount = require("./myfileauth.json");

// Define the required scopes.
var scopes = [
  "https://www.googleapis.com/auth/userinfo.email",
  "https://www.googleapis.com/auth/firebase.database"
];

// Authenticate a JWT client with the service account.
var jwtClient = new google.auth.JWT(
  serviceAccount.client_email,
  null,
  serviceAccount.private_key,
  scopes
);

// Use the JWT client to generate an access token.
jwtClient.authorize(function(error, tokens) {
  if (error) {
    console.log("Error making request to generate access token:", error);
  } else if (tokens.access_token === null) {
    console.log("Provided service account does not have permission to generate access tokens");
  } else {
    var accessToken = tokens.access_token;
    console.log(accessToken);
  }
});

但是它只在短时间内工作,我想增加它的到期日期和时间...

1 个答案:

答案 0 :(得分:0)

如果您希望使用寿命更长的会话令牌,建议您查看session cookies。可以从Firebase Admin SDK创建这些文件,并将其列为一项优势:

  

能够创建会话cookie,其自定义到期时间为5分钟到2周。

通过从普通Firebase身份验证流程中获取ID令牌(来自客户端),然后将其交换为会话cookie(在服务器上),可以实现以下目的:

// Set session expiration to 5 days.
const expiresIn = 60 * 60 * 24 * 5 * 1000;
// Create the session cookie. This will also verify the ID token in the process.
// The session cookie will have the same claims as the ID token.
// To only allow session cookie setting on recent sign-in, auth_time in ID token
// can be checked to ensure user was recently signed in before creating a session cookie.
admin.auth().createSessionCookie(idToken, {expiresIn}).then((sessionCookie) => { ...