在客户端浏览器中使用以下firebaseui.auth.AuthUI效果很好,可以很好地在变量authResult中返回用户信息。但是变量authResult.credential.idToken中的JWT令牌无法在后端通过Authorize验证。
此示例用于.net core 3.0 MVC项目。并使用NuGet软件包AspNetCore.Firebase.Authentication.Extensions。我已经尝试过.net核心版本2.0,但仍然有相同的问题。
Startup.cs
public void ConfigureServices (IServiceCollection services) {
string GoogleProject = "[GOOGLE-PROJECT-ID]";
var FirebaseAuthentication_Issuer = "https://securetoken.google.com/" + GoogleProject;
var FirebaseAuthentication_Audience = GoogleProject;
services.AddFirebaseAuthentication (FirebaseAuthentication_Issuer, FirebaseAuthentication_Audience);
services.AddControllersWithViews ();
}
public void Configure (IApplicationBuilder app, IWebHostEnvironment env) {
...
app.UseRouting ();
app.UseAuthorization ();
app.UseEndpoints (endpoints => {
endpoints.MapControllerRoute (
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
HomeController.cs
...
[HttpPost]
[Authorize]
public string Auth () {
return "Good";
}
...
Index.cshtml
...
<script>
// my web app's Firebase configuration
var firebaseConfig = {
apiKey: "********************",
authDomain: "[GOOGLE-PROJECT-ID].firebaseapp.com",
databaseURL: "https://[GOOGLE-PROJECT-ID].firebaseio.com",
projectId: "[GOOGLE-PROJECT-ID]",
storageBucket: "[GOOGLE-PROJECT-ID].appspot.com",
messagingSenderId: "*****",
appId: "1:*****:web:**********",
measurementId: "G-***********"
};
// Initialize Firebase
firebase.initializeApp(firebaseConfig);
firebase.analytics();
</script>
...
<script>
var uiConfig = {
callbacks: {
signInSuccessWithAuthResult: function (authResult, redirectUrl) {
console.log(authResult);
var token = authResult.credential.idToken;
$.ajax({
url: "/Home/auth",
//dataType: 'json',
type: 'POST',
data: token,
beforeSend: function (xhr) {
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("Content-Type", "text/plain");
xhr.setRequestHeader("Authorization", "Bearer " + token);
},
error: function (ex) {
console.log(ex.status + " - " + ex.statusText);
},
success: function (data) {
console.log(data);
return data;
}
});
return false;
},
uiShown: function () {
// The widget is rendered.
// Hide the loader.
document.getElementById('loader').style.display = 'none';
}
},
// Will use popup for IDP Providers sign-in flow instead of the default, redirect.
signInFlow: 'popup',
signInSuccessUrl: '/Home/Index',
signInOptions: [
// Leave the lines as is for the providers you want to offer your users.
firebase.auth.GoogleAuthProvider.PROVIDER_ID,
firebase.auth.FacebookAuthProvider.PROVIDER_ID,
]
};
var ui = new firebaseui.auth.AuthUI(firebase.auth());
ui.start('#firebaseui-auth-container', uiConfig);
</script>
从Google或Facebook登录后,可以使用HTML代码以客户clinet浏览器获取帐户信息。
但是当将JWT令牌发布回去做[Authorize]时,总是得到401 http响应
Bearer was not authenticated. Failure message: IDX10501: Signature validation failed. Unable to match keys:
有人知道如何使用[Authorize]进行帐户管理。