【发布时间】:2020-07-11 21:21:41
【问题描述】:
只是想检查一下,是否有任何 API 可以以编程方式添加授权域,而不是通过转到 Firebase 控制台手动添加?
另外,可以添加多少个域作为授权域有限制吗?
【问题讨论】:
标签: firebase firebase-authentication
【发布时间】:2020-07-11 21:21:41
【问题描述】:
没有用于此的 API - 您必须通过控制台执行此操作。如果你愿意,也可以file a feature request with Firebase support。
似乎没有任何文件说明域数量的限制。如果文档不清楚,请再次联系 Firebase 支持。
【讨论】:
-
谢谢道格!我刚刚联系了支持团队!
-
嘿@damingzi - 您是否设法找到一种非手动添加授权域的方法?
-
@JamesEvans 嘿,詹姆斯,不幸的是,没有。我一直在做手动的事情:(
-
嘿@damingzi,支持团队有什么回应吗?他们是否添加了该功能?
-
我不这么认为:(
Cloud Functions 中的 JavaScript 解决方案
import { google } from "googleapis";
(async () => {
/**
* ! START - Update Firebase allowed domains
*/
// Change this to whatever you want
const URL_TO_ADD = "engineering.acme-corp.net";
// Acquire an auth client, and bind it to all future calls
const auth = new google.auth.GoogleAuth({
scopes: ["https://www.googleapis.com/auth/cloud-platform"],
});
const authClient = await auth.getClient();
google.options({ auth: authClient });
// Get the Identity Toolkit API client
const idToolkit = google.identitytoolkit("v3").relyingparty;
/**
* When calling the methods from the Identity Toolkit API, we are
* overriding the default target URLs and payloads (that interact
* with the v3 endpoint) so we can talk to the v2 endpoint, which is
* what Firebase Console uses.
*/
// Generate the request URL
const projectId = await auth.getProjectId();
const idToolkitConfigUrl = `https://identitytoolkit.googleapis.com/admin/v2/projects/${projectId}/config`;
// Get current config so we can use it when we later update it
const currentConfig = await idToolkit.getProjectConfig(undefined, {
url: idToolkitConfigUrl,
method: "GET",
});
// Update the config based on the values that already exist
await idToolkit.setProjectConfig(undefined, {
url: idToolkitConfigUrl,
method: "PATCH",
params: { updateMask: "authorizedDomains" },
body: JSON.stringify({
authorizedDomains: [
...(currentConfig.data.authorizedDomains || []),
URL_TO_ADD,
],
}),
});
})();
其他语言的简要说明
原则应该是一样的:
- 找到一种与 Google 的识别工具包 API 进行交互的方法(也许 Google 会为您的语言提供 SDK)
- 获取当前配置
- 设置新配置
如果您找不到 SDK,您也可以使用原始 http 请求:https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects/getConfig(手动执行所有操作时进行身份验证有点棘手)
【讨论】:
感谢@让·科斯塔
完全为我工作。
这里是 C# 实现
using Google.Apis.Auth.OAuth2;
using Newtonsoft.Json;
var serviceAccountJsonFile = "path to service account json";
var projectId = "your project ids";
var authorizedDomains = new
{
authorizedDomains = new string[] {
"localhost",
"******.firebaseapp.com",
"*********.web.app",
"abc.def.com"
}
}; // your desire authorized domain
List<string> scopes = new()
{
"https://www.googleapis.com/auth/identitytoolkit",
"https://www.googleapis.com/auth/firebase",
"https://www.googleapis.com/auth/cloud-platform"
};
var url = "https://identitytoolkit.googleapis.com/admin/v2/projects/" + projectId + "/config";
using var stream = new FileStream(serviceAccountJsonFile, FileMode.Open, FileAccess.Read);
var accessToken = GoogleCredential
.FromStream(stream) // Loads key file
.CreateScoped(scopes) // Gathers scopes requested
.UnderlyingCredential // Gets the credentials
.GetAccessTokenForRequestAsync().Result; // Gets the Access Token
var body = JsonConvert.SerializeObject(authorizedDomains);
using (var client = new HttpClient())
{
var request = new HttpRequestMessage(HttpMethod.Patch, url) {
Content = new StringContent(body,System.Text.Encoding.UTF8)
};
request.Headers.Add("Accept", "application/json");
request.Headers.Add("Authorization", "Bearer " + accessToken);
try
{
var response = client.SendAsync(request).Result;
Console.WriteLine(response.Content.ReadAsStringAsync().Result);
}
catch (HttpRequestException ex)
{
// Failed
}
}
【讨论】:
-
很高兴听到这个消息!