问题
I'm using Firebase in my iOS and web app to handle user authentication. I need to make sure a user is logged in before he can make any requests to my API. How would I accomplish such a thing with Firebase?
I'm thinking about using Kong - https://getkong.org - as a middleman for my API. Kong has a few options in relation to authenticating incoming requests - https://getkong.org/plugins. What would work with Firebase? JWT authentication? OAuth authentication? Key authentication?
Can you point me in the direction of a basic example? Or give me a basic overview of what I should be looking for?
回答1:
I ended up authentication the users token server-side, like this:
https://gist.github.com/holgersindbaek/2cc55efd89517e21fbb52b4e95125003
回答2:
Firebase can allow you to require that a user be logged in with a third party service, such as Google or Facebook, before they can take certain data operations. There's fairly comprehensive documentation from Firebase themselves: https://firebase.google.com/docs/auth/
来源:https://stackoverflow.com/questions/38881568/securing-restful-api-with-firebase-oauth