PHP Slim 4 - 使用 firebase JWT 令牌授权 api 请求
PHP Slim 4 - Authorize api request using firebase JWT token
我正在尝试使用 slim 4 的 Tuupola Jwt 中间件验证从 firebase javascript sdk 提供的 idToken,但我总是收到 401 错误。这是我用来获取令牌的客户端代码:
const provider = new firebase.auth.GoogleAuthProvider();
provider.addScope("profile");
provider.addScope("email");
firebase.auth().signInWithPopup(provider).then( (result) => {
console.log(result);
});
授权流程将按预期正常工作,我可以将令牌传递给授权 header,但我无法在我使用 slim 4 的服务器上验证它一个 Restful api.
我读过不同的 about this problem 但 none 帮助我解决了这个问题。
这是我的中间件实现:
use Tuupola\Middleware\CorsMiddleware;
use Tuupola\Middleware\JwtAuthentication;
use Slim\App as App;
return function(App $app) {
$app->add(new Tuupola\Middleware\CorsMiddleware([
"origin" => ["chrome-extension://oegddbimpfdpbojkmfibkebnagidflfc"],
"methods" => ["GET", "POST", "OPTIONS"],
"headers.allow" => ["Authorization"],
"headers.expose" => [],
"credentials" => true,
"cache" => 86400
]));
// $rawPublicKeys = file_get_contents('https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com');
// $keys = json_decode($rawPublicKeys, true);
$keys = file_get_contents('https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com');
$app->add(new Tuupola\Middleware\JwtAuthentication([
"algorithm" => ["RS256"],
"header" => "X-Authorization",
"regexp" => "/Bearer\s+(.*)$/i",
"secret" => $keys,
"secure" => false,
"after" => function ($response, $arguments) {
return $response->withHeader("X-Brawndo", "plants crave"); //this is only for test
}
]));
};
这就是我的 index.php 文件中的内容,其中 slim 应用 运行
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface;
use Slim\Routing\RouteCollectorProxy;
use Slim\Routing\RouteContext;
use Slim\Factory\AppFactory;
use Tuupola\Middleware\CorsMiddleware;
require_once __DIR__.'/vendor/autoload.php';
$app = AppFactory::create();
$authMiddleware = require_once __DIR__.'/middleware.php';
$authMiddleware($app);
$app->get('/keygen', function(Request $request, Response $response, $args){
$password = bin2hex(random_bytes(3));
$response->getBody()->write( json_encode(['generated_password' => $password]) );
return $response->withHeader('Content-Type','application/json');
});
$app->add(new Tuupola\Middleware\CorsMiddleware([
"origin" => ["*"],
"methods" => ["GET", "POST", "OPTIONS"],
"headers.allow" => ["Authorization"],
"headers.expose" => [],
"credentials" => true,
"cache" => 86400
]));
$app->run();
我想要实现的是使用客户端登录后提供的 firebase idToken 对客户端向 api 发出的每个请求进行身份验证。发出请求时,中间件将验证令牌,然后授权用户或不使用端点。
可以解决这个问题吗?
经过大量调试,我发现并解决了问题。在我的客户端代码中,我使用了错误的 idToken 作为 Authorization: Bearer 并且发送到服务器的 header 与中间件配置不匹配,在我的 axios 请求中我发送了 X-Authorization header 而不是 Authorization。为了使用正确的令牌,我调用了 firebase.auth().onAuthStateChanged( (user) =>{...}) 方法,当用户 object 可用时,我调用了 getIdToken() 方法。此操作 return 正确的 JWT 令牌与中间件一起使用以验证请求。
我正在尝试使用 slim 4 的 Tuupola Jwt 中间件验证从 firebase javascript sdk 提供的 idToken,但我总是收到 401 错误。这是我用来获取令牌的客户端代码:
const provider = new firebase.auth.GoogleAuthProvider();
provider.addScope("profile");
provider.addScope("email");
firebase.auth().signInWithPopup(provider).then( (result) => {
console.log(result);
});
授权流程将按预期正常工作,我可以将令牌传递给授权 header,但我无法在我使用 slim 4 的服务器上验证它一个 Restful api.
我读过不同的
这是我的中间件实现:
use Tuupola\Middleware\CorsMiddleware;
use Tuupola\Middleware\JwtAuthentication;
use Slim\App as App;
return function(App $app) {
$app->add(new Tuupola\Middleware\CorsMiddleware([
"origin" => ["chrome-extension://oegddbimpfdpbojkmfibkebnagidflfc"],
"methods" => ["GET", "POST", "OPTIONS"],
"headers.allow" => ["Authorization"],
"headers.expose" => [],
"credentials" => true,
"cache" => 86400
]));
// $rawPublicKeys = file_get_contents('https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com');
// $keys = json_decode($rawPublicKeys, true);
$keys = file_get_contents('https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com');
$app->add(new Tuupola\Middleware\JwtAuthentication([
"algorithm" => ["RS256"],
"header" => "X-Authorization",
"regexp" => "/Bearer\s+(.*)$/i",
"secret" => $keys,
"secure" => false,
"after" => function ($response, $arguments) {
return $response->withHeader("X-Brawndo", "plants crave"); //this is only for test
}
]));
};
这就是我的 index.php 文件中的内容,其中 slim 应用 运行
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface;
use Slim\Routing\RouteCollectorProxy;
use Slim\Routing\RouteContext;
use Slim\Factory\AppFactory;
use Tuupola\Middleware\CorsMiddleware;
require_once __DIR__.'/vendor/autoload.php';
$app = AppFactory::create();
$authMiddleware = require_once __DIR__.'/middleware.php';
$authMiddleware($app);
$app->get('/keygen', function(Request $request, Response $response, $args){
$password = bin2hex(random_bytes(3));
$response->getBody()->write( json_encode(['generated_password' => $password]) );
return $response->withHeader('Content-Type','application/json');
});
$app->add(new Tuupola\Middleware\CorsMiddleware([
"origin" => ["*"],
"methods" => ["GET", "POST", "OPTIONS"],
"headers.allow" => ["Authorization"],
"headers.expose" => [],
"credentials" => true,
"cache" => 86400
]));
$app->run();
我想要实现的是使用客户端登录后提供的 firebase idToken 对客户端向 api 发出的每个请求进行身份验证。发出请求时,中间件将验证令牌,然后授权用户或不使用端点。
可以解决这个问题吗?
经过大量调试,我发现并解决了问题。在我的客户端代码中,我使用了错误的 idToken 作为 Authorization: Bearer 并且发送到服务器的 header 与中间件配置不匹配,在我的 axios 请求中我发送了 X-Authorization header 而不是 Authorization。为了使用正确的令牌,我调用了 firebase.auth().onAuthStateChanged( (user) =>{...}) 方法,当用户 object 可用时,我调用了 getIdToken() 方法。此操作 return 正确的 JWT 令牌与中间件一起使用以验证请求。