问题
I'm trying to make a login interface for my web app using Firebase. I wanted to add a user role to my account using Firebase's own Authentication System. (Email). But it does not support any options for adding a user role. Such as "Admin" and "Users".
This is for Firebase (currently 5.7.2), and HTML5.
login.js (current login authentication)
(function(){
var ui = new firebaseui.auth.AuthUI(firebase.auth());
var uiConfig = {
callbacks: {
signInSuccessWithAuthResult: function(authResult, redirectUrl) {
// User successfully signed in.
// Return type determines whether we continue the redirect automatically
// or whether we leave that to developer to handle.
return true;
},
uiShown: function() {
// The widget is rendered.
// Hide the loader.
document.getElementById('loader').style.display = 'none';
}
},
// Will use popup for IDP Providers sign-in flow instead of the default, redirect.
signInFlow: 'popup',
signInSuccessUrl: 'index.html',
signInOptions: [
// Leave the lines as is for the providers you want to offer your users.
firebase.auth.EmailAuthProvider.PROVIDER_ID,
],
};
ui.start('#firebaseui-auth-container', uiConfig);
})()
I expect to add an option, or a field for a user role, somewhere in the js as a unique identifier to an email? (adminabc@xx.com = admin, userabc@xx.com = user) or an additional field to firebase. (adding a dedicated table in the database instead of using the implemented user authentication.)
回答1:
There is no "user roles" API for Firebase Auth, but there are ways that you can implement role based authorization in your application.
Database
One of the ways is, as you mentioned, to store that data in your database. The benefits of doing that is that it's easy to implement.
You can enforce the rules by making lookups in your database rules for both Firestore and the Realtime database.
Realtime database
{
"rules": {
"adminContent": {
".write": "root.child('users').child(auth.uid).child('admin').val() === true"
}
}
}
Firestore
service cloud.firestore {
match /databases/{database}/documents {
match /articles/{article} {
allow write: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.admin == true
}
}
}
The downside of maintaining your roles and and credentials in database is that you can't use that information across products. You can't write a firestore database rule that access the RTDB rules or vice versa.
Custom claims
If you want your roles to work across services (using the same role data in RTDB, Firestore and Firebase Storage), then you should look into setting custom claims, which is explained very well in the documentation.
Once that is set up you can use the custom claims to implement role based or group access rights across the different products.
database.rules.json
{
"rules": {
"adminContent": {
".read": "auth.token.admin === true",
".write": "auth.token.admin === true",
}
}
}
firestore.rules / storage.rules
The Firestore and Storage rules has similar syntax for the rules and you fill find that the allow statement is the same for both.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.token.admin == true;
}
}
}
来源:https://stackoverflow.com/questions/54020769/is-there-any-function-in-user-authentication-for-user-roles