问题描述
我已登录的 Android 客户端在我的服务器上注册他们的令牌.问题是我不确定特定客户端发送的令牌是否真正属于该客户端用户 ID.不良客户端可能会注册其他用户的有效令牌.
My signed-in Android clients register their tokens with my server. The problem is I am not sure whether the token sent by a particular client genuinely belongs to that client user id. A bad client could register valid tokens of other users.
给定一个 FCM 令牌和一个用户 ID,我在服务器上的管理代码如何验证该令牌确实属于(经过身份验证的)用户 ID?
Given an FCM token and a user id, how can my admin code on the server verify that the token indeed belongs to the (authenticated) user id?
推荐答案
在 Firebase 级别上,身份验证 UID 和云消息传递实例 ID 令牌之间没有连接.
On a Firebase level there is no connection between a Authentication UID, and a Cloud Messaging Instance ID token.
Firebase 身份验证 UID 唯一标识用户.如果该用户在不同的设备上登录,则他们具有相同的 UID 值.
A Firebase Authentication UID uniquely identifies a user. If that user signs in on a different device, they have the same UID value.
Firebase 身份验证实例 ID 令牌可识别单个设备上的单个应用.如果其他用户登录该应用,该应用将保留相同的实例 ID 令牌.
A Firebase Authentication Instance ID token identifies a single app on a single device. If a different user signs in to that app, the app will keep the same Instance ID token.
如果要将 UID 与 FCM 令牌相关联,则必须在应用程序代码中执行此操作.例如,许多开发人员在用户退出其应用程序时清除 FCM 实例 ID 令牌.这可确保在同一设备上登录的新用户将获得新的实例 ID 令牌.
If you want to associate a UID with an FCM tokens, you have to do that in your application code. For example, many developers clear the FCM Instance ID tokens when the user signs out of their app. This ensures that a new user who signs in on the same device will get a new Instance ID token.
另见:
- Firebase 云消息传递身份验证令牌与注册令牌
- 捕获设备注册令牌以通过 Firebase 云消息发送通知的正确方法是什么?
这篇关于如何从 FCM 令牌中获取 Firebase 用户 ID?(在服务器上的管理代码中)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!