Skip to content

Instantly share code, notes, and snippets.

@laiso

laiso/CodePiece.js

Created May 15, 2019 16:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save laiso/4d56a96aa6e2d185933738bb5d12a759 to your computer and use it in GitHub Desktop.
Save laiso/4d56a96aa6e2d185933738bb5d12a759 to your computer and use it in GitHub Desktop.
Download ZIP
サーバーレスレスアーキテクチャでFirebase Authでログインさせる時はuidそのまま送ると実装によっては置き換え攻撃ができてしまう! https://firebase.google.com/docs/auth/admin/verify-id-tokens?hl=ja #CodePiece
Raw
CodePiece.js
signInSuccessWithAuthResult: (authResult, redirectUrl) => {
authResult.user
.getIdToken(false)
.then(idToken => {
// idToken をサーバーへ送ってdecodeしてuserを取り出す!!!!
});
return false;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment