I set up restrictions to my Firebase api key so that only my website and localhost can access to Firebase services but I've got a question.
Let's say that for testing purposes I want to call an endpoint from Postman, how can I setup restrictions so that I can call Cloud functions from postman?
Everything works from localhost and the website but when I try to call an endpoint from Postman it gives me this error:
{
"message": "Firebase: Error (auth/requests-from-referer-<empty>-are-blocked.)."
}
Ok apparantly only few routes work, the login gives me no errors meanwhile the signup route gives me the same error you see above, I don't know why...I set up restrictions such every subroute of my site can access the Firebase products
Related
My setup is like
API lib built on top of API gateway endpoints => gateway authenticates requests against firebase users => Call Cloud function for an endpoints.
This seems to be working fine.
Only concern is security/authentication of cloud function.
How to achieve.
No one should be able to call cloud function directly
OR Cloud function should accept traffic only from API gateway.
Current settings are :
If i change allow internal traffic only then API gives a Not allowed error.
Partial ans is here:
I figured out that i was not setting correct jwt_audience thats where it was throwing "Your client does not have permission to the requested URL": 401.
because my function URL was not same as what i mentioned in OpenApi spec. I had postfix to my URL, hence my request were failing.
earlier :
options:
x-google-backend:
address: https://**-**-**-test.cloudfunctions.net/<funtion_name>/filter
Now:
options:
x-google-backend:
address: https://*-**-**-test.cloudfunctions.net/<funtion_name>/filter
jwt_audience: https://**-**-**-test.cloudfunctions.net/<funtion_name>
I tried to set setting "allow internal traffic only" but its failing with 403. Still i am not sure if i can set internal only traffic for cloud function along with API gateway.
I'm facing a very strange issue with next-auth.
We have a next.js app deployed on Vercel.
Some of our API endpoints require authentication, and some don't.
Locally, everything works fine, but in preview, next-auth runs on every request. So when for instance a new user makes a request to sign up, next-auth runs, tries to authenticate the user by email and password and throws an error because can't authenticate the user.
Even if I comment the throw error and return a 200 status code inside the getUserByEmailAndPassword function, the request doesn't go the the signup API at all.
Although in the browser I can see the request direct to the right API endpoint, the handler for that API doesn't run at all.
I only receive response from next-auth
I tried to change the NEXTAUTH_URL environmental variable to match the url for the current preview, but it doesn't work
I found out this was happening because I was importing the same instance of next-connect
https://github.com/hoangvvo/next-connect/issues/141
I have this web app project which I deploy on a google cloud appengine.
gcloud app deploy
The appengine is basically just a webserver serving static files. But I had to use the appengine for prerendring the website for SEO.
In the webapp, I use the firebase authentication API.
https://www.gstatic.com/firebasejs/7.8.0/firebase-auth.js
In firebase console, I activated the anonymous authentication.
preview of firebase auth providers
When I deploy a new version of my static content on the appengine, I create a new version named "stag" only to preview and test everything before deploying to production. I can then preview my work on the version specific url which is something like this:
https://stag-dot-frb-proj1.appspot.com/
frb-proj1: is my firebase project id.
When I preview my work on the url: https://stag-dot-frb-proj1.appspot.com/
I got the following error:
{
"error": {
"code": 403,
"message": "Requests from referer https://stag-dot-frb-proj1.appspot.com/ are blocked.",
"errors": [
{
"message": "Requests from referer https://stag-dot-frb-proj1.appspot.com/ are blocked.",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
I spotted the error in the chrome dev tools on the network tab. It happens when the app tries to access the following url:
https://www.googleapis.com/identitytoolkit/v3/relyingparty/signupNewUser?key=AIza....CcpT0
I assume this api call if for creating a new anonymous user on the firebase auth api.
All the used domains are authorized in the firebase console as expected.
Authorized DOMAINS
frb-proj1.firebaseapp.com
frb-proj1.web.app
stag-dot-frb-proj1.appspot.com
frb-proj1.appspot.com
Tried solution
I tried to follow this example https://cloud.google.com/appengine/docs/standard/python/authenticating-users-firebase-appengine
And setup the environment variable FIREBASE_PROJECT_ID in my app.yaml for the appengine
QUESTION
Any idea what is wrong ?
Considering this error, it seems that this problem is related to your API Key. As per these other similar cases - that you can access in the below links - it seems that the API Key configured doesn't have all the needed permissions.
I would recommend you to take a look at the below cases and give it a try on the solutions informed there - all of them informed that it solved their problems.
Requests for referrer are blocked when trying to sign in anonymously to Firebase
firebaseui Internal error: {"error":{"code":403,"message":"Requests from referer are blocked.","errors":{"message":"Requests from referer
App hosted on firebase does not have access to firebase authentication? PERMISSION_DENIED
Let me know if the information helped you!
We have two Azure AD Web Apps Registered under one outlook account for OneDrive Development under the portal apps.dev.microsoft.com . We have created two apps because we need our app to support callback URLs from two servers with different DNS. Unfortunately only the first app that was created works in which we can get the access token using V2.0 end point and then subsequently can access One Drive Resources using graph API.
The second App that we created to supported another server with a different DNS does not work. We are unable to get access token and the response is below,
AADSTS70000: The request was denied because one or more scopes requested are unauthorized or expired. The user must first sign in and grant the client application access to the requested scope
One App: reply URLs: https://www.example.org/OneDriveApp/callback.jsp - works great
Second App: reply URL https://www.example2.net/OneDriveApp/callback.jsp - failure to get OAuth Access Token.
This error generally means the auth code you've gotten is not meant for tokens on the specified endpoint. This can happen from misconfiguring the auth endpoints, registering the app in the wrong spot, or a malformed request.
The first thing to check with this error is your auth endpoints.
Next, make sure you're using the correct library to obtain the authorization code.
Also, make sure that you are not registering the app in the wrong blade (regular AD vs b2c).
What do you have as the URL for the token endpoint?
I am using Angularfire to make a website. I am trying to integrate oauth based sign in with google for user authentication but when I try to run index.html file and try to login following error is displayed
11:59:28.189 Error: There are no login transports available for the requested method.
Stack trace:
Mg#file:///G:/Project/root/js/firebase.js:142:1267
dh/<#file:///G:/Project/root/js/firebase.js:163:141
1 app.js:31:4
I searched on stackoverflow for this and got this answer , it says that I need to setup a server for this.
Then I looked at firebase docs and they said
For security reasons, if you're using a web-based OAuth flow
(Facebook, Twitter, Github, or Google), only domains that you
whitelist are allowed to initiate authentication for your app. This
does not apply to Email & Password, Anonymous, or Custom
authentication methods. All Firebase applications have localhost and
127.0.0.1 enabled by default for local development and testing.
The authentication works fine after I host it on firebase but deploying takes a lot of time and also sometimes even I don't have access to internet.
So please suggest me easiest manner so I can run my app on localhost.
An easy way to locally run a Firebase (or any other) web site is to use the Firebase tools and then run
firebase serve
See this blog post introducing the local server.