I am using firebase to store and see images from my website.
but not able to open files from my firebase storage bucket even it has storage admin role on cloud google.
I am able to see images on directly cloud google console but not from firebase console.
I am getting this response below.
{
"error": {
"code": 401,
"message": "API keys are not supported by this API. Expected OAuth2 access token or other authentication credentials that assert a principal. See https://cloud.google.com/docs/authentication",
"status": "UNAUTHENTICATED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "CREDENTIALS_MISSING",
"domain": "googleapis.com",
"metadata": {
"method": "google.internal.cloud.usersettings.v1alpha1.BasicTypesService.GetUserSetting",
"service": "cloudusersettings-pa.googleapis.com"
}
}
]
}
}
note: even link over firebase is not opening with token. It was working 24 hours before. https://firebasestorage.googleapis.com/v0/b/news-26417.appspot.com/o/--4720109.jpeg?alt=media&token=a7475fec-3fe5-48e7-8f99-6e9c57e462b9
firebaser here
Update: from what I understand from our support team and other channels this problem has been solved by the providers now. If it still happens for you, reach out to your provider/ISP and to the support team I linked below.
Old answer 👇
Since yesterday we've had reports from some developers (mostly in Turkey) being unable to access Cloud Storage.
I recommend testing with another connection to verify if you're in the same situation. If it works on another connection, you should probably reach out to your ISP to see if they can explain the problem.
I'd also reach out to Firebase support who are tracking the issue.
Related
This question already has answers here:
Is it safe to expose Firebase apiKey to the public?
(10 answers)
Closed 4 months ago.
This post was edited and submitted for review 4 months ago and failed to reopen the post:
Original close reason(s) were not resolved
I am using Firebase web + analytics and firebase makes an internal call that can be seen using DevTools in chrome.
The call is to this url https://firebase.googleapis.com/v1alpha/projects/-/apps/1:XXXXX:web:XXXXX/webConfig and the response retrieves all firebase properties:
{
"projectId": "XXXX",
"appId": "XXXXX",
"storageBucket": "XXXX.appspot.com",
"locationId": "us-central",
"authDomain": "XXXXX.firebaseapp.com",
"messagingSenderId": "XXXXXXXX",
"measurementId": "G-XXXXXXXX"
}
I think this is not secure because anybody could copy them and use it.
I don't know if this is because Analytics or something has change in firebase web version 9. Does this happened to some of you?
I read the firebase documentation and trying configure build options but nothing happened because it is a rest call performed by firebase sdk.
EDIT: I have another application using firebase 6 for web (without analytics) and this version does not have this issue.
This is the normal behavior of Firebase. Everything is shown to all. This does pose a security issue, but you can secure your app with Firebase Security Rules and with the new Firebase App Check.
I'm looking for some confirmation of expected behaviour for the way the Firestore Emulator REST API handles unauthenticated requests as I think I may have found some possible inconsistencies.
I've been playing around with the Firestore Emulator REST API using Postman for a personal project. If I run the Emulator (firebase emulators:start --only=firestore), I'm able to make the following requests successfully WITHOUT needing to pass any Bearer token in the Authorization header with the request:
GET http://localhost:8080/v1/projects/<MY_PROJECT_ID>/databases/(default)/documents/ (Returns all documents)
DELETE http://localhost:8080/v1/projects/<MY_PROJECT_ID>/databases/(default)/documents/<COLLECTION_ID>/<DOCUMENT_ID> (Deletes an individual document)
POST http://localhost:8080/v1/projects/<MY_PROJECT_ID>/databases/(default)/documents/<COLLECTION_ID> (Creates a new document in a collection)
PATCH http://localhost:8080/v1/projects/<MY_PROJECT_ID>/databases/(default)/documents/<COLLECTION_ID>/<DOCUMENT_ID> (Updates a document)
However, when I try and get a list of collection IDs as described here using the following request, I get the following error:
POST http://localhost:8080/v1/projects/<MY_PROJECT_ID>/databases/(default)/documents:listCollectionIds
Response is:
{
"error": {
"code": 403,
"message": "Metadata operations require admin authentication.",
"status": "PERMISSION_DENIED"
}
}
If I pass a Bearer token, this request will then run successfully. I generated the token using gcloud auth application-default print-access-token (as described here).
Please note, I've set my Firestore Rules to allow all reads and writes for all documents to make things simpler for now:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true
}
}
}
The docs give details for authentication, however, the context they describe this in is for making requests against https://firestore.googleapis.com/v1/ rather than when using the Emulator.
I'd expect all requests to the Emulator API to not require any authentication, but it seems that some do and some do not and I haven't been able to find any other details in the documentation around how the Emulator should work.
At the moment, I'm not sure if this is a bug and I should file an issue on GitHub, or whether it is expected behaviour and I should just pass a Bearer token with every request to be safe.
Any help would be appreciated. Thanks.
This matches the behavior of the real API. When you send a request without an auth token, you're attempting to authenticate through the security rules system. Certain methods do not support authentication through security rules, because you would probably not want end-users calling them. These are mostly database administration methods, hence the error description. For example, you would not want end-users calling any indexing methods.
listCollectionIds is one of these administrative methods. This is also why this feature is not supported by the web, iOS, and Android SDKs.
Maybe a duplicated question, but this time I have tried my best in my explanation.
Being on my Firebase console, when I click on "Database" option on the left side of the screen, it is presented to me that we have two different databases, the "Realtime Database" and the "Cloud Firestore".
This is the current look of my Realtime Database:
This is the current look of my Cloud Firestore:
REALTIME DATABASE TEST
On Postman, I do select PATCH option, and to define what I will put on the address bar, I follow the synthax:
https://PROJECT-NAME.firebaseio.com/PATH.json?auth=YOUR-DATABASE-SECRET-CODE
For me, it becomes:
https://eletronica-ab6b1.firebaseio.com/database333.json?auth=DZSQwLoNWAneWA9BcEfAgnelmY965pq98HF4pIT0
That's not my real secret key, don't worry.
And as content of my request, I go to Body, select 'raw' and 'JSON' on the list, and below is the content:
{"name": "PAUL"}
Exactly as you can see here:
After click SEND on Postman, the write to the REALTIME DATABASE occurs in fact:
So the write to REALTIME DATABASE is working via Postman.
CLOUD FIRESTORE TEST
Here is my problem, I'm not having sucess with Cloud Firestore.
On Postman, I do select GET option, and to define what I will put on the address bar, I follow the synthax:
https://firestore.googleapis.com/v1/projects/YOUR_PROJECT_ID/databases/(default)/documents/COLLECTION/DOCUMENT
For me, it becomes:
https://firestore.googleapis.com/v1/projects/eletronica-ab6b1/databases/(default)/documents/colA/docA.json?auth=DZSQwLoNWAneWA9BcEfAgnelmY965pq98HF4pIT0
Exactly as you can see here:
And I do receive this message as response:
{
"error": {
"code": 400,
"message": "Invalid JSON payload received. Unknown name \"auth\": Cannot bind query parameter. Field 'auth' could not be found in request message.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"description": "Invalid JSON payload received. Unknown name \"auth\": Cannot bind query parameter. Field 'auth' could not be found in request message."
}
]
}
]
}
}
It is strange that if I try to change the project name on the request, for example, from original "eletronica-ab6b1" to "eletronica-999zzz", shomething that should not exist, the response is the same as above, exactly the same.
Why it is so easy to write to REALTIME DATABASE and seems to be not easy to write to CLOUD FIRESTORE DATABASE? Is it not possible to write to Cloud Firestore in a simple way like is done with Realtime Database? Is Cloud Firestore based on tokens? If yes, how do I get a token via Postman, and then use that token to write to Cloud Firestore database?
Regards.
Cloud Firestore does not support access via secret key. To use the REST API you will need a Google OAuth access token (for administrative access) or a Firebase Auth ID Token (normal user access). It will then need to be passed to the server in an Authorization header of the form:
Authorization: Bearer ${insert_token_here}
I'd recommend reading the docs for additional information about how to obtain the appropriate tokens.
I am trying to integrate google calendar with my micro service in Jersey.
I have configured the connection following Google documentation and at the moment I am able to create and remove webhooks, and create remove and list events.
However, when I create an event in Google Calendar, the payload of the webhook that Calendar itself hit my endpoint with instead of notifying me the creation of such event it says:
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "dailyLimitExceededUnreg",
"message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.",
"extendedHelp": "https://code.google.com/apis/console"
}
],
"code": 403,
"message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
}
}
The scope of the connection to the project is CALENDAR (that should give read/write permission to the project) and in total I don't get to 100 requests, when the limit should be of 100K.
OAuth2.0 should also be correctly configured as I am able to do all the basic CRUD operations.
On Google-side I have enabled the Calendar API(s) and still no luck.
Any idea on what it can be or what I can try to do?
Thanks
Found the (silly) solution on my own... tried to access the uri resource link that Google provided using postman with OAuth2.0 as authentication method. And automatically retrieved the web hook... I was expecting a Json payload, not a link to the payload itself...
I'd like to make a firebase function that is triggered by the Google Drive "Changes: watch":
https://developers.google.com/drive/api/v3/reference/changes/watch
I know I could probably do this with Google cloud storage, but for my use case it would be the best UX for my users to have Google drive watch for and upload file changes.
I'd like this to be a serverless solution to save money on running a server that is waiting/polling all the time. Ideally this can be done in firebase functions with a trigger as I'm parsing the data into Firestore
You can use Google Drive Push Notifications API.
Setup your WebHook to point to your firebase function endpoint:
POST https://www.googleapis.com/drive/v3/changes/watch
Authorization: Bearer auth_token_for_current_user
Content-Type: application/json
{
"id": "4ba78bf0-6a47-11e2-bcfd-0800200c9a77", // Your channel ID.
"type": "web_hook",
"address": "<your-function-endpoint>", // Your receiving URL.
"token": "target=myApp-myChangesChannelDest", // (Optional) Your channel token.
}