I am trying to find a good way to use the Firebase auth emulator and Dgraph. In Dgraph you send a JWT which contains claims that you can check in Dgraph to allow / limit queries and mutations.
In the Dgraph schema you are required to add the below code:
# Dgraph.Authorization {"Header":"X-Auth-Token","Namespace":"https://dgraph.io/jwt/claims","JWKURL":"https://www.googleapis.com/service_accounts/v1/jwk/securetoken#system.gserviceaccount.com","Audience":["firebase-project-id"]}
I am finding the JWKURL value is invalid when using the firebase auth emulator. It returns this error.
couldn't rewrite query getUser because unable to parse jwt token:token is unverifiable: Keyfunc returned an error
When I try try to use the localhost url Dgraph fails as it can't connect to it.
For example:
localhost:9099/service_accounts/v1/jwk/securetoken#system.gserviceaccount.com
How can I get around this?
Related
I am trying to use Firebase Auth credentials to access FirebaseStorage bucket. I have been successful in using the REST API https://firebasestorage.googleapis.com/v0/b/BUCKET_NAME/o/ to perform uploads and downloads; even though the official documentation requires to use https://storage.googleapis.com/upload/storage/v1/b/BUCKET_NAME/o?uploadType=media&name=OBJECT_NAME for uploads and https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/o/OBJECT_NAME?alt=media for downloads, I am unable to use Firebase Auth credentials for them.
I am trying to implement resumable uploads and initiating it using https://firebasestorage.googleapis.com/v0/b/BUCKET_NAME/o?uploadType=resumable&name=OBJECT_NAME but there is no SESSION-URI that is returned. I tried to create my own URI using the id from the X-GUploader-UploadID header to create the URI in the format https://firebasestorage.googleapis.com/v0/b/BUCKET_NAME/o?uploadType=resumable&name=OBJECT_NAME&upload_id=UPLOAD_ID to start a single chunk upload but I got a Not Found error.
I need help on either rectifying that or using Firebase Auth to access the https://storage.googleapis.com/upload/storage/v1/b/BUCKET_NAME REST API
I am using getDownloadUrl() to get the download URL for a Cloud Storage resource. Recently, I just enabled AppCheck on my Firebase app, and this download URL is requiring a AppCheck token to access. This behavior makes sense, but I was wondering if there is a built in way to do this? For most Firebase SDKs, the AppCheck token is passed automatically, but there does not seem to be a built in method to get that same automatic behavior with a download URL.
I have a theoretical solution in mind, and this is to pass the AppCheck token as a header in the request for the URL, but there's no documenation on this and I have no idea what header to pass this token in. I am using Flutter, and I am accessing an image resource through a CachedNetworkImage. Any insight in how I could pass AppCheck without using a Firebase SDK would be greatly appreciated.
You're supposed to be able to use getBlob or getBytes but I can't get it to work. CORS fails for me.
https://firebase.google.com/docs/storage/web/download-files#download_data_directly_from_the_sdk
I have read this page a few times it implies and does not imply that if I enable authentication when deploying a Cloud Run instance I can use Firebase Auth to get through to the service.
I tried passing in a valid Firebase user idToken and did not get through. Was I doing something wrong or is the only way to get through to Cloud Run when Authentication is enabled to use google sign in?
Steps to reproduce:
When deploying to Cloud Run select Yes for authenticated
Generate a firebase auth token using REST call from here
make api call to Cloud run instance using header bellow and ID_TOKEN from step 2 above
Authorization: Bearer ID_TOKEN
According with the comment, the use case is to authorize only the registered, and the authenticated user (with Firebase auth), to use a Cloud Run endpoint deployed privately.
You can't do it directly, you need to use an additional layer. Here I propose to use Cloud Endpoint. I wrote an article on this to set up an authentication with API Key.
You have the principles of Cloud Endpoint there. You simply have to change the security definition from API Key to Firebase auth. You can found documentation here
Note: The authentication methods can evolved the next quarters. Stay tuned
I have an odd problem, which I'm hoping is either a misunderstanding on my part or a misconfiguration somewhere.
I am trying to use the Firebase Firestore web sdk to retrieve data. When I make read calls to Firestore in my webapp as an un-authenticated user, the reads return fine, as expected.
However, when I'm logged in as a user (either email/password auth or Facebook auth), I get an error:
Could not reach Firestore backend.
When I set the logging level to debug, I see this:
Firestore (4.8.1) 2017-12-24T01:08:15.146Z [PersistentStream]: close with error: FirebaseError: [code=unknown]: Fetching auth token failed: Cannot redefine property: refreshToken
Which seems highly related.
Has anyone else encountered this or have a sense of what may be going on?
Thanks!
I get this error when trying to authenticate via Google using custom JWT tokens generated with Flask-restful and firebase-token-generator-python library. In short:
ref.authWithCustomToken(authData)
Error message:
INVALID_TOKEN: Failed to validate MAC.
I am using Angular 2.0.0-beta.2 / Ionic 2. The app is being tested on an android device using cordova-plugin-googleplus (with necessary credentials in Google Developer Console). I have recently enabled Cross-domain requests on nginx server. I can't find any documentation related to this error on Firebase or SO.
Any ideas?
The problem was sending an Authentication Token to Firebase formatted as a JSON string via authData.toString() including delimiters and quotes. This must have thrown the Failed to validate MAC error, whatever that means.
I got the same error when using the incorrect key. I was using the apiKey provided right on the homepage in the Firebase Console while I should have been using the database secret key given at https://console.firebase.google.com/project/YOUR_PROJECT/settings/database.