In my React app I have an axios.get request looks like the following:
axios.get('https://[app name here].firebaseio.com/shoppingCart.json')
And it returns everything from my 'shoppingCart' endpoint in Firebase Realtime Database:
If I wanted to only return records with an 'uid' of "asdf1" for example, how would I go about adding the appropriate query to my GET request, if possible?
I also tried following the documentation here https://firebase.google.com/docs/database/rest/retrieve-data (regarding filtering by a specified child key) and constructed the following request, but I'm getting a 400 bad request error.
axios.get('https://[app name here].firebaseio.com/shoppingCart.json?orderBy="uid"&equalTo="asdf1"')
Many thanks to user Frank van Puffelen for guiding me to the solution.
I made the URL call in question to the browser, and the error message I received told me that I needed to define 'uid' as my index in my Realtime Database rules for 'shoppingCart'.
After doing so, I was able to successfully receive a response from my URL call that was properly filtered by the 'uid' I passed in.
Related
I am trying to obtain an access token for use with Google APIs using the up-to-date expo-auth-session package.
It works fine to fetch an id_token via useAuthRequest({responseType: "id_token", ...}) or useIdTokenAuthRequest({...})
However, when trying useAuthRequest({responseType: "code", ...}), I get the following error:
[Unhandled promise rejection: Error: The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.]
Does anyone know what is missing from the request? I am using the Expo Go app currently, so I'm not sure if that prevents obtaining an access token. Currently digging through the package's source code...
Add the following two props to useAuthRequest
shouldAutoExchangeCode: false,
clientSecret: 'any_bogus_value!'
shouldAutoExchangeCode will prevent the code from being exchanged and send it back to you in the response.
clientSecret will simply trigger and if check to be true in the providers source code that will avoid that error you specified being returned.
Note that in general it is not a good practice to avoid errors, but in this case, I feel like the error is being shown in error itself!
I would like to get/set realtime database rules using Rest API however no tutorial is working for me. I try to do it like that:
I copied the url to my realtime database which is in Europe https://my-project-database.europe-west1.firebasedatabase.app/
I copied the java code from this tutorial: https://firebase.google.com/docs/database/rest/auth which was supposed to give me the access token
val googleCred = GoogleCredential.fromStream(File("/path/to/my/key.json").inputStream())
val scoped = googleCred.createScoped(
Arrays.asList( // or use firebase.database.readonly for read-only access
"https://www.googleapis.com/auth/firebase.database",
"https://www.googleapis.com/auth/userinfo.email"
)
)
scoped.refreshToken()
val token = scoped.accessToken
println(token)
However the token looks very strange with a long string of dots at the end like (it's related to: Why am I getting a JWT with a bunch of periods/dots back from Google OAuth?)
ya29.c.Kp8BCgi0lxWtUt-_[Normal JWT stuff, redacted for
security]yVvGk...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
I did HTTP GET to address like https://my-project-database.europe-west1.firebasedatabase.app/.settings/rules.json?access_token=$token and I got 401 UNAUTHORIZED
I assume it's due to the fact that I use the whole of this strange token full of dots as the access_token variable. So now I have questions how to transform it and use as the access_token to make it work
EDIT:
I created this gist although it's in python it has exactly the same problem. How to make it work ?
https://gist.github.com/solveretur/86d53a9c0221f096c38c3ef8f70a8dbd
It works I used wrong database key
I would like to know how to make an authorized request to firebase storage using the user Id Token as a parameter in the url. Right now with a firebase rule of 'request.auth != null' I receive a 403 network error (Failed to load video: You do not have permission to access the requested resource). Here is my GET request url:
https://firebasestorage.googleapis.com/v0/b/<bucket>/o/<folder_name>%2F<video_name>.mp4?alt=media&auth=eyJh...<ID TOKEN>...Ll2un8ng
-WITHOUT the firebase rule in place I'm able to successfully get the asset with this request url https://firebasestorage.googleapis.com/v0/b/<bucket>/o/<folder_name>%2F<video_name>.mp4?alt=media
-also tried token=, token_id=, tokenId=
-the reason for not using the firebase SDK to fetch the file is so that I can use the flutter video_player (https://pub.dev/packages/video_player#-example-tab-) package and use this with files in firebase, I mention this in case theres a better way to use the video_player library in flutter web right now:
_controller = VideoPlayerController.network(
'https://flutter.github.io/assets-for-api-docs/assets/videos/bee.mp4',
closedCaptionFile: _loadCaptions(),
);
[EDIT] It appears that it's not possible to pass the auth in as a query parameter. After some exploring, I found an acceptable way to still use the video_player with your firebase assets that are protected (If you're not using rules to protect them, you can directly use the firebase url). I will post some general steps here and some sample code:
Use the Storage Firebase SDK package to get the Uint8List, the uri given by getDownloadURL has the correct header auth, for example
import 'package:firebase/firebase.dart';
final url = await storagePath.getDownloadURL();
final response = await http.get(url);
if (response.statusCode == 200) {
return response.bodyBytes;
}
use the Uint8List buffer to init a Blob object which you'll use to then create an ObjectURL which basically gives you the same interface as a file url to use as the network url for your video player
final blob = html.Blob([data.buffer], 'video/mp4');
final videoUrl = html.Url.createObjectUrl(blob);
videoPlayerController = VideoPlayerController.network(
videoUrl)
..initialize().then((_) {...
That's it.
Firebase Storage REST does not (rightly) support authorization from GET query string as you are trying to do. Instead, it uses the standard Authorization header (see here).
Firebase cloud storage internally uses Google Cloud Storage. Mentioned here
If the library you use doesn't support HTTP headers yet, you must consider an alternative. The issue you mentioned in the comment shows that the feature is still under development, so you can also wait for the library to come out with the support for headers.
Internally all this package does for flutter-web is create an HtmlElementView widget here for which it passes a VideoElement (ref here) from the package dart:html with the provided URL which translates to a <Video> tag inside a shadow dom element in your web page. The error 403 could also mean you are trying to access it from a different origin.
I would suggest following approach.
Check your console for any CORS related errors. If yes, then you will have to whitelist your ip/domain in the firebase storage. Check this post for possible approach and more details here.
Check if you are able to access the URL directly with the authorization token as a query parameter as you suggested. If not then, it is not the correct way to access the object and should be corrected. You could update the question with the exact error details.
I am using auth0 management api v2 with .net core 2.1 to fetch uses's logs. Now i want to fetch only success and failed logs and for that my url is:
{domain}/api/v2/users/{user_id}/logs?q=type:s type:f&page=1&per_page=10&include_totals=true
But this url just returning 10 records, doesn't matter whether they are succeeded logs or failed logs. I have also tried chaning q=type:s only but even that didn't work. Also q=type:\"s\" is not working. other query params are working fine. So I want to know what am I doing wrong? What is the correct syntax?
Update:
By exploring management api docs. I have realized that user log api doesn't accept query param (q=). So is there any way to add search by type criteria in user logs?
I am trying to fetch Gmail search results from Gmail API using an access token.
The following code works and returns an array of my email IDs:
fetch(`https://www.googleapis.com/gmail/v1/users/${userId}/messages?access_token=${accessToken}`)
I then try to append a search query following the Gmail API documentation guidelines
fetch(`https://www.googleapis.com/gmail/v1/users/${userId}/messages?access_token=${accessToken}?q=${text}`)
and it brings this error code: 401, message: 'Invalid Credentials'
Authentication scope is set to https://mail.google.com/ which assumes full control of the email. I tried swapping access_token and q parameters, as well as removing the access_token parameter but still no success. What am I doing wrong?
`https://www.googleapis.com/gmail/v1/users/${userId}/messages?access_token=${accessToken}?q=${text}
you are preforming a HTTP GET in this call. Additional parameters are tacked on using a & only the first one starts with a ?
try this:
`https://www.googleapis.com/gmail/v1/users/${userId}/messages?access_token=${accessToken}&q=${text}