I created an app in Firebase, and then found my target app (NodeJS CLI, Chrome extension, VSCode extension) could not use Firebase SDK, then I found the Google Measurement Protocol. And it turns out to be frustrating and failed to get events to show up in the console.
My request passed /debug/mp.collect:
fetch(
`https://www.google-analytics.com/mp/collect?api_secret=${SECRET}&firebase_app_id=${FIREBASE_APP_ID}`,
{
method: 'POST',
body: JSON.stringify({
app_instance_id: ${INSTANCE_ID},
events,
}),
}
)
1st problem I met is finding the api_secret
Official doc says:
An API SECRET generated in the Google Analytics UI. To create a new secret, navigate to:
Admin > Data Streams > choose your stream > Measurement Protocol > Create
What I get is:
OK then comes into firebase:
const firebaseConfig = {
apiKey: "xxx",
authDomain: "dev-ext.firebaseapp.com",
databaseURL: "https://dev-ext.firebaseio.com",
projectId: "test",
storageBucket: "dev-ext.appspot.com",
messagingSenderId: "123",
appId: "xxx",
measurementId: "xxx"
};
Looks like is this apiKey, and I tried, not working.
Then I found someone says use the secret here:
And I tried, not working.
2nd problem is the app_instance_id, what the hell is this?
Here is the original doc:
No clues for web and NodeJS case at all, and the ios, android links are pointing to Firebase SDK method. I was like "WTF, why will I read this if I could use the Firebase SDK?"
So I tried a generated uuid. And obviously, it's not working.
I have the same, issue. Ended up adding a new stream on analytics.google.com and switching to gtag.js.
Related
This question already has answers here:
Is it safe to expose Firebase apiKey to the public?
(10 answers)
Closed last month.
I'm looking for a secure way to handle API keys in my NextJS web app using Firebase.
I see the suggestion to "hide" the keys in an ENV file then make sure of the variables by calling something like process.env.NEXT_PUBLIC_MYSUPERSECRETKEY. This will still reveal the key in the source code when it renders on the client browser.
...
const firebaseConfig = {
apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY,
authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH,
projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID,
databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL,
storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET,
}
...
I tried to use the process.env.FIREBASE_API_KEY (with the .env.local file defining FIREBASE_API_KEY) form to keep the variable server-side but Firebase throws an error:
FirebaseError: Firebase: Error (auth/invalid-api-key).
I looked at some code on GitHub and saw people were defining the ENV in the next.config.js file but that has the same result of showing on the client-side as well:
next.config.js
module.exports = {
env: {
API_KEY: process.env.FIREBASE_API_KEY,
},
}
.env.local
FIREBASE_API_KEY="XXX"
firebaseApp.js
...
const firebaseConfig = {
apiKey: process.env.FIREBASE_API_KEY,
...
https://nextjs.org/docs/api-reference/next.config.js/environment-variables
When you choose a hosting platform, for example we will use vercel.
You will more than likely point vercel towards your GitHub repo for it to build the application from.
When configuring the project on vercel, in the project settings there will be fields to enter your environment variables into. This will take care of the potential security issue you are seeing.
See here: https://nextjs.org/docs/basic-features/environment-variables
I'm trying to set up the firebase local emulator to be able to test cloud functions. But I'm either getting "Error: Unauthenticated" responses outside the main function or auth errors within it, depending on whether or not I've tried to authenticate using the client SDK. The cloud function looks like this:
export default functions.https.onCall(async (data, context) => {
console.log(context.auth)
// Custom function code and authentication checks that rely on context.auth existing
}
And the attempts to call it look like this:
await firebase.initializeApp({
apiKey: FIREBASE_API_KEY,
authDomain: FIREBASE_AUTH_DOMAIN,
databaseURL: FIREBASE_DATABASE_URL,
projectId: FIREBASE_PROJECT_ID,
storageBucket: FIREBASE_STORAGE_BUCKET,
messagingSenderId: FIREBASE_MESSAGING_SENDER_ID
})
await firebase.functions().useFunctionsEmulator('http://localhost:5001')
//await firebase.auth().createUserWithEmailAndPassword(email, password)
//let res = await firebase.auth().signInWithEmailAndPassword(email, password)
const result = await firebase.functions().httpsCallable('myFunction')(data)
If I run it like this, I can see logging within the cloud function that shows the context argument has no auth values. If I uncomment the user sign-in stuff, I get an Error: Unauthenticated response and the function itself never gets run.
Is there some configuration stuff I'm missing for this? I haven't been able to find much documentation around using the emulator.
After digging deep into the actual SDK, I managed to figure it out. I was using a bad API key, meaning the generated token was bad. The correct way is to create the user and log in as the user before making the call.
I'm trying to create a new user in firebase via the google auth provider either automatically or by the click of a button in a sidebar addon in google sheets. The reason being is I need to get a registered uid for the user so the data that I send from sheets can be attributed to this user.
The closest thing I've found to a tutorial is this, but I get stuck when trying to import firebase.
One method I'm seeing a lot is importing it via a script tag in the html for the sheets side bar.
<!DOCTYPE html>
<html>
<head>
<base target="_top">
</head>
<body>
<script>
// Initialize Firebase
var config = {
apiKey: '...,
authDomain: '...',
databaseURL: '...',
projectId: '...',
storageBucket: '...',
messagingSenderId: '...'
};
firebase.initializeApp(config);
</script>
</body>
</html>
However when I try to use the firebase variable in my .gs script it is undefined. How would I make it available to the script?
The other method I've seen is using eval and URLFetchApp in the gs script.
eval(UrlFetchApp.fetch("https://www.gstatic.com/firebasejs/5.9.2/firebase.js").getContentText());
This results in SyntaxError: Missing name after . operator.
I think this is because this library isn't intended to run on node js.
I realize that the admin sdk for firebase is intended for node js but you can't create a user with a specific provider with this method (afaik). Also I'm not sure how I would import it to Google apps script anyways. Additionally I want the user to interact with the google account selector after initiating the create user process.
Does anyone have any suggestions as to how to get this done?
It is actually quite easy to create new users in Firebase from a Google Sheet by using the Firebase Auth REST API.
You have to issue an HTTP POST request to the Auth signupNewUser endpoint, see the detailed doc here: https://firebase.google.com/docs/reference/rest/auth/#section-create-email-password
For that you will use the fetch() method of the URLFetchApp() Class in your gs script, as follows:
function createUser() {
const userName = "john.doe#gmail.com";
const pwd = "xyz987";
const createUserUrl = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/signupNewUser?key=[API_KEY]" //Replace with your Web API Key
const payload = JSON.stringify({"email": userName, "password": pwd, "returnSecureToken": true});
const createUserResponse = UrlFetchApp.fetch(createUserUrl, {
method: 'post',
contentType: 'application/json',
muteHttpExceptions: true,
payload : payload
});
Logger.log(JSON.parse(createUserResponse));
}
You will obtain the Web API Key for your Firebase project through the project settings page in your Firebase admin console.
I have put this in manifest:
"content_security_policy":"script-src 'self' https://www.gstatic.com/ https://*.firebaseio.com https://www.googleapis.com; object-src 'self'"
In popup.html:
<script src="https://www.gstatic.com/firebasejs/3.9.0/firebase.js"></script>
But each time I firebase variable is not defined (console say that)
You may refer with this related SO post. You encountered that error maybe because you are injecting the Firebase library by using document.body.append(...). Then, you're trying to access the Firebase library from inside your extension, but chrome extensions are sandboxed away from the web page. You injected the Firebase library into the web page, so it is not directly accessible to your extension. You may try to download the Firebase library JavaScript, and add the Firebase code to your chrome extension manifest.
It's also stated that there's an example chrome extension with Firebase in GitHub which you can use for reference: https://github.com/firebase/firebase-chrome-extension.
you need to initialise firebase with your api config in javascript
var config = {
apiKey: "AIzaSyAqFmfmNWi95nt6TemvBMjPepulwV5WyZg",
authDomain: "define-web-ext.firebaseapp.com",
databaseURL: "https://define-web-ext.firebaseio.com",
projectId: "define-web-ext",
storageBucket: "",
messagingSenderId: "217235378805"
};
firebase.initializeApp(config);
if you are using npm packages , get firebase packages according to your
framework .
I recently got this email from Facebook, and I don't know how to update the ASP.NET code to call a different API version.
"... has been making recent API calls to Graph API v2.0, which will reach the end of the 2-year deprecation window on Monday, August 8, 2016. Please migrate all calls to v2.1 or higher in order to avoid potential broken experiences.
We recommend using our new Graph API Upgrade Tool to see which of your calls are affected by this change as well as any replacement calls in newer versions. You can also use our changelog to see the full list of changes."
The current code is:
app.UseFacebookAuthentication(
appId: "...",
appSecret: "...");
I changed the code to something like that:
app.UseFacebookAuthentication(new Microsoft.Owin.Security.Facebook.FacebookAuthenticationOptions()
{
AppId = "...",
AppSecret = "...",
AuthorizationEndpoint = "https://www.facebook.com/v2.6/dialog/oauth",
UserInformationEndpoint = "https://graph.facebook.com/v2.6/me"
});
If you use also Facebook SDK in Javascript, you can also change the FB.init to this:
window.fbAsyncInit = function () {
FB.init({
appId: '...',
xfbml: true,
version: 'v2.6'
});
};