Context
iOS app written in Swift for iOS 13.2 (does NOT use Firebase iOS SDK)
App uses Firebase Realtime Database via REST calls (so needs an ID token from
Firebase Authentication)
I am trying to switch my iOS App to using Apple's "Sign in with Apple" feature, to replace the simple username / password authentication through the Firebase Authentication's "Email/Password" Sign-in provider .
A successful "Apple sign-in" by the user will leave me with a JWT token (identity token) from Apple, such as this one (decoded & edited) :
HEADER
{
"kid": "ABCDPK1",
"alg": "RS256"
}
BODY
{
"iss": "https://appleid.apple.com",
"aud": "XYZ.App",
"exp": 1574131940,
"iat": 1574131340,
"sub": "01234.1234561ecd054cd285d65cc7af261958.0123",
"c_hash": "ABCDe-csTpNdUa0Eri5wFw",
"email": "user#privaterelay.appleid.com",
"email_verified": "true",
"is_private_email": "true",
"auth_time": 1574131340
}
Problem
When I make use of the Firebase Authentication REST API to try and exchange a custom token for an ID and refresh token I get the following message (and yes, I have made sure the token wasn't expired when I used it) :
{
"error": {
"code": 400,
"message": "INVALID_CUSTOM_TOKEN",
"errors": [
{
"message": "INVALID_CUSTOM_TOKEN",
"domain": "global",
"reason": "invalid"
}
]
}
}
I was hoping that the new "Apple" sign-in method in Firebase Authentication would take care of that, once configured, and I could just pass in the JWT token from Apple. Am I missing a step ?
Thanks !
Ok, I guess I found the answer to my own question shortly after posting this (of course...).
I was using the wrong API endpoint. Instead I needed to use the Sign-in with OAuth credentials endpoint :
https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp?key={{apiKey}}
to get back :
{
"federatedId": "apple.com/ABCDEF.ABCDEF261958.1234",
"providerId": "apple.com",
"email": "user#privaterelay.appleid.com",
"emailVerified": true,
"localId": "123456786RbgQgxhzfSpyIJGLPIw1",
"idToken": "eyJABCDEFG.ABCDEFG.ABCDEFGiFQ",
"refreshToken": "AEu4IL1CY_PGF...6pN0DuQ",
"expiresIn": "3600",
"oauthIdToken": "eyJraWQiO...CJHHrxeg",
"rawUserInfo": "[JWT token info]",
"isNewUser": true,
"kind": "identitytoolkit#VerifyAssertionResponse",
"pendingToken": "AMzJoSn...HkvLeaOmFjNlcw"
}
The provided POST body should look something like :
{
"postBody": "id_token=eyJraWQiOiJBSURPUABCDEFGHIJKLMNOP.eyABCDEFGHIJKLMNOP2.KW0JABCDEFGHIJKLMNOP&providerId=apple.com",
"requestUri": "https://gpsstreaming.firebaseapp.com/__/auth/handler",
"returnIdpCredential": true,
"returnSecureToken": true
}
Note that the id_token is the 3-dot-notation token (JWT token) provided by Apple's Sign In With Apple ASAuthorizationAppleIDCredential -- data obfuscated here for obvious reasons. For example if you use SwiftUI, you get that from the completionBlock of the SignInWithAppleButton.
Related
I'm trying to learn how to use this query; I created an API key and used Postman to
Post https://www.googleapis.com/calendar/v3/freeBusy?key="THE_API_KEY"
with this request body:
{
"timeMin": "2022-11-16T00:00:31-00:00",
"timeMax": "2022-11-16T14:00:00-00:00",
"groupExpansionMax": 100,
"calendarExpansionMax": 50,
"items": [
{
"id": "MY_OWN_GMAIL_ADDRESS"
},
{
"id": "OTHER_GMAIL_ADDRESS"
}
]
}
and got this response:
{
"kind": "calendar#freeBusy",
"timeMin": "2022-11-16T00:00:31.000Z",
"timeMax": "2022-11-16T14:00:00.000Z",
"calendars": {
"MY_OWN_GMAIL_ADDRESS": {
"errors": [
{
"domain": "global",
"reason": "notFound"
}
],
"busy": []
},
"OTHER_GMAIL_ADDRESS": {
"errors": [
{
"domain": "global",
"reason": "notFound"
}
],
"busy": []
}
}
}
What am I missing?
The Freebusy: query returns information about weither or not there is an event at the time of the request.
This method does not require authorization when being used against a public google calendar. There are a number of such calendars the holiday calendars are all public. You could also set your own calendar to public if you wish and then you would be able to use use an api key to access it.
API keys give you access to public methods only.
In order to access private user data. You need to be authorized using oauth2 with one of the following scopes.
If you do not have access to a calendar then it will return not found as you cant see it so your not going to be able to find it.
The solution i your case to fix your issue would be to either set the calendar to public and continue to use the api key. You will only be able to preform read actions against the calendar.
Or to switch to using oauth2 and send an authorization header with a bearer token.
Your post didnt include the Authorization header. Did you include it in your Postman Request?
Your need to send your Access Token as a Bearer Token in the Authorization Header
You can see an example for a request here:
https://developers.google.com/calendar/api/v3/reference/freebusy/query?apix=true#try-it
I need to get a FCM registration token value which is on my device - just only to test push notification on my device before publishing it to all users. I know that there is a way to get a token during registration and send it to server, but maybe it's possible to find it in some app data without additional implementation?
Just print token to console and test it using postman.
var token = await FirebaseMessaging.getInstance().getToken();
print("token= "+token);
Then copy the token from the console and post using this api:
URI: https://fcm.googleapis.com/fcm/send
METHOD: POST
HEADERS: {
'Content-Type': 'application/json',
'Authorization': 'key=YOUR_FIREBASE_SERVER_KEY'
}
BODY: {
"notification":{
"body": "TEST MESSAGE",
"title": "TEST MESSAGE",
},
"priority": "high",
"data": {
"id": "1",
"status": "done"
},
"registration_ids": "THE_TOKEN",
},
Don't forget to close your app before sending the fcm request.
I am trying to create short dynamic link using Firebase REST API but I am getting 401 error every time when I use API key from project settings site:
This is how my request body looks like:
{
"dynamicLinkInfo": {
"domainUriPrefix": "https://xxxx.page.link",
"link": "https://xxxx.page.link",
"androidInfo": {
"androidPackageName": "com.example.android"
},
"iosInfo": {
"iosBundleId": "com.example.ios"
}
}
}
https://firebasedynamiclinks.googleapis.com/v1/shortLinks?key=xxxxxx
What I'm doing wrong? I have Deeplink service enabled. I am out of ideas.
EDIT 1.
This is how response looks like:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
I'm trying to send a push notification via REST API Firebase by Postman for specific user I followed below request pattern:
POST request with below URL :
https://fcm.googleapis.com/fcm/send?key=**my Web API key**
and the Body is
{ "data":
{
"title": "Firebase notification",
"detail": "I am firebase notification. you can customise me. enjoy"
},
"to" : "USER UID"
}
but the problem is it returns The request was missing an Authentication Key.
Kindly follow the steps as per bellow :
API URL: https://fcm.googleapis.com/fcm/send/
Request Method Post
Add 2 Key-value pairs in Header section like this
Content-Type : application/json
Authorization: key=[Your server key] (Make sure that no space allowed)
For body choose raw data (JSON)
{ "data": { "title": "Firebase notification", "detail": "I am firebase notification. you can customise me. enjoy" }, "to" : "USER UID" }
Am trying to call google calendar's push notification apis. I have written a google cloud function which just returns a response containing request body and headers. I want to use this google cloud function url as the receiving url for the push notification. The google docs mention steps to verify and register the domains, as part of which it asks me to upload a binary. Not sure how do upload a binary against this cloud function domain. My domain looks like https://asia-northeast1-project-name.cloudfunctions.net
This was my request for registering push notification:
Request:
POST
https://www.googleapis.com/calendar/v3/calendars/primary/events/watch?key={YOUR_API_KEY}
{ "id": "404713b9-d880-437d-b890-83715f01af7c", "type": "web_hook",
"address":
"https://asia-northeast1-huddle-quick-solutions.cloudfunctions.net/suratCalendarNotifications" }
Response:
{ "error": { "errors": [ {
"domain": "global",
"reason": "push.webhookUrlUnauthorized",
"message": "Unauthorized WebHook callback channel: https://asia-northeast1-project-name.cloudfunctions.net/path" } ], "code": 401, "message": "Unauthorized WebHook callback
channel:
https://asia-northeast1-project-name.net/path"
} }