I found a strange error while I developing system using Firebase with service url contains user data.
User data is below.
{
"uid": "kt9Hcp2FbYbBvvIeSHHa1RbvHcv2",
"displayName": "Anonymous 901",
"photoURL": null,
"email": null,
"emailVerified": false,
"identifierNumber": null,
"isAnonymous": true,
"providerData": [
],
"apiKey": "MyApiKeyString",
"appName": "MyAppName",
"authDomain": "my.auth.domain",
"stsTokenManager": {
"apiKey": "MyApiKeyString",
"refreshToken": "refreshTokenString",
"accessToken": "accessTokenString",
"expirationTime": 1532451863076
},
"redirectEventId": null
}
I encode the above anonymous user data and include it in the service url.
( http://myserviceurl?userdata=encodedUserData )
Inside the system receives that url, firebase creates a user object with that user data contained in the url.
The purpose of this url is to use specific user's information in any browser.
However, when I call that service url, sometimes system creates user object well, sometimes got error -
400 Bad request errors with
https://www.googleapis.com/identitytoolkit/v3/relyingparty/setAccountInfo?key=MyApiKeyString
And error data is below,
{
"error": {
"code": 400,
"message": "TOKEN_EXPIRED",
"errors": [
{
"message": "TOKEN_EXPIRED",
"domain": "global",
"reason": "invalid"
}
]
}
}
Few hours later it works well, I changed nothing though.
I could not find the exact error point, but I suspect error occurs while observing authentication state or before this step.
Here is code snipets
#bind
private makeUserLoadingPromise(): Promise<void> {
let unSubscribe: () => void;
return new Promise<void>((resolve, _reject) => {
const onInitialized = this.makeOnInitializedAuthStateChanged(resolve);
unSubscribe = this.auth.onAuthStateChanged(onInitialized);
}).then(() => {
unSubscribe();
this.auth.onAuthStateChanged(this.onAuthStateChanged);
});
}
#bind
private makeOnInitializedAuthStateChanged(resolve: () => void) {
return (user: firebase.User | null) => {
this.user = user;
resolve();
};
}
#bind
private onAuthStateChanged(user: firebase.User | null) {
this.user = user;
}
Or maybe it relates with expirationTime?
I couldn't find any hints about this situation.
Any advice would be appreciated.
It is not clear what you are doing, but it appears that you are using the API incorrectly and insecurely. The plain user object contains a refresh token that is indefinite. Passing it around via URL is a really bad idea.
First don't rely on internal implementations, it is subject to change.
To get the user's information on your backend, the right way to do it, is to get the user's ID token using officially supported API, eg user.getIdToken(), then pass it to your server.
On your server, you verify it via the Firebase Admin SDK: admin.auth().verifyIdToken(idToken). Then you know this is a real authenticated user. If you need the full user info, you can then look it up using the decoded user id in the token: admin.auth().getUser(decodedIdToken.sub).
Related
Since the latest maintenances from ConnectyCube servers, I am experiencing a new issue when I authenticate with the custom identity provider.
I use Firebase as endpoint and it return the following json file (tested with Postman) :
{
"kind": "identitytoolkit#GetAccountInfoResponse",
"users": [
{
"localId": "The uid that I want to get",
"email": "test#test.com",
"passwordHash": "xxxxxx",
"emailVerified": false,
"passwordUpdatedAt": 1607681539305,
"providerUserInfo": [
{
"providerId": "password",
"federatedId": "test#test.com",
"email": "test#test.com",
"rawId": "test#test.com"
}
],
"validSince": "1607681539",
"disabled": false,
"lastLoginAt": "1620422687374",
"createdAt": "1607681539305",
"lastRefreshAt": "2021-05-07T21:24:47.374Z"
}
]
}
Previously, to get the localId, I used the following as responses params {"uid": "#{users[0].localId}"} and it worked.
Now I get the error "base":["Custom Identity Provider uid is required"] when I try to sign in the users while nothing changed in my code.
Do you have a solution to access to the localID parameter without using [0] as it seems to be the cause of the issue?
My current settings for the custom identity provider:
ENDPOINT: https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=API_WEBKEY
REQUEST HEADERS: {"Content-Type": "application/json"}
REQUEST PARAMS: {"idToken": "#{login}"}
RESPONSE PARAMS: {"uid": "#{users[0].localId}"}
Extract of my script where the error appear:
final token = await FirebaseLib().auth.currentUser.getIdToken();
createSession().then((cubeSession) {
CubeUser user = CubeUser(login: "$token", password: "");
signIn(user).then((cubeUser) {
Print("Worked!");
}).catchError((error) {});
}).catchError((error) {});
This should work now again
Please check
I have written this code to signup:
actions: {
signup({ commit, dispatch }, formData) {
axios
.post('accounts:signUp?key=XXXXXXXXXXXX', {
email: formData.email,
password: formData.password,
returnSecureToken: true
})
.then(res => {
commit('userData', {
token: res.data.idToken,
userId: res.data.localId
});
dispatch('storeUserInfo', formData);
console.log(res);
})
.catch(error => {
alert(error.code);
alert(error.message);
});
},
My aim is to display the exact error which is returned by Firebase like
EMAIL_NOT_FOUND: There is no user record corresponding to this
identifier. The user may have been deleted. INVALID_PASSWORD: The
password is invalid or the user does not have a password.
USER_DISABLED: The user account has been disabled by an administrator
With this code every time it returns: Request failed with status code 400
In the response I can see the message like:
{
"error": {
"code": 400,
"message": "EMAIL_NOT_FOUND",
"errors": [
{
"message": "EMAIL_NOT_FOUND",
"domain": "global",
"reason": "invalid"
}
]
}
}
By doing
.catch(error => {
console.log(error.response.data.error.message);
});
You will be able to get the error message, e.g. "EMAIL_NOT_FOUND". It's then up to you to map it to the textual message (i.e. "There is no user record corresponding to this identifier. The user may have been deleted.").
For more details, see the Axios documentation on Errors Handling: https://github.com/axios/axios#handling-errors
One extra note: The error messages you use as examples in your question don't correspond to accounts:signUp but to accounts:signInWithPassword
I am facing this issue in integrating Google SignIn flow. The problem I am facing is that after the user successfully sign in program control trigger actions_intent_SIGN_IN intent in the code. From where I can get user details but I am noticing that sometimes conv->user->profile doesn't have the profile information while other time it has. Also When it doesn't have profile information, next time when I invoke some other intent it gets the user token.
This is the Payload I am getting on SignIn Intent.
User {
raw:
{ userStorage: '{"data":{}}',
lastSeen: '2018-10-04T11:17:50Z',
locale: 'en-US',
userId: 'XXXXXXXXXXXX' },
storage: {},
_id: 'XXXXXXXXXXXXXXXXXXXX',
locale: 'en-US',
permissions: [],
last: Last { seen: 2018-10-04T11:17:50.000Z },
name: Name { display: undefined, family: undefined, given: undefined },
entitlements: [],
access: Access { token: undefined },
profile: Profile { token: undefined }
}
As we can see under the profile section token and payload fields should be present. But most of the times it gets missing. Does anyone knows how to fix this ?
Did you try checking whether sign-in is successful with
app.intent('actions_intent_SIGN_IN', (conv, params, signin) => {
if (signin.status === 'OK') {
//do something
}
}
I am trying to query the Google Analytics Reporting API from a node.js application.
I think I have set up everything correctly on the google-side of things including a service account, but I must be missing a piece.
My application successfully sends usage-data to Google, I can see it come in in the realtime view. I can also query the data using the interactive API explorer.
In my node.js code I authenticate with the API at server startup like so:
var googleapis_key = require('./config/google-api-key.json');
var googleapis = require('googleapis');
var googleapis_jwtClient = new googleapis.auth.JWT(
googleapis_key.client_email,
null,
googleapis_key.private_key,
["https://www.googleapis.com/auth/analytics.readonly"],
null);
var googleapis_analyticsreporting = googleapis.analyticsreporting('v4');
googleapis_jwtClient.authorize(function(err, tokens) {
if (err) {
lStartup.error(err);
lStartup.error("Could not authenticate with google API. Analytics not available.");
} else {
lStartup.info("Successfully authenticated with google service-account.");
lStartup.debug(googleapis_jwtClient.credentials);
}
});
(where lStartup is a log4js logger). I get a positive response back from Google, err is not set and the credentials logged to the console look convincing.
Then later when the relevant client request comes in my server tries to ask google for the data:
var reportingrequests = {
"reportRequests": [
{
"viewID": "138122972",
"dateRanges": [{"startDate": "7daysAgo", "endDate": "yesterday"}],
"metrics": [{"expression": "ga:users"}]
}
]
};
logger.debug(JSON.stringify(reportingrequests));
googleapis_analyticsreporting.reports.batchGet(
{
"resource": reportingrequests,
"auth": googleapis_jwtClient,
},
function(err, response) {
if (err) {
// Failure. Log and report to the client.
console.error("Could not query the Google Analytics reporting API");
console.error(err);
res.writeHead(500, "Internal server error. (Google analytics:" + err + ")");
res.end(JSON.stringify(err));
} else {
// Success, just serve googles result to the client.
res.end(JSON.stringify(response));
}
}
);
The response is an error
[ { message: 'Invalid JSON payload received. Unknown name "view_id" at \'report_requests[0]\': Cannot find field.',
domain: 'global',
reason: 'badRequest' } ] }
What is it trying to tell me here? I do not have properties named view_id or report_requests in my JSON. Although they look suspiciously like mine de-camelcased.
I hate self-answering, but I love solutions!
"viewID": "138122972",
should be
"viewId": "138122972",
Note the lowercase "d".
Ironically the clue to this is in the camelCase to snake_case-conversion. If the parameter name was "viewID" it would propably have been snake_cased to "view_i_d", which is not what is in the error message.
I feel stupid, but also happy to be able to go on.
I am trying to make an API call to
https://www.googleapis.com/youtube/v3/subscriptions
I'm trying to make it so when a user logs in using google-accounts they will be able to see their YouTube subscription list. It is currently not working at I am not sure why.
Im getting two errors in the console:
1.
www.googleapis.com/youtube/v3/subscriptions?part=subscriberSnippet&mine=true&key=MYKEY&part=snippet&mine=true:1
GET https://www.googleapis.com/youtube/v3/subscriptions?part=subscriberSnippet&…ne=true&key=MYKEY&part=snippet&mine=true 401 (OK)
2.
Object {statusCode: 401, content: "{↵ "error": {↵ "errors": [↵ {↵ "domain": "gl…e": 401,↵ "message": "Invalid Credentials"↵ }↵}↵", headers: Object, data: Object}content: "{↵ "error": {↵ "errors": [↵ {↵ "domain": "global",↵ "reason": "authError",↵ "message": "Invalid Credentials",↵ "locationType": "header",↵ "location": "Authorization"↵ }↵ ],↵ "code": 401,↵ "message": "Invalid Credentials"↵ }↵}↵"data: Objectheaders: ObjectstatusCode: 401__proto__: Object
My code looks as followed:
//client side
Meteor.autosubscribe(function(){
var newUser = Meteor.user();
Meteor.subscribe('currentAccessToken');
});
var url = "https://www.googleapis.com/youtube/v3/subscriptions?part=subscriberSnippet&mine=true&key=key";
var options = {
'headers' : {
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + "currentAccessToken",
'X-JavaScript-User-Agent': "Google APIs Explorer"
},
'params' : {
part : 'snippet',
mine : 'true',
}
};
var searchResult = HTTP.call("get", url,options,
function (error, result) {
if (!error) {
Session.set("twizzled", true);
}
console.log(result);
});
On the server side I am publishing the access token so that it can be sent with the GET request
//Server Side
Meteor.publish("currentAccessToken", function(){
return Meteor.users.find(this.userId, {fields: {'services.google.accessToken': 1}});
});
I greatly appreciate any help or documentation.
The first thing to check would be authorization scopes. You have to explicitly add YouTube scope (more than one, actually, each defining single action or a small bunch of actions). To do that, you can use Accounts global object. Just add this code anywhere on the client side (inside client folder):
Accounts.ui.config({
requestPermissions: {
google: [
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/youtube',
'https://www.googleapis.com/auth/youtube.upload'
]
},
requestOfflineToken: {
google: true
}
});
The next time you authorize with Google, you should see that the popup asks not only for basic information but for YouTube access. For more information about YouTube Google API scopes, see official docs.