How do i authenticate a rest call in firebase?

17
votes

I want to do a rest call on some data protected by some rule using the aid of my user, so i need to had the token to my request. depending of which version of firebase documentation there is different way: old and deprecated way (https://www.firebase.com/docs/rest/api/): 

'https://samplechat.firebaseio-demo.com/users/jack/name.json?auth=<TOKEN>'

new way and i m quoting the doc (https://firebase.google.com/docs/reference/rest/database/user-auth#section-get):

Using the access token The Database REST API will accept access_token= on the query string or header Authenticate: Bearer to authenticate a request with a service account.

'https://samplechat.firebaseio-demo.com/users/jack/name.json?access_token=<TOKEN>'

the new way is not working for me even if I used the new firebase console when i set it up, and even if the token that i m using is generated using the new Firebase sdk. Does someone know why only the deprecated way is working? I was interested to put the token in the header of my requests but can not do.

5
restfirebaserestful-authenticationfirebase-realtime-databasefirebase-authentication
if my response below is not working can you provide the error message you get please ?EmCode
Does anyone have this working? I've used the github example link to generate a token and sign in with it from the custom sign in page. The example works fine. However, when I use the generated access token (i.e. the "accessToken" results from customauth.html) via curl or postman (i.e. Authorization header - Bearer token) I get permission denied (403)mikaye
The error message is always the same: 403 (Forbidden) { "error": "Permission denied." }Svetlin Nakov
access_token works for me.... Adding the header somehow is not working for me via Okhttp ..... works when i use a REST client though... can't figure out why yetKushan

5 Answers

2
votes

You need to put the access_token in the headers.

Header name : Authorization

Header content : Bearer the_token

To try it and put some headers you can use some tools like postman for google chrome or other tools.

2
votes

For java: I tried to use auth to access DatabaseRealtime. Run: 

curl 'https://PROJECT_ID.firebaseio.com/users.json?auth=DATABASE_SECRET'

It worked but this way deprecated.
After that I tried to use access_token I met issue when use access_token to query Database in my firebase project. I already found out root cause for bugs I met before. Because access_token is generated incorrectly. I tried to generate access_token again, tried to use the access_token as bellow:

1. add google-api-client into pom.xml

<dependency>
      <groupId>com.google.api-client</groupId>
      <artifactId>google-api-client</artifactId>
      <version>1.22.0</version>
    </dependency>

2. Get token

 public static void main(String[] args) throws Exception {
           GoogleCredential googleCred = GoogleCredential.fromStream(new 
           FileInputStream("C://realtime.json"));
           GoogleCredential scoped = googleCred.createScoped(
                         Arrays.asList(
       // or use firebase.database.readonly for read-only access
           "https://www.googleapis.com/auth/firebase.database",                           
    "https://www.googleapis.com/auth/userinfo.email"
                          )
                  );
                  scoped.refreshToken();
                  String token = scoped.getAccessToken();
                  System.out.println(token);
              }

3. try to access database Copy the value printed out above
Run curl:

curl 'https://PROJECT_ID.firebaseio.com/users.json?access_token=TOKEN'

It worked well.

For more information refer link: https://firebase.google.com/docs/reference/rest/database/user-auth#section-get

0
votes

Like this:

 try (InputStream is = new ClassPathResource("your-admin-info.json").getInputStream()) {

      GoogleCredential googleCred = GoogleCredential.fromStream(is);
      scoped = googleCred.createScoped(
          Arrays.asList(
              "https://www.googleapis.com/auth/firebase.database",
              "https://www.googleapis.com/auth/userinfo.email"
          )
      );
      scoped.refreshToken();
      scoped.getAccessToken();

your-admin-info.json is the Service Admin account info that you can generate on your accounts

-1
votes

I had the same problem. Only adding the token in the Authorization header did not work but the old way of including 'auth=' in the request worked. I think that might be a bug in Firebase.

My solution is to use both the new way and the old way, i.e. including 'auth=' in the request and also the token in the Authorization header. So after they fix the problem your app will continue to work.

Btw those answers about rules are incorrect, if the problem is caused by rules the error will be 401 unauthorized instead of 403 with message 'permission denied '

-2
votes

You need to check if the rules are configured correctly.

There are 4 options to use to Authenticate.

4 options to use to Authenticate in firebase

Rules will need to be configured differently for each Options.

Try the rule below:

Firebase Rule