Getting huge Firebase access token

1
votes

I'm using Firebase authentication together with Cloud Endpoints Frameworks. In context of this, I have two questions which belong together:

In my Android app I'm requesting the access token after a successfully login in the following way: 

FirebaseUser user = mFirebaseAuthenticator.getCurrentUser();

user.getIdToken(true).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
public void onComplete(@NonNull Task<GetTokenResult> task) {
    if (task.isSuccessful()) {
      mIDToken = task.getResult().getToken();
      Log.d("attempLogin", "GetTokenResult result = " + mIDToken);
    } else {
      Log.d("attempLogin", "Cannot get token = " + task.getException());
    }
  }
 });

Afterwards I pass the received access token to the automatically generated endpoints framework client API method allOrdersRequest(...)

OrderCollection orders = allOrdersRequest.setOauthToken(mIDToken).execute();

to execute a valid and authorized backend API call.

1st question: The received access token has about 800 characters, which is in my opinion relatively too much. It's almost 1kb which has to be send with each backend API method request. Is my assumption correct, or should (or even can I) change the access token size in Firebase's console?

2nd question: Is it the right way to pass the received token to the setOauthToken() method of the endpoints framework client API to perform an authorized API request, or must I manipulate each time the httpheader of the allOrdersRequest()?

1
javaandroidfirebase-authenticationgoogle-cloud-endpoints
@all Does nobody have a clue? I'm sure, I'm not the only user of firebase authentication and a cloud endpoints framework clients...Any help is very appreciated. - Degoah

1 Answers

1
votes

I found the correct way to authorize a cloud endpoints API request:

Using the method setOauthToken() from one of my generated cloud endpoints client API requests (in this example the method allOrdersRequest() is a backend api method) is the wrong way. Instead, it is neccessary to specify the "Authorization" http header field of typ bearer and assign to it the requested Firebase access token (idToken) in the REST API request (endpoints client API)

Here is an example:

// Initiate cloud endpoints client API builder Endpoint.Builder endpoint = new Endpoint.Builder(AndroidHttp.newCompatibleTransport(), new GsonFactory(), null); endpoint.setRootUrl("https://my_project_id.appspot.com/_ah/api/"); endpoint.setApplicationName("my_project_id");

    Endpoint service = endpoint.build();
    HttpHeaders authorizationHeader = new HttpHeaders();
    authorizationHeader.setAuthorization("Bearer " + mAccessToken);

    // Model instance
    OrderRequest orderRequest = new OrderRequest();
    orderRequest.setBagId(35);
    orderRequest.setPriority(9);

    orderRequest.setCustomer("[email protected]");
    try {
        Endpoint.ProcesOrderRequest request = service.procesOrderRequest(orderRequest);
        request.setRequestHeaders(authorizationHeader);
        Order order = request.execute();
        Log.d("ExecuteAPIRequest", "OrderId result = " + order.getOrderId());
    } catch (IOException ex) {
        System.out.println("Exception caught: " + ex.getMessage());
    }