I'm trying to write an API in Google App Engine Standard using Endpoints Framework. I followed the tutorial at https://cloud.google.com/endpoints/docs/frameworks/python/get-started-frameworks-python. "Opened" methods works fine, but I have problems when I want to secure the API with Firebase authentication. Following the tutorial at https://cloud.google.com/endpoints/docs/frameworks/python/authenticating-users, I wrote the following code:
import endpoints
from endpoints import message_types
from endpoints import messages
from endpoints import remote
class EchoRequest(messages.Message):
message = messages.StringField(1)
class EchoResponse(messages.Message):
"""A proto Message that contains a simple string field."""
message = messages.StringField(1)
ECHO_RESOURCE = endpoints.ResourceContainer(
EchoRequest,
n=messages.IntegerField(2, default=1))
@endpoints.api(
name='echo',
version='v1',
issuers={'firebase': endpoints.Issuer(
'https://securetoken.google.com/project_name',
'https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com')})
class EchoApi(remote.Service):
@endpoints.method(
# This method takes a ResourceContainer defined above.
ECHO_RESOURCE,
# This method returns an Echo message.
EchoResponse,
path='test_firebase',
http_method='POST',
name='test_firebase')
def test_firebase(self, request):
user = endpoints.get_current_user()
# If there's no user defined, the request was unauthenticated, so we
# raise 401 Unauthorized.
if not user:
raise endpoints.UnauthorizedException
output_message = ' '.join([request.message] * 3)
return EchoResponse(message=output_message)
When I try this method using the following curl:
TOKEN="token_string"
curl -i \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-X POST -d '{"message":"hello world"}' https://project_name.appspot.com/_ah/api/echo/v1/test_firebase
I have the following error:
HTTP/2 401
content-type: application/json
x-cloud-trace-context: ffd02c47eb5885d6a93c31ac8aae26cc;o=1
date: Fri, 20 Dec 2019 17:55:57 GMT
server: Google Frontend
content-length: 150
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
{
"error": {
"code": 401,
"errors": [
{
"domain": "global",
"message": "",
"reason": "required"
}
],
"message": ""
}
}
Where is the error?
user = endpoints.get_current_user()which probably is returning nothing because your curl command is not succefuly working( probably due to the access token) which in turn run the lineif not user:raise endpoints.UnauthorizedException(401 error). make sure you are passing the right token and use$TOKENinstead of${TOKEN}– Methkal Khalawiuser = endpoints.get_current_user(), but there isn't any problem with the token, because the same curl command is used against an App Engine Flexible instance version of the API and works correctly. I found this link: groups.google.com/forum/#!topic/google-cloud-endpoints/… and the problem seems that endpoints.get_current_user () is not working with firebase authentication – alessandro mercadanteaudiencesmust be passed:@endpoints.method( ECHO_RESOURCE, EchoResponse, path='test_firebase', audiences={ "firebase": [project_id]}, http_method='POST', name='test_firebase') def test_firebase(self, request): user = endpoints.get_current_user() if not user: raise endpoints.UnauthorizedException– alessandro mercadante