17

I want to do a rest call on some data protected by some rule using the aid of my user, so i need to had the token to my request. depending of which version of firebase documentation there is different way: old and deprecated way (https://www.firebase.com/docs/rest/api/): 

'https://samplechat.firebaseio-demo.com/users/jack/name.json?auth=<TOKEN>'

new way and i m quoting the doc (https://firebase.google.com/docs/reference/rest/database/user-auth#section-get):

Using the access token The Database REST API will accept access_token= on the query string or header Authenticate: Bearer to authenticate a request with a service account.

'https://samplechat.firebaseio-demo.com/users/jack/name.json?access_token=<TOKEN>'

the new way is not working for me even if I used the new firebase console when i set it up, and even if the token that i m using is generated using the new Firebase sdk. Does someone know why only the deprecated way is working? I was interested to put the token in the header of my requests but can not do.

drevlav
  • 572
  • 2
  • 6
  • 14
  • if my response below is not working can you provide the error message you get please ? – EmCode Jun 02 '16 at 09:59
  • 1
    Does anyone have this working? I've used the github example [link](https://github.com/firebase/quickstart-js/tree/master/auth/exampletokengenerator) to generate a token and sign in with it from the custom sign in page. The example works fine. However, when I use the generated access token (i.e. the "accessToken" results from customauth.html) via curl or postman (i.e. Authorization header - Bearer token) I get permission denied (403) – mikaye Oct 16 '16 at 21:22
  • The error message is always the same: 403 (Forbidden) { "error": "Permission denied." } – Svetlin Nakov Nov 11 '16 at 13:30
  • access_token works for me.... Adding the header somehow is not working for me via Okhttp ..... works when i use a REST client though... can't figure out why yet – Kushan Apr 14 '17 at 20:09

5 Answers5

3

You need to put the access_token in the headers.

Header name : Authorization

Header content : Bearer the_token

To try it and put some headers you can use some tools like postman for google chrome or other tools.

EmCode
  • 344
  • 1
  • 10
  • As I said in my question, i tried what is written in the new firebase doc. So i tried what you just said and re-try using postman just to confirm it. It is not working for me. What works is what is written in the deprecated doc using: ?auth= set up in the url – drevlav Jun 02 '16 at 10:11
  • are you able to put the token in the header to retrieve the protected data? is it working for you? – drevlav Jun 02 '16 at 10:14
  • 1
    I'm on the new console and followed the directions from here: https://firebase.google.com/docs/reference/rest/database/user-auth#section-get Both with Postman and a browser I get Permission Denied. Do we need to do anything in the Console. Enable Auth? – VladimirSD Jun 03 '16 at 20:32
  • It is a bug / unimplemented functionality. Neither Authorization: Bearer nor url?access_token=idToken works. I think Firebase have silently dropped their REST API. Their JS Web API works correctly with Web Sockets, but the REST API has gone. I am returning back to Kinvey. – Svetlin Nakov Nov 11 '16 at 13:29
  • I was told by their support staff that you use ?auth= but I'm still working with them because it reports a permission denied (401 unauthorized) response still. – Rontron Nov 11 '16 at 22:30
  • OK so I figured it out and I am successfully sending GET requests using access-key to my database. I wrote an answer for some more information here: http://stackoverflow.com/questions/40520696/how-do-i-access-my-firebase-database-via-http-rest-api/40567107#40567107 – Rontron Nov 12 '16 at 20:07
2

For java: I tried to use auth to access DatabaseRealtime. Run: 

curl 'https://PROJECT_ID.firebaseio.com/users.json?auth=DATABASE_SECRET'

It worked but this way deprecated.
After that I tried to use access_token I met issue when use access_token to query Database in my firebase project. I already found out root cause for bugs I met before. Because access_token is generated incorrectly. I tried to generate access_token again, tried to use the access_token as bellow:

1. add google-api-client into pom.xml

<dependency>
      <groupId>com.google.api-client</groupId>
      <artifactId>google-api-client</artifactId>
      <version>1.22.0</version>
    </dependency>

2. Get token

 public static void main(String[] args) throws Exception {
           GoogleCredential googleCred = GoogleCredential.fromStream(new 
           FileInputStream("C://realtime.json"));
           GoogleCredential scoped = googleCred.createScoped(
                         Arrays.asList(
       // or use firebase.database.readonly for read-only access
           "https://www.googleapis.com/auth/firebase.database",                           
    "https://www.googleapis.com/auth/userinfo.email"
                          )
                  );
                  scoped.refreshToken();
                  String token = scoped.getAccessToken();
                  System.out.println(token);
              }

3. try to access database Copy the value printed out above
Run curl:

curl 'https://PROJECT_ID.firebaseio.com/users.json?access_token=TOKEN'

It worked well.

For more information refer link: https://firebase.google.com/docs/reference/rest/database/user-auth#section-get

Mr Special
  • 1,576
  • 1
  • 20
  • 33
0

Like this:

 try (InputStream is = new ClassPathResource("your-admin-info.json").getInputStream()) {

      GoogleCredential googleCred = GoogleCredential.fromStream(is);
      scoped = googleCred.createScoped(
          Arrays.asList(
              "https://www.googleapis.com/auth/firebase.database",
              "https://www.googleapis.com/auth/userinfo.email"
          )
      );
      scoped.refreshToken();
      scoped.getAccessToken();

your-admin-info.json is the Service Admin account info that you can generate on your accounts

Alexis
  • 1,825
  • 4
  • 23
  • 28
-1

I had the same problem. Only adding the token in the Authorization header did not work but the old way of including 'auth=' in the request worked. I think that might be a bug in Firebase.

My solution is to use both the new way and the old way, i.e. including 'auth=' in the request and also the token in the Authorization header. So after they fix the problem your app will continue to work.

Btw those answers about rules are incorrect, if the problem is caused by rules the error will be 401 unauthorized instead of 403 with message 'permission denied '

Max
  • 59
  • 1
  • 4
  • Ok I edited the answer to be more obvious and I hope you find it easier to understand now – Max Nov 23 '16 at 22:03
-2

You need to check if the rules are configured correctly.

There are 4 options to use to Authenticate.

4 options to use to Authenticate in firebase

Rules will need to be configured differently for each Options.

Try the rule below:

Firebase Rule

Adarsh Madrecha
  • 6,364
  • 11
  • 69
  • 117
  • 3
    the problem is not about the rule but about how to authenticate. I m able to authenticate when i follow what is explained in the deprecated doc, but not what is explained in the new version, like explained in my question – drevlav Jul 05 '16 at 14:45