0

I'm trying to query firebase to get the remote config of my webapp. I want to use REST API and not the official SDK, for performance reason.

So far I've tried to follow google documentation along with this post on stackoverflow.

Currently, no matter what I try I have this response:

curl -H "Authorization: Bearer {token}"  \
  "https://firebaseremoteconfig.googleapis.com/v1/projects/{my-project-name}/remoteConfig"
{
  "error": {
    "code": 401,
    "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
    "status": "UNAUTHENTICATED"
  }
}

I don't get how I am supposed to retrieve the Bearer Token. I tried all the value I can find in IAM admin > API & Service > Credentials, without success.

Thanks for helping.

dolig
  • 134
  • 9
  • 1
    Actually the error message is referring to the unauthenticated issue, please try to run this command and follow the instructions : (gcloud auth login) and then try your command : curl --compressed -i -D headers -H "Authorization: Bearer token" -X GET https://firebaseremoteconfig.googleapis.com/v1/projects/my-project-id/remoteConfig -o filename.json .... Are you also providing the authorization bearer token in the command ?.....Please also let me know , have you created the new service account for your Firebase project or using the default service account ? – Sohail Alvi Nov 07 '20 at 01:20
  • Hello @SohailAlvi , my question was about how can I retrieve the bearer token. As I write in op, _I tried all the value I can find in IAM admin > API & Service > Credentials, without success._ I don't think I've created a new service account for my firebase project, how can I check chis ? – dolig Nov 09 '20 at 09:22
  • Hey @SohailAlvi , I've found something interessing int gcloud docs: [Authenticate REST Requests > Legacy tokens](https://firebase.google.com/docs/database/rest/auth#legacy_tokens). Looks like what I am looking for, but I still got an error 401 (Invalid credentials). – dolig Nov 09 '20 at 17:11

1 Answers1

1

It is possible to authorize a call to the Firebase Remote Config API without using Google API client libraries, but It is not recommended.

As explained in the Oauth 2.0 authorization with service account “your application can complete these tasks either by using the Google APIs client library for your language, or by directly interacting with the OAuth 2.0 system using HTTP. However,the mechanics of 'OAuth 2.0' authentication interactions require applications to create and cryptographically sign JSON Web Tokens (JWTs), and it's easy to make serious errors that can have a severe impact on the security of your application.”

If it is really necessary to avoid the Google API Client Libraries, there are alternative 3rd party tools such as oauth2l. However, Google doesn't officially support this tool and its functionality is not guaranteed.

I just want to highlight the --credentials' argument as the method for selecting your service account JSON file and the cURL command as an example to this use-case.

I recommend you follow the documentation which lays out the steps necessary to authorize the API in question with the Google API Client Library. Bear in mind that the service account JSON file generated by the steps represents the private key for the Firebase Admin SDK service account which is a perfectly appropriate service account to use, but any service account with the Firebase Remote Config roles 'Firebase Remote Config Admin' would also work.

One important topic I would like to emphasise on is that at the moment there’s an ongoing issue with the https://www.googleapis.com/auth/firebase.remoteconfig scope which affects the typical process for authorizing access to this API, You could use the https://www.googleapis.com/auth/cloud-platform scope instead which is mentioned as an alternative in the REST API doc. (This workaround applies if you wish to use "oauth2l")

Michael T
  • 120
  • 6
  • Thanks a lot for your answer. Finally I moved on another solution, because remote config was not a good fit for my needs. – dolig Feb 12 '21 at 16:41