How do i authenticate a rest call in firebase?
Solution 1
For java: I tried to use auth to access DatabaseRealtime. Run:
curl 'https://PROJECT_ID.firebaseio.com/users.json?auth=DATABASE_SECRET'
It worked but this way deprecated.
After that I tried to use access_token
I met issue when use access_token to query Database in my firebase project.
I already found out root cause for bugs I met before. Because access_token is generated incorrectly. I tried to generate access_token again, tried to use the access_token as bellow:
1. add google-api-client into pom.xml
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
<version>1.22.0</version>
</dependency>
2. Get token
public static void main(String[] args) throws Exception { GoogleCredential googleCred = GoogleCredential.fromStream(new FileInputStream("C://realtime.json")); GoogleCredential scoped = googleCred.createScoped( Arrays.asList( // or use firebase.database.readonly for read-only access "https://www.googleapis.com/auth/firebase.database", "https://www.googleapis.com/auth/userinfo.email" ) ); scoped.refreshToken(); String token = scoped.getAccessToken(); System.out.println(token); }
3. try to access database
Copy the value printed out above
Run curl:
curl 'https://PROJECT_ID.firebaseio.com/users.json?access_token=TOKEN'
It worked well.
For more information refer link: https://firebase.google.com/docs/reference/rest/database/user-auth#section-get
Solution 2
You need to put the access_token in the headers.
Header name : Authorization
Header content : Bearer the_token
To try it and put some headers you can use some tools like postman for google chrome or other tools.
drevlav
Updated on June 11, 2022Comments
-
drevlav about 2 years
I want to do a rest call on some data protected by some rule using the aid of my user, so i need to had the token to my request. depending of which version of firebase documentation there is different way: old and deprecated way (https://www.firebase.com/docs/rest/api/):
'https://samplechat.firebaseio-demo.com/users/jack/name.json?auth=<TOKEN>'
new way and i m quoting the doc (https://firebase.google.com/docs/reference/rest/database/user-auth#section-get):
Using the access token The Database REST API will accept access_token= on the query string or header Authenticate: Bearer to authenticate a request with a service account.
'https://samplechat.firebaseio-demo.com/users/jack/name.json?access_token=<TOKEN>'
the new way is not working for me even if I used the new firebase console when i set it up, and even if the token that i m using is generated using the new Firebase sdk. Does someone know why only the deprecated way is working? I was interested to put the token in the header of my requests but can not do.
-
drevlav about 8 yearsAs I said in my question, i tried what is written in the new firebase doc. So i tried what you just said and re-try using postman just to confirm it. It is not working for me. What works is what is written in the deprecated doc using: ?auth=<Token> set up in the url
-
drevlav about 8 yearsare you able to put the token in the header to retrieve the protected data? is it working for you?
-
VladimirSD about 8 yearsI'm on the new console and followed the directions from here: firebase.google.com/docs/reference/rest/database/… Both with Postman and a browser I get Permission Denied. Do we need to do anything in the Console. Enable Auth?
-
drevlav almost 8 yearsthe problem is not about the rule but about how to authenticate. I m able to authenticate when i follow what is explained in the deprecated doc, but not what is explained in the new version, like explained in my question
-
Svetlin Nakov over 7 yearsIt is a bug / unimplemented functionality. Neither Authorization: Bearer <idToken> nor url?access_token=idToken works. I think Firebase have silently dropped their REST API. Their JS Web API works correctly with Web Sockets, but the REST API has gone. I am returning back to Kinvey.
-
Rontron over 7 yearsI was told by their support staff that you use ?auth=<access-token> but I'm still working with them because it reports a permission denied (401 unauthorized) response still.
-
Rontron over 7 yearsOK so I figured it out and I am successfully sending GET requests using access-key to my database. I wrote an answer for some more information here: stackoverflow.com/questions/40520696/…
-
Max over 7 yearsOk I edited the answer to be more obvious and I hope you find it easier to understand now
-
Rodrigo almost 7 yearsWhat if I'm not using Java? I just want to send data from my server to firebase.