How do i authenticate a rest call in firebase?

rest firebase restful-authentication firebase-realtime-database firebase-authentication

13,735

Solution 1

For java: I tried to use auth to access DatabaseRealtime. Run:

curl 'https://PROJECT_ID.firebaseio.com/users.json?auth=DATABASE_SECRET'

It worked but this way deprecated.
After that I tried to use access_token I met issue when use access_token to query Database in my firebase project. I already found out root cause for bugs I met before. Because access_token is generated incorrectly. I tried to generate access_token again, tried to use the access_token as bellow:

1. add google-api-client into pom.xml

<dependency>
      <groupId>com.google.api-client</groupId>
      <artifactId>google-api-client</artifactId>
      <version>1.22.0</version>
    </dependency>

2. Get token

 public static void main(String[] args) throws Exception {
           GoogleCredential googleCred = GoogleCredential.fromStream(new 
           FileInputStream("C://realtime.json"));
           GoogleCredential scoped = googleCred.createScoped(
                         Arrays.asList(
       // or use firebase.database.readonly for read-only access
           "https://www.googleapis.com/auth/firebase.database",                           
    "https://www.googleapis.com/auth/userinfo.email"
                          )
                  );
                  scoped.refreshToken();
                  String token = scoped.getAccessToken();
                  System.out.println(token);
              }

3. try to access database Copy the value printed out above
Run curl:

curl 'https://PROJECT_ID.firebaseio.com/users.json?access_token=TOKEN'

It worked well.

For more information refer link: https://firebase.google.com/docs/reference/rest/database/user-auth#section-get

Solution 2

You need to put the access_token in the headers.

Header name : Authorization

Header content : Bearer the_token

To try it and put some headers you can use some tools like postman for google chrome or other tools.

13,735

Author by

drevlav

Updated on June 11, 2022

Comments

drevlav about 2 years
I want to do a rest call on some data protected by some rule using the aid of my user, so i need to had the token to my request. depending of which version of firebase documentation there is different way: old and deprecated way (https://www.firebase.com/docs/rest/api/):
```
'https://samplechat.firebaseio-demo.com/users/jack/name.json?auth=<TOKEN>'
```
new way and i m quoting the doc (https://firebase.google.com/docs/reference/rest/database/user-auth#section-get):

Using the access token The Database REST API will accept access_token= on the query string or header Authenticate: Bearer to authenticate a request with a service account.
```
'https://samplechat.firebaseio-demo.com/users/jack/name.json?access_token=<TOKEN>'
```
the new way is not working for me even if I used the new firebase console when i set it up, and even if the token that i m using is generated using the new Firebase sdk. Does someone know why only the deprecated way is working? I was interested to put the token in the header of my requests but can not do.
drevlav about 8 years

As I said in my question, i tried what is written in the new firebase doc. So i tried what you just said and re-try using postman just to confirm it. It is not working for me. What works is what is written in the deprecated doc using: ?auth=<Token> set up in the url
drevlav about 8 years

are you able to put the token in the header to retrieve the protected data? is it working for you?
VladimirSD about 8 years

I'm on the new console and followed the directions from here: firebase.google.com/docs/reference/rest/database/… Both with Postman and a browser I get Permission Denied. Do we need to do anything in the Console. Enable Auth?
drevlav almost 8 years

the problem is not about the rule but about how to authenticate. I m able to authenticate when i follow what is explained in the deprecated doc, but not what is explained in the new version, like explained in my question
Svetlin Nakov over 7 years

It is a bug / unimplemented functionality. Neither Authorization: Bearer <idToken> nor url?access_token=idToken works. I think Firebase have silently dropped their REST API. Their JS Web API works correctly with Web Sockets, but the REST API has gone. I am returning back to Kinvey.
Rontron over 7 years

I was told by their support staff that you use ?auth=<access-token> but I'm still working with them because it reports a permission denied (401 unauthorized) response still.
Rontron over 7 years

OK so I figured it out and I am successfully sending GET requests using access-key to my database. I wrote an answer for some more information here: stackoverflow.com/questions/40520696/…
Max over 7 years

Ok I edited the answer to be more obvious and I hope you find it easier to understand now
Rodrigo almost 7 years

What if I'm not using Java? I just want to send data from my server to firebase.