Error authenticating to FCM servers when calling subscribeToTopic [Functions]
2,817 views
Skip to first unread message
Moshe
Apr 28, 2017, 10:07:58 AM4/28/17
to Firebase Google Group
When trying to call admin.messaging().subscribeToTopic via Functions, I receive the following error:
Error: An error occurred when trying to authenticate to the FCM servers. Make sure the credential used to authenticate this SDK has the proper permissions
Error: An error occurred when trying to authenticate to the FCM servers. Make sure the credential used to authenticate this SDK has the proper permissions
I have tried every combination of settings I can imagine including:
- Using my gcm_sender_id as shown in the Web Setup guide in the console
- Using 103953800507 as the gcm_sender_id as shown here
- Using the firebase client api's
- Hand rolling the push registrations setup with and without an applicationServerKey being set
I'm using the Functions default credentials.
Is there something else I need to do to get registration working?
Thanks!
Hiranya Jayathilaka
Apr 28, 2017, 3:21:51 PM4/28/17
to fireba...@googlegroups.com
subscribeToTopic is a relatively new method in the admin SDK, and I wonder if the Cloud Functions supports it yet. It looks like the default credential used in Functions is not authorized to make this API call.
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/8432f175-3624-468a-956f-9ffaf7d54a44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Moshe
Apr 29, 2017, 2:05:37 PM4/29/17
to Firebase Google Group
It looks like the default credential used in Functions is not authorized to make this API call.
Thanks!
So what do I do: Can I authorize that credential somehow? Do I need to supply my own credential? Are there updates coming soon?
On Friday, April 28, 2017 at 10:21:51 PM UTC+3, Hiranya Jayathilaka wrote:
subscribeToTopic is a relatively new method in the admin SDK, and I wonder if the Cloud Functions supports it yet. It looks like the default credential used in Functions is not authorized to make this API call.
On Fri, Apr 28, 2017 at 6:17 AM, Moshe <mo...@tarcha.com> wrote:
When trying to call admin.messaging().subscribeToTopic via Functions, I receive the following error:
Error: An error occurred when trying to authenticate to the FCM servers. Make sure the credential used to authenticate this SDK has the proper permissionsI have tried every combination of settings I can imagine including:
- Using my gcm_sender_id as shown in the Web Setup guide in the console
- Using 103953800507 as the gcm_sender_id as shown here
- Using the firebase client api's
- Hand rolling the push registrations setup with and without an applicationServerKey being set
I'm using the Functions default credentials.Is there something else I need to do to get registration working?Thanks!
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/8432f175-3624-468a-956f-9ffaf7d54a44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Moshe
Apr 29, 2017, 8:10:05 PM4/29/17
to Firebase Google Group
I've tried using my service key, with the same results. Regardless of the gcm_sender_id or applicationServerKey I always get that error message.
Hiranya Jayathilaka
Apr 29, 2017, 11:29:07 PM4/29/17
to fireba...@googlegroups.com
It looks like there's a bug here. subscribeToTopic() method calls the IID API using a token generated from the Firebase credential. But it seems IID doesn't accept the token.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/1f3e4abe-c3a7-4c62-88e7-be76494302af%40googlegroups.com.
Hiranya Jayathilaka
Apr 30, 2017, 12:30:00 AM4/30/17
to fireba...@googlegroups.com
Ok, after a bit of debugging, it seems the issue has nothing to do with the credentials or authorization at all. It appears the IID service sometimes returns 200 OK responses with PERMISSION_DENIED error message in the payload, as shown below. I'm not sure why this happens, but it is probably due to an invalid argument in the request. Possibly an invalid registration token value.
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Date: Sun, 30 Apr 2017 04:11:18 GMT
< Expires: Sun, 30 Apr 2017 04:11:18 GMT
< Cache-Control: private, max-age=0
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< X-Google-ServerType: android_data_messaging
< X-Google-Backends: /bns/pf/borg/pf/bns/android-datamessaging-prod/datamessaging_backend.server/1755.http,acsfoa12:443
< X-Google-GFE-Request-Trace: acsfoa12:443,/bns/pf/borg/pf/bns/android-datamessaging-prod/datamessaging_backend.server/1755.http,acsfoa12:443
< X-Google-DOS-Service-Trace: main:android-pushmessaging-send
< X-Google-Service: android-pushmessaging-send
< X-Google-GFE-Response-Code-Details-Trace: response_code_set_by_backend
< X-Google-GFE-Response-Body-Transformations: gunzipped,chunked
< X-Google-Shellfish-Status: CA0gBEBG
< Alt-Svc: quic=":443"; ma=2592000; v="37,36,35"
< X-Google-GFE-Service-Trace: android-pushmessaging-send
< Accept-Ranges: none
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
<
* Connection #0 to host iid.googleapis.com left intact
{"results":[{"error":"PERMISSION_DENIED"}]}
The admin SDK incorrectly transforms this request into an authorization exception, which is why we get that error message. This can be fixed in a future release.
Are you sure the arguments passed to the subscribeToTopic() are correct?
Moshe
Apr 30, 2017, 11:51:20 AM4/30/17
to Firebase Google Group
Are you sure the arguments passed to the subscribeToTopic() are correct?
Absolutely. What I wrote above is actually incorrect. When using my gcm_sender_id on the web end and my service account in functions, my endpoints are subscribed without an issue (still don't understand what to use as my applicationServerKey, so I'm not currently using it).
Could this bug be on the GCF side?
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/1f3e4abe-c3a7-4c62-88e7-be76494302af%40googlegroups.com.
--
Hiranya Jayathilaka
Apr 30, 2017, 4:19:55 PM4/30/17
to fireba...@googlegroups.com
Can you post a code snippet here? Admin SDK does not accept any gcm_sender_id or applicationServerKey. It only deals in instance IDs (IID), which are referred to as registration tokens in the documentation:
And the registration token should come from a client SDK:
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/1e96bbf6-90a1-40f0-9adb-09b8643a7f64%40googlegroups.com.
Moshe
Apr 30, 2017, 4:42:35 PM4/30/17
to Firebase Google Group
Sure - what would you like me to post though? I'm using admin.initializeApp with my service-account, and other than that, subscribing to topics and publishing is all done via the standard admin api.
As I mentioned, I also tried to send messages via the api. I posted the body of that below.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/1e96bbf6-90a1-40f0-9adb-09b8643a7f64%40googlegroups.com.
Hiranya Jayathilaka
May 1, 2017, 1:29:27 PM5/1/17
to fireba...@googlegroups.com
I'm interested to know how you get the registration tokens you pass to subscribeToTopic.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/f95a1a0e-2db3-4aea-a383-33db899e0c3b%40googlegroups.com.
Moshe
May 1, 2017, 2:45:15 PM5/1/17
to Firebase Google Group
This is the gist of the code Im using:
reg.pushManager.subscribe({
userVisibleOnly: true
}).then(function(sub) {
let auth = sub.toJSON(),
endpoint = auth.endpoint
// do something with the endpoint
})
I'm not setting applicationServerKey (which is preventing me from sending a notification payload - I opened another thread about that) as I don't know what value to use.
I then store the token in Firebase, and retrieve it via Functions.
Is there anything else I can show you?
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/f95a1a0e-2db3-4aea-a383-33db899e0c3b%40googlegroups.com.
Hiranya Jayathilaka
May 1, 2017, 3:43:04 PM5/1/17
to fireba...@googlegroups.com
Yes, it is still not clear to me how you get the registration token. I expected to see something similar to: https://firebase.google.com/docs/cloud-messaging/js/client#retrieve-the-current-registration-token
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/a3fced93-38c2-4850-b65c-5d5ccbcedda4%40googlegroups.com.
Moshe
May 1, 2017, 7:21:38 PM5/1/17
to Firebase Google Group
I'm hand rolling the service worker. Do I need to use the lib to generate the token?
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/a3fced93-38c2-4850-b65c-5d5ccbcedda4%40googlegroups.com.
Hiranya Jayathilaka
May 1, 2017, 9:10:04 PM5/1/17
to fireba...@googlegroups.com
Perhaps somebody in the list can confirm this, but I believe you need to use a client SDK to get the token. I think client SDKs do a bit more internal work to register the token with IID, which is what's missing in your case.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/6e71e23e-5f33-4bc2-ae00-2fed41726c78%40googlegroups.com.
Moshe
May 2, 2017, 10:10:35 AM5/2/17
to Firebase Google Group
As I mentioned in the original post, I've had the same issue with tokens generated via the Firebase SDK
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/6e71e23e-5f33-4bc2-ae00-2fed41726c78%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages