Expected an ID token, but was given a custom token.
2,859 views
Skip to first unread message
bomviaap...@gmail.com
Dec 10, 2016, 12:59:43 AM12/10/16
to Firebase Google Group
Hi there.
I have installed the package recommended by firebase for php custom tokens which can be found here, https://firebase.google.com/docs/auth/admin/create-custom-tokens under the heading
Create custom tokens using a third-party JWT library, I have installed the
php-jwt: package created a service account's email address and private key from the JSON key file. However when I put it in this curl I get the error below. {
"error": "Expected an ID token, but was given a custom token."
}
}
Curl used for testing is below.
What am I doing wrong?
$token = 'very long token';
$arr = array("success" =>array("iPhone"=>500));
$data_string = json_encode($arr);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PATCH");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($data_string))
);
echo $result = curl_exec($ch);
Jacob Wenger
Dec 12, 2016, 4:51:57 PM12/12/16
to fireba...@googlegroups.com
Hey there,
You are getting that error because you are using the wrong type of token to authenticate to the Realtime Database REST API. The REST API can take two types of tokens: ID tokens (which identify a single user and can only be retrieved from the Firebase client SDKs) or Google OAuth2 access tokens (which grant full read / write access). You are trying to pass it a custom token, which can only be used to sign in a user via the Firebase client SDKs.
It would be great to ignore the code for a second and let us know what your use case is. What are you actually trying to do? I have a feeling you want your PHP code to access the Realtime Database as an end-user, not with full admin rights. Unfortunately, this use case is not currently supported. It is technically possible (as documented in this thread here), but you probably want something more straightforward. The Firebase Auth team is working to improve this use case, but we don't have details to share at the moment.
Cheers,
Jacob
Jacob
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/8713ca40-e526-42f7-8f3e-5abc98688fff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
bomv...@gmail.com
Dec 14, 2016, 11:12:09 AM12/14/16
to Firebase Google Group
Hi Jacob
Thank you for the reply and clarifying the issue.
There are two main things I want to do.
I guess that the above exercise will partially solve my first requirement, so I can't fully ignore it some topics.
Requirement 1.
I have different types of users, and there will be a range of auth types with certain permissions to access certain data, ie for conversations and messages, I want auth.type1 not to have access to auth.type2 ie only staff can see staff chats and every other type of user, but other users cant see staff chats.
So am I right by partially using the above method to generate a custom token (with a users "rights" embedded in the token) and then supplying that that token when auth'ing in with angularFire's
Requirement 2.
This is what I was trying to do above. When some data is updated in my database, I want my server to directly update firebase. I can do this already but without security. So my server would need to send some "auth" to firebase.
A typical scenario for this is...
If I get a new user, when I store that user in my DB, I want my PHP server to directly update a firebase section of userCount to +1 (with security). When firebase updates, my app will then detect that and an alert everyone that is logged in, and they will see "Hey we got a new user", of course only "Staff" will see certain data and others not. This will enrich the app 10x. ie notifications for file uploads, new users, emails sent, tasks done etc.
This is the only two examples my app needs for now. I am sure I can build in more functionality as soon as I understand how I can connect my app, firebase and my server together.
Thanks for your assistance
Best regards
T
Thank you for the reply and clarifying the issue.
There are two main things I want to do.
I guess that the above exercise will partially solve my first requirement, so I can't fully ignore it some topics.
Requirement 1.
I have different types of users, and there will be a range of auth types with certain permissions to access certain data, ie for conversations and messages, I want auth.type1 not to have access to auth.type2 ie only staff can see staff chats and every other type of user, but other users cant see staff chats.
So am I right by partially using the above method to generate a custom token (with a users "rights" embedded in the token) and then supplying that that token when auth'ing in with angularFire's
$scope.authObj.$authWithCustomToken("<CUSTOM_AUTH_TOKEN>")?
If so that is great! Problem 1 solved, my users can start chatting. Requirement 2.
This is what I was trying to do above. When some data is updated in my database, I want my server to directly update firebase. I can do this already but without security. So my server would need to send some "auth" to firebase.
A typical scenario for this is...
If I get a new user, when I store that user in my DB, I want my PHP server to directly update a firebase section of userCount to +1 (with security). When firebase updates, my app will then detect that and an alert everyone that is logged in, and they will see "Hey we got a new user", of course only "Staff" will see certain data and others not. This will enrich the app 10x. ie notifications for file uploads, new users, emails sent, tasks done etc.
This is the only two examples my app needs for now. I am sure I can build in more functionality as soon as I understand how I can connect my app, firebase and my server together.
Thanks for your assistance
Best regards
T
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
Jacob Wenger
Dec 14, 2016, 6:50:05 PM12/14/16
to fireba...@googlegroups.com
Hey T,
Thanks for expanding more on your use case! I have some better news for you this time around now that I know what you are trying to do :)
You are all set for requirement 1. The approach you are taking sounds perfect!
As for requirement 2, I am assuming this code is going to be run on a secure server and that you are set on using PHP. If so, then you can create a Google OAuth2 access token which has full read / write access to your Realtime Database. The docs for doing this are a bit buried in our docs (sorry about that!) and don't have a PHP example (sorry again!), but it is what you are looking for. If you create a Google OAuth2 access token with the scopes mentioned in the doc I linked to, you can make use of the Realtime Database REST API. It looks like Google has a doc on making Google OAuth2 access tokens in PHP.
Just as an FYI, a path of lesser resistance is to use a language other than PHP. We have Firebase Admin SDKs in Node.js and Java which make managing data in your Realtime Database with admin rights much easier. Check them out if you are intrigued.
Cheers,
Jacob
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/4d9ab579-ad16-4caf-bbbf-ec0c8dd32863%40googlegroups.com.
Kato Richardson
Dec 19, 2016, 4:06:48 PM12/19/16
to Firebase Google Group
Converted this discussion to b/33752462.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CAGcMwsDnNBv0kqTPccFjzcS0xDxRB1Z5NESAiFxXUUM%3DvdUW1g%40mail.gmail.com.
content user
Dec 20, 2016, 11:18:20 AM12/20/16
to Firebase Google Group
Thanks Jacob.
The documentation was really tough to digest, but got there in the end. I would highly recommend, sending people the slack chat for firebase and special mention should be given to this https://github.com/kreait/firebase-php
A combo of your feedback and the link is what got me there.
Merry xmas and thanks for the help.
T
The documentation was really tough to digest, but got there in the end. I would highly recommend, sending people the slack chat for firebase and special mention should be given to this https://github.com/kreait/firebase-php
A combo of your feedback and the link is what got me there.
Merry xmas and thanks for the help.
T
Luqman Hakim Mohamad Rom
Jan 6, 2017, 11:35:32 PM1/6/17
to Firebase Google Group
I eventually wrote this library for my basic use case. Everything else is straightforward except the authentication part is a bit confusing.
Here is the link. https://github.com/luqmanrom/firebase-php
Reply all
Reply to author
Forward
0 new messages