Server side token, signInWithCustomToken and invalid authentication credentials.

915 views
Skip to first unread message

Gregory Tappero

unread,
Oct 18, 2016, 5:14:57 PM10/18/16
to Firebase Google Group
Hello there,

This not a cross post.

I have been working on a small prototype with firebase and am facing some auth issues I can not explain.

First, I have a service account setup with the right firebase JSON file. I use that to make my backend service preset some data. 
I also made sure to grand the editor permission to this Google APIs service account. This step works. I can set push data from the server.
 
{
  "type": "service_account",
  "project_id": "firepad-testxxxxx",
  "private_key_id": "6402cbccc51d06ba1bc7b5xxxxxxxxxxxx",
  "private_key": "-----BEGIN PRIVATE KEY----- xxxxxxx -----\n",
  "client_id": "105780162380553xxxxx",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
}

I then started to generate custom tokens for users, bypassing the need to activate any kind of sign-in providers. I did that in Python but also tried the ruby implementation. https://firebase.google.com/docs/auth/server/create-custom-tokens

def create_custom_token(uid, user_type):
  try:
    payload = {
      'uid': uid,
      'claims': {
        'type': user_type
      }
    }
    exp = datetime.timedelta(minutes=60)
    return jwt.generate_jwt(payload, RSA_PRIVATE, 'RS256', exp)
  except Exception as e:
    print 'Error creating custom token: ' + e.message
    return None

Once I get the token for my test user alice (uid) I pass it to the rendered html page.


    // Initialize the Firebase SDK.
    firebase.initializeApp({
      apiKey: '{{ FIREBASE_API_KEY }}',
      authDomain: '{{ FIREBASE_AUTH_DOMAIN }}', // xxxx.firebaseapp.com
      databaseURL: '{{ FIREBASE_DB }}',
      storageBucket: {{ FIREBASE_STORAGE }}'
    });

    var token = "{{ custom_token }}";
    firebase.auth().signInWithCustomToken(token).catch(function(error) {
      console.log(error);
    });


The JS console complains the following:

https://www.evernote.com/l/AtnQNCJc_V5AZISEM0kYYEnA8qcRsXAFjw8

firebase.js:276 FIREBASE WARNING: Provided authentication credentials are invalid. This usually indicates your FirebaseApp instance was not initialized correctly. Make sure your apiKey and databaseURL match the values provided for your app at https://console.firebase.google.com/, or if you're using a service account, make sure it's authorized to access the specified databaseURL and is from the correct project. 

When I did into the requests I see a first 200 OK POST to:

https://securetoken.googleapis.com/v1/token?key=AIzaSyDCxxxxxxxxxxxxxxxxxx

{
  "access_token": "eyJhbGciOiJSUzI1xxxxxxxxx", // <- seems to be our custom token?
  "expires_in": "3600",
  "token_type": "Bearer",
  "refresh_token": "AGl2vTQuxxxxxxxxxxx",
  "id_token": "eyJhbGciOiJSUzI1xxxxxxxxxx",
  "user_id": "alice",
  "project_id": "10850xxxxxxx"
}

Followed by a get on https://s-usc1c-nss-105.firebaseio.com/.lp?disconn=t&id=51776&pw=oznFuO4y5S that gets closed right away by the server.

I am running my tests on a page served by a small Python webserver on localhost:8800. localhost is part of the OAuth redirect domains on firebase.

I am running out of ideas.


Ian Barber

unread,
Oct 18, 2016, 5:29:10 PM10/18/16
to Firebase Google Group
This one is probably best raised with the support team, as its easier to debug if we can see all of the values: https://firebase.google.com/support/contact/troubleshooting/

In terms of possibilities though - can you double check that the service account is definitely from the same project as the database? Its easy to grab the wrong file, particularly if you have more than one project with a similar name. 
Reply all
Reply to author
Forward
0 new messages