Huge firebase access token seems not to work with google cloud endpoints API

[deg...@gmail.com]

Hi together!

I'm using Firebase authentication together with an appengine backend application and cloud endpoints frameworks to manage API requests from my Android app .

My appengine application has the following API definition:

@Api(

    name = "endpoint",
    version = "v1",
    //apiKeyRequired = AnnotationBoolean.TRUE,
    authenticators = {EspAuthenticator.class},
    issuers = {
                @ApiIssuer(
                    name = "firebase",
                    issuer = "https://securetoken.google.com/my_project_Id_123456",
                    jwksUri = "https://www.googleapis.com/service_accounts/v1/metadata/x509/secur...@system.gserviceaccount.com")
            },
     issuerAudiences = {
            @ApiIssuerAudience(name = "firebase", audiences = "my_project_Id_123456")
     },
    namespace =
    @ApiNamespace(
        ownerDomain = "backend.quumtu.de",
        ownerName = "Quumtu"
    )
public class API {

    private static final Logger log = Logger.getLogger(API.class.getName());
       
      @ApiMethod(
              name = "getFirebaseUserEmail",
              path = "firebase_user")
          public  Email getUserEmailFirebase(User user) throws UnauthorizedException {
            if (user == null) {
              throw new UnauthorizedException("Invalid credentials detected");
            }
            Email response = new Email("this is my email");
   
            return response;
          }

}

This is are security definitions frm my app's openenapi.json:

securityDefinitions":{
    "api_key":{
        "in":"query",
        "name":"key",
        "type":"apiKey"
    },
    "firebase":{
        "authorizationUrl":"",
        "flow":"implicit",
        "type":"oauth2",
        "x-google-issuer":"https://securetoken.google.com/my_project_id",
        "x-google-jwks_uri":"https://www.googleapis.com/service_accounts/v1/metadata/x509/secur...@system.gserviceaccount.com"
    }
},
"swagger":"2.0"

I've successfully compiled, deployed (openapi.json also uploaded) this backend application to appengine and I have also generated the appropriate endpoints client API for my Android app.

Further I've created a corresponding Firebase project and linked it with the appengine project (my_project_12345). Additionally, I have created a

test user in the firebase authentication menu.

In my Android app I'm requesting the Firebase user access token after a successfully login in the following way:

FirebaseUser user = mFirebaseAuthenticator.getCurrentUser();
user.getIdToken(true).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
public void onComplete(@NonNull Task<GetTokenResult> task) {
    if (task.isSuccessful()) {
      mIDToken = task.getResult().getToken();
      Log.d("attempLogin", "GetTokenResult result = " + mIDToken);
    } else {
      Log.d("attempLogin", "Cannot get token = " + task.getException());
    }
  }
 });

Afterwards I pass the received access token to the automatically generated endpoints framework client API method allOrdersRequest(...):

OrderCollection orders = allOrdersRequest.setOauthToken(mIDToken).execute();

to execute a valid and authorized backend API call.

My backend appengine application returns the following reponse, indicating that the authorization was invalid:

com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
 {
  "code": 401,
  "errors": [
   {
     "domain": "global",
      "message": "Invalid credentials detected by RR",
     "reason": "required"
  }
   ],
 "message": "Invalid credentials detected by RR"
 }

The "401 Unauthorized" part is returned due to the check "if (user == null) {...}" expression in the API method "getUserEmailFirebase()".

1nd question:

The received access token has about 800 characters, which is in my opinion relatively too much. It's almost 1kb which has to be send with each backend API method request. Is my assumption correct, or should (or even can I) change the access token size in Firebase's console?

2nd question:

Why is "user == null",  although I pass the correct access token?

3rd question:

Is it the right way to pass the received access token to the cloud endpoints client API using the setOauthToken() method to perform an authorized API request, or must I manipulate each time the httpheader of the allOrdersRequest()?

I hope, my issue is well described and no information are missing to give me a hint what might be wrong.

Thank you so far!

Best regards

[deg...@gmail.com]

...I see, that I've posted the wrong code snippet from my Android app in context of requesting the correct
backend API method. This is the correct one:

try {
    Endpoint.GetFirebaseUserEmail request = service.getFirebaseUserEmail();
    Email email = request.setOauthToken(mIDToken).execute();
    Log.i("Request", "Requested user email is: " + email);
} catch (IOException e) {
    e.printStackTrace();
}

[deg...@gmail.com]

...I found the solution for the issues stated in my initial question:

Please find the following post on stackoverflow: https://stackoverflow.com/questions/49578680/getting-huge-firebase-access-token