I am using firebase admin sdk to push mobile notifications(firebase cloud messaging). I have successfully set up it and it worked about year at google cloud kubernetes engine. Then it stopped to work. Here is stacktrace what I am receiving at backend:
com.google.firebase.messaging.FirebaseMessagingException: Unexpected HTTP response with status: 401; body: null
at com.google.firebase.messaging.FirebaseMessagingClientImpl.newException(FirebaseMessagingClientImpl.java:307) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessagingClientImpl.createExceptionFromResponse(FirebaseMessagingClientImpl.java:212) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessagingClientImpl.send(FirebaseMessagingClientImpl.java:128) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessaging$1.execute(FirebaseMessaging.java:139) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessaging$1.execute(FirebaseMessaging.java:136) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.internal.CallableOperation.call(CallableOperation.java:36) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessaging.send(FirebaseMessaging.java:106) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessaging.send(FirebaseMessaging.java:90) ~[firebase-admin-6.12.1.jar!/:na]
Status code from FirebaseMessagingException is unknown-error. I am using gradle dependency com.google.firebase:firebase-admin:6.12.1.
My server code of FirebaseApp initialization(kotlin):
val credentials = GoogleCredentials
.fromStream(FileInputStream(firebaseAppCredentials))
.createScoped(Arrays.asList("https://www.googleapis.com/auth/firebase.messaging"))
val options = FirebaseOptions.builder()
.setCredentials(credentials)
.build()
val firebaseApp = FirebaseApp.initializeApp(options)
I have verified firebaseAppCredentials contains path to file with firebase service account.
Here is sending code(kotlin):
val message = Message.builder()
.setNotification(notification)
.setToken(registrationToken)
.build()
FirebaseMessaging.getInstance(firebaseApp).send(message)
Can you help to find out how it can be fixed?
I have implemented raw protocol(raw http requests) and it started to work. For some reasons Firebase Admin SDK java library haven't used auth token in http request. I suspect it is related to the fact that I have configured GOOGLE_APPLICATION_CREDENTIALS evn var to service account from gcloud project but firebase app was initialized with service account from firebase project. It is intentional, I am using multiple gcloud projects but for FCM only one project is used.
It looks like some bug/feature in com.google.firebase:firebase-admin:6.12.1 and it is reproduced only at cloud env.
Related
I am getting following error while running DataFlow pipeline
Error reporting inventory checksum: code: "Unauthenticated", message: "Request is missing required authentication credential.
Expected OAuth 2 access token, login cookie or other valid authentication credential.
We have created service account dataflow#12345678.iam.gserviceaccount.com with following roles
BigQuery Data Editor
Cloud KMS CryptoKey Decrypter
Dataflow Worker
Logs Writer
Monitoring Metric Writer
Pub/Sub Subscriber
Pub/Sub Viewer
Storage Object Creator
And in our python code we are using import google.auth
Any idea what am I missing here ?
I do not believe I need to create key for SA , however I am not sure if "OAuth 2 access token" for SA need to be created ? If yes how ?
This was the issue in my case https://cloud.google.com/dataflow/docs/guides/common-errors#lookup-policies
If you are trying to access a service through HTTP, with a custom request (not using a client library), you can obtain a OAuth2 token for that service account using the metadata server of the worker VM. See this example for Cloud Run, you can use the same code snippet in Dataflow to get a token and use it with your custom HTTP request:
https://cloud.google.com/run/docs/authenticating/service-to-service#acquire-token
I'm working on an ASP.NET Core project that will be deployed to AWS. Recently the client came back and requested to pull a few values from AWS SecretsManager. I'm using the permissions inherited from the IAM Role associated to the EC2 instance that the service is deployed to.
In production use this service will be hosted by the client themselves on their own AWS account.
When I deploy to my own test AWS account the process works just fine but when the client deploys to their own AWS account they are getting a 403 Forbidden response on the call to get the secret value. They have the secret and permissions policy set up like I do but still the 403 error.
AmazonSecretsManagerClient client = new AmazonSecretsManagerClient();
var secretRequest = new GetSecretValueRequest
{
SecretId = "MySecretName"
};
// FAILS HERE
GetSecretValueResponse secretResponse = await client.GetSecretValueAsync(secretRequest);
It is a HttpRequestException with a message of "Response status code does not indicate success: 403 (Forbidden)."
My question isn't really a coding issue since this does work on my test AWS account. This seems like it must be an environment issue with the client's AWS account.
My experience with AWS is very limited so I have no idea what would be causing this.
Is the customer trying to fetch the exact same secret you are using in your account? This would require using a custom CMK and adding a resource policy granting access as described in the AWS docs.
I am getting the following exception
Google_Service_Exception: Error calling POST https://www.googleapis.com/datastore/v1beta2/datasets/smartflowviewer/lookup: (403) Access Not Configured. Google Cloud Datastore API has not been used in project 529103574478 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/datastore/overview?project=529103574478 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
while trying to access the datastore
$service = new Google_Service_Datastore($client);
$service_dataset = $service->datasets;
$path = new Google_Service_Datastore_KeyPathElement();
$path->setKind('auth');
$path->setName($email);
$key = new Google_Service_Datastore_Key();
$key->setPath([$path]);
$lookup_req = new Google_Service_Datastore_LookupRequest();
$lookup_req->setKeys([$key]);
$response = $service_dataset->lookup('smartflowviewer', $lookup_req);
I am using OAuth web client to work with API
$client = new Google_Client();
$client->setClientId($cfg['CLIENT_ID']);
$client->setClientSecret($cfg['CLIENT_SECRET']);
$client->setAccessType('offline');
The project had been working completely fine until yesterday. I have not deployed any new code or changed any setting during the latest month. And suddenly it started throwing this error.
Any ideas of what might be causing this behavior? Thanks a lot.
The Cloud Datastore v1beta2 API is deprecated, but you can update your code to use the Cloud Datastore v1 API.
One option is to look at the php-gds library.
I have the below error ... when i try to create a nue user with firebase in nodejs . I was activated de authentication in firebase console but nohting works for me.
i am using this link of docs:
https://www.firebase.com/docs/web/api/firebase/createuser.html
Error creating user: { [Error: The specified authentication provider is not enabled for this Firebase.]
code: 'AUTHENTICATION_DISABLED',
details: 'Projects created at console.firebase.google.com must use the new Firebase Authentication SDKs available from firebase.google.com/docs/auth/' }
Looks like you are using the documentation for 'old' Firebase to set up a connection to a 'new' Firebase environment. I was having the same problem. The answer is in the error message - take a look at the docs at the new Firebase Authentication SDK as things have changed. Or, alternatively, create an environment using the old Firebase (www.firebase.com) and the documentation you are referencing should work. (Not sure how long before the 'old' Firebase is deprecated, though.)
This error was produced becouse we cant authenticate from server side ,
"auth" is only allowed for client side,
i am working with an android app , and i create a new user from android , it works , my server side with node only conects with firebase for listening changes in database (firebase) .
Thanks for the observation.. and best regards
I want to log in to my application via LinkedIn. This can be done via a call to Cloud.SocialIntegrations.externalAccountLogin() .
However, the function above needs a 'token' parameter. The 'token' is provided by LinkedIn by following the oauth flow(retrieve an authorization code, exchange of the Authorization Code for a Request Token).
Is there an easy way in titanium to obtain this token? I have investigated aaronksaunders's(https://github.com/aaronksaunders/clearlyinnovative.linkedIn) code, and searched on gitt.io. Or do we need to write all of this boilerplate code ourselves?
NOTE: At the moment, I don't want to proxy the call via a server(I prefer not to set up an SSL certificate, etc) and I don't have an appcelerator team or enterprise plan, so I can't use their node(arrow) backend to proxy these calls.
Additional question: is it sufficient to configure the iOS Bundle Identifiers(on the LinkedIn app settings page)? And do I need to use this 'iOS settings' application Id(also on the LinkedIn app settings page)?
I have successfully finished my flow. Everything is explained in this blog post from Ramkumar M: http://shareourideas.com/2012/12/18/linkedin-connect-for-appcelerator-titanium/. The result is achieved by using a modified commonjs module version of the social.js library: https://gist.github.com/rampicos/4320296
This library has a very clean api, the whole flow is nothing more than:
var social = require('social');
var linkedin = social.create({
consumerSecret : CONSUMER_SECRET,
consumerKey : CONSUMER_KEY,
site: 'linkedin'
});
linkedin.authorize(function(){
//callback
});
I don't use the
Cloud.SocialIntegrations.externalAccountLogin()
because the login is done by the social.js library.
LinkedIn app: I have only configured the iOS bundle identifiers.