search

firebase / firebase-admin-go

Firebase Admin Go SDK
Apache License 2.0
1.12k stars 239 forks source link

SubscribeToTopic() results in 401 #533

Open kevmo314 opened 1 year ago

kevmo314 commented 1 year ago

[REQUIRED] Step 2: Describe your environment

$ uname -a
Linux Chicago 5.15.79.1-microsoft-standard-WSL2 #1 SMP Wed Nov 23 01:01:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

[REQUIRED] Step 3: Describe the problem

Steps to reproduce:

    app, err := firebase.NewApp(context.Background(), &firebase.Config{
        ProjectID:     projectID,
    })

    fcm, err := app.Messaging(context.Background())
    if err != nil {
        panic(err)
    }

...

    fcm.SubscribeToTopic(context.Background(), []string{
            "<valid token>",
        }, "anyTopic")

Results in the error:

unexpected http response with status: 401\n<HTML>\n<HEAD>\n<TITLE>Unauthorized</TITLE>\n</HEAD>\n<BODY BGCOLOR=\"#FFFFFF\" TEXT=\"#000000\">\n<H1>Unauthorized</H1>\n<H2>Error 401</H2>\n</BODY>\n</HTML>\n

Inspecting this further, based on the documentation here: https://developers.google.com/instance-id/reference/server#manage_relationship_maps_for_multiple_app_instances

I would expect that /iid/v1:batchAdd gets called with the corresponding parameters. However, it doesn't have an authorization header.

image

Did I miss something super obvious in configuration?

caioaao commented 1 year ago

We had this issue for days now. Turns out the service account we were using only needed the roles/firebase.admin role. No idea if there's a more strict role that still allows it to work as the docs aren't very clear about it

balloman commented 4 months ago

@kevmo314 Did you ever find a fix?

kevmo314 commented 4 months ago

@kevmo314 Did you ever find a fix?

I did, actually. In my case it wasn't the permissions issue that @caioaao mentioned above, but rather that you can only subscribe to so many topics. In our code, we had too many subscriptions being created and after enough subscriptions it starts throwing 401 Unauthorized.

I don't know why Google chose to throw a 401 instead of a more informative 429 or something.

balloman commented 4 months ago

@kevmo314 Did you ever find a fix?

I did, actually. In my case it wasn't the permissions issue that @caioaao mentioned above, but rather that you can only subscribe to so many topics. In our code, we had too many subscriptions being created and after enough subscriptions it starts throwing 401 Unauthorized.

I don't know why Google chose to throw a 401 instead of a more informative 429 or something.

Thanks for responding. This is my first topic, so I don't think that's the issue, but I appreciate the suggestion!

NguyenTrongCuong commented 6 days ago

@balloman Did you find the root cause? I faced the same issue when subscribing to my first topic, and it only happened with subscription requests.