Open salami opened 2 years ago
I found a few problems with this issue:
At the very least it might be nice to add this to the Firebase docs so it's not so hard to track down what this issue is.
Hi @salami, thanks for reporting and for the suggested solution. I'll notify our engineers and see what we can do about this.
However, I'll be marking this as a feature request, since it was noted by our engineers that this is currently working as intended. With that said, our engineers can have a look and discuss this further for future plans.
Thanks!
Was there any progress in relation to this? I'm facing the same issue: I had to remove all restrictions from my Android Firebase Api Key in order to implement apple sigh in trough firebase and I feel very unconfortable with that.
[REQUIRED] Step 2: Describe your environment
[REQUIRED] Step 3: Describe the problem
This is basically the same as #1385. Specifically, my case is using Apple ID Sign-In via FirebaseUI. Chrome opens up and displays this error message:
"{"error":{"code":403,"message":"Requests from this Android client application <empty> are blocked.","errors":[{"message":"Requests from this Android client application <empty> are blocked.","domain":"global","reason":"forbidden"}],"status":"PERMISSION_DENIED"}}"
I'm reopening this because 1) I don't think the other one should have been closed 2) I suggest a possible solution.
The issue happens when you set your Google Cloud API key restrictions for Android to only accept requests from Android apps with the correct package name and SHA-1.
My idea to fix it, though I could be totally off, is to have this __/auth/handler url use a browser based API key rather than the Android one. Then we could just whitelist our firebase app domain for the browser API key.
As an aside, I don't understand why this logic needs to even access Google Cloud.