what's with this { auth: 'SECRET' } ?

[robbiemu]

Firebase has an authentication system: https://firebase.google.com/docs/auth/web/custom-auth

Sending ?auth=MYSECRET doesn't authenticate.

If my db rules are set up like:

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth == 'MYSECRET'"
  }
}

Both read and write will fail with statusText 'Unauthorized'

How is the implementation hinted at here meant to work?

[robbiemu]

ooh I'm sorry, I've found this and have it working now.

a quick howto section might be of use, you think? like:

const FirebaseTokenGenerator = require('firebase-token-generator')
const tokenGenerator = new FirebaseTokenGenerator(databaseSecret) // databaseSecret is a text secret from your project's /settings/serviceaccounts/databasesecrets
const authToken = tokenGenerator.createToken({ uid: clientUID }) // create a valid user to use for this connection first

new FirebaseREST.JSONClient('https://'+projectName+'.firebaseio.com', { auth: authToken });

[fny]

Hey sorry! For some reason I missed the Github notifications for your issues. I'd add this to the README, but after looking at the Firebase docs I'm a little confused.

Do you know if Firebase has migrated to using access_token instead of auth or is this something different? https://firebase.google.com/docs/reference/rest/database/user-auth

I can't seem to find where they originally documented auth as a param anymore. 😟

[adz5a]

Hello, from this guide it seems that auth is still supported. I was trying to access the rest API and the answer from @robbiemu gave me the solution to solve my problem : use the secret from the DB, pass it through the auth parameter. So thank you very much :)

[robbiemu]

glad others found use of my experience there. :)

On Thu, Jul 13, 2017 at 10:54 AM, adz5a notifications@github.com wrote:

Hello, from this guide https://firebase.google.com/docs/database/rest/retrieve-data it seems that auth is still supported. I was trying to access the rest API and the answer from @robbiemu https://github.com/robbiemu gave me the solution to solve my problem : use the secret from the DB, pass it through the auth parameter. So thank you very much :)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/fny/node-firebase-rest/issues/2#issuecomment-315102667, or mute the thread https://github.com/notifications/unsubscribe-auth/AAPMX1jtmSxNRogu9cv1Wm0SeekmzPdZks5sNi--gaJpZM4LyK4p .

[Snookid]

Hello,

Database Secret is something that's getting deprecated, if not already deprecated. From Firebase console -

Database secrets are currently deprecated and use a legacy Firebase token generator. Update your source code with the Firebase Admin SDK.

The common way to get auth or access_token in Nodejs is through GoogleAuth for application default in server or Googleapis library.

However getting the JWT token from these libraries and passing the auth parameter sends an error saying something like "Cannot parse auth token."

I can access the DB through curl with the access_token generated in that way.

Since the plain secret is being deprecated, maybe we can integrate a validation in the library based on what kind of parameter is being sent. JWT vs. plain Database secret as a suggestion.

[fny]

I'll have a look into this later this week, and I'll see what I can do.