search

mobizt / FirebaseClient

🔥Async Firebase Client for Arduino. Supports Realtime Database, Cloud Firestore Database, Firebase Storage, Cloud Messaging, Google Cloud Functions and Google Cloud Storage.
MIT License
116 stars 6 forks source link

Firestore requests missing auth header #158

Closed martint88 closed 2 weeks ago

martint88 commented 2 weeks ago

I'm trying to write and read the Firestore database using a custom_auth with service account credentials. It works ok when database rules are allowed by default, but when I tried to secure my database using the UID, I got 403 error. I am already using the same auth with Realtime Database with no problems.

Here's the code I am using in the relevant parts:

before Setup() : CustomAuth custom_auth(timeStatusCB, API_KEY, FIREBASE_CLIENT_EMAIL, FIREBASE_PROJECT_ID, PRIVATE_KEY, calcUID() /* UID */, "" /* scope */, "" /* claims */, 3600 /* expire period in seconds (<3600) */);

In setup():

initializeApp(aClient3, app, getAuth(custom_auth), asyncCB, "authTask");
app.getApp<RealtimeDatabase>(Database);
app.getApp<Firestore::Documents>(Docs);

I found that all request I send to Firestore are missing the auth header. I enabled level 4 debug in the ssl_client to have access to the http request for debug and I got the following:

Docs.patch(...):

PATCH /v1/projects/lhhome-c5e19/databases/(default)/documents/estadoNodos/98848127_S0?updateMask.fieldPaths=state&updateMask.fieldPaths=time&updateMask.fieldPaths=lhrId&updateMask.fieldPaths=idNodo&updateMask.fieldPaths=output HTTP/1.1
Host: firestore.googleapis.com
Connection: keep-alive
Content-Length: 184

In the same program I am also reading to Realtime Database and the requests include the auth token.

Database.get(...):

GET /downstreamCommands/LHR_14981620.json?auth=eyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxZw HTTP/1.1
Host: lhhome-c5e19-default-rtdb.firebaseio.com
Connection: keep-alive
X-Firebase-ETag: true
Accept: text/event-stream

Using: PlatformIO ESP32 Platform: Espressif 32 6.8.1 framework-arduinoespressif32 @ 3.20017.0 (2.0.17) FirebaseClient @ 1.3.12

Is this a bug? Thank you, your work is amazing!

mobizt commented 2 weeks ago

That is not right.

The REST API endpoints for different auth and Firebase products are different.

mobizt commented 2 weeks ago

For more information, please consult the Google Firebase Realtime database and Firestore database REST API documentation.

mobizt commented 2 weeks ago

Ok, you are right. The auth header was missing for custom auth.

I will fix this and update soon.

mobizt commented 2 weeks ago

Now this issue was fixed in v1.4.0, please update.

martint88 commented 2 weeks ago

Great! Now it works! Thanks for the fast update!