Firebase ApplicationDefaultCredentials doesn't work in dev_appserver

荒凉一梦 提交于 2019-12-25 09:05:48

问题


I'm following the instructions on: https://cloud.google.com/solutions/using-firebase-real-time-events-app-engine

I'm trying to get my dev_appserver to make credentialed requests to a firebase database. This works after I've deployed, but not locally.

I've run gcloud auth application-default login

and have set up my credentials as follows:

try:
    from functools import lru_cache
except ImportError:
    from functools32 import lru_cache

import json

import httplib2
from oauth2client.client import GoogleCredentials

_FIREBASE_SCOPES = [
    'https://www.googleapis.com/auth/firebase.database',
    'https://www.googleapis.com/auth/userinfo.email']


# Memoize the authorized http, to avoid fetching new access tokens
@lru_cache()
def _get_http():
    """Provides an authed http object."""
    http = httplib2.Http()
    # Use application default credentials to make the Firebase calls
    # https://firebase.google.com/docs/reference/rest/database/user-auth
    creds = GoogleCredentials.get_application_default().create_scoped(
        _FIREBASE_SCOPES)
    creds.authorize(http)
    return http


def firebase_put(path, value=None):
    """Writes data to Firebase.
    An HTTP PUT writes an entire object at the given database path. Updates to
    fields cannot be performed without overwriting the entire object
    Args:
        path - the url to the Firebase object to write.
        value - a json string.
    """
    response, content = _get_http().request(path, method='PUT', body=value)
    return json.loads(content)

when calling firebase_put() I get

{
  "error" : "Permission denied."
}

Strangely it just appears to be firebase that is having problems. I am able to successfully make cloud speech requests using ApplicationDefaultCredentials from dev_appserver.

I have verified that the credentials are added to the headers.

Header {
  Key: "user-agent"
  Value: "Python-httplib2/0.9.2 (gzip)"
}
Header {
  Key: "accept-encoding"
  Value: "gzip, deflate"
}
Header {
  Key: "authorization"
  Value: "Bearer REDACTED_FOR_PRIVACY"
}
Payload: "{\"sender\": \"12314\", \"timestamp\": 1478368765.042335, \"message\": \"asdf\"}"
FollowRedirects: false
Deadline: 5
MustValidateServerCertificate: true

What am I doing wrong?


回答1:


Thanks @atimothee for the essential cue.

Turns out the default scopes used by gcloud auth aplication-default login don't include userinfo.email or firebase.database. Including them manually fixed the problem.

gcloud auth application-default login --scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/firebase.database


来源:https://stackoverflow.com/questions/40443525/firebase-applicationdefaultcredentials-doesnt-work-in-dev-appserver

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!