Firebase ApplicationDefaultCredentials 在 dev_appserver 中不起作用
Firebase ApplicationDefaultCredentials doesn't work in dev_appserver
-
google-app-engine
-
google-oauth
-
google-app-engine-python
-
firebase-authentication
-
firebase-realtime-database
我正在按照以下说明进行操作:
https://cloud.google.com/solutions/using-firebase-real-time-events-app-engine
我正在尝试让我的 dev_appserver 向 firebase 数据库发出经过认证的请求。这在我部署后有效,但在本地无效。
我运行gcloud auth application-default login
并按如下方式设置了我的凭据:
try:
from functools import lru_cache
except ImportError:
from functools32 import lru_cache
import json
import httplib2
from oauth2client.client import GoogleCredentials
_FIREBASE_SCOPES = [
'https://www.googleapis.com/auth/firebase.database',
'https://www.googleapis.com/auth/userinfo.email']
# Memoize the authorized http, to avoid fetching new access tokens
@lru_cache()
def _get_http():
"""Provides an authed http object."""
http = httplib2.Http()
# Use application default credentials to make the Firebase calls
# https://firebase.google.com/docs/reference/rest/database/user-auth
creds = GoogleCredentials.get_application_default().create_scoped(
_FIREBASE_SCOPES)
creds.authorize(http)
return http
def firebase_put(path, value=None):
"""Writes data to Firebase.
An HTTP PUT writes an entire object at the given database path. Updates to
fields cannot be performed without overwriting the entire object
Args:
path - the url to the Firebase object to write.
value - a json string.
"""
response, content = _get_http().request(path, method='PUT', body=value)
return json.loads(content)
调用 firebase_put() 时我得到
{
"error" : "Permission denied."
}
奇怪的是,似乎是 firebase 出了问题。我能够使用来自 dev_appserver.
的 ApplicationDefaultCredentials 成功发出云语音请求
我已验证凭据已添加到 headers。
Header {
Key: "user-agent"
Value: "Python-httplib2/0.9.2 (gzip)"
}
Header {
Key: "accept-encoding"
Value: "gzip, deflate"
}
Header {
Key: "authorization"
Value: "Bearer REDACTED_FOR_PRIVACY"
}
Payload: "{\"sender\": \"12314\", \"timestamp\": 1478368765.042335, \"message\": \"asdf\"}"
FollowRedirects: false
Deadline: 5
MustValidateServerCertificate: true
我做错了什么?
感谢@atimothee 。
原来 gcloud auth aplication-default login 使用的默认范围不包括 userinfo.email 或 firebase.database。包括它们手动修复了问题。
gcloud auth application-default login --scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/firebase.database
google-app-engine
google-oauth
google-app-engine-python
firebase-authentication
firebase-realtime-database
我正在按照以下说明进行操作: https://cloud.google.com/solutions/using-firebase-real-time-events-app-engine
我正在尝试让我的 dev_appserver 向 firebase 数据库发出经过认证的请求。这在我部署后有效,但在本地无效。
我运行gcloud auth application-default login
并按如下方式设置了我的凭据:
try:
from functools import lru_cache
except ImportError:
from functools32 import lru_cache
import json
import httplib2
from oauth2client.client import GoogleCredentials
_FIREBASE_SCOPES = [
'https://www.googleapis.com/auth/firebase.database',
'https://www.googleapis.com/auth/userinfo.email']
# Memoize the authorized http, to avoid fetching new access tokens
@lru_cache()
def _get_http():
"""Provides an authed http object."""
http = httplib2.Http()
# Use application default credentials to make the Firebase calls
# https://firebase.google.com/docs/reference/rest/database/user-auth
creds = GoogleCredentials.get_application_default().create_scoped(
_FIREBASE_SCOPES)
creds.authorize(http)
return http
def firebase_put(path, value=None):
"""Writes data to Firebase.
An HTTP PUT writes an entire object at the given database path. Updates to
fields cannot be performed without overwriting the entire object
Args:
path - the url to the Firebase object to write.
value - a json string.
"""
response, content = _get_http().request(path, method='PUT', body=value)
return json.loads(content)
调用 firebase_put() 时我得到
{
"error" : "Permission denied."
}
奇怪的是,似乎是 firebase 出了问题。我能够使用来自 dev_appserver.
的 ApplicationDefaultCredentials 成功发出云语音请求我已验证凭据已添加到 headers。
Header {
Key: "user-agent"
Value: "Python-httplib2/0.9.2 (gzip)"
}
Header {
Key: "accept-encoding"
Value: "gzip, deflate"
}
Header {
Key: "authorization"
Value: "Bearer REDACTED_FOR_PRIVACY"
}
Payload: "{\"sender\": \"12314\", \"timestamp\": 1478368765.042335, \"message\": \"asdf\"}"
FollowRedirects: false
Deadline: 5
MustValidateServerCertificate: true
我做错了什么?
感谢@atimothee
原来 gcloud auth aplication-default login 使用的默认范围不包括 userinfo.email 或 firebase.database。包括它们手动修复了问题。
gcloud auth application-default login --scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/firebase.database