I'm having trouble authenticating with Service Account. Could someon

<div class="highlight highlight-source-cs notranslate position-relative overflow-auto" dir="auto" da

I'm still getting same 403 error. I've tried it like this: <div class="snippet

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Problem authenticating with Service Account about firebase-storage-dotnet HOT 9 CLOSED

step-up-labs commented on June 8, 2024

Problem authenticating with Service Account

from firebase-storage-dotnet.

Comments (9)

macleysousa commented on June 8, 2024

                var bytes = Convert.FromBase64String("base64");
                var stream = new StreamContent(new MemoryStream(bytes)).ReadAsStream();

                var auth = new FirebaseAuthProvider(new FirebaseConfig("api_key"));
                var a = await auth.SignInWithEmailAndPasswordAsync("email", "password");

                var cancellation = new CancellationTokenSource();

                var action = new FirebaseStorage(
                    "bucket",
                    new FirebaseStorageOptions
                    {
                        AuthTokenAsyncFactory = () => Task.FromResult(a.FirebaseToken),
                        ThrowOnCancel = true,
                    })
                    .Child("folder")
                    .Child($"{"file_name"}.{"file_extension"}")
                    .PutAsync("stream", cancellation.Token);

from firebase-storage-dotnet.

marko-mihalic commented on June 8, 2024

Thank you but that's Regular Account (Service account doesn't have "email" or "password").
I'm talking about Service Account for which you get Private Key in .json format through Firebase Console.

e.g. I'm using it like this for RealtimeDatabase:

private static async Task<String> AuthenticateAsync(String privateKeyLocation)
{
GoogleCredential googleCredential = GoogleCredential.FromFile(privateKeyLocation)
.CreateScoped(
"https://www.googleapis.com/auth/firebase", // RTDB.
"https://www.googleapis.com/auth/userinfo.email", // RTDB
"https://www.googleapis.com/auth/identitytoolkit", // User management
"https://www.googleapis.com/auth/devstorage.full_control", // Cloud Storage
"https://www.googleapis.com/auth/cloud-platform", // Cloud Firestore
"https://www.googleapis.com/auth/datastore"
);

return await googleCredential.UnderlyingCredential.GetAccessTokenForRequestAsync();
}

But, I'm still getting (403) Forbidden as StatusCode of Response (for Storage, Realtime Database works just fine).

This is rest of Code which is using AuthenticateAsync in case I'm missing something there:

FirebaseStorageTask firebaseStorageTask = new FirebaseStorage(bucketURL, new FirebaseStorageOptions
{
AuthTokenAsyncFactory = () => AuthenticateAsync(serviceAccountPrivateKeyLocation)
})
.Child(@"AppImages")
.Child(Path.GetFileName(filePath))
.PutAsync(stream);

from firebase-storage-dotnet.

michaelgaultjr commented on June 8, 2024

Thank you but that's Regular Account (Service account doesn't have "email" or "password").
I'm talking about Service Account for which you get Private Key in .json format through Firebase Console.

e.g. I'm using it like this for RealtimeDatabase:
private static async Task<String> AuthenticateAsync(String privateKeyLocation)
{
GoogleCredential googleCredential = GoogleCredential.FromFile(privateKeyLocation)
.CreateScoped(
"https://www.googleapis.com/auth/firebase", // RTDB.
"https://www.googleapis.com/auth/userinfo.email", // RTDB
"https://www.googleapis.com/auth/identitytoolkit", // User management
"https://www.googleapis.com/auth/devstorage.full_control", // Cloud Storage
"https://www.googleapis.com/auth/cloud-platform", // Cloud Firestore
"https://www.googleapis.com/auth/datastore"
);
return await googleCredential.UnderlyingCredential.GetAccessTokenForRequestAsync();
}

But, I'm still getting (403) Forbidden as StatusCode of Response (for Storage, Realtime Database works just fine).

This is rest of Code which is using AuthenticateAsync in case I'm missing something there:
FirebaseStorageTask firebaseStorageTask = new FirebaseStorage(bucketURL, new FirebaseStorageOptions
{
AuthTokenAsyncFactory = () => AuthenticateAsync(serviceAccountPrivateKeyLocation)
})
.Child(@"AppImages")
.Child(Path.GetFileName(filePath))
.PutAsync(stream);

I found a bit of a workaround using this and the FirebaseAdmin SDK, it could be improved, but it's a good start.
(Make sure you Initialize the Admin SDK with FirebaseApp.Create() before running the code below)

string token = await FirebaseAdmin.Auth.FirebaseAuth.DefaultInstance.CreateCustomTokenAsync("[your server id, can be anything]", developerClaims: new Dictionary<string, object>() 
            {
                { "server", true } // Adds a "server: true" claim to the token
            });
FirebaseAuthProvider firebaseAuthProvider = new FirebaseAuthProvider(new FirebaseConfig("[Firebase web API key]"));
var authLink = await firebaseAuthProvider.SignInWithCustomTokenAsync(token);
return authLink.FirebaseToken; // This is the JWT token

from firebase-storage-dotnet.

marko-mihalic commented on June 8, 2024

I'm still getting same 403 error.
I've tried it like this:

FirebaseApp firebaseApp = FirebaseApp.Create(new AppOptions
			{
				Credential = GoogleCredential.FromFile(serviceAccountPrivateKeyLocation),
				ProjectId = projectID
			});

			string token = await FirebaseAdmin.Auth.FirebaseAuth.GetAuth(firebaseApp).CreateCustomTokenAsync(Guid.NewGuid().ToString(), developerClaims: new Dictionary<string, object>()
			{
				{ "server", true } // Adds a "server: true" claim to the token
            });

			FirebaseAuthProvider firebaseAuthProvider = new FirebaseAuthProvider(new FirebaseConfig(apiKey));
			var authLink = await firebaseAuthProvider.SignInWithCustomTokenAsync(token);

			return authLink.FirebaseToken; // This is the JWT token

from firebase-storage-dotnet.

caneva20 commented on June 8, 2024

I've faced the same problem yesterday and found a good (and simple) solution just now.
Assuming you're using the AdminSDK (nuget) you can get a valid JWT Token with¹:

FirebaseAuth.DefaultInstance.CreateCustomTokenAsync("SOME_UID")

If you are still getting a 403 error, take a look at this SO answer

Sample:

var options = new FirebaseStorageOptions {
    AuthTokenAsyncFactory = () => FirebaseAuth.DefaultInstance.CreateCustomTokenAsync("SOME_UID")
};

new FirebaseStorage("PROJECT.appspot.com", options)
   .Child("FILE_NAME")
   .PutAsync(SOME_STREAM);

Sources:
1: https://firebase.google.com/docs/auth/admin/create-custom-tokens#create_custom_tokens_using_the_firebase_admin_sdk
2: https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth

from firebase-storage-dotnet.

longa78 commented on June 8, 2024

@marko-mihalic have you found a solution maybe?

from firebase-storage-dotnet.

marko-mihalic commented on June 8, 2024

@caneva20 thank you, I'll try with rule separation mentioned in this SO answer when/if I get back to it.

@longa78 I didn't, we decided not to use Firebase Storage after all.

from firebase-storage-dotnet.

stale commented on June 8, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

from firebase-storage-dotnet.

stale commented on June 8, 2024

Closing the issue due to inactivity. Feel free to re-open

from firebase-storage-dotnet.

Problem authenticating with Service Account about firebase-storage-dotnet HOT 9 CLOSED

Comments (9)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs