Reputation: 13
Error 403 on Calling Firebase Firestore Rest API
Here the code how i am generating the accessToken for Calling API.
import firebaseConfig from './../firebaseConfig';
import firebase from "firebase/app";
import "firebase/auth";
firebase.initializeApp(firebaseConfig);
var provider = new firebase.auth.GoogleAuthProvider();
firebase.auth().signInWithPopup(provider).then(function(result) {
var token = result.credential.accessToken;
sessionStorage.setItem("__token", token); // Token saved
}.bind(this)).catch(function(error) {
});
With that code i am getting the token in sessionStorage. Here's the snippet how i am using firebase Rest API.
var URL = https://firestore.googleapis.com/v1/projects/qtbt-a8bf8/databases/(default)/documents/users/[USER_ID]?key=[YOUR_API_KEY]
var token = sessionStorage.getItem("__token");
const config = {
headers: { Authorization: `Bearer ${token}` , Accept: 'application/json'}
};
axios.get(URL, config)
.then(function (response) {
// handle success
console.log(response);
})
.catch(function (error) {
// handle error
console.log(error);
})
.finally(function () {
// always executed
});
In the axios call, i am getting Error 403. Response:
code: 403
message: "Request had insufficient authentication scopes."
status: "PERMISSION_DENIED"
Upvotes: 0
Views: 2632
Answers (2)
Reputation: 91
The security rule is slightly different when using an IdToken rather than an OAuth token.
Instead of using:
if request.auth.uid == resource.id;
I use:
if request.auth.token.email == resource.id;
I'm matching the token's owner email to the document id, which also happens to be the owner's email.
You can also access the user's child documents using something like:
request.auth.token.email == resource.data.ownerEa;
In that case, the document(s) being matched must have an attribute ownerEa that has value == user's email.
Very annoying documentation isn't it.
Hope that helps...
Upvotes: 0
Reputation: 112
your missing the api-key in the call. apikey and token should both be in the headers.
var token = sessionStorage.getItem("__token");// verify your token is correct.
var headers = {'x-api-key' : 'key valu goes here', 'authorization': ${token} }
Upvotes: 2
Related Questions
- HTTP Error: 403, Permission denied to enable service [cloudfunctions.googleapis.com]
- firebase cloud functions http error code 403
- (firebase functions) Error: Forbidden Your client does not have permission to get URL /
- UNAUTHENTICATED error in firebase firestore https callable cloud functions
- firebase function returns 403 when doing an http request
- 403 The caller does not have permission for Firebase Management API addFirebase
- Firebase HTTP Cloud Function HTTP error code 403
- Firebase Cloud Firestore - Authentication error via REST API
- Firestore Permission Denied
- Google Cloud Firestore: FirebaseError: [code=permission-denied]: Missing or insufficient permissions