CODEWITHSUNDEEP
python-3.xfirebasefirebase-authenticationpyrebaseunauthorizedaccessexcepti
DazzRick
DazzRick

Reputation: 125

Access error in pyrebase realtime database subcollection, accessing with user uid

I'm having a problem when I access my realtime database. I'm using Pyrebase5 to access my database. I auth my sistem:

_config = {'example': 'ThisConfig'}
_firebase = pyrebase.initialize_app(self._config)
_auth = _firebase.auth()
_user = _auth.sign_in_with_email_and_password('[email protected]', 'myexample_password')
_db = _firebase.database().child('eletroinformaticabrasil')
_get = _db.child('AUTH_USER').get(token=_user['idToken'])

Errno 401 Client Error: Unauthorized for url: https://dazzrickprogrammer-default-rtdb.firebaseio.com/eletroinformaticabrasil/AUTH_USER.json?auth=**token**] { "error" : "Permission denied" }

My rules:

My rules

My database:

My datbase

My authenticator API:

Auth API

I don't know why its happening, when I use the firebase api in javascript with CDN, I don't have problems.

EDITED

I change some things, I don't know what, but I know that the error changed. Now my error is it:

[db] -> 2023/5/20 - 11:11:52 -> DataSource Get Error :Exception: [Errno 401 Client Error: Unauthorized for url: https://dazzrickprogrammer-default-rtdb.firebaseio.com/AUTH_GROUP.json?auth=token] { "error" : "Permission denied" } Parameters: {|"collection": "AUTH_GROUP"|}

I noted that the address don't go to the eletroinformaticabrasil link, but I change a child to the right link. I will revise my code, I think that is some method that I wrong the call.

** Solved! **

Really I don't know alright what I do, but the last problem is because when is called child() with more than one argument, the childs before is ignored. What I needed is only add the 'eletroinformaticabrasil' like the fist argument.

The fist problem I think that is because before the fist edit of this post, I forgeted to pass the token argument. Thank you @FrankVanPuffelen, your site help me so much.

Upvotes: 0

Views: 93

Answers (1)

Frank van Puffelen
Frank van Puffelen

Reputation: 599876

If the sign-in successfully completed, it seems most likely that the UID of the user you signed in with doesn't match the ZuA... value you check in your rules.

If you take tghe **token** from the error message, you can pass that into a site like jwt.io to decode it and see what information is in it. If you check the user_id value in the decoded info, is has to match the value that your rules check for.

Here is one example of an ID token from Firebase you can use to test with:

eyJhbGciOiJSUzI1NiIsImtpZCI6ImQwZTFkMjM5MDllNzZmZjRhNzJlZTA4ODUxOWM5M2JiOTg4ZjE4NDUiLCJ0eXAiOiJKV1QifQ.eyJwcm92aWRlcl9pZCI6ImFub255bW91cyIsImlzcyI6Imh0dHBzOi8vc2VjdXJldG9rZW4uZ29vZ2xlLmNvbS9kYmxhdGVuY3kiLCJhdWQiOiJkYmxhdGVuY3kiLCJhdXRoX3RpbWUiOjE2NTE0MzgyMjAsInVzZXJfaWQiOiJWTWdVY2x2NzI2UFlpVXhKTmxXR2RMYmZEN2syIiwic3ViIjoiVk1nVWNsdjcyNlBZaVV4Sk5sV0dkTGJmRDdrMiIsImlhdCI6MTY4NDUzNjkxMCwiZXhwIjoxNjg0NTQwNTEwLCJmaXJlYmFzZSI6eyJpZGVudGl0aWVzIjp7fSwic2lnbl9pbl9wcm92aWRlciI6ImFub255bW91cyJ9fQ.Oq8psO47h0DUjD08qYZJF6k7HVOAFkSqhpwaey8tbuKcyf5_0YcHD25oz8RS5qaj2RIPVtpUnPnvrOic2Bt7aSfvvfbUS7wzWG61BHxUDjR4CTxuaK6a5AWiR6jsYcOxStxN_q6enCwbSzj0Md2sXgNsPLz15l4Vbcg678w8lDaW2VFp28gjgQufnXQ0iT2FVZxo_ntk00LylDpaLEOR6c_P2f_8CJOomTZ709POae3ZmoVlbgiqjp22Ap8c6YCMGf7STeclIWAarj_U1t4VPJUYCl4TjARTnx-lSJWGMI-vc2mGfmHmm-RhSnZXgwkky6ninvUWBvus6aAsSbjfNA

If you paste this value into jwt.io, you should see that the user_id field shows VMgUclv726PYiUxJNlWGdLbfD7k2.

Upvotes: 1

Related Questions