Reputation: 1
What specific permissions are required to make a request to Google's Identity Toolkit when using multi-tenancy to disable user signup?
I am making a request to disable user signup on a firebase multi-tenant system.
The payload is:
{"client": {"permissions": {"disabled_user_signup": true,"disabled_user_deletion": false }}}
With url: https://identitytoolkit.googleapis.com/v2/projects/%s/tenants/%s?updateMask=client
method: Patch
Oauth scope: https://www.googleapis.com/auth/firebase
The access token for the service account works and the operation is successful if the service account has the Owner role. I haven't been able to find any other combination of roles or permissions that will work. I've tried the typical candidates: Firebase Authentication Admin, Service Token Creator, Firebase Admin SDK Administrator, Cloud functions Admin, etc. What is baffling is that I am able to create tenants, add sign-in options etc. without issues with the same token. The error received is:
Error getting access token for service account: 400 Bad Request POST https://oauth2.googleapis.com/token {"error":"invalid_grant","error_description":"Invalid JWT Signature."}, iss: [email protected] com.google.auth.oauth2.GoogleAuthException: Error getting access token for service account: 400 Bad Request POST https://oauth2.googleapis.com/token
Upvotes: 0
Views: 98
Answers (1)
Related Questions
- Error: Failed to get Firebase project project-name. Please make sure the project exists and your account has permission to access it
- ADC vs Service Account for OAuth2 Token for REST APIs
- Querying Google Search Console on behalf of end-user: invalid_grant
- Google Oauth not sign-in not working even after app is verified
- Using maven mvn liquibase:generateChangeLog with GCP Mysql
- Upload file to google cloud storage (JAVA)