google app engine - Firebase ApplicationDefaultCredentials doesn't work in dev_appserver -
i'm following instructions on: https://cloud.google.com/solutions/using-firebase-real-time-events-app-engine
i'm trying dev_appserver make credentialed requests firebase database. works after i've deployed, not locally.
i've run gcloud auth application-default login
and have set credentials follows:
try: functools import lru_cache except importerror: functools32 import lru_cache import json import httplib2 oauth2client.client import googlecredentials _firebase_scopes = [ 'https://www.googleapis.com/auth/firebase.database', 'https://www.googleapis.com/auth/userinfo.email'] # memoize authorized http, avoid fetching new access tokens @lru_cache() def _get_http(): """provides authed http object.""" http = httplib2.http() # use application default credentials make firebase calls # https://firebase.google.com/docs/reference/rest/database/user-auth creds = googlecredentials.get_application_default().create_scoped( _firebase_scopes) creds.authorize(http) return http def firebase_put(path, value=none): """writes data firebase. http put writes entire object @ given database path. updates fields cannot performed without overwriting entire object args: path - url firebase object write. value - json string. """ response, content = _get_http().request(path, method='put', body=value) return json.loads(content)
when calling firebase_put()
{ "error" : "permission denied." }
strangely appears firebase having problems. able make cloud speech requests using applicationdefaultcredentials dev_appserver.
i have verified credentials added headers.
header { key: "user-agent" value: "python-httplib2/0.9.2 (gzip)" } header { key: "accept-encoding" value: "gzip, deflate" } header { key: "authorization" value: "bearer redacted_for_privacy" } payload: "{\"sender\": \"12314\", \"timestamp\": 1478368765.042335, \"message\": \"asdf\"}" followredirects: false deadline: 5 mustvalidateservercertificate: true
what doing wrong?
thanks @atimothee the essential cue.
turns out default scopes used gcloud auth aplication-default login
don't include userinfo.email
or firebase.database
. including them manually fixed problem.
gcloud auth application-default login --scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/firebase.database
Comments
Post a Comment