google app engine - Firebase ApplicationDefaultCredentials doesn't work in dev_appserver -


i'm following instructions on: https://cloud.google.com/solutions/using-firebase-real-time-events-app-engine

i'm trying dev_appserver make credentialed requests firebase database. works after i've deployed, not locally.

i've run gcloud auth application-default login

and have set credentials follows:

try:     functools import lru_cache except importerror:     functools32 import lru_cache  import json  import httplib2 oauth2client.client import googlecredentials  _firebase_scopes = [     'https://www.googleapis.com/auth/firebase.database',     'https://www.googleapis.com/auth/userinfo.email']   # memoize authorized http, avoid fetching new access tokens @lru_cache() def _get_http():     """provides authed http object."""     http = httplib2.http()     # use application default credentials make firebase calls     # https://firebase.google.com/docs/reference/rest/database/user-auth     creds = googlecredentials.get_application_default().create_scoped(         _firebase_scopes)     creds.authorize(http)     return http   def firebase_put(path, value=none):     """writes data firebase.     http put writes entire object @ given database path. updates     fields cannot performed without overwriting entire object     args:         path - url firebase object write.         value - json string.     """     response, content = _get_http().request(path, method='put', body=value)     return json.loads(content) 

when calling firebase_put()

{   "error" : "permission denied." } 

strangely appears firebase having problems. able make cloud speech requests using applicationdefaultcredentials dev_appserver.

i have verified credentials added headers.

header {   key: "user-agent"   value: "python-httplib2/0.9.2 (gzip)" } header {   key: "accept-encoding"   value: "gzip, deflate" } header {   key: "authorization"   value: "bearer redacted_for_privacy" } payload: "{\"sender\": \"12314\", \"timestamp\": 1478368765.042335, \"message\": \"asdf\"}" followredirects: false deadline: 5 mustvalidateservercertificate: true 

what doing wrong?

thanks @atimothee the essential cue.

turns out default scopes used gcloud auth aplication-default login don't include userinfo.email or firebase.database. including them manually fixed problem.

gcloud auth application-default login --scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/firebase.database 

Comments

Popular posts from this blog

java - SSE Emitter : Manage timeouts and complete() -

jquery - uncaught exception: DataTables Editor - remote hosting of code not allowed -

java - How to resolve error - package com.squareup.okhttp3 doesn't exist? -