Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

endpoints.get_current_user() "Unable to get authorized scopes" with firebase auth #161

Open
normmcgarry opened this issue Jul 6, 2018 · 3 comments
Open

endpoints.get_current_user() "Unable to get authorized scopes" with firebase auth #161

normmcgarry opened this issue Jul 6, 2018 · 3 comments
Assignees
@inklesspen

Comments

@normmcgarry
Copy link

I'm getting an error when calling endpoints.get_current_user() with firebase auth. Simple example below:

audiences = {
    'firebase': [firebase_id]
}

issuers = {
    'firebase': endpoints.Issuer(
        'https://securetoken.google.com/{}'.format(firebase_id),
        'https://www.googleapis.com/service_accounts/v1/metadata/x509/[email protected]'
    )
}

scopes = [
    'https://www.googleapis.com/auth/userinfo'
]

allowed_client_ids = ["firebase_auth"]

collection = endpoints.api(name=api_name, version=api_version, scopes=scopes, base_path=api_path, issuers=issuers, audiences=audiences, allowed_client_ids=allowed_client_ids)


    @endpoints.method(UserTestRequestContainer, UserMessage, name='user.test', path='user/test', http_method='GET')
    def test(self, request):
        user = endpoints.get_current_user()
        logging.info(user)
        logging.info('scopes: {}'.format(scopes))
        if user is None:
            raise endpoints.NotFoundException("user not found")
        return UserMessage()

In the request log, it shows this:

2018-07-06 16:41:59.926 EDT
Unable to get authorized scopes. (/base/data/home/apps/s~tvi-www/20180706t164046.410950432919376241/lib/endpoints/users_id_token.py:371)
Traceback (most recent call last):
  File "/base/data/home/apps/s~tvi-www/20180706t164046.410950432919376241/lib/endpoints/users_id_token.py", line 369, in _set_bearer_user_vars
    authorized_scopes = oauth.get_authorized_scopes(sorted(all_scopes))
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/1/google/appengine/api/oauth/oauth_api.py", line 171, in get_authorized_scopes
    _maybe_call_get_oauth_user(scope)
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/1/google/appengine/api/oauth/oauth_api.py", line 220, in _maybe_call_get_oauth_user
    _maybe_raise_exception()
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/1/google/appengine/api/oauth/oauth_api.py", line 239, in _maybe_raise_exception
    raise InvalidOAuthTokenError(error_detail)
InvalidOAuthTokenError
@normmcgarry
Copy link
Author

Does the Firebase Auth only work with Google Sign-In in this use case? I'm using email/password signup.

@inklesspen inklesspen self-assigned this Sep 28, 2018
@inklesspen
Copy link
Contributor

Frameworks supports both JWTs and opaque OAuth access tokens, but it only supports OAuth access tokens from Google.

@MoSehsah
Copy link

@normmcgarry are you able to get this working ? I'm trying to do the same thing but I get the same error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@inklesspen inklesspen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@inklesspen @MoSehsah @normmcgarry