Firebase Realtime Database REST API returns Unauthorized, even with token

IlianFelinto
April 19, 2024
149 views
1 vote
2 Answers

I’m writting a Blazor Server app that connects to Firebase Realtime Database. I’m using the FirebaseDatabase SDK but need to perform a set of Atomic operations updating multiple Paths. Since the SDK do not have a method for that, I’ve decided to use REST API.

I’m already able to Authenticate using email/pass, which gives me access to currentUser.GetIdTokenAsync();

I’m able to read/write data on single Put/Patch operations.

But, when I try to update a path using the REST API, it fails saying: "Unauthorized".

In order to test this, I’ve written a simple code, below:

public async Task singleUpdate(string idPropriedade, string idLote, string novoNome)
{
    // Firebase database URL
    string firebaseUrl = DatabaseProjectSettings.projectURL;

    // Define the updates for each path
    string jsonContent = 
        "{" +
            ""lotes": {" +
                """ + idPropriedade + "": {" +
                    """ + idLote + "": {" +
                        ""nomePropriedade": "" + novoNome + """ +
                    "}" +
                "}" +
            "}" +
        "}";


    var token = await _currUser.GetIdTokenAsync(true);


    // Create HttpClient instance
    using (HttpClient client = new HttpClient())
    {
        // Configure the request
        HttpRequestMessage request = new HttpRequestMessage
        {
            Method = HttpMethod.Put,
            RequestUri = new Uri($"{firebaseUrl}.json"),
            Content = new StringContent(jsonContent, System.Text.Encoding.UTF8, "application/json")
        };
        request.Headers.Add("Authorization", $"Bearer {token}");

        // Send the request and get the response
        HttpResponseMessage response = await client.SendAsync(request);

        // Check if the request was successful
        if (response.IsSuccessStatusCode)
        {
            Console.WriteLine("Paths updated successfully.");
        }
        else
        {
            Console.WriteLine($"Failed to update paths. Status code: {response.StatusCode}");
        }
    }
}

If I remove the database rules, the write operation works fine. If I leave the database rules, I get the "Unauthorized" message.

I have already tested to use the token on the URL as follow: RequestUri = new Uri($"{firebaseUrl}.json?access_token={token}"), without success!

Please send me your insights! Thanks!

Tags: c#firebase firebase-authentication firebase-realtime-database rest

Answers

- FrankvanPuffelen
- April 18, 2024 at 9:19 pm
- 0 votes
0
As shown in the docs on authenticating with an ID token, you need to pass that token in an auth parameter in the URL.

The Authorization header and access_token parameter are only used to authenticate with an OAuth2 access token.

Login or Signup to reply.

- KeithM
- April 18, 2024 at 11:38 pm
- 0 votes
0
If I remove the database rules, the write operation works fine. If I leave the database rules, I get the "Unauthorized" message.

The SDK runs under a service account that probably has full read/write access. When going thru the API, then make sure that your currentUser matches an allow update and/or allow create rule in your Firestore rules for the paths/documents you’re trying to write to.

https://firebase.google.com/docs/firestore/security/get-started

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.