All geek questions in one place

Firebase DB HTTP Auth API: when and how to update a JWT token?

I am trying to make pappon webapp write to Firebase DB using the HTTP API (I am using the new version of Firebase introduced in Google I / O 2016).

So far, I understand that the specific type of record that I would like to execute is executed with a POST request to a URL of this type:

https://my-project-id.firebaseio.com/{path-to-resource}.json

I miss the auth part: if I understood it correctly, the JWT should be passed in the HTTP authorization header as Authorization : Bearer {token}.

So, I created a service account, downloaded its private key and used it to create a JWT, added it to the request headers and the request was successfully written to Firebase DB.

Now the JWT has expired, and any similar query to the Firebase database fails.

Of course, I have to generate a new token, but the question is, I did not expect token generation processing and updating itself, most HTTP APIs. I'm used to requiring that only a static api key be passed in the request. my webapps can be saved relatively simply by adding the stati api query string to the request.

If I need to take care of the generation and expiration of the token, the webapp logic should become more complex (because I will need to store the token, check if it is all valid and generate a new one when not), or I can just generate a new token for each request ( but does it really make sense?).

I would like to know if there is best practice in this regard or if I have missed something from the documentation on this topic.

Thanks Marco

ADDITION

This is the code I'm executing now:

import requests
import json
from oauth2client.service_account import ServiceAccountCredentials

_BASE_URL = 'https://my-app-id.firebaseio.com'
_SCOPES = [
    'https://www.googleapis.com/auth/userinfo.email',
    'https://www.googleapis.com/auth/firebase.database'
]

def _get_credentials():
    credentials = ServiceAccountCredentials.from_json_keyfile_name('my_service_account_key.json', scopes=_SCOPES)
    return credentials.get_access_token().access_token

def post_object():
    url = _BASE_URL + '/path/to/write/to.json'

    headers = {
        'Authorization': 'Bearer '+ _get_credentials(),
        'Content-Type': 'application/json'
    }

    payload = {
                'title': title,
                'message': alert
              }

    return requests.post(url,
                         data=json.dumps(payload),
                         headers=headers)

JWT. . , ?

+4
1

. , credentials.authorize, http.

from oauth2client.service_account import ServiceAccountCredentials
from httplib2 import Http
import json

_BASE_URL = 'https://my-app-id.firebaseio.com'
_SCOPES = [
    'https://www.googleapis.com/auth/userinfo.email',
    'https://www.googleapis.com/auth/firebase.database'
] 

# Get the credentials to make an authorized call to firebase    
credentials = ServiceAccountCredentials.from_json_keyfile_name(
    _KEY_FILE_PATH, scopes=_SCOPES)

# Wrap the http in the credentials.  All subsequent calls are authenticated
http_auth = credentials.authorize(Http())

def post_object(path, objectToSave):
  url = _BASE_URL + path

  resp, content = http_auth.request(
      uri=url,
      method='POST',
      headers={'Content-Type': 'application/json'},
      body=json.dumps(objectToSave),
  )

  return content

objectToPost = {
  'title': "title",
  'message': "alert"
}

print post_object('/path/to/write/to.json', objectToPost)
0

Source: https://habr.com/ru/post/1649365/

More articles:


All Articles