I am trying to access Firebase from a server using PHP, Google Auth library and wrapper for Firebase REST ... This works fine to accomplish this:
use Firebase\JWT\JWT;
use Google\Auth\Credentials\ServiceAccountCredentials;
use Google\Auth\HttpHandler\HttpHandlerFactory;
use GuzzleHttp\Client;
$email = 'account@email.com';
$key = 'private_key_goes_here';
$scopes = [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/firebase.database',
];
$creds = [
'client_email' => $email,
'private_key' => $key,
];
$serviceAccount = new ServiceAccountCredentials($scopes, $creds);
$handler = HttpHandlerFactory::build(new Client());
$token = $serviceAccount->fetchAuthToken($handler);
$firebase = new \Firebase\FirebaseLib($url, $token);
$value = $firebase->get('test/hello');
However, this requires that the security rules in Firebase be universal for reading / writing, which I do not want. If I update my security rules, follow these steps:
{
"rules": {
"test": {
".read": "auth != null"
}
}
}
The result is $valuebecoming {"error": "Permission denied"}. I searched and tried many times many permutations and possible solutions without any convincing results.
JWT , . , . :
$serviceAccount = new ServiceAccountCredentials($scopes, $creds);
$handler = HttpHandlerFactory::build(new Client());
$payload = [
'iss' => $email,
'sub' => $email,
'aud' => 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit',
'iat' => time(),
'exp' => time() + 60 * 60,
'uid' => '123',
'claims' => [
'uid' => '123',
],
];
$payload = $serviceAccount->updateMetadata($payload);
$token = JWT::encode($payload, $key, 'RS256');
$firebase = new \Firebase\FirebaseLib($url, $token);
$value = $firebase->get('test/hello');
, , $value {"error": "Missing claim 'kid' in auth header."}. , :
$token = JWT::encode($payload, $key, 'RS256', 'key_id_goes_here');
: Invalid claim 'kid' in auth header., , ... . JWT . , ? , json, .
, , :
Firebase Google Group.