cloudendpoints/endpoints-python

endpoints.get_current_user() "Unable to get authorized scopes" with firebase auth

Opened this issue · 3 comments

normmcgarry commented

I'm getting an error when calling endpoints.get_current_user() with firebase auth. Simple example below:

audiences = {
    'firebase': [firebase_id]
}

issuers = {
    'firebase': endpoints.Issuer(
        'https://securetoken.google.com/{}'.format(firebase_id),
        'https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com'
    )
}

scopes = [
    'https://www.googleapis.com/auth/userinfo'
]

allowed_client_ids = ["firebase_auth"]

collection = endpoints.api(name=api_name, version=api_version, scopes=scopes, base_path=api_path, issuers=issuers, audiences=audiences, allowed_client_ids=allowed_client_ids)


    @endpoints.method(UserTestRequestContainer, UserMessage, name='user.test', path='user/test', http_method='GET')
    def test(self, request):
        user = endpoints.get_current_user()
        logging.info(user)
        logging.info('scopes: {}'.format(scopes))
        if user is None:
            raise endpoints.NotFoundException("user not found")
        return UserMessage()

In the request log, it shows this:

2018-07-06 16:41:59.926 EDT
Unable to get authorized scopes. (/base/data/home/apps/s~tvi-www/20180706t164046.410950432919376241/lib/endpoints/users_id_token.py:371)
Traceback (most recent call last):
  File "/base/data/home/apps/s~tvi-www/20180706t164046.410950432919376241/lib/endpoints/users_id_token.py", line 369, in _set_bearer_user_vars
    authorized_scopes = oauth.get_authorized_scopes(sorted(all_scopes))
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/1/google/appengine/api/oauth/oauth_api.py", line 171, in get_authorized_scopes
    _maybe_call_get_oauth_user(scope)
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/1/google/appengine/api/oauth/oauth_api.py", line 220, in _maybe_call_get_oauth_user
    _maybe_raise_exception()
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/1/google/appengine/api/oauth/oauth_api.py", line 239, in _maybe_raise_exception
    raise InvalidOAuthTokenError(error_detail)
InvalidOAuthTokenError
normmcgarry commented

Does the Firebase Auth only work with Google Sign-In in this use case? I'm using email/password signup.

inklesspen commented

Frameworks supports both JWTs and opaque OAuth access tokens, but it only supports OAuth access tokens from Google.

MoSehsah commented

@normmcgarry are you able to get this working ? I'm trying to do the same thing but I get the same error.