401 Client Error: Unauthorized

Question

401 Client Error: Unauthorized

Closed this issue 9 years ago · 3 comments

I'm running into intermittent errors when sending updates to firebase with this library.

For example, if I send a PUT request to this firebase resource: /test/123 with the data payload of {'test': 123} it will randomly fail with a response of 401 Client Error: Unauthorized.

It seems very random. I sent two requests back-to-back and the first one failed while the second succeeded.

This was the first payload:
eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ2IjogMCwgImRlYnVnIjogZmFsc2UsICJhZG1pbiI6IHRydWUsICJpYXQiOiAxNDQ4MDM4Njk5LCAiZCI6IHsiZGVidWciOiBmYWxzZSwgInByb3ZpZGVyIjogInBhc3N3b3JkIiwgImFkbWluIjogdHJ1ZSwgImVtYWlsIjogInRlc3RAdGVzdC5jb20ifX0.07P1p5GhKAxbzXv4UK1ggohsOKKM5heJahRM-R8npBs

This was the second:
eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ2IjogMCwgImRlYnVnIjogZmFsc2UsICJhZG1pbiI6IHRydWUsICJpYXQiOiAxNDQ4MDM4NzAxLCAiZCI6IHsiZGVidWciOiBmYWxzZSwgInByb3ZpZGVyIjogInBhc3N3b3JkIiwgImFkbWluIjogdHJ1ZSwgImVtYWlsIjogInRlc3RAdGVzdC5jb20ifX0.1yJxoP-CLNWjs0305Y4_MUlxGM7GDgt97EGoqtIKJ3k

If you look at these tokens at http://jwt.io/ you'll see the first token had an iat claim of 1448038699 and the next was 1448038701.

Because this issue seems to be rather random, my suspicion leads me to believe it has to do with the timing and the iat claim, but I may be barking up the wrong tree.

It looks like this library uses different logic than the official python library when creating the iat claim, it appears firebase has since updated their logic. I've updated my local codebase to use their new code, but it didn't help.

Btw it seems others may have experienced this issue:

I've shot off an email to firebase support and they think it could be related to the iat claim as well but at this point I am seeking other opinions. Thanks!

Answer 1 · 2015-11-20T18:25:56.000Z

After inspecting the response.text, the message from firebase is:

{
  "error" : "Auth token is expired"
}

Answer 2 · 2015-11-20T19:16:36.000Z

Ok, I found that if I explicitly add an exp claim then this issue goes away.
claims['exp'] = timegm((datetime.datetime.utcnow() + datetime.timedelta(days=7)).utctimetuple())

However, there's no easy way to do this, I had to manually edit the firebase.py file. Is there a better way to add the exp claim?

Answer 3 · 2015-11-24T03:30:07.000Z

For anyone who is experiencing this issue, I was able to get it around it by going into the Login & Auth settings and changing the value to 24 hours.

Note: it was already set to 24 hours so I set it to 0 hours then back to 24. That must've triggered something.

In addition, you may also come across this if the forge rules simulator isn't working. I was experiencing an issue when trying to simulate rules, it would quickly run the simulator but then reset the text back to the default 'Enter a path to read and then press...'. It never displayed the actual result.

Looking in the dev console I saw the following log statements:

FIREBASE WARNING: auth() was canceled: Auth token is expired.
FIREBASE WARNING: set at / failed: permission_denied