Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to create Firestore client when user is authorized

See original GitHub issue

I cannot create a client for firebase when using an authorized HTTP client. The problem does not occur when I am anonymous.

Environment details

OS: Mac OS
Python version: Python 3.6.8 (v3.6.8:3c6b436a57, Dec 24 2018, 02:04:31) [GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57)] on darwin
pip version: pip 19.0.3
google-api-python-client version: google-api-python-client==1.7.10

Steps to reproduce

When I ran following code

import google_auth_httplib2

from googleapiclient import discovery
import httplib2

import google.oauth2.service_account

key_path='files/gcp/keys/sa.json'

credentials = google.oauth2.service_account.Credentials.from_service_account_file(key_path, scopes=[
    "https://www.googleapis.com/auth/cloud-platform",
])

http = httplib2.Http()
authed_http = google_auth_httplib2.AuthorizedHttp(credentials, http=http)

print("Non authorized client: ")
try:
    print(discovery.build("firestore", "v1"))
except:
    print("Unable to create client")

print("Authorized client: ")
try:
    print(discovery.build("firestore", "v1", http=authed_http))
except Exception as e:

    print("Unable to create client")

I got folllowing message;

Non authorized client:
<googleapiclient.discovery.Resource object at 0x10c8dc390>
Authorized client:
Unable to create client
<HttpError 400 when requesting https://www.googleapis.com/discovery/v1/apis/firestore/v1/rest returned "Request contains an invalid argument.">

I am currently using the following hack, which allows me to build a client that works properly and uses authorization.

print("Hack:")
try:
    non_authorized_conn = discovery.build("firestore", "v1", cache_discovery=False)
    client = discovery.build_from_document(
        non_authorized_conn._rootDesc,  # pylint: disable=protected-access
        http=authed_http
    )
    print(client)
except Exception as e:
    print("Unable to create client")

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:10 (9 by maintainers)

Top GitHub Comments

1reaction

busunkim96commented, Oct 14, 2020

I think this is a discovery bug. Googlers, see internal issue 170905603.

Summary:

The firestore discovery docs cannot be retrieved when there the GET request has extra headers. This occurs for all the versions of firestore (v1, v1beta1, v1beta2) using both the v1 and v2 style discovery URIs.

$ curl -H "authorization: Bearer foo"  https://firestore.googleapis.com/\$discovery/rest?version=v1
{
  "error": {
    "code": 400,
    "message": "Request contains an invalid argument.",
    "status": "INVALID_ARGUMENT"
  }
}
$ curl -H "authorization: Bearer foo"  https://www.googleapis.com/discovery/v1/apis/firestore/v1/rest
{
  "error": {
    "code": 400,
    "message": "Request contains an invalid argument.",
    "status": "INVALID_ARGUMENT"
  }
}

This does not seem to cause an issue for other APIs.

$ curl -H "authorization: Bearer foo"  https://datastore.googleapis.com/\$discovery/rest?version=v1
...
$ curl -H "authorization: Bearer foo"  https://www.googleapis.com/discovery/v1/apis/datastore/v1/rest
...

1reaction

mik-lajcommented, Mar 21, 2020

Here is ticket about lack of documentation for FirestoreAdminClient; https://github.com/googleapis/python-firestore/issues/30

Top Results From Across the Web

Get started with Cloud Firestore Security Rules - Firebase

Note: The server client libraries bypass all Cloud Firestore Security Rules and instead authenticate through Google Application Default Credentials. If you are ...

Creating a Firestore client

import ( "context" ; // Option 1: Initialize a Firestore client with a specific `projectId` and // authorization credential. FirestoreOptions ; use Google...

Could not load the default credentials (Firebase function to ...

Then go to firebase console and go to project setting, where you can find Service Accounts option. Click there and you will see...

How to fix Firestore Error: PERMISSION_DENIED

A class of exceptions thrown by Cloud Firestore. · public static final FirebaseFirestoreException. · The caller does not have permission to ...

Using OAuth 2.0 for Server to Server Applications

Decode the JWT claim set and verify the key that signed the assertion is associated with the service account. Try to use a...