问题
Final Goal: my company will start use Firestore to update transaction status to our Mobile Application and Angular 9 frontend.
Immediate challenge: learn how use Custom Token.
Current issue: I get this erro although it is owner:
"error": {
"code": 403,
"message": "Missing or insufficient permissions.",
"status": "PERMISSION_DENIED"
}
I can't understand why getting PERMISSION_DENIED if the idToken is related to the Collection Owner.
IAM Admin showing the user is owner:
Steps to reproduce:
1 - I succesfully can get a Custom Token from this code published to https://us-central1-firetestjimis.cloudfunctions.net/getCustomToken
import * as functions from 'firebase-functions';
import * as admin from "firebase-admin";
export const getCustomToken = functions.https.onRequest((request, response) => {
if (admin.apps.length < 1) { //Checks if app already initialized
admin.initializeApp();
}
const uid = "User UID copied from https://console.firebase.google.com/project/firetestjimis/authentication/users";
admin.auth().createCustomToken(uid)
.then(function (customToken) {
console.log(customToken.toString);
response.send(customToken);
})
.catch(function (error) {
console.log("Error creating custom token:", error);
});
});
2 - I can successfully post this Custom Token to https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken and get back idTken like
{
"kind": "identitytoolkit#VerifyCustomTokenResponse",
"idToken": "eyJhbGciOiJSUzI1NiI ... .... aMorw",
"refreshToken": "AE0u-Ney9OJ04Z3xA7ACsmI1S637hXeuCTEdaEU9cxhhPnlwh-9q0X7QpSxVRIYdTdrTgXUbS9Q6yUdAWVeXzhGMiLLLHtwSWSoVSWnZs3Gp1Sb050tThNPQiSsSss8GkCigft3PTBkY4nIbRy3A5dA8FHCLbMYQSfKYqvu8To76UyMVCYONJOM",
"expiresIn": "3600",
"isNewUser": false
}
8 - Now I want to post a simple document to Firestore collection throw
curl --location --request POST 'https://firestore.googleapis.com/v1/projects/firetestjimis/databases/(default)/documents/transfer' \
--header 'Authorization: Bearer eyJhbGc ... ... iNaMorw' \
--header 'Content-Type: application/json' \
--data-raw '{
"fields": {
"id": {
"stringValue": "1"
},
"status": {
"stringValue": "fracasso"
}
}
}'
and I get the error mentioned above.
IN case it is relevant, here is the collection manually created:
*** edit
Rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if false;
allow update, write: if request.auth.uid != null;
}
}
}
Desire:
Anyone can read but only post with valid idToken resulted from custom token can create and update.
来源:https://stackoverflow.com/questions/61345129/missing-or-insufficient-permissions-during-post-a-document-to-firestore-using-cu