仅使用WEB API密钥的Firebase Cloud Firestore REST api身份验证? [英] Firebase Cloud Firestore REST api authentication with only WEB API key?

问题描述

我正尝试通过其REST API和curl在Firebase Cloud Firestore数据库中插入一条新记录.

I'm trying to insert a new record in a Firebase Cloud Firestore database via its REST API and curl.

由于该操作是公共的，因此按预期方式从数据库中进行读取.创建操作未在数据库规则中列出，它仅在服务器端执行，但是我无法仅使用项目API KEY来执行.

Reading from the database is working as expected since the operation is public. Create operation is not listed in the database rules and it is performed only server side, but I'm unable to do it using only the project API KEY.

以以下卷曲请求为例:

curl --header "Content-Type: application/json" \
    --request POST \
    --data '{"fields":{"myField": {"stringValue": "test"}}}' \
    https://firestore.googleapis.com/v1/projects/**MY_PROJECT**/databases/\(default\)/documents/**MY_COLLECTION**?key=**MY_KEY**

以上请求返回"403:缺少权限或权限不足".提供的api密钥是从Firebase项目的设置-> Web API密钥中获取的.

The above request returns "403: Missing or insufficient permissions.". The provided api key is fetched from the Firebase project's settings -> Web API key.

我是否缺少某些东西或仅通过API密钥无法进行身份验证?

Am I missing something or authentication via only API keys is not possible?

p.s.我忘了提到API密钥在GCP仪表板中不受限制.

p.s. I forgot to mention that the API KEY is unrestricted in the GCP dashboard.

推荐答案

Firestore REST API不支持传递API密钥.您会注意到，在文档中，没有提到一个键"参数.

The Firestore REST API doesn't support passing API keys. You'll notice that in the documentation, there is no mention of a "key" parameter.

如果要使用REST API执行经过身份验证的操作，则必须遵循

If you want to perform authenticated operations using the REST API, you'll have to follow the documentation on authentication and authorization. To summarize:

对于身份验证，Cloud Firestore REST API接受Firebase身份验证ID令牌或Google身份OAuth 2.0令牌.您提供的令牌会影响您请求的授权:

For authentication, the Cloud Firestore REST API accepts either a Firebase Authentication ID token or a Google Identity OAuth 2.0 token. The token you provide affects your request's authorization:

• 使用Firebase ID令牌对来自应用程序用户的请求进行身份验证.对于这些请求，Cloud Firestore使用云《 Firestore安全规则》，以确定请求是否得到授权.

• Use Firebase ID tokens to authenticate requests from your application's users. For these requests, Cloud Firestore uses Cloud Firestore Security Rules to determine if a request is authorized.

使用Google Identity OAuth 2.0令牌和服务帐户来验证来自您的应用程序的请求，例如对数据库管理.对于这些请求，Cloud Firestore使用云身份和访问管理(IAM)确定是否有请求被授权.

Use a Google Identity OAuth 2.0 token and a service account to authenticate requests from your application, such as requests for database administration. For these requests, Cloud Firestore uses Cloud Identity and Access Management (IAM) to determine if a request is authorized.

这篇关于仅使用WEB API密钥的Firebase Cloud Firestore REST api身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！