For example if I executed code like this:
Firebase.auth.signInWithEmailAndPassword(email, password)
.addOnCompleteListener { task -> signInCompletedTask(task) }
I would like to see what http request (and with what headers) is actually sent to Firebase backend.
What I tried:
To find anything useful in logs, but I didn't see any information about this.
To run application with debugger, but inside FirebaseAuth.class everything went so complicated that I still couldn't figure out where is the actual http request made.
I tried to look for a source code for com.google.firebase.auth.FirebaseAuth.java, I found this https://github.com/firebase/firebase-admin-java/blob/master/src/main/java/com/google/firebase/auth/FirebaseAuth.java but this class seems wrong, it doesn't even have signInWithEmailAndPassword(..) method
In firebase doc I find this link https://firebase.google.com/docs/reference/rest/auth#section-sign-in-email-password, but I'm not sure is this the same thing or not.
So bottom line, how can I debug what data is moving between my android application and Firebase backend?
firebaser here
The source code you looked at is for the Admin SDK for Java backends, which doesn't have a way to sign in, but has lots of other useful calls for administrative/backend functionality.
For the Firebase Authentication Android SDK the code is in this repo firebase-android-sdk, but you'll find that the Authentication SDK is not in there (yet). If I recall correctly it was too entangled with Play to release it.
The Authentication SDK makes calls to the REST API though, and those endpoints are all documented here, like the API to sign in with email+password.
Related
I need to connect my Android application with Facebook Analytics, using custom events.
I followed official documentation on https://developers.facebook.com/docs/analytics/
Added facebook SDK into the project:
implementation 'com.facebook.android:facebook-android-sdk:5.15.3'
Generated all the necessary hashes, put everything necessary in the Manifest, all good.
App was built and launched, however, events were never showing up in the Analytics Console.
After hours and hours of debugging, I've found the problem.
Inside Facebook SDK library code, when postRequest to server is created, it has (among others) parameter called "extInfo". This parameter should contain json array with strings, in certain order.
Now, that's how Facebook SDK postRequest looks, when sent from the application:
As you can see, extinfo json array is all contaminated with backslashes. When I replicated this request manually in Postman, server returned error:
"message": "(#100) Field extinfo must be a valid json object with string keys"
So, in Postman, I modified extinfo parameter - cleaned it out of backslashes:
Result from server in this case is: "success": true. Events started appearing inside Analytics Dashboard.
Wonderful. But.
How to send events with the help of Facebook SDK, considering this bug? Is there sdk version where this bug doesn't appear? Is there a way to tune sdk so that it doesn't send extinfo at least?
Any other possible solution, except for sending requests without help of Facebook SDK (that's a whole load to write, besides, if they change request structure, code has to be re-written)?
I haven't found metions of this bug anywhere in the Internet. If there is, please share a link. Thank you.
Edit: tried with implementation 'com.facebook.android:facebook-core:7.1.0' too. No luck.
I've found the solution. In my case, problem was inside the project and had nothing to do with Facebook SDK.
Previous developer created validation for hosts that application can use:
HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory)
val verify = fun(ip: String, _: SSLSession): Boolean {
println(ip)
return ip.contains("crashlytics", true) ||
ip.contains("firebase", true) ||
ip.contains("maps.googleapis.com", true) ||
ip.contains("facebook.com", true)
}
HttpsURLConnection.setDefaultHostnameVerifier(verify)
Once I added facebook.com in the list, error was gone. However, I still don't understand why in the log "extinfo" parameter was generated with backslashes.
I am building an App API in Lumen, and I am a bit confused about how to lock down what/who can make requests to it.
At present I have no way of authenticating requests from the app, so anyone who knows the link could make requests from a browser and potentially cause havok. I know in the .env file there is an appkey variable which is currently empty, and after some research I can't seem to find a clear answer on what it actually does and if I need it.
So basically:
If request comes from my app, proceed.
If it comes from anything else, stop it.
That is what I am looking for.
I am using Ionic $http to make the requests.
Any help would be great
App Key is used for encryption which you can read at https://laravel.com/
use below command to generate key
php artisan key:generate
For more info on lumen auth check below github, Lumen 5.3 token auth
github link for lumen token auth
I am building a nest client. I started from the nestDK provided by Nest. I changed the code to use the "pin" authentication method. I successfully retrieve an "access token" using the nest pin workflow.
I updated the nestDK dependency on firebase to the latest version (available from the firebase website). I noticed that the Firebase.auth method was deprecated so I created my own authentication method. I use:
mFirebaseRef.authWithCustomToken(token, authHandler)
I get the following logs:
android logcat output (pastebin)
And that just goes on and on in a loop. Can someone help me understand what this means and how to rectify it?
I found that I was sitting behind some kind of firewall from my university. I connected my phone to another WiFi router without a firewall and the connection to the nest firebase worked fine.
I try to use Google oauth to authenticate users on my android app.
Then I would like to send it to my app server so it can connect at any time with Google calendar.
I tried to use
GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);
Following this article:
https://developers.google.com/accounts/docs/CrossClientAuth
When I use it with scope
mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I get a token, which is valid for an hour
But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using
mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I receive either "invalid_scope" or "Unknown" exceptions.
What am I doing wrong?
EDIT:
OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token. When tying to resolve server gets an error about the redirection URL.
BTW, When I do the web flow with same parameters it works.
OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. A few things you have to know to work with Android and offline token
When you create google Client ID Don't create a service application before you create a web application
Must include https://www.googleapis.com/auth/plus.login in your scope
The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console.
That scope string is only documented to work when passed to GoogleAuthUtil(), see http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html, on Android. But it would be cool if it worked on iOS too; our infrastructure there is a little behind where we’re at on Android.
I have had the same issue then i realised that my app is not published and is in debug mode, so i had to add test users to the Google project -> Consent Screen, then i was able to fetch the token for the added test user.
You just need to follow the correct steps/format for specifying the scopes. Find them here https://developers.google.com/android/guides/http-auth#SpecifyingScopes
I am working on an application in which I had to make a new project from existing code. The parent project contains Twitter support classes and Twitter is working fine in that application. But in the newly created project, the Twitter throws following error:
oauth.signpost.exception.OAuthNotAuthorizedException: Authorization failed (server replied
with a 401). This can happen if the consumer key was not correct or the signatures did not
match.
This is quite strange for me. Twitter does not work. However if i run the old snippet it works...Why not on the new one? when there is no difference between the Twitter implementation in the both projects. I have verified date/time on the devices..but that is not issue. Any help please..???
With what you have posted it is nearly impossible to help you. i can just provide some help:
First check the keys (secret and id) you got from twitter.
Check your permissions (probably have this right since it is a response from twitter)
Then check if your Auth process is going ok. that is if the Request is signed right,
then check the auth callback, if it was processed correctly (how does your implementation return the oauth token?).