I am getting (on Android):
com.google.firebase.firestore.FirebaseFirestoreException:
PERMISSION_DENIED: Missing or insufficient permissions
using these security rules:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
My app seems to be properly authenticated using FirebaseAuth, as the mFirebaseAuth.getCurrentUser().getUid() returns the proper user ID.
Is there something I am doing wrong?
Edit: just want to say that I managed to fix the issue by downgrading to 4.6.2. I have more details in this post
Pre-edit:
This is happening to me ever since I upgraded react native and I cannot for the life of me figure out the problem. I've debugged it and my user is definitely authenticated at the time of the request, I checked this by running the below and I have a uid in there
firebase.auth().currentUser
So the next thing I wanted to do was check the session in the actual request to see what was happening. I added a piece of code to the entry point of my react app
XMLHttpRequest = GLOBAL.originalXMLHttpRequest ?
GLOBAL.originalXMLHttpRequest :
GLOBAL.XMLHttpRequest
and when I run this code it magically works again. This is delegating requests through the browser though so probably not a true test.
So then I started up Charles and compared the requests for my new react-native build with my old [working] react-native build. The requests look the same to me though (apart from a different sessionId) so I have no idea. The frustrating thing is the lack of debug tools through the firestore console.
My gut is to say some of the auth headers are expired/cached and that it's not firestore. Banging my head against a table at this point
It seem it's a Firestore problem (in beta today), not in the client side.
I asked the Firebase support team directly since this issue was kind of critical for our service and I received the email below. It seems they fixed the bug now.
Please let me know if the issue happens again.
Hi there,
We have just confirmed with our engineers that this sporadic issue
with our Security Rules for Firestore was a known bug but was already
fixed today. Kindly test your security rules again and let us know if
you are still encountering the issue.
Regards, Kevin
Related
I want to create user at Mesibo but i am facing some issues :
Sorry, we can't find that page It seems the page you’re looking for doesn’t exist. Maybe you’re on the wrong track, maybe you found a broken link. Who knows?
Please anyone here to help related to these issues and also help to complete my this task and I am using following URL for creating a user at "Mesibo".
"https://mesibo.com/api/api.php?token=cn9cvk6gnm15e7lrjb2k7ggggax5h90n5x7dp4sam6kwitl2hmg4cmwabet4zgdw&op=useradd&appid=com.mesibo.demoapp&addr=18005550001"
token = Application Token
appid = Android or iOS app id (for example, com.mesibo.xxx). In case of web, just pass, ‘web’ as appid. Note that, for security reasons, the token generated for a particular appid will only be usable on app matching that appid.
addr = end point address, for example, a user phone number.
Thanks
Instead of "https://mesibo.com/api/api.php?..." use "https://api.mesibo.com/api.php?token=..."
anybody can explain if it's possible to attach a variable to the proguard crash reports??
I mean something like this:
java.lang.NullPointerException:
at es.com.myapp.dashboardActivity$askForUserBills.doInBackground (dashboardActivity.java) or .onPostExecute (dashboardActivity.java)
at es.com.myapp.dashboardActivity$askForUserBills.onPostExecute (dashboardActivity.java)
at android.os.AsyncTask.finish (AsyncTask.java:660))
**Application Variables: userID="967234112", myJsonObject=null << Something like this...**
In this example I requested "userID" and "myJsonObject"
It will be a great if it's possible, because you can check if your incoming data from a database in a specific user is corrupted, if X is malformed or null, etc...
Thanks all!
use Firebase Crashlyics instead. there you can report whenever you catch an Exception, instead of just logging to log-cat (currently only could find the Android documentation on fabric.io, which will soon be superseded by Firebase Crashlytics):
Crashlytics.log("Application Variables: userID="967234112", myJsonObject=null");
If you know you want to check something it is really easy. Instead of just relying on the code crashing, validate your input data to check if it is null. Then if it is you have a number of options:
use a service like Firebase Analytics to record the error
[not recommended] throw a more detailed exception with an error message
Crashes should only happen because of bugs in your code. You shouldn't be using them to record / trace input validation problems, as that really sucks for your users. Instead, write more robust code, and recover gracefully, while using a logging solution to find the bugs.
We are developing an app that should get data from the Moves app API.
When authorising our app on the mobile phone, we manage to do so successfully in the case in which we submit the PIN provided by the desktop link into the moves app:
https://api.moves-app.com/oauth/v1/authorize?response_type=code&client_id=<client_id>&scope=<scope>&state=<state>
In the case where I use the Mobile website / app link instead, this won't work:
moves://app/authorize?client_id=<client_id>&scope=activity%20location&state=<state>&redirect_uri=<redirect_uri>
Note: <redirect_uri>==encodeURIComponent("mymovesconnector:8081/callback").
The response we get from the Moves API is 400: {"error":"invalid_grant"}.
From the docs, it says that invalid_grant can happen if either:
the code in the request is not valid or
the code has expired (it’s valid for 5 minutes currently) or
the code has been revoked, because it was already used in an access token request (both successful and unsuccessful requests will revoke the code) or
you are missing the redirect_uri parameter when it’s required.
My checklist:
I guess this could have happened, but how/why should this code, provided over moves://, be different than the one provided through the https:// request? What control do I have over this?
not my case, since I'm using the code right away within less then a few seconds
if this might have happened, where could it happen other than through the redirect url?
I'm providing it always. It's always the same - also in the app settings on moves.
Can't figure out what I'm missing. Went through the docs many times, step by step. No success.
While writing down my question, I managed to figure out a solution to this problem.
The docs don't point out that response_type=code might also be used for the moves:// link. I tried to add this parameter, and it worked!
Note: this has been tested on a virtual android device only (Genymotion).
I have some applications that were transferred from another company to ours. We have had google move them to our Publisher Account. However I am trying to verify the Licensing and can only get Don't Allow with an error of 561.
I have done a lot of licensed apps and have checked permissions, PUBLIC_KEY, Test Accounts, to whole thing. I have checked versions, and tried testing the app signed and unsigned. No luck it always gives an error 561.
I cannot find anything about an error 561, does anyone know what this code means?
I assume you are referring to the Method void processServerResponse(int response, ResponseData rawData); in the interface com.google.android.vending.licensing.Policy
561 is the same as 0x231 which is definde in the interafce as NOT_LICENSED.
So there is an error with your license and you should check in the rawData to see why.
I was getting the same error, I spent a whole day to get rid of it. In my case, the problem was due to network security. I tried it with the different network (Personal hotspot network). It worked well.
This answer is maybe for anyone because it's late.
Make sure that you add the CHECK_LICENCE permission in the Manifest:
<uses-permission android:name="com.android.vending.CHECK_LICENSE" />
and make sure you upload the app to the store for testing.
I try since a few days to connect one of my android app to an oauth service. I have found a few really good articles like http://blog.doityourselfandroid.com/2011/04/12/oauth-android-google-apis-client-library-java/ or marakana.com/forums/android/examples/312.html but even with those papers I can't manage to make It work.
Well, here is my current code packaged in a tar archive : http://braindead.fr/oauth-warrior.tar.gz
So the problem is that each time I attempt to retrieve an access token I got an OAuthCommunicationException (respectively line 26 and 39 of OAUthTokenValidator.java) after user validation on oauth server and url callback.
I anybody know why signopost/oauth does not accept to make this last call I'll be really grateful :)
Sincerely, Daroth
this might be a bit late to answer, but still.. for folks still searching:
check your menu->settings->date/time, sometimes an emulator's timezone won't match the real timezone. thus, the server denies it. they usually have a 3-10 minute variance.
check your manifest for INTERNET permission ;)
another tip: not many elder wizards would unpack a tar from an unknown source.. you should use a pastebin service, or an open git/svn/hg repo.