Ren*_*oyo 10 rest firebase postman firebase-realtime-database
我正在尝试使用邮递员对firebase进行REST API调用.当我的安全规则允许所有用户包括未经授权的用户时,我已设法从firebase读取.
但是当我使用这条规则时:
{"rules":{".read": "auth != null", ".write": "auth != null"}}
我得到了'错误':来自邮递员的"许可被拒绝".我为google的web oauth2.0客户端做了请求令牌,并获得了authorization_code令牌.
我试图在URL和标题中使用令牌,尝试使用GET和POST请求并仍然被拒绝.
请帮忙.提前致谢
Cod*_*ein 20
上面的答案对我不起作用.
对我有用的是什么
项目设置(左上角齿轮) - > 服务帐户(最右边的选项卡) - > 数据库秘密(左侧菜单) - >向下滚动,将鼠标悬停在bulltets上并单击Show
使用此作为授权密钥,即 .../mycollection.json?auth=HERE
对我来说它的工作方式如下:
HTTPS://your-database-url/users.json AUTH = YOUR_AUTH_KEY
你在哪里可以得到这个AUTH_KEY?
你从你的钥匙里拿到钥匙 Project Settings -> Database -> Secret Key
尝试这样的事情
https://your-database-url/users.json?auth=YOUR_AUTH_KEY
Respone是您的USERS节点的JSON
我创建了一个Postman预请求脚本,用于帮助创建身份验证:承载JWT.使用Firebase Auth测试API时,应该节省大量的复制粘贴.https://gist.github.com/moneal/af2d988a770c3957df11e3360af62635
发布时脚本的副本:
/**
* This script expects the global variables 'refresh_token' and 'firebase_api_key' to be set. 'firebase_api_key' can be found
* in the Firebase console under project settings then 'Web API Key'.
* 'refresh_token' as to be gathered from watching the network requests to https://securetoken.googleapis.com/v1/token from
* your Firebase app, look for the formdata values
*
* If all the data is found it makes a request to get a new token and sets a 'auth_jwt' environment variable and updates the
* global 'refresh_token'.
*
* Requests that need authentication should have a header with a key of 'Authentication' and value of '{{auth_jwt}}'
*
* Currently the nested assertions silently fail, I don't know why.
*/
pm.expect(pm.globals.has('refresh_token')).to.be.true;
pm.expect(pm.globals.has('firebase_api_key')).to.be.true;
var sdk = require('postman-collection'),
tokenRequest = new sdk.Request({
url: 'https://securetoken.googleapis.com/v1/token',
method: 'POST',
body: {
mode: 'urlencoded',
urlencoded: [{
type: 'text',
key: 'key',
value: pm.globals.get('firebase_api_key')
},
{
type: 'text',
key: 'grant_type',
value: 'refresh_token'
},
{
type: 'text',
key: 'refresh_token',
value: pm.globals.get('refresh_token')
},
]
}
});
pm.sendRequest(tokenRequest, function(err, response) {
pm.test('request for access token was ok', function() {
pm.expect(response).to.be.ok();
});
const json = response.json();
pm.expect(json).to.an('object');
pm.test('response json has needed properties', function() {
pm.expect(json).to.have.own.property('access_token');
pm.expect(json).to.have.own.property('token_type');
pm.expect(json).to.have.own.property('refresh_token');
const accessToken = json.access_token;
const tokenType = json.token_type;
const refreshToken = json.refresh_token;
pm.environment.set('auth_jwt', tokenType + ' ' + accessToken);
pm.globals.set('refresh_token', refreshToken);
});
});
| 归档时间: |
|
| 查看次数: |
30171 次 |
| 最近记录: |