无法通过HTTP/REST错误访问FireBase数据库403禁止访问

Question

用于服务器+ Xcode 8.1的Swift + Vapor框架

我正在尝试阅读Firebase实时数据库向我的数据库发出HTTP请求,但我得到了许可被拒绝.

以下是这些步骤:
1.使用从"console.developers.google.com"下载的密钥创建JWT签名
2.将POST请求发送到OAuth2服务器并获取访问令牌
3.将GET请求发送到firebase数据库,并从中接收访问令牌OAuth2服务器.

我得到"权限被拒绝",HTTP/1.1 403禁止

// the header of the JSON Web Token (first part of the JWT)
let headerJWT = ["alg":"RS256","typ":"JWT"]

// the claim set of the JSON Web Token
let jwtClaimSet =
  ["iss":"firebase-adminsdk-kxx5h@fir-30c9e.iam.gserviceaccount.com",
 "scope":"https://www.googleapis.com/auth/firebase.database", //is this the correct API to access firebase database?
 "aud":"https://www.googleapis.com/oauth2/v4/token",
 "exp": expDate,
 "iat": iatDate]


drop.get("access") { request in
var accesstoken = "ya29.ElqhA-....XXXX"

 let responseFirebase = try drop.client.get("https://fir- 30c9e.firebaseio.com/data/Users.json",
  headers: ["Authorization":"Bearer \(accesstoken)"], 
     query: [:])

print("FirebaseResponse_is \(responseFirebase)")
return "success"
}

Answer 1

TLDR; 尝试放入auth=<TOKEN>查询字符串而不是使用授权标头.

Firebase文档不清楚其工作原理.根据文档,有三种方法应该有效.

1. auth=<TOKEN>在查询字符串(链接)
2. access_token=<TOKEN>在查询字符串(链接)
3. Authorization: Bearer <TOKEN>在请求标题(链接)

我并不相信所有这三种方法确实有效.我在我的应用程序中使用方法1,所以我知道一个可以肯定.

Answer 2

该scope密钥缺失值https://www.googleapis.com/auth/userinfo.email

 let jwtClaimSet =
   ["iss":"firebase-adminsdk-kxx5h@fir-30c9e.iam.gserviceaccount.com",
 "scope": "https://www.googleapis.com/auth/firebase.database  
 https://www.googleapis.com/auth/userinfo.email", 
 "aud":"https://www.googleapis.com/oauth2/v4/token",
 "exp": expDate,
 "iat": iatDate]

我在这里浏览Google网上论坛找到了答案