I want to protect my API methods with user authentication. The best fit for Android app seemed to be a firebase authentication, which I'm using. Now, how do I call my API methods using retrofit or even curl with authenticated firebase user.
I've followed the example from here and added following API method:
@ApiMethod(
path = "firebase_user",
httpMethod = ApiMethod.HttpMethod.GET,
authenticators = {EspAuthenticator.class},
issuerAudiences = {@ApiIssuerAudience(name = "firebase", audiences = {PROJECT_ID})}
)
public Translation getUserEmailFirebase(User user) throws UnauthorizedException {
if (user == null) {
throw new UnauthorizedException("Invalid credentials");
}
return new Translation();
}
Now, how it should be called? I've tried
curl \
-H "Authorization: my-firebase-user-token-id" \
https://my-api-link.appspot.com/_ah/api/something/v1/firebase_user
but I receive
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Invalid credentials"
}
],
"code": 401,
"message": "Invalid credentials"
}
}
Using retrofit I had to add
@Header("Authorization") String token
to the api method param and in the code
"Bearer " + token
as a token.