I am able to log a user in okay with the Firebase Auth SDK implementation. However, it does seem that when the issued JWT expires, the user is logged out, and the automatic token refresh from the SDK fails.
The error I get is this:
{
"error": {
"code": 403,
"message": "Requests to this API securetoken.googleapis.com method google.identity.securetoken.v1.SecureToken.GrantToken are blocked.",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_SERVICE_BLOCKED",
"domain": "googleapis.com",
"metadata": {
"service": "securetoken.googleapis.com",
"consumer": "projects/621503541053"
}
}
]
}
}
I don't understand what permissions I might need to grant. The config and API key are from the Firebase console, generated for the Web App I registered there.
The documentation shows that this error is caused due to not having the right APIs enabled. According to this post Firebase authentication, the following needs to be enabled:
Requests to this API firebaseinstallations.googleapis.com method google.firebase.installations.v1.FirebaseInstallationsService.CreateInstallation are blocked.
If you enable restrictions for your API, go to Google Cloud Console -> Credentials, Edit API key -> API restrictions, and enable Firebase Installations API.
com.google.firebase.FirebaseException: An internal error has occurred. [Requests to this API identitytoolkit method google.cloud.identitytoolkit.v1.AuthenticationService.SignInWithIdp are blocked.]
Enable Identity Toolkit API to your API restrictions.
Requests to this API securetoken.googleapis.com method google.identity.securetoken.v1.SecureToken.GrantToken are blocked.
Enable Token Service API to your API restrictions.
Enabling the “Token Service API”, along with the “Identity Toolkit API” or “Anonymous Sign-in” should solve the error.