0

In a project I am provided with API endpoints from a Firebase DB.

To retrieve data I authenticate a user with email and password (https://firebase.google.com/docs/reference/rest/auth/#section-sign-in-email-password) and then sign every API call with the token. (These users are set up in Firebase DB)

Now one of the API endpoints returns Firebase Storage objects like this:

    "fileReferences": [
        {
            "id": "",
            "name": "images\/-s0m31D\/picture.jpg",
            "mediaLink": "https:\/\/www.googleapis.com\/download\/storage\/v1\/b\/BUCKET.appspot.com\/o\/images%2F-s0m31D%2Fpicture.jpg?generation=1537959346600572&alt=media",
            "selfLink": "https:\/\/www.googleapis.com\/storage\/v1\/b\/BUCKET.appspot.com\/o\/images%2F-s0m31D%2Fpicture.jpg",
            "updated": 1537959346,
            "size": 7759448
        }
    ],

  1. when I try to access fileReferences.0.mediaLink, I get an auth error.

  2. If I send my token along with the request to mediaLink I have no luck either (https://cloud.google.com/storage/docs/downloading-objects#download-object-json)

  3. I tried to use the Google API PHP client https://github.com/googleapis/google-api-php-client, but had no idea how I setup the new Google_Client() (I already have my auth token and I expected it to work somehow)

$client = new \Google_Client();
$client->setAccessToken(['access_token' => $token]);

How can I access the media files with my existing auth token? (or do I need a different one?)

To handle the files, I would like to use https://github.com/googleapis/google-api-php-client how can I make that work? Any hint is appreciated

Edit: I got some results in debugging the JavaScript SDK

"All" the SDK does is creating the following URL Schema

printf('https://firebasestorage.googleapis.com/v0/b/bucket.appspot.com/o/%s', urlencode('projects/-id/logo.png'));
//http[s]://firebasestorage.googleapis.com/<api-version>/b/<bucket>/o/<object-path>

You have to sign the call to https://firebasestorage.googleapis.com/v0/b/bucket.appspot.com/o/projects%2F-id%2Flogo.png with your Auth Bearer token header![1] This returns meta data like this:

{
  "name": "projects/-id/logo.png",
  "bucket": "bucket.appspot.com",
  "generation": "1537960188874518",
  "metageneration": "1",
  "contentType": "image/png",
  "timeCreated": "2018-09-26T11:09:48.874Z",
  "updated": "2018-09-26T11:09:48.874Z",
  "storageClass": "STANDARD",
  "size": "40437",
  "md5Hash": "MxkOU+6feyYtdEAgKbDgp5A==",
  "contentEncoding": "identity",
  "contentDisposition": "inline; filename*=utf-8''logo.png",
  "crc32c": "o89Y9dQ==",
  "etag": "CJae8pXE2N0CEAE=",
  "downloadTokens": "32c339ff9-7e4a-42a2-890a-428f8f45d378"
}

To publicly share your image, add ?alt=media&token=32c339ff9-7e4a-42a2-890a-428f8f45d378

https://firebasestorage.googleapis.com/v0/b/bucket.appspot.com/o/projects%2F-id%2Flogo.png?alt=media&token=32c339ff9-7e4a-42a2-890a-428f8f45d378

You don't need the token, if you send the Auth Header!

I couldn't find any mention of firebase or how to deal with my authentication in https://github.com/googleapis/google-api-php-client, so I have no idea if this would have helped me. But I got down to the basics...

Hope this helps somebody and any clearification is greatly appreciated.

QUESTION for me to better understand this all:

What are mediaLink and selfLink pointing to?

[1] if the access to storage is public you don't need to sign it.

marcus
  • 699
  • 11
  • 33
  • 1
    Have you seen https://github.com/kreait/firebase-php ? I'm the author of the library and believe it could be of help, as it has a wrapper around the storage and other Firebase components (https://firebase-php.readthedocs.io/en/stable/storage.html) – jeromegamez Feb 15 '19 at 22:39
  • Hey @jeromegamez thanks for leaving a comment. I know your library - but at the time I started the project it wasn't complete yet (storage and auth was missing I think) and - it's embarrassing to say, but my project still has to run on php 5.6. But for anybody else, yes, your library would be the way to go. Thanks for your work! – marcus Feb 17 '19 at 00:00
  • is there any example in using firebase storage of your library? Specifically for retrieving the download url on a storage object. The link you provided does not contain such information on how do I use it aside from instantiating it. It does not also seem to provide the functions under getStorage() specifically on how to get download url on storage files. Cheers! – Rin Minase Aug 12 '19 at 15:06
  • 1
    @RinMinase I have no example at hand right now, but see if my convoluted write up explains it a bit better: https://marcus-obst.de/blog/firebase-storage-and-firebase-auth#tldr and here is my solution how to use firebase auth with php https://stackoverflow.com/questions/51954047/firebase-auth-js-php/52119600#52119600 - hope that helps – marcus Aug 12 '19 at 18:43
  • When you mention the Auth Bearer Token - used to sign, which one do you mean? The "secureToken" returned after email/password login to Firebase ? Or do you get a different auth token ? – Metric Rat Oct 28 '20 at 09:27
  • @MetricRat yes, the secure token after you logged in/authenticated to the google service. (I don't completely understand how all the services work together under the hood :)) – marcus Oct 28 '20 at 14:03
  • @marcus, I have been doing the whole thing through the HTTP Web Component on App Inventor. The secureToken is not supposed to work, but it does ;) – Metric Rat Oct 28 '20 at 15:02

0 Answers0