Firebase-tools: How to add SHA certificate fingerprints in Android app with CLI ?

I don't think there's currently a way to do so. I'll leave this open as a feature request.

you can use the rest api from firebase https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.androidApps.sha

i already using it to add SHA certificates to my android apps, in my CI/CD environment

So i moved a little a bit further but i need some advice on how to name the new command.

My progress is that i implemented the list certificates by the command apps:sha:list

Any suggestions?

@xalikoutis oh nice! If you want to contribute some new commands to the SDK just propose your API here in a comment and then one of us will shepherd it through the internal API review process (we review every new API).

So i introduce the following commands
firebase apps:sha:list [appId] [options] for listing the related SHA certificates
firebase apps:sha:create [appId] [shaHash] [certType] [options] for adding a new SHA certificate

where
[appId] is the android appId
[shaHash] the sha hash d9:0d:d8:ba:f7:de:98:e8:57:83:d3:ca:16:2b:89:f7:80:e3:03:8b
[certType] SHA-1 or SHA-256
[options] the project id

I am not really sure about the naming of the commands and also if it would be better to move some arguments to options like[shaHash] [certType]

Also the above are implemented and fully functional in my fork

@xalikoutis When will your work will be merged into master

@xalikoutis nice! I will create an internal API proposal and see what people have to say.

Great waiting to hear some good news

I created the API proposal this morning, so expect some feedback within the next week! Thanks for your patience.

We should have a decision on this API on Monday the 13th, I've already gotten some good internal feedback which I am excited to share once it's approved!

@xalikoutis your API was approved with some minor modifications, here is the approved API surface:

# Global info
# appId - the Android appId
# shaHash - the SHA1 or SHA256 certificate hash
# shaId - the server-assigned certificate ID (get it from list)
# 
# example SHA1, 20 base64 pairs: 
#   C7:89:F5:06:A8:07:A1:22:EC:90:6E:A6:EC:C3:D4:8B:3A:30:AB:18
# example SHA256, 32 base64 pairs: 
#   05:C2:2A:35:EE:F2:51:23:72:4D:72:67:C5:6A:8A:58:22:2C:00:D6:DB:F6:(10 more pairs...)

# List the SHA certificate hashes for a given app id,
# or if no appId is listed show all for the project. 
firebase apps:android:sha:list [appId]

# Add a SHA certificate hash for a given app id
# Because SHA1 is 40 characters (base64) and SHA256 is 64 characters (base64) we can
# automatically determine the type from the input hash.
firebase apps:android:sha:create <appId> <shaHash>

# Delete a SHA certificate hash for a given app id
firebase apps:android:sha:delete <appId> <shaId>

Some notes:

• We decided apps:android:... was clearer since this action has no meaning for iOS or Web
• apps:android:sha:list with no arguments should list all the SHA hashes which you can do by calling this endpoint: /v1beta1/projects/{project_number}/androidApps/-/sha the magic - for app id gives you all results.
• SHA1 and SHA256 certificates are easy to tell apart by their length. Therefore we decided there should be no certType option and instead the CLI should just detect which type you're trying to add (or error if it can't tell)

Thanks so much for your patience, when you have a PR I will review it!

Oh and we recently updated our CONTRIBUTING guide so take a look:
https://github.com/firebase/firebase-tools/blob/master/CONTRIBUTING.md

@samtstern , when we can use this api in firebase-cli. And thank you for work.

@samtstern thanks for the great modifications, i ll prepare my PR this week

@xalikoutis have you prepared your PR for the update, if not can you please do as soon as possible I'm department on this new feature. Thank you

hope tomorrow i ll be ready for the pr. It is also for me crucial for a large scale flutter project i am working on

Hi @samtstern calling the following endpoint /v1beta1/projects/{project_number}/androidApps/-/sha in order to get all hashes in a project returns 400

Are you sure that is a valid call?

[error] Error: Failed to list Firebase app certificates. See firebase-debug.log for more info.
[debug] [2020-05-04T12:16:52.617Z] ----------------------------------------------------------------------
[debug] [2020-05-04T12:16:52.619Z] Command:       C:\Program Files\nodejs\node.exe C:\Users\gpapadak\AppData\Roaming\npm\node_modules\firebase-tools\lib\bin\firebase.js apps:android:sha:list --project learnworldsmobile
[debug] [2020-05-04T12:16:52.619Z] CLI Version:   8.2.0
[debug] [2020-05-04T12:16:52.619Z] Platform:      win32
[debug] [2020-05-04T12:16:52.619Z] Node Version:  v12.16.1
[debug] [2020-05-04T12:16:52.620Z] Time:          Mon May 04 2020 15:16:52 GMT+0300 (GMT+03:00)
[debug] [2020-05-04T12:16:52.620Z] ----------------------------------------------------------------------
[debug] [2020-05-04T12:16:52.620Z] 
[debug] [2020-05-04T12:16:52.625Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[debug] [2020-05-04T12:16:52.625Z] > authorizing via FIREBASE_TOKEN environment variable
[debug] [2020-05-04T12:16:52.630Z] > refreshing access token with scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[debug] [2020-05-04T12:16:52.630Z] >>> HTTP REQUEST POST https://www.googleapis.com/oauth2/v3/token  
 <request body omitted>
[debug] [2020-05-04T12:16:52.845Z] <<< HTTP RESPONSE 200 {"content-type":"application/json; charset=utf-8","vary":"X-Origin, Referer, Origin,Accept-Encoding","date":"Mon, 04 May 2020 12:16:54 GMT","server":"scaffolding on HTTPServer2","cache-control":"private","x-xss-protection":"0","x-frame-options":"SAMEORIGIN","x-content-type-options":"nosniff","alt-svc":"h3-Q050=\":443\"; ma=2592000,h3-Q049=\":443\"; ma=2592000,h3-Q048=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"","accept-ranges":"none","transfer-encoding":"chunked"}
[debug] [2020-05-04T12:16:52.847Z] >>> HTTP REQUEST GET https://firebase.googleapis.com/v1beta1/projects/learnworldsmobile/androidApps/-/sha  

[debug] [2020-05-04T12:16:53.102Z] <<< HTTP RESPONSE 400 {"vary":"X-Origin, Referer, Origin,Accept-Encoding","content-type":"application/json; charset=UTF-8","date":"Mon, 04 May 2020 12:16:55 GMT","server":"ESF","cache-control":"private","x-xss-protection":"0","x-frame-options":"SAMEORIGIN","x-content-type-options":"nosniff","alt-svc":"h3-Q050=\":443\"; ma=2592000,h3-Q049=\":443\"; ma=2592000,h3-Q048=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"","accept-ranges":"none","transfer-encoding":"chunked"}
[debug] [2020-05-04T12:16:53.103Z] <<< HTTP RESPONSE BODY {"error":{"code":400,"message":"Request contains an invalid argument.","status":"INVALID_ARGUMENT"}}
[debug] [2020-05-04T12:16:53.104Z] HTTP Error: 400, Request contains an invalid argument.
[debug] [2020-05-04T12:16:53.107Z] FirebaseError: HTTP Error: 400, Request contains an invalid argument.
    at module.exports (I:\_github\_contribute\firebase-tools\lib\responseToError.js:38:12)
    at Request._callback (I:\_github\_contribute\firebase-tools\lib\api.js:41:35)
    at Request.self.callback (I:\_github\_contribute\firebase-tools\node_modules\request\request.js:185:22)
    at Request.emit (events.js:311:20)
    at Request.EventEmitter.emit (domain.js:482:12)
    at Request.<anonymous> (I:\_github\_contribute\firebase-tools\node_modules\request\request.js:1161:10)
    at Request.emit (events.js:311:20)
    at Request.EventEmitter.emit (domain.js:482:12)
    at IncomingMessage.<anonymous> (I:\_github\_contribute\firebase-tools\node_modules\request\request.js:1083:12)
    at Object.onceWrapper (events.js:417:28)
    at IncomingMessage.emit (events.js:323:22)
    at IncomingMessage.EventEmitter.emit (domain.js:482:12)
    at endReadableNT (_stream_readable.js:1204:12)
    at processTicksAndRejections (internal/process/task_queues.js:84:21)
[error] 
[error] Error: Failed to list Firebase app certificates. See firebase-debug.log for more info.

@xalikoutis you're right I got the same result in the API explorer here:
https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.androidApps.sha/list

Let's proceed without the "list all" feature and I will ask someone internally about why this happens.

Fixed in #2202 and will be included in the next release!

@viveksinghmehta we have not published a new release of the CLI so this command is not released yet. Please be patient, this is the 4th time you have posted the same question on this issue and it is spamming other people who are interested in this feature.

When it will release please provide ETA.

This feature has been released in 8.3.0 thanks to @xalikoutis for the contribution and to everyone for the discussion!