Google-api-php-client: All requests return PERMISSION DENIED

Created on 7 Dec 2017 · 3Comments · Source: googleapis/google-api-php-client

Hi,

This is PHP code. The authorization made with JSON from Service Account.

<?php 

require_once './vendor/autoload.php';

$client = new Google_Client();

$client->setAuthConfig('./XXXXX.json');
$client->addScope([
  Google_Service_Firestore::DATASTORE,
  Google_Service_Firestore::CLOUD_PLATFORM
]);

$client->authorize();
//print_r($client->fetchAccessTokenWithAssertion());

$base = '(default)';
$storage = 'XXXXX';
$store = new Google_Service_Firestore($client);

print '<pre>';
print_r($store->projects_databases_documents->batchGet('projects/' . $storage . '/databases/' . $base, new Google_Service_Firestore_BatchGetDocumentsRequest()));
//print_r(get_class_methods($store->projects_databases_documents));

This is the rules in my FireStore.

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write;
    }
  }
}

But I'm still getting an exception.

Google_Service_Exception: [{ "error": { "code": 403, "message": "Missing or insufficient permissions.", "errors": [ { "message": "Missing or insufficient permissions.", "domain": "global", "reason": "forbidden" } ], "status": "PERMISSION_DENIED" } } ] in C:\Users\206548059\Desktop\Programs\Php\htdocs\localhost.net.com\src\Google\Http\REST.php on line 118

1 | 0.2010 | 349776 | {main}( ) | ...\index.php:0
2 | 0.2370 | 1162624 | Google_Service_Firestore_Resource_ProjectsDatabasesDocuments->batchGet( ) | ...\index.php:21
3 | 0.2370 | 1163168 | Google_Service_Firestore_Resource_ProjectsDatabasesDocuments->call( ) | ...\ProjectsDatabasesDocuments.php:44
4 | 0.2440 | 1539752 | Google_Client->execute( ) | ...\Resource.php:232
5 | 0.2570 | 2215224 | Google_Http_REST::execute( ) | ...\Client.php:788
6 | 0.2570 | 2238856 | Google_Task_Runner->run( ) | ...\REST.php:58

Maybe somebody has an idea what is missed?

p2 question

Source

artemiusgreat

Most helpful comment

Probably not an issue.

I was an "editor" in FireStore, went to the page with a list of Service Accounts and created a new one for my project, looks like credentials of editor was not enough.

Then I went to FireStore Console >> Project Settings >> FireBase Admin SDK >> Generate New Private Key. This generated JSON credentials for Service Account created by "owner"

Now I'm getting response as shown above, so HTTP request works fine, just can't figure out why Response doesn't display all collections in my FireStore.

artemiusgreat on 7 Dec 2017

👍2

All 3 comments

If I comment line with setAuthConfig() I'm getting response with some empty object.

Google_Service_Firestore_BatchGetDocumentsResponse Object
(
    [foundType:protected] => Google_Service_Firestore_Document
    [foundDataType:protected] => 
    [missing] => 
    [readTime] => 
    [transaction] => 
    [internal_gapi_mappings:protected] => Array
        (
        )

    [modelData:protected] => Array
        (
        )

    [processed:protected] => Array
        (
        )
)

artemiusgreat on 7 Dec 2017

Probably not an issue.

I was an "editor" in FireStore, went to the page with a list of Service Accounts and created a new one for my project, looks like credentials of editor was not enough.

Then I went to FireStore Console >> Project Settings >> FireBase Admin SDK >> Generate New Private Key. This generated JSON credentials for Service Account created by "owner"

Now I'm getting response as shown above, so HTTP request works fine, just can't figure out why Response doesn't display all collections in my FireStore.

artemiusgreat on 7 Dec 2017

👍2

I don't know why neither batchGet nor getCollectionIds worked for me, but I managed to get list of documents for specific collection using get() method

$response = $store->projects_databases_documents->get($location . '/documents/dictionaries');

artemiusgreat on 8 Dec 2017

Was this page helpful?

0 / 5 - 0 ratings