Firebase - Unauthenticated request is not raising an exception

Question

Firebase - Unauthenticated request is not raising an exception

br-follow opened this issue 3 years ago · comments

When injecting the FirebaseClaims object, no exception is raised for an unauthenticated user. It looks like it should raise a 401 exception because auto_error is set to True.

Additionally, it is unclear how to test this via the Swagger UI. There does not appear to be any authentication UI, as there is with cogito.

Code:

async def get_current_user(settings: Settings = Depends(get_settings)):
    return FirebaseCurrentUser(project_id=settings.firebase_project_id)


@app.get("/protected")
async def protected(current_user: FirebaseClaims = Depends(get_current_user)):
    return f"Hello, {current_user.user_id}"

Vitalii Kulanov · Answer 1 · Tue Jan 18 2022 21:25:34 GMT+0800 (China Standard Time)

@br-allstreet ,

try to do something like this:

from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

async def get_current_user(
    settings: AppSettings = Depends(get_app_settings),
    http_auth: Optional[HTTPAuthorizationCredentials] = Depends(HTTPBearer(auto_error=False)),
) -> CognitoCurrentUser:
    current_user_auth = FirebaseCurrentUser(project_id=settings.firebase_project_id)
    return await current_user_auth(http_auth)

@app.get("/protected")
async def protected(current_user: FirebaseClaims = Depends(get_current_user)):
    return f"Hello, {current_user.user_id}"

I didn't check it, jsut a quick sketch...