[英]Permission denied with Firebase distribution android app using service account credentials mode
I'm trying to migrate from Fabric to Firebase since Fabric will not be available beyond March 31, 2020.我正在尝试从 Fabric 迁移到 Firebase,因为 Fabric 在 2020 年 3 月 31 日之后将不再可用。
I already have done the first steps: adding plugins and dependencies to gradle, adding analytics json file, even crash reporting, and all seems correct because I can see data in the Firebase console (analytics and crashes).我已经完成了第一步:将插件和依赖项添加到 gradle,添加分析 json 文件,甚至崩溃报告,一切似乎都是正确的,因为我可以在 Firebase 控制台中看到数据(分析和崩溃)。
But I'm not so lucky migrating the app distribution system from Beta+Fastlane to Firebase.但是,将应用程序分发系统从 Beta+Fastlane 迁移到 Firebase,我就没有那么幸运了。 I'm trying the option " Distribute Android apps to testers using Gradle ".
我正在尝试“使用 Gradle 将 Android 应用程序分发给测试人员”选项。 I've already added the plugin and the dependency and it is well added because I can run the gradle task
./gradlew appDistributionUploadMyVariant
.我已经添加了插件和依赖项,并且添加得很好,因为我可以运行 gradle 任务
./gradlew appDistributionUploadMyVariant
。
I'm getting the serviceCredentialsFile
from the Google Cloud Platform console for the user called firebase-adminsdk
(I think this name is given by the Firebase system) for the correct project.我正在从 Google Cloud Platform 控制台为名为
firebase-adminsdk
的用户获取serviceCredentialsFile
(我认为这个名称是由 Firebase 系统给出的)用于正确的项目。 The email of the user is something like this firebase-adminsdk-xxx@my_project.iam.gserviceaccount.com
, and it is the same as I can see in Firebase console -> Settings -> Service accounts -> Firebase Admin SDK . The email of the user is something like this
firebase-adminsdk-xxx@my_project.iam.gserviceaccount.com
, and it is the same as I can see in Firebase console -> Settings -> Service accounts -> Firebase Admin SDK .
I've downloaded the json file with the credentials and gradle can find it because if a put a wrong path-url intentionally for the file it logs a Service credentials file does not exist
.我已经下载了带有凭据的 json 文件,并且 gradle 可以找到它,因为如果故意为文件输入错误的路径 URL,它会记录
Service credentials file does not exist
。 The content of this file has the correct values for the client_email
and project_id
according to what I mentioned some lines above.根据我上面提到的几行,此文件的内容具有正确的
client_email
和project_id
值。
But I'm getting a 403 error.但我收到 403 错误。 I paste some of the info I get if I execute the task
./gradlew appDistributionUploadMyVariant --info
(I've hide some private information):如果我执行任务
./gradlew appDistributionUploadMyVariant --info
,我会粘贴一些我得到的信息(我已经隐藏了一些私人信息):
Task ':app:appDistributionUploadMyVariant' is not up-to-date because:
Task has not declared any outputs despite executing actions.
Found APK at /MyFolder/app/build/outputs/apk/qa/qaType/app-qa-qaType.apk.
Uploading APK to Firebase App Distribution...
Getting appId from output of google services plugin
-------------- REQUEST --------------
POST https://oauth2.googleapis.com/token
Accept-Encoding: gzip
User-Agent: Google-HTTP-Java-Client/1.28.0 (gzip)
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 808
curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'User-Agent: Google-HTTP-Java-Client/1.28.0 (gzip)' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -d '@-' -- 'https://oauth2.googleapis.com/token' << $$$
Total: 808 bytes
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1N(...)
-------------- RESPONSE --------------
HTTP/1.1 200 OK
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
Cache-Control: private
Server: scaffolding on HTTPServer2
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Vary: Referer
Vary: X-Origin
Vary: Origin
X-XSS-Protection: 0
Date: Fri, 22 Nov 2019 14:47:29 GMT
Content-Type: application/json; charset=utf-8
Total: 207 bytes
{
"access_token": "access_token_value",
"expires_in": 3600,
"token_type": "Bearer"
}
-------------- REQUEST --------------
GET https://firebaseappdistribution.googleapis.com/v1alpha/apps/appId
Accept-Encoding: gzip
Authorization: <Not Logged>
User-Agent: Firebase App Distro Client/1.2.0
x-app-distro-api-client-id: com.google.firebase
x-app-distro-api-client-type: gradle
x-app-distro-api-client-version: 1.2.0
curl -v --compressed -H 'Accept-Encoding: gzip' -H 'Authorization: <Not Logged>' -H 'User-Agent: Firebase App Distro Client/1.2.0' -H 'x-app-distro-api-client-id: com.google.firebase' -H 'x-app-distro-api-client-type: gradle' -H 'x-app-distro-api-client-version: 1.2.0' -- 'https://firebaseappdistribution.googleapis.com/v1alpha/apps/appId'
-------------- RESPONSE --------------
HTTP/1.1 403 Forbidden
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
Cache-Control: private
Server: ESF
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Vary: Referer
Vary: X-Origin
Vary: Origin
X-XSS-Protection: 0
Date: Fri, 22 Nov 2019 14:47:30 GMT
Content-Type: application/json; charset=UTF-8
Total: 126 bytes
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
:app:appDistributionUploadMyVariant (Thread[Daemon worker Thread 8,5,main]) completed. Took 1.552 secs.
AAPT2 aapt2-3.4.1-5326820-osx Daemon #0: shutdown
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':app:appDistributionUploadMyVariant'.
> App Distribution failed to fetch app information: [403] The caller does not have permission
I've also tried to pass the appId
value from the gradle file with the same result.我还尝试从 gradle 文件中传递
appId
值,结果相同。
Any idea?任何想法?
Error “[403] The caller does not have permission.”错误“[403] 调用者没有权限。” is caused by a permission issue.
是由权限问题引起的。
Can you try to follow this on how to create service account and where to download the json, to see if it works?你能试着按照这个来了解如何创建服务帐户以及在哪里下载 json,看看它是否有效?
You are also welcome to reach out to firebase support with more info.也欢迎您与firebase 支持联系以获取更多信息。 :)
:)
Please try running请尝试运行
firebase logout
and then login again (or use a token).然后再次登录(或使用令牌)。
I had the same issue and followed all the other steps mentioned above to no success.我遇到了同样的问题,并且按照上面提到的所有其他步骤都没有成功。 However when I ran the
firebase appdistribution:distribute --debug foo
with the debug flag I noticed I was still logged in to another firebase instance, which seemed to cause the problem.但是,当我使用调试标志运行
firebase appdistribution:distribute --debug foo
时,我注意到我仍然登录到另一个 firebase 实例,这似乎导致了问题。
The role for the service account would be: "Firebase App Distribution Admin SDK Service Agent":服务帐户的角色是:“Firebase App Distribution Admin SDK 服务代理”:
Read and write access to Firebase App Distribution with the Admin SDK
管理员对 Firebase 应用程序分发的读写访问权限 SDK
or as individual permissions .或作为个人权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.