AUTH API REST Firebase Flutter vs POSTMAN-CodePudding

I have some issues with AUTH in Firebase using API REST and Android Flutter. In POSTMAN worked ok: https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=AIzaSyCg8LuhQvn_CFZlNDV0ySK420xxxxxxx-U... and I have this JSON.

{
    "kind": "identitytoolkit#VerifyPasswordResponse",
    "localId": "3GNFGIOFgBUT8BbV5n0vQxxxxxxx",
    "email": "[email protected]",
    "displayName": "",
    "idToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjM1MDM0MmIwMjU1MDAyYWI3NWUwNTM0YzU4MmVjYzY2Y2YwZTE3ZDIiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vZmx1dHRlci12YXJpb3MtYjg4NGEiLCJhdWQiOiJmbHV0dGVyLXZhcmlvcy1iODg0YSIsImF1dGhfdGltZSI6MTYzMzQ0NzQ2OSwidXNlcl9pZCI6IjNHTkZHSU9GZ0JVVDhCYlY1bjB2UXN1Q3d0RTMiLCJzdWIiOiIzR05GR0lPRmdCVVQ4QmJWNW4wdlFzdUN3dEUzIiwiaWF0IjoxNjMzNDQ3NDY5LCJleHAiOjE2MzM0NTEwNjksImVtYWlsIjoidGVzdEB0ZXN0LmNvbSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJlbWFpbCI6WyJ0ZXN0QHRlc3QuY29tIl19LCJzaWduX2luX3Byb3ZpZGVyIjoicGFzc3dvcmQifX0.GBDNfA7nzzJfK35rIf87fQhKtQFAPtyVltXQh0CcDzlbee-zvv-KEFAeNpS0LeQai3id2uJtY9QGEwssq0fYd_Jbob5F5E6ZLTqA7gVVShc7azP2Pu6xxCE6oWvTeW-kfeswNg1TUBGqP8jzlpLAhC__1HAI620s7bH6dqQJ2Ry2YDKUacZvBgFzJ-pMC7V7WcVYclzEEef5Q_c0l-duk8EJ1jhweo4YVJ4qma8WFxO-zWf_PbMLYytn2PjqDC4a9HIxsaiFQxXCwGxezYfBvpczS-c8_xYEp5LCFFI0dYwK4xWcNWgDCN46CjLQAH3uNewVuG97Hpe5O32mi9jM_Q",
    "registered": true,
    "refreshToken": "ACzBnCjCfLugjeNP92J7vqSwJp2jHyB68ztK_MoZBeSZPHzZ21RiH3S5u9hAdIa2E2qh0Z2FZE24b5J3bzTr0sVC9GCxFt-S-VRU4lk2lTpR8FeTcONDwx15IA9NFjr70n-8tG72IpvTNfuyUVyhiseI0xzpmyGv2kujA_gFI6n_P0PGQss3X6A15_582go7BNmCx12YDSEsLZR35YR4h6pQhClvRMvxPg",
    "expiresIn": "3600"
}

And with the 'idToken' and use it with https://flutter-varios-xxxxxxxxxxxxxxxx.firebaseio.com/product/.json?auth=[idToken] in POSTMAN worked ok.

In Flutter using http: ^0.13.4 (dependencies), I could sing-in and I have the JSON but the [idToken] is smaller (in byte size) than the POST with POSTMAN. The size of the idToken is 921 vs 678 (Flutter http.post), I don't know why:

login(String email, String password) async {
    final authData = {
      "email": email,
      "password": password,
      "returnSecureToke": true
    };
    final resp = await http.post(
        Uri.parse(
            'https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=$_firebaseToken'),
        body: json.encode(authData));
    Map<String, dynamic> decodeResp = json.decode(resp.body);

    //print('Decode Resp: ${decodeResp}');

    if (decodeResp.containsKey('idToken')) {
      print('ID Token: ${decodeResp['idToken']}');
      _prefs.token = decodeResp['idToken'];
      return {'ok': true, 'token': decodeResp['idToken']};
    } else {
      return {'ok': false, 'msj': decodeResp['error']['message']};
    }
  }

and with this [idToken] I use for make the URL https://flutter-varios-xxxxxxxxxxxxxxxx.firebaseio.com/product/.json?auth=eyJhbGciOiJSUzI1NiIsImtpZCI6InRCME0yQSJ9.eyJpc3MiOiJodHRwczovL2lkZW50aXR5dG9vbGtpdC5nb29nbGUuY29tLyIsImF1ZCI6ImZsdXR0ZXItdmFyaW9zLWI4ODRhIiwiaWF0IjoxNjMzNDQ3OTIxLCJleHAiOjE2MzQ2NTc1MjEsInVzZXJfaWQiOiIzR05GR0lPRmdCVVQ4QmJWNW4wdlFzdUN3dEUzIiwiZW1haWwiOiJ0ZXN0QHRlc3QuY29tIiwic2lnbl9pbl9wcm92aWRlciI6InBhc3N3b3JkIiwidmVyaWZpZWQiOmZhbHNlfQ.Vnfo6Mo7gI4DKpJXXNBVeKAQWiA4brnRrxpDJ3B_hb6AsdGkOA3qQXLKsyh3CkyPIoN-_mzodZfOXyBr-hIORORhZ4QBY1uRsXuzLUj0CaHO3xtOgXyO-n9vH4nU29QOKNVgay8wo5TsZi91dNeQrXHyQMUHAd9Z8vVM25uX6TB7n5rIVGX1Odo_c7gPcooX2wcCbfOuOGr4P1D01WkffqEOQCUQzSleezIIixbU95YSGi09cWQroDbIGSMUfIcnGRfEOjcwfKQZFYUetS7O1zQjqREYujAQMQ3YLXKPBEREeT-_O9XINhk_fB1YV1XGqoeSeDpn1IP5n_H1ez854A

In Firebase Realtime Database I use (without auth filter, all work ok of course)

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

So when uncorrect idToken I can't access to the DB. If you have any suggestion, please let me know and I will appreciate

CodePudding user response：

There is an error in your definition of the authData object: You have a key returnSecureToke (without n) instead of returnSecureToken.