This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Getting confusing error for Identity Toolkit mfaEnrollment.start request

Posted on 07-18-2023 12:49 PM
matt_hadley
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

After following the docs here, I am getting the below error. This error does not make sense as I am using the exact same access token creation process as I am for GIP tenant creation and it works just fine there.

Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential.

My body looks like this

def build_body(params)
 {
    :idToken => params[:id_token],
    :tenantId => ::ENV.fetch("DEFAULT_SHARED_GIP_TENANT"),
    :phoneEnrollmentInfo => {
      :phoneNumber => params[:phone_number],
      :recaptchaToken => params[:recaptcha_token]
    }
 }.to_json
end

 My enroll call:

def enroll(body)
  access_token = ::Actions::Gip::AccessToken.new.call.success
  ::Net::HTTP.post(
    URI("https://identitytoolkit.googleapis.com/v2/accounts/mfaEnrollment:start"),
    body,
    { :Authorization => "Bearer #{access_token}", "Content-Type" => "application/json" }
  )
end

My access token action:

def fetch_token(json_string)
  ::Rails.cache.fetch("portal.gip.access_token", :expires_in => 55.minutes) do
    scope = ["https://www.googleapis.com/auth/identitytoolkit", "https://www.googleapis.com/auth/cloud-platform"]
    authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
      :json_key_io => StringIO.new(json_string), # Service account creds
      :scope => scope
    )
    token = authorizer.fetch_access_token!
    token["access_token"]
  end
end

The service account has the roles Firebase Admin, Identity Platform Admin, and Identity Toolkit Admin

1 1 1,305
1 REPLY 1