I am experiencing a hard time with firebase-admin sdk and cloud run environment variables.
Everything works fine on localhost, but the warnings and error show up on cloud run.
The cloud run console shows an endless warning message every few seconds:
#firebase/database: FIREBASE WARNING: {"library":"PEM routines","function":"get_name","reason":"no start line","code":"ERR_OSSL_PEM_NO_START_LINE"}
In addition, an error is shown when I hit a page with server side rendering with firebase admin request to database.
"FirebaseAppError: Failed to parse private key: Error: Invalid PEM formatted message.
at new ServiceAccount (/app/node_modules/firebase-admin/lib/app/credential-internal.js:144:19)
at new ServiceAccountCredential (/app/node_modules/firebase-admin/lib/app/credential-internal.js:70:15)
at Object.cert (/app/node_modules/firebase-admin/lib/app/credential-factory.js:103:54)
at Object.355 (/app/.next/server/chunks/898.js:32:86)
at __webpack_require__ (/app/.next/server/webpack-runtime.js:25:42)
at Object.5175 (/app/.next/server/pages/user/order/[orderId].js:24:76)
at __webpack_require__ (/app/.next/server/webpack-runtime.js:25:42)
at __webpack_exec__ (/app/.next/server/pages/user/order/[orderId].js:350:39)"
I would like to solve both issues:
The warning message, which I presume it is related to the firebase admin private key;
How to properly insert the private key in the environment variable box.
After following the steps showed in the link below to get the private key structured like in the example:
https://park.is/blog_posts/20210118_add_a_multiline_env_variable_to_vercel/
-----BEGIN PRIVATE KEY-----
abcde
fghij
klmno
pqrs=
-----END PRIVATE KEY-----
I am now getting this new error showed bellow which I Presume it is still related to firebase admin private key.
I also tried to paste the private key just like it came from the downloaded .json file and other ways as well, but nothing seems to work.
Error: 16 UNAUTHENTICATED: Failed to retrieve auth metadata with error: error:0909006C:PEM routines:get_name:no start line at Object.callErrorFromStatus (/app/node_modules/#grpc/grpc-js/build/src/call.js:31:19) at Object.onReceiveStatus (/app/node_modules/#grpc/grpc-js/build/src/client.js:360:49) at Object.onReceiveStatus (/app/node_modules/#grpc/grpc-js/build/src/client-interceptors.js:328:181) at /app/node_modules/#grpc/grpc-js/build/src/call-stream.js:188:78 at processTicksAndRejections (node:internal/process/task_queues:78:11)
How to make it work?
I appreciate any help!
As mentioned by #ImBIOS in the similar thread, you have to escape \n in the private Key by Importing private key from .env using process.env.PRIVATE_KEY?.replace(/\\n/gm, "\n").
Related
I am writing a Slack integration that can boot certain users out of public channels when certain conditions are met. I have added several OAuth scopes to the bot token, including the following:
channels:history
channels:manage
channels:read
chat:write
chat:write.public
groups:write
im:write
mpim:write
users:read
I am writing my bot in Python using the slack-bolt library and asyncio. However when I try to invoke this code:
await app.client.conversations_kick(channel=channel_id, user=user_id)
I get the following error:
slack_sdk.errors.SlackApiError: The request to the Slack API failed. (url: https://www.slack.com/api/conversations.kick)
The server responded with: {'ok': False, 'error': 'channel_not_found'}
I know for a fact that both the channel_id and user_id arguments I'm passing in are valid. The channel ID I'm using is the string C01PAE3DB0A. I know it is valid because I can use the very same value for channel_id in the following API call:
response = await app.client.conversations_info(channel=channel_id)
And when I call conversations_info like that I get all of the information about my channel. (The same is true for calling users_info with the user_id - it returns successfully.) So why is that when I pass my valid channel_id parameter to conversations_kick I consistently receive this channel_not_found error? What am I missing?
So I got in touch directly with Slack support about this and they confirmed that there is a bug on their end. Specifically, the bug is that I should have received a restricted_action error response instead of a channel_not_found response. Apparently this is a known issue that is on their backlog.
The reason the API call would (try to) return this restricted_action error is simply because there is a workspace setting that, by default, prevents non-admins from kicking people out of public channels. Furthermore, this setting can only be changed by the workspace owner - one tier above admins.
But assuming you are the owner of the Slack workspace, you simply have to log into the Settings & Permissions page, which should look something like this:
And then you have to change the setting labeled "People who can remove members from public channels" from "Workspace admins and owners only (default)" to "Everyone, except guests."
Once I made that change, my API calls started succeeding.
I'm using Stripe to process payments in my iOS Swift app and Firebase Cloud Functions for the backend. I setup an example app using Stripe's Example project located here:
Stripe iOS Standard Integration
When I load the CheckoutView I get an Error 400 response. The issue I believe is with the backendURL that I set in CheckoutViewController (customized using the link to the example above):
// 2) Next, optionally, to have this demo save your user's payment details, head to
// https://github.com/stripe/example-ios-backend/tree/v13.0.3, click "Deploy to Heroku", and follow
// the instructions (don't worry, it's free). Replace nil on the line below with your
// Heroku URL (it looks like https://blazing-sunrise-1234.herokuapp.com ).
let backendBaseURL: String? = "https://us-central1-app-1253c.cloudfunctions.net/https-client-donateToUser"
I get the following messages in my Cloud Function logs:
Request has incorrect Content-Type. application/x-www-form-urlencoded
Invalid request IncomingMessage
Function execution took 498 ms, finished with status code: 400
I tried using the URL of the actual Firebase app (ex: appname123.firebaseapp.com) but that returns an Error 404 instead.
Any ideas for a solution would be greatly appreciated. Thank you.
EDIT:
Thanks to #psmvac I fixed the backend URL. However, I'm now getting error The data couldn't be read because it isn't in the correct format. I believe this is because I don't have a cloud function to accept ephemeral keys. This is what I have so far, what else does this need in order to match the iOS Stripe Example? I'm struggling to find any Cloud Function examples of this online.
export const ephemeral_keys = functions.https.onCall(async (data, context) => {
const stripe_version = data.api_version
stripe.ephemeralKeys.create(data.customer_id,stripe_version)
}
)
I am trying to issue an identity to a participant that already exists in the network.
return this.bizNetworkConnection.connect(this.cardname)
.then((result) => {
let email = 'user#gmail.com',
username = email.split('#')[0];
this.businessNetworkDefinition = result;
return this.bizNetworkConnection.issueIdentity('org.test.Person#user#gmail.com', username);
})
.then((result) => {
console.log(`userID = ${result.userID}`);
console.log(`userSecret = ${result.userSecret}`);
})
I expect that I will see the userID and the userSecret logged on the console but I am getting errors as described below.
Following the developer tutorial on their documents:
If I use the card name for PeerAdmin#hlfv1 on the connect function above, I get the error. "Error trying to ping. Error: Error trying to query business network. Error: Missing \"chaincodeId\" parameter in the proposal request"
If I use the card name for admin#tutorial-network on the connect function above, I get the error "fabric-ca request register failed with errors [[{\"code\":400,\"message\":\"Authorization failure\"}]]"
For option 1, I know the network name is missing in the given card, whie option 2 means that the admin has no rights to issue an identity. However, I cannot seem to find any documentation directing me on how to use either to achieve my objective. Any help is highly welcome.
While I have listed the javascript code I am using to achieve the same, I would not mind if anyone can explain what I am missing using the composer cli.
see https://hyperledger.github.io/composer/latest/managing/identity-issue.html
you would definitely use the admin#tutorial-network card, as PeerAdmin does not have authority to issue identities (admin does).
Did you already do: 1) a composer card import -f networkadmin.card (per the tutorial) ? 2) a composer network ping -c admin#tutorial-network to use the card (now in the card store) and thereby populate the admin's credentials (certificate/private key).
Only at that point would admin be recognised as the identity to issue further identities. Is it possible you spun up a new dockerized CA server at some stage since you did the import etc ?
What happens if you issue a test identity through the command line (using admin#tutorial-network? Does it fail)
Hi I am trying to save data in timeseries db but I am facing an error at timeseries ingest when I enter wss://gateway-predix-data-services.run.aws-usw02-pr.ice.predix.io/v1/stream/messages in websocket uri it shows an error like this when I click on open socket
The request failed with status code: 500
{
"error": "Error: unexpected server response (401)",
"url": "wss://gateway-predix-data-services.run.aws-usw02-pr.ice.predix.io/v1/stream/messages"
}
and see this screenshot once.
Thanks®ards
Eswar G
From the error log, it looks you got authorization error. Check if you are using correct predix-zone-id of the time-series instance in the request header or you have configured correct UAA instance in predix tool kit.
Have you updated your UAA client with timeseries authorities?
To inserting time series data with particular user or client need permission. For getting permission, you need to add authorities into your UAA client.
Following are the authorities for timeseries.
Experiencing a similar problem. I'm posting only one of several received error messages. I've cycled through combos of the following for uri and zone id:
uri:
wss://gateway-predix-data-services.run.aws-usw02-pr.ice.predix.io/v1/stream/messages
https://time-series-store-predix.run.aws-usw02-pr.ice.predix.io/v1/datapoints
zone-id:
44853a54-3ecd-4589-85da-b54f2fda7cce
and the zone id shown in the photo, with .ingest at the end.
so, 401 unauthorized.
Did you happen to re-create the timeseries or uaa? Perhaps they are not associated. Also, I'm assuming you did "login as client" in the top menu.
Might be a good idea to create a new timeseries tied to that uaa. Then use the new zoneId.
Did you add predix..ingest and predix..user to the scope and authorities section in uaa client in your predix.io account. Please check the client id to add permission for in websocketriver.config file.
I'm trying to run http://github.com/tardate/rails-authlogic-rpx-sample (only rails version was changed) but get error message http://gist.github.com/385696, when RPX returns information after successful authentication via Google Account. What is wrong here? And how I can fix it?
The code was successfully tested with rails 2.3.3 by its author: http://rails-authlogic-rpx-sample.heroku.com/
I run on Windows with cygwin and rails (2.3.5), rpx_now (0.6.20), authlogic_rpx (1.1.1).
Update
In several hours RPX rejected my app http://img96.imageshack.us/img96/2508/14128362.png
Update2
The same error message ( http://gist.github.com/386124) appears with http://github.com/grosser/rpx_now_example , but in this case RPX allows me to sign in (so far).
Solved
See below
Got error: Invalid parameter: apiKey (code: 1), HTTP status: 200
You have to first register your RPX app at http://www.RPXnow.com and set its name. You'll be assigned an API key which you should set in the config/environment.rb file:
RPX_API_KEY = ENV["RPX_API_KEY"]
RPX_APP_NAME = "your_app_name_here!"
Or: Read slide 35: http://www.slideshare.net/tardate/srbauthlogicrpx
You shouldn't have any constraints enforced at the database level.
The reason was trailing \r character in my API key. Apparently, non of the steps did key trimming and the exception was not processed in a good way.