Status

Table of Contents

Firebase Authentication Setup Guide

Problem Description

If you're seeing a 403 Forbidden error when trying to authenticate with Firebase, or the Firebase Auth REST API returns 404 errors, it means Firebase Authentication is not properly configured for your project.

Common Error Messages

  • POST https://securetoken.googleapis.com/v1/token?key=... 403 (Forbidden)
  • Firebase Auth REST API returned 404
  • The requested URL /v1/projects/development-454916/config was not found

Root Cause

The issue occurs because:
1. Firebase Authentication is not enabled for the project
2. The Identity Toolkit API is not enabled in Google Cloud Console
3. The API key doesn't have the necessary permissions

Step-by-Step Solution

Step 1: Enable Firebase Authentication

  1. Go to Firebase Console
  2. Select your project: development-454916
  3. In the left sidebar, click on Authentication
  4. Click Get started if you haven't set up Authentication yet
  5. Go to the Sign-in method tab
  6. Enable at least one sign-in provider (e.g., Email/Password, Google)

Step 2: Enable Identity Toolkit API

  1. Go to Google Cloud Console
  2. Select your project: development-454916
  3. Go to APIs & Services > Library
  4. Search for "Identity Toolkit API"
  5. Click on Identity Toolkit API
  6. Click Enable

Step 3: Configure API Key Permissions

  1. In Google Cloud Console, go to APIs & Services > Credentials
  2. Find your API key (starts with AIzaSyAT4d...)
  3. Click on the API key to edit it
  4. Under Application restrictions, select None (for development)
  5. Under API restrictions, make sure these APIs are enabled:
  6. Identity Toolkit API
  7. Firebase Authentication API
  8. Token Service API
  9. Click Save

Step 4: Verify Project Configuration

  1. Go to Firebase Console
  2. Select your project: development-454916
  3. Go to Project Settings (gear icon)
  4. In the General tab, verify:
  5. Project ID: development-454916
  6. Web API Key: AIzaSyAT4dLp6RSAGuCzM_r6Higep-RVHIgFEUI
  7. Make sure the project is linked to the correct Google Cloud project

Step 5: Test the Configuration

Run the test script to verify everything is working:

python scripts/test_firebase_auth.py

If you see "✅ Firebase authentication configuration tests passed!", the setup is correct.

Step 6: Restart the Application

After making these changes, restart your application:

docker compose down
docker compose up --build -d

Additional Troubleshooting

If you still see 403 errors:

  1. Check API Key Quotas: Go to Google Cloud Console > APIs & Services > Quotas
  2. Verify Project Billing: Make sure the project has billing enabled
  3. Check Service Account: Ensure the service account has the necessary permissions

If the project doesn't exist in Firebase:

  1. Go to Firebase Console
  2. Click Add project
  3. Select development-454916 from the dropdown (import existing Google Cloud project)
  4. Follow the setup wizard

For local development:

If you're running locally and don't want to use Secret Manager, you can set the Firebase API key directly:

# Create .env file
echo "FIREBASE_API_KEY=AIzaSyAT4dLp6RSAGuCzM_r6Higep-RVHIgFEUI" >> .env

# Restart the application
docker compose down
docker compose up --build -d

Testing Commands

# Check Firebase configuration
python scripts/debug_firebase_config.py

# Test Firebase authentication
python scripts/test_firebase_auth.py

# Check application logs
docker compose logs blueberry | grep -i firebase

# Test a simple API call
curl -X GET "http://localhost:8001/api/health/live"

Expected Results

After following these steps, you should see:
- No 403 Forbidden errors in the browser console
- Firebase authentication working properly
- Users able to sign in and access protected resources

Document ID: troubleshooting/firebase-auth-setup