After following the docs here, I am getting the below error. This error does not make sense as I am using the exact same access token creation process as I am for GIP tenant creation and it works just fine there.
Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential.
My body looks like this
def build_body(params)
{
:idToken => params[:id_token],
:tenantId => ::ENV.fetch("DEFAULT_SHARED_GIP_TENANT"),
:phoneEnrollmentInfo => {
:phoneNumber => params[:phone_number],
:recaptchaToken => params[:recaptcha_token]
}
}.to_json
end
My enroll call:
def enroll(body)
access_token = ::Actions::Gip::AccessToken.new.call.success
::Net::HTTP.post(
URI("https://identitytoolkit.googleapis.com/v2/accounts/mfaEnrollment:start"),
body,
{ :Authorization => "Bearer #{access_token}", "Content-Type" => "application/json" }
)
end
My access token action:
def fetch_token(json_string)
::Rails.cache.fetch("portal.gip.access_token", :expires_in => 55.minutes) do
scope = ["https://www.googleapis.com/auth/identitytoolkit", "https://www.googleapis.com/auth/cloud-platform"]
authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
:json_key_io => StringIO.new(json_string), # Service account creds
:scope => scope
)
token = authorizer.fetch_access_token!
token["access_token"]
end
end
The service account has the roles Firebase Admin, Identity Platform Admin, and Identity Toolkit Admin