I'm trying to convert from Legacy FCM messages to the V1 API. I'm using Elixir, so using the Pigeon OSS (v2) to provide the FCM interface, and have some improvements to that to use the Goth OSS to handle the OAUTH component.
I got the messaging set up with what I think I want the content to be, and am sending messages to Google, but I'm getting back 403 responses with SENDER_ID_MISMATCH in the ErrorCode and PERMISSION_DENIED in the status.
I'm using a service account file that I created with a firebase admin role, and I've tried a couple of others too. After seeing posts about the mismatch being between the app and the service account I checked and found that the app was using an incorrect google-services.json file, which I can't even find a record for. Interestingly, changing the file didn't affect the operation of the app against the old version of our software, so apparently it wasn't really in use. However changing the app to what, I think, matches the service account didn't help. I also had my test user (who knows how to build the Android app) log out of the updated app and back in, to make sure he got a new token, presumably created with the updated app/google-services.json. It's still not working.
The old services file showed an oauth_client, with an id and type. The new one doesn't have that. Do we need it? I think so, to make the Goth configuration work. We tried to figure out how to create it and there seems to be a lot of work, because apparently our apps (2) aren't in an organization, and to create one there seems to need the account owner (our CEO) to create a Cloud Identity and do a whole lot of other stuff that I can't even explain to him. Is that actually necessary? The old services file has the oauth_client ID and I don't think it was in an organization.
If you have any good ideas I'd love detailed steps to do this. I can create a new service account if needed, but what roles or other details do I need to add to it, and is there something I need to do to make sure it agrees with the google-services file?
The people who were the contacts for Google when the deprecation of the Legacy FCM API was announced didn't recognize the significance of the warning. I was trying to do something completely unrelated on June 17th which required accessed to our Google Cloud account, and I stopped to read emails, including the one warning us that we had three days left. So guess who got stuck fixing it???
I appreciate any detailed help you can give. Google's docs haven't been as helpful as I need.
HTTP v1 was introduced in 2017. After many years of supporting both APIs, Firebase announced in June 2023 that the legacy API will be removed after one year.
Apps using the deprecated FCM legacy APIs for HTTP and XMPP should migrate to the HTTP v1 API at the earliest opportunity. Sending messages (including upstream messages) with those APIs was deprecated on June 20, 2023, and shutdown begins on July 22, 2024.
Old process of sending push won't work now and you need to change it completely.
They have removed Authorisation key and endpoint url got changed too. Now create New Private Key
for server i.e (service-account-file.json
) and use that key to generate bearer token.
google-services.json
(403) PERMISSION_DENIED means you are Authenticated (your token is valid) , but you do not have Authorization to access the recourse in your URL.
This is due to conflict within your Firebase config when initializing the app. You might be trying to use an old projectId/senderId, however your remaining configuration are still pointing to your new project in Firebase.
A sender ID: set in the code of your app. Android Studio uses automatically the Sender ID of your Firebase Project. If you are still using GCM, you have probably set manually the sender ID in the code of your app. The sender ID identifies your app to Firebase Cloud Messaging when it asks for a token.
More info - https://help.batch.com/en/articles/2901688-how-to-fix-a-mismatch-between-your-push-tokens-and-your-sender-id
Caution: Sending messages (including upstream messages) with the FCM XMPP and HTTP legacy APIs was deprecated on June 20, 2023, and will be removed in June 2024. If you are using the legacy FCM send APIs, we strongly recommend that you migrate to the HTTP v1 API or consider using the Admin SDK to build send requests.
https://firebase.google.com/docs/cloud-messaging/server#choosing-a-server-option
https://firebase.google.com/docs/cloud-messaging/auth-server#node.js_2
Server side code :
URL url = new URL("https://www.googleapis.com/auth/firebase.messaging");
HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
httpURLConnection.setRequestProperty("Authorization", "Bearer " + getServiceAccountAccessToken());
httpURLConnection.setRequestProperty("Content-Type", "application/json; UTF-8");
return httpURLConnection;
More information for token generation can be found here :
How do I create an Access Token from Service Account Credentials using REST API?
They have covered almost all type of question you may have.