Description
[REQUIRED] Step 2: Describe your environment
- Android Studio version: 2020.3.1 Patch 3
- Firebase Component: Auth
- Component version: 21.0.1
[REQUIRED] Step 3: Describe the problem
This is basically the same as #1385. Specifically, my case is using Apple ID Sign-In via FirebaseUI. Chrome opens up and displays this error message:
"{"error":{"code":403,"message":"Requests from this Android client application <empty> are blocked.","errors":[{"message":"Requests from this Android client application <empty> are blocked.","domain":"global","reason":"forbidden"}],"status":"PERMISSION_DENIED"}}"
I'm reopening this because 1) I don't think the other one should have been closed 2) I suggest a possible solution.
The issue happens when you set your Google Cloud API key restrictions for Android to only accept requests from Android apps with the correct package name and SHA-1.
My idea to fix it, though I could be totally off, is to have this __/auth/handler url use a browser based API key rather than the Android one. Then we could just whitelist our firebase app domain for the browser API key.
As an aside, I don't understand why this logic needs to even access Google Cloud.