How to authenticate using Firebase with endpoints-proto-datastore?

Question

I've been trying to set up my EndpointsV2 backend (billing has been enabled) with Firebase authentication but am always ending up with either an error when I attempt to generate the OpenAPI spec or a 401 Unauthorized when accessing the API.

My current configuration is as follows (errors out on OpenAPI generation):

main.py:

firebase_issuer = endpoints.Issuer(
    issuer='https://securetoken.google.com/[GAE/FIREBASE_APP_ID]',
    jwks_uri=('https://www.googleapis.com/service_accounts/v1/metadata/x509/'
              '[email protected]'))
issuers = {
    "firebase": firebase_issuer
}

@endpoints.api("user", "v1", api_key_required=True,
               issuers=issuers)
class UserApi(remote.Service):

    @models.UserModel.query_method(
        user_required=True,
        path="info",
        name="user.info",
        http_method="GET")
    def info(self, query):
        return query.filter(
            models.UserModel.owner == endpoints.get_current_user())

Error on OpenAPI Gen:

$ python lib/endpoints/endpointscfg.py get_openapi_spec main.UserApi --hostname [SERVICE-NAME].endpoints.[GAE_APP_ID].appspot.com         
No handlers could be found for logger "endpoints.apiserving"                                                                          
Traceback (most recent call last):                                                                                                    
  File "lib/endpoints/endpointscfg.py", line 633, in <module>                                                                         
    main(sys.argv)                                                                                                                    
  File "lib/endpoints/endpointscfg.py", line 629, in main                                                                             
    args.callback(args)                                                                                                               
  File "lib/endpoints/endpointscfg.py", line 487, in _GenOpenApiSpecCallback                                                          
    application_path=args.application)                                                                                                
  File "lib/endpoints/endpointscfg.py", line 332, in _GenOpenApiSpec                                                                  
    application_path=application_path)                                                                                                
  File "lib/endpoints/endpointscfg.py", line 214, in GenApiConfig                                                                     
    services, hostname=hostname))                                                                                                     
  File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 973, in pretty_print_config_to_json
    descriptor = self.get_openapi_dict(services, hostname)                                                                            
  File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 959, in get_openapi_dict           
    return self.__api_openapi_descriptor(services, hostname=hostname)                                                                 
  File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 872, in __api_openapi_descriptor   
    security_definitions)                                                                                                             
  File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 691, in __method_descriptor        
    service.api_info.audiences, security_definitions)                                                                                 
  File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 722, in __x_security_descriptor    
    _INVALID_AUTH_ISSUER % default_auth_issuer)                                                                                       
api_exceptions.ApiConfigurationError: No auth issuer named google_id_token defined in this Endpoints API.

The error leads me to think that if I simply swap "firebase" for "google_id_token"in issuers that it may work but I have tried that and just gotten a 401.

I've also started to see this error in GAE Logging:

Cannot decode and verify the auth token. The backend will not be able to retrieve user info (/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/control/wsgi.py:588)
Traceback (most recent call last):
  File "/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/control/wsgi.py", line 585, in __call__
    service_name)
  File "/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/auth/tokens.py", line 83, in authenticate
    "allow provider id: " + provider_id)
UnauthenticatedException: The requested method does not allow provider id: google_id_token

The idToken I am sending with my testing (done through Postman using the header Authorization: Bearer [idToken]) was generated using pyrebase and I checked jwt.io to confirm that it is in fact a valid token.

My initial thought is that I haven't set up the audiences correctly, but I'm not sure what it should be (though I have tried appending a ClientID from API Manager > Credentials).

Is it possible to authenticate with firebase using endpoints-proto-datastore on the endpointsv2 framework? If so, what do I need to do differently to get that working? If not, would the code that I have work right away without using endpoints-proto-datastore?

Edit:

Looks like this is an issue with the endpoints library itself

https://github.com/cloudendpoints/endpoints-python/issues/32