node.jstypescriptfirebasefirebase-authenticationfastify

Firebase Authentication not working with ADC (Application Default Credentials)


I am using Firebase Admin SDK from my development machine (Node.js/Fastify). So I am trying to do something like this:

Initialize Firebase App 👇:

import * as firebaseAdmin from 'firebase-admin'
import { applicationDefault } from 'firebase-admin/app'

firebaseAdmin.initializeApp({
  projectId: '<FIREBASE-PROJECT-ID>',
  credential: applicationDefault(),
})

export default firebaseAdmin

Then when using my "firebaseAdmin" (for example👇):

import firebaseAdmin from '../../../firebase-admin'
import { FastifyInstance, FastifyPluginAsync, FastifyReply, FastifyRequest } from 'fastify'
  

const myRoutes: FastifyPluginAsync<AppOptions> = async (fastify: FastifyInstance) => {
  
fastify.post<{ Body: { uid: string } }>(
   `/token`,
    async (request: FastifyRequest<{ Body: { uid: string } }>, reply: FastifyReply) => {
      const { uid } = request.body

      try {
        const customToken = await firebaseAdmin.auth().createCustomToken(uid)
        return reply.send({ token: customToken })
      } catch (error: unknown) {
        if (error instanceof Error) {
          app.log.error('Error creating custom token:', {
            name: error.name,
            stack: error.stack,
            message: error.message,
          })
          return reply
            .code(500)
            .send({ message: 'Failed to create token', error: error.message })
        } else {
          app.log.error('Unknown error creating custom token:', error)
          return reply
            .code(500)
            .send({ message: 'Failed to create token', error: 'Unknown error' })
        }
      }
    },
  )
})

export default myRoutes

Allways getting this error:

Failed to determine service account. Make sure to initialize the SDK with a service account credential. Alternatively specify a service account with iam.serviceAccounts.signBlob permission. Original error: Error: Error while making request: getaddrinfo ENOTFOUND metadata. Error code: ENOTFOUND

I know I'm not using a service account; if I were, I would just do something like this (which works perfectly):

import * as firebaseAdmin from 'firebase-admin'
import { applicationDefault } from 'firebase-admin/app'

const serviceAccountPath = '/path/to/my/service-account.json'

firebaseAdmin.initializeApp({
    credential: firebaseAdmin.credential.cert(serviceAccountPath),
})

export default firebaseAdmin

But, the thing is that I don't want to use a service account. I want to use the ADC ( Application Default Credentials ) from gcloud located at:

~/.config/gcloud/application_default_credentials.json

I'm trying to understand why these credentials don’t have access to Firebase Auth. How can I make it work? Is it even possible?

This is what I tried:


Solution

  • I just found this at Firebase docs 👇:

    "When testing the Admin SDK locally with Google Application Default Credentials obtained by running gcloud auth application-default login, additional changes are needed to use Firebase Authentication due to the following:

    • Firebase Authentication does not accept gcloud end user credentials generated using the gcloud OAuth client ID.
    • Firebase Authentication requires the project ID to be provided on initialization for these type of end user credentials."

    It seems that it's not possible to use Firebase Authentication with just the ADC from Google Cloud. Additional configuration might be required to make it work properly.