I am using Firebase Admin SDK from my development machine (Node.js/Fastify). So I am trying to do something like this:
Initialize Firebase App 👇:
import * as firebaseAdmin from 'firebase-admin'
import { applicationDefault } from 'firebase-admin/app'
firebaseAdmin.initializeApp({
projectId: '<FIREBASE-PROJECT-ID>',
credential: applicationDefault(),
})
export default firebaseAdmin
Then when using my "firebaseAdmin" (for example👇):
import firebaseAdmin from '../../../firebase-admin'
import { FastifyInstance, FastifyPluginAsync, FastifyReply, FastifyRequest } from 'fastify'
const myRoutes: FastifyPluginAsync<AppOptions> = async (fastify: FastifyInstance) => {
fastify.post<{ Body: { uid: string } }>(
`/token`,
async (request: FastifyRequest<{ Body: { uid: string } }>, reply: FastifyReply) => {
const { uid } = request.body
try {
const customToken = await firebaseAdmin.auth().createCustomToken(uid)
return reply.send({ token: customToken })
} catch (error: unknown) {
if (error instanceof Error) {
app.log.error('Error creating custom token:', {
name: error.name,
stack: error.stack,
message: error.message,
})
return reply
.code(500)
.send({ message: 'Failed to create token', error: error.message })
} else {
app.log.error('Unknown error creating custom token:', error)
return reply
.code(500)
.send({ message: 'Failed to create token', error: 'Unknown error' })
}
}
},
)
})
export default myRoutes
Allways getting this error:
Failed to determine service account. Make sure to initialize the SDK with a service account credential. Alternatively specify a service account with iam.serviceAccounts.signBlob permission. Original error: Error: Error while making request: getaddrinfo ENOTFOUND metadata. Error code: ENOTFOUND
I know I'm not using a service account; if I were, I would just do something like this (which works perfectly):
import * as firebaseAdmin from 'firebase-admin'
import { applicationDefault } from 'firebase-admin/app'
const serviceAccountPath = '/path/to/my/service-account.json'
firebaseAdmin.initializeApp({
credential: firebaseAdmin.credential.cert(serviceAccountPath),
})
export default firebaseAdmin
But, the thing is that I don't want to use a service account. I want to use the ADC ( Application Default Credentials ) from gcloud located at:
~/.config/gcloud/application_default_credentials.json
I'm trying to understand why these credentials don’t have access to Firebase Auth. How can I make it work? Is it even possible?
This is what I tried:
I installed the Firebase CLI and attempted to locate another default application credentials file, something like:
~/.config/firebase/application_default_credentials.json
I intended to use that file to set the GOOGLE_APPLICATION_CREDENTIALS
environment variable. However, I was not able to locate that file and I'm not even sure if it actually exists..
I granted permissions as Firebase Authentication Admin
, Editor
, Service Account Token Creator
and several others that I don't remember. It didn't work. It seems that it's not a permissions issue.
I just found this at Firebase docs 👇:
"When testing the Admin SDK locally with Google Application Default Credentials obtained by running gcloud auth application-default login, additional changes are needed to use Firebase Authentication due to the following:
- Firebase Authentication does not accept gcloud end user credentials generated using the gcloud OAuth client ID.
- Firebase Authentication requires the project ID to be provided on initialization for these type of end user credentials."
It seems that it's not possible to use Firebase Authentication with just the ADC from Google Cloud. Additional configuration might be required to make it work properly.