-
Notifications
You must be signed in to change notification settings - Fork 929
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid-credential error for admin.auth calls #1371
Comments
@jaschaio that's actually the new intended behavior although clearly it should be explained better. @abeisgoat can comment. If you want to get the old behavior, try using |
@samtstern looks like this isn't that issue because he's already using @jaschaio thanks for the helpful bug report. I was able to reproduce this behavior, although strangely, I only got it to work once. After downgrading to I suspect this is because when calling One easy work around is to just create a dedicated service account in the Firebase console and provide the credential to |
@jaschaio while the error you got is not related to what I am about to say, it was actually protecting you from another more serious error. And fixing one will fix both, so let's just jump to that. Ok so when you run When you're running in Cloud Functions it finds a service account and everything is great. When you're running locally it finds the credential you probably set up with
So the way to solve this is to make sure you set So you'd do:
Note that this is specific to the Auth API. You'll notice that the Firestore API accepts these "user credentials" without any complains. Both APIs consider this situation "working as intended" and for now there is nothing we can do to work around it in the emulator. I hope that makes sense! |
I just came into this very same problem. So does this mean that, if you did Edit: For testing purposes, I installed gcloud and did Is there no other way to auth than to create this file? I fully understand your goal of isolating us from production, but in some situations we really want to test with live database... and dumping the service account credentials into a file is not always the best and safest approach. Kind of happens a similar thing with the config variables, that you have to hit |
@JFGHT Thanks for the thoughts - there's definitely some unintended behavior going on here, we want isolation by default but with the option to access production if you like. The authentication aspect of this is a hard problem worked on by many teams so it's made tougher because everyone needs to stay on the same page, but we're working on it :) In regards to creating and setting the default credential, there are other options (like supplying an environmental variable), but we're still in the process of communicating with folks to figure out what they recommend people to use so we know what to recommend you to use. We'll definitely smooth this out so we'll keep updating here as we figure out what we're doing. |
Hey @abeisgoat & @samtstern, thanks for your input. Exporting
Test Case is the same as above, but using It happens when using any firebase.admin.auth method that requires credentials. I can confirm that the service account works and the environment variable Should I open a new issue or keep this one? |
@jaschaio so to be clear you're getting issues with |
Yes. Try the test case above. It works with
|
To help narrow the search, |
I don't know if anyone else is dumb enough to try what I did, But I fixed this issue by going to the Firebase console and creating a Service account from there instead of creating a Service account from the GCP IAM & Admin area. Then I initialized the project with:
|
Downgrading my
Be sure you check you're on the right version. I had a funky setup not too long ago where 6.x was still creeping up after an update:
|
This seems fixed for me within |
@jaschaio yes that will work, however we want this to work with "application default" credentials so users don't have to think about service accounts in testing (just like you don't have to in production). |
@samtstern Any update on that issue? |
Using the following dependencies fixed it for me (with node 10)
|
It doesn't work for me. Still receive that error:
|
|
Tried this one and it worked. Was using |
This is still happening for me, and is pretty annoying. Everything else works with ADC (GCE, Firestore, GCS, etc.) but for some reason auth doesn't, and this is considered to be "working as intended". I can't always set |
Getting the Following Error when using
initializeApp()
within the functions emulator without a credentials file. This worked before onfirebase-tools@6.8.0
. Has this behaviour changed between6.8.0
and6.11.0
? If yes, why isn't it within the changelogs? The docs actually say now thatStill wondering why it wasn't necessary in
firebase-tools@6.8.0
Related issues
#1299 seems related, but I am using
firebase serve
instead offirebase emulators:start
Environment info
firebase-tools: 6.11.0
Platform: macOSX 10.14.5
Node: 10.15.3 (but ocurring with 8.14.0 as well)
firebase-functions: 2.3.1
firebase-admin: 8.0.0
Test case
A freshly generated firebase project using
firebase init
with functions. Installfirebase-admin@8.0.0
andfirebase-functions@2.3.1
. Make sure you are running the latestfirebase-tools@6.11.0
. Runnpm install --save grpc
to prevent #1341.Use Node
10.15.3
or8.14.0
and change thepackage.json
engines node to10
or8
respectively.Than edit the
functions/index.js
file copying and pasting the below:Steps to reproduce
Run
firebase serve
within the newly created project as described above. Than make a request to the exported/login
endpoint. The error will be thrown in the terminal console.Expected behavior
No error should be thrown. The emulator should automatically have sufficient credentials to use
firebaseAdmin.auth()
methods.Actual behavior
If I downgrade back to
firebase-tools@6.8.0
it works.The text was updated successfully, but these errors were encountered: