search

abdolence / firestore-rs

Google Firestore for Rust based on gRPC API with Serde serializer
Apache License 2.0
109 stars 18 forks source link

Support for Firebase App Credentials #193

Open marcomayer opened 5 days ago

marcomayer commented 5 days ago

Maybe I just haven't found it yet but it looks like there's no way to use a firebase app config to authenticate with an API Key. So basically following these steps: https://firebase.google.com/docs/web/setup I do get out a config that looks like:

{
  apiKey: "some_api_key",
  authDomain: "test-project.firebaseapp.com",
  projectId: "test-project",
  storageBucket: "test-project.appspot.com",
  messagingSenderId: "123456",
  appId: "1:123456:web:123abc456"
};

But it seems like there's no way to authenticate using the apiKey. Would be great if this would be possible

abdolence commented 5 days ago

This is mostly coming from confusion between Firestore and Firebase. This crate works specifically on backend with Firestore (and gRPC protocol) which uses GCP service accounts, not API keys.

Firebase with API keys from your link is based for Web and works with another protocol and different functionality.

marcomayer commented 5 days ago

@abdolence thanks that makes some sense. I could get it to work using with_options_service_account_key_file and in Firebase exporting the admin SDK keys. But this isn't always an option.

abdolence commented 5 days ago

The most secure and recommend way is actually to leverage Google Workload Identity without any keys if your application deployed on GCP. Keys are usually needed if it is deployed somewhere else and there is no even support for Workload Identity Federation (for example, you can leverage it if you running something on GitHub actions).