Unable to authenticate using GOOGLE_APPLICATION_CREDENTIALS

p8952 commented 1 year ago

Environment

Operating System: MacOS Monterey (12.6.3)
Firebase SDK Version: 11.6.0
Firebase Product: Firestore
Node.js Version: v16.19.1
NPM Version: 8.19.3

Description

We're unable to authenticate using the GOOGLE_APPLICATION_CREDENTIALS environment variable, which worked previously.

This is possibly related to this depreciation, as I believe the last time we were able to successfully authenticate was prior to March 31st 2023.

// From: https://developers.google.com/identity/sign-in/web/sign-in

Warning: The support of Google Sign-In JavaScript platform library for Web is set to be [deprecated](https://developers.googleblog.com/2021/08/gsi-jsweb-deprecation.html) after March 31, 2023. The solutions in this guide are based on this library and therefore also deprecated.Warning: The support of Google Sign-In JavaScript platform library for Web is set to be [deprecated](https://developers.googleblog.com/2021/08/gsi-jsweb-deprecation.html) after March 31, 2023. The solutions in this guide are based on this library and therefore also deprecated.

The issue seems to not be limited to firebase-admin-node, as people are seeing the same error with firebase-tools.

Example Code

// Using the private key generated from:
// https://console.firebase.google.com/project/<FirebaseProjectId>/settings/serviceaccounts/adminsdk

process.env.GOOGLE_APPLICATION_CREDENTIALS =
  "./gcp-service-account-staging.json";

import Firebase from "firebase-admin";

Firebase.initializeApp();

Promise.resolve().then(() => {
  return Firebase.firestore()
    .collection("usersPublic")
    .get()
    .then((querySnapshot) => {
      querySnapshot.docs.forEach((documentSnapshot) => {
        console.log(documentSnapshot.id);
      });
    });
});

Error:

(The error persists even when generating a new private key, so I don't believe the error message stating ACCESS_TOKEN_EXPIRED is accurate)

{
  code: 16,
  details: 'Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.',
  metadata: Metadata {
    internalRepr: Map(3) {
      'google.rpc.errorinfo-bin' => [
        Buffer(125) [Uint8Array] [
           10,  20,  65,  67,  67,  69,  83,  83,  95,  84,  79,  75,
           69,  78,  95,  69,  88,  80,  73,  82,  69,  68,  18,  14,
          103, 111, 111, 103, 108, 101,  97, 112, 105, 115,  46,  99,
          111, 109,  26,  35,  10,   7, 115, 101, 114, 118, 105,  99,
          101,  18,  24, 102, 105, 114, 101, 115, 116, 111, 114, 101,
           46, 103, 111, 111, 103, 108, 101,  97, 112, 105, 115,  46,
           99, 111, 109,  26,  48,  10,   6, 109, 101, 116, 104, 111,
          100,  18,  38, 103, 111, 111, 103, 108, 101,  46, 102, 105,
          114, 101, 115, 116,
          ... 25 more items
        ]
      ],
      'grpc-status-details-bin' => [
        Buffer(385) [Uint8Array] [
            8,  16,  18, 208,   1,  82, 101, 113, 117, 101, 115, 116,
           32, 104,  97, 100,  32, 105, 110, 118,  97, 108, 105, 100,
           32,  97, 117, 116, 104, 101, 110, 116, 105,  99,  97, 116,
          105, 111, 110,  32,  99, 114, 101, 100, 101, 110, 116, 105,
           97, 108, 115,  46,  32,  69, 120, 112, 101,  99, 116, 101,
          100,  32,  79,  65, 117, 116, 104,  32,  50,  32,  97,  99,
           99, 101, 115, 115,  32, 116, 111, 107, 101, 110,  44,  32,
          108, 111, 103, 105, 110,  32,  99, 111, 111, 107, 105, 101,
           32, 111, 114,  32,
          ... 285 more items
        ]
      ],
      'www-authenticate' => [ 'Bearer realm="https://accounts.google.com/"' ]
    },
    options: {}
  },
  statusDetails: [
    ErrorInfo {
      metadata: {
        service: 'firestore.googleapis.com',
        method: 'google.firestore.v1.Firestore.RunQuery'
      },
      reason: 'ACCESS_TOKEN_EXPIRED',
      domain: 'googleapis.com'
    }
  ],
  reason: 'ACCESS_TOKEN_EXPIRED',
  domain: 'googleapis.com',
  errorInfoMetadata: {
    service: 'firestore.googleapis.com',
    method: 'google.firestore.v1.Firestore.RunQuery'
  }
}

google-oss-bot commented 1 year ago

I found a few problems with this issue:

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
This issue does not seem to follow the issue template. Make sure you provide all the required information.

SargentTech commented 1 year ago

I seem to be suffering from the same issue. The newest docs show that GOOGLE_APPLICATION_CREDENTIALS should be "/path/to/json-file/firebase-adminsdk-xxx-xxx.json" and that the following should work to connect to the admin SDK:

const { initializeApp, applicationDefault } = require("firebase-admin/app");
initializeApp({
        credential: applicationDefault(),
        projectId: process.env.GCLOUD_PROJECT,
        databaseURL: process.env.REALTIME_DB_URL
      });

But this gives the error:

Error: Failed to read credentials from file /path/to/json-file/firebase-adminsdk-xxx-xxx.json: Error: ENOENT: no such file or directory, open '/path/to/json-file/firebase-adminsdk-xxx-xxx.json,'

I've worked around for now by doing this instead:

const admin = require("firebase-admin");
const creds = require("../firebase-adminsdk-xxx-xxx.json");
admin.initializeApp({
        credential: admin.credential.cert(creds),
        projectId: process.env.GCLOUD_PROJECT,
        databaseURL:
          process.env.REALTIME_DB_URL
      });

Not ideal as a relative path needs hard-coding, but it's working.

jQrgen commented 1 year ago

+1

godinhojoao commented 1 year ago

+1

lahirumaramba commented 1 year ago

Hey folks, are you all having this issue on Node.js Version: v16.19.1? We did not make any recent changes to the credentials handling logic so I wonder if some change in Node.js file path resolutions caused this issue. Please share your Node.js version and Admin SDK version if you are experiencing the same problem.

windmillcode0 commented 1 year ago

Node.js v 16.18.0 firebase-tools v 11.28.0 Project issue located here https://github.com/WindMillCode/firebase_deploy_issue

windmillcode0 commented 1 year ago

any update for our use case?

zirho commented 6 months ago

 ~/projects/1/code/code   main  firebase --version
13.1.0
 ~/projects/1/code/code   main  node -v
v18.19.0
 ~/projects/1/code/code   main 

renoirtech commented 4 months ago

Every goddam time I bump into any task related to Firebase it's the same thing, misleading documentation with no solutions on the web and GitHub issues where the community has been ignored for more than 1 year. Ultra annoying.

LuoboCC commented 4 months ago

Every goddam time I bump into any task related to Firebase it's the same thing, misleading documentation with no solutions on the web and GitHub issues where the community has been ignored for more than 1 year. Ultra annoying.

+1

firebase / firebase-admin-node