Open RafaelZasas opened 3 months ago
This issue does not have all the information required by the template. Looks like you forgot to fill out some sections. Please update the issue with more information.
Hey @RafaelZasas - thanks for reporting this! I see two improvements we culd make here: 1 - We should throw a clearer error when using expired credentials that prompts you to run the reauth command. 2 - We should offer firebase CLI as a trusted app in Google Admin Console.
1 I'll take a crack at when I have some free time soon. 2 will likely be longer, since we'll need to escalate to Google Workspaces team.
Yeah, this is pretty bad that Google and Google don't work together. Signing in with my Google Workspaces account also seems to have bound me to now ALWAYS login with an account under that Google Workspaces @my.domain
- certainly not something I asked it to do - so it prevents me from logging in to one of my Firebase admin non-Workspace accounts in order to work around this bug.
I can't imagine it's that foreign for Firebase developers to also use Google Workspaces... I assumed that I hadn't configured something on Workspaces properly and it was being overly restrictive until I found this issue reported.
Please escalate this to Google Workspaces if you haven't already.
Hey @cmjordan42 - could you expand a bit on:
Signing in with my Google Workspaces account also seems to have bound me to now ALWAYS login with an account under that Google Workspaces @my.domain - certainly not something I asked it to do - so it prevents me from logging in to one of my Firebase admin non-Workspace accounts in order to work around this bug.
What does this actually look like for you? When you run 'firebase login', are you not able to login with @gmail.com accounts? Do you see a different login screen?
Sure.
firebase login --reauth
gives a URL to accounts.google.com oauthChoose an account from myworkspacedomain.com
, despite it launching in Chrome that has a) multiple accounts authenticated with Google accounts; b) a Gmail account logged in to Chrome (not the account or domain in question)me@myworkspacedomain.com
as a user selection option, with Use another account
below it.Use another account
yields a sign in page where it's prompting for me to enter my email but with a forced (immutable) @myworkspacedomain.com
domain to the emailIt was a lot of trial and error for me, I hope this helps someone.
Download firebase cli for windows
(If there is a folder) delete C:\Users(User).cache\firebase
Change the download file file name to firebase-win.exe
and move it to C:\
path.
After running Powershell, run the following command and perform authentication.
C:\> ./firebase-win.exe login:ci
(Important!) Copy the firebase-win.exe
executable file to the Flutter project path and change the file name to firebase.exe
(*When running the flutterfire configure
command, (perhaps) it searches for firebase.exe and if it is not recognized, the error below will occur. )
D:\flutter_project> flutterfire configure
⠙ Fetching available Firebase projects...
FirebaseCommandException: An error occured on the Firebase CLI when attempting to run a command.
COMMAND: firebase --version
ERROR: The FlutterFire CLI currently requires the official Firebase CLI to also be installed, see https://firebase.google.com/docs/cli#install_the_firebase_cli for how to install it.
Run flutterfire configure command to create firebase_options.dart file
[REQUIRED] Environment info
firebase-tools: v13.5.2
Platform: Ubuntu 23.10
[REQUIRED] Test case
Login to firebase tools with workspace account, wait for oauth refresh token to expire (seems like it only takes an hour), and try to use any firebase-tools command.
[REQUIRED] Steps to reproduce
Sign in to firebase-tools with a google workspace account.
Use firebase-tools as normal.
Wait a couple hours, firebase-tools breaks:
FirebaseCommandException: An error occured on the Firebase CLI when attempting to run a command.
From the log:Running
firebase login
yields:[REQUIRED] Expected behavior
Since this issue is not present with my personal account, I assume there are some settings set by Google Admin Console. I have checked the
Google Cloud session control
and theApp Access Control
and there is no way to mark firebase cli as a trusted application, or extend the validation time for the oath token.I expect to be able to login once, and have a valid refresh token for at least the same length of time as my other google services, but would ideally not have to log in again since I do not have to with my personal account.
[REQUIRED] Actual behavior
In order to get firebase-tools working again, I have to run
firebase-login --reauth
which although, on the surface doesn't seem like a big deal, but it gets annoying to do every single day, and sometimes even after a short lunch break too.Also note, the log says that there is an issue with the
runtime
property in the functions object offirebase.json
. I know that this property is in the docs, and it is the only way to get firebase functions with python to run locally in emulators since I do not have python 3.12 installed on my system, I have to specify runtime ofpython311
. Thats another issue entirely though.