Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[with-firebase-authentication] Can't use Firebase Admin SDK for anything other than verifying the token #14139

Open
tomthornton opened this issue Jun 12, 2020 · 7 comments
Labels
examples Issue was opened via the examples template. good first issue Easy to fix issues, good for newcomers

Comments

@tomthornton
Copy link

Bug report

Describe the bug

There's a problem with the credential in initializing the firebase admin app. It works perfectly with admin.verifyToken, but any other method I try to use yields an error of

Error: Credential implementation provided to initializeApp() via the "credential" property failed to fetch a valid Google OAuth2 access token with the following error: "Error fetching access token: invalid_grant (Invalid grant: account not found)". There are two likely causes: (1) your server time is not properly synced or (2) your certificate key file has been revoked. To solve (1), re-sync the time on your server. To solve (2), make sure the key ID for your key file is still present at https://console.firebase.google.com/iam-admin/serviceaccounts/project. If not, generate a new key file at https://console.firebase.google.com/project/_/settings/serviceaccounts/adminsdk.

I've tried everything. Is there no way to use the firebase admin SDK with anything else in NextJS?

To Reproduce

firebaseAdmin.js

import * as admin from 'firebase-admin'

export const createUser = (email) => {
const firebasePrivateKey = process.env.FIREBASE_PRIVATE_KEY

if (!admin.apps.length) {
admin.initializeApp({
credential: admin.credential.cert({
projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID,
clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
// https://stackoverflow.com/a/41044630/1332513
privateKey: firebasePrivateKey.replace(/\n/g, '\n'),
}),
databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL,
})
}

return admin.auth().createUser({
email: '[email protected]',
password: 'password'
})
}

export const verifyIdToken = (token) => {
const firebasePrivateKey = process.env.FIREBASE_PRIVATE_KEY
if (!admin.apps.length) {
admin.initializeApp({
credential: admin.credential.cert({
projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID,
clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
// https://stackoverflow.com/a/41044630/1332513
privateKey: firebasePrivateKey.replace(/\n/g, '\n'),
}),
databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE_URL,
})
}

return admin
.auth()
.verifyIdToken(token)
.catch((error) => {
throw error
})
}

Try to run createUser from an API endpoint

Expected behavior

It should just work. I need a custom flow for creating my users.

System information

  • Mac.OS
  • Node '12.16.1'
  • NextJS - latest
@RiChrisMurphy
Copy link

RiChrisMurphy commented Aug 12, 2020

did you ever solve this issue? I'm having the same one. In my case, I'm trying to access the admin firestore with nearly exact same steps as you, basically the same error error: Error: 400 undefined: Getting metadata from plugin failed with error: invalid_grant: Invalid grant: account not found

@timneutkens timneutkens added the good first issue Easy to fix issues, good for newcomers label Aug 12, 2020
@RiChrisMurphy
Copy link

Well, I ended up solving my issue by using the entire service-account.json instead of only the private key in the admin.credential.cert( ... ). It seems to work on localhost with just the private key (without the rest of the service account properties), which threw me off when I moved to other environments.

@tomthornton
Copy link
Author

Well, I ended up solving my issue by using the entire service-account.json instead of only the private key in the admin.credential.cert( ... ). It seems to work on localhost with just the private key (without the rest of the service account properties), which threw me off when I moved to other environments.

Yep I got it to work the same way. Sorry, I didn't see this earlier. Is there a way to add the answer and close this issue?

@GabrielNBDS
Copy link

GabrielNBDS commented Feb 22, 2021

How I solved: I deployed it to digital ocean vps and deployed it as a node app. To be clear: I created a digital ocean droplet. I did not use the app platform

@timneutkens timneutkens added the examples Issue was opened via the examples template. label Feb 25, 2021
@modderzabbasi
Copy link

Is there an example on how to solve this issue in vercel?

@kedarguy
Copy link

I got it working by saving the private key directly in the file.

const privateKey = '-----BEGIN PRIVATE KEY-----\nXXXXXXX-----END PRIVATE KEY-----\n

function initializeFirebaseAdmin() {
  if (!admin.apps.length) {
    return admin.initializeApp({
      credential: admin.credential.cert({
        projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID,
        clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
        privateKey: privateKey.replace(/\\n/g, '\n'),
      }),
      databaseURL: process.env.NEXT_PUBLIC_FIREBASE_DATABASE,
    });
  }
  return admin.apps[0];
}

So I think the issue is adding the firebase private key as an ENV var on Vercel.

It is not ideal to hardcode the private key, so I would be happy to hear if someone got it to work using ENV vars on vercel.

@laurentvergnaud
Copy link

NEXT_PUBLIC_

For a Firebase Admin Private Key ?!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
examples Issue was opened via the examples template. good first issue Easy to fix issues, good for newcomers
Projects
None yet
Development

No branches or pull requests

7 participants