0
votes

I've checked the other stacks about this but still not sure why i'm getting insufficient permissions error. Probably I'm being insecure.

I'm trying to sync users from 2 different firebase accounts. The first account calls a firebase function on the second account. If a user does not exist, it creates and does some databasing. If user exists, then it creates a custom token and passes it back to the first account to use in an iframe query parameter.

I've created IAM service account, created keys and saved to file, and edited the service token permissions like the other stacks explain but i'm getting the error nonetheless. Here's my function start:

const firebaseConfig = {
  credential: admin.credential.applicationDefault(),
  apiKey: "xxxxxxxxxxxxxxxxxxxxxxx",
  authDomain: "itsli7-87384.firebaseapp.com",
  databaseURL: "https://itsli7-87384.firebaseio.com",
  projectId: "itsli7-87384",
  storageBucket: "itsli7-87384.appspot.com",
  messagingSenderId: "503897448704",
  appId: "1:503897448704:web:45773bfb231a24bbe213e5"
}


fb.initializeApp(firebaseConfig);
admin.initializeApp(firebaseConfig);

And the function is running this.

return admin.auth().getUser(data.user.uid)
      .then(async function () {
        return admin.auth().createCustomToken(data.user.uid)
          .then(function (customToken) {
            res.send(customToken);
          })
          .catch(function (error) {
            console.log('Error creating custom token:', error);
          });

The error

code: auth/insufficient-permission

Error creating custom token: FirebaseAuthError: The caller does not have permission; Please refer to https://firebase.google.com/docs/auth/admin/create-custom-tokens for more details on how to use and troubleshoot this feature.

1
Please edit the question to show the error. - Doug Stevenson
good point @DougStevenson. thanks, added - irth
It sounds like your service account doesn't have permission. Did you got to the URL for advice on troubleshooting? If so, what did you try? - Doug Stevenson
yes, i enabled the IAM service. then created a service account to get the key file. downloaded the file to the functions folder and ran the env export code to get admin.credential.applicationDefault() into config. Then i updated the service account config to have the token creation permissions. btw it works locally, error after deploy. - irth

1 Answers

0
votes

Instead of using the prescribed method of adding cred.json to admin.credential.applicationDefault(), and passing in the same firebase init config object to admin init, it is working with:

var serviceAccount = JSON.parse(fs.readFileSync("cred.json"));

admin.initializeApp({
  credential: admin.credential.cert(serviceAccount),
  databaseURL: "https://itsli7-87384.firebaseio.com"
});

fb.initializeApp(firebaseConfig);