Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logged with gcloud impersonate service account will cause initializeApp error #1703

Closed
neviaumi opened this issue May 13, 2022 · 3 comments
Closed

Logged with gcloud impersonate service account will cause initializeApp error #1703

neviaumi opened this issue May 13, 2022 · 3 comments
Assignees
@lahirumaramba
Labels
api: core

Comments

@neviaumi
Copy link

[READ] Step 1: Are you in the right place?

  • For issues related to the code in this repository file a Github issue.
  • If the issue pertains to Cloud Firestore, read the instructions in the "Firestore issue"
    template.
  • For general technical questions, post a question on StackOverflow
    with the firebase tag.
  • For general Firebase discussion, use the firebase-talk
    google group.
  • For help troubleshooting your application that does not fall under one
    of the above categories, reach out to the personalized
    Firebase support channel.

[REQUIRED] Step 2: Describe your environment

  • Operating System version: Mac
  • Firebase SDK version:
  • Firebase Product: Other (auth, database, storage, etc)
  • Node.js version: 16.14.2
  • NPM version: 8.5.0

[REQUIRED] Step 3: Describe the problem

Steps to reproduce:

  1. Sign in gcloud with impersonate service account
  2. Run app that will initialise firebase app.

What happened? How can we make the problem occur?
This could be a description, log/console output, etc.

  ● Test suite failed to run

    Refresh token must contain a "client_id" property.

      13 |   static forRoot() {
      14 |     Firebase.initializeApp({
    > 15 |       credential: Firebase.credential.applicationDefault(),
         |                                       ^
      16 |     });
      17 |     return {
      18 |       exports: [FIRE_STORE],

      at FirebaseAppError.FirebaseError [as constructor] (../node_modules/firebase-admin/lib/utils/error.js:44:28)
      at FirebaseAppError.PrefixedFirebaseError [as constructor] (../node_modules/firebase-admin/lib/utils/error.js:90:28)
      at new FirebaseAppError (../node_modules/firebase-admin/lib/utils/error.js:125:28)
      at new RefreshToken (../node_modules/firebase-admin/lib/app/credential-internal.js:281:19)
      at new RefreshTokenCredential (../node_modules/firebase-admin/lib/app/credential-internal.js:239:15)
      at Object.getApplicationDefault (../node_modules/firebase-admin/lib/app/credential-internal.js:321:20)
      at Object.applicationDefault (../node_modules/firebase-admin/lib/app/credential-factory.js:55:54)
      at Function.forRoot (database/database.module.ts:15:39)
      at Object.<anonymous> (app.module.ts:77:20)

Relevant Code:

import { Module } from '@nestjs/common';
import { ConfigModule } from '@nestjs/config';
import Firebase from 'firebase-admin';

import { ConnectionProvider } from './connection.provider';
import { FIRE_STORE } from './database.constants';

export type FireStore = Firebase.firestore.Firestore;
export type WhereFilterOp = Firebase.firestore.WhereFilterOp;

@Module({})
export class DatabaseModule {
  static forRoot() {
    Firebase.initializeApp({
      credential: Firebase.credential.applicationDefault(),
    });
    return {
      exports: [FIRE_STORE],
      global: true,
      imports: [ConfigModule],
      module: DatabaseModule,
      providers: [
        {
          provide: FIRE_STORE,
          useValue: Firebase.firestore(),
        },
      ],
    };
  }

  static forFeature() {
    return {
      exports: [ConnectionProvider],
      imports: [ConfigModule],
      module: DatabaseModule,
      providers: [ConnectionProvider],
    };
  }
}

My application_default_credentials.json (data has been removed)

{
  "delegates": [],
  "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/service-account-here:generateAccessToken",
  "source_credentials": {
    "client_id": "",
    "client_secret": "",
    "refresh_token": "",
    "type": "authorized_user"
  },
  "type": "impersonated_service_account"
}
@google-oss-bot
Copy link

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

@neviaumi
Copy link
Author

I have workaround here if anyone facing similar issue.

Workaround

It just simple set GOOGLE_APPLICATION_CREDENTIALS to some where.

And because my app have emulate GCP locally so i just set it to dummy json.

@lahirumaramba lahirumaramba self-assigned this May 16, 2022
@blue-hope blue-hope mentioned this issue Aug 10, 2022
Closed
@nathan-stable-auto nathan-stable-auto mentioned this issue Aug 31, 2022
Merged
@lahirumaramba
Copy link
Member

This is fixed in #1862 and now included in the v11.5.0 release.

Thank you for your patience on this! Try out the new feature if you get a chance and let us know what you think.
If you encounter any issues, please open a new issue. Thank you!

@takeratta takeratta mentioned this issue Jul 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lahirumaramba lahirumaramba

Labels
api: core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lahirumaramba @neviaumi @google-oss-bot