问题
I'm using firebase-admin on a node server
Initializing the admin app works fine:
const admin = require('firebase-admin')
const serviceAccount = require('../service-account.json')
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: // firebaseio.com url
})
admin.auth().verifyIdToken(token).then((decoded) => {
// THIS WORKS SUCCESS! a decoded token
console.log('decoded', decoded)
// now look up the user information
admin.auth().getUser(decoded.uid).then((userRecord) => {
console.log('got user record', userRecord)
}).catch((err) => {
// { [Error: An internal error has occurred.]
// errorInfo:
// { code: 'auth/internal-error',
// message: 'An internal error has occurred.' } }
console.error(err)
})
})
The last part to getUser fails with
{ [Error: An internal error has occurred.] errorInfo: { code: 'auth/internal-error', message: 'An internal error has occurred.' } }
When I tried to pass in the credential the other recommended way, I got this:
const admin = require('firebase-admin')
admin.initializeApp({
credential: admin.credential.cert({
projectId: //projectid,
clientEmail: //client email,
privateKey: //admin private key
}),
databaseURL: // firebaseio.com url
})
Then when I try to verify and look up a user:
admin.auth().verifyIdToken(token).then((decoded) => {
// THIS WORKS SUCCESS! a decoded token
console.log('decoded', decoded)
// now look up the user information
admin.auth().getUser(decoded.uid).then((userRecord) => {
console.log('got user record', userRecord)
}).catch((err) => {
// Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
console.error(err)
})
})
The last part to getUser fails with
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
回答1:
The problem here is that the service account being used did not have explicit permissions on the project to download users.
Turns out, the service account alone is all that is needed to decode tokens, but extra permissions are required for other operations like getUser(uid)
To fix this, I had to go into the IAM section in the permissions on the project and add the email address for the server account with the appropriate permissions (I did editor).
Steps
- Settings Icon -> Permissions
- IAM
- + Add user icon
- enter the email address of the service account credentials and assign a role
回答2:
The simplest way to generate a valid service account key file is to follow the instructions in Add Firebase to your app. There is a nice UI which you can use to generate a new JSON file which should have all the proper permissions for your project. You can then use it to initialize the Admin Node.js SDK like this:
var serviceAccount = require("path/to/serviceAccountKey.json");
admin.initializeApp({
credential: admin.credential.cert(serviceAccount)
});
来源:https://stackoverflow.com/questions/40639949/firebase-admin-auth-getuseruid-error-an-internal-error-has-occurred-auth