Menu
Using the new Firebase Cloud Functions in combination with the admin sdk.
I want to use the admin.auth().createCustomToken() function. Calling this function results in a error message
Error: createCustomToken() requires a certificate with "private_key" set.
at FirebaseAuthError.Error (native)
at FirebaseAuthError.FirebaseError [as constructor] (/user_code/node_modules/firebase-admin/lib/utils/error.js:25:28)
at new FirebaseAuthError (/user_code/node_modules/firebase-admin/lib/utils/error.js:90:23)
at FirebaseTokenGenerator.createCustomToken (/user_code/node_modules/firebase-admin/lib/auth/token-generator.js:62:19)
at Auth.createCustomToken (/user_code/node_modules/firebase-admin/lib/auth/auth.js:89:37)
at /user_code/index.js:29:26
at process._tickDomainCallback (internal/process/next_tick.js:129:7)
How do I config the cloud functions to use a private_key?
admin.initializeApp(functions.config().firebase);
660
Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs). You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the signInWithCustomToken() method.
Cloud Functions for Firebase is a serverless framework that lets you automatically run backend code in response to events triggered by Firebase features and HTTPS requests. Your JavaScript or TypeScript code is stored in Google's cloud and runs in a managed environment.
To do so securely, after a successful sign-in, send the user's ID token to your server using HTTPS. Then, on the server, verify the integrity and authenticity of the ID token and retrieve the uid from it. You can use the uid transmitted in this way to securely identify the currently signed-in user on your server.
Unfortunately, the createCustomToken() method requires a private key to mint custom tokens, which is not currently available with the default credential (which happens to be an Application Default Credential). As noted in Create custom tokens using the Firebase Admin SDKs, you need to provide a certificate credential to be able to create custom tokens.
You can generate the certificate needed for this credential by following the instructions in Add Firebase to your app. Once you have the key JSON file, you need to get it into Cloud Functions for Firebase.
You can do this by storing the key JSON file in your /functions folder as service-account.json. Then, in the file where you define your Functions, use admin.credential.cert() to initialize the Admin SDK, like this:
const functions = require('firebase-functions');
const admin = require('firebase-admin');
var serviceAccount = require("./service-account.json");
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: functions.config().firebase.databaseURL
});
For a full example of how to do this, with more detailed instructions and a code sample, check out the Instagram sign in sample.
Note that we hope to add support for createCustomToken() from the default credential in the future, but for now, you will have to bring your own credential for this particular method to work.
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
