Skip to content

[FR] Allow credential file type "external_account" when calling admin.credential.applicationDefault() #1377

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#2466
Closed
[FR] Allow credential file type "external_account" when calling admin.credential.applicationDefault()#1377
#2466
Assignees
lahirumaramba
Labels
api: coretype: feature request
@thomasmburke

Description

@thomasmburke
thomasmburke
opened on Jul 15, 2021

Is your feature request related to a problem? Please describe.

Developers would like the ability to initialize a Firebase app instance with a credential file type "external_account". An example of when credential file of type "external_account" is used is when following the instructions listed in the GCP public docs for using AWS Identify Federated Credentials. This credential file type is supported by other Google APIs (e.g. @google-cloud/storage, @google-cloud/firestore, etc...) and is also supported by the Firebase Admin SDK in other languages (e.g. Java)

Describe the solution you'd like

Allow the initialization of a Firebase app instance using credential file type "external_account". This will likely require an update to the credentialFromFile function

Describe alternatives you've considered

Developers are currently limited to:

  • Leveraging the Firebase Java Admin SDK instead
  • Using Secrets Manager/environment variables to store a service account key outside of code
  • Calling a corresponding RESTful endpoint from within node.js via something like http.request

Additional context

When a developer has configured GOOGLE_APPLICATION_CREDENTIALS to point to a credential file type of "external_account" (e.g. a AWS Identity Federation Credentials Config file) the below are the differences between the implementations for the Firebase Java Admin SDK and the Firebase Node.js Admin SDK:

Node.js Details:
Developer initializes Firebase app instance with code similar to the below:

const fbApp = admin.initializeApp({
        credential: admin.credential.applicationDefault(),
        projectId: 'GCP_PROJECT_ID',
        databaseURL: 'https://GCP_PROJECT_ID.firebaseio.com'
    });

Which in turn calls the credentialFromFile function and returns the following error: 'Invalid contents in the credentials file'

Java Details:
Developer initializes Firebase app instance with code similar to the below:

        GoogleCredentials credentials = GoogleCredentials.getApplicationDefault();

        FirebaseOptions options = FirebaseOptions.builder()
                .setCredentials(credentials)
                .setProjectId(GCP_PROJECT_ID)
                .setDatabaseUrl(FIREBASE_DB_URL)
                .build();

        FirebaseApp app = FirebaseApp.initializeApp(options);

Which in turn calls this function that has support for credential file type of "external_account"

Metadata

Assignees

Labels

api: coretype: feature request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions