Firebase提供--only功能,除非我手动设置key.json,否则admin.auth()在本地不起作用 [英] Firebase serve --only functions, admin.auth() locally does not work unless I manually set the key.json
问题描述
我正在尝试使用firebase serve --only functions在本地运行云功能.如果我在此处通过Firebase控制台创建服务帐户时手动指定了要下载的key.json,则此方法有效: https://developers.google.com/identity/protocols/application-default-凭据.据此,将首先检查上述env变量,因此如果存在该变量,它将起作用.但是#2不应该正确验证我的意思吗?
I am trying to run cloud functions locally using firebase serve --only functions. It works if I manually specify the key.json that is downloaded when I create a service account through firebase console here: https://console.firebase.google.com/project/project-id/settings/serviceaccounts/adminsdk.
And then doing export GOOGLE_APPLICATION_CREDENTIALS=key.json. Why do I have to do this? Shouldn't firebase or gcloud handle this correctly? I thought credential in functions.config().firebase was ApplicationDefault. https://developers.google.com/identity/protocols/application-default-credentials. According to that, the env variable like above is checked first, so it works if that is there. But shouldn't #2 validate me correctly?
我有用于应用程序引擎的gcloud,所以我已经完成了gcloud init和gcloud auth application-default login.
I have gcloud for app engine so I have done gcloud init and gcloud auth application-default login.
我在index.js中初始化我的应用
I initialize my app in index.js
const admin = require('firebase-admin');
const functions = require('firebase-functions');
admin.initializeApp(functions.config().firebase);
firebase serve --only functions可以很好地部署功能.但是,当我执行使用此代码admin.auth().getUser(uid)...的代码时,它会因以下错误而中断:
firebase serve --only functions deploys the functions fine. But when I execute one which uses this code admin.auth().getUser(uid)... it breaks with the following error:
错误:发生内部错误.原始服务器响应:"{"错误:{"错误:[{"域:" usageLimits,"原因:" accessNotConfigured,"消息:"未配置访问.之前尚未在项目7640 ... 50中使用Google Identity Toolkit API,或者已将其禁用.通过访问 https:启用它: //console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=7640...50 然后重试.如果您最近启用了此API,请等待几分钟,以便该操作传播到我们的系统并重试.," extendedHelp:" https:启用它: //console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=7640...50 然后重试.如果您最近启用了此API,请等待几分钟,以便该操作传播到我们的系统并重试.}}
Error: An internal error has occurred. Raw server response: "{"error":{"errors":[{"domain":"usageLimits","reason":"accessNotConfigured","message":"Access Not Configured. Google Identity Toolkit API has not been used in project 7640...50 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=7640...50 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.","extendedHelp":"https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=7640...50"}],"code":403,"message":"Access Not Configured. Google Identity Toolkit API has not been used in project 7640...50 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=7640...50 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."}}
项目编号与我的firebase项目或console.cloud.google.com中的项目ID/编号不匹配
The project number doesn't correspond to my firebase project or project id/number in console.cloud.google.com
没有gcloud,我会收到此错误
Without gcloud, I get this error
错误:通过"credential"属性提供给initializeApp()的凭据实现无法获取有效的Google OAuth2访问令牌,但出现以下错误:获取访问令牌时出错:invalid_grant(令牌已过期或吊销.)".可能有两个原因:(1)服务器时间未正确同步,或(2)证书密钥文件已被吊销.要解决(1),请重新同步服务器上的时间.要解决(2),请确保您的密钥文件的密钥ID仍然存在于 https://console.firebase.google.com/iam-admin/serviceaccounts/project .如果不是,请在 https://console.firebase生成新的密钥文件. .google.com/project/_/settings/serviceaccounts/adminsdk
Error: Credential implementation provided to initializeApp() via the "credential" property failed to fetch a valid Google OAuth2 access token with the following error: "Error fetching access token: invalid_grant (Token has been expired or revoked.)". There are two likely causes: (1) your server time is not properly synced or (2) your certificate key file has been revoked. To solve (1), re-sync the time on your server. To solve (2), make sure the key ID for your key file is still present at https://console.firebase.google.com/iam-admin/serviceaccounts/project. If not, generate a new key file at https://console.firebase.google.com/project/_/settings/serviceaccounts/adminsdk
类似于 https://github.com/urish/firebase-server/issues /81
我已经生成了一个密钥文件.我尝试删除现有的密钥并制作新的密钥,唯一的解决方案是下载生成的密钥并手动导出环境变量
I already have a key file generated. I've tried deleting my existing ones and making new ones, the only solution is to download this key that is generated and manually export the environment variable
还有其他方法吗?
推荐答案
从技术上讲,是的,但是您可以构建代码,以便在本地测试时使用本地密钥,而在服务器上运行时使用服务密钥.
Technically yes, but you can build your code so that it uses a local key when testing locally, and uses the service key when running on the server.
为此,我将env var FB_SERVICE_ACCOUNT_KEY设置为json机密的路径.取消设置(即在Firebase功能内部署)时,将使用标准init.
For this I set the env var FB_SERVICE_ACCOUNT_KEY to the path of the json secret. When it is unset (i.e. deployed within Firebase functions), the standard init will be used.
这是一个基本示例
if(process.env.FB_SERVICE_ACCOUNT_KEY){
var serviceAccount = require(process.env.FB_SERVICE_ACCOUNT_KEY);
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: `https://${process.env.GCLOUD_PROJECT}.firebaseio.com`
});
}
else{
admin.initializeApp(functions.config().firebase);
}
这篇关于Firebase提供--only功能,除非我手动设置key.json,否则admin.auth()在本地不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
