Logged with gcloud impersonate service account will cause initializeApp error #1703
Description
[READ] Step 1: Are you in the right place?
- For issues related to the code in this repository file a Github issue.
- If the issue pertains to Cloud Firestore, read the instructions in the "Firestore issue"
template. - For general technical questions, post a question on StackOverflow
with the firebase tag. - For general Firebase discussion, use the firebase-talk
google group. - For help troubleshooting your application that does not fall under one
of the above categories, reach out to the personalized
Firebase support channel.
[REQUIRED] Step 2: Describe your environment
- Operating System version: Mac
- Firebase SDK version:
- Firebase Product: Other (auth, database, storage, etc)
- Node.js version: 16.14.2
- NPM version: 8.5.0
[REQUIRED] Step 3: Describe the problem
Steps to reproduce:
- Sign in gcloud with impersonate service account
- Run app that will initialise firebase app.
What happened? How can we make the problem occur?
This could be a description, log/console output, etc.
● Test suite failed to run
Refresh token must contain a "client_id" property.
13 | static forRoot() {
14 | Firebase.initializeApp({
> 15 | credential: Firebase.credential.applicationDefault(),
| ^
16 | });
17 | return {
18 | exports: [FIRE_STORE],
at FirebaseAppError.FirebaseError [as constructor] (../node_modules/firebase-admin/lib/utils/error.js:44:28)
at FirebaseAppError.PrefixedFirebaseError [as constructor] (../node_modules/firebase-admin/lib/utils/error.js:90:28)
at new FirebaseAppError (../node_modules/firebase-admin/lib/utils/error.js:125:28)
at new RefreshToken (../node_modules/firebase-admin/lib/app/credential-internal.js:281:19)
at new RefreshTokenCredential (../node_modules/firebase-admin/lib/app/credential-internal.js:239:15)
at Object.getApplicationDefault (../node_modules/firebase-admin/lib/app/credential-internal.js:321:20)
at Object.applicationDefault (../node_modules/firebase-admin/lib/app/credential-factory.js:55:54)
at Function.forRoot (database/database.module.ts:15:39)
at Object.<anonymous> (app.module.ts:77:20)
Relevant Code:
import { Module } from '@nestjs/common';
import { ConfigModule } from '@nestjs/config';
import Firebase from 'firebase-admin';
import { ConnectionProvider } from './connection.provider';
import { FIRE_STORE } from './database.constants';
export type FireStore = Firebase.firestore.Firestore;
export type WhereFilterOp = Firebase.firestore.WhereFilterOp;
@Module({})
export class DatabaseModule {
static forRoot() {
Firebase.initializeApp({
credential: Firebase.credential.applicationDefault(),
});
return {
exports: [FIRE_STORE],
global: true,
imports: [ConfigModule],
module: DatabaseModule,
providers: [
{
provide: FIRE_STORE,
useValue: Firebase.firestore(),
},
],
};
}
static forFeature() {
return {
exports: [ConnectionProvider],
imports: [ConfigModule],
module: DatabaseModule,
providers: [ConnectionProvider],
};
}
}My application_default_credentials.json (data has been removed)
{
"delegates": [],
"service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/service-account-here:generateAccessToken",
"source_credentials": {
"client_id": "",
"client_secret": "",
"refresh_token": "",
"type": "authorized_user"
},
"type": "impersonated_service_account"
}