如何解决获取身份验证用户的 Firebase CLI 权限
安装 Firebase CLI 并登录后,我可以创建这样的 JavaScript 文件,该文件从 Firestore 检索数据并直接从本地命令行执行:
script.js:
const admin = require('firebase-admin');
(async () => {
admin.initializeApp({ projectId: 'my-project-id' });
const widget = await admin
.firestore()
.doc('widgets/someid')
.get();
console.log(widget.data());
})();
命令:node script.js
在我尝试从 Firebase 的身份验证中检索用户之前,它运行良好。然后我遇到了 403 错误。这是脚本:
const admin = require('firebase-admin');
(async () => {
admin.initializeApp({ projectId: 'my-project-id' });
const user = await admin
.auth()
.getUser('some-uid');
console.log(user);
})();
错误信息如下:
{
"error": {
"code": 403,"message": "Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the identitytoolkit.googleapis.com.We recommend configuring the billing / quota_project setting in gcloud or using a service account through the auth / impersonate_service_account setting.For more information about service accounts and how to use them in your application,see https: //cloud.google.com/docs/authentication/.","errors": [{
"message": "Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the identitytoolkit.googleapis.com. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application,see https://cloud.google.com/docs/authentication/.","domain": "usageLimits","reason": "accessNotConfigured","extendedHelp": "https://console.developers.google.com"
}],"status": "PERMISSION_DENIED"
}
}
这很奇怪,因为我以 GCP 项目的管理员身份登录。上面的代码在云函数内部运行时也能很好地工作(它只有我所做的权限的一个子集)。如何更改权限和配置以使上述脚本正常工作?
解决方法
正如@Jordi 在评论中提到的,您需要创建一个服务帐户并在我的 shell 中激活该服务帐户以访问 firebase 身份验证。
步骤如下:
在 Google Cloud Console 中,创建一个新的服务帐号。授予 Firebase Authentication Admin
和 Cloud Datastore Owner
角色:
生成新密钥并将JSON文件存储在本地:
使用服务帐户凭据:
Mac/Linux:
set GOOGLE_APPLICATION_CREDENTIALS=./path/service-account.json
视窗:
$env:GOOGLE_APPLICATION_CREDENTIALS = './path/service-account.json'
现在您可以使用正确的凭据执行调用 firebase-admin
的 admin.auth()
以及 admin.firestore()
的节点脚本:
node script.js
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。