firebase-admin-node icon indicating copy to clipboard operation
firebase-admin-node copied to clipboard
verified publisher icon firebase

auth.createCustomToken: Failed to determine service account. Make sure to initialize the SDK with a service account

Open nvzoll opened this issue 7 months ago • 6 comments

[READ] Step 1: Are you in the right place?

  • For issues related to the code in this repository file a Github issue.
  • If the issue pertains to Cloud Firestore, read the instructions in the "Firestore issue" template.
  • For general technical questions, post a question on StackOverflow with the firebase tag.
  • For general Firebase discussion, use the firebase-talk google group.
  • For help troubleshooting your application that does not fall under one of the above categories, reach out to the personalized Firebase support channel.

[REQUIRED] Step 2: Describe your environment

  • Operating System version: Windows 11 24H2
  • Firebase SDK version: 13.4.0
  • Firebase Product: Firestore
  • Node.js version: 21.6.1
  • NPM version: 10.2.4

[REQUIRED] Step 3: Describe the problem

Basically duplicates 2800

Steps to reproduce:

Running Firebase Functions emulator on local environment

import { initializeApp } from "firebase-admin/app"

initializeApp()

Relevant Code:

const token = await auth.createCustomToken(uid, customClaims)

This throws

Failed to determine service account. Make sure to initialize the SDK with a service account credential. Alternatively specify a service account with iam.serviceAccounts.signBlob permission. Original error: Error: Error while making request: getaddrinfo ENOTFOUND metadata.

And I have to do

export const json_path = 'LOCAL_PATH'

getApps().length === 0
    ? initializeApp({
          credential: credential.cert(json_path!),
      })
    : getApp()

Which also does not work with ADC file, only with json downloaded from project settings in Firebase dashboard. If I put ADC file path in the snippet above, it complains about project_id field missing. It definitely worked with simply initializeApp() before upgrading to v13.

nvzoll avatar May 22 '25 15:05 nvzoll

I found a few problems with this issue:

  • I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
  • This issue does not seem to follow the issue template. Make sure you provide all the required information.

google-oss-bot avatar May 22 '25 15:05 google-oss-bot

We are also experiencing this issue still on 13.5.0. Issue 2800 makes it seem like this problem is fixed, but it is not.

jdcoldsmith avatar Oct 01 '25 16:10 jdcoldsmith

Hey @lahirumaramba sorry if it is inappropriate to drag you into this but you seem to be the one that resolved #2800. This continues to be an issue for me and my team as we test functions that use createCustomToken (which is a fair number of them). We would very much prefer to continue using ADC rather than passing around service accounts.

I tried the workaround you provided in #2800 without success. Also, thinking this note in the Firebase setup documentation might be relevant, I tried creating a Desktop OAuth 2.0 client ID, recreating my ADC using that as my client ID, and then using applicationDefault explicitly in initializeApp and that also didn't work (same error).

Any help or guidance you or anyone at Firebase can provide would be much appreciated!

tannerstern avatar Nov 04 '25 15:11 tannerstern

Hey @tannerstern are you able to provide us with more information on this? Do you have the same setup as the original reporter of this issue? Does this occur only on emulator mode?

Please share the Firebase SDK version, minimal repro if possible, and as much details as you can share. This helps us investigate the issue. If your issue is slightly different from the initial report mentioned above, please open a new issue in this repo. Thanks!

lahirumaramba avatar Nov 04 '25 16:11 lahirumaramba

I think my issue is very similar to the original reporter. This happens only on emulator mode, yes; we use default service accounts in production and they have no issue, we only have issues when using ADC.

Here is my attempt at a minimal repro: https://github.com/tannerstern/firebase-admin-token-creator-issue. Hopefully that gives you enough context.

For me, I'm operating with the following:

  • OS: WSL Ubuntu on Windows 11
  • Node: 22.21.1
  • Firebase CLI: 14.20.0
  • Firebase Admin SDK: 13.5.0
  • gcloud: 562.0.0

I'm further confused by the fact that downgrading to Firebase Admin 12.7.0 (with which others claim to have had success) is not working for me... maybe that points to other things I don't understand 🤔

Edit: Realizing that gcloud, Firebase CLI, and the Admin package are all out-of-date, I'm going to update all to latest and try again to see if that makes a difference.

2nd Edit: Updated everything and I'm still seeing the error, so it is at least not an issue of out-of-date deps.

3rd Edit: Had to delete the old repo and create a new one, new link above. Sorry for the confusion!

tannerstern avatar Nov 04 '25 18:11 tannerstern