Description
[REQUIRED] Step 2: Describe your environment
- Operating System version: Cloud Functions (running in emulator on windows)
- Firebase SDK version: 13.2.0 (updated from 12.7.0)
- Firebase Product: auth
- Node.js version: 20
[REQUIRED] Step 3: Describe the problem
When upgrading to the latest firebase-admin sdk (13.2.0) we now receive the following error for auth.revokeToken(uid). This only happens when running the functions locally in the emulator. The admin sdk is being initialised with a service account file because we mint tokens with custom claims.
We tried previously to migrated to 12.7.* but we were effected by the now closed issue #2658 most of the issues documented there seem to be resolved.
The happens on various api calls.
Error: //console.developers.google.com/iam-admin/iam/project?project={REDACTED-PROJECTID} and then retry. Propagation of the new permission may take a few minutes. Raw server response: "{"error":{"code":403,"message":"Caller does not have required permission to use project {REDACTED-PROJECTID}. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project={REDACTED-PROJECTID} and then retry. Propagation of the new permission may take a few minutes.","errors":[{"message":"Caller does not have required permission to use project {REDACTED-PROJECTID}. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project={REDACTED-PROJECTID} and then retry. Propagation of the new permission may take a few minutes.","domain":"global","reason":"forbidden"}],"status":"PERMISSION_DENIED","details":[{"@type":"type.googleapis.com/google.rpc.ErrorInfo","reason":"USER_PROJECT_DENIED","domain":"googleapis.com","metadata":{"containerInfo":"{REDACTED}","service":"identitytoolkit.googleapis.com","consumer":"projects/{REDACTED-PROJECTID}"}},{"@type":"type.googleapis.com/google.rpc.LocalizedMessage","locale":"en-US","message":"Caller does not have required permission to use project {REDACTED-PROJECTID} Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project={REDACTED} and then retry. Propagation of the new permission may take a few minutes."},{"@type":"type.googleapis.com/google.rpc.Help","links":[{"description":"Google developer console IAM admin","url":"https://console.developers.google.com/iam-admin/iam/project?project={REDACTED-PROJECTID}"}]}]}}"
Steps to reproduce:
What happened? How can we make the problem occur?
This could be a description, log/console output, etc.
Relevant Code:
const serviceAccount = require(serviceAccountPath);
admin.initializeApp({
credential: admin.credential.cert({
clientEmail: serviceAccount.client_email,
projectId: serviceAccount.project_id,
privateKey: serviceAccount.private_key,
});
const auth = admin.auth();
await auth.createUser({
email: lowerCaseEmail,
displayName: lowerCaseEmail,
disabled: false,
})
// This throws the error.
await auth.revokeRefreshTokens(uid);
``