Search code examples
firebasefirebase-authenticationjson-web-token

Firebase admin().auth().getUser(uid) Error: An internal error has occurred 'auth/internal-error'

I'm using firebase-admin on a node server

Initializing the admin app works fine:

const admin = require('firebase-admin')
const serviceAccount = require('../service-account.json')
admin.initializeApp({                                                                                             
  credential: admin.credential.cert(serviceAccount),
  databaseURL: // firebaseio.com url
})

admin.auth().verifyIdToken(token).then((decoded) => {
  // THIS WORKS SUCCESS! a decoded token
  console.log('decoded', decoded)
  // now look up the user information
  admin.auth().getUser(decoded.uid).then((userRecord) => {
    console.log('got user record', userRecord)
  }).catch((err) => {
    // { [Error: An internal error has occurred.]
    //     errorInfo: 
    //      { code: 'auth/internal-error',
    //         message: 'An internal error has occurred.' } }
    console.error(err)
  })
})

The last part to getUser fails with

{ [Error: An internal error has occurred.] errorInfo: { code: 'auth/internal-error', message: 'An internal error has occurred.' } }

When I tried to pass in the credential the other recommended way, I got this:

const admin = require('firebase-admin')
admin.initializeApp({                                                                                             
  credential: admin.credential.cert({
    projectId: //projectid,
    clientEmail: //client email,
    privateKey: //admin private key
  }),
  databaseURL: // firebaseio.com url
})

Then when I try to verify and look up a user:

admin.auth().verifyIdToken(token).then((decoded) => {
  // THIS WORKS SUCCESS! a decoded token
  console.log('decoded', decoded)
  // now look up the user information
  admin.auth().getUser(decoded.uid).then((userRecord) => {
    console.log('got user record', userRecord)
  }).catch((err) => {
    // Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    console.error(err)
  })
})

The last part to getUser fails with

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

Solution

  • The problem here is that the service account being used did not have explicit permissions on the project to download users.

    Turns out, the service account alone is all that is needed to decode tokens, but extra permissions are required for other operations like getUser(uid)

    To fix this, I had to go into the IAM section in the permissions on the project and add the email address for the server account with the appropriate permissions (I did editor).

    Steps

    • Settings Icon -> Permissions
    • IAM
    • + Add user icon
    • enter the email address of the service account credentials and assign a role