Firebase's Authentication section - how to connect

Describe the problem/error/question

I am trying to connect to Firebase’s “Authentication” section. When you log into Firebase you see this on the left hand site and can configure whether your application accepts email/password signups, unauthenticated, facebook, google etc.
Typically you can push,update and create certain things in there via REST endpoints if you are logged into the user account you’re making changes to. Ie a logged in user will get an idToken which will allow them to update their own password.
However, I am trying to do some more ‘admin’ type of functions. I want to search through all registered users using a provided uId. Normally to do this I need the admin-sdk in node.js but now I am trying to figure out how to replicate the functionality using n8n.

Please share your workflow

I don’t have a workflow to share - but I am keen to know if it’s possible and/or how.

I have currently tried using the firebase/firestore credentials but those nodes only look at the actual firestore databases so not really helpful.
So I thought I needed to do a custom http request node - but I don’t know what to set as my authentication credentials. I tried just applying the firebase/firestore credentials. I also tried setting up a ‘Google Service Account’ credential. I always get responses that I haven’t got the proper credentials.

Information on your n8n setup

• n8n version:
  1.1.1
• Database (default: SQLite):
  default
• n8n EXECUTIONS_PROCESS setting (default: own, main):
  default
• Running n8n via (Docker, npm, n8n cloud, desktop app):
  easypanel(docker)
• Operating system:
  Ubuntu

Hi @jatacid - welcome to the community

Do you have the correct scope set for your credential you’ve created when trying to use the HTTP request node? Firestore will require https://www.googleapis.com/auth/datastore, and you can find the scopes here for various Firebase functions: OAuth 2.0 Scopes for Google APIs  |  Authorization  |  Google for Developers

Thank you. I had the wrong scope set. When you say to use the http request module, what kind of auth option should I be using?
I tried the firestore database ones, set up a service account, oauth2, none seemed to accept my connection as authenticated

What’s the exact error are you getting when you try to use a generic Oauth 2 credential, or the Firestore credentials?

This is the error I get “Request had insufficient authentication scopes” Insufficient permission" “ACCESS_TOKEN_SCOPE_INSUFFICIENT”
Normally when using REST api as a regular authenticated customer you’d need to attempt a ‘login’ event to get an updated token & response token and since I am not passing this - it makes sense.

Screenshot 2023-08-09 182047739×888 48.3 KB

This is how I am trying to use the http request:

POST to:
https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=

Predefined Credential Type: Google OAuth2API with https://www.googleapis.com/auth/datastore as a scope:

Where ‘localId’ is the uid of the customer in firebase authentication.

Screenshot 2023-08-09 182207356×874 17 KB

Screenshot 2023-08-09 183027774×997 57.9 KB

Note- I was using:
…/auth/userinfo.email
…/auth/userinfo.profile
As my scopes before your message above, so I have just updated my ‘OAuth consent screen’ to also reference the /auth/datastore/ scope which is a ‘sensitive’ scope which needs approval to be validated. I am not sure if that would affect or change the error message I am seeing.

–

This is my a node.js file that performs what I needed - but obviously in a node env I have environment variables and the ‘firebase-admin’ sdk which allow me to connect like an admin and not require passing an ‘access token’. I don’t know the equivalent REST or cURL method to achieve this without the SDK.

Thanks so much for such a detailed post!

Would it be possible for you to (even temporarily) add that scope and see if that resolves the connection issue?

Ok will do, I’ll wait for it and update on here once it’s tried. I still suspect I’m missing something. Like the auth(). Getuser() function in the sdk is not the same as the /accounts/lookup rest endpoint so not sure what to do

Updating this.

So yeah the functionality I actually wanted to achieve is part of the admin sdk and doesn’t have a REST equivalent.

I was able to connect via one of the http auth credentials to these endpoints but I can’t tell you which, but I just needed to follow the flow of ‘logging in’ and getting the correct user tokens to be able to retrieve user details correctly. So that works. Just only I could retrieve my own user details not anyones.

So REST does work for that functionality.

For the admin sdk it needed a service account, and I needed to somehow install an npm module firebase-admin sdk so that it was ‘available’ to n8n’s code node.

Because I installed n8n through easypanel, there were no docs out there about how to do this and how to bind or what the paths were cos Easypanel handles the docker containerisation for me and I had no idea how it worked.

So leaving this here - for anyone else in a similar noob situation like me.

I used my host machine to npm install package a package somewhere. Namely /usr/local/lib because that’s apparently where global node_modules are generally added.

Then in Easypanel - on the advanced tab - where you configure your ‘docker mounts’.

I just needed to add a ‘Bind Mount’ with the path to the package as the value in both the Host path and mount path. /usr/local/lib/node_modules/xpackage

My understanding is that this creates an ‘alias’ or a way for the n8n docker container to access the files from the host machine.

It was super confusing with easypanel in the way, I wasn’t sure what directory or container I was in or referenced to. And why it needed to be in the /usr/local/lib/ directory on the mount (n8n) to be available to n8n I have no idea.

But yeah, I was able to get firebase-admin sdk installed, and authenticated.

I am using environment variables to store the admin credentials so they’re referenced in the code modules like $env.WHATEVER which I believe is secure enough - but @EmeraldHerald if this isn’t the case, or I shouldn’t be using n8n to access firebase authentication like this securely please share your thoughts for me (or anyone else who comes across this post).

Cheers!

Thanks so much for posting your solution - that’s incredibly helpful for future questions!

I’d assume that’s secure enough, but I don’t have too much Firebase experience. Someone else may chime in with a different solution, though!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.