0

I initialize firebase-admin like so for firebase functions:

const admin = require('firebase-admin')
const { applicationDefault } = require('firebase-admin/app')

admin.initializeApp({
  credential: applicationDefault(),
  serviceAccountId: 'firebase-adminsdk-hash@project-id.iam.gserviceaccount.com',
})

I had to add the serviceAccountId so that I could access another IAM permission. But I'm not sure if it's now unnecessary use applicationDefault() as well. Does anyone know if this is considered redundant / contradicting?

Kevin Danikowski
  • 4,620
  • 6
  • 41
  • 75

1 Answers1

1

The short answer, in my opinion, would be: yes, it is redundant and inconsistent to specify the applicationDefault parameter as it is implicitly populated from the FIREBASE_CONFIG environment variable as explained in this previous question. (Please be aware the initialization can be different depending on the environment).

Here is a comparison from initializing the service account and the Cloud Functions together and impersonating the service account.

To get a more detailed explanation, we will need to dive into the documentation; we can see that the initializeApp() function has the AppOptions parameter (interface), where you can specify the serviceAccountId.

Finally, you can check all the functions from firebase-admin/app module, and get this description for the applicationDefault(httpAgent) function:

Returns a credential created from the Google Application Default Credentials that grants admin access to Firebase services. This credential can be used in the call to initializeApp().

Google Application Default Credentials are available on any Google infrastructure, such as Google App Engine and Google Compute Engine. See Initialize the SDK for more details.

Alex
  • 778
  • 1
  • 15