javascript - Firebase Admin Storage: The caller does not have permission - Stack Overflow

admin管理员组

文章数量:1391981

I have a project that uses the default bucket on Firebase Admin.

I have the following line:

const [url] = await blob.getSignedUrl({ action: 'read', expires: Date.now() + 60 * 1000, contentType: mimetype })

When my HTTPS callable function is called, the line above throws the error bellow:

Unhandled error Error: The caller does not have permission
    at Gaxios._request (/workspace/node_modules/gaxios/build/src/gaxios.js:129:23)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async Compute.requestAsync (/workspace/node_modules/google-auth-library/build/src/auth/oauth2client.js:368:18)
    at async GoogleAuth.signBlob (/workspace/node_modules/google-auth-library/build/src/auth/googleauth.js:655:21)
    at async sign (/workspace/node_modules/@google-cloud/storage/build/src/signer.js:97:35) {
  name: 'SigningError'
} 

What I am doing wrong?

I have a project that uses the default bucket on Firebase Admin.

I have the following line:

const [url] = await blob.getSignedUrl({ action: 'read', expires: Date.now() + 60 * 1000, contentType: mimetype })

When my HTTPS callable function is called, the line above throws the error bellow:

Unhandled error Error: The caller does not have permission
    at Gaxios._request (/workspace/node_modules/gaxios/build/src/gaxios.js:129:23)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async Compute.requestAsync (/workspace/node_modules/google-auth-library/build/src/auth/oauth2client.js:368:18)
    at async GoogleAuth.signBlob (/workspace/node_modules/google-auth-library/build/src/auth/googleauth.js:655:21)
    at async sign (/workspace/node_modules/@google-cloud/storage/build/src/signer.js:97:35) {
  name: 'SigningError'
} 

What I am doing wrong?

• javascript
• firebase
• google-cloud-storage

Share Improve this question Follow asked Sep 22, 2021 at 17:20 RodrigoRodrigo 5511616 gold badges7676 silver badges162162 bronze badges 2

• Please give full code of upload file also check security rules in firebase console – Prince Hamza Commented Sep 22, 2021 at 20:05
• This is happen on firebase admin SDK, all rules are by passed by the admin. And all rules are open. – Rodrigo Commented Sep 23, 2021 at 11:41

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 10

• There is already an open GitHub issue on this. If this is exactly what you are looking for, you can go through the solution listed on GitHub issue which is :

  Go to your project's Cloud Console > IAM & admin > IAM, Find the App Engine default service account and add the Service Account Token Creator role to that member. This will allow your app to create signed public URLs to the images.

• If it did not work for you, try updating IAM roles. From the firebaseSA.json file look if the associated email has these roles:

  Firebase Admin SDK Administrator ,Service Agent, Service Account
  Token Creator ,Pub/Sub Publisher, Storage Admin
  

• If still it didn’t work for you, try running your application with another Service account that has all possible Cloud Storage permissions, does it work? If yes, it would mean that your current Service requires additional permissions to execute the function. You can check what permissions to give in the Cloud Storage IAM Roles

本文标签： javascriptFirebase Admin Storage The caller does not have permissionStack Overflow