Thanks for posting this, as it's the only fix I've found for this very specific issue anywhere.
I was having issues where my local version was creating a token without an issue (I checked and that service account has the Service Account Token Creator permissions), but production was giving that exact error.
I did what you suggested but I'm still getting that issue. In Firebase it is saying that the Firebase Service Account is not the one you pointed to. But that already has permissions. Any ideas what to do if even THIS doesn't work? :) Thanks!
Not sure but maybe you have the service account from your dev environment in production? In the IAM permissions console, double-check what email address is showing up in the "Member" column for the row with "name: firebase-adminsdk" and "role: Service Account Token Creator".
Your email address should be something like this: firebase-adminsdk-RANDOMCODE@PROJECT-NAME.iam.gserviceaccount.com.
If you have the correct value there, then maybe contact Firebase Support. They're usually pretty responsive.
Hey Marc, did you solve the issue? I'm facing the same problem.
I do have Service Account Token Creator set both firebase-adminsdk-RANDOMCODE@PROJE.... (already set before) and Google Cloud Functions Service Agent. My functions are working normally, but this one for creating custom token doesn't.
For me, it only worked when I started try adding the "Service Account Token Creator" role for each one of the members. It seams to did work after adding to myself (the owner)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for posting this, as it's the only fix I've found for this very specific issue anywhere.
I was having issues where my local version was creating a token without an issue (I checked and that service account has the Service Account Token Creator permissions), but production was giving that exact error.
I did what you suggested but I'm still getting that issue. In Firebase it is saying that the Firebase Service Account is not the one you pointed to. But that already has permissions. Any ideas what to do if even THIS doesn't work? :) Thanks!
Not sure but maybe you have the service account from your dev environment in production? In the IAM permissions console, double-check what email address is showing up in the "Member" column for the row with "name: firebase-adminsdk" and "role: Service Account Token Creator".
Your email address should be something like this:
firebase-adminsdk-RANDOMCODE@PROJECT-NAME.iam.gserviceaccount.com.If you have the correct value there, then maybe contact Firebase Support. They're usually pretty responsive.
Hey Marc, did you solve the issue? I'm facing the same problem.
I do have Service Account Token Creator set both firebase-adminsdk-RANDOMCODE@PROJE.... (already set before) and Google Cloud Functions Service Agent. My functions are working normally, but this one for creating custom token doesn't.
same here
For me, it only worked when I started try adding the "Service Account Token Creator" role for each one of the members. It seams to did work after adding to myself (the owner)