When using Cloud Functions for Firebase you might run into the following error when trying to create a custom token:
'The caller does not have permission; Please refer to https://firebase.google.com/docs/auth/admin/create-custom-tokens for more details on how to use and troubleshoot this feature.' }
This is happening when you call
admin.auth().createCustomToken(uid) and Cloud Functions don't have the required permissions.
You can change permissions by doing the following steps:
- Go to the Google Cloud Console - IAM permissions.
- Find the "Google Cloud Functions Service Agent" service account.
- Click on the edit (pencil) icon.
- Click on "Add another role"
- Search and add the "Service Account Token Creator" role.
It might seem pretty straightforward but I wasted some time because I was debugging the wrong service account (the one for the Admin SDK). So, make sure you've selected the "Google Cloud Functions Service Agent" option.