Login/Register
Delete all users from the new firebase auth emulator
Asked Answered
Solved firebasefirebase-authenticationfirebase-admin
V

2

11

I'm playing around with the new firebase auth emulator (on the node admin SDK), and have made some tests that run perfectly if I manually delete the created users between each test, but I can't seem to automatically delete them?

I've used the endpoint defined here in my beforeEach(), but I get an "Response code 401, unauthorized" back from the response call?

Endpoint: delete: http://localhost:9099/emulator/v1/projects/{project-id}/accounts

I just tried using Postman to send the call, and it responded with the following:

{
    "error": {
        "code": 401,
        "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
        "errors": [
            {
                "message": "Login Required.",
                "domain": "global",
                "reason": "required",
                "location": "Authorization",
                "locationType": "header"
            }
        ],
        "status": "UNAUTHENTICATED"
    }
}

The URL in the error didn't seem to give me much help beyond adding a google button to a web app, which pointed me to creating an OAuth2 web account. I entered the localhost:9099 into my existing one, but don't know where I should use the client ID and the client secret? If they are what I should use at all.

I know I need some sort of Authorization header for the delete call, but I just don't get what I should put in that header, or how.

Thank you for any insight into this.

Edit: I've now tried the following Authorization headers:

"admin"

"" (an empty string)

The full token generated by firebase.options.credential.getAccessToken()

The access_token field of the above token

The id_token field of the above token.

The token itself looks like this (redacted some fields):

{ 
"access_token":
       "[access token string here]",
    "expires_in": 3599,
    "scope":
       "openid https://www.googleapis.com/auth/firebase https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloudplatformprojects.readonly",
    "token_type": "Bearer",
    "id_token":
       "[id token string here]"
}
Venal answered 15/11, 2020 at 14:21 Comment(8)
Try sending the Authorization: Bearer owner header in your request. However, I doubt that you will be able to delete all the users by issuing a DELETE request on the /accounts endpoint. At least, that's not how the prod Firebase Auth service works.Interlunar
As far as I could tell from the documentation, the emulator has this endpoint. I'll try this later today, thanks.Venal
The endpoint does exist, but DELETE /accounts doesn't delete all accounts.Interlunar
@HiranyaJayathilaka Then why does it say "Remove all accounts in the specified project [...]" here: firebase.google.com/docs/reference/rest/… on that endpoint in the documentation? Is it just that the emulator and the actual service are different? I haven't used the API for the service, only Admin SDK/React Native Firebase.Venal
That's probably only supported in the emulator. Production API doesn't support it as far as I know. This is why the POST /accounts:batchDelete API exists in the prod API.Interlunar
This endpoint just returns a 404 error on the emulator. I guess some things are different. I edited the question with the various things I've tried. Might try and contact Firebase directly. @HiranyaJayathilakaVenal
Emulator accepts the Bearer owner as the Authorization header. Have you tried that?Interlunar
Wrote this as the answer.Venal
G
11

Thanks! However, I wanted using this with a curl format to get this on a npm script, so here is what I used:

curl -H 'Authorization: Bearer owner' -X DELETE http://localhost:9099/emulator/v1/projects/<projectid>/accounts

the response should be:

{}
Gerladina answered 3/12, 2020 at 13:24 Comment(2)
Tks. Solve it for me. They should add this to the docs. I couldn't find it anywhere.Alvord
The link to the docs are here: firebase.google.com/docs/reference/rest/auth/…Parasang
V
2

I figured it out! When the admin generates a token, I use the access_token field part of this token and add the header Authorization: 'Bearer' + access_token to the delete request. Thanks for the help.

(This is an emulator-only endpoint)

Edit: I could just use the string "owner" as the token... Took me a while to get that, but now it works.

Venal answered 19/11, 2020 at 13:35 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.