Admin SDK Auth Migration Guide

The following versions of the Admin SDKs introduce breaking changes in authentication support:

  • Java SDK 5.0.0
  • Node SDK 5.0.0
  • Python SDK 2.0.0

Migrate existing authentication code to the new versions using the instructions in this guide.

Admin Java SDK (5.0.0)

Use setCredential() in FirebaseOptions.Builder

The deprecated method FirebaseOptions.Builder.setServiceAccount() has been removed. If your app uses this method, update it to use the setCredential() method instead.

Before

FirebaseOptions options = new FirebaseOptions.Builder()
    .setServiceAccount(getCredentialAsStream())
    .build();

After

FirebaseOptions options = new FirebaseOptions.Builder()
    .setCredential(FirebaseCredentials.fromCertificate(getCredentialAsStream()))
    .build();

Also note that calling Builder.setCredential() when creating a FirebaseOptions instance is now mandatory. Calling Builder.build() without specifying a credential results in a runtime exception.

Handle errors thrown by factory methods in FirebaseCredentials

Following factory methods in the FirebaseCredentials class may now throw IOExceptions:

  • fromCertificate()
  • fromRefreshToken()

Modify your code to handle them.

Before

FirebaseCredential credential = FirebaseCredentials.fromCertificate(stream);

After

try {
    FirebaseCredential credential = FirebaseCredentials.fromCertificate(stream);
} catch (IOException e) {
    // handle error
    log.error("Failed to load Firebase credential", e);
}

Update custom implementations of FirebaseCredential

The FirebaseCredential interface has been changed as follows:

Before

Task<String> getAccessToken(boolean forceRefresh);

After

Task<GoogleOAuthAccessToken> getAccessToken();

GoogleOAuthAccessToken is a new public type that encapsulates both the access token (String) and its expiry time (long), returned in an object. Users that provide custom implementations of this interface should implement the new method.

Admin Node SDK (5.0.0)

Use the credential property in admin.app.AppOptions

The deprecated property serviceAccount has been removed. If your app uses this property, update it to use the credential property instead.

Before

admin.initializeApp({
    serviceAccount: 'path/to/key.json'
});

After

var key = require("path/to/serviceAccountKey.json");
admin.initializeApp({
    credential: admin.credential.cert(key)
});

Note that setting the credential property when initializing an app is now mandatory. Calling initializeApp without specifying a credential results in an exception.

Update references to admin.auth.UserMetadata

Properties in the UserMetadata class have been changed as follows:

  • createdAt is now creationTime
  • lastSignedInAt is now lastSignInTime

Before

admin.auth().getUser(uid)
  .then(function(userRecord) {
    var createdAt = userRecord.metadata.createdAt; // Date
    var lastSignedInAt = userRecord.metadata.lastSignedInAt // Date
  })
  .catch(function(error) {
    console.log("Error fetching user data:", error);
  });

After

admin.auth().getUser(uid)
  .then(function(userRecord) {
    var createdAt = userRecord.metadata.creationTime; // UTC string
    var lastSignedInAt = userRecord.metadata.lastSignInTime // UTC string
  })
  .catch(function(error) {
    console.log("Error fetching user data:", error);
  });

Admin Python SDK (2.0.0)

Dependency on oauth2client replaced with google-auth

Firebase Admin Python SDK no longer depends on the oauth2client library. Instead, the SDK now uses the new google-auth library.

verify_id_token() raises ValueErrors

If you have code that explicitly handles specific exception types raised by the verify_id_token() function, update your code as shown below.

Before

try:
  claims = auth.verify_id_token(token)
except oauth2client.crypt.AppIdentityError:
  handle_error()

After

try:
  claims = auth.verify_id_token(token)
except ValueError:
  handle_error()

If your code does not catch exceptions or catches Python's base Exception type, no changes are necessary.

Send feedback about...

Need help? Visit our support page.