The following versions of the Admin SDKs introduce breaking changes in authentication support:
- Java SDK 5.0.0
- Node SDK 5.0.0
- Python SDK 2.0.0
Migrate existing authentication code to the new versions using the instructions in this guide.
Admin Java SDK (5.0.0)
Use setCredential() in FirebaseOptions.Builder
The deprecated method FirebaseOptions.Builder.setServiceAccount() has
been removed. If your app uses this method, update it to use the setCredential() method instead.
Before
FirebaseOptions options = new FirebaseOptions.Builder()
.setServiceAccount(getCredentialAsStream())
.build();
After
FirebaseOptions options = new FirebaseOptions.Builder()
.setCredential(FirebaseCredentials.fromCertificate(getCredentialAsStream()))
.build();
Also note that calling Builder.setCredential() when creating a
FirebaseOptions
instance is now mandatory. Calling Builder.build() without specifying a
credential results in a runtime exception.
Handle errors thrown by factory methods in FirebaseCredentials
Following factory methods in the FirebaseCredentials class may now throw
IOExceptions:
fromCertificate()fromRefreshToken()
Modify your code to handle them.
Before
FirebaseCredential credential = FirebaseCredentials.fromCertificate(stream);
After
try {
FirebaseCredential credential = FirebaseCredentials.fromCertificate(stream);
} catch (IOException e) {
// handle error
log.error("Failed to load Firebase credential", e);
}
Update custom implementations of FirebaseCredential
The FirebaseCredential interface has been changed as follows:
Before
Task<String> getAccessToken(boolean forceRefresh);
After
Task<GoogleOAuthAccessToken> getAccessToken();
GoogleOAuthAccessToken is a new public type that encapsulates both the access
token (String) and its expiry time (long), returned in an object. Users that
provide custom implementations of this interface should implement the new
method.
Admin Node SDK (5.0.0)
Use the credential property in admin.app.AppOptions
The deprecated property serviceAccount has been removed. If your app uses this
property, update it to use the credential property instead.
Before
admin.initializeApp({
serviceAccount: 'path/to/key.json'
});
After
var key = require("path/to/serviceAccountKey.json");
admin.initializeApp({
credential: admin.credential.cert(key)
});
Note that setting the credential property when initializing an app is now
mandatory. Calling initializeApp without specifying a credential results in
an exception.
Update references to admin.auth.UserMetadata
Properties in the UserMetadata class have been changed as follows:
createdAtis nowcreationTimelastSignedInAtis nowlastSignInTime
Before
admin.auth().getUser(uid)
.then(function(userRecord) {
var createdAt = userRecord.metadata.createdAt; // Date
var lastSignedInAt = userRecord.metadata.lastSignedInAt // Date
})
.catch(function(error) {
console.log("Error fetching user data:", error);
});
After
admin.auth().getUser(uid)
.then(function(userRecord) {
var createdAt = userRecord.metadata.creationTime; // UTC string
var lastSignedInAt = userRecord.metadata.lastSignInTime // UTC string
})
.catch(function(error) {
console.log("Error fetching user data:", error);
});
Admin Python SDK (2.0.0)
Dependency on oauth2client replaced with google-auth
Firebase Admin Python SDK no longer depends on the oauth2client library. Instead, the SDK now uses the new google-auth library.
verify_id_token() raises ValueErrors
If you have code that explicitly handles specific exception types raised by the
verify_id_token() function, update your code as shown below.
Before
try:
claims = auth.verify_id_token(token)
except oauth2client.crypt.AppIdentityError:
handle_error()
After
try:
claims = auth.verify_id_token(token)
except ValueError:
handle_error()
If your code does not catch exceptions or catches Python's base Exception
type, no changes are necessary.