Currently you are not able to use auth module without a service account

[tux2nicolae]

Reproduction

vuefire/packages/nuxt/src/runtime/auth/plugin-authenticate-user.server.ts

Line 20 in 687ce09

const adminAuth = getAdminAuth(firebaseAdminApp)

Steps to reproduce the bug

1. Enable auth module

  vuefire: {
    auth: {
      enabled: true,
    },
    ...
  }

2. Make sure you don't have the GOOGLE_APPLICATION_CREDENTIALS set

3. Run npm run dev or build for production

Expected behavior

You should be allowed to use auth module without a service account

Actual behavior

You get this error when using the auth module without a service account specified.

The default Firebase app does not exist. Make sure you call initializeApp() before using any of the Firebase services

---

I think the problem comes from here

vuefire/packages/nuxt/src/runtime/auth/plugin-authenticate-user.server.ts

Line 20 in 687ce09

const adminAuth = getAdminAuth(firebaseAdminApp)

the getAdminAuth() is always called regardless of the fact you may not have a service account.

If you move the const adminAuth = getAdminAuth(firebaseAdminApp) inside the if block if (auth.currentUser?.uid !== uid) the problem goes away, or maybe it should be here

vuefire/packages/nuxt/src/module.ts

Line 203 in 687ce09

addPlugin(resolve(runtimeDir, 'auth/plugin-authenticate-user.server'))

to add a if block if (nuxt.options.ssr && hasServiceAccount)

Additional information

Our use case is that, we don't have a service account because we don't need to render anything on the server based on authentication state, we are only using authentication on client side in some <client-only /> components

[Bre77]

I also have the same usecase, and in my case I cannot use firebase-admin because it isnt supported by edge workers, so by installing firebase-admin my Nuxt application fails, but without firebase-admin it fails to build all together.

Thanks to your context @tux2nicolae I was able to remove plugin-authenticate-user.server plug in which has seemly solved my build issues.

export default defineNuxtConfig({
  hooks:{
    "app:resolve": (app) => {
      app.plugins = app.plugins.filter(
        // Remove the VueFire authentication server plugin
        (p) => !p.src.includes("auth/plugin-authenticate-user.server")
      );
    },
  }
})

[aaaaahaaaaa]

@posva I think this is an actual issue and should not have been moved to a discussion. The module should support key-less authentication using the default credentials and not require a service account key file. Aside from security best practices, a very common use case would for example to run on GKE with Workload Identity.

[posva]

Not with SSR. If you want SSR you need the credentials

[aaaaahaaaaa]

What do you mean "not with SSR"?. I understand that it's not supported atm. But it's a valid feature request that it should.

[posva]

In order to SSR pages that use authentication, you need the credentials to render. You can disable ssr for specific pages too. It's a bit complicated to setup, I had a hard time myself, that's why I put up the examples: https://vuefire.vuejs.org/nuxt/deployment.html

[sl0wik]

I agree with @aaaaahaaaaa .

It's a common use case where e-commerce uses SSR for SEO on product pages and the entire user account section is available only with client-side rendering. The menu bar profile icon can be lazy-loaded client-side only.

[alimoabd2127]

Keyless would also be nice for local dev. Unless I've borked the setup, you currently cannot run with emulators without providing a service account key file. Once I provide my production file, it works but that shouldn't be required for only local dev.