Firebase-admin-node: Why is passwordHash and passwordSalt only available with listUsers()?

Created on 4 Dec 2018  路  8Comments  路  Source: firebase/firebase-admin-node

node 6
"firebase-admin": "^5.11.0",
"firebase-functions": "0.9.1",

  • Firebase Product: auth

I'm trying to migrate the users from Project A to Project B. The tricky part is that users can continue to register on Project A and I want to automatically copy their userobj to Project B.
I was hoping to use the auth.onCreate trigger in combination with auth.importUsers

I used auth().getUser to get a userRecord. Unfortunately for me in order to create a proper userRecord for the importUsers function I need a passwordHash and passwordSald property. The value returned from getUser however doesn't have a correct passwordHash and it has undefined for passwordSalt.

If I use the auth().listUsers() function then the returned object has completly different password hash and salt. Why aren't we able access the password salt & hash with auth.getUser()?

The docs here https://firebase.google.com/docs/reference/admin/node/admin.auth.UserRecord state that passwordHash and passwordSalt is only available with listUsers(), but why?

auth feature request question

Most helpful comment

Is there any update on this issue?

All 8 comments

listUsers() API is designed to support the use case of migrating users across systems. getUser() is not designed for that. Over to @bojeil-google who can provide more context.

Hiranya's explanation is correct. listUsers() was designed to solve migration across systems. getUser() is not designed for that. It only returns one user at a time. The most common scenario we have seen where developers want to get the password hash and salt are in bulk for migration purposes. I will relay your request to see if we can support this use case and return the password hash and salt in getUser().

The same thing is working fine on my colleague's system (getting password hash's value), then why it is giving passwordhash undefined on my system.whenever i am using
" Admin.auth().getUserByEmail(email) "

showing below error:-
Screenshot_1

Screenshot_26

Versions of node and firebase is also same on both the machines.

Please let me know if you have any solution for this issue.

@ShashirajSingh I guess you need to add permissions in gcloud IAM account for the service account used in firebase. Try setting the service account as project owner for testing

Its working for me. Only in listUsers()

Hi, I am facing the same issue, and I tried to add the service account of the admin SDK as project owner in the IAM console (screenshot below) but it didn't the password hash and salt is still undefined.
Does anyone have any suggestions?
Thank's
image

Is there any update on this issue?

Ditto on updates for this issue. I was going to leverage the passwordHash for some one-time JWTs, but I don't think I can actually extract the passwordHash for just 1 user.

@hiranya911 @bojeil-google thoughts?

My workaround for this issue is that I store a random token in my database and change this random token whenever the password is changed (which I handle on my server).

It's pretty ugly, but until passwordHash is accessible via getUser or until listUsers lets you search by email address or uid or something, then it'll have to do.

Was this page helpful?
0 / 5 - 0 ratings