Can I create a federated user in firebase manually using admin authentication api?

Question

I've a web application built using firebase. In my web app, I've google, firebase, twitter signup/signin functionalities.

Now I want to integrate this with my api.ai agent and have a seamless account linking. Hence users will use their googel Home/ assistant app from mobile devices to connect to my agent. At this stage, I'll have the google account Id, google email, name of user.

If user already present, I can send the tokens required by my agent. But if the user is new, I want to create the account in my firebase database. I couldn't find a possibility to create a federated account in firebase manually (from nodejs application/ cloud function)!

I know there is a possibility to create a email + dummy password account but that is not what I am looking for. Because the user registered with dummy password when trying to login to my web app, would use their google signin feature.

If I create email and dummy password, the flow is not good and I've to force users to change password and link their google accounts again when they come to my web channel!

There is CLI approach, where I can import users from the file. If this is a possibility can someone please help me how I can get this done in a cloud function?

Answer 1

THIS IS NOT A COMPLETE ANSWER TO THE QUESTION

Based on the firebase tools import option I've created a trimed down gist, using which I am able to trigger the import from a cloud function. The only glitch I am facing is the place where I've to pass the Bearer access token for performing the action.

As of now, I've short-circuited the getAccessToken method inside the import/api.js. This is the place where I need help from Firebase team to get the access token straight for the firebase admin or bypass the check when the request is made from within a cloud function!

getAccessToken: function() {
    return Promise.resolve({access_token: accessToken});
    // return accessToken ? RSVP.resolve({access_token: accessToken}) : require('./auth').getAccessToken(refreshToken, commandScopes);
  },

In the above function the commented code is actually getting a running accessToken obtained by the user while performing the firebase import from the CLI tools. As a command line utility, asking user for getting permission works, but when running inside a cloud function, it should be one of following options that I could think off!

a) as the cloud functions are executing within the admin previleges, ignore the permissions! b) or provide means to get the access token straight from the admin SDK.

The gist is present in here in github. I took most of it as is from the firebase tools project and tweaked a bit to be able to make it work within the cloudFunctions. I tried to bring as minimal code from the firebase-tools as possible.

When I run this, the Errors I am getting at are at line 35 lib/import/api.js:

<<< HTTP RESPONSE BODY 
{  
   "error":{  
      "errors":[  
         {  
            "domain":"global",
            "reason":"authError",
            "message":"Invalid Credentials",
            "locationType":"header",
            "location":"Authorization"
         }
      ],
      "code":401,
      "message":"Invalid Credentials"
   }
}