错误: 错误: 1E08010C: DECODER 常规程序:: 未使用 Google auth 库支持
原标题:Error: error:1E08010C:DECODER routines::unsupported with Google auth library
最佳回答
Answering this as community wiki. As mentioned above in comments by John Hanley
Do not store service accounts in environment variables.
If you do, do not break the service account into pieces. Base64 encode the entire service account, store it in a variable, and then Base64 decode it when required.
Your code is failing because the client is being set up with bad credentials. Most likely a corrupted private key.
问题回答
I got same issue and fixed it by replacing raw
character with the newline character. Probably you get the key as raw data from your environment and
character in the raw is not treated as a newline character. You can try this:
private_key: process.env.PRIVATE_KEY.split(String.raw`
`).join(
),
you can base64 encode the entire service account JSON and store it in an environment variable. Here s how you can adjust your code accordingly:
Base64 Encode the Service Account JSON using any online tools ex. https://www.base64encode.org/
Store the Base64-encoded String in Environment Variable
BASE64_ENCODED_SERVICE_ACCOUNT=your-base64-encoded-service-account
Decode it in your code and use it like that
const base64EncodedServiceAccount = process.env.BASE64_ENCODED_SERVICE_ACCOUNT;
const decodedServiceAccount = Buffer.from(base64EncodedServiceAccount, base64 ).toString( utf-8 );
const credentials = JSON.parse(decodedServiceAccount);
Edits-1
To encode your secret key without using online tools, you can use this Python script to encode it yourself then use it.
import base64
secret_key = "your_secret_key_here"
encoded_key_str = base64.b64encode(secret_key.encode( utf-8 )).decode( utf-8 )
print("Base64 Encoded Key:", encoded_key_str)
I think you need to check the .env file and make sure you don t have any extra characters added to the private key for example a comma "," at the end. that s the reason i was getting this error for me .
make both keys in .env to be one line only (the only way that worked for me)
PUBLIC_KEY="-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----"
PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----"
The following was the only solution that worked for me
private_key: process.env.PRIVATE_KEY.replace(/\n/gm, "
"),
If you have recently upgraded your openssl to version 3, you may have to enable legacy certs in the /etc/ssl/openssl.cnf file:
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
legacy = legacy_sect
[default_sect]
activate = 1
[legacy_sect]
activate = 1
This information is from the OpenSSL WIKI
On your local env you should have it in on one line and with "": PUBLIC_KEY="-----BEGIN PUBLIC KEY-----
your key
-----END PUBLIC KEY-----"
And on deployed env you should have it without "": PUBLIC_KEY=-----BEGIN PUBLIC KEY-----
your key
-----END PUBLIC KEY-----
Also, on public key variable put: .replace(/\n/g,"
")
This worked for me.
This will solve the issue:
While reading the env variable do it this way.
const credential = JSON.parse(
(process.env.GOOGLE_PRIVATE_KEY as string).toString().replace(/
/g,"")
);
key: credential.private_key,
The private key must be
GOOGLE_PRIVATE_KEY= {"---"} // in .env.local
But while putting the key to some hosting platform (vercel in my case) make it
GOOGLE_PRIVATE_KEY={"---"} // in vercel environment variable value
For me, the issue was that pasting this key inside of the AWS Lamda env variable removed the formatting. I added this logic to re-create the formatting:
const privateKey = process.env.GITHUB_PRIVATE_KEY.replace(/s/g, )
.replace(
/-----BEGINRSAPRIVATEKEY-----/,
-----BEGIN RSA PRIVATE KEY-----
)
.replace(/-----ENDRSAPRIVATEKEY-----/,
-----END RSA PRIVATE KEY----- )
.replace(/(.{64})/g, $1
)
this works for me:
echo -n "-----BEGIN PRIVATE KEY-----adsfasdfasfsdfa
...private key content...
-----END PRIVATE KEY-----
" | base64
set the result of base64 in your .env file or config environment
import * as admin from firebase-admin ;
import { ServiceAccount } from firebase-admin ;
import * as dotenv from dotenv ;
dotenv.config();
const privateKeyBase64 = process.env.FIREBASE_PRIVATE_KEY;
if (!privateKeyBase64) {
throw new Error("FIREBASE_PRIVATE_KEY_BASE64 no está definida");
}
const privateKey = Buffer.from(privateKeyBase64, base64 ).toString( utf-8 );
const firebaseConfig = {
type: process.env.FIREBASE_TYPE,
project_id: process.env.FIREBASE_PROJECT_ID,
private_key_id: process.env.FIREBASE_PRIVATE_KEY_ID,
private_key: privateKey,
client_email: process.env.FIREBASE_CLIENT_EMAIL,
client_id: process.env.FIREBASE_CLIENT_ID,
auth_uri: process.env.FIREBASE_AUTH_URI,
token_uri: process.env.FIREBASE_TOKEN_URI,
auth_provider_x509_cert_url: process.env.FIREBASE_AUTH_PROVIDER_X509_CERT_URL,
client_x509_cert_url: process.env.FIREBASE_CLIENT_X509_CERT_URL,
universe_domain:process.env.FIREBASE_UNIVERSE_DOMAIN
};
admin.initializeApp({
credential: admin.credential.cert(firebaseConfig as admin.ServiceAccount),
databaseURL: "https://your-database-url.com"
});
const db = admin.firestore();
export { db };
If you are using AWS elastic beanstalk the
gets turned into just n. You can select all
and add an extra to make them all \n. Then when the first gets removed you still have the 2nd one. This is as an env variable under config for beanstalk. Node v 18.
You also need to do a string replace on the env when you call it:
const privateKey = process.env.GOOGLEAPI_PRIVATEKEY?.replace(/\n/gm,
);
