Firebase documentation is self-explanatory. Check this particular section in their docs to learn how to create a client secret and use glcoud CLI.
If you want to access services like Firestore, you have to add necessary scopes. Check this reference to find out how to use the flag.
Example command with Firestore permissions:
Once you are authenticated, it will save credentials here:
The main advantage is that you can delete your client secret file after using gcloud auth the command. As you can see in the docs, firebase-admin can use default credentials in order to authenticate to Firebase services.
The main disadvantage is that we can’t automate the process of creating client secrets. You have to go to the GCP UI and manually create them. It’s so much better if we can automate this process because then we can plug the whole process into a Yarn/NPM script and forget about it.
According to GCP, we can use gcloud alpha iap oauth-clients command to create client id files, but it doesn’t have a flag to pass application-type which we need to set as Desktop in order to use it with Firebase.
The same issue applies to their REST API.
There is a resource called google_iap_client in Terraform. But again, we can’t pass application-type here as well.
These GCP’s tools are still in alpha/beta state and hopefully, in the future, they will add all the flags we need.