We’re trying to use Firebase Cloud Messaging (FCM) from a Google Cloud Function. We keep getting “SenderId mismatch”. Conceptually, I know what that means from reading dozens of other posts. But fixing it is another thing.

Here is what we are doing. First, we initialize Firebase the first time the cloud function runs.

FirebaseApp.initializeApp()

I assume the permissions are picked up, via Google Application Default Credentials, from IAM, where we have this configuration.

This is the service account under which the cloud function runs. We’ve added the Firebase Admin role to the service account so that it can use FCM.

Over on the Firebase side, here are the project settings that show the same service account linked to the firebase project.

And here is what it looks like from the Google Cloud Consoles APIs. That is the same Cloud Function service account.

Then an exception occurs when we try to send a notification.

String response = FirebaseMessaging.getInstance().send( message );

At this point, I don’t know what more to do. Why does FCM think we are attempting to send a message from an unauthorized ID?

UPDATE
I think the SenderID problem is related to IAM and permissions. For some reason, even though we give the Google Cloud Function the role of Firebase Admin, it doesn’t work.

When I look at how we do this in our App Engine app, the initialization uses a role from our Firebase project, like this:

FileInputStream serviceAccount = new FileInputStream( 
"WEB-INF/myproj-firebase-adminsdk-xyzabc.json" );

FirebaseOptions options = new FirebaseOptions.Builder()
    .setCredentials( GoogleCredentials.fromStream( serviceAccount ) )
    .setDatabaseUrl( "https://myproj.firebaseio.com" )
    .build();

We migrated FCM to a cloud function and tried to use Application Default Credentials (ADC).

FirebaseApp.initializeApp()

This doesn’t work.

Maybe ADC doesn’t work with cloud functions? Or maybe we need to initialize Firebase using the service account credentials json as we did with App Engine?

The problem with that is that I don’t know how to load the service.json account file into the cloud function and read it from the cloud function. Are there any examples?

I still think the ADC method is better. But at this point I’ll use whatever works.