Quota error in Terraform Firebase Authentication Identitytoolkit

I was trying to follow the Terraform Guide on Firebase

but I am always ending up with the same error (I tried multiple versions) with my firebase authentication on terraform apply

 Error: Error creating Config: googleapi: Error 403: Your application is authenticating by using local Application Default Credentials. The identitytoolkit.googleapis.com API requires a quota project, which is not set by default. To learn how to set your quota project, see documentation
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/123456",
│

 "service": "identitytoolkit.googleapis.com"

│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ 
│   with google_identity_platform_config.default,
│   on main.tf line 68, in resource "google_identity_platform_config" "default":
│   68: resource "google_identity_platform_config" "default" {

Creating the project in firebase works fine, also stuff like firestore (which I excluded from this sample), but the authentication does not work. The error message looks quite clear, but I can not find anything in the documentation where to “set a quota” in terraform.

Here is the main.tf:


terraform {
  required_providers {
    google-beta = {
      source  = "hashicorp/google-beta"
      version = "~> 4.84.0"
    }
  }
}

provider "google-beta" {
  user_project_override = true
}

provider "google-beta" {
  alias = "no_user_project_override"
  user_project_override = false
}

resource "google_project" "default" {
  provider   = google-beta.no_user_project_override
  name       = "My Terraform Test"
  project_id = "myterraformtest1"
  billing_account = var.billing_account 

  labels = {
    "firebase" = "enabled"
  }
}

resource "google_project_service" "default" {
  provider = google-beta.no_user_project_override
  project  = google_project.default.project_id
  for_each = toset([
    "cloudbilling.googleapis.com",
    "cloudresourcemanager.googleapis.com",
    "firebase.googleapis.com",
    "serviceusage.googleapis.com",
    "identitytoolkit.googleapis.com", 
  ])
  service = each.key
  disable_on_destroy = false
}

resource "google_firebase_project" "default" {
  provider = google-beta
  project  = google_project.default.project_id
  depends_on = [
    google_project_service.default
  ]
}

resource "google_identity_platform_config" "default" {
  project = google_project.default.project_id
  autodelete_anonymous_users = true
  sign_in {
    allow_duplicate_emails = true
    email {
        enab
1 Like

I hope someone can share the answer. Because I got the similar error with Error: when reading or editing IdentityPlatformConfig “projects/stock-firebase-project/config”: googleapi: Error 403: Your application is authenticating by using local Application Default Credentials. The identitytoolkit.googleapis.com API requires a quota project, which is not set by default. To learn how to set your quota project, see Troubleshoot your ADC setup  |  Authentication  |  Google Cloud. Even after I run gcloud auth application-default set-quota-project <quota-project> it still not work.

I also got nothing on my Stackoverflow post
https://stackoverflow.com/questions/78389593/quota-error-in-terraform-firebase-authentication-identitytoolkit

The following update to the provider worked.

provider "google" {
  project               = var.project_id
  billing_project       = var.project_id
  user_project_override = true
}

Same error here as well. I think it is basically stating that in order to set the “identitytoolkit.googleapis.com”, your account needs that is running the terraform needs to set “quota project” for that identity which you can do so by:

gcloud auth application-default set-quota-project <YOUR-PROJECT-ID>

However there may be something else missing as well.

module.google_idp_oauth.google_identity_platform_config.default: Creating...
╷
│ Error: Error creating Config: googleapi: Error 403: Your application is authenticating by using local Application Default Credentials. The identitytoolkit.googleapis.com API requires a quota project, which is not set by default. To learn how to set your quota project, see https://cloud.google.com/docs/authentication/adc-troubleshooting/user-creds .
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/<REDUCTED>",
│       "service": "identitytoolkit.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ 
│   with module.google_idp_oauth.google_identity_platform_config.default,
│   on module/google_idp_oauth/main.tf line 6, in resource "google_identity_platform_config" "default":
│    6: resource "google_identity_platform_config" "default" {
│