This SDK works with immutable objects until noted otherwise. You can recognize these objects when they have a ˚`with*``method. In that case, please keep in mind that in order to get hold of the changes you made, you will have to use the result of that method, e.g. $changedObject = $object->withChangedProperty();.

Call to private method …

If you receive an error like

Fatal error: Uncaught Error: Call to private method Kreait\Firebase\ServiceAccount::fromJsonFile()

you have most likely followed a tutorial that is targeted at Version 4.x of this release and have code that looks like this:

$serviceAccount = ServiceAccount::fromJsonFile(__DIR__.'/google-service-account.json');
$firebase = (new Factory)

$database = $firebase->getDatabase();

Change it to the following:

$factory = (new Factory)->withServiceAccount(__DIR__.'/google-service-account.json');

$database = $factory->createDatabase();

PHP Parse Error/PHP Syntax Error

If you’re getting an error in the likes of

PHP Parse error: syntax error, unexpected ':', expecting ';' or '{' in ...

the environment you are running the script in does not use PHP 7.x. You can check this by adding the line

echo phpversion(); exit;

somewhere in your script.

Class ‘Kreait\Firebase\ …’ not found

You are not using the latest release of the SDK, please update your composer dependencies.

Call to undefined function openssl_sign()

You need to install the OpenSSL PHP Extension:

cURL error XX: …

If you receive a cURL error XX: ..., make sure that you have a current CA Root Certificates bundle on your system and that PHP uses it.

To see where PHP looks for the CA bundle, check the output of the following command:


which should lead to an output similar to this:

array(8) {
    'default_cert_file' =>
    string(32) "/usr/local/etc/openssl/cert.pem"
    'default_cert_file_env' =>
    string(13) "SSL_CERT_FILE"
    'default_cert_dir' =>
    string(29) "/usr/local/etc/openssl/certs"
    'default_cert_dir_env' =>
    string(12) "SSL_CERT_DIR"
    'default_private_dir' =>
    string(31) "/usr/local/etc/openssl/private"
    'default_default_cert_area' =>
    string(23) "/usr/local/etc/openssl"
    'ini_cafile' =>
    string(0) ""
    'ini_capath' =>
    string(0) ""

Now check if the file given in the default_cert_file field actually exists. Create a backup of the file, download the current CA bundle from and put it where default_cert_file points to.

If the problem still occurs, another possible solution is to configure the curl.cainfo setting in your php.ini:

curl.cainfo = /absolute/path/to/cacert.pem

ID Tokens are issued in the future

When ID Token verification fails because of an IssuedInTheFuture exception, this is an indication that the system time in your environment is not set correctly.

If you chose to ignore the issue, you can catch the exception and return the ID token nonetheless:

use Firebase\Auth\Token\Exception\InvalidToken;
use Firebase\Auth\Token\Exception\IssuedInTheFuture;

$auth = $factory->createAuth();

try {
    return $auth->verifyIdToken($idTokenString);
} catch (IssuedInTheFuture $e) {
    return $e->getToken();
} catch (InvalidIdToken $e) {
    echo $e->getMessage();

“403 Forbidden” Errors

Under the hood, a Firebase project is actually a Google Cloud project with pre-defined and pre-allocated permissions and resources.

When Google adds features to its product line, it is possible that you have to manually configure your Firebase/Google Cloud Project to take advantage of those new features.

When a request to the Firebase APIs fails, please make sure that the according Google Cloud API is enabled for your project:

Please also make sure that the Service Account you are using for your project has all necessary roles and permissions as described in the official documentation at Manage project access with Firebase IAM.

Proxy configuration

If you need to access the Firebase/Google APIs through a proxy, you can configure the SDK to use one via Guzzle’s proxy configuration:

$factory = $factory->withHttpProxy('tcp://<host>:<port>');

Debugging API requests

In order to debug HTTP requests to the Firebase/Google APIs, you can set Guzzle’s debug option to true in the HTTP client config:

$factory = $factory->withEnabledDebug();