Skip to content
Latchkey

Firebase "Authentication Error: Your credentials are no longer valid" in CI

The Firebase CLI had credentials but the identity provider rejected them. A FIREBASE_TOKEN (from the deprecated firebase login:ci) or a stored login has expired or been revoked, so the CLI can no longer act on your behalf.

What this error means

A command that worked before now fails with "Error: Authentication Error: Your credentials are no longer valid. Please run firebase login --reauth".

firebase
Error: Authentication Error: Your credentials are no longer valid. Please run firebase login --reauth

Common causes

An expired or revoked FIREBASE_TOKEN

A CI token from firebase login:ci can be revoked or invalidated. The --token / FIREBASE_TOKEN flow is deprecated and prone to this.

A rotated or deleted service account key

If the service account key was rotated or the account disabled, the previously working credentials stop authenticating.

How to fix it

Move to a service account

  1. Stop using FIREBASE_TOKEN; it is deprecated for CI.
  2. Create a service account key and store it as a secret.
  3. Set GOOGLE_APPLICATION_CREDENTIALS to the written key file.
.github/workflows/ci.yml
env:
  GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcp-key.json
run: |
  echo '${{ secrets.FIREBASE_SERVICE_ACCOUNT }}' > "$GOOGLE_APPLICATION_CREDENTIALS"
  firebase deploy --project my-project

Regenerate the key if it was rotated

If you must keep a key, generate a fresh service account key in the console and update the CI secret in one place.

How to prevent it

  • Prefer service account credentials over firebase login:ci tokens in CI.
  • Rotate keys on a schedule and update the secret centrally.
  • Do not commit tokens; keep them in CI secrets only.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →