Persistent "Missing or insufficient permissions" Error in Firebase Despite Open Rules and Disabled App Check

General
1

Hello,

I’m working on a Next.js application via FB prototyping, as I am not a hardcore developer in a managed development environment and have run into a complete blocker with both Firebase Authentication and Firestore. Any attempt to connect, either from the server-side or client-side, results in a permission error. I’m hoping someone can point me to a platform-level configuration I might be missing.

The Goal:
The primary goal is to allow users to register (Firebase Auth) and for the application to read from a premium_users collection in Firestore.

The Core Problem:
Every attempt to interact with Firebase services is met with a FirebaseError: Missing or insufficient permissions error. This happens on both the client-side (in the browser) and server-side (in Next.js server actions).

What We’ve Tried Chronologically:

  1. Initial Server-Side Auth: We started with a server action to create users using the Firebase Admin SDK. This repeatedly failed with app/invalid-credential and Could not refresh access token errors, indicating the server environment couldn’t get a valid OAuth2 token to communicate with Firebase services.

  2. Client-Side Auth & Firestore: We moved the logic to the client-side in the browser to bypass the server’s token issues. This also failed with Missing or insufficient permissions when trying to perform user creation or database reads.

  3. Isolating Firestore: To debug, we created a test page (/test-db) to perform a simple read query on the premium_users collection from the client. This became the focus of our debugging efforts.

  4. Iterating on Firestore Security Rules: We tried multiple variations of firestore.rules, including:

    • Specific rules allowing get and list on the premium_users collection.
    • Completely open rules for the entire database for debugging:
      rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if true;
    }
  }
}
    • Every variation resulted in the same Missing or insufficient permissions error.

  5. Disabling App Check: We have confirmed via the Firebase Console that App Check enforcement for Firestore is disabled. The error still persists.

  6. Query Simplification: We changed the client-side code from a filtered query (where(...)) to fetching the entire collection to rule out any missing composite index requirements. The error remains.

Code Implementation:

Our Firebase client is initialized in src/lib/firebase.ts like this:

// src/lib/firebase.ts
import { getApp, getApps, initializeApp } from 'firebase/app';
import { getFirestore } from 'firebase/firestore';

const firebaseConfig = {
  apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY,
  authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN,
  projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID,
  // ... other config values
};

const app = !getApps().length ? initializeApp(firebaseConfig) : getApp();
const firestore = getFirestore(app);

export { app, firestore };

The client-side query in our test page (/test-db) is implemented as follows:

// From a test component in src/app/test-db/page.tsx
"use client";
import { firestore } from '@/lib/firebase';
import { collection, getDocs } from 'firebase/firestore';

// ... inside an async function triggered by a button click
async function testFirestoreConnection() {
  try {
    if (!firestore) {
        throw new Error("Firestore is not initialized. Check your Firebase config.");
    }
    const querySnapshot = await getDocs(collection(firestore, "premium_users"));
    // Processing logic would go here, but it never reaches this point.
    console.log("Successfully fetched documents:", querySnapshot.size);
  } catch (error) {
    // This is where the "Missing or insufficient permissions" error is always caught.
    console.error(error);
  }
}

Current State & The Question:

We are at a point where even with completely open security rules and disabled App Check, a simple client-side getDocs() call is blocked. This strongly suggests the issue is not with the application code or the firestore.rules file, but a higher-level platform or Google Cloud configuration that is overriding these settings.

My question is: What other Firebase or Google Cloud settings could be causing a global block on all Firebase requests, resulting in a persistent “Missing or insufficient permissions” error, even when all standard security measures (Rules, App Check) are seemingly disabled or wide open?

Any pointers or suggestions for other areas to investigate would be greatly appreciated, as we are currently completely blocked from using any Firebase features.

2

@Edwin_Dingjan thank you for this very detailed report! I have opened a ticket internally about this issue. As a side note, I ran into the same issue myself over the weekend and was planning to report it as well.

[Internal ticket b/428675613]

1 Like
3

I’m posting a follow-up to my previous issue regarding a persistent FirebaseError: Missing or insufficient permissions error when connecting to Firestore from a Next.js app in a managed Firebase App Hosting environment.

The issue is now resolved.

Summary of the Problem

  • Client-side getDocs() calls to a Firestore collection consistently failed with Missing or insufficient permissions.
  • This occurred even with allow read, write: if true; in firestore.rules.
  • App Check was disabled for Firestore.
  • The Firestore Rules Playground correctly showed that the read operation should be allowed.
  • This combination strongly suggested a platform or environment-level block, not a rules or code issue.

The Solution

The root cause was that I was not using the (default) Firestore database instance. I had created and was attempting to connect to a named database within the same Firebase project.

The fix was to:

  1. Delete the named Firestore database.
  2. Use the (default) database instance instead.

Immediately after switching to the (default) database, the client-side connection worked perfectly without any other code changes.

Conclusion for Others

If you encounter a Missing or insufficient permissions error in a managed environment like Firebase App Hosting, and you are absolutely certain your Security Rules are correct and App Check is not the issue, check if you are using the (default) Firestore database.

It appears that some managed environments may have underlying network policies that only permit direct client-side SDK connections to the default database instance. Connections to other named databases in the project might be blocked, leading to this generic and misleading permission error.

Hopefully, this helps anyone else who runs into this frustrating blocker.

1 Like
4

Yep, had this happen too.
My custom named Firestore database was working fine one day, stopped the next.
Had to delete it and revert to (default).