Firebase REST API Delete user

Question

did anybody had to delete user from Firebase auth, without being logged in.

In Firebase API to delete user is:

https://identitytoolkit.googleapis.com/v1/accounts:delete?key=[API_KEY]

and I have to provide idToken "The Firebase ID token of the user to delete".

I have database of users.. and when I have to delete some user how I can obtain idToken.. as I am admin and I want to just delete user, I don't know user's password in order to login and obtain idToken...

My question is, can user be deleted by just sending user's UID or... can I obtain idToken without user's password.

Thank you!

Answer 1

You can use the admin sdk deleteUser method with user's id to go around this. You'll need to either create a firebase function with elevated admin or use REST API directly, but for REST API, you need to get an admin access_token for that first (this is a bit involved as you need to create a request payload and sign it yourself and then request the token, and use that token with the accounts:update endpoint).

All identity toolkit endpoints accept an admin access_token even though this is not listed in the documentation. This is a way for you to use identity toolkit without any bulky sdk.

Check this method here to start: https://github.com/firebase/firebase-admin-node/blob/master/src/auth/base-auth.ts#L448

Answer 2

In order to get the idtoken of a user you need to call the Refresh token API

https://firebase.google.com/docs/reference/rest/auth#section-refresh-token

This gives you an idtoken as a response and then you can call the delete API

https://firebase.google.com/docs/reference/rest/auth#section-delete-account

The easiest way you can delete users in bulk is discussed here

Deleting users in bulk in Firebase

You just need to read the uids from a file (say csv).

If there are less than 20 users, the best way is to delete via the Firebase Web console by searching the uid of user you want to delete.