Getting Firebase Access Token in Post Reg Hook

I have a post-registration hook (posted below) that I want to put user data into firebase post registration. This works great! However, only with no auth. When I add rule in firebase for only authenticated user’s to write data, I need to send the Firebase access_token at end of the URL according to the REST API. How do I get this Firebase Access Token within the Hook? This is web app using Lock, I have the id_token and access_token being saved in localstorage on the client.

module.exports = function (user, context, callback) {
  var request = require('request@2.56.0');
  var baseURL = "MY_FIREBASE_URL";
  var fbIdentity = {
    "identity": {
      "user_id": user.id,
      "email": user.email
    }
  };
  var putURL = baseURL + "/accounts/" + user.id + ".json?access_token=" + ACCESS_TOKEN;
  request.put({
    "url": putURL,
    "json": fbIdentity
  },
  function(err, response, body) {
    if (err) return callback(err);
    return callback(null, user, context);
  });
  
};

Well doing more research - I was able to get this working with the Legacy method, in Firebase project settings there is a tab “Service Workers” and there is a “database secret” you can use as your auth parameter:

var putURL = baseURL + “/accounts/” + user.id + “.json?auth=” + DBSECRET;

This does work and I can put data into firebase from this Auth0 hook, however, this is using the legacy method and I don’t know how much longer it will work.

There is a way to create a Service Account Key within Node.js:
https://firebase.google.com/docs/reference/admin/node/admin.credential

But I just can’t connect the dots here… to create a Service Account access token with this Auth0 Hook that will give access to the Rest API on my firebase for logged in users. I’m really surprised on lack of clear support on doing this, because I would think that putting user data into firebase when new user registers is the #1 use for Hooks.

For anyone who stumbles on this post with the same issue, I found a solution. Removing the “scope” to just “openid” solved this issue:

// Set the options to retreive a firebase delegation token
 var options = {
          id_token : authResult.idToken,
          api : 'firebase',
          scope : 'openid',
          target: auth0ClientId
 };