Firestore not working on ADK agent deployed to Agent Engine

My ADK agent works fine locally when running on adk web, but the instance running on Agent Engine always fails to read and write data from firestore. I get an error saying 403 Missing or insufficient permissions. I've given the service account all sorts of permissions like Cloud Datastore Owner, Firebase Admin, nothing seems to work. Any clues?

This is a before agent callback:

from typing import Optional
from google.adk.agents.callback_context import CallbackContext
from google.genai import types
from google.cloud import firestore
PROJECT_ID = "my_project_id"
db = firestore.Client(project=PROJECT_ID)
def before_agent_callback(callback_context: CallbackContext) -> Optional[types.Content]:
 """
 Minimal before-agent callback:
 - Reads user_id from the session (callback_context.session or _invocation_context.session)
 - Stores it in state as 'user:uid' if not already present
 - Fetches Firestore doc at users/{uid}/profile/info if 'user:profile' is missing
 - Stores the raw Firestore dict (or {}) in state as 'user:profile'
 """
 state = callback_context.state
 if "user:uid" not in state or not state.get("user:uid"):
 session = getattr(callback_context, "session", None)
 if session is None:
 inv_ctx = getattr(callback_context, "_invocation_context", None)
 session = getattr(inv_ctx, "session", None) if inv_ctx else None
 if session and hasattr(session, "user_id"):
 state["user:uid"] = session.user_id
 user_uid = state.get("user:uid")
 if not user_uid:
 return None
 if "user:profile" not in state or not state.get("user:profile"):
 doc_ref = db.document(f"users/{user_uid}/profile/info")
 doc = doc_ref.get()
 state["user:profile"] = doc.to_dict() if doc.exists else {}
 return None

1 Answer 1

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.