When Functions use e.g. onDocumentCreatedWithAuthContext to handle Firestore event triggers, the meaning of event.authType and event.authId are not documented and are inconsistent between the production and emulator environments.

The documentation [https://firebase.google.com/docs/functions/firestore-events?gen=2nd#auth-context](here) says "For information about the data available in the authentication context, see..." and links to a page that is not specific to Firebase. That page lists some possible values, but it's not clear what values would be used. The most sensible guess is that authType would be "appuser" or "user" if the document was created from the client-side web SDK, and "serviceaccount" if created from a Cloud Function. But those are not the values used.

In production, if the document is created from the client-side web SDK, authType is "api_key" and authId is the ID of the logged in user. If it's created from a Cloud Function, authType is "unknown" and authId is the ID of the default service account. Thus it is possible to tell the difference, although since the behavior is undocumented, we can't assume that the behavior won't change.

In the emulator environment, authType is always "unknown" and authId is always "fake-auth-id@gmail.com". This is inconsistent with the production environment and makes it impossible to tell how the document was created.

The behavior should be consistent and sensible and well documented.