There is a BE application. Users send requests to BE. BE send firestore requests using firebase-admin by a service account. But when the logs of these requests are listed in the Audit logs, there is no information about the user who sent this request. Is there some way to do this?
I hoped to do it using OAuth authorization for users, but
OAuth 2.0 refresh tokens are not supported for connecting to Cloud Firestore
If the process making the request to Firestore runs with administrative privilege, there is no user associated with the request. There is no explicit way to associate the user with the request as would happen automatically when that user makes the call through a client-side SDK.
Typically you'd fire your own cloud logging events (or to any other logging system) where you specify on behalf of what user the request was made (and possibly what its results were).