search

JohnCoene / firebase

Google FIrebase for shiny
https://firebase.john-coene.com
GNU Affero General Public License v3.0
171 stars 26 forks source link

OAuth redirect stuck in loop (Microsoft) #53

Closed BilboBaagins closed 5 months ago

BilboBaagins commented 1 year ago

Hey John,

If I modify the code on your example app to launch with redirect instead of popup with Microsoft as the service provider, the auth seems to get stuck in a loop.

It works perfect with launch(flow = "popup").

Same behaviour is experienced when specifying the TENANT_ID, fyi.

Two reprex below, the first is a successful log in with popup and the second is unsuccessful login with redirect.

# reprex 1) working with popup

library(shiny)
library(firebase)

ui <- fluidPage(
  useFirebase(), 
  firebaseUIContainer()
)

server <- function(input, output){
  f <- FirebaseOauthProviders$
    new()$ 
    set_provider("microsoft.com")$
    launch(flow="popup") # works 
}

shinyApp(ui, server)
# reprex 2) not working with redirect

library(shiny)
library(firebase)

ui <- fluidPage(
  useFirebase(), 
  firebaseUIContainer()
)

server <- function(input, output){
  f <- FirebaseOauthProviders$
    new()$ 
    set_provider("microsoft.com")$
    launch(flow="redirect") # doesn't work, gets stuck in loop
}

shinyApp(ui, server)

Thanks again for a really great package!

JohnCoene commented 1 year ago

When you say "stuck in loop," what do you mean exactly?

BilboBaagins commented 1 year ago

There is probably a smarter way of capturing it - but I just screen recorded the URL address bar for the redirect example.

  1. Chrome browser fires up a window as normal with following address and port: 127.0.0.1:7905
  2. Authentication is attempted as normal with the following URL: [APPNAME].firebaseapp.com/_/auth/handler?apiKey=[APIKEY]&appName= ... etc.
  3. Error flickers up momentarily on address bar: [APPNAME].firebaseapp.com/_/auth/handler?error=invalid_request&error_description=AADSTS50194%3a+Application+[APPID]+is+not+configured+as+a+multi-tenant+application.+Usag...

The "loop" is step 2 and 3, repeated until I kill the server.

The informative error I didn't see until I screen recorded is: the app is not configured as a multi tenant applicaiton. It should be though, right? Log in is fine with the popup method.

Fyi, I am specifying a TENANT_ID here in both examples.

JohnCoene commented 1 year ago

1) Is it TENANT_ID or TENANT? 2) You have to configure the redirect in firebase I think

BilboBaagins commented 1 year ago

Sorry, it's TENANT.

I have the redirect that firebase gives https://[FIREBASE_PROJECT_NAME].firebaseapp.com/__/auth/handler set up already for the popup flow.

I wonder does this shed any light on it? Although I have checked Chrome's settings and third-party cookies are not blocked.

dcaud commented 1 year ago

Just in case it helps, it seems that Google recommends against using signInWithRedirect, which seems to be the source of these problems. See here: https://firebase.google.com/docs/auth/web/redirect-best-practices

The problem only arises in certain browsers/versions.