TypeError: The input to be decoded is not correctly encoded - when upgrading from 0.7.6 to 0.8.6

[MartinXPN]

I was trying to upgrade the library version from 0.7.6 to the latest one 0.8.6 and none of the currently logged-in users could use the app.

For all users logged in with the previous version (0.7.6), the app started to refresh every second, not letting them interact with it. Looking at the logs on the server, I see the following:

[GET] [middleware: "middleware"] /api/login reason=EDGE_FUNCTION_INVOCATION_FAILED, status=500, user_error=true

and

TypeError: The input to be decoded is not correctly encoded.
    at (node_modules/jose/dist/browser/runtime/base64url.js:35:14)
    at (node_modules/next-firebase-auth-edge/lib/auth/rotating-credential.js:12:35)
    at (node_modules/next-firebase-auth-edge/lib/auth/rotating-credential.js:16:20)
    at (node_modules/next-firebase-auth-edge/lib/auth/cookies/sign.js:11:38)
    at (node_modules/next-firebase-auth-edge/lib/next/cookies.js:34:98)
    at (node_modules/next-firebase-auth-edge/lib/next/cookies.js:59:11)
    at (node_modules/next/dist/esm/server/web/adapter.js:145:19)

Seems like the app is not able to properly get or set the user from the cookies. Have I done something wrong? Is there any way to prevent this from happening? Thanks a lot for the help!

[MartinXPN]

Interestingly after updating the firebase SDK to the latest version, the app started to work fine locally but showed the same error in production when deployed to Vercel. Any idea why that might be happening?

[awinogrodzki]

Hey @MartinXPN, thanks for reporting :-)

Could you run npx next info in your project and paste the result here? It should give me some context on Node and Next versions you're using. Also, could you share a list of firebase sdk packages your app depends on?

[MartinXPN]

Sure, here is the result of npx next info:

    Operating System:
      Platform: darwin
      Arch: x64
      Version: Darwin Kernel Version 21.6.0: Thu Jul  6 22:18:26 PDT 2023; root:xnu-8020.240.18.702.13~1/RELEASE_X86_64
    Binaries:
      Node: 18.17.0
      npm: 9.6.7
      Yarn: 1.22.19
      pnpm: N/A
    Relevant Packages:
      next: 13.4.19
      eslint-config-next: 13.4.19
      react: 18.2.0
      react-dom: 18.2.0
      typescript: 5.2.2
    Next.js Config:
      output: N/A

I'm currently using several firebase-related packages:

    "firebase": "^10.4.0",
    "firebase-admin": "^11.10.1",
    "firebaseui": "^6.1.0",
    "next-firebase-auth-edge": "^0.8.6",

The auth works fine on my machine. Yet, as soon as I deploy to Vercel, no user is able to get in. It's using Node.js 18.x and is deployed to USA (East) - iad1.

[awinogrodzki]

I cannot reproduce the issue with those specific versions on https://next-firebase-auth-edge-starter.vercel.app/, but I have a feeling it's connected with the value of cookieSignatureKeys. Not 100% sure though.

Could you install next-firebase-auth-edge@0.8.7-1 and check if the error is still happening?

[awinogrodzki]

If it does still happen, will it start working after clearing browser cache?

[MartinXPN]

Yeah, I just tried the next-firebase-auth-edge@0.8.7-1 version and it worked! Thank you so much! May I ask what was the issue?

[awinogrodzki]

Here's the PR with the fix https://github.com/awinogrodzki/next-firebase-auth-edge/pull/93/files

Before 0.8.7-1, I was using base64url.decode from jose to convert cookie signature key to UInt8Array to generate cookie signature.

I think cookieSignatureKeys you pass to authentication middleware function have some unusual character or set of characters that cannot be decoded by base64url.decode function. It was mistake on my side. I tested base64url.decode against number of combinations and assumed it was safe for any string, but the assumption was false.

Anyways, converting to UInt8Array directly is much more efficient in this case. I'm glad the fix have worked!

[MartinXPN]

Yeah, works like a charm. Thank you so much for fixing it this quickly!

[awinogrodzki]

Fix released in 0.8.7