Closed MartinXPN closed 1 year ago
Interestingly after updating the firebase SDK to the latest version, the app started to work fine locally but showed the same error in production when deployed to Vercel. Any idea why that might be happening?
Hey @MartinXPN, thanks for reporting :-)
Could you run npx next info
in your project and paste the result here? It should give me some context on Node and Next versions you're using. Also, could you share a list of firebase
sdk packages your app depends on?
Sure, here is the result of npx next info
:
Operating System:
Platform: darwin
Arch: x64
Version: Darwin Kernel Version 21.6.0: Thu Jul 6 22:18:26 PDT 2023; root:xnu-8020.240.18.702.13~1/RELEASE_X86_64
Binaries:
Node: 18.17.0
npm: 9.6.7
Yarn: 1.22.19
pnpm: N/A
Relevant Packages:
next: 13.4.19
eslint-config-next: 13.4.19
react: 18.2.0
react-dom: 18.2.0
typescript: 5.2.2
Next.js Config:
output: N/A
I'm currently using several firebase-related packages:
"firebase": "^10.4.0",
"firebase-admin": "^11.10.1",
"firebaseui": "^6.1.0",
"next-firebase-auth-edge": "^0.8.6",
The auth works fine on my machine. Yet, as soon as I deploy to Vercel, no user is able to get in. It's using Node.js 18.x and is deployed to USA (East) - iad1.
I cannot reproduce the issue with those specific versions on https://next-firebase-auth-edge-starter.vercel.app/, but I have a feeling it's connected with the value of cookieSignatureKeys
. Not 100% sure though.
Could you install next-firebase-auth-edge@0.8.7-1
and check if the error is still happening?
If it does still happen, will it start working after clearing browser cache?
Yeah, I just tried the next-firebase-auth-edge@0.8.7-1
version and it worked!
Thank you so much!
May I ask what was the issue?
Here's the PR with the fix https://github.com/awinogrodzki/next-firebase-auth-edge/pull/93/files
Before 0.8.7-1
, I was using base64url.decode
from jose
to convert cookie signature key to UInt8Array
to generate cookie signature.
I think cookieSignatureKeys
you pass to authentication
middleware function have some unusual character or set of characters that cannot be decoded by base64url.decode
function. It was mistake on my side. I tested base64url.decode
against number of combinations and assumed it was safe for any string, but the assumption was false.
Anyways, converting to UInt8Array
directly is much more efficient in this case. I'm glad the fix have worked!
Yeah, works like a charm. Thank you so much for fixing it this quickly!
Fix released in 0.8.7
I was trying to upgrade the library version from
0.7.6
to the latest one0.8.6
and none of the currently logged-in users could use the app.For all users logged in with the previous version (0.7.6), the app started to refresh every second, not letting them interact with it. Looking at the logs on the server, I see the following:
and
Seems like the app is not able to properly get or set the user from the cookies. Have I done something wrong? Is there any way to prevent this from happening? Thanks a lot for the help!