firestore rules request.auth always null after updates

[neelz040]

seems like in my firestore rules the request.auth is always null. This happend after some updates!? Is this a bug or did I miss important changes? Thank you !! :)

package.json After Update:

"@angular/animations": "~12.0.1",
"@angular/cdk": "^11.0.0",
"@angular/common": "~12.0.1",
"@angular/compiler": "~12.0.1",
"@angular/core": "~12.0.1",
"@angular/fire": "^6.1.5",
"@angular/forms": "~12.0.1",
"@angular/platform-browser": "~12.0.1",
"@angular/platform-browser-dynamic": "~12.0.1",
"@angular/router": "~12.0.1",
"@datorama/akita": "^6.1.3",
"@datorama/akita-ng-router-store": "^6.0.0",
"@ngneat/reactive-forms": "^1.7.2",
"@ngneat/transloco": "^2.20.1",
"akita-ng-fire": "^6.0.0",
"firebase": "^8.6.2",
"rxjs": "~6.6.0",
"tslib": "^2.0.0",
"zone.js": "~0.11.4"

still works for the following package.json

"@angular/animations": "~11.0.5",
"@angular/cdk": "^11.0.0",
"@angular/common": "~11.0.5",
"@angular/compiler": "~11.0.5",
"@angular/core": "~11.0.5",
"@angular/fire": "^6.1.4",
"@angular/forms": "~11.0.5",
"@angular/platform-browser": "~11.0.5",
"@angular/platform-browser-dynamic": "~11.0.5",
"@angular/router": "~11.0.5",
"@datorama/akita": "^6.1.3",
"@datorama/akita-ng-router-store": "^6.0.0",
"akita-ng-fire": "^3.1.6",
"firebase": "^7.24.0",
"rxjs": "~6.6.0",
"tslib": "^2.0.0",
"zone.js": "~0.10.2"

[neelz040]

let me clarify, I am able to access Cloud Firestore but my request.auth field is always null (even after login). Login seems to work fine, I am getting the firebase.User and idTokenResult/idToken objects in the frontend after auth.

The issue is that my rules allow only reads for signed in users (request.auth.uid != null) and this is always false. Removing this rule and I am getting my documents.

Let me know if you need more information from me. Thanks.

[fritzschoff]

Hey, thanks for reporting. The package json you copied is just that one from the example app. That doesn't interfere with the library. Need to do my own research if there could be something different between these two updates

[neelz040]

Hey, thanks for the quick response. I will have a further look ! But the package json seems not to be the same as the example app?

example app uses

"akita-ng-fire": "^4.3.3",    <- I use "akita-ng-fire": "^6.0.0",
"firebase": "^8.0.1",            <- I use "firebase": "^8.6.2",

[fritzschoff]

Ah you copied your own package json here in the first comment?

[neelz040]

Yes, sorry for the misunderstanding ! Both are mine (after the update and before the update)

[fritzschoff]

Hey @neelz040 , just had a look into it and it worked for me. I served the example application and wrote some rules about the movie collection. If I didn't logged in before, I got redirected to create a movie. If I'm logged in, I can see three movies. Is your error still persist? (I removed the rule again so other uses won't have an issue)

[neelz040]

@fritzschoff thanks for testing. I will test it this week again. I'll get back to you !

[TokkeDev]

Just a little FYI: I had the same issue and couldn't figure out what was wrong. Then I found this issue (#4932) from the firebase-js-sdk repo. So that's probably what happened here. It's fixed in version 8.7.0 of the firebase-js-sdk 👌