search

firebase / firebase-js-sdk

Firebase Javascript SDK
https://firebase.google.com/docs/web/setup
Other
4.83k stars 891 forks source link

Auth: requested action is invalid - Works with 9.23, fails with 10.x #7529

Closed woutersteven closed 10 months ago

woutersteven commented 1 year ago

Operating System

PWA

Browser Version

Chrome 115

Firebase SDK Version

10.0.0

Firebase SDK Product:

Auth

Describe your project's tooling

Ionic 7.3.1 / Angular 16.2.2

Describe the problem

Using firebase v10.0.0, v10.1.0, v10.2.0 or v10.3.0. the authentication flows break in a PWA setup and using signInWithGoogle. The error message in the browser is: "requested action is invalid". The PWA is hosted at Firebase with a custom domain, and both the custom domain and "localhost" are added to the list of authorised domains.

Downgrading to firebase v9.23 resolves the issue which is currently a work-around, and suggests that the configuration itself is correct.

Steps and code to reproduce issue

When using firebase v10.* I did notice a redirect containing a version number in the querystring to:

https:///__/auth/handler? apiKey=& appName=%5BDEFAULT%5D& authType=signInViaRedirect& redirectUrl=http%3A%2F%2Flocalhost%3A8101%2Fpages%2Flogin& v=9.23.0

Which i found odd considering I'm not using v9.23. However I've no idea what the issue is. Has anybody else encountered the issue?

woutersteven commented 1 year ago

I've tested it with the latest SDK v10.2.0, but the issue remains. Just keeping it update here for reference.

woutersteven commented 1 year ago

I've tested it with the latest SDK v10.3.0 and v10.3.1a nd v10.4.0, and the issue remains (just listing for reference and if others are encountering the issue). When I've more updates I'll post them here.

prameshj commented 1 year ago

Can you try comparing the URLs when using v9 and v10?

Is the v= the only difference in both?

You can try inspecting the network traces of the success and failure case too..

woutersteven commented 1 year ago

Good morning, thank you for your reply. I tried it out with all versions after 9.23. These are the results. It seems the difference is a section in the querystring: &providerId=google.com&scopes=profile

And that it stays on 9.23 in the querystring throughout.

v9.23 https://DOMAIN.COM/__/auth/handler?apiKey=APIKEY&appName=%5BDEFAULT%5D&authType=signInViaPopup&redirectUrl=http%3A%2F%2Flocalhost%3A8102%2Fen%2Fpages%2Flogin&v=9.23.0&eventId=7646217352&providerId=google.com&scopes=profile

v10.0 https://DOMAIN.COM/__/auth/handler?apiKey=APIKEY&appName=%5BDEFAULT%5D&authType=signInViaPopup&redirectUrl=http%3A%2F%2Flocalhost%3A8101%2Fen%2Fpages%2Flogin&v=9.23.0&eventId=7197947674

v10.1 https://DOMAIN.COM/__/auth/handler?apiKey=APIKEY&appName=%5BDEFAULT%5D&authType=signInViaPopup&redirectUrl=http%3A%2F%2Flocalhost%3A8101%2Fen%2Fpages%2Flogin&v=9.23.0&eventId=4602268422

v10.2 https://DOMAIN.COM/__/auth/handler?apiKey=APIKEY&appName=%5BDEFAULT%5D&authType=signInViaPopup&redirectUrl=http%3A%2F%2Flocalhost%3A8101%2Fen%2Fpages%2Flogin&v=9.23.0&eventId=5773581157

v10.3 https://DOMAIN.COM/__/auth/handler?apiKey=APIKEY&appName=%5BDEFAULT%5D&authType=signInViaPopup&redirectUrl=http%3A%2F%2Flocalhost%3A8101%2Fen%2Fpages%2Flogin&v=9.23.0&eventId=2857007044

v10.3.1 https://DOMAIN.COM/__/auth/handler?apiKey=APIKEY&appName=%5BDEFAULT%5D&authType=signInViaPopup&redirectUrl=http%3A%2F%2Flocalhost%3A8101%2Fen%2Fpages%2Flogin&v=9.23.0&eventId=7276678435

v10.4 https://DOMAIN.COM/__/auth/handler?apiKey=APIKEY&appName=%5BDEFAULT%5D&authType=signInViaPopup&redirectUrl=http%3A%2F%2Flocalhost%3A8101%2Fen%2Fpages%2Flogin&v=9.23.0&eventId=5772112798

prameshj commented 1 year ago

Thanks! I notcied a couple of things:

1) I see the authType shows "signInViaPopup", but i think the issue was previously on signInViaRedirect, correct? The redirect URL is computed here - https://github.com/firebase/firebase-js-sdk/blob/e30d7a6522fd3be0c30a82ee054b271a68c03fde/packages/auth/src/platform_browser/popup_redirect.ts#L95, this is where we set the provider ID - https://github.com/firebase/firebase-js-sdk/blob/e30d7a6522fd3be0c30a82ee054b271a68c03fde/packages/auth/src/core/util/handler.ts#L86 and scopes is set few lines below. Can you confirm that you are passing in the correct "provider" parameter to signInWithRedirect or signInWithPopup? Any chance it is mistakenly triggering it for an Email/Password or similar provider?

google-oss-bot commented 1 year ago

Hey @woutersteven2020. We need more information to resolve this issue but there hasn't been an update in 5 weekdays. I'm marking the issue as stale and if there are no new updates in the next 5 days I will close it automatically.

If you have more information that will help us get to the bottom of this, just add a comment!

woutersteven commented 1 year ago

The issue happens with both mode=redirect and mode=popup. I just did some more debugging.

Going over (a lot) of GitHub issues, I'm suspecting an incompatibility between AngularFire 7.6.1 and Firebase 10+. At least for some other errors that are triggered, for example by Firestore:

There were a few other issues that I cannot find now that were mentioning incompatibility between exports of functions between firebase and AngularFire. and a few seemingly unrelated errors/warnings that others reported.

I've downgraded to v9.23 again and will await the update of AngularFire and report back here.

woutersteven commented 11 months ago

Update for today.

Initial tests with AngularFire v16 and Firebase 10.5.1 look good. I will test more tomorrow and this weekend and report back here and potentially close this issue.

woutersteven commented 10 months ago

Currently using it with AngularFire v17.0.0 (pre-release) and Firebase v10.7.0, also working as expected. Closing issue...