search

firebase / firebase-js-sdk

Firebase Javascript SDK
https://firebase.google.com/docs/web/setup
Other
4.84k stars 889 forks source link

TypeScript Error: Property 'reloadUserInfo' does not exist on type 'User'. #7672

Open Himanshu21git opened 1 year ago

Himanshu21git commented 1 year ago

Operating System

Ubuntu 22.04.3 LTS

Browser Version

Chrome/117.0.5938.92 (Official Build) (64-bit)

Firebase SDK Version

10.3.0

Firebase SDK Product:

Auth

Describe your project's tooling

Nuxt 3 application with Vite and Vue 3.

Describe the problem

Property reloadUserInfo is not defined in the type definition of User but is accessible via the user object retrieved from the getAuth().currentUser utility in the auth module.

Property Property reloadUserInfo should be added to the type definition of User, to resolve the TypeScript error faced when using that in the source code.

image

I want to use one of the properties from this object for my application's authentication use case which is otherwise unavailable directly in the User instance. (Have referred https://github.com/firebase/firebase-js-sdk/issues/6364, as well)

Steps and code to reproduce issue

Source Code:

async fetchUser(): Promise < User | null > {
    try {
        const user = (await getAuth()).currentUser;
        console.log(user?.reloadUserInfo);
        return user;
    } catch (error) {
        console.log(error);
    }
}

fetchUser().then((user) => {
    console.log(user);
});

Output:

When I console logged the output of the user.reloadUserInfo, it got an object with the following keys: image

jbalidiong commented 1 year ago

Hi @Himanshu21git, thanks for reaching out. Based on the related issue that you've mentioned, one of our Auth engineer stated that :

reloadUserInfo is marked private and is not intended for use by developers. It's used to synchronize multi-factor operations.

What specific field or property are you looking for?

Himanshu21git commented 1 year ago

What specific field or property are you looking for?

Hi, @jbalidiong I am looking for the customAttributes property which is accessible in reloadUserInfo.

Output:

When I console logged the output of the user.reloadUserInfo, it got an object with the following keys: image

As you can see the customAttributes property is available in the reloadUserInfo object.

jbalidiong commented 1 year ago

@Himanshu21git thanks for the additional information. Let me check what we can do for this issue or bring someone from the Auth team that can provide more context about it.

NhienLam commented 1 year ago

Hi @Himanshu21git, can you tell us why you want to access the customAttributes property?

Will using custom claims (IdTokenResult.claims) work for you? https://firebase.google.com/docs/auth/admin/custom-claims#access_custom_claims_on_the_client

Himanshu21git commented 1 year ago

Hi @NhienLam, I need to access the latest value of attributes present in custom claims without forcefully refreshing the IdTokenResult.

As you know the claims and JWT token received from the getIdTokenResult method stay valid for an hour, unless not forcefully refreshed. So if during this period of 1 hour, one of the claims properties is updated, I will be unable to retrieve the updated value of that particular claims property during this duration of 1 hour. Whenever a new request is made for fetching custom claims using getIdTokenResult method with the forceRefresh attribute set to false, Firebase will return the cached token and claims during this time period of 1 hour.

So, I am looking for a way to get the updated customAttributes without invoking the forceRefresh on the getIdTokenResult method provided in the auth module.

Himanshu21git commented 1 year ago

Hi, @NhienLam @jbalidiong any updates on this?

NhienLam commented 1 year ago

Hi @Himanshu21git, could you tell us why you don't want to refresh the token? What is your use case?

Does using getAdditionalUserInfo() work for your use case? Does AdditionalUserInfo have the information you need?

Please note that it’s recommended to only use custom claims to provide access control and not store additional data.

Himanshu21git commented 1 year ago

Hi @Himanshu21git, could you tell us why you don't want to refresh the token? What is your use case?

Hi @NhienLam, As the token stays valid for 1 hour, I don't want to refresh it repeatedly on every page refresh to access the updated claims' custom attributes during this time period. Refreshing the token again and again just to get the updated custom attributes doesn't seem to be a good practice to me and might possibly lead to resource overheads, rate limiting, and increased latency given that we will have a high number of users.

As per my use case, I want to access the latest custom attributes from the claims property, they can change as well over the time period. So, instead of using the getIdTokenResult method with the forceRefresh attribute set to true, to access the updated custom claims attributes, which will generate a new token, even if the old one is still valid (as token validity is 60 minutes), I want some other way to access the custom claims attributes without regenerating the JWT token if it is still valid.

For example, if a user has just logged in, a token will be generated and claims will be accessed, after some time, if a page refresh is made on the client side before the duration of 1 hour, if we used getIdTokenResult(true), a new token will still be generated, even though the previously generated token was still valid, this seems unnecessary. Although, it provides the updated custom claims attributes, forcefully regenerating the JWT token, if it is still valid doesn't seem good to me.

I found the alternative way to access the latest custom attributes through the customAttributes property which is accessible in the reloadUserInfo object provided by the getAuth().currentUser. But as mentioned by you, that's not intended to be used by developers. So, I need some other way to access these custom attributes without forcefully refreshing the token and want to rely on the Firebase token handling mechanism.

Does using getAdditionalUserInfo() work for your use case? Does AdditionalUserInfo have the information you need?

No, using the getAdditionalUserInfo() would not work for my use case as AdditionalUserInfo doesn't contain the information I need. I am looking forward to accessing the updated customAttributes properties as present in the reloadUserInfo object provided by the getAuth().currentUser.

Himanshu21git commented 1 year ago

Hi, @NhienLam, do you have any updates regarding this matter?

NhienLam commented 1 year ago

Thanks for your response! I will mark this as a feature request, but we are unable to promise a timeline right now.