search

firebase / firebase-js-sdk

Firebase Javascript SDK
https://firebase.google.com/docs/web/setup
Other
4.83k stars 888 forks source link

Requested authentication state persistence isn't retained #8545

Open dsl101 opened 2 days ago

dsl101 commented 2 days ago

Operating System

windows

Environment (if applicable)

Chrome 131, Firefox 130

Firebase SDK Version

10.13.2

Firebase SDK Product(s)

Auth

Project Tooling

React app / Vue & Quasar app

Detailed Problem Description

This page states that calls to setPersistence() prior to signInWithRedirect() should reapply the requested persistence model at the end of the redirect flow. We are seeing that despite requesting browserSessionPersistence before sending the link, and pasting the emailed link directly into the same browser tab, the persistence model is reverting to LOCAL.

This also happens with federated auth providers using signInWithRedirect().

Steps and code to reproduce issue

E.g. minimal piece of code to send a signin link by email:

  const signIn = (data) => {
    const options = {
      url: window.location.href,
      handleCodeInApp: true,     
    }
    console.log('options:', options)
    return setPersistence(auth, browserSessionPersistence).then(() => {
      console.log('auth:', auth)
      console.log('Persistence:', auth.persistenceManager.persistence)
      sendSignInLinkToEmail(auth, data.email, options).then(() => {
        console.log('sent link')
      })
    });
  };

Note the persistence printed to console here is:

useAuth.js:23 Persistence: BrowserSessionPersistence {type: 'SESSION', storageRetriever: ƒ}storageRetriever: () => window.sessionStoragetype: "SESSION"storage: (...)[[Prototype]]: BrowserPersistenceClass

After pasting the redirect link and re-entering the email address on the test app, this code detects & applies the authentication:

      if (isSignInWithEmailLink(auth, window.location.href)) {
        await signInWithEmailLink(auth, email, window.location.href)
        window.location.replace("/")  // Dismiss redirect
      } else {
        await signIn({ email });
      }

and the onAuthStateChanged() handler:

    return onAuthStateChanged(auth, async (userData) => {
      console.log("onAuthStateChanged:", userData);
      if (userData) {
        try {
          console.log("Persistence:", userData.auth.persistenceManager.persistence)
          setUser(() => userData);
        } catch (e) {
          // eslint-disable-next-line
          console.log(e);
        }
      } else {
        setUser(null);
      }

logs:

FirebaseAuthProvider.jsx:17 Persistence: IndexedDBLocalPersistence {type: 'LOCAL', _shouldAllowMigration: true, listeners: {…}, localCache: {…}, pollTimer: 1, …}
google-oss-bot commented 2 days ago

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.