search

invertase / react-native-firebase

🔥 A well-tested feature-rich modular Firebase implementation for React Native. Supports both iOS & Android platforms for all Firebase services.
https://rnfirebase.io
Other
11.65k stars 2.21k forks source link

[🐛] Auth azure AD firebase openid connect #7607

Closed bilalyaqoob closed 5 months ago

bilalyaqoob commented 7 months ago

Issue

I am trying to authenticate user using azure AD and openID connect firebase, while doing it i am getting error

[auth/missing-or-invalid-nonce] the request does not contain a valid nonce. This can occur if the SHA-256 hash of the provided nonce in the ID token payload. [Nonce is missing in the request.]

import {authorize} from 'react-native-app-auth';
const config = {
  issuer:
    'https://login.microsoftonline.com/a61239ac-3e0b-3224-9e0c-b90ab2391e30/v2.0',
  clientId: 'c55c5c49-a8da-4109-9af4-82342f3f864d',
  redirectUrl: 'msauth://com.test/lZnKZ%2BOvn3wKMcWuEh1f4MjhWAl%3D',
  scopes: ['openid', 'profile', 'email', 'offline_access'],
};
const handleLogin = useCallback(async () => {
    try {
      const newAuthState = await authorize({
        ...config,
        connectionTimeoutSeconds: 5,
        iosPrefersEphemeralSession: true
      });
      const credential = auth.OIDCAuthProvider.credential(
        'trojan_auth',
        newAuthState.idToken,
      );
      const userCredential = await auth().signInWithCredential(credential);
      const user = userCredential.user;

    } catch (error) {
      Alert.alert('Failed to log in', error.message); 
    }
  }, []);

Project Files

Javascript

Click To Expand

#### `package.json`: ```json { "name": "Test", "version": "0.0.1", "private": true, "scripts": { "android": "react-native run-android", "ios": "react-native run-ios", "lint": "eslint .", "start": "react-native start", "test": "jest" }, "dependencies": { "@react-native-firebase/app": "^18.7.3", "@react-native-firebase/auth": "^18.7.3", "@react-native-firebase/firestore": "^18.7.3", "@react-native-firebase/functions": "^18.7.3", "@react-navigation/drawer": "^6.6.6", "@react-navigation/native": "^6.1.9", "@react-navigation/stack": "^6.3.20", "react": "18.2.0", "react-native": "0.72.7", "react-native-app-auth": "^7.1.0", "react-native-gesture-handler": "^2.14.0", "react-native-reanimated": "^3.6.1", "react-native-safe-area-context": "^4.8.1", "react-native-screens": "^3.29.0", "react-native-vector-icons": "^10.0.3" }, "devDependencies": { "@babel/core": "^7.20.0", "@babel/preset-env": "^7.20.0", "@babel/runtime": "^7.20.0", "@react-native/eslint-config": "^0.72.2", "@react-native/metro-config": "^0.72.11", "@types/react": "^18.0.24", "@types/react-test-renderer": "^18.0.0", "babel-jest": "^29.2.1", "eslint": "^8.19.0", "jest": "^29.2.1", "metro-react-native-babel-preset": "0.76.8", "prettier": "^2.4.1", "react-native-asset": "^2.1.1", "react-test-renderer": "18.2.0" }, "engines": { "node": ">=18" } } ``` #### `firebase.json` for react-native-firebase v6: ```json # N/A ```

iOS

Click To Expand

#### `ios/Podfile`: - [ ] I'm not using Pods - [x] I'm using Pods and my Podfile looks like: ```ruby # N/A ``` #### `AppDelegate.m`: ```objc // N/A ```

Android

Click To Expand

#### Have you converted to AndroidX? - [ ] my application is an AndroidX application? - [ ] I am using `android/gradle.settings` `jetifier=true` for Android compatibility? - [ ] I am using the NPM package `jetifier` for react-native compatibility? #### `android/build.gradle`: ```groovy // Top-level build file where you can add configuration options common to all sub-projects/modules. buildscript { ext { buildToolsVersion = "33.0.0" minSdkVersion = 21 compileSdkVersion = 33 targetSdkVersion = 33 // We use NDK 23 which has both M1 support and is the side-by-side NDK version from AGP. ndkVersion = "23.1.7779620" } repositories { google() mavenCentral() } dependencies { classpath("com.android.tools.build:gradle") classpath("com.facebook.react:react-native-gradle-plugin") classpath("com.google.gms:google-services:4.4.0") } } ``` #### `android/app/build.gradle`: ```groovy apply plugin: "com.android.application" apply plugin: "com.facebook.react" apply plugin: 'com.google.gms.google-services' /** * This is the configuration block to customize your React Native Android app. * By default you don't need to apply any configuration, just uncomment the lines you need. */ react { /* Folders */ // The root of your project, i.e. where "package.json" lives. Default is '..' // root = file("../") // The folder where the react-native NPM package is. Default is ../node_modules/react-native // reactNativeDir = file("../node_modules/react-native") // The folder where the react-native Codegen package is. Default is ../node_modules/@react-native/codegen // codegenDir = file("../node_modules/@react-native/codegen") // The cli.js file which is the React Native CLI entrypoint. Default is ../node_modules/react-native/cli.js // cliFile = file("../node_modules/react-native/cli.js") /* Variants */ // The list of variants to that are debuggable. For those we're going to // skip the bundling of the JS bundle and the assets. By default is just 'debug'. // If you add flavors like lite, prod, etc. you'll have to list your debuggableVariants. // debuggableVariants = ["liteDebug", "prodDebug"] /* Bundling */ // A list containing the node command and its flags. Default is just 'node'. // nodeExecutableAndArgs = ["node"] // // The command to run when bundling. By default is 'bundle' // bundleCommand = "ram-bundle" // // The path to the CLI configuration file. Default is empty. // bundleConfig = file(../rn-cli.config.js) // // The name of the generated asset file containing your JS bundle // bundleAssetName = "MyApplication.android.bundle" // // The entry file for bundle generation. Default is 'index.android.js' or 'index.js' // entryFile = file("../js/MyApplication.android.js") // // A list of extra flags to pass to the 'bundle' commands. // See https://github.com/react-native-community/cli/blob/main/docs/commands.md#bundle // extraPackagerArgs = [] /* Hermes Commands */ // The hermes compiler command to run. By default it is 'hermesc' // hermesCommand = "$rootDir/my-custom-hermesc/bin/hermesc" // // The list of flags to pass to the Hermes compiler. By default is "-O", "-output-source-map" // hermesFlags = ["-O", "-output-source-map"] } /** * Set this to true to Run Proguard on Release builds to minify the Java bytecode. */ def enableProguardInReleaseBuilds = false /** * The preferred build flavor of JavaScriptCore (JSC) * * For example, to use the international variant, you can use: * `def jscFlavor = 'org.webkit:android-jsc-intl:+'` * * The international variant includes ICU i18n library and necessary data * allowing to use e.g. `Date.toLocaleString` and `String.localeCompare` that * give correct results when using with locales other than en-US. Note that * this variant is about 6MiB larger per architecture than default. */ def jscFlavor = 'org.webkit:android-jsc:+' android { ndkVersion rootProject.ext.ndkVersion compileSdkVersion rootProject.ext.compileSdkVersion namespace "com.test" defaultConfig { applicationId "com.test" minSdkVersion rootProject.ext.minSdkVersion targetSdkVersion rootProject.ext.targetSdkVersion versionCode 1 versionName "1.0" manifestPlaceholders = [ appAuthRedirectScheme: 'msauth' ] } signingConfigs { debug { storeFile file('debug.keystore') storePassword 'android' keyAlias 'androiddebugkey' keyPassword 'android' } release { if (project.hasProperty('MYAPP_UPLOAD_STORE_FILE')) { storeFile file(MYAPP_UPLOAD_STORE_FILE) storePassword MYAPP_UPLOAD_STORE_PASSWORD keyAlias MYAPP_UPLOAD_KEY_ALIAS keyPassword MYAPP_UPLOAD_KEY_PASSWORD } } } buildTypes { debug { signingConfig signingConfigs.debug } release { // Caution! In production, you need to generate your own keystore file. // see https://reactnative.dev/docs/signed-apk-android. signingConfig signingConfigs.release minifyEnabled enableProguardInReleaseBuilds proguardFiles getDefaultProguardFile("proguard-android.txt"), "proguard-rules.pro" } } } dependencies { // The version of react-native is set by the React Native Gradle Plugin implementation("com.facebook.react:react-android") implementation project(':react-native-vector-icons') implementation(platform("com.google.firebase:firebase-bom:32.7.0")) implementation("com.google.firebase:firebase-analytics") debugImplementation("com.facebook.flipper:flipper:${FLIPPER_VERSION}") debugImplementation("com.facebook.flipper:flipper-network-plugin:${FLIPPER_VERSION}") { exclude group:'com.squareup.okhttp3', module:'okhttp' } debugImplementation("com.facebook.flipper:flipper-fresco-plugin:${FLIPPER_VERSION}") if (hermesEnabled.toBoolean()) { implementation("com.facebook.react:hermes-android") } else { implementation jscFlavor } } apply from: file("../../node_modules/@react-native-community/cli-platform-android/native_modules.gradle"); applyNativeModulesAppBuildGradle(project) ``` #### `android/settings.gradle`: ```groovy rootProject.name = 'test' include ':@react-native-async-storage_async-storage' project(':@react-native-async-storage_async-storage').projectDir = new File(rootProject.projectDir, '../node_modules/@react-native-async-storage/async-storage/android') apply from: file("../node_modules/@react-native-community/cli-platform-android/native_modules.gradle"); applyNativeModulesSettingsGradle(settings) include ':app' includeBuild('../node_modules/@react-native/gradle-plugin') ``` #### `MainApplication.java`: ```java package com.test; import android.app.Application; import com.facebook.react.PackageList; import com.facebook.react.ReactApplication; import com.facebook.react.ReactNativeHost; import com.facebook.react.ReactPackage; import com.facebook.react.defaults.DefaultNewArchitectureEntryPoint; import com.facebook.react.defaults.DefaultReactNativeHost; import com.facebook.soloader.SoLoader; import java.util.List; import com.oblador.vectoricons.VectorIconsPackage; public class MainApplication extends Application implements ReactApplication { private final ReactNativeHost mReactNativeHost = new DefaultReactNativeHost(this) { @Override public boolean getUseDeveloperSupport() { return BuildConfig.DEBUG; } @Override protected List getPackages() { @SuppressWarnings("UnnecessaryLocalVariable") List packages = new PackageList(this).getPackages(); // Packages that cannot be autolinked yet can be added manually here, for example: // packages.add(new MyReactNativePackage()); return packages; } @Override protected String getJSMainModuleName() { return "index"; } @Override protected boolean isNewArchEnabled() { return BuildConfig.IS_NEW_ARCHITECTURE_ENABLED; } @Override protected Boolean isHermesEnabled() { return BuildConfig.IS_HERMES_ENABLED; } }; @Override public ReactNativeHost getReactNativeHost() { return mReactNativeHost; } @Override public void onCreate() { super.onCreate(); SoLoader.init(this, /* native exopackage */ false); if (BuildConfig.IS_NEW_ARCHITECTURE_ENABLED) { // If you opted-in for the New Architecture, we load the native entry point for this app. DefaultNewArchitectureEntryPoint.load(); } ReactNativeFlipper.initializeFlipper(this, getReactNativeHost().getReactInstanceManager()); } } ``` #### `AndroidManifest.xml`: ```xml ```

Environment

Click To Expand

**`react-native info` output:** ``` OUTPUT GOES HERE ``` - **Platform that you're experiencing the issue on**: - [ ] iOS - [x] Android - [ ] **iOS** but have not tested behavior on Android - [x] **Android** but have not tested behavior on iOS - [ ] Both - **`react-native-firebase` version you're using that has this issue:** - `e.g. 5.4.3` - **`Firebase` module(s) you're using that has the issue:** - `e.g. Instance ID` - **Are you using `TypeScript`?** - `N` & `VERSION`

mikehardy commented 7 months ago

Looks like you're not providing the nonce, as the error message indicates.

You should get one from however you are authenticating as part of the authentication system's return. Then you pass it to the credential constructor in a parameter that your code indicates you are not using:

https://github.com/invertase/react-native-firebase/blob/79fc41c815fcb1127b7a69436cf6aea002016d28/packages/auth/lib/providers/OIDCAuthProvider.js#L29-L33

Your code does appear to be consistent with our documentation, but our documentation does not appear to pass the nonce param either, perhaps our documentation is in error 🤔 ?

See if there is a nonce in the newAuthState you get back from OIDC, there should be something like it, and pass that in to the credential constructor from our OIDCProvider here, and perhaps that works?

bilalyaqoob commented 7 months ago

@mikehardy I am getting back this response in newAuthState and should I also update the documentation?

{
   tokenAdditionalParameters: { ext_expires_in: '5062' },
   idToken: ,
   authorizeAdditionalParameters: { session_state: '18b13646-f65b-4870-9694-bb6bdcbe94ac' },
   accessTokenExpirationDate: '2024-01-25T00:25:08Z',
   scopes: [],
   accessToken: '',
   tokenType: 'Bearer',
   refreshToken:''
}
mikehardy commented 7 months ago

@bilalyaqoob

I am getting back this response in newAuthState

...okay - have you tried using any of the parts of that? the "session_state" item looks like it has potential as a nonce. If you use that as the nonce for the firebase auth call, does it work?

should I also update the documentation?

Once we have something working, absolutely! That would be fantastic - there is an edit link at the top right of every docs page, but we have to know it's working well for you before we can recommend it of course :-)

bilalyaqoob commented 7 months ago

I tried it using newAuthState.accessToken and it didn't work, now I will use session_state, Isn't it with session state every time the user logs out and logs in again it will create a new user in Firebase authentication?

bilalyaqoob commented 7 months ago

@mikehardy I also tried with session_state and still same error.

github-actions[bot] commented 5 months ago

Hello 👋, to help manage issues we automatically close stale issues.

This issue has been automatically marked as stale because it has not had activity for quite some time.Has this issue been fixed, or does it still require attention?

This issue will be closed in 15 days if no further activity occurs.

Thank you for your contributions.