[BUG] Unable to get oidc keypair

[Pessina]

KeyPair retrieval fails if the OIDC token, used as a key in LocalStorage, refreshes between its storage and retrieval phases. This mismatch occurs due to the token change, leading to retrieval failure.

Steps to Reproduce (Chrome):

1. Login.
2. Logout.
3. Wait 1 hour (to allow token refresh).
4. Login again with the same account.
5. Encounter retrieval failure.

Note:

Avoid token refresh triggers (e.g., visiting AuthCallback or RemoveDevice pages) during reproduction.

Relevant Code:

Storage:

• https://github.com/near/fast-auth-signer/blob/a24da6b02aa16a572501172976f9efa249d5c29a/packages/near-fast-auth-signer/src/lib/controller.ts#L238

Retrieval:

• https://github.com/near/fast-auth-signer/blob/a24da6b02aa16a572501172976f9efa249d5c29a/packages/near-fast-auth-signer/src/lib/controller.ts#L290
• Where the bug happens: https://github.com/near/fast-auth-signer/blob/8e5525541673d321ef425096d8c4522720339b40/packages/near-fast-auth-signer/src/components/AddDevice/AddDevice.tsx#L182

[hcho112]

To add more details, I believe that the access token from firebase that we are using gets rotated (refreshed) after certain period of time. However, we are storing the full odic token string as part of key to store data on localStorage.

In which it won't be able to find the token after x period of time past. To resolve this, we need to update followings:

1. Replace the oidc_keypair_${oidcToken} to oidc_keypair_${FIREBASE_USER_ID} (Something that won't change unless user logout)
2. Implement the logic to check if firestore session is valid inside getUserCredential and if it is not valid, redirect to verify email page.

[esaminu]

@Pessina can you check if you can still repro this?

We should not get to the getUserCredential call if a passkey exists in context and if a passkey doesn't firebase auth will return false and the expected behaviour in that case is to send an email