After upgrading React Native to 0.65 or 0.66, logIn to realm app fails

[chris44f]

How frequently does the bug occur?

All the time

Description

Currently, as part of signing in to our android app, we pass in a jwt to Realm.Credentials to get credentials which are then used to login to the app, the code being as follows:

export const signIn = async jwt => {
  const creds = Realm.Credentials.jwt(jwt);
  await realmApp?.logIn(creds);
  _currentUser = realmApp?.currentUser;
};

This works absolutely fine and have had no issues on RN v0.64.2, but when attempting to upgrade React Native to either 0.65.1 or 0.66.1, the logIn throws an error and fails.

The version of Realm currently being used in the app is 10.8.0, although I did update it to 10.9.1 to see if that resolved the issue, with no luck.

When console logging out 'creds' whilst attempting to debug, it returned an empty object {} - although I wasn't sure if this was linked to other issues raised on Realm regarding logging of realm objects.

Stacktrace & log output

LOG  Wed Nov  3 09:23:20 2021 | INFO | {"message":"App State Change: active"}
 LOG  Wed Nov  3 09:23:30 2021 | INFO | {"message":"Starting login for user: CF0001","userId":"CF0001"}
 LOG  Wed Nov  3 09:23:38 2021 | WARN | {"message":"Login failed - {\"message\":\"invalid custom auth token: valid UID required (between 1 and 128 characters)\",\"code\":47}","userId":"CF0001"}
 LOG  Wed Nov  3 09:23:38 2021 | INFO | Signing user out of realm

Can you reproduce the bug?

Yes, always

Reproduction Steps

• Upgrade React Native to version 0.66.1, installing required npm packages and pods
• Run react-native run-android

Version

10.8

What SDK flavour are you using?

Local Database only

Are you using encryption?

No, not using encryption

Platform OS and version(s)

Android, React Native 0.65.1

Build environment

No response

[kraenhansen]

When console logging out 'creds' whilst attempting to debug, it returned an empty object {} - although I wasn't sure if this was linked to other issues raised on Realm regarding logging of realm objects.

Yeah, unfortunately we still have developer experience issues on this. If you console.log the payload off the credentials you should be able to read the JWT:

console.log(creds.payload);

I found this (slightly related) post on SO: https://stackoverflow.com/questions/62240591/mongodb-stitch-jwt-custom-auth-valid-uid-required-between-1-and-128-characters - but the proposed solution is unclear to me.

Stupid question: Are you sure the JWT is not expired?

[chris44f]

When I log out the payload as suggested, I get an object with the provider property of "custom-token" and a token property with a jwt value identical to the jwt argument.

I don't think it'll be a JWT expiry issue, as it works fine on our master branch and the only changes locally are those given from the react native upgrade helper (https://react-native-community.github.io/upgrade-helper/?from=0.64.2&to=0.65.2), but I've checked and the JWT has an expiry of 30 minutes and we have a refresh saga which runs if it expires and provides a new one.

If I decode the token, and looking at that issue you linked, I can see that on my decoded JWT, the "sub" attribute is "". Could it be that the sub attribute is now required?

[kraenhansen]

Could it be that the sub attribute is now required?

The JWT isn't read by the client side SDK before it's sent, so that wouldn't explain the sudden change introduced by upgrading RN version. It is my understanding that the error you're experiencing is the server rejecting the JWT.

[chris44f]

Thanks @kraenhansen for your help - after further digging this is actually related to our use of react-native-device-info and changes to privacy on Android 11 that restricts obtaining a MAC address (which we use as a parameter in our JWT generation).

[mangkoran]

@chris44f How do you solve it? Currently experiencing this issue on RN 0.66.4.