Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User is created in a specific tenant although tenantID was not specified #10748

Closed
tsahi-deri opened this issue Jan 29, 2023 · 7 comments · Fixed by #10805
Closed

User is created in a specific tenant although tenantID was not specified #10748

tsahi-deri opened this issue Jan 29, 2023 · 7 comments · Fixed by #10805
Assignees
@renkelvin
Labels
api: auth
Milestone
10.6.0 - M128

Comments

@tsahi-deri
Copy link

tsahi-deri commented Jan 29, 2023
edited
Loading

Description

We configured two Firebase apps using Google Identity Platform and multi-tenancy enabled. The default Firebase app is being used with a specific tenant ID to authenticate users on the tenant level. A secondary Firebase app is being use to authenticate users on the root project level (outside all other tenants). We are using 2 different auth instances for the 2 Firebase apps.

Everything is working fine with the default Firebase app. Although I found strange behavior using the second app.
When using the secondary auth (without tenant ID configured) we successfully authenticate users, the user.tenantID is null BUT its access token contains information about the tenant ID and the user is being register in the tenant level and not in the root project as it should be.

Firebase app configurations

let filePath = Bundle.main.path(forResource: self.environment.google.infoPlistName, ofType: "plist")!
let options = FirebaseOptions(contentsOfFile: filePath)
FirebaseApp.configure(options: options!) // App for a specific tenant
FirebaseApp.configure(name: "RootProjectLevelApp", options: options!) App for root project

Using the auth instances

let tenantAuth = Auth.auth()
tenantAuth.tenantID = "SOME_TENANT_ID"
let rootProjectApp = FirebaseApp.app(name: "RootProjectLevelApp")
let rootProjectAuth = Auth.auth(app: rootProjectApp)

Reproducing the issue

  1. Create Firebase or GCP project and configure Authentication
  2. Configure for multi tenancy on GCP project and create at one tenant
  3. In that mobile app, configure 2 Firebase apps and auth as showed in description
  4. Authenticate a user using the root project auth
  5. Verify the access token details
  6. Verify where the user was register (in the root of inside a tenant)

Firebase SDK Version

10.3.0

Xcode Version

13.3.1

Installation Method

Swift Package Manager

Firebase Product(s)

Authentication, Crashlytics, DynamicLinks

Targeted Platforms

iOS

Relevant Log Output

No response

If using Swift Package Manager, the project's Package.resolved

Expand Package.resolved snippet 
{
  "pins" : [
    {
      "identity" : "abseil-cpp-swiftpm",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/firebase/abseil-cpp-SwiftPM.git",
      "state" : {
        "revision" : "d302de612e3d57c6f4afaf087da18fba8eac72a7",
        "version" : "0.20220203.1"
      }
    },
    {
      "identity" : "alamofire",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/Alamofire/Alamofire.git",
      "state" : {
        "revision" : "78424be314842833c04bc3bef5b72e85fff99204",
        "version" : "5.6.4"
      }
    },
    {
      "identity" : "appauth-ios",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/openid/AppAuth-iOS.git",
      "state" : {
        "revision" : "3d36a58a2b736f7bc499453e996a704929b25080",
        "version" : "1.6.0"
      }
    },
    {
      "identity" : "boringssl-swiftpm",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/firebase/boringssl-SwiftPM.git",
      "state" : {
        "revision" : "dd3eda2b05a3f459fc3073695ad1b28659066eab",
        "version" : "0.9.1"
      }
    },
    {
      "identity" : "braintree-ios-drop-in",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/braintree/braintree-ios-drop-in",
      "state" : {
        "revision" : "d4ee6799c70ab70545054acf60475315c5fd6196",
        "version" : "9.5.0"
      }
    },
    {
      "identity" : "braintree_ios",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/braintree/braintree_ios",
      "state" : {
        "revision" : "b544c9abcad18c80478d279a410d8a414b8828c5",
        "version" : "5.15.0"
      }
    },
    {
      "identity" : "eventsource",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/inaka/EventSource",
      "state" : {
        "branch" : "master",
        "revision" : "78934b361891c7d0fa3d399d128e959f0c94d267"
      }
    },
    {
      "identity" : "facebook-ios-sdk",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/facebook/facebook-ios-sdk",
      "state" : {
        "revision" : "7fd8a930a5b2c940a22efafe0e214ed0df671312",
        "version" : "15.1.0"
      }
    },
    {
      "identity" : "firebase-ios-sdk",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/firebase/firebase-ios-sdk.git",
      "state" : {
        "revision" : "dce2e1abc6c0d5e830ff1cffe3f8633fda64001e",
        "version" : "10.3.0"
      }
    },
    {
      "identity" : "fittedsheets",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/gordontucker/FittedSheets",
      "state" : {
        "revision" : "65f9c93718f96c6de234d38c9976e67a0d9e2b28",
        "version" : "2.4.2"
      }
    },
    {
      "identity" : "googleappmeasurement",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/google/GoogleAppMeasurement.git",
      "state" : {
        "revision" : "71eb6700dd53a851473c48d392f00a3ab26699a6",
        "version" : "10.1.0"
      }
    },
    {
      "identity" : "googledatatransport",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/google/GoogleDataTransport.git",
      "state" : {
        "revision" : "5056b15c5acbb90cd214fe4d6138bdf5a740e5a8",
        "version" : "9.2.0"
      }
    },
    {
      "identity" : "googlesignin-ios",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/google/GoogleSignIn-iOS",
      "state" : {
        "revision" : "9c9b36af86a4dd3da16048a36cf37351e63ccfe1",
        "version" : "6.2.4"
      }
    },
    {
      "identity" : "googleutilities",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/google/GoogleUtilities.git",
      "state" : {
        "revision" : "68ea347bdb1a69e2d2ae2e25cd085b6ef92f64cb",
        "version" : "7.9.0"
      }
    },
    {
      "identity" : "grpc-ios",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/grpc/grpc-ios.git",
      "state" : {
        "revision" : "abd2d5a4347efa0454606a788678a5d8ec223738",
        "version" : "1.44.0-grpc"
      }
    },
    {
      "identity" : "gtm-session-fetcher",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/google/gtm-session-fetcher.git",
      "state" : {
        "revision" : "d4289da23e978f37c344ea6a386e5546e2466294",
        "version" : "2.1.0"
      }
    },
    {
      "identity" : "gtmappauth",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/google/GTMAppAuth.git",
      "state" : {
        "revision" : "6dee0cde8a1b223737a5159e55e6b4ec16bbbdd9",
        "version" : "1.3.1"
      }
    },
    {
      "identity" : "haishinkit.swift",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/shogo4405/HaishinKit.swift",
      "state" : {
        "revision" : "8fc3f3b1a52778dc42ebe64b26e67b4a6b9027e0",
        "version" : "1.2.3"
      }
    },
    {
      "identity" : "keychainaccess",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/kishikawakatsumi/KeychainAccess.git",
      "state" : {
        "revision" : "84e546727d66f1adc5439debad16270d0fdd04e7",
        "version" : "4.2.2"
      }
    },
    {
      "identity" : "leveldb",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/firebase/leveldb.git",
      "state" : {
        "revision" : "0706abcc6b0bd9cedfbb015ba840e4a780b5159b",
        "version" : "1.22.2"
      }
    },
    {
      "identity" : "logboard",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/shogo4405/Logboard.git",
      "state" : {
        "revision" : "8cc7656b07e4d327fae42e1320e2e48b8868e3f6",
        "version" : "2.2.2"
      }
    },
    {
      "identity" : "moya",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/Moya/Moya.git",
      "state" : {
        "revision" : "c263811c1f3dbf002be9bd83107f7cdc38992b26",
        "version" : "15.0.3"
      }
    },
    {
      "identity" : "nanopb",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/firebase/nanopb.git",
      "state" : {
        "revision" : "819d0a2173aff699fb8c364b6fb906f7cdb1a692",
        "version" : "2.30909.0"
      }
    },
    {
      "identity" : "nuke",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/kean/Nuke.git",
      "state" : {
        "revision" : "a002b7fd786f2df2ed4333fe73a9727499fd9d97",
        "version" : "10.11.2"
      }
    },
    {
      "identity" : "promises",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/google/promises.git",
      "state" : {
        "revision" : "46c1e6b5ac09d8f82c991061c659f67e573d425d",
        "version" : "2.1.0"
      }
    },
    {
      "identity" : "prynttrimmerview",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/HHK1/PryntTrimmerView",
      "state" : {
        "revision" : "ac1b60a22c7e6a6514de7a66d2f3d5b537c956d5",
        "version" : "4.0.2"
      }
    },
    {
      "identity" : "reactiveswift",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/ReactiveCocoa/ReactiveSwift.git",
      "state" : {
        "revision" : "c43bae3dac73fdd3cb906bd5a1914686ca71ed3c",
        "version" : "6.7.0"
      }
    },
    {
      "identity" : "rxswift",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/ReactiveX/RxSwift.git",
      "state" : {
        "revision" : "b4307ba0b6425c0ba4178e138799946c3da594f8",
        "version" : "6.5.0"
      }
    },
    {
      "identity" : "skeletonview",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/Juanpe/SkeletonView",
      "state" : {
        "revision" : "739a4f5d78731bebc48811c75fa9e1f4c4cef23e",
        "version" : "1.30.4"
      }
    },
    {
      "identity" : "stevia",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/freshOS/Stevia",
      "state" : {
        "revision" : "87dd17a86240f16788239a78dd8be11c4b013150",
        "version" : "4.8.0"
      }
    },
    {
      "identity" : "swift-protobuf",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/apple/swift-protobuf.git",
      "state" : {
        "revision" : "ab3a58b7209a17d781c0d1dbb3e1ff3da306bae8",
        "version" : "1.20.3"
      }
    },
    {
      "identity" : "swiftdate",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/malcommac/SwiftDate.git",
      "state" : {
        "revision" : "6190d0cefff3013e77ed567e6b074f324e5c5bf5",
        "version" : "6.3.1"
      }
    },
    {
      "identity" : "ypimagepicker",
      "kind" : "remoteSourceControl",
      "location" : "https://github.com/Yummypets/YPImagePicker.git",
      "state" : {
        "revision" : "4dbae7a1f69db3d65c47f4106d0ca09f678edeaf",
        "version" : "5.2.1"
      }
    }
  ],
  "version" : 2
}

If using CocoaPods, the project's Podfile.lock

Expand Podfile.lock snippet 
Replace this line with the contents of your Podfile.lock!
@google-oss-bot
Copy link

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
@tsahi-deri
Copy link
Author

tsahi-deri commented Feb 3, 2023
edited
Loading

Hey,
Any update on this issue?
It’s really important for our app.
@paulb777
Copy link
Member

paulb777 commented Feb 3, 2023

Sorry about the issue and delay. We'll try to investigate in the next week.

In the meantime, a fully reproducible example would be helpful either in GitHub or email a zip to paulbeusterien at google.com
@paulb777
Copy link
Member

paulb777 commented Feb 5, 2023

I believe that tenantID should be set via a parameter at https://github.com/firebase/firebase-ios-sdk/blob/master/FirebaseAuth/Sources/Backend/FIRIdentityToolkitRequest.m#L58
@tsahi-deri
Copy link
Author

tsahi-deri commented Feb 7, 2023
edited
Loading

@paulb777
Well, according to your last comment I see the potential bug.
Any FIRIdentityToolkitRequest instance is automatically being configured to use the default Auth tenantID by the lines below, regardless if it being used with another Firebase app/auth.

// Automatically set the tenant ID. If the request is initialized before FIRAuth is configured,
// set tenant ID to nil.
 @try {
      _tenantID = [FIRAuth auth].tenantID;
 } @catch (NSException *e) {
      _tenantID = nil;
 }
@renkelvin renkelvin mentioned this issue Feb 10, 2023
Merged
@paulb777 paulb777 added this to the 10.6.0 - M128 milestone Feb 10, 2023
@tsahi-deri
Copy link
Author

@paulb777 Thanks for the fix.
Do know something about 10.6.0 milestone due date?
@paulb777
Copy link
Member

@tsahi-deri It's targeted for the week of February 27
@firebase firebase locked and limited conversation to collaborators Mar 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
api: auth
5 participants
@paulb777 @renkelvin @tsahi-deri @google-oss-bot @rizafran