-
Notifications
You must be signed in to change notification settings - Fork 894
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firestore query uses stale token after forced refresh #4175
Comments
We're experiencing the same issue in 8.1.2. Code using this pattern worked in 7.24.0, but fails in 8.1.2. Note that after reloading the page, the Firestore queries relying on the new claims will work correctly. |
Hi @jadengis, thanks for filing this issue! This does sound like a bug. Can you try dumping the headers in your Firestore request to check whether or not the correct token is being passed in the request? |
Hi @rosalyntan, how can I get this information? Do I need to enable firestore debug logging, our can I just pull the headers from the network tab? |
Quick ping on this issue. Do you need any more information on it? This is a fairly significant regression. We really want to upgrade to Firebase 8 and this is blocking us. |
As @rosalyntan suggested can you pull the headers from the network tab and let us know if the correct token is being used? It will help us isolate where the underlying issue might be. |
What are the steps to get the relevant headers? Looking at the Network tab I see a lot of webchannel connections which I assume are the Firestore connections. Inspecting them though, I don't see anything that looks like the custom claims data (either stale or fresh) in the headers. Where should I be looking for it? |
The token comes from a response to the auth service. The host + path for the auth service will be You should also enable logging and check it. The SDK's log when a credential change is observed from Auth. |
Update: We've reproduced this issue on our side and confirmed it's an issue in the Firestore SDK. We're actively investigating this. Thanks to everyone for reporting the issue and helping with the diagnosis. |
We're seeing what I think might be the same issue, and it occurs when we try to upgrade from 7.15.5 to 8.2.0 (I haven't been able to isolate the exact version which causes the issue). We're using |
This has been fixed in Firebase 8.2.1 which should be released today (fingers crossed) |
The issue I mentioned was probably not related, and remained in 8.2.1. However, adding a call to |
[REQUIRED] Describe your environment
[REQUIRED] Describe the problem
Steps to reproduce:
In v8.0.0, I am able to perform the following sequence of operations successfully
user.getIdTokenResult(true)
In v8.1.1, the above sequence fails when trying to make the query that requires the new claim. I logged the result of
user.getIdTokenResult(true)
to the console and confirmed that it did in fact has the new claim, which lead me to believe that the firestore sdk is using a stale token. Also after I refresh the page, the query starts working.Relevant Code:
I'm not sure how to create a complete reproduction, as this sequence involves the admin sdk in the backend to create the custom claim, but I will include some code snippets.
I have a firestore rule that looks like this:
In the backend I am running the follow code in an http request to create a custom claim on my user:
In the front end I have code that does the following in response to the above request.
After the above chain of promises I make a query like this:
In version 8.0.0, the above code works, but in 8.1.1 is get a rules violation for the rule snippet above. This leads me to believe firestore is using a stale token without the new claim, even though I forced a refresh.
Thanks for looking into these, please let me know if you require any additional information.
The text was updated successfully, but these errors were encountered: