Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AppCheck] firestore missing or insufficient permissions after a while #5842

Closed
orbachar opened this issue Dec 28, 2021 · 7 comments · Fixed by #5902
Closed

[AppCheck] firestore missing or insufficient permissions after a while #5842

orbachar opened this issue Dec 28, 2021 · 7 comments · Fixed by #5902
Assignees
@ehsannas
Labels
api: appcheck api: firestore v9

Comments

@orbachar
Copy link

orbachar commented Dec 28, 2021
edited
Loading

  • Browser version: Chrome
  • Firebase SDK version: 9.6.1
  • Firebase Product: app check

Hey,
I am using app check with reCAPTCHA Enterprise and Cloud Firestore enforced on my webapp.
I also set the token TTL to 30 minutes.

I noticed that after a while when the browser idle, I am getting "FirebaseError: Missing or insufficient permissions." and can't query the DB anymore.

image

refresh fixes it..
so I believe it is because the token isn't valid anymore, although I enabled auto refresh.

this is the code I am using

        const appCheck = initializeAppCheck(app, {
            provider: new ReCaptchaEnterpriseProvider(appCheckRecaptchaKey),
            isTokenAutoRefreshEnabled: true // Set to true to allow auto-refresh.
        });

image
@google-oss-bot
Copy link
Contributor

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
@jbalidiong jbalidiong added the v9 label Jan 3, 2022
@thebrianchen thebrianchen self-assigned this Jan 4, 2022
@ehsannas ehsannas self-assigned this Jan 5, 2022
@ehsannas
Copy link
Contributor

ehsannas commented Jan 5, 2022

Thanks for reporting @orbachar. Would you be able to enable debug messages and provide the debug logs?

you can enable debug messages using setLogLevel

Moreover, if you have an easy repro code that you can share (e.g. via a GitHub repo) that'd speed up our investigation.

Thanks
@thebrianchen thebrianchen removed their assignment Jan 5, 2022
@orbachar
Copy link
Author

orbachar commented Jan 6, 2022

attaching logs:

image
image
@ehsannas
Copy link
Contributor

ehsannas commented Jan 7, 2022

Thanks @orbachar . I want to make sure this is indeed an AppCheck issue (rather than an Authentication issue). Can you please confirm that if you turn off AppCheck enforcement for Firestore in the Firebase Console, the issue does not occur anymore?
@orbachar
Copy link
Author

orbachar commented Jan 9, 2022

yes, I did that again today just to make sure - with AppCheck unenforced for Firestore, it doesn't happen. if I turn on appCheck again, the errors return after some idle time
@ehsannas
Copy link
Contributor

Thanks for confirming @orbachar.
@ehsannas
Copy link
Contributor

@orbachar I was able to reproduce this issue. I'll continue to look into fixing this.
@ehsannas ehsannas mentioned this issue Jan 18, 2022
Merged
@google-oss-bot google-oss-bot mentioned this issue Jan 26, 2022
Merged
@firebase firebase locked and limited conversation to collaborators Feb 26, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
api: appcheck api: firestore v9
6 participants
@ehsannas @thebrianchen @google-oss-bot @rizafran @orbachar @jbalidiong