Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting FirebaseError (auth/argument-error) if authDomain URL specifies port number #7233

Closed
falk-stefan opened this issue Apr 19, 2023 · 6 comments · Fixed by #7277
Closed

Getting FirebaseError (auth/argument-error) if authDomain URL specifies port number #7233

falk-stefan opened this issue Apr 19, 2023 · 6 comments · Fixed by #7277
Labels
api: auth

Comments

@falk-stefan
Copy link

falk-stefan commented Apr 19, 2023
edited
Loading

The Setup

I have an Angular application which is hosted by a Spring Boot application. This application is deployed with Cloud Run on GCP which means the domain is not running under project-name.firebase.com, but instead under something.run.app

Since the web-app is mobile-focused, I am required to handle sign-ins via redirect. Hence, I am following redirect best practices from the documentation.

Note: I am actually not sure why I have to do this. Logging in form the localhost always used to work. The reason why I am doing all this is actually production. I wasn't able to login on the production deployment which led me down the rabbit hole of "how to best practive on redirects".

There, option 3 suggests to proxy any /__/auth requests, which is what I am doing by configuring my Spring Boot server as a proxy for any requsts on said paths:

spring:
  cloud:
    gateway:
      routes:
        - id: firebase-auth
          uri: "xxxxxxxxxx.firebaseapp.com"
          predicates:
            - Path: "/__/auth/**"

Since I don't know how to validate Firebase Authenticator Emulator JWTs, I am using a (live) development project, an actual Firebase Project, during local development.

For local development and testing, I am eventually required to set the authDomain to localhost:8008, the address of the local Spring Boot application.

/**
 * Local (development) environment
 */
const API_BASE = 'localhost:8080';

export const environment = {
  production: false,
  apiBaseUrl: `https://${API_BASE}`,
  firebase: {
    config: {
      apiKey: "xxxxxxxxxxxxxxxxxxxxxxx",
      authDomain: `${API_BASE}`,
      projectId: "xxxxxxxxxxxxxxxxxxxxxxx",
      storageBucket: "xxxxxxxxxxxxxxxxxxxx.appspot.com",
      messagingSenderId: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      appId: "xxxxxxxxxxxxxxxxxxxxxxxx"
    }
  }
};

The Problem

However, the application crashes right on startup with the following error:

main.ts:6 ERROR FirebaseError: Firebase: Error (auth/argument-error).
    at createErrorInternal (index-3363a72a.js:476:40)
    at _assert (index-3363a72a.js:480:15)
    at index-3363a72a.js:9425:13
    at Component.instanceFactory (index-3363a72a.js:9440:10)
    at Provider.getOrInitializeService (index.esm2017.js:290:39)
    at Provider.initialize (index.esm2017.js:234:31)
    at initializeAuth (index-3363a72a.js:594:27)
    at angular-fire.js:227:48
    at angular-fire.js:160:59

This error only occurs if I am specifying the port number on the URL. Setting authDomain to just localhost or 0.0.0.0, won't crash the app. However, in this case I am not able to sign-in as the server requires port 8080.

I have tried to prepare a StackBlitz example, but for some reason I am unable to import browserPopupRedirectResolver, browserSessionPersistence and indexedDBLocalPersistence because why not?! which means I am unable to provide a reproducable example at this point.

The Question

How can I fix this issue and make it work?
@google-oss-bot
Copy link
Contributor

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
@hsubox76
Copy link
Contributor

Seems to be from an _assert added in #7191 in register.ts if that helps any auth team members looking into it.
@falk-stefan
Copy link
Author

falk-stefan commented Apr 20, 2023
edited
Loading

Why is !authDomain?.includes(':') even a condition? 🤔

People may ask "Why do you even need authDomain to be on localhost? Use emulators!". And the reason is I am unable to verify emulator-generated JWT tokens on my Spring Boot backend during (local) development.

So.. my preferred option here would be to find a way to provide a issuer-uri s.t. JWT tokens can be verified.. the less preferred option is to work with a (live) Firebase project over localhost which is why I need to be able to set authDomain to localhost:8080.

@sam-gc @renkelvin
@falk-stefan
Copy link
Author

@prameshj in #7037 you recommended to follow https://firebase.google.com/docs/auth/web/redirect-best-practices. However, if I do that then it's rather difficult to test authentication on a local machine if Firebase Auth does not accept an authDomain on like localhost:8080.

Is there a chance that this will be fixed anytime soon or am I missing something here?
@prameshj
Copy link
Contributor

prameshj commented May 1, 2023
edited
Loading

@falk-stefan This is a valid usecase. We will work on supporting port numbers in the authDomain.

Also this check existed even before #7191, it was just refactored in that PR.
@prameshj
Copy link
Contributor

prameshj commented May 1, 2023

cc @bhparijat
@bhparijat bhparijat mentioned this issue May 5, 2023
Merged
@falk-stefan falk-stefan mentioned this issue May 18, 2023
Open
@aryehsanders aryehsanders mentioned this issue Jun 1, 2023
Open
@firebase firebase locked and limited conversation to collaborators Jun 5, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
api: auth
5 participants
@hsubox76 @google-oss-bot @prameshj @falk-stefan @jbalidiong