When a user is logged-in in firefox and if the same user login in other browser, the session in firefox should automatically logout. This is working in all the other browsers except in firefox. onMessage callback in the below screenshot is never being executed.
Steps to reproduce:
Login using firefox browser.
Open other browser and login with the same credentials.
Session in firefox is still active
expected behaviour - firefox session has to be logged-out(onMessage function has to be expecuted).
const messaging = firebase.messaging()
messaging.onMessage((payload) => {
props.setPushNotificationEvent(payload.data)
})
Related
I have a web application that uses firebase UI to sign user in. We have already replaced the auth domain in firebase config to the custom domain where the app is running and have also tried switching to signInWithPopup but the social providers Facebook and Microsoft do not seem to work on certain iOS and macOS devices while working for those in others. While sign in with Google works for everyone.
Like in my application I am able to login comfortably with Microsoft via firebase UI in India, but on the same iOS version I am unable to do so in USA. Where it gets more bizarre is on macOS I am able to log in to application via Facebook in India and Ukraine but not in USA. This might not be related to regions but to specific devices. But for me since all the devices are essentially the same I don't seem to figure out the issue. Also I have verified and the settings of browsers on all the different devices is same.
`<script type="module">
const authorization = firebase.auth();
const uiConfig = {
callbacks: {
signInSuccessWithAuthResult : function(authResult, redirectUrl)
{
document.getElementById('loader').style.display = 'block';
return false;
},
uiShown: function()
{
document.getElementById('loader').style.display = 'none';
}
},
signInOptions: [
firebase.auth.GoogleAuthProvider.PROVIDER_ID,
'microsoft.com',
firebase.auth.FacebookAuthProvider.PROVIDER_ID,
firebase.auth.EmailAuthProvider.PROVIDER_ID,
firebase.auth.PhoneAuthProvider.PROVIDER_ID,
],
};
// Initialize the FirebaseUI Widget using Firebase.
const ui = new firebaseui.auth.AuthUI(authorization);
// The start method will wait until the DOM is loaded.
ui.start('#firebaseui-auth-container', uiConfig);
</script>`
This is my code snippet, that I am using to render firebase UI. For the devices on which it is not working what actually happening is:
The page loads
User selects sign in with Microsoft
User is taken to Microsoft page (either by redirection or by popup, does not matter in our case)
User completes the sign in on Microsoft page
User is taken back to our page but now the login ui disappears and the loader is not visible
I also checked the user in not signed in by looking at firebase user record in local storage.
Note: For other devices(where it is working) on coming back to login page it tries to extract the login token of user and if it gets it, it is added as the cookie and the application works as expected.
firebase.auth().onIdTokenChanged(async (user) => { if (user) { user.getIdToken().then(function (accessToken) { document.cookie = #Json.Serialize(FirebaseAuthConfiguration.CookieName) + "=" + accessToken.toString() + "; path=/"; }); } });
Devices its working fine on:
Windows Machines
Android Devices
IPhones in India
Devices its having issues on:
IPhone, IPad (Microsoft and Facebook not working USA and Ukraine`your text`)
Macbook(Facebook not working Ukraine)
Macbook (Facebook and Microsoft not working USA and Ukranine
Tried replacing the auth domain in firebase config to the custom domain where the app is running also switching to signInWithPopup
I finally found a solution, safari does not allow sub domain of a site to access its internal storage, which in turn affects all the web browsers running on iOS since they all use webkit. Opting for firebase hosting did not help in my case either, the only possible solution I found was to either Self-host the sign-in helper code in my domain or to Proxy auth requests to firebaseapp.com. The issue lies here with cross domain storage access. In my opinion and my findings Proxy auth requests to firebaseapp.com appears to be the only fruitful way to mitigate this issue.
My application sends its users some e-mails with links inside.
The user is logged in the browser, in a persistent session that lasts even when the user closes the browser.
If the user CLICKS the link in the e-mail, it opens a not authenticated (in my application) new tab in the browser, as if the user hadn't logged in. Just as if the click from inside the e-mail cleared the browser cookies before opening the page.
If they COPY AND PASTE the link in their browser, it works just fine, with the link being opened in a authenticated session in my application.
I use Firebase to manage authentication in my platform.
This issue happens both on desktop and mobile.
I've successfully set up a passwordless sign-in flow on mobile (using dynamic links). It works on iOS and Android, as long as the sign-in link is opened on the same mobile device.
I would like to support the scenario where users sign-in on mobile, but open the link on their PC. Is this even possible?
When clicking the link on the PC, I currently see an empty page, with the URL configured in my ActionCodeSettings:
const actionCodeSettings: FirebaseAuthTypes.ActionCodeSettings = {
handleCodeInApp: true,
url: 'https://the-url-i-see',
iOS: {
bundleId: '...',
},
android: {
packageName: '...',
installApp: true,
},
}
Which parts are missing on my end?
UPDATE
I'm one step closer: I created an index.html to be served via https://the-url-i-see:
if (firebase.auth().isSignInWithEmailLink(window.location.href)) {
email = window.prompt('Please provide your email for confirmation');
firebase.auth().signInWithEmailLink(email, window.location.href).then(() => {
console.log('Sign-in successful')
}).catch(e => {
console.error('Sign-in failed', e)
})
}
What works now:
Requesting a sign-in on mobile sends an email link
Opening the link on PC navigates to the above index.html
After confirming the email through the prompt:
Login is successful: 'Sign-in successful' in console
New user created/visible in Firebase Console
What is still missing:
Mobile app is not notified about the sign-in (specifically, onAuthStateChanged handler is not firing).
Meanwhile I've learned that this is not how Firebase Auth works. My new understanding, overly simplified:
A sign-in link is like a ticket
The ticket can be used to sign-in once
Signing in is specific to one firebase.auth() realm (which will trigger onAuthStateChanged in this realm)
In my case: one auth realm = one device
TL;DR: Passwordless sign-in across devices is not supported out-of-the-box
Firebase auth with signInWithCustomToken not working on Safari web extension.
also firebase.auth().signInWithCredential(credential) not working.
the code is executed from the content script.
firebase.auth().signInWithCustomToken(token).then((res)=> {
}, (err)=> {
})
// i am not getting any response. not even error.
on chrome extension everything works fine. any idea why its not working?
I'm trying to get google sign in working in my web application using their JavaScript api.
var auth2 = gapi.auth2.getAuthInstance();
// Sign the user in, and then retrieve their ID.
auth2.signIn().then(function () {
onGoogleSuccess(auth2.currentUser.get());
});
It works great in safari, but I get a 403 disallowed_useragent if the user has added my app to their home screen (standalone mode).
Is there any way to get around the new security restrictions? this seems like an oversight for web applications