Skip to content

Login access token for sign in functionality missing #8905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
seaders opened this issue Apr 8, 2025 · 1 comment
Open

Login access token for sign in functionality missing #8905

seaders opened this issue Apr 8, 2025 · 1 comment
Labels
api: auth needs-attention question Repro Needed

Comments

@seaders
Copy link

seaders commented Apr 8, 2025

Operating System

Windows 11, macOS 15.4

Environment (if applicable)

Chrome 135, Node 22.14.0

Firebase SDK Version

11.1.0

Firebase SDK Product(s)

Auth

Project Tooling

React Chrome extension with Plasmo

Detailed Problem Description

In Chrome extensions, you can have many contexts which don't share user login functionality. For "true" sign in, this can be circumvented by controlling the login flow, like

// shared storage between all clients
const authStorage = new Storage()

const USER_TOKEN_KEY = "user_token"

authStorage.watch({
  [USER_TOKEN_KEY]: ({ newValue, oldValue }) => {
    if (newValue !== oldValue) {
      const credential = GoogleAuthProvider.credential(null, newValue as string)
      void signInWithCredential(auth, credential)
    }
  }
})

function signIn() {
  const responseUrl = await chrome.identity.launchWebAuthFlow({
    url: getAuthUrl(),
    interactive: true
  })

  const url = new URL(responseUrl)
  const token = extractAccessToken(url.hash)

  void authStorage.set(USER_TOKEN_KEY, token)
}

This is cumbersome, but, it works for Google sign ins, which is all we've used until now. The token that's synced between contexts, through chrome's shared storage, allows all clients to start a login, and if successful, pushes it to the rest.

The problem now is, we want to add functionality to sign users in as anonymous with signInAnonymously, and while that runs successfully in the context it's started, the accessToken, or idToken returned in the UserCredential response cannot be used to login elsewhere.

Any effort by other contexts to sign in like above results in errors of

FirebaseError: Firebase: Unsuccessful check authorization response from Google: {
  "error_description": "Invalid Value"
}
 (auth/invalid-credential).
    at _errorWithCustomMessage (assert.ts:101:14)
    at _performFetchWithErrorHandling (index.ts:223:21)
    at async _performSignInRequest (index.ts:251:7)
    at async _signInWithCredential (credential.ts:49:9)

I thought about writing this about just signInAnonymously but, realistically, that's just a new issue we're facing here. To properly be able to solve this, I consider this a bug affecting all the sign in methods.

This issue is specifically a bug for the chrome environment, but could hit other environments too.

Steps and code to reproduce issue

Login in the popup context of a chrome extension and try to login with that same user in the injected content context, there isn't any way to do with the api. (and no way to do it at all with login as anonymous)
@seaders seaders added new A new issue that hasn't be categoirzed as question, bug or feature request question labels Apr 8, 2025
@google-oss-bot
Copy link
Contributor

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

@jbalidiong jbalidiong added api: auth Repro Needed needs-attention and removed needs-triage new A new issue that hasn't be categoirzed as question, bug or feature request labels Apr 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api: auth needs-attention question Repro Needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@seaders @google-oss-bot @jbalidiong