-
Notifications
You must be signed in to change notification settings - Fork 898
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Requested authentication state persistence isn't retained #8545
Comments
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight. |
Hi @dsl101, thanks for reporting this issue. You mentioned that this issue also occurs when using As a temporary workaround while we look into this, would reapplying |
Calling if (isSignInWithEmailLink(auth, window.location.href)) {
await signInWithEmailLink(auth, email, window.location.href)
setPersistence(auth, browserSessionPersistence)
window.location.replace("/") // Dismiss redirect
} else {
await signIn({ email });
} Now, after sending the link and signing in on tab 1, opening a second tab and pasting in the URL does not show me as logged in on that second tab. Indeed, I can authenticate using a second email address on the second tab, and the 2 are isolated. However, the react app has this section in if (user) {
return (
<div>
<div>Logged in {user.email}</div>
<br />
<button onClick={() => window.open("/openedTab", "_blank")}>
Open new tab same domain
</button>
<br />
<button onClick={signOut}>Logout</button>
</div>
);
} Using that button on tab 1 (authenticated) opens a new tab and it is authenticated. Is this the expected behaviour when opening a tab via Regarding using import {
browserSessionPersistence,
setPersistence,
signInWithRedirect,
GoogleAuthProvider,
} from "firebase/auth"
const signInRedirect = () => {
return setPersistence(auth, browserSessionPersistence).then(() => {
console.log('Persistence:', auth.persistenceManager.persistence)
return signInWithRedirect(auth, new GoogleAuthProvider()).then(() => {
console.log('redirect succeeded')
})
})
} Again, the logged persistence SESSION before the call to Note that However, and I don't know if this is a client-side bug or a browser setting, but the above flow for auth works fine (albeit with the persistence issue) on Firefox, but not on Chrome. The redirect for google authentication happens, and the app is reloaded at the end of that flow, but the useEffect(() => {
return onAuthStateChanged(auth, async (userData) => {
console.log("onAuthStateChanged:", userData);
if (userData) {
try {
console.log("Persistence:", userData.auth.persistenceManager.persistence)
setUser(() => userData);
} catch (e) {
// eslint-disable-next-line
console.log(e);
}
} else {
setUser(null);
}
setFirstCheck(() => false);
});
}, []); |
Hi @dsl101, It may be the case that this is a timing issue and the persistence config is landing too late for it to properly take effect. Could you try initializing Auth with the Session persistence setting to see what the behavior is? If, even after that, there continues to be a problem then I'll bring it directly to the Auth team. Thanks! |
I tried initialising the app like this: import { initializeApp } from 'firebase/app'
import { browserSessionPersistence } from 'firebase/auth'
initializeApp({
persistence: [ browserSessionPersistence ],
apiKey: "...",
authDomain: "...",
projectId: "...",
})
const auth = getAuth(app)
console.log('persistenceManager:', auth.persistenceManager) and this logs return onAuthStateChanged(auth, async userData => {
console.log("[onAuthStateChanged] userData:", userData);
console.log('[onAuthStateChanged] auth.persistenceManager.persistence.type:', auth.persistenceManager.persistence.type) and that logs:
before login. So, it really doesn't look like the persistence manager is behaving well at all... |
Hi @dsl101, Ah yes, sorry. The Instead, could you invoke initailizeAuth instead of Thanks! |
Sorry, I read Using this: const auth = initializeAuth(app, {
persistence: [ browserSessionPersistence ],
}) shows But in any case, that does make offering the user the choice (e.g. a 'Remember me' checkbox) difficult if it has to be done at initialisation. How can the persistence be set prior to authentication? And is the documentation that says the persistence state will be remembered wrong? |
Hi @dsl101, Please note that your code uses
In your case, you do not need to define a |
Are we agreed this is a bug of some kind? Whether it's an actual bug or just a timing issue, it ought to be possible to specify the persistence based on user input before processing the authentication. As to why |
Ok, thanks for following up. I'll bring this up with the Firebase Auth team. |
Operating System
windows
Environment (if applicable)
Chrome 131, Firefox 130
Firebase SDK Version
10.13.2
Firebase SDK Product(s)
Auth
Project Tooling
React app / Vue & Quasar app
Detailed Problem Description
This page states that calls to
setPersistence()
prior tosignInWithRedirect()
should reapply the requested persistence model at the end of the redirect flow. We are seeing that despite requestingbrowserSessionPersistence
before sending the link, and pasting the emailed link directly into the same browser tab, the persistence model is reverting to LOCAL.This also happens with federated auth providers using
signInWithRedirect()
.Steps and code to reproduce issue
E.g. minimal piece of code to send a signin link by email:
Note the persistence printed to console here is:
After pasting the redirect link and re-entering the email address on the test app, this code detects & applies the authentication:
and the
onAuthStateChanged()
handler:logs:
The text was updated successfully, but these errors were encountered: