Users get logged out and remain in invalid authentication state #3885
Comments
|
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight. |
|
Thanks for the detailed explanation and reproducible example, @SteveBurkert. I'll notify our engineers and see what we can do here. |
|
Hi, thanks for filing this issue! We are unable to promise any timeline for this, but if others also have this issue, adding a +1 on this issue can help us prioritize adding this to the roadmap. (Googler-only internal tracking bug: b/238776633) |
|
We recently noticed a similar behaviour. Maybe it's related so I'm going to explain our findings: First of all, we're using Anonymous Authentication in our app. We call A few weeks ago users started complaining that they are losing their data on every app start. We looked into this and could reproduce a case where We assume that some update of the Additionally we noticed a few We hope this information helps in identifying and fixing the problem soon 🤞🏼 |
|
Hey there. Any updates on this issue? We recently added some massive logging on our end and we've found that on some permission denials, Here is one of the logs from crashlytics with a dedicated custom exception: This list shows all the providers the user is signed up with... May I highlight <truncated: 1267558 chars> here! SDK internally The provider id |
|
Hello, I would also like to ask what the progress is on this issue? We're still seeing a lot of |
|
Hi all, this issue is now fixed in Firebase BoM version 32.0.0 or Authentication version 22.0.0. That said, I'll close this issue now. Feel free to reply back here if there's any issue. Thanks! |
|
@argzdev Wow, that are great news, thank you! 👍🏼 What was the reason for the wrong authentication state and what was the fix? I'm curious and would like to know 😃 |
|
Hi @svenjacobs, according to the internal bug link, it seems that this is the possible reason:
|
|
That are really great news! May I ask, does this solve both of the problems, meantioned in the discussion?
Thank you, @argzdev |
|
Hi @SteveBurkert, the fix is only for the first issue.
As for the second issue with 130 providers duplicated, this is not yet fixed. We aren't exactly sure what causes the duplicate providers, we're still trying to figure this out, so we can't guarantee that the fix for the first issue also affects the second issue. |
[READ] Step 1: Are you in the right place?
We use FirebaseAuthentication, which is part of the sdk, so I think yes.
[REQUIRED] Step 2: Describe your environment
Updated dependencies in the affected releases:
com.google.android.gms:play-services-auth:20.1.0 -> com.google.android.gms:play-services-auth:20.2.0
com.android.tools.build:gradle:7.0.4 -> com.android.tools.build:gradle:7.1.3
com.google.firebase:firebase-bom:29.1.0 -> com.google.firebase:firebase-bom:29.3.1
[REQUIRED] Step 3: Describe the problem
TL;DR:
Users loose their registration and end up in an invalid anonymous registered state.
FirebaseAuth.getCurrentUserprobably returnsnull, even though there is a user andauth is initialized.
FirebaseUser.isAnonymousreturnsfalse, even though the account isonly registered using anon registration.
Long:
It's really not easy to describe the problem, so I'll try to explain the timeline and setup.
We use Firebase for authentication and it's realtime database to build a community
feature within our application, where users have profiles.
On first app start, users get signed in anonymously, until they decide to use a real auth provider,
after which the anon and "real" account get linked. So far, so normal.
After a new release we noticed within our internal test flavor, that some of the registred (non anon) users
loose their names and profiles and can no longer interact with the community.
We also noticed thousands of database permission excpetions and almost the same amount
of
FirebaseNetworkExceptions.I investigated a company owned device that was affected and it actually turns out
that the affected "user" belongs to an anonymous regsitration (UID -> console),
although the owner of the phone was registered in our community through google since 1.5 years before that.
The only option to go back from a google/facebook etc registration to an anonymous registration,
is through logging out!
And if you log out, we sign you back in anonymously, but we will not make DB calls anymore,
since
FirebaseUser.isAnonymousreturnstruein this case.But in our case here, the client "thinks" that it still has a profile and is normally registered (google/facebook etc.).
Therefore the client always tries to read and write DB notes, which are restricted for anon users
and which we code-wise prohibit by calling the
FirebaseAuthenticationtypicall methods.Till today, we have almost like 10k affected users.
Steps to reproduce:
The only way I see that a normal registered user is "again anonymous", (and which I was
kind of able to reproduce), would be if
FirebaseAuth.getCurrentUserreturnsnull,even though there is a normal registered account.
In this case we would wrongly call
signInAnonymouslyOVER the current registration.I tried it, and if you do this, the
FirebaseUserwill end up in an invalid state and returnFALSEforFirebaseUser.isAnonymous, even thoughgetProviderDatawill only return 1 entry containing"firebase".This would in our case result in executing multiple DB-write approaches, which will of course fail
and might be the reason for the thousands Database Permission Erros.
I don't know how
FirebaseAuth.getCurrentUserwould returnnullfor normal account though.Maybe the thousands occurences of
FirebaseNetworkExceptionare related toFirebaseAuthreturning
nullfor current user.I will provide a minimal repo, to reproduce the
isAnonymous == falseissue.And I will provide a small code snippet of our authentication app startup.
Our authentication app startup procedure is very simple.
2a. If there is non, register an anonymous account
2b. If there is one, make a quick DB call, but only if the account is not anonymous
Relevant Code:
Exceptions:
FirebaseNetworkException- first occurence May 5h, 2644 non-fatal events affecting 1074 users in the last 90 daysWhich is probably causing:
DatabaseException- first occurence May 8h, 79531 non-fatal events affecting 21038 users in the last 90 daysMinimal repo - showcase
isAnonymouswrong statehttps://github.com/SteveBurkert/firbease-zombie-user-example
(The repo only showcases how you can reproduce to make
FirebaseUser.isAnonymousreturnfalse, even though it is anonymously registered.)Thanks in advance.
The text was updated successfully, but these errors were encountered: