You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So, I've been having an annoying issue that was hard for me to diagnose.
Basically, if you've got a Flutter app using Firebase Auth, you may encounter cryptic problems if you don't have Token Service API authorized in your Google Cloud keys.
Issues including:
Await calls on transactions (like setting a value on FireStore) never returning on iOS.
Get streams returning empty lists without throwing an error
User still being registered, and thus my app showing it as authenticated even though the refresh token was invalid.
I've already had a similar problem with the API restrictions feature of Google Cloud, it's happened to me twice, and it's really painful to debug.
Now I understand that authentication is not supposed to work if the API is restricted at the key level.
But there are multiple issues here that should still be addressed:
The only log that is sent talks of an internet connectivity issue while the Token Service API returns a 403, so clearly not an internet connectivity issue. This log could be improved to better represent the actual error.
The log downplays the seriousness of the issue. Not having token renew after an hour is a major problem. The log should be especially clear and be considered an error instead of a warning. Crashing the app in debug mode could even be considered.
Network calls to other Firebase APIs subsequently fail in ways that are not acceptable. An await call never returning should not happen, this should be fixed no matter what.
Network calls to other Firebase APIs never communicate the issue clearly. Since the app switches to offline mode, some things work, some don't, and I haven't encountered the 403 error from Token Service at any point apart from the cryptic log warning.
The main problem here is that communication from the Firebase SDK to the developer is lacking on this specific issue. There are three axis of improvements:
Communication through better logging and error handling,
Stability by fixing the non-completing await on iOS,
Prevention by better explaining Google Cloud API restrictions. I did not find a documentation page explaining which APIs are restricted for each Firebase service to work properly. Which is a shame… Maybe there are other services I should whitelist for my keys but I'm not yet aware of them.
Thank you for your work maintaining this project.
Reproducing the issue
Have a project with Firebase Authentication enabled, but using an API key without the Token Service API permission in Google Cloud.
Build and run the app
If logging is working, you may be able to see the log I mentioned in the Relevant Log Output section
Authenticate the user
Perform a GET or a SET request to cloud firestore, notice that it works
Leave the app, come back to it one hour later
Notice that you cannot get anything
Notice that on iOS, streams silently fail (return nothing without providing a reason)
Notice that on iOS, await calls for transactions never return
Firebase Core version
3.5.0
Flutter Version
3.24.3
Relevant Log Output
- [Firebase/Firestore][I-FST000001] Could not reach Cloud Firestore backend. Connection failed 1 times. Most recent error: An internal error has occurred, print and inspect the error details for more information.
This typically indicates that your device does not have a healthy Internet connection at the moment. The client will operate in offline mode until it is able to successfully connect to the backend.
Is there an existing issue for this?
Which plugins are affected?
Auth
Which platforms are affected?
iOS
Description
So, I've been having an annoying issue that was hard for me to diagnose.
Basically, if you've got a Flutter app using Firebase Auth, you may encounter cryptic problems if you don't have Token Service API authorized in your Google Cloud keys.
Issues including:
I've already had a similar problem with the API restrictions feature of Google Cloud, it's happened to me twice, and it's really painful to debug.
Now I understand that authentication is not supposed to work if the API is restricted at the key level.
But there are multiple issues here that should still be addressed:
The main problem here is that communication from the Firebase SDK to the developer is lacking on this specific issue. There are three axis of improvements:
Thank you for your work maintaining this project.
Reproducing the issue
Have a project with Firebase Authentication enabled, but using an API key without the Token Service API permission in Google Cloud.
Firebase Core version
3.5.0
Flutter Version
3.24.3
Relevant Log Output
Flutter dependencies
Expand
Flutter dependencies
snippetAdditional context and comments
No response
The text was updated successfully, but these errors were encountered: