Mobile Auth fails if credentials have expired

Question

Mobile Auth fails if credentials have expired

yschimke opened this issue a year ago · comments

This is possible a peculiarity of a test account I'm using, but clicking to bookmark an item on mobile fails with an authentication error if credentials have expired.

13:29:37.347  E  FATAL EXCEPTION: main
                 Process: dev.johnoreilly.confetti, PID: 23542
                 com.google.firebase.auth.FirebaseAuthInvalidUserException: The user's credential is no longer valid. The user must sign in again.
                 	at com.google.android.gms.internal.firebase-auth-api.zzxc.zza(com.google.firebase:firebase-auth@@21.1.0:29)
                 	at com.google.android.gms.internal.firebase-auth-api.zzya.zza(com.google.firebase:firebase-auth@@21.1.0:9)
                 	at com.google.android.gms.internal.firebase-auth-api.zzyb.zzl(com.google.firebase:firebase-auth@@21.1.0:1)
                 	at com.google.android.gms.internal.firebase-auth-api.zzxy.zzh(com.google.firebase:firebase-auth@@21.1.0:25)
                 	at com.google.android.gms.internal.firebase-auth-api.zzxa.zzh(com.google.firebase:firebase-auth@@21.1.0:1)
                 	at com.google.android.gms.internal.firebase-auth-api.zzty.zza(com.google.firebase:firebase-auth@@21.1.0:2)
                 	at com.google.android.gms.internal.firebase-auth-api.zzyj.zzb(com.google.firebase:firebase-auth@@21.1.0:10)
                 	at com.google.android.gms.internal.firebase-auth-api.zzyj.zza(com.google.firebase:firebase-auth@@21.1.0:14)
                 	at com.google.android.gms.internal.firebase-auth-api.zzxp.zzf(com.google.firebase:firebase-auth@@21.1.0:4)
                 	at com.google.android.gms.internal.firebase-auth-api.zzvf.zzp(com.google.firebase:firebase-auth@@21.1.0:4)
                 	at com.google.android.gms.internal.firebase-auth-api.zzxb.zzj(com.google.firebase:firebase-auth@@21.1.0:5)
                 	at com.google.android.gms.internal.firebase-auth-api.zzvp.zzc(com.google.firebase:firebase-auth@@21.1.0:1)
                 	at com.google.android.gms.internal.firebase-auth-api.zzyc.run(com.google.firebase:firebase-auth@@21.1.0:1)
                 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
                 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
                 	at java.lang.Thread.run(Thread.java:923)
                 	Suppressed: kotlinx.coroutines.DiagnosticCoroutineContextException: [StandaloneCoroutine{Cancelling}@25aae28, Dispatchers.Main.immediate]

Yuri Schimke · Answer 1 · Fri Apr 07 2023 20:33:15 GMT+0800 (China Standard Time)

I'll try to find the right place to catch it.

Yuri Schimke · Answer 2 · Fri Apr 07 2023 20:38:02 GMT+0800 (China Standard Time)

I think fix is

class DefaultUser(
    override val name: String,
    override val email: String?,
    override val photoUrl: String?,
    override val uid: String,
    private val user_: FirebaseUser?
): User {
    override suspend fun token(forceRefresh: Boolean): String? {
        return try {
            user_?.getIdToken(forceRefresh)
        } catch (e: Exception) {
            null
        }
    }
}

Martin Bonnin · Answer 3 · Fri Apr 07 2023 23:08:39 GMT+0800 (China Standard Time)

Interesting. The doc doesn't say anything about throwing and I was operating under the assumption that the idToken returned there was always valid and refreshed internally by Firebase. But looks like it's not the case?

Yuri Schimke · Answer 4 · Fri Apr 07 2023 23:10:30 GMT+0800 (China Standard Time)

Not sure, but

This is possible a peculiarity of a test account I'm using

Yuri Schimke · Answer 5 · Fri Apr 07 2023 23:11:06 GMT+0800 (China Standard Time)

Also, after this fails, Firebase no longer considers the user logged in, which seems correct.