-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[🐛] Missing firebase-js-sdk API #7483
Comments
Originally mentioned in #7433. |
I also noticed Unfortunately I lack the knowledge and time to help implement it. |
@slapbox we handle the non-modular So my first take on it is that supporting/implementing Need to get react-native 0.73 unexpected incompatibility #7500 fixed before I can take a look at uploadBytes but I'll check it out with priority tomorrow |
Too true! I really appreciate your attention on this a lot. Thank you for the great project and the great assistance! Workaround: I just came back to update that it seems that |
The implementation of uploadBytes (if necessary? Do let me know if uploadBytesResumable doesn't work out...) is likely to just internally do the UploadTask await for Which is to say it may reduce some boilerplate by handling that for you but it's just bending around the same information and should be working exactly the same under the covers in the native layer |
Coming over from #4166 - getMultiFactorResolver is definitely implemented and working, TOTP I don't think was a focus of the original implementer (and in fact I think it was actually added as a firebase feature after the implementation of MFA here but my memory is a bit vague on the timing, apologies if wrong) It appears uploadBytes is actually not a blocker now, is that correct? Auth-related things obviously would be though - no one is going to change their well-considered hard-won MFA auth flows without a serious (and unwanted) battle - I understand that So the MFA Resolver should kick out a list of hints and TOTP should be included (I think?) despite not being implemented yet here At that point I think an implementation of Auth So if I'm following along on your migration feasibility audit correctly it sounds like the TotpMultiFactorGenerator is really the blocker at the moment? If so, an implementation of that is something I could schedule |
Thank you as always for your great work and assistance @mikehardy!
I'm 99% sure it's not a blocker, but I've not done extensive testing of every part of our application. We're doing a major rewrite so nothing is headed to production yet. Right now I'm just calling it "Good enough to keep moving in development." If I encounter any portion of our code that can't use Regarding I think you're right that it didn't exist when |
Hello 👋, to help manage issues we automatically close stale issues. This issue has been automatically marked as stale because it has not had activity for quite some time.Has this issue been fixed, or does it still require attention?
Thank you for your contributions. |
Not stale. |
Not only not stale, there's progress :-) |
Hello 👋, to help manage issues we automatically close stale issues. This issue has been automatically marked as stale because it has not had activity for quite some time.Has this issue been fixed, or does it still require attention?
Thank you for your contributions. |
Not stale. Thanks to the team for the continued progress on this! |
Hello 👋, to help manage issues we automatically close stale issues. This issue has been automatically marked as stale because it has not had activity for quite some time.Has this issue been fixed, or does it still require attention?
Thank you for your contributions. |
Not stale. |
Hello 👋, to help manage issues we automatically close stale issues. This issue has been automatically marked as stale because it has not had activity for quite some time.Has this issue been fixed, or does it still require attention?
Thank you for your contributions. |
Bump. |
Yep - usually not a fan of bumps but this actually tracks a very worthwhile chunk of work and I want it to stay open as well |
Curious if there's an update specifically on the |
Would it maybe be helpful to split that out into its own issue so its not tied to the Storage + Database module work? I'm happy to do a deeper write up on the multi-factor work if that would help move it along |
Is there any other ongoing development on adding TOTP compatibility aside from #7718 (which seems pretty stale)? |
I have not seen it and am not aware of TOTP or MFA in general at current no - biggest blocker for me when I was developing more actively in this specific module is that the auth emulator does not support it and that still does not seem to be on their roadmap It is very problematic - as a library developer - to run against the "real" / cloud auth APIs because they rate limit, they require a payment plan, the messages themselves always have some fakery since SMS cannot work, etc. We moved to the auth emulator a long time ago because the flakiness made developing + maintaining very difficult against the real APIs. So, converting existing test suite back to real APIs, then fixing all the flakes etc so we have a stable baseline to develop with was the first hurdle and that's where things are at the moment. I suppose an alternate path could be to patch the auth emulator so it supports TOTP, that may be the easiest way to go in fact. Then implementing it here is probably pretty straightforward |
Alternate thought - just picking up the PR and developing it in the form of local patches in an app where you know you can test it, until you know you have it working, then updating the PR and saying "hard to test but this works..." may be sufficient ? |
Hi @mikehardy, you mentioned that it's possible to I can't find anything related to this in the docs. I guess docs are not up to date or it has to be done via JS SDK? If so, then there is a bigger issue => |
@mare95 unfortunately no it is not possible, there is (or was) a PR in #7566 here but it closed out due to being stale, and it mostly went stale for all the reasons mentioned above (that is: we use the auth emulator vs the auth cloud APIs in our e2e suite, but the auth emulator doesn't support MFA or TOTP so it is really really hard to support these APIs) And you are correct, in that since the react-native-firebase library (which uses the native SDKs) will not be aware at all of any work you do in the firebase-js-sdk - so no listeners will fire. I think a workaround could be (needs testing!) to call the react-native-firebase user |
@mikehardy thanks for detailed explanation 👍 That is what i had in mind as a solution. If user gets reloaded when app gets focused there won't be any issues but if user changes 2FA in web app and then goes to the mobile app (where he is logged in with the same account) he will be logged out because token is invalid due to 2FA change on JS SDK :/ I guess there is no workaround for this issue |
As a user, if I enable 2FA via one channel then go to a session on another channel, I am not surprised at all to be logged out - in fact I think it would be very suspicious to leave a session open from before 2FA enable. If that's the scenario you describe I don't think there is a workaround and I think it is expected. Perhaps in the 2FA enable flow you could educate the user with a message similar to "Congratulations on your upgraded security! Any open sessions on other devices will be invalid after this change until you log in to them using your the stronger 2FA protection" or similar (sales! marketing! 😆 ) Or I guess in this context it would be "You will have to log in again as soon as this change takes effect in order to upgrade this session to the new stronger 2FA authentication..." since technically the user is already in the app, they don't realize it's a JS + native thing |
Issue
Unimplemented JS SDK features include:
This one is a blocker for us)uploadBytesResumable
seems like a drop-in replacement, at least for us, but maybe not for everyone and probably is a bit heavier to run. IdeallyuploadBytes
would be supported still.Also possibly the following:
I located these by searching for the string
not implemented
in the portions of the project we use. I've also made an effort to document the others but this may not be comprehensive, or may contain false positives for theauth
ones.React Native Firebase
andInvertase
on Twitter for updates on the library.The text was updated successfully, but these errors were encountered: