Skip to content

Re-establish streams when App Check token expires. #5902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Jan 26, 2022
Merged

Re-establish streams when App Check token expires. #5902

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
fb27ee5
Re-establish streams when App Check token expires.
ehsannas Jan 18, 2022
3da0c5b
Create happy-badgers-leave.md
ehsannas Jan 18, 2022
016631e
Better patch message.
ehsannas Jan 24, 2022
c9c0386
better patch message.
ehsannas Jan 24, 2022
d01b6e7
address comments.
ehsannas Jan 24, 2022
e9123f3
Remove outdated comment.
ehsannas Jan 24, 2022
27702c1
Update packages/firestore/src/core/firestore_client.ts
ehsannas Jan 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .changeset/happy-badgers-leave.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
"@firebase/firestore": patch
---

Fixed an AppCheck issue that caused Firestore listeners to stop working and
receive a "Permission Denied" error. This issue only occurred for AppCheck users
that set their expiration time to under an hour.
19 changes: 17 additions & 2 deletions packages/firestore/src/core/firestore_client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,10 @@ export class FirestoreClient {
private readonly clientId = AutoId.newId();
private authCredentialListener: CredentialChangeListener<User> = () =>
Promise.resolve();
private appCheckCredentialListener: (
appCheckToken: string,
user: User
) => Promise<void> = () => Promise.resolve();

offlineComponents?: OfflineComponentProvider;
onlineComponents?: OnlineComponentProvider;
Expand All @@ -122,8 +126,10 @@ export class FirestoreClient {
await this.authCredentialListener(user);
this.user = user;
});
// Register an empty credentials change listener to activate token refresh.
this.appCheckCredentials.start(asyncQueue, () => Promise.resolve());
this.appCheckCredentials.start(asyncQueue, newAppCheckToken => {
logDebug(LOG_TAG, 'Received new app check token=', newAppCheckToken);
return this.appCheckCredentialListener(newAppCheckToken, this.user);
});
}

async getConfiguration(): Promise<ComponentConfiguration> {
Expand All @@ -142,6 +148,12 @@ export class FirestoreClient {
this.authCredentialListener = listener;
}

setAppCheckTokenChangeListener(
listener: (appCheckToken: string, user: User) => Promise<void>
): void {
this.appCheckCredentialListener = listener;
}

/**
* Checks that the client has not been terminated. Ensures that other methods on
* this class cannot be called after the client is terminated.
Expand Down Expand Up @@ -234,6 +246,9 @@ export async function setOnlineComponentProvider(
client.setCredentialChangeListener(user =>
remoteStoreHandleCredentialChange(onlineComponentProvider.remoteStore, user)
);
client.setAppCheckTokenChangeListener((_, user) =>
remoteStoreHandleCredentialChange(onlineComponentProvider.remoteStore, user)
);
client.onlineComponents = onlineComponentProvider;
}

Expand Down