Auth middleware (beforeAuthStateChanged) #6068

hsubox76 · 2022-03-14T17:35:01Z

Create beforeAuthStateChanged() method per internal design doc go/firebase-auth-middleware.

TODO in a separate PR: implement onAbort().

changeset-bot · 2022-03-14T17:35:04Z

⚠️ No Changeset found

Latest commit: ad74326

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

sam-gc · 2022-03-14T17:41:14Z

packages/auth/src/core/auth/auth_impl.ts

  async signOut(): Promise<void> {
+    await this._runBeforeStateCallbacks(null);


This will run twice since it's also in _updateCurrentUser

It seems like it needs to run before _setRedirectUser() so it can block it, so I added an optional arg to _updateCurrentUser() to skip running the callbacks inside it.

sam-gc · 2022-03-14T17:44:19Z

packages/auth/src/core/auth/auth_impl.ts

@@ -324,14 +325,26 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
        AuthErrorCode.TENANT_ID_MISMATCH
      );
    }
+    await this._runBeforeStateCallbacks(user);


_updateCurrentUser is also called by the storage onevent callbacks, which means a persistence change in another tab could trigger a stop here and the tabs would get out of sync. I'm not sure what the right behavior should be

We discussed this, and we want the callbacks to not run if called by _onStorageEvent(), so I made use of the optional skipBeforeStateCallbacks argument I added to _updateCurrentUser when called by _onStorageEvent().

google-oss-bot · 2022-03-28T19:36:12Z

Size Report ¹

Affected Products

@firebase/app
Type Base (927c1af) Merge (839cbfe) Diff
browser 13.8 kB 13.8 kB -27 B (-0.2%)
esm5 18.1 kB 18.0 kB -29 B (-0.2%)
main 19.0 kB 18.9 kB -58 B (-0.3%)
module 13.8 kB 13.8 kB -27 B (-0.2%)
@firebase/app-check
Type Base (927c1af) Merge (839cbfe) Diff
browser 25.1 kB 25.2 kB +82 B (+0.3%)
esm5 29.7 kB 29.8 kB +148 B (+0.5%)
main 30.9 kB 31.0 kB +148 B (+0.5%)
module 25.1 kB 25.2 kB +82 B (+0.3%)
@firebase/auth-compat
Type Base (927c1af) Merge (839cbfe) Diff
browser 20.1 kB 20.1 kB +1 B (+0.0%)
esm5 26.9 kB 26.9 kB +1 B (+0.0%)
main 29.5 kB 29.5 kB +1 B (+0.0%)
module 20.1 kB 20.1 kB +1 B (+0.0%)
@firebase/auth/cordova
Type Base (927c1af) Merge (839cbfe) Diff
browser 180 kB 182 kB +2.09 kB (+1.2%)
module 180 kB 182 kB +2.09 kB (+1.2%)
@firebase/auth/internal
Type Base (927c1af) Merge (839cbfe) Diff
browser 163 kB 164 kB +1.34 kB (+0.8%)
esm5 212 kB 214 kB +2.09 kB (+1.0%)
main 179 kB 181 kB +2.11 kB (+1.2%)
module 163 kB 164 kB +1.34 kB (+0.8%)
@firebase/auth/react-native
Type Base (927c1af) Merge (839cbfe) Diff
browser 164 kB 166 kB +2.11 kB (+1.3%)
module 164 kB 166 kB +2.11 kB (+1.3%)

`@firebase/firestore`

Type	Base (`927c1af`)	Merge (`839cbfe`)	Diff
browser	248 kB	252 kB	+3.30 kB (+1.3%)
esm5	309 kB	313 kB	+3.52 kB (+1.1%)
main	498 kB	503 kB	+5.51 kB (+1.1%)
module	248 kB	252 kB	+3.30 kB (+1.3%)
react-native	249 kB	252 kB	+3.30 kB (+1.3%)

`@firebase/firestore-lite`

Type	Base (`927c1af`)	Merge (`839cbfe`)	Diff
browser	73.1 kB	73.2 kB	+60 B (+0.1%)
esm5	86.5 kB	86.6 kB	+64 B (+0.1%)
main	126 kB	126 kB	+76 B (+0.1%)
module	73.1 kB	73.2 kB	+60 B (+0.1%)
react-native	73.3 kB	73.4 kB	+60 B (+0.1%)

@firebase/functions
Type Base (927c1af) Merge (839cbfe) Diff
browser 8.99 kB 8.99 kB +1 B (+0.0%)
esm5 11.1 kB 11.1 kB +1 B (+0.0%)
main 11.8 kB 11.8 kB +1 B (+0.0%)
module 8.99 kB 8.99 kB +1 B (+0.0%)
@firebase/functions-compat
Type Base (927c1af) Merge (839cbfe) Diff
browser 1.67 kB 1.68 kB +1 B (+0.1%)
esm5 1.83 kB 1.83 kB +1 B (+0.1%)
main 2.20 kB 2.20 kB +1 B (+0.0%)
module 1.67 kB 1.68 kB +1 B (+0.1%)
@firebase/installations
Type Base (927c1af) Merge (839cbfe) Diff
browser 17.3 kB 17.8 kB +484 B (+2.8%)
esm5 22.3 kB 22.9 kB +628 B (+2.8%)
main 23.1 kB 23.7 kB +599 B (+2.6%)
module 17.3 kB 17.8 kB +484 B (+2.8%)
@firebase/messaging
Type Base (927c1af) Merge (839cbfe) Diff
browser 20.8 kB 20.8 kB +21 B (+0.1%)
esm5 26.1 kB 26.2 kB +18 B (+0.1%)
main 26.8 kB 26.8 kB -7 B (-0.0%)
module 20.8 kB 20.8 kB +21 B (+0.1%)
@firebase/messaging-compat
Type Base (927c1af) Merge (839cbfe) Diff
browser 2.08 kB 2.08 kB +1 B (+0.0%)
esm5 2.51 kB 2.51 kB +1 B (+0.0%)
main 2.90 kB 2.90 kB +1 B (+0.0%)
module 2.08 kB 2.08 kB +1 B (+0.0%)
@firebase/messaging-sw
Type Base (927c1af) Merge (839cbfe) Diff
main 29.6 kB 29.6 kB -8 B (-0.0%)
module 22.8 kB 22.8 kB +20 B (+0.1%)
@firebase/util
Type Base (927c1af) Merge (839cbfe) Diff
browser 20.5 kB 23.4 kB +2.86 kB (+13.9%)
esm5 21.9 kB 25.5 kB +3.65 kB (+16.7%)
main 26.7 kB 30.5 kB +3.82 kB (+14.3%)
module 20.5 kB 23.4 kB +2.86 kB (+13.9%)

`bundle`

43 size changes

Type	Base (`927c1af`)	Merge (`839cbfe`)	Diff
analytics (logEvent)	41.8 kB	40.0 kB	-1.83 kB (-4.4%)
app-check (CustomProvider)	35.7 kB	33.7 kB	-2.03 kB (-5.7%)
app-check (ReCaptchaEnterpriseProvider)	37.9 kB	35.9 kB	-2.04 kB (-5.4%)
app-check (ReCaptchaV3Provider)	37.9 kB	35.8 kB	-2.04 kB (-5.4%)
auth (Anonymous)	65.3 kB	64.1 kB	-1.19 kB (-1.8%)
auth (EmailAndPassword)	69.4 kB	68.2 kB	-1.19 kB (-1.7%)
auth (GoogleFBTwitterGitHubPopup)	89.2 kB	88.0 kB	-1.19 kB (-1.3%)
auth (GooglePopup)	88.9 kB	87.7 kB	-1.19 kB (-1.3%)
auth (GoogleRedirect)	89.1 kB	87.9 kB	-1.19 kB (-1.3%)
auth (Phone)	75.4 kB	74.2 kB	-1.19 kB (-1.6%)
database (Append to a list of data)	146 kB	143 kB	-2.09 kB (-1.4%)
database (Filtering data)	144 kB	142 kB	-2.09 kB (-1.4%)
database (Listen for child events)	161 kB	158 kB	-2.09 kB (-1.3%)
database (Listen for value events + Detach listeners)	161 kB	158 kB	-2.09 kB (-1.3%)
database (Listen for value events)	160 kB	158 kB	-2.09 kB (-1.3%)
database (Read data once)	152 kB	150 kB	-2.09 kB (-1.4%)
database (Save data as transactions)	162 kB	160 kB	-2.09 kB (-1.3%)
database (Sort data)	146 kB	144 kB	-2.09 kB (-1.4%)
database (Write data)	145 kB	143 kB	-2.09 kB (-1.4%)
firestore (Persistence)	261 kB	262 kB	+1.06 kB (+0.4%)
firestore (Query Cursors)	203 kB	202 kB	-1.13 kB (-0.6%)
firestore (Query)	205 kB	203 kB	-1.13 kB (-0.6%)
firestore (Read data once)	193 kB	192 kB	-1.13 kB (-0.6%)
firestore (Realtime updates)	195 kB	194 kB	-1.13 kB (-0.6%)
firestore (Transaction)	178 kB	176 kB	-1.36 kB (-0.8%)
firestore (Write data)	177 kB	176 kB	-1.36 kB (-0.8%)
firestore-lite (Query Cursors)	68.3 kB	66.3 kB	-1.99 kB (-2.9%)
firestore-lite (Query)	71.4 kB	69.4 kB	-1.99 kB (-2.8%)
firestore-lite (Read data once)	55.8 kB	53.8 kB	-1.99 kB (-3.6%)
firestore-lite (Transaction)	73.2 kB	71.2 kB	-1.99 kB (-2.7%)
firestore-lite (Write data)	58.7 kB	56.6 kB	-2.05 kB (-3.5%)
functions (call)	29.6 kB	27.6 kB	-2.05 kB (-6.9%)
messaging (send + receive)	44.9 kB	43.3 kB	-1.63 kB (-3.6%)
performance (trace)	49.5 kB	47.7 kB	-1.83 kB (-3.7%)
remote-config (getAndFetch)	44.2 kB	42.3 kB	-1.82 kB (-4.1%)
storage (getBytes)	38.0 kB	35.9 kB	-2.05 kB (-5.4%)
storage (getDownloadURL)	40.0 kB	38.0 kB	-2.05 kB (-5.1%)
storage (getMetadata)	39.5 kB	37.4 kB	-2.05 kB (-5.2%)
storage (list + listAll)	38.9 kB	36.9 kB	-2.05 kB (-5.3%)
storage (updateMetadata)	39.8 kB	37.7 kB	-2.05 kB (-5.2%)
storage (uploadBytes)	44.3 kB	42.2 kB	-2.05 kB (-4.6%)
storage (uploadBytesResumable)	53.7 kB	51.7 kB	-2.05 kB (-3.8%)
storage (uploadString)	44.5 kB	42.5 kB	-2.05 kB (-4.6%)

`firebase`

27 size changes

Type	Base (`927c1af`)	Merge (`839cbfe`)	Diff
firebase-analytics-compat.js	26.0 kB	24.3 kB	-1.70 kB (-6.5%)
firebase-analytics.js	107 kB	105 kB	-2.09 kB (-1.9%)
firebase-app-check-compat.js	22.7 kB	22.7 kB	+6 B (+0.0%)
firebase-app-check.js	89.9 kB	90.1 kB	+129 B (+0.1%)
firebase-app-compat.js	28.3 kB	26.4 kB	-1.90 kB (-6.7%)
firebase-app.js	84.3 kB	81.5 kB	-2.78 kB (-3.3%)
firebase-auth-compat.js	123 kB	124 kB	+905 B (+0.7%)
firebase-auth-cordova.js	462 kB	468 kB	+5.42 kB (+1.2%)
firebase-auth-react-native.js	486 kB	496 kB	+10.4 kB (+2.1%)
firebase-auth.js	411 kB	414 kB	+3.05 kB (+0.7%)
firebase-compat.js	777 kB	779 kB	+2.48 kB (+0.3%)
firebase-database.js	603 kB	603 kB	+4 B (+0.0%)
firebase-firestore-compat.js	300 kB	303 kB	+3.16 kB (+1.1%)
firebase-firestore-lite.js	250 kB	250 kB	+87 B (+0.0%)
firebase-firestore.js	818 kB	820 kB	+2.55 kB (+0.3%)
firebase-functions-compat.js	7.95 kB	7.95 kB	+2 B (+0.0%)
firebase-functions.js	31.1 kB	31.1 kB	+3 B (+0.0%)
firebase-messaging-compat.js	38.0 kB	36.4 kB	-1.56 kB (-4.1%)
firebase-messaging-sw.js	102 kB	101 kB	-1.50 kB (-1.5%)
firebase-messaging.js	101 kB	99.4 kB	-1.50 kB (-1.5%)
firebase-performance-compat.js	30.8 kB	29.1 kB	-1.69 kB (-5.5%)
firebase-performance-standalone-compat.es2017.js	87.6 kB	86.5 kB	-1.10 kB (-1.3%)
firebase-performance-standalone-compat.js	65.3 kB	64.0 kB	-1.31 kB (-2.0%)
firebase-performance.js	119 kB	117 kB	-2.09 kB (-1.8%)
firebase-remote-config-compat.js	27.5 kB	25.8 kB	-1.70 kB (-6.2%)
firebase-remote-config.js	109 kB	106 kB	-2.09 kB (-1.9%)
firebase-storage.js	146 kB	146 kB	+1 B (+0.0%)

Test Logs

https://storage.googleapis.com/firebase-sdk-metric-reports/iyJqAFdyaJ.html

google-oss-bot · 2022-03-28T20:03:49Z

Size Analysis Report ¹

This report is too large (795,406 characters) to be displayed here in a GitHub comment. Please use the below link to see the full report on Google Cloud Storage.

Test Logs

https://storage.googleapis.com/firebase-sdk-metric-reports/STM3QYScHi.html

sam-gc · 2022-03-29T21:39:05Z

packages/auth/src/core/auth/auth_impl.ts

    return this.queue(async () => {
      await this.directlySetCurrentUser(user as UserInternal | null);
      this.notifyAuthListeners();
    });
  }

+  async _runBeforeStateCallbacks(user: User | null): Promise<void> {
+    try {


This method should probably check first whether or not the user is actually changing (like directlySetCurrentUser does).

Right now with this code, if you call auth.signOut() twice in a row, it will call the middleware twice in a row

Added a check.

sam-gc · 2022-03-29T21:41:37Z

packages/auth/src/core/auth/auth_impl.ts

@@ -528,6 +575,7 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
   * should only be called from within a queued callback. This is necessary
   * because the queue shouldn't rely on another queued callback.
   */
+  // TODO: Find where this is called and see if we can run the middleware before it


This is only used during initialization and then in a few select cases within this file. I need to do some thinking about the appropriate places in the init phase to use middleware. Off the top of my head, the only place init should run middleware is when signing in a user from redirect (i.e. first page load after a signInWithRedirect() call)

Inserted it in what I think is the correct place in initializeCurrentUser().

sam-gc · 2022-04-01T21:52:49Z

packages/auth/src/core/auth/auth_impl.ts

@@ -223,6 +225,10 @@ export class AuthImpl implements AuthInternal, _FirebaseService {
    _assert(this._popupRedirectResolver, this, AuthErrorCode.ARGUMENT_ERROR);
    await this.getOrInitRedirectPersistenceManager();

+    // At this point in the flow, this is a redirect user. Run blocking
+    // middleware callbacks before setting the user.
+    await this._runBeforeStateCallbacks(storedUser);


I think here we should wrap it in a try/catch. Initialization swallows errors. Ideally we would surface the error in getRedirectResult but that will require some extra thinking

jamesdaniels · 2022-04-08T15:54:48Z

common/api-review/auth.api.md

@@ -81,6 +81,7 @@ export function applyActionCode(auth: Auth, oobCode: string): Promise<void>;
 // @public
 export interface Auth {
    readonly app: FirebaseApp;
+    beforeAuthStateChanged(callback: (user: User | null) => void | Promise<void>): Unsubscribe;


Did we want to tackle the second argument, the optional onAbort callback in this PR?

That is just a () => void that is called useful if beforeAuthStateChanged is called multiple times and a subsequent callback rejects the state change. This gives developers a chance to walk back any side effects.

Useful to me as I integrate with the web frameworks work, for authenticated server-context. onAbort would allow me the chance to destroy the just minted cookie, if the developer is using beforeAuthStateChanged too and rejected the sign in.

hsubox76 · 2022-04-13T21:47:21Z

Merging into auth-middleware feature branch where work will continue with ongoing PRs.

hsubox76 added 3 commits February 25, 2022 10:55

Bookmark todo

d1992ad

wip

8554836

more wip

202a114

hsubox76 requested review from avolkovi, lisajian, sam-gc and yuchenshi as code owners March 14, 2022 17:35

sam-gc reviewed Mar 14, 2022

View reviewed changes

Address PR comments

ef9b649

hsubox76 requested a review from jamesdaniels March 29, 2022 17:06

sam-gc reviewed Mar 29, 2022

View reviewed changes

Address comments and add tests

06e6a13

hsubox76 requested a review from allspain as a code owner April 1, 2022 18:50

sam-gc reviewed Apr 1, 2022

View reviewed changes

Add try/catch

ad74326

jamesdaniels reviewed Apr 8, 2022

View reviewed changes

hsubox76 changed the base branch from master to auth-middleware April 13, 2022 21:40

hsubox76 changed the title ~~WIP: Auth middleware (beforeAuthStateChanged)~~ Auth middleware (beforeAuthStateChanged) Apr 13, 2022

hsubox76 merged commit 91406c5 into auth-middleware Apr 13, 2022

hsubox76 deleted the ch-auth-middle branch April 13, 2022 21:47

sam-gc pushed a commit that referenced this pull request May 4, 2022

Auth middleware (beforeAuthStateChanged) (#6068)

d4099f9

firebase locked and limited conversation to collaborators May 14, 2022

		async signOut(): Promise<void> {
		await this._runBeforeStateCallbacks(null);

Auth middleware (beforeAuthStateChanged) #6068

Auth middleware (beforeAuthStateChanged) #6068

Uh oh!

Conversation

hsubox76 commented Mar 14, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

changeset-bot bot commented Mar 14, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ No Changeset found

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

google-oss-bot commented Mar 28, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Size Report 1

Affected Products

@firebase/app

@firebase/app-check

@firebase/auth-compat

@firebase/auth/cordova

@firebase/auth/internal

@firebase/auth/react-native

@firebase/firestore

@firebase/firestore-lite

@firebase/functions

@firebase/functions-compat

@firebase/installations

@firebase/messaging

@firebase/messaging-compat

@firebase/messaging-sw

@firebase/util

bundle

firebase

Test Logs

Uh oh!

google-oss-bot commented Mar 28, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Size Analysis Report 1

Test Logs

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

hsubox76 commented Apr 13, 2022

Uh oh!

Uh oh!

hsubox76 commented Mar 14, 2022 •

edited

Loading

changeset-bot bot commented Mar 14, 2022 •

edited

Loading

google-oss-bot commented Mar 28, 2022 •

edited

Loading

Size Report ¹

`@firebase/app`

`@firebase/app-check`

`@firebase/auth-compat`

`@firebase/auth/cordova`

`@firebase/auth/internal`

`@firebase/auth/react-native`

`@firebase/firestore`

`@firebase/firestore-lite`

`@firebase/functions`

`@firebase/functions-compat`

`@firebase/installations`

`@firebase/messaging`

`@firebase/messaging-compat`

`@firebase/messaging-sw`

`@firebase/util`

`bundle`

`firebase`

google-oss-bot commented Mar 28, 2022 •

edited

Loading

Size Analysis Report ¹