firebase-admin-node
firebase-admin-node copied to clipboard
firebase
admin/auth/updateUser for MFA not working
Hello. Discovered the following issue using firebase admin v10. I can successfully enroll a user for the MFA process by calling admin.auth().updateUser(...) with multiFactor/enrolledFactors provided. But removing enrolled factors is not successful (https://firebase.google.com/docs/auth/admin/manage-mfa-users):
admin.auth().updateUser({
uid: '123456789',
multiFactor: {
enrolledFactors: null,
},
})
.then((userRecord) => {
console.log(userRecord.multiFactor);
})
.catch((error) => {
console.log(error);
});
The factors remain in DB. I can see the same discussed for Golang as well here https://github.com/firebase/firebase-admin-go/pull/530/files.
I found a few problems with this issue:
- I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
- This issue does not seem to follow the issue template. Make sure you provide all the required information.
Hi, thanks for reporting this issue. Please use an empty array to update the MFA config for now while we fix this.
admin.auth().updateUser(uid: '123456789', {
multiFactor: {
enrolledFactors: [],
},
})
.then((userRecord) => {
console.log(userRecord.multiFactor);
})
.catch((error) => {
console.log(error);
});
Is UID being entered as a method param in your code? I think the documentation needs to be amended.
Yes, it is shaped like this https://github.com/firebase/firebase-admin-node/issues/2285#issue-1856072088 , but be it null or an empty array [] for the enrolledFactors body part, it keeps having the previously assigned payload, i.e it does not get reset. The request linked above works as it successfully updates enrolledFactors but any attempt to reset them retains previous data.
@zabakala I am unable to reproduce this issue, please feel free to provide more details you think may be useful to repro this. Also consider filing a bug report through https://firebase.google.com/support so we can track this issue internally.