"Unable to process request due to missing initial state" when using startActivityForSignInWithProvider with Apple sign in

[datvm]

[REQUIRED] Step 2: Describe your environment

• Android Studio version: N/A. Visual Studio 2022 Version 17.10.5
• Firebase Component: Authentication
• Component version: 22.3.1.2

[REQUIRED] Step 3: Describe the problem

Steps to reproduce:

Following Authenticate Using Apple on Android, I have this code (C# but it should be equivalent to Java):

var activity = await Platform.WaitForActivityAsync();
var provider = OAuthProvider.NewBuilder("apple.com").Build();

try
{
    var authResult = await auth.StartActivityForSignInWithProvider(activity, provider).AsAsync<IAuthResult>();
    FbUser = authResult.User;

    return authResult.Credential;
}
catch (FirebaseAuthWebException ex)
{
    if (ex.ErrorCode == "ERROR_WEB_CONTEXT_CANCELED")
    {
        return null;
    }

    throw;
}

After calling StartActivityForSignInWithProvider, an in-app browser is opened but after signing in successfully, this page opens instead:

Closing this page by pressing X on the top left corner also closes my app and the next time the app starts, it is stuck at the splash screen and has to be restarted.

Relevant Code:

See above.

[google-oss-bot]

I found a few problems with this issue:

• I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
• This issue does not seem to follow the issue template. Make sure you provide all the required information.

[lehcar09]

Hi @datvm, thank you for reaching out. I tried to reproduce the issue using the Firebase quickstart app, however, I did not encounter the error.

Can you share the browser you’re using when you encounter the issue? Also, were you able to check the possible scenarios shared that might have caused the issue?

Aside from that, I just wanted to share this Stack Overflow post that encounters the same issue. Could you try the suggested steps in registering my app with SafetyNet with SHA2? According to the post, the issue might be due to missing SafetyNet. The app tries to redirect you to a browser for Recaptcha for verification if you don't have SafetyNet. Thus, having no SafetyNet will cause your app to always be redirected to Recaptcha which sometimes causes an error. To resolve this issue, register your app with Safety Net. You can check this documentation, Enabling App Verification, for more information.

[rsegecin]

Hi @lehcar09 I've encountered this issue when I'm trying to login on X using firefox see firebase/flutterfire/issues/13141.

[datvm]

@lehcar09 Hi, I do not use SafetyNet so I don't think it's relevant (and I heard it's obsolete soon from the SO post you linked). The browser being opened is Microsoft Edge for Android. It happens about 2/3 of the time I tried. Sometimes the log in is successful but it's in the minority.

[lehcar09]

Thank you for the details @datvm. I was able to reproduce the issue when using the Microsoft Edge browser. I'll inform our engineers about and see what we can do here. Thanks!

[lehcar09]

Hi @datvm, our engineers are already looking into it. By any chance, can you help us and share a console log from Microsoft Edge for Android upon encountering the issue? Thanks!

[google-oss-bot]

Hey @datvm. We need more information to resolve this issue but there hasn't been an update in 5 weekdays. I'm marking the issue as stale and if there are no new updates in the next 5 days I will close it automatically.

If you have more information that will help us get to the bottom of this, just add a comment!

[datvm]

This is the best I could get:

Navigated to https://<name>.firebaseapp.com/__/auth/handler
Navigated to https://<name>.firebaseapp.com/__/auth/handler
handler:1  Edge is blocking ads on this site because this site tends to show ads that interrupt, distract, mislead, or prevent user control. You should fix the issues as soon as possible and submit your site for another review. Learn more at https://www.chromestatus.com/feature/5738264052891648
handler:1  Edge is blocking ads on this site because this site tends to show ads that interrupt, distract, mislead, or prevent user control. You should fix the issues as soon as possible and submit your site for another review. Learn more at https://www.chromestatus.com/feature/5738264052891648
handler.js:284  Unable to process request due to missing initial state.
Nk @ handler.js:284
(anonymous) @ handler.js:630
a @ handler.js:168
(anonymous) @ handler.js:168
c @ handler.js:168
e.kc @ handler.js:176
jh @ handler.js:179
fh @ handler.js:179
K.jk @ handler.js:178
a @ handler.js:168
(anonymous) @ handler.js:168
c @ handler.js:168
Qg @ handler.js:169
a
Jg @ handler.js:169
bh @ handler.js:175
K.then @ handler.js:173
qt.qb @ handler.js:630
qt.start @ handler.js:629
(anonymous) @ handler.js:634
(anonymous) @ handler:10

[lehcar09]

According to our engineers, based on your logs, it seems like Edge is blocking the firebaseapp.com/__/auth/handlers endpoint because of ads. It's blocking that endpoint, so the endpoint couldn't perform what it was supposed to so that's why they got the error. Unfortunately, there's nothing much we can do in this case because it’s a third party browser. I would suggest reaching out to Microsoft to request them not to block the Firebase endpoints.

We’ll leave the issue open for now. For folks who are experiencing the same issue, adding an emoji thumbs up on the original post can help us prioritize adding this to the roadmap. Thanks!

[mehmetartun]

I am getting exactly same with apple sign in. It remains stuck on the chrome (in Android emulator) but actually it logs in...

[gpawlik1]

@mehmetartun Have you figured out any solution or a workaround?

[vjamrich]

Same issue as @mehmetartun. Happens with Chrome on Android, while trying to sign in with Apple. App Check and app signing is properly set.

[vjamrich]

I resolved the issue by implementing my own return url handler and not using the default one provided by Firebase.

HTTP Triggered GCP Function:

const functions = require("firebase-functions");

exports.appleAuthHandler = functions.https.onRequest((req, res) => {
  const params = { ...req.query, ...req.body };
  const queryString = new URLSearchParams(params).toString();

  const redirectUrl = `myappintent://callback?${queryString}`;
  console.log("Redirecting to app with:", redirectUrl);

  res.redirect(redirectUrl);
});

Registered intent AndroidManifest.xml:

<intent-filter>
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />

    <data android:scheme="myappintent" />
    <data android:path="callback" />
</intent-filter>

Other

And finally, setting the function's url as a return url through Apple Developer.

[WaqasFarooqSobha]

Facing same issue with Microsoft

login in android Microsoft login with Firebase Authentication (signInWithRedirect) works correctly on iOS but fails on Android with different browsers like Google Chrome and Samsung internet Observed Behavior

On Android devices: After redirecting to Microsoft login and completing login process it shows "Unable to process request due to missing initial state. This may happen if browser sessionStorage is inaccessible or accidentally cleared. Some specific scenarios are - 1) Using IDP-Initiated SAML SSO. 2) Using signInWithRedirect in a storage-partitioned browser environment.".

Login succeeds only after retrying multiple times by refreshing page and then it redirects back to application with success On iOS (Safari), login works consistently without errors.

Reproducing the issue Just try to login with Microsoft on Android it will redirect to browser after completing login process( email, password authentication) it shows error message inside the browser