firebase-js-sdk
firebase-js-sdk copied to clipboard
firebase
Unable to process request due to missing initial state.
[REQUIRED] Describe your environment
- Windows 10, Android 10
- Google chrome
- firebase js sdk version: 7.24.0
- firebase auth
[REQUIRED] Describe the problem
When trying to do sign with redirect (social login: google/facebook), many of our users are getting the following error: Unable to process request due to missing initial state. This may happen if browser sessionStorage is inaccessible or accidentally cleared.
Steps to reproduce:
Not able to reproduce this. But it occurs very frequently for many of our users.
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
same issue on the Facebook in-app browser while the user does Facebook sign-in.
Seeing the same consistently on Android + Chrome deployed on Vercel with Next.JS & Firebase v8.2.1 both using signInWithPopup and signInWithRedirect. Worth noting that this functions as intended in Android + Firefox.
this issue, the version doesn't matter.
If you are using a custom domain, you have to set Client SDK configuration. you set it?
firebase.initializeApp({
apiKey: '...',
// Replace the default one with your custom domain.
// authDomain: '[YOUR_APP]/firebaseapp.com',
authDomain: 'auth.[YOUR_DOMAIN]'
});
https://cloud.google.com/identity-platform/docs/show-custom-domain
@kenji7157 I have the same issue on the Facebook in-app browser while the user does Facebook sign-in. I am not using a custom domain
I am having the same error using the GitHub auth provider when using my Android device + Chrome. I have tried using the signInWithRedirect and signInWithPopUp methods and tried using the FirebaseAuthUI but all returned the same result.
Using the same Android device and Firefox, however, works just fine.
I was using GitHub auth provider with custom domain configured on Netlify as CNAME. Although GitHub configuration in firebase console tells me to use the default redirect URL(eg. abc-989d.firebaseapp.com) not the custom one I had created. But that was causing the error in question.
Once I updated my GitHub OAuth application with the new custom URL everything worked fine.
Eg: https://auth.custom-domain.com/__/auth/handler this is what I've set in app configuration on GitHub.
@raevilman I moved to custom domain and I still have same issue. Althought I am not using Github as DNS provider but gandi.net
@KevinLourd For context: I was trying to change domain name shown on Google sign-in consent page. And I am using Netlify as hosting provider, GitHub as OAuth. I've documented the steps here
~HIH
Same here. Using cordova wkwebview, inappbrowser, a well configured custom auth domain. I've seen it happen more on iOS than Android.
What is weird is that the second time I try to sign in with Facebook (when I don't have to enter my credentials anymore), it works fine. When it's with AppleId (which asks me my credentials every time), the second time fails with the same result.
Edit: now it seems that it doesn't always work the second time with Facebook, it has an inconsistent behaviour.
I have now pointed the auth domain to point to the auth.custom-domain.com domain I have created but still the same error for Android + Chrome.
Anyone at Firebase looking into this? If our users can't log into our apps, it should be priority #1 no?
@louisameline I have contacted the Firebase few days ago, but they asked for a minimum reproductible example. Would anyone have reproduced one by any chance? cc @hsubox76
I guess I can share a piece of my app if it stays private. Let me work something out
@KevinLourd I have a project ( still in development ) which is getting the same issue. Here is the repo : https://github.com/Hamaad-Siddiqui/Fast-Feedback-2.0
Hi folks-- for those of you who've been able to reproduce it yourselves, what are the circumstances specifically? For example, are the browsers running in private/incognito mode? Are third-party cookies disabled (this shouldn't apply but in some cases the way this is implemented in the browser could cause issues)?
One more thought since this issue could be caused by numerous things.
There was a recent bug in the Firebase Console that caused the wrong auth domain to be presented when enabling other OAuth providers. The domain had "-default-rtdb" at the end and this would lead to the wrong configuration with the other provider. Since the "missing initial state" issue could be caused by several different things, it would be worth double checking your configuration for GitHub/Microsoft/etc sign in. The bug in the Console was resolved late December and it now displays the correct value, but depending when you looked at the Console to configure the providers you may still have issues.
@samhorlbeck I've unfortunately not been able to reproduce it consistently, but from the reports I have seen it appears to be happening inside the Instagram WebView on iOS when trying to sign in with Facebook or Google. This happens if someone links to our site in their Instagram bio, where tapping that link doesn't intent to another browser but opens Instagram's in-app, webview-based browser.
Based on that, it feels like it might have something to do with these apps' implementations of UIWebView or WKWebView? Though I can verify that sessionStorage/localStorage both work as expected in those browsers, so it's possible that's a red herring. Let me know if I can help in any other ways, and I'll see if I can find anyone who can reliably reproduce it. Thanks!
@samhorlbeck Just go on a mobile to the website that I provided you the repo of https://fast-feedback-dev.vercel.app And click on Sign In with GitHub. The error will happen every time you go from Chrome it doesn't seem to occur on Firefox so it seems to me maybe there is something wrong with chrome ? I am specifically talking about the mobile versions...
I saw it happen only once in my Android hybrid app, but it's pretty much systematic in iOS (either a real device or the emulator). For starters, I can give you access to my app in Testflight if you want to see if it happens to you too, I just need an email address.
<widget id="io.xxxxx.www" version="0.1.75" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
<name>My app</name>
<access origin="https://*.google.com" />
<access origin="https://*.google-analytics.com" />
<access origin="https://*.googleapis.com" />
<access origin="http://*.googletagmanager.com" />
<access origin="https://*.googletagmanager.com" />
<access origin="https://*.gstatic.com" />
<access origin="https://api.ipify.org" />
<access origin="https://*.xxxxx.io" />
<allow-intent href="https://*.xxxxx.io/*" />
<allow-intent href="mailto:*" />
<allow-navigation href="about:*" />
<feature name="CDVWKWebViewEngine">
<param name="ios-package" value="CDVWKWebViewEngine" />
</feature>
<platform name="android">
<allow-intent href="market:*" />
<preference name="AndroidLaunchMode" value="singleTask" />
<preference name="android-minSdkVersion" value="19" />
<preference name="android-targetSdkVersion" value="29" />
<preference name="StatusBarBackgroundColor" value="#6f52d8" />
<preference name="StatusBarOverlaysWebView" value="false" />
<preference name="StatusBarStyle" value="lightcontent" />
</platform>
<platform name="ios">
<allow-intent href="itms:*" />
<allow-intent href="itms-apps:*" />
<preference name="deployment-target" value="13.4" />
<preference name="StatusBarOverlaysWebView" value="true" />
<preference name="StatusBarStyle" value="darkcontent" />
<preference name="WKWebViewOnly" value="true" />
</platform>
<plugin name="cordova-plugin-compat" spec="^1.2.0" />
<plugin name="cordova-plugin-deeplinks" spec="^1.1.1" />
<plugin name="cordova-plugin-device" spec="^2.0.3" />
<plugin name="cordova-plugin-file" spec="^6.0.2" />
<plugin name="cordova-plugin-purchase" spec="^10.5.3" />
<plugin name="cordova-plugin-itunesfilesharing" spec="^0.0.2" />
<plugin name="cordova-plugin-splashscreen" spec="^5.0.2" />
<plugin name="cordova-plugin-statusbar" spec="^2.4.3" />
<plugin name="cordova-plugin-whitelist" spec="1" />
<preference name="CordovaWebViewEngine" value="CDVWKWebViewEngine" />
<universal-links>
<host name="link.xxxxx.io" scheme="https" />
<host name="auth.xxxxx.io" scheme="https">
<path url="/__/auth/callback" />
</host>
</universal-links>
<engine name="android" spec="^8.1.0" />
</widget>
"dependencies": {
"cordova-android": "^8.1.0",
"cordova-ios": "^6.1.1",
"cordova-plugin-browsertab": "^0.2.0",
"cordova-plugin-buildinfo": "^4.0.0",
"cordova-plugin-compat": "^1.2.0",
"cordova-plugin-customurlscheme": "^5.0.2",
"cordova-plugin-deeplinks": "^1.1.1",
"cordova-plugin-device": "^2.0.3",
"cordova-plugin-file": "^6.0.2",
"cordova-plugin-inappbrowser": "^4.1.0",
"cordova-plugin-itunesfilesharing": "^0.0.2",
"cordova-plugin-network-information": "^2.0.2",
"cordova-plugin-purchase": "^10.5.3",
"cordova-plugin-splashscreen": "^6.0.0",
"cordova-plugin-statusbar": "^2.4.3",
"cordova-plugin-whitelist": "^1.3.4",
"cordova-plugin-wkwebview-engine": "^1.2.1"
}
@Hamaad-Siddiqui your app works consistently for me on Android / Chrome using GitHub sign in
@samhorlbeck Ready to test mine? Let's have you test it in Testflight if you will and if you see it I'll share code with you.