firebase-js-sdk icon indicating copy to clipboard operation
firebase-js-sdk copied to clipboard
verified publisher icon firebase

Firebase Authentication signInWithRedirect using GitHub on Android causes session storage Error in some case

Open KishiTheMechanic opened this issue 3 years ago • 2 comments

Environment

  • Operating System version: Android 12
  • Browser version: Brave 1.43.90, Chromium 105.0.5195.102, Chrome 105.0.5195.79
  • Firebase SDK version: 9.9.0
  • Firebase Product: auth

[REQUIRED] Describe the problem

Epics Alpha

On this website, there's Firebase Auth signInWithRedirect using GitHub. iPhone works well. Some Android works well also. Android Firefox still works well.

But some of Android and using Chrome and Brave, it causes this error below.

Screenshot_20220906-163509

When the app executes signInWithRedirect, Android Chrome and Brave show like What browser do you want to use? And after choosing, that screenshot error happens. It makes a new tab and I think that's why it can't access to initial storage? Is there some way to stop choosing browser and let the browser redirecting on same tab?

Does anyone know about this case? Please let me know if you have any information about it.

Thank you always.

Have a good day!☀

KishiTheMechanic avatar Sep 07 '22 04:09 KishiTheMechanic

Hi, thanks for filing this. What environment is your app running in? The fact that it's prompting which browser to use indicates it's coming from an app? Are you using Cordova?

sam-gc avatar Sep 12 '22 17:09 sam-gc

Hey @KishiTheMechanic. We need more information to resolve this issue but there hasn't been an update in 5 weekdays. I'm marking the issue as stale and if there are no new updates in the next 5 days I will close it automatically.

If you have more information that will help us get to the bottom of this, just add a comment!

google-oss-bot avatar Sep 19 '22 01:09 google-oss-bot

Hi. How are you? Sorry for the late response for it.

This is happening in my Android environment. I changed it to popup signin also but it's still happening.

My Firefox on Android seems no problem. But if I use Chrome and Brave with Android, this problem is happening.

The application is this.

https://alpha.epics.dev

KishiTheMechanic avatar Sep 25 '22 12:09 KishiTheMechanic

Hi @KishiTheMechanic, are users accessing the web app https://alpha.epics.dev/ directly from the android browser and seeing the session storage error?

prameshj avatar Oct 03 '22 16:10 prameshj

Hi @prameshj, no, when users sign in with github account, the app redirect to https://alpha.epics.dev/ and seeing the session storage error. This workflow is working on Android Firefox.

KishiTheMechanic avatar Oct 04 '22 09:10 KishiTheMechanic

Android Chrome and Android Brave returning the error

KishiTheMechanic avatar Oct 04 '22 09:10 KishiTheMechanic

This seems like some custom Chrome setting. Is this using Chrome incognito? It is possible that Brave browser's privacy policy are disallowing the session storage access.

prameshj avatar Oct 05 '22 19:10 prameshj

Not using Chrome incognito. Do you know what is the setting? Someone can use it even on Brave so maybe you're right but we don't know which is the setting.

KishiTheMechanic avatar Oct 09 '22 17:10 KishiTheMechanic

It likely has to do with the cookie settings (https://support.google.com/chrome/answer/95647). While Firebase Auth web sign in doesn't use cookies, it does rely on an intermediate page (the one you're seeing here) and sometimes web (session) storage access is blocked as well due to cookie policy. But backing up a little bit, can you clarify a couple of things?

  1. In the first post, you mentioned that the user is prompted to select a browser (emphasis mine):

When the app executes signInWithRedirect, Android Chrome and Brave show like What browser do you want to use?

Is the user not running your app from within the browser already? Is it a progressive web app? What frameworks are you using for the app?

  1. Does the GitHub login page show, or are you shown this error before you even get to the GitHub login page?

sam-gc avatar Oct 10 '22 16:10 sam-gc

  1. The user running our app already. It's not PWA. I use Next.js (React). The app will redirect to the auth page and redirect back to our page. But when the redirects back, the browser asks us to choose browser apps. After I choose whatever, this error will be happened.

  2. the GitHub login page is working. The problem will occur after the login and when redirecting.

KishiTheMechanic avatar Oct 13 '22 09:10 KishiTheMechanic

Any update on this? Facing the same issue while using signInWithPopup with GithubAuthProvider

shmshrivastava avatar Jan 04 '23 18:01 shmshrivastava

I tried this with native Samsung phone browser and it works fine. Probably looks like an issue with android mobile chrome browser. I think that the chrome browser asks to select a browser to open the redirected link. And when that link gets opened in another tab in chrome, it loses the state. Not sure how to navigate through this issue on chrome. For now, the auth is impossible on android mobile chrome.

shmshrivastava avatar Jan 06 '23 07:01 shmshrivastava

I had this issue recently on firefox and clearing my browser data resolved it leading me to think it might be corrupted session data, but that's just a guess. Unrelated, I also had to add an exception to firefox's tracking protection which I think is related to issue 6443. This all happened after a browser update.

palmerusaf avatar Feb 21 '23 02:02 palmerusaf