Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: Can't deleteUser() due to auth/requires-recent-login #539

Open
2 of 13 tasks
maxbarry opened this issue Jan 6, 2024 · 9 comments · May be fixed by #545
Open
2 of 13 tasks

bug: Can't deleteUser() due to auth/requires-recent-login #539

maxbarry opened this issue Jan 6, 2024 · 9 comments · May be fixed by #545
Labels
bug/fix Something isn't working package: authentication

Comments

@maxbarry
Copy link

maxbarry commented Jan 6, 2024

Plugin(s)

  • Analytics
  • App
  • App Check
  • Authentication
  • Crashlytics
  • Cloud Firestore
  • Cloud Messaging
  • Cloud Storage
  • Performance
  • Remote Config

Version

5.3.0

Platform(s)

  • Android
  • iOS
  • Web

Current behavior

I implemented deleteUser() (thanks #281!) but if the user's most recent login is more than 5 minutes ago, the operation is rejected by Firebase with the error auth/requires-recent-login.

In this situation, the Firebase docs say to use reauthenticateWithCredential(), however, this function is unavailable.

Expected behavior

I hope for a way to ask the user to re-authenticate in-place. Otherwise I think I'd have to log them out, which resets all app state, then get them to log back in, navigate back to the delete account page, and re-try within 5 minutes.

Reproduction

n/a

Steps to reproduce


export async function deleteUser() {
    try {
        await FirebaseAuthentication.deleteUser()
    } catch (err) {
        //
        // If 'err' is `auth/requires-recent-login`, Firebase docs say to try something like the below:
        //
        const auth = getFirebaseAuth()      // my function for generating auth.currentUser
        const credential = getCredential()  // my function for generating credential

        // THIS FAILS, because the function does not exist
        await FirebaseAuthentication.reauthenticateWithCredential(auth.currentUser, credential)  

        await FirebaseAuthentication.deleteUser()      // retry
    }
}


### Other information

Error: "FirebaseAuthentication.reauthenticateWithCredential()" is not implemented on web


### Capacitor doctor

💊   Capacitor Doctor  💊 

Latest Dependencies:

  @capacitor/cli: 5.6.0
  @capacitor/core: 5.6.0
  @capacitor/android: 5.6.0
  @capacitor/ios: 5.6.0

Installed Dependencies:

  @capacitor/cli: 5.6.0
  @capacitor/core: 5.6.0
  @capacitor/ios: 5.6.0
  @capacitor/android: 5.6.0

### Before submitting

- [X] I have read and followed the [bug report guidelines](https://capawesome.io/contributing/bug-reports/).
- [X] I have attached links to possibly related issues and discussions.
- [X] I understand that incomplete issues (e.g. without reproduction) are closed.
@maxbarry maxbarry added bug/fix Something isn't working needs: triage labels Jan 6, 2024
@robingenz
Copy link
Member

Thank you for your request! This method definitely missing. I will take a look. On the web, you can already solve the problem by calling the Firebase JS SDK directly. There is only no workaround with the Firebase Android and iOS SDK.

@robingenz robingenz added this to the v5.4.0 milestone Jan 6, 2024
@robingenz
Copy link
Member

BTW: I'm currently showing my users the following message:

This operation is sensitive and requires recent authentication. Sign in again before retrying this request.

@robingenz robingenz linked a pull request Jan 23, 2024 that will close this issue
Draft
3 tasks
@robingenz robingenz modified the milestones: v5.4.0, v5.5.0 Jan 23, 2024
@waltercruz
Copy link

Maybe this is not the right place, but I will add a quick note:

According to App Store Review Guidelines, an application that provides login with apple needs to provide the delete user account and revoke the Access Token.

Maybe capacitor firebase should help with the last one too? (not so sure, hence I'm asking).

https://firebase.google.com/docs/auth/web/apple#token-revocation

@robingenz
Copy link
Member

@waltercruz Yes, we should add this method. Please create a feature request.

@robingenz robingenz removed this from the v5.5.0 milestone Feb 14, 2024
@TurtleTaco

This comment was marked as off-topic.

Sign in to view
@robingenz

This comment was marked as off-topic.

Sign in to view
@TurtleTaco

This comment was marked as off-topic.

Sign in to view
@robingenz

This comment was marked as off-topic.

Sign in to view
@TurtleTaco

This comment was marked as off-topic.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/fix Something isn't working package: authentication
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(authentication): add reauthenticateWithCredential method capawesome-team/capacitor-firebase
4 participants
@waltercruz @maxbarry @robingenz @TurtleTaco