Firebase HTTPS 可调用 function context.auth 在与自定义令牌一起使用时始终为 Z37A6259CC0C1DAE29Z0A76

Question

HTTPS callable function is called directly from our app after signing in using custom token (custom auth), but context.auth is null in function eventually.

I am wondering if this is something expected? I am not providing any specific example (our client is using Firebase SDK with Kotlin, everything is implemented accordingly to the example in docs ), just want to know if maybe someone had similar issue or maybe we need to double check our client's code (custom token authentication is actually working there, since we use firestore with security rules that require it).

I was trying to find some information about certain restrictions, but there's none: Firebase FAQ https://firebase.google.com/support/troubleshooter/functions/auth/callable (nothing about custom token), this answer here Do I need to use verifyIdToken on the context.auth object in firebase cloud functions?

Been asked to add an example of the cloud function, nothing specific, is reproducible with simple one like the following (auth will be always null in log record):

exports.getData = functions.https.onCall((data, context) => {
  functions.logger.info('Auth info', { auth: context.auth });
  return {
    success: true,
    data: null,
  };
});

Answer 1

Seems like a potential race condition, Ensure that Auth has created the user object before requesting the callable function if you are calling it directly after a sign-in method. This can be done using a callback from an onAuthStateChanged.

firebase.auth().onAuthStateChanged(function(user) {
  if (user) {
    // User is signed in.
  } else {
    // No user is signed in.
  }
});

Source: https://firebase.google.com/docs/auth/web/manage-users#get_the_currently_signed-in_user