Nuxt 3 App With Vuefire: Getting an (auth/login-blocked) error in production with SSR #1408
Comments
|
This usually means a misconfiguration on the Firebase project or that you have something blocking the login. BTW your reproduction is private |
|
Shucks so sorry about that, didn't realize I had set that repro to private, just made it public now. If its a misconfiguration in firebase, do you have any clue as to what I should be looking for? When I had deployed my site to netlify and first encountered the issue, I was using the nuxt-security module, so I thought that somehow the nuxt-security module was blocking the auth request but even with that module removed, the issue still persists. Appreciate whatever insight you have on this, apologies for the private repro again. Have a wonderful and blessed rest of your day/night🤙 |
Metadata server info: |
|
@luc122c Thank you for the info. I am deploying to netlify but I did not realize that I would need to deploy to a google environment. I thought that as long as I set the GOOGLE_APPLICATION_CREDENTIALS env var manually, meaning setting the value as the json object rather than a path to a json file, then I'd be good to go. I got the impression from this tip in the docs: "When deploying outside of Firebase, the GOOGLE_APPLICATION_CREDENTIALS environment variable has to be set manually. Instead of setting it to the path of the service account file, you can set it to the content of the file itself. Note it will have to fit in one single line." |
|
@johnpuaoi Sorry for any misunderstanding, you should still be able deploy this to non-firebase hosting, however the metadata server is only available on GCP. Looking at the code, it would seem that the env variable isn't available and it's falling back to |
|
No worries, I appreciate the help and insight, I see now. I tried using just the other 3 variables before but I would end up getting this error: The default Firebase app does not exist. Make sure you call initializeApp() before using any of the Firebase services. I'm also getting the warnings in console about not providing a service account which I believe stems from this line in the nuxt-vuefire module: const hasServiceAccount =
typeof process.env.GOOGLE_APPLICATION_CREDENTIALS === 'string' &&
process.env.GOOGLE_APPLICATION_CREDENTIALS.length > 0 |
|
I had that issue when deploying to Netlify. Something was going on witih the Netlify function used to host the website (getting a weird 502 error from Another time, I noticed that I was always trying to deploy to |
|
@dosstx Thank you for the info and yes I have tried deploying to Netlify with SSR enabled but I get the same error as when I run the site in production locally. I see that 502 error as well when using SSR in prod. I have the site that I encountered this error deployed on Netlify but with SSR set to false and auth works there. If possible, could someone use my repro link, add their own firebase config including the env var and then attempt to build the nuxt site and run locally. Then attempt to sign in, If the error persists, I could then rule out a firebase config error that's causing this. |
|
The 502 api session error is on Netlify, but it is a 404 on Vercel. Also, to make it more weird, some of the vercel preview links work and I have no issue with the firebase auth block (the green arrow version of the URL works):
I have double checked that all those domains are whitelisted in firebase auth console. Not sure why the green arrow version works....it's the same code! Btw, I've had this all working fine on Netlify until recently. For some reason the firebase auth block started a week ago or so for me. Here's the error I get in browser console when viewing the page: |
|
Could you check https://github.com/posva/nuxt--vuefire-example-blaze-plan? I collected as many instructions as possible when deploying tests apps. It could also be related to deploying to vercel instead of firebase. There are plans to check other providers but at the moment I only have time to focus on Firebase. If your application is not serving an Regarding auth block, I would check that with Firebase and dive deeper in logs. Normally, it shouldn't be related to vuefire |
|
@posva OK I cloned the nuxt vuefire template from you and deployed to Firebase and and I get the SAME firebase auth blocked / 502 etc errors as mentioned above in the threads:
I confirmed that the domain is whitelisted in auth settings in firebase console. The only changes I made from your template are:
Note: I did enable the IAM Service Account Credentials API for my project, however, I did not understand how I needed to do this part from your template README ---> "Once this API is activated, you will need to add a role to your service account. This is explained in the Firebase documentation." <--- So, I did not do that step . I mentioned this in case it could be the culprit for these errors because I also did not do that in my real world project. I THINK I correctly set up the emulators and was able to login using localhost:3000 when testing (clicked the auto generate user button), but AUTH does not work on firebase deployed site. Here is my live demo URL: https://nuxt-vuefire-2576f.web.app/ . You can see there is a 404 not found when trying to use the LOGIN link as well as the firebase auth error when going back to the LOGIN page. Here is my forked repro from your template: https://github.com/dosstx/nuxt--vuefire-example-blaze-plan/tree/error Appreciate you looking into this! It doesnt' seem to matter if you host on Firebase, Netlify etc all the errors appear the same. |
|
You might need that step you skipped but not sure. You could also try deleting the function and redeploying again. A part from that, i can’t tell… You might want to reach out to support |
|
I submitted a ticket to Firebase Support. Will keep this thread updated. If anyone else is able to take the Nuxt template and verify the issue exists, it would be greatly appreciated. Like @posva said, you may need to add a role to the service account (I skipped that step) and that could fix the problem. |
|
Firebase support was unable to help. I ended up removing Vuefire/Nuxt-Vuefire for now and just using the standard Firebase Auth SDK as that works. When I get more time I'll try again. |
|
I think I should add a method to allow disabling ssr auth as it requires some extra steps to handle but it will still error with a different error if you try to ssr a page that uses data that require authentication |
|
I agree! In most common use cases, SSR is not needed on pages that require authentication. In my case (a saas application), I use hybrid rendering. all my public pages are SSG and the software routes are SPA because we don't need SEO for that. Having an option to disable SSR Auth and handling token on a "Persistent cookie" on client side would be great for use cases like mine. |
|
My index page was prerendered at build time -- no auth being used there. However, the problem starts at that point because the Vuefire module is being called (ie, Btw, thanks @posva for all your work on this module. I still use it on other apps. It's great. |
|
The auth endpoint should be disabled during pre-rendering or ssg as there is no session at that moment I’m glad you’re not ditching it completely 😄 |
I've just checked that and it disables auth completely. So far the only way to temporary solve this issue is what @johnpuaoi suggested which is setting SSR to false. |
|
I saw this is closed. Does that mean this auth blocked issue is a not a problem anymore? |
|
hi @posva i'm just wondering if there is an update on this? i'm trying to deploy my SSG app and i can't even get it running locally after generating it with this is what i get: my app only needs to use |
|
I didn't link to a specific commit but the feature that was added that closed this and #1419 is https://vuefire.vuejs.org/nuxt/auth.html#Session-Cookie |
|
thank you so much for the super fast reply! some of the documentation was a little tricky for me to follow, so in case anyone else finds this thread i managed to get it working for my SSG app by:
@posva i also just wanted to explicitly make extra sure that there is no way for the service account private key to make it's way into the |
|
i required sessionCookie, for some reasons it works in dev mode but fails in production / after build. |
|
Ok that didnt fix it , anyone have any ideas ? 'An internal error has occurred. Raw server response: "{"error":{"code":403,"message":"Request had insufficient authentication scopes.","errors":[{"message":"I |
|
setting ssr to true solved the problem for me! |
Reproduction
https://github.com/johnpuaoi/vuefire-auth-blocked
Steps to reproduce the bug
Expected behavior
After signing in the user information should be displayed. The sign in should not be blocked.
Actual behavior
The sign in is blocked and an error is shown.
Additional information
This only happens when SSR is enabled and you build for production, in dev mode this does not happen at all. If you disable SSR then everything works as should in production.
The credentials are set using the GOOGLE_APPLICATION_CREDENTIALS env var which is an object of the service key. I tried setting the var to be a path to serviceKey.json file but still the same error.
This is the error that is returned: Error minting the cookie FirebaseAppError: Credential implementation provided to initializeApp() via the "credential" property failed to fetch a valid Google OAuth2 access token with the following error: "Error fetching access token: Error while making request: getaddrinfo ENOTFOUND metadata.google.internal. Error code: ENOTFOUND".
For now I will release my nuxt 3 apps as an SPA until this can be resolved. I attempted to take a crack at this issue by inserting some console.logs in the ensureAdminApp function to check the credential but can't seem to narrow down the issue.
Again this only happens if your using SSR with nuxt and you build for production. SSR in dev mode works just fine with nuxt-vuefire.
The text was updated successfully, but these errors were encountered: