Firebase Auth: Default timeout of 3 minutes too long (Issue from AppStore Review)

[Joerg]

Hi,

I'm just trying to get a Flutter app released on the app store and am using the Firebase Auth plugin.

One of the issues that came back from the review was, that the app seems to be hanging during sign-in or registering a new user.

After my investigation, I stumbled over the case when the network connection is not stable and or not available. The timeout for signInWithEmailAndPassword seems to be around 3 minutes before I get the exception ERROR_NETWORK_REQUEST_FAILED. That is way too long. No end-user will wait 3 minutes.

Since I didn't find the option in the API to cancel a network request or set a custom timeout, I tried an easy fix and use the timeout method on the future:

FirebaseAuth.instance.signInWithEmailAndPassword(email: email, password: password).timeout(Duration(seconds: 30))

This seems to work at first and deliver the result, that my loading dialog for the login can be closed after 30 seconds with an error message about the network connection. But if I then activate the network connection before 3 minutes are over, I find myself logged into the app all of a sudden, because FirebaseAuth comes back with an authenticated user. So you could trick some person in signing in with his user/password and make him think it didn't work, then activating the network again and finding yourself logged in with the other person's user.

So this naive solution doesn't work obviously. Now I'm thinking about how I could prevent this case and implement some logic in the onAuthStateChanged event, so that I maybe trigger an immediate signOut again in case the user reveived the timeout after the 30 seconds before. But that then opens up Pandora's box to a host of other issues and will result in quite some complex logic, because all kinds of other sign-in/sign-out events with the same or other users can have happened in the meantime.

So, how do I go from here?

Is there any other simple and reliable solution to set a custom timout?

Thx,

Joerg

[Souvik Dutta]

I think you might be able to request a new feature to the fireabse team. But I don't think the issue is not due to firebase having huge timeout time, rather I think it is because your app might not be showing a circular progress indicator i.e it might just be sitting around don't nothing all those three minutes. Now this might be or might not be the case with your app.

Also I don't think that using a the timeout method would produce such an issue as you say because probably firebase would start a new session with the backend everytime. If the issue still persists you can add a try and catch block which will first try to sign out the current user (if there is one existing use) and then try to signin the new user. I think this might solve the problem. Also I would be interested to know what new bugs are introduced by this approach. 

--
You received this message because you are subscribed to the Google Groups "Flutter Development (flutter-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to flutter-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/flutter-dev/8f4b9825-beb1-4345-974c-807502d57cedo%40googlegroups.com.

[Graham Dickinson]

Hi Joerg,

A couple of things come to mind here:

1. If the reviewer is saying that the app is hanging during sign-up/registration then I don't think it would be a network connection issue...I would assume that they would have a good network connection when testing, or tell that it was hanging when they deliberately had a bad one. I would suspect it is hanging for some other reason. Have you got adequate error trapping (try/ catch and auth status response code) around the call to Firebase Auth?

2. If you are convinced that it is a network connection issue, are you using the connectivity package to check for internet availability throughout your app? If not, maybe look at doing so and preventing login, with a warning dialogue to the user, if there is not internet available.

Not sure if the above are valid but hope the suggestions may help.

Krgrds,

Graham