Reset authentication state for getAuth

[Jordan Last]

How can I manually call an update to the authentication state of a database reference? I have my app running in multiple iframes on a page. When the user logs in in one iframe, I would like all of the other iframes to know about it so that I can call getAuth in each of the frames and determine if the user is logged in. Because getAuth is synchronous, I suppose it doesn't go to the server to check for its authentication information. How do I get the database ref to know about logins in another iframe? I know about the onAuth function, but even then I'm not sure how to update the database ref so that getAuth returns the correct state of authentication. Thanks!

[Kato Richardson]

Hi Jordan,

Authentication is done by retuning a token to the client, which is stored in the local session. You're going to have a lot of trouble sharing this between iframes, since the browsers sandbox a lot of information between frames. Assuming they are all from the same domain, you may be able to figure out how to share them, but I'd guess that this is an XY problem, and there's probably a better answer than trying to use iframes and coax them into using the same auth credentials.to access the same data.

☼, Kato

On Tue, Mar 22, 2016 at 4:51 PM, Jordan Last <jordan.mi...@gmail.com> wrote:

How can I manually call an update to the authentication state of a database reference? I have my app running in multiple iframes on a page. When the user logs in in one iframe, I would like all of the other iframes to know about it so that I can call getAuth in each of the frames and determine if the user is logged in. Because getAuth is synchronous, I suppose it doesn't go to the server to check for its authentication information. How do I get the database ref to know about logins in another iframe? I know about the onAuth function, but even then I'm not sure how to update the database ref so that getAuth returns the correct state of authentication. Thanks!

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/d29d3c6a-b713-4a04-ae20-c517e8806826%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

[Frank van Puffelen]

Cross-post? http://stackoverflow.com/questions/36167570/firebase-getauth-returns-null-across-iframes

[Jordan Last]

I see, what do you mean by "local session". Does this mean some kind of browser storage? Looking at the resources, I only see Firebase writing to local storage specifically, and I can see the authentication information being written to local storage when I authenticate. Nothing appears in Session Storage or cookies. If local storage is where the token is stored, and if all of the iframes have access to that local storage object (they should since they are from the same domain), shouldn't getAuth work properly and read from that local storage object? And why do the rest of the frames respond correctly to getAuth once I refresh the page and all of the frames are reloaded?

[Jordan Last]

This is still unresolved for me and I think it could be a real problem that needs to be addressed in the codebase. I don't think getAuth is going to local storage each time to check for authentication, I imagine there is some kind of "last authentication event received time" that keeps getAuth from looking at local storage if it doesn't "have to" because no auth events have been received. But if other instances of firebase on the same domain receive auth events (from within iframes or web workers), then getAuth needs to respond appropriately. It can do that by going to local storage every time. My hypothesis is that it does not.