I intermittently get this error on about 5% of requests, and I am not sure why. It seems to work most of the time, but I'd like to get it to 100%.
{"name":"myapp","hostname":"worker-844ddfbc9f-ntlmz","pid":18,"level":50,
"err":"[Throws: Cannot read property 'code' of undefined]",
"msg":"Context creation failed: Decoding Firebase ID token failed. Make sure you passed the entire string JWT which represents an ID token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.",
"time":"2020-02-12T02:16:33.538Z","v":0}
TypeError: Cannot read property 'code' of undefined
at FirebaseAuthError.get [as code] (/app/node_modules/firebase-admin/lib/utils/error.js:51:35)
at FirebaseAuthError.FirebaseError.toJSON (/app/node_modules/firebase-admin/lib/utils/error.js:67:24)
at JSON.stringify (<anonymous>)
at prettyJSONStringify (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:257:17)
at throwHttpGraphQLError (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:26:42)
at Object.<anonymous> (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:66:28)
at Generator.next (<anonymous>)
at fulfilled (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:4:58)
at process._tickCallback (internal/process/next_tick.js:68:7)
client
const authLink = setContext(async (_, { headers }) => {
let token;
if (firebase.auth().currentUser) {
token = await firebase.auth().currentUser.getIdToken();
}
return {
headers: {
...headers,
authorization: `Bearer ${token}`,
},
};
});
server
let token = req.headers.authorization;
if (!token || !token.length) {
console.log('no token');
}
token = token.split('Bearer ')[1];
// validate JWT and pluck user id
const { uid } = await firebase.auth().verifyIdToken(token);
// find the user based on id
const user = await firebase.auth().getUser(uid);
Your client code will result an authorization header of Bearer undefined
if the firebase.auth().currentUser
is falsey. This authorization header will not cause no token
to be logged in the server code (its length is 16). The server code will then fail when running firebase.auth().verifyIdToken('undefined')
.
You need to either prevent the client from sending the request if firebase.auth().currentUser
is falsey or catch the undefined token in the server code.
Note: using an undefined variable in a template string results in the string 'undefined' (not an empty string).