linkWithEmailAndPassword: The Firebase ID token has been revoked

[sklink]

My onboarding process starts with:

await FirebaseAuthentication.signInAnonymously();

Makes some API calls, which successfully use the anonymous ID token to authenticate.

Follows up later with:

await FirebaseAuthentication.linkWithEmailAndPassword({ email, password });

Any API calls following this fail with 401 Unauthorized and a message on the server of "The Firebase ID token has been revoked".

For every API call I'm always using: (await FirebaseAuthentication.getIdToken()).token to get the token. I have tried using the { forceRefresh: true } option with no luck.

I should note that I'm testing this on web. I have other authentication methods working on web: currently phone, Google, and Facebook.

If any additional code would be helpful please let me know. I'm going to attempt to recreate the issue in a new repository but if anything stands out please let me know.

[robingenz]

This should be an issue with the Firebase JS SDK so I would try to find the answer there.

[sklink]

It works if I remove:

await FirebaseAuthentication.linkWithEmailAndPassword({ email, password });

and use:

const credential = EmailAuthProvider.credential(email, password);
const currAuth = getAuth();
await linkWithCredential(currAuth.currentUser, credential);
await signInWithCredential(auth, credential);

// Call API using token from await FirebaseAuthentication.getIdToken()

Is it possible that I need to sign in after calling linkWithEmailAndPassword on FirebaseAuthentication as I'm doing with the Firebase JS SDK above?

I was going to attempt calling signInWithCustomToken but result.credential only shows providerId: "password" and does not have accessToken available.

[robingenz]

Is it possible that I need to sign in after calling linkWithEmailAndPassword on FirebaseAuthentication as I'm doing with the Firebase JS SDK above?

Yes, that seems to be the only difference. Here you can find our web implementation:

capacitor-firebase/packages/authentication/src/web.ts

Line 233 in 4ca16a6

public async linkWithEmailAndPassword(

[sklink]

Yeah, nothing standing out as an option there. Not sure how I would take that link and sign in using the FirebaseAuthentication package. All of them call createSignInResult as if part of the process should sign in the user. Maybe an edge case interaction from anonymous to first credential.

[robingenz]

You can simply make this one call with the Firebase JS SDK. Capacitor Firebase Authentication is based on the Firebase JS SDK on the web anyway.