9

I've been using FireStore for a project that works fine in the browser, but when I port the code to Expo, running on a iOS 11.2 iPhone X in the simulator, it keeps raising Error: Missing or insufficient permissions.

Auth is working fine, and when I check the client in the Firestore collection object, the appropriate UID is set, and testing the same code in the browser, everything works perfectly (no permissions problem). What I'm trying to say is that I'm 95% certain that the issue is with the Firebase lib/react native/expo combination, rather than with my code. Especially since it seems that making a call to Firestore in the browser, there are headers set, but when debugging the call in Reactotron (from Expo), it looks like the call the Firebase lib is making has no headers at all.

I doubt it makes a difference, but here are my auth rules:

service cloud.firestore {
  match /databases/{database}/documents {
    match /UserData/{userID} {
      allow read, write: if request.auth.uid == userID;
    }
    match /MemberData/{userID} {
      allow read: if request.auth.uid == userID;
    }
  }
}

The call I was trying to make (and there is definitely data in the doc) is the following:

profile = (await UserDataCollection.doc(`${idToken.uid}`).get()).data();

I'm curious if anyone else has run into this problem, and if so, are there any workarounds to make Firestore work?

raphaeltm
  • 817
  • 1
  • 12
  • 22
  • I am having exactly the same problem you are facing. It's been happening ever since I upgraded react-native (from 0.35 to 0.51 so a lot of changes, I know). I've already posted about it in this [Stack Overflow post](https://stackoverflow.com/questions/47245887/cloud-firestore-missing-or-insufficient-permissions/48035803#48035803). I know it's not my security rules because an older build is working fine. I'm just using the Firebase web api with React native. I haven't been able to identify the problem so far but I was assuming it was an issue with an incorrect/expired auth header. – JamesR Jan 02 '18 at 14:31
  • @JamesR glad to hear I'm not the only one. I was kicking myself trying to figure out what was different. I'm not sure how best to analyse requests in React Native, but I've given Reactotron a shot and it seems the Firestore requests don't have any headers set at all. I'm curious if that's what your Firestore requests look like too? – raphaeltm Jan 02 '18 at 14:35
  • Well as per my linked post I used Charles to intercept and inspect my requests, from what I could see it looked like my headers were being set (but no easy way to tell if they're correct as far as Firestore is concerned). Charles isn't the prettiest UI to inspect though so I may have missed something – JamesR Jan 02 '18 at 14:44
  • I'm a little delirious from lack of sleep but I managed to get it fixed by downgrading from 4.8.1 to 4.6.2. I was really curious as to why this was happening though and the only weird thing I was noticing in Charles was that the latest version was _always_ sending the bearer token and it seemed to have a weird auth header "X-Goog-Api-Client:gl-js/ fire/4.8.1" (note the space). The downgraded version didn't seem to send the auth header but just the sessionId. That's all I have right now, I'll check it tomorrow when I'm better rested. What version of Firebase are you using? – JamesR Jan 02 '18 at 22:34
  • @JamesR Awesome! Downgrading to 4.6.2 seems to have done the trick for me too. I don't know how much time I'll have to dig through and see what specific change made that happen, but I'll see if I can take a look in the coming weeks. If you find out, it would be great to hear what you discover! – raphaeltm Jan 03 '18 at 00:54
  • That's brilliant news, I'll post it as an answer so :) I was nearly sure this was an issue with 4.6.2 for me because I distinctly remember trying to upgrade the SDK to try to fix the issue. Upgrading 15 versions of React Native will make you start to see things though so I'm not gonna think too hard about it. I posted it as an answer in absence of any further theories. I won't have a lot of time to dig deeper but I'll be interested to see if other people experience the same. – JamesR Jan 03 '18 at 08:36
  • i'm doing a native iOS in SWIFT project, and I think I am getting the same issues... Error adding document: Error Domain=FIRFirestoreErrorDomain Code=7 "Missing or insufficient permissions." except my permission are completely open. – IrishGringo Apr 30 '18 at 16:55

1 Answers1

8

As per previous comments, downgrading to 4.6.2 seems to fix the issue. I'm not sure the exact root cause but the behaviour of how the auth headers are sent seem to have changed (so potentially something there?). I'll update my answer if I get time to investigate further. Happy for one of the Firebase team to contact me for my account details if they want to verify on their side.

JamesR
  • 950
  • 1
  • 7
  • 17
  • I can confirm this as well. I downgraded from 4.10.1 to 4.6.2 and the security rules work! – colinwong Mar 01 '18 at 18:06
  • Thanks for fix - got same error with latest Firebase `4.11.0`. But yea, would be good to find fix for latest one. – Jurosh Mar 18 '18 at 12:55
  • This is a huge relief -- I downgraded from 4.12.1 to 4.6.2 and it worked. For what it's worth, before I did this, I did try changing my login method from signInAndRetrieveDataWithEmailAndPassword to just signInWithEmailAndPassword, to see if this might be the problem (I know that the former will be renamed to the latter; see https://firebase.google.com/docs/reference/js/firebase.auth.Auth.html#signInAndRetrieveDataWithEmailAndPassword). This didn't help; the only thing that worked for me was downgrading to 4.6.2. – Chris Bobbe Apr 24 '18 at 21:00
  • This issue is being tracked here, with a pending pull request as of two days ago: https://github.com/firebase/firebase-js-sdk/issues/703 – Chris Bobbe Apr 25 '18 at 14:09
  • I just want to add a comment to this. This magically just broke out of nowhere on Android for me and I solved it by bumping to 5.3.1. I have no idea why it's happening (maybe the Firebase team are changing the way they parse auth headers in the back-end, I dunno) but it's extremely frustrating and doesn't give me a lot of confidence putting anything in production. I know it's still in beta but for app development it means I have to roll out a new version and suffer bad reviews when users can't create content. I wish the Firebase team would comment on this – JamesR Aug 11 '18 at 16:31