question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Auth functions like auth.uid() do NOT handle empty strings

See original GitHub issue

Bug report

Describe the bug

Auth functions like auth.uid() use the ‘request.jwt.claims’ configuration parameter in order to extract the uid/email/role for the user of the current request.

However, these functions fail if the ‘request.jwt.claims’ configuration parameter is the empty string because the conversion to jsonb fails.

Handling empty strings for this parameter is important because one can mock different users by setting the parameter for the current transaction, however, it is NOT possible to remove the parameter AFTER the transaction is over - instead, the parameter remains as empty string (as explained here: https://stackoverflow.com/a/50929568/2606261

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

  1. Connect to a Supabase PostgreSQL instance using any SQL client;
  2. Mock a particular use for a single transaction like this:
begin;
set local "request.jwt.claims" to '{ "sub": "d0d4b028-2f87-523b-a580-0f3e85e6ff33", "email": "my@email.com" }';
select auth.uid();
commit;
  1. Try to invoke the auth.uid() again now that the transaction is completed:
select auth.uid();

Expected behavior

The second invocation of auth.uid() should return NULL;

Actual behavior

The second invocation of auth.uid() throw an exception because the empty string cannot be converted to jsonb;

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (4 by maintainers)

github_iconTop GitHub Comments

3reactions
steve-chavezcommented, Jan 4, 2022

Maybe the nullif could be applied like this:

create or replace function auth.uid() 
returns uuid 
language sql stable
as $$
  select 
  	coalesce(
		nullif(current_setting('request.jwt.claim.sub', true), ''),
		(nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'sub')
	)::uuid
$$;

That way the ::jsonb casting won’t fail, just tested it:

select nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'sub';
-- NULL

set request.jwt.claims to '{"sub": "bla"}';
select nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'sub';
-- bla

set request.jwt.claims to '';
select nullif(current_setting('request.jwt.claims', true), '')::jsonb ->> 'sub';
-- NULL
2reactions
imskrcommented, Jan 6, 2022

Can I work on this issue?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Error: The uid must be a non-empty string with at most 128 ...
firstly you get the same problem than above (the value of user is undefined), ... onCall((data,context)=>{ let userUid; return admin.auth().
Read more >
Admin Authentication API Errors | Firebase - Google
The provided uid must be a non-empty string with at most 128 characters. auth/invalid-user-import, The user record to import is invalid. auth/maximum-user-count ...
Read more >
Build a Role-based API with Firebase Authentication - Toptal
In this tutorial, we'll build a REST API to manage users and roles using Firebase and Node.js. In addition, we'll see how to...
Read more >
Authentication-Tableau Server REST API
The credentials token lets the server verify you as a valid, signed in user ... SAML single sign on (SSO) authentication does not...
Read more >
Firebase Server SDK for Golang - Go Packages
Note that this is not an official SDK written by Google/Firebase. ... Code: "auth/invalid-uid", Message: "The uid must be a non-empty string with...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found